decimal App Documentation

User Tools

Site Tools

Trace: planning_versions instructions_for_use
electronrt:instructions_for_use:instructions_for_use

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
electronrt:instructions_for_use:instructions_for_use [2020/09/17 04:08] – [decimal eRT Instructions for Use] Review Complete (KE) kerhartelectronrt:instructions_for_use:instructions_for_use [2022/09/27 17:27] (current) – [Account Permissions] dpatenaude
Line 1: Line 1:
 ====== decimal eRT Instructions for Use ====== ====== decimal eRT Instructions for Use ======
- 
-Note: This page was fully reviewed by Kevin Erhart on 9-17-2020 
  
 ===== Overview and Indications for Use ===== ===== Overview and Indications for Use =====
Line 51: Line 49:
 The decimal ElectronRT software communicates with other radiation oncology software generally by sending & receiving files in various DICOM RT formats. Since the accuracy of information computed and displayed by an application such as this is very important to the proper treatment of patients, it is critical that users have the appropriate educational and clinical experience backgrounds to adequately understand and use the product. Additionally, since each radiotherapy treatment machine produces a unique beam of radiation, there is much responsibility on the end users to adequately commission and test this software over the full range of expected treatment conditions before the system is utilized for patient treatment. It is this area that provides opportunity for the most likely misuses of the software, which would be incorrect or inadequate commissioning of the application (note many other cases of potential misuse will be designed out of the system by limiting user interactions, providing warnings, and preventing unsafe or incompatible operations). This main misuse is mitigated by requiring that users perform appropriate quality assurance measurements for each patient plan prior to treatment, which should independently confirm that the treatment plan displayed within the decimal eRT app adequately matches the actual to be delivered plan. Please note that such testing is a safety and regulatory requirement in most territories. The decimal ElectronRT software communicates with other radiation oncology software generally by sending & receiving files in various DICOM RT formats. Since the accuracy of information computed and displayed by an application such as this is very important to the proper treatment of patients, it is critical that users have the appropriate educational and clinical experience backgrounds to adequately understand and use the product. Additionally, since each radiotherapy treatment machine produces a unique beam of radiation, there is much responsibility on the end users to adequately commission and test this software over the full range of expected treatment conditions before the system is utilized for patient treatment. It is this area that provides opportunity for the most likely misuses of the software, which would be incorrect or inadequate commissioning of the application (note many other cases of potential misuse will be designed out of the system by limiting user interactions, providing warnings, and preventing unsafe or incompatible operations). This main misuse is mitigated by requiring that users perform appropriate quality assurance measurements for each patient plan prior to treatment, which should independently confirm that the treatment plan displayed within the decimal eRT app adequately matches the actual to be delivered plan. Please note that such testing is a safety and regulatory requirement in most territories.
  
 +{{page>electronrt:userguide:userguide#common_planning_tasks}}
  
 ==== Data Management (Storage and Caching) ==== ==== Data Management (Storage and Caching) ====
Line 71: Line 70:
 The decimal eRT app allows for centralized patient data that is shared between multiple clients (<imgref data_overview>). The patient storage folder includes an SQLite database for maintaining data records and modification events. By placing this directory on a network location users can share the database across multiple workstations and users. The decimal eRT app allows for centralized patient data that is shared between multiple clients (<imgref data_overview>). The patient storage folder includes an SQLite database for maintaining data records and modification events. By placing this directory on a network location users can share the database across multiple workstations and users.
  
