decimal eRT Instructions for Use

The decimal ElectronRT (decimal eRT) app is an interactive end user application for electron treatment planning for the intended use and primary purpose of enabling radiotherapy professionals to efficiently design and analyze electron radiotherapy treatment plans. In the most common use case of the software, users will import patient data from existing imaging and contouring software programs, manage physician prescription and intent information, develop an electron treatment plan, analyze the plan to determine how well it meets the physician’s goals, and order electron beam shaping devices for fabrication by .decimal.

Furthermore, since the accuracy of information computed and displayed by an application such as this is very important to the proper treatment of patients, it is critical that users have the appropriate educational and clinical experience backgrounds to adequately understand and use the product. Additionally, since each radiotherapy treatment machine produces a unique beam of radiation, there is much responsibility on the end users to adequately commission and test this software over the full range of expected treatment conditions before the system is utilized for patient treatment.

It is the user's responsibility to commission and test the dose accuracy prior to patient treatment. This general liability on the end users should be understood and communicated to all users and a representative with signatory authority from each facility using the decimal eRT app must sign a User Agreement stating their understanding and acceptance of this responsibility.

Additionally, a site administrator with signatory authority will be required to sign an End User License Agreement on behalf of the facility indicating understanding of the responsibilities for quality, accuracy, and security described herein.

It is the responsibility that the user performs end-to-end testing prior to the clinical implementation of the decimal eRT app. The user should follow accepted industry guideline (such as AAPM TG244) for the end-to-end testing. This testing should be performed by qualified personnel.

It is the responsibility of the facility to ensure that all users of the decimal eRT treatment planning system have had training on the product and possess the appropriate clinical education, experience, and (where applicable) licensure to develop clinical treatment plans. This includes, but is not limited to, the application training provided by .decimal staff.

It is recommended that users follow acceptable global standards during the commissioning of the decimal eRT product. During the clinical set up, the following should be tested to ensure clinical safety prior to treatment:

1. Geometric relationships of the hardware machine models
2. The dose algorithm
3. Data access and storage
4. Accuracy of the planning dose systems.

It is critical that all users read these Instructions for Use and the User Guide material carefully and completely and consult the provided User Guides and other training materials to ensure proper use of the application and proper interpretation of results.

Caution: Federal law restricts this device to sale by or on the order of a physician.

The decimal eRT app is an interactive end user application for device creation, dose calculation, and many other purposes, for the intended use and primary purpose of enabling radiotherapy professionals to efficiently design and analyze electron radiotherapy treatment plans.

The decimal eRT app is a tool to develop radiotherapy treatment plans for delivery using an electron linear accelerator. Such plans are generally developed to meet the directives of a physician through a formal documented prescription. As such, the users of this application are expected to be supervised by an attending physician and should themselves be experienced in the physics and dosimetric characteristics of electron radiotherapy. Additionally, users are expected to have formal training in general radiotherapy techniques and best practices, electron therapy specific planning techniques, and general principles of patient safety and care. Most users will have college-level training or degrees, as well as licensure for their particular roles and responsibilities through their state, nation, or professional association. Users should also be well versed in regulations regarding protection of patient health information and have a basic understanding of standard practices regarding computer usage and security.

Users should also be formally trained on the decimal eRT application, its features, these Instructions for Use, and User Guide prior to performing clinical treatment planning using the application.

In the most common use case of the software, users will import patient data from existing imaging and contouring software programs, manage physician prescription information, develop an electron treatment plan, and analyze the plan to determine how well it meets the physician’s goals. The primary and most frequently used functions of this software are the data and patient record management (for patient data storage), dose calculation, device design & optimization, user interface controls, and visualization tools.

