The automation of radiotherapy delivery has resulted in more efficient patient treatments; however, the same informatic controls that provide for greater throughput also present vulnerabilities, both user and system generated. A team in the department of radiation oncology at the State University of New York (SUNY) Upstate Medical University in Syracuse, N.Y., has developed an application that provides quality assurance (QA) auditing of radiotherapy controls to mitigate informatic vulnerabilities.

“The efficiency and convenience that automation makes possible, has paradoxically caused user vigilance to become less mandatory,” wrote Daniel Kim, PhD, in a scientific poster presentation about the system at the recent American Society for Therapeutic Radiology and Oncology (ASTRO) conference in Los Angeles. “This has led to the phenomenon of informatic medical errors in which incorrect control instructions are ‘correctly’ executed by the treatment device.”

Kim, an assistant professor of radiation oncology at SUNY, noted several clinical examples of informatic vulnerabilities:

• Partially failed file transfers that led to the subsequent delivery of open fields when dynamic multi-leaf collimation (DLMC) intensity modulated radiation therapy (IMRT) fields were intended, which resulted in overdoses of patients.
• Failure of software to correctly display multi-leaf collimator (MLC) positions.
• Accidental overwriting or mistyping of data for beam parameters.
• IMRT QA carried out on a copy of a patient’s plan, not the actual plan.
• Malware, such as viruses, corrupting the system.

Recognizing the significance that these informatics liabilities posed to both patients and his facility, Kim investigated the feasibility of using real-time network monitoring through passive wiretapping as a technique to double-check control data being transferred between computers immediately prior to treatment.

“By examining critical patient-specific, beam-defining data immediately before the accelerator generates the beams, this technique has the potential to foresee imminent informatic medical errors, include adverse events,” Kim wrote.

He developed a prototype system using an Intel Pentium 4 workstation running the Linux operating system that connected to the clinical network and passively observed all network traffic that enters or exits the therapists’ linear accelerator (linac) control station. The system was programmed to automatically extract clinical information from the packet stream to and from the linac control station and save the data to custom database.

“Upon execution of the Open Patient command at the therapist’s control computer, the system automatically detects, extracts, and saves the patient, field, and MLC configuration data embedded in the data packet exchange between the linac control computer and the clinical database server,” Kim wrote.

The extracted data are saved to a vendor-independent archive that is transparent to the clinical computers and the application does not modify the clinical packet stream. In addition, the QA tool is able to accomplish its task in under one second of processing time per fraction, according to Kim.

Kim noted that the QA application has been so successful that the department is working on an upgraded system designed for dependability and therapist ease of use.

“By comparing just-transmitted treatment data against data from the patient’s previous fractions, the clinical prototype provides vendor-independent, per fraction verification of treatment informatics, thus informing clinicians of modified or corrupt treatment data minutes before turning the beam on,” he wrote.