-Patient files are stored in a folder structure that represents the organizational hierarchy of the patient data model. All patient identifying information is encrypted, using AES-256, in the database and patient data files to prevent unauthorized access to patient data. Files also include 32bit checksums that are linked to encrypted database entries to ensure they are not substituted or modified in an unauthorized manner. Refer to [[electronrt:instructions_for_use:instructions_for_use#data_integrity|Data Integrity]] for further details on how data is prevented from modification and changes.+Patient files are stored in a folder structure that represents the organizational hierarchy of the patient data model. All patient identifying information is encrypted, refer to [[electronrt:instructions_for_use:instructions_for_use#file_security|File Security]] for more details, in the database and patient data files to prevent unauthorized access to patient data. Files also include 32bit checksums that are linked to encrypted database entries to ensure they are not substituted or modified in an unauthorized manner. Refer to [[electronrt:instructions_for_use:instructions_for_use#data_integrity|Data Integrity]] for further details on how data is prevented from modification and changes.
  
 === Network & Local Data Cache === === Network & Local Data Cache ===
  
-The decimal eRT app uses calculation data caching to improve the user experience by loading results from disk rather than recomputing on demand. This results in speedier load times of patient/plan data, beam dose, and hardware devices without having to utilize the processing power of the computer each time a plan is opened. If a calculation result is not found in the calculation cache, the calculation will be performed and the results stored in the cache. The calculation cache is comprised of a local disk cache and an optional network cache (refer to <imgref data_caching>). +The decimal eRT app uses calculation data caching to improve the user experience by loading results from disk rather than recomputing on demand. The calculation disk cache files are comprised of proprietary compressed binary files that represent a completed calculation result. Storing and using the cached calculations results in speedier load times of patient/plan data, beam dose, and hardware devices without having to utilize the processing power of the computer each time a plan is opened. If a calculation result is not found in the calculation cache, the calculation will be performed and the results stored in the cache. The calculation cache is comprised of a local disk cache and an optional network cache (refer to <imgref data_caching>). 
  
-Using the local cache allows for the caching of calculation results to the individual user’s workstation and the network cache allows users to share calculation results among all users using the centralized patient database (e.g.: user 1 saves a plan and user 2 opens the plan on a different computer; by saving to the network cache, user 2 automatically loads in user 1’s results without having to recompute them). Reading data from the local cache allows for the fastest data load time for the end user. Refer to <imgref internet_data_transfer> for the cache saving mechanics between the local and network caches.+Using the local cache allows for the caching of calculation results to the individual user’s workstation and the network cache allows users to share calculation results among all users using the centralized patient database (e.g.: user 1 saves a plan and user 2 opens the plan on a different computer; by saving to the network cache, user 2 automatically loads in user 1’s results without having to recompute them). Reading data from the local cache allows for the fastest data load time for the end user. Refer to <imgref data_caching> for the cache saving mechanics between the local and network caches.
  
 By default when decimal eRT is installed the cache locations are set to the following: By default when decimal eRT is installed the cache locations are set to the following:
Line 105: Line 104:
 === File Security === === File Security ===
  
-decimal eRT data files (including but not limited to: organization, beam model, patients, course data, plans, etc) are encrypted using AES-256 when stored to disk and secured with a checksum stored as an encrypted field in the application databaseWhen files are read from disk, the contents are checked against the corresponding encrypted checksum to ensure the file contents have not been changed, manipulated, or substituted.+The following table describes the file security methods used for decimal eRT data. The subsequent paragraphs provide supplemental details for each item.
  