The decimal ElectronRT software communicates with other radiation oncology software generally by sending & receiving files in various DICOM RT formats. Since the accuracy of information computed and displayed by an application such as this is very important to the proper treatment of patients, it is critical that users have the appropriate educational and clinical experience backgrounds to adequately understand and use the product. Additionally, since each radiotherapy treatment machine produces a unique beam of radiation, there is much responsibility on the end users to adequately commission and test this software over the full range of expected treatment conditions before the system is utilized for patient treatment. It is this area that provides opportunity for the most likely misuses of the software, which would be incorrect or inadequate commissioning of the application (note many other cases of potential misuse will be designed out of the system by limiting user interactions, providing warnings, and preventing unsafe or incompatible operations). This main misuse is mitigated by requiring that users perform appropriate quality assurance measurements for each patient plan prior to treatment, which should independently confirm that the treatment plan displayed within the decimal eRT app adequately matches the actual to be delivered plan. Please note that such testing is a safety and regulatory requirement in most territories.

The decimal eRT app has four main components for its data storage that allow secure and efficient data access while sharing patient data and cached calculation results across an organization for multiple users. The four data storage systems are as follows:

At a high level, the decimal eRT application interacts with each data storage element during normal treatment planning as depicted in figure 1.

Fig. 1: Data Management Overview

The decimal eRT app allows for centralized patient data that is shared between multiple clients (figure 1). The patient storage folder includes an SQLite database for maintaining data records and modification events. By placing this directory on a network location users can share the database across multiple workstations and users.

Patient files are stored in a folder structure that represents the organizational hierarchy of the patient data model. All patient identifying information is encrypted, refer to File Security for more details, in the database and patient data files to prevent unauthorized access to patient data. Files also include 32bit checksums that are linked to encrypted database entries to ensure they are not substituted or modified in an unauthorized manner. Refer to Data Integrity for further details on how data is prevented from modification and changes.

The decimal eRT app uses calculation data caching to improve the user experience by loading results from disk rather than recomputing on demand. The calculation disk cache files are comprised of proprietary compressed binary files that represent a completed calculation result. Storing and using the cached calculations results in speedier load times of patient/plan data, beam dose, and hardware devices without having to utilize the processing power of the computer each time a plan is opened. If a calculation result is not found in the calculation cache, the calculation will be performed and the results stored in the cache. The calculation cache is comprised of a local disk cache and an optional network cache (refer to figure 2).

Using the local cache allows for the caching of calculation results to the individual user’s workstation and the network cache allows users to share calculation results among all users using the centralized patient database (e.g.: user 1 saves a plan and user 2 opens the plan on a different computer; by saving to the network cache, user 2 automatically loads in user 1’s results without having to recompute them). Reading data from the local cache allows for the fastest data load time for the end user. Refer to figure 2 for the cache saving mechanics between the local and network caches.

By default when decimal eRT is installed the cache locations are set to the following:

• Local cache: C:\ProgramData\decimal ElectronRT\cache
• Network cache: None - This must be setup in the application settings for each client workstation that is intended to use the network cache

Fig. 2: Data Cache Overview

When the local and/or network cache fills past the set limit within the decimal eRT client, the oldest data will be removed so the cache remains under the limit in the app settings. No plan record data is kept within the local or network cache, so loss of this data only impacts user performance of unapproved plans. On plan approval all critical plan data (devices, dose, etc) is captured in the Patient File Storage.

The local or network cache can be cleared by using the decimal eRT application settings.

In the case of a cache corporation, a manual cache deletion may be required. If the app is unable to open or crashes immediately on open, the local cache should be cleared:

1. Navigate to the cache directory (e.g.: C:\ProgramData\decimal ElectronRT\cache) and manually remove the entire cache folder
2. Reopen the application and the cache will be rebuilt as the decimal eRT application is used

As with any software application there is always concern with system and data integrity. decimal eRT makes use of caching at various system levels to improve performance and mitigate some of these concerns. Refer to Data Management (Storage and Caching) for details on decimal eRT data caching. While decimal eRT has been designed with security in mind, users should understand that it is still their responsibility to ensure the system is accessed and controlled properly. Following international standards for IT risk management, such as IEC 80001-1, is therefore highly recommended.

Since data integrity is a critical feature for application such as this, the decimal eRT app automatically and continuously saves both the state of the application and the working record data on a timer (triggering every minute or less) as well as on exit of any create or edit event in the application. Additionally, each “save” event creates a new entry in the record's history log in the local database, which provides a log file for editing of all records and ensures that patient records are saved securely. Note it is highly recommended that the application database is hosted on a separate server containing independent, redundant storage drives so that data is not lost in the event of a local system failure or crash.

The following table describes the file security methods used for decimal eRT data. The subsequent paragraphs provide supplemental details for each item.

All PHI/PII data (including data files and database fields) is encrypted using AES-256 with an encryption key that is unique for each organization/patient storage location.

• decimal eRT data files: (includes but is not limited to: organization, beam model, patients, course data, plans, etc) Files are encrypted using AES-256 when stored to disk and secured with a checksum stored as an encrypted field in the application database. When files are read from disk, the contents are checked against the corresponding encrypted checksum to ensure the file contents have not been changed, manipulated, or substituted.
• decimal eRT patient database: Database is encrypted using AES-256. Additionally, the patient identifying fields within the database are further encrypted using separate AES-256 encryption, adding an additional level of security for patient data within the application database.

Note: The local calculation cache files are a non-human readable, proprietary compressed binary format. These files may contain unencrypted patient identifying information. The local cache is purged as the cache fills with data, so exposure to long term data is limited. Workstation level disk encryption (e.g.: bitlocker) is recommended to protect against unauthorized access to calculation caches by providing encryption at rest.

Patient data is imported and exported using the DICOM NEMA 2020 standard to ensure the data is transferred error free and securely. Refer to the decimal eRT Dicom Conformance Statement for the supported DICOM tags.

Since the decimal eRT app stores data on local file storage on each customer's servers we recommend frequent periodic backups of the file-system in which the patient database and file store are kept.

There are 4 major components for the decimal eRT app that should be considered for data backup using the following Data Duplication or Backup Process. Refer to Data Management (Storage and Caching) for a full detailed explanation of each item.

.decimal recommends Patient Database [1] and Patient File Storage [2] backups as frequent as possible, at least nightly, to ensure there is no substantial dataloss or interruption of software use. If the [4] Local Data Cache is lost on each workstation the [3] Network Data Cache will be fallen back to by the decimal eRT app. So backup of this data is not necessary. Refer to Network & Local Caching for a overview of the caching mechanic.

It's also recommended that prior to deploying a new release version, a full data backup is performed. While this step should be unnecessary, it's recommended as a precaution in case there are problems with the version upgrade.

Since electron therapy generally requires frequent use of patient-specific devices that are often not fabricated in-house, there is a necessity to transmit device manufacturing parameters and information to .decimal servers to all for fabrication of the custom devices. In order to protect patient privacy, .decimal's proprietary order file format contains only the minimal data necessary to manufacture each requested device. .decimal values the privacy of patients and security of our customer's sensitive information and we believe the best safeguard to protect critical data is to ensure it doesn’t leave your facility. As such, no PHI, PII, or any sensitive customer billing/payment information is contained in the order files sent to .decimal.

Fig. 3: Internet Data Transfer

Data is transferred to and from the decimal Direct servers using secure HTTPS transfer protocols that guarantee error-free transfer using common industry standard techniques. All data passed to and from .decimal's ordering servers is encrypted during transit and does not contain patient identifying data.

Treatment plans are protected against simultaneous record access and data loss by ensuring an attempted update to plan data is not based on an outdated base file. If the local plan record has been accessed simultaneously by another user and has been modified (committed to the database) by another user, the outdated local plan record will be unable to commit the change until the plan has been updated locally.