-**Note**: The [[electronrt:instructions_for_use:instructions_for_use#network_local_data_cache|local calculation cache]] may contain unencrypted patient identifying information. The local cache is purged as it fills with data, so exposure to long term data is limited. However, workstation level disk encryption (e.g.: bitlocker) is recommended to protect against unauthorized access to calculation caches by providing encryption at rest.+^  Item              ^  Storage Type                      ^   Encryption Type   ^ 
 +| Patient Database   | SQLite Database                    | AES-256             | 
 +| :::                | Fields Containing PHI/PII          | AES-256             | 
 +| Patient/Data Files | Local/Network File System          | AES-256             | 
 + 
 +All PHI/PII data (including data files and database fields) is encrypted using AES-256 with an encryption key that is unique for each organization/patient storage location.  
 +  * **decimal eRT data files:** (includes but is not limited to: organization, beam model, patients, course data, plans, etc) Files are encrypted using AES-256 when stored to disk and secured with a checksum stored as an encrypted field in the application database. When files are read from disk, the contents are checked against the corresponding encrypted checksum to ensure the file contents have not been changed, manipulated, or substituted. 
 +  * **decimal eRT patient database:** Database is encrypted using AES-256. Additionally, the patient identifying fields within the database are further encrypted using separate AES-256 encryption, adding an additional level of security for patient data within the application database. 
 + 
 +**Note**: The [[electronrt:instructions_for_use:instructions_for_use#network_local_data_cache|local calculation cache]] files are a non-human readable, proprietary compressed binary format. These files may contain unencrypted patient identifying information. The local cache is purged as the cache fills with data, so exposure to long term data is limited. Workstation level disk encryption (e.g.: bitlocker) is recommended to protect against unauthorized access to calculation caches by providing encryption at rest.
 === Data Import/Export === === Data Import/Export ===
 Patient data is imported and exported using the DICOM NEMA 2020 standard to ensure the data is transferred error free and securely. Refer to the decimal eRT {{:electronrt:usr-013_dicom_conformance_statement.pdf|Dicom Conformance Statement}} for the supported DICOM tags. Patient data is imported and exported using the DICOM NEMA 2020 standard to ensure the data is transferred error free and securely. Refer to the decimal eRT {{:electronrt:usr-013_dicom_conformance_statement.pdf|Dicom Conformance Statement}} for the supported DICOM tags.
Line 132: Line 140:
  
 Data is transferred to and from the decimal Direct servers using secure HTTPS transfer protocols that guarantee error-free transfer using common industry standard techniques. All data passed to and from .decimal's ordering servers is encrypted during transit and does not contain patient identifying data.  Data is transferred to and from the decimal Direct servers using secure HTTPS transfer protocols that guarantee error-free transfer using common industry standard techniques. All data passed to and from .decimal's ordering servers is encrypted during transit and does not contain patient identifying data. 
 +
 +=== Simultaneous Plan Access ===
 +
 +Treatment plans are protected against simultaneous record access and data loss by ensuring an attempted update to plan data is not based on an outdated base file. If the local plan record has been accessed simultaneously by another user and has been modified (committed to the database) by another user, the outdated local plan record will be unable to commit the change until the plan has been updated locally.
 +
 ==== Coordinates and Units of Measure ==== ==== Coordinates and Units of Measure ====
  
Line 141: Line 154:
   * All angular dimensions are shown in degrees (deg)   * All angular dimensions are shown in degrees (deg)
   * All radiation dose quantities will be shown with their corresponding units within the application (e.g. Gy or %)   * All radiation dose quantities will be shown with their corresponding units within the application (e.g. Gy or %)
-  * All date/time values are provided in a // dd/mm/yyyy h:m:s // format using local time on a 24 hour clock+  * All date/time values are provided in a // yyyy-mm-dd h:m:s // format using local time on a 24 hour clock
   * All date and time notifications in decimal eRT should match current Windows OS date and time, including proper use of daylight savings time where appropriate (note: decimal eRT will display in 24 hour format, while Windows may display in am/pm depending on local settings)   * All date and time notifications in decimal eRT should match current Windows OS date and time, including proper use of daylight savings time where appropriate (note: decimal eRT will display in 24 hour format, while Windows may display in am/pm depending on local settings)
  
Line 157: Line 170:
 === Commissioning Data Field Sizes === === Commissioning Data Field Sizes ===
  
-The decimal eRT app UI will provide a warning to the user if a beam's field size is larger or smaller than the allowable field sizes listed in the commissioning data for the selected beam energy. The warning will appear in the Beams Block next to each beam and as a warning on the Treatment Plan PDF report.+The decimal eRT app UI and plan reports will provide a warning to the user if a beam's field size is larger or smaller than the allowable field sizes listed in the commissioning data for the selected beam energy. The warning will appear in the Beams Block next to each beam and as a warning on the Treatment Plan PDF report.
  
 ==== Data Displays and Interpretation ==== ==== Data Displays and Interpretation ====
Line 175: Line 188:
 decimal eRT uses [[https://auth0.com/security|Auth0]] as an Identity-as-a-Service provider for user account management. All user accounts and credentials are managed by the Auth0 service including user creation, password policies, password resets, and secure authentication.  decimal eRT uses [[https://auth0.com/security|Auth0]] as an Identity-as-a-Service provider for user account management. All user accounts and credentials are managed by the Auth0 service including user creation, password policies, password resets, and secure authentication. 
  
 +As decimal eRT is deployed on customer workstations the site administrator will be responsible for the installation of the software on the appropriate workstations and the account management of all users at the facility. Each employee should have an individual login and password to access the decimal eRT application that prevents unauthorized access, and account sharing should be strictly prohibited.
 === User Authentication === === User Authentication ===
  
 Users authenticate and launch the decimal eRT application using the [[decimalauncher:decimallauncher#authentication | decimal Launcher]].  Users authenticate and launch the decimal eRT application using the [[decimalauncher:decimallauncher#authentication | decimal Launcher]]. 
  
-== User Sessions ==+=== User Sessions ===
  
 When decimal eRT is launched from the decimal Launcher, decimal eRT is given an JWT authentication token for the logged in user. This token is used to authenticate and perform [[https://direct.dotdecimal.com|decimal Direct API]] requests. This JWT token is issued by decimal Direct and Auth0 and has a built in expiration. When this token expires the user will be logged out of the application and be forced to re-authenticate and relaunch the application using the decimal Launcher. Refer to [[decimalauncher:decimallauncher#inactivity_and_session_timeout|decimal Launcher's User Guide]] for details on this authentication token and its expiration.  When decimal eRT is launched from the decimal Launcher, decimal eRT is given an JWT authentication token for the logged in user. This token is used to authenticate and perform [[https://direct.dotdecimal.com|decimal Direct API]] requests. This JWT token is issued by decimal Direct and Auth0 and has a built in expiration. When this token expires the user will be logged out of the application and be forced to re-authenticate and relaunch the application using the decimal Launcher. Refer to [[decimalauncher:decimallauncher#inactivity_and_session_timeout|decimal Launcher's User Guide]] for details on this authentication token and its expiration. 
Line 185: Line 199:
 Auth0 user credentials are authenticated and validated using the decimal Direct API by decimal eRT each time a user logs in and on recurring timer events. If user credentials are invalid or expired, users will automatically be logged out of the application and prevented from using or accessing any data within the application/system. Auth0 user credentials are authenticated and validated using the decimal Direct API by decimal eRT each time a user logs in and on recurring timer events. If user credentials are invalid or expired, users will automatically be logged out of the application and prevented from using or accessing any data within the application/system.
  
-== Inactivity Timeout ==+=== Inactivity Timeout ===
  
 decimal eRT has a built in inactivity timeout that will automatically log the user out if no mouse/keyboard activity has occurred. The timeout setting can be changed in the [[electronrt:userguide:tutorials:app_settings#app_settings|decimal eRT application settings]]. Idle workstation locking at the OS level is also recommended for all workstations with access to decimal eRT. While there are inactivity and session timeouts built into the application, workstation idle locking will further protect the system from unauthorized access in-between session timeouts. decimal eRT has a built in inactivity timeout that will automatically log the user out if no mouse/keyboard activity has occurred. The timeout setting can be changed in the [[electronrt:userguide:tutorials:app_settings#app_settings|decimal eRT application settings]]. Idle workstation locking at the OS level is also recommended for all workstations with access to decimal eRT. While there are inactivity and session timeouts built into the application, workstation idle locking will further protect the system from unauthorized access in-between session timeouts.
 === Account Management === === Account Management ===
  