The following is a list of several important items that users should understand in regards to the information displays in the decimal eRT application:

• decimal eRT exclusively uses the DICOM patient coordinate system for position display information (equipment based coordinates are NOT available)
• Local equipment coordinates are available for machine rotational axes (i.e. gantry, couch, and collimator) and users should configure each treatment room to match their actual equipment using decimal eRT site level settings at the time of commissioning
• All linear dimensions are shown in centimeters (cm)
• All angular dimensions are shown in degrees (deg)
• All radiation dose quantities will be shown with their corresponding units within the application (e.g. Gy or %)
• All date/time values are provided in a yyyy-mm-dd h:m:s format using local time on a 24 hour clock
• All date and time notifications in decimal eRT should match current Windows OS date and time, including proper use of daylight savings time where appropriate (note: decimal eRT will display in 24 hour format, while Windows may display in am/pm depending on local settings)

Users are responsible for inputting a lot of data into decimal eRT to develop clinical treatment plans. In the course of entering such data, there are opportunities for users to enter incorrect information. Although users are responsible for checking for such errors before clinical treatment, decimal eRT does provide some assistance in ensuring data limitations are met by a plan. Machine energy, beam treatment angle limits, applicator collision detection, SSD limits, as well as electron block sizes and availability are all explicitly limited to user configured ranges within the decimal eRT controls. Additionally, certain incompatible settings, e.g. negative prescription doses, are also explicitly prevented within the decimal eRT user interface.

Despite these many data validation checks, some entries are not able to be validated within the decimal eRT user interface and users should include appropriate checks and warnings in their custom treatment plan reports to ensure such concerns are brought to the attention of all responsible parties before patient treatment begins. Additionally, some checks are implemented as warnings and can be overridden by users. In such cases, treatment plan reports will include a statement such as this (or similar): “CAUTION: SOME DATA ELEMENTS USED WERE OUTSIDE NORMAL RANGE”.

The .decimal ElectronRT App has a limit of 10 treatment beams allowed per plan. Exceeding this amount of beams is considered outside the normal application limits and users will be warned accordingly within the application.

The decimal eRT app UI and plan reports will provide a warning to the user if a beam's field size is larger or smaller than the allowable field sizes listed in the commissioning data for the selected beam energy. The warning will appear in the Beams Block next to each beam and as a warning on the Treatment Plan PDF report.

The decimal eRT app is a complex treatment planning system and as such it contains many different displays throughout the plan creation process. The provided User Guide Tutorials provide detailed descriptions of each task and display present in the system.

The decimal eRT application will contain sensitive patient information that is protected under various governmental regulations, therefore users must ensure they adequately follow all appropriate and applicable rules regarding how, where, and when their staff may access the application and its data. In order to facilitate proper usage and protections, decimal eRT has a robust user authentication and permissioning system. Since all application and data access requires user login credentials, it is important that a strong password policy is used and that all users understand the importance of maintaining secrecy of their password (i.e. passwords should never be shared among more than one user). It is these user credentials that protect the system and its data from unauthorized access and replication.

Currently the .decimal authentication systems requires passwords to have:

• At least 1 special character (!@#$%^&*)
• Lower case (a-z), upper case (A-Z) and numbers (0-9)
• Must be at least 10 characters in length

decimal eRT uses Auth0 as an Identity-as-a-Service provider for user account management. All user accounts and credentials are managed by the Auth0 service including user creation, password policies, password resets, and secure authentication.

As decimal eRT is deployed on customer workstations the site administrator will be responsible for the installation of the software on the appropriate workstations and the account management of all users at the facility. Each employee should have an individual login and password to access the decimal eRT application that prevents unauthorized access, and account sharing should be strictly prohibited.

Users authenticate and launch the decimal eRT application using the decimal Launcher.

When decimal eRT is launched from the decimal Launcher, decimal eRT is given an JWT authentication token for the logged in user. This token is used to authenticate and perform decimal Direct API requests. This JWT token is issued by decimal Direct and Auth0 and has a built in expiration. When this token expires the user will be logged out of the application and be forced to re-authenticate and relaunch the application using the decimal Launcher. Refer to decimal Launcher's User Guide for details on this authentication token and its expiration.

Auth0 user credentials are authenticated and validated using the decimal Direct API by decimal eRT each time a user logs in and on recurring timer events. If user credentials are invalid or expired, users will automatically be logged out of the application and prevented from using or accessing any data within the application/system.

decimal eRT has a built in inactivity timeout that will automatically log the user out if no mouse/keyboard activity has occurred. The timeout setting can be changed in the decimal eRT application settings. Idle workstation locking at the OS level is also recommended for all workstations with access to decimal eRT. While there are inactivity and session timeouts built into the application, workstation idle locking will further protect the system from unauthorized access in-between session timeouts.

decimal eRT site managers have the ability to add and remove users to their site. When adding a new user an Auth0 account will be created for the new user and automatically linked to the site. The user will then be notified to set their password following the Auth0 password reset process. Removing a user from a site does not delete the user's Auth0/.decimal account, but removes the account from the site, effectively removing all access to the site's apps, data, and device order history. Refer to the decimal Direct User Guide for more information.

Account permissions are able to be set by the Site Administrator within decimal Direct's App Permissions page. eRT has two levels of account permissions:

1. User Levels: A high level generic group for the user that provides general access levels
2. Feature Permissions: A feature by feature granular permission for the user

decimal eRT limits the features available to users based on their .decimal account user permission level. The following user permission levels are available:

In addition, eRT also provides user based permissions for specific features within the application.

For a list of known system issues and limitations please refer to the following articles for the decimal eRT app. decimal eRT Known Limitations

The decimal eRT app is installed and launched from the decimal Launcher. The Launcher program provides the following functionality in regards to decimal eRT:

1. Ensures that all users at a site are using the same version of the application
2. Ensures that the local app client stays in sync with the latest release version (as set via decimal Direct)
3. Provides user authentication and password management
4. Provides binary file security to ensure that the application files are not tampered with on .decimal's server or on client workstations (via hashes and checksums). Refer to decimal Launcher's Application Security page for further details.

When an application update is available via the decimal Launcher, the users will be required to install the app in the Launcher. This is accomplished by selecting the Download button for the specific app. Within a few minutes, the app should be downloaded and installed locally for the current user account. The user will then be able to launch the released app version from the Launcher.

Details regarding the specific requirements for computers on which the decimal Launcher and decimal eRT client applications will be installed can be found on the decimal Launcher System Requirements and decimal eRT System Requirements page.

When a new application version of decimal eRT is released, users will be notified in the decimal Launcher. This notification serves only to notify users of a newer version of the application and does not result in a newer version being installed for use.

New release versions of the decimal eRT application should be tested prior to clinical deployment following the Testing New Releases guide.

Once an app version has been reviewed and approved for release at a site, the application will be deployed to the decimal Launcher clinical environment following the Updating Applications guide. This will immediately push the app update to all decimal eRT users (via the decimal Launcher) and all users will be required to update to the released version to continue using the software.

For the release notes for each version of the decimal eRT application, please refer to the decimal eRT Version History page.

The decimal eRT app is tested for version compatibility by .decimal prior to release to customers. However, it is still important for each site to independently test and verify the data integrity of each version prior to release at the site. Specifically, .decimal will test the version compatibility by:

• Adding manual and automatic data upgrades, as appropriate, for changes in the data model. When applicable, these changes are required to be sensible to the clinical environment and will be documented in the release notes.
• Test the final dose calculations of matching patients between the two app versions to ensure the final doses exactly match (unless the app release notes has been otherwise indicated that the dose calculations have changed).

Prior to releasing a new app version into a site, it is imperative to ensure that the data is compatible between the existing version installed in the clinical environment and the new version that is intended to be installed. This should be tested according to the Clinical Safety Guide for your site.