-decimal eRT site managers have the ability to [[https://direct.dotdecimal.com/guide#site-management|add and remove users]] to their site. When adding a new user an Auth0 account will be created for the new user and automatically linked to the site. The user will then be notified to set their password following the Auth0 password reset process. Removing a user from a site does not delete the user's Auth0/.decimal account, but removes the account from the site, effectively removing all access to the site's apps, data, and device order history. Refer to the [[https://direct.dotdecimal.com/guide|decimal Direct User Guide]] for more information.+decimal eRT site managers have the ability to [[https://direct.dotdecimal.com/guide#site-management|add and remove users]] to their site. When adding a new user an Auth0 account will be created for the new user and automatically linked to the site. The user will then be notified to set their password following the Auth0 password reset process. Removing a user from a site does not delete the user's Auth0/.decimal account, but removes the account from the site, effectively removing all access to the site's apps, data, and device order history. Refer to the [[https://direct.dotdecimal.com/guide#site-management|decimal Direct User Guide]] for more information.
  
 === Account Permissions === === Account Permissions ===
  
-decimal eRT limits the features available to users based on their .decimal account permission level. The following permission levels are available:+Account permissions are able to be set by the Site Administrator within [[direct:userguide#app_specific_permissions|decimal Direct's App Permissions page]]. eRT has two levels of account permissions: 
 +  - **User Levels**: A high level generic group for the user that provides general access levels 
 +  - **Feature Permissions**: A feature by feature granular permission for the user 
 + 
 +== User Levels == 
 + 
 +decimal eRT limits the features available to users based on their .decimal account user permission level. The following user permission levels are available:
  
 ^ Permission Level ^ Available Permissions ^ ^ Permission Level ^ Available Permissions ^
 | **Default     ** | A default user with normal treatment planning permissions \\ - Recommended permission level for all dosimetry personnel | | **Default     ** | A default user with normal treatment planning permissions \\ - Recommended permission level for all dosimetry personnel |
 | **Research    ** | Not applicable for decimal eRT | | **Research    ** | Not applicable for decimal eRT |
-| **Physics     ** | Elevated user with physics access \\ - Organization Configuration \\ - Machine Commissioning \\ - Plan Approval \\ - Sandbox configuration/user|+| **Elevated    ** | Elevated user with physics access \\ - Sandbox configuration/user| 
 + 
 +== Feature Permissions == 
 + 
 +In addition, eRT also provides user based permissions for specific features within the application. 
 + 
 +^ Permission    ^ Permission Level ^ Description ^ 
 +| **IM Device** | Site Wide        | Allows the user to use the Electron Intensity Modulator devices when making a beam. \\ //This permission is granted by .decimal staff on the purchase of the Electron Intensity Modulator module// 
 +| **Plan Approval** | User Account | Allows the user to approve and lock treatment plans required to order hardware devices for fabrication | 
 +| **Facility Configuration** | User Account | Allows the user to edit the Organization and Treatment machines, including commissioning data | 
  
-As decimal eRT is deployed on customer workstations the site administrator will be responsible for the installation of the software on the appropriate workstations and the account management of all users at the facility. Each employee should have an individual login and password to access the decimal eRT application that prevents unauthorized access, and account sharing should be strictly prohibited. 
  
 ==== Known Limitations ==== ==== Known Limitations ====
Line 311: Line 340:
  
 ---- ----
-<WRAP centeralign>.decimal LLC \\ 121 Central Park Place, Sanford, FL 32771 \\ 1-800-255-1613</WRAP>+ 
 +<WRAP centeralign>Copyright © 2020 - 2022 .decimalLLC. All Rights Reserved. \\  
 +//decimal eRT® is a trademark of .decimal, LLC.// \\ 
 + 
 +121 Central Park Place, Sanford, FL 32771 \\ 1-800-255-1613</WRAP>
electronrt/instructions_for_use/instructions_for_use.1600315715.txt.gz · Last modified: 2021/07/29 18:22 (external edit)