New release versions of the decimal eRT application should be tested prior to clinical deployment using the decimal Launcher Sandbox feature and the decimal eRT Sandbox configuration where the new version can be tested for clinical acceptability according to the Clinical Safety Guide. Sandbox and release versions of applications are managed via the decimal Launcher and decimal Direct app management system. Guides for these features can be found in the decimal Launcher Updating Applications guide.

The following procedure shall be followed in order to safely release new versions of an application:

1. Perform Data Backup of all clinical patient data.
   1. While this step should be unnecessary, it is recommended as a precaution in case problems arise during the version upgrade.
2. Review the release notes for the new version and ensure you understand the changes and acknowledge any risks of deployment of the new version to your site.
3. Install the release candidate version of the application to the decimal Launcher Sandbox environment and use the decimal eRT Sandbox Testing process to open clinical data in the isolated sandbox mode.
4. Open existing patients in the Sandbox environment. You should ensure each of the following for the existing patients and plans in the sandbox testing:
   1. The patients and plans all open without errors.
   2. The final dose result is the same as the previous version. Note: for unapproved plans the dose results may recompute. For approved plans the dose and device results should be exactly the same.
   3. Perform any testing deemed appropriate in regards to the changes outlined in the release notes and required by regulatory guidelines for treatment planning system upgrades.
5. Once the release candidate has been thoroughly tested and is ready for release, notify all users at your site of the pending release and set an appropriate date and time for the release (it is generally good practice to stop all active clinical use during the upgrade, so it is best to choose a time outside of normal clinical operating hours). At the designated date/time back up the clinical data (data may have changed since the previous copy was made, so do not skip this step). Keeping the latest backup of data is important as it provides the ability to roll back to a working clinical state should the release process fail.
6. Using the decimal Launcher Updating Applications guide, release the new version of decimal eRT to your site for the Clinical environment.

decimal eRT patient data can be duplicated or backed up by manually copying the file system stored on disk. This will create an exact replicate of the original data used by decimal eRT. This process allows for data backup, release testing, or data manipulation without adversely impacting the original data store.

The Data Backup Recommendations section outlines the recommended frequency for backup of each data storage element used by decimal eRT. Refer to Data Management (Storage and Caching) for an outline of each data storage location to determine the appropriate scope of the data duplication or backup.

The current data storage locations are set in the decimal eRT application settings page. By copying the folders linked from these settings, the application data is fully captured and backed up.

To restore or link to a different data store, open the decimal eRT application settings page and update each setting to the new file storage location.

The following page describes the hierarchy of data used to manage patient data records within the decimal eRT treatment planning environment.

There are three main levels for how decimal eRT stores its data:

1. Patient
   1. A person receiving medical treatment. A Patient record contains basic personal information and demographics, as well as any number of treatment Courses.
   2. This is where the patient name (prefix, given name, middle name, family name, suffix), medical record number (MRN#), sex (male, female, other, any) and date of birth (month, day, year) are stored.
2. Course(s)
   1. A description of the patient's anatomy. Contains a single CT image set and all structure contours (targets and organs at risk) associated with these images. A Course can contain any number of associated Plans.
   2. Contains the physician's orders for treating this Course and contains information about the prescription and other clinical goals for the Course.
3. Plan(s)
   1. A detailed model of an electron therapy treatment. Most aspects of the patient planning information are stored here (e.g. Beams, Devices, Dose). A Plan will implement all of the Course prescription and physicians will approve a Plan to indicate it is ready to proceed to QA and (if successful) on to actual patient treatment.
   2. A Plan also contains a QA record (once the plan is approved) that facilitates completion of plan dose QA and device QA.

A single Patient can have one or multiple [1 - n] number of Courses (by importing multiple DICOM data sets for the same patient), and a Course can have one or multiple [1 - n] number of Plans. This relationship is detailed in the table below:

Details regarding the specific requirements for computers on which the decimal Launcher and decimal eRT client applications will be installed can be found on the decimal Launcher System Requirements and decimal eRT System Requirements pages.