Clinical photography has now reached all areas of dentistry, with camera equipment and photography skills being present in many practices. Whilst taking good photographs is just one part of improving record-keeping, the other part, which is arguably the more important aspect, is to store securely this vast amount of data that is created. This article intends to explore the options available to practices to store the data securely and recommends the easiest and most effective ways available today.
CPD/Clinical Relevance: With clinical photographs becoming ever more important in the field of dentistry, correct storage and use of camera equipment is important.
Article
Over the last few years, dental photography has become an increasingly important tool for the dental team. This has created the challenge of requiring large amounts of storage space for this data. In addition, steps must be taken to allow the back-up of this data safely and securely.
All clinical images should be captured correctly and stored appropriately. This is to allow the practitioner to view these images quickly and safely when necessary. This article hopes to explain how practices can cope with the increasing demands of digital photography and gives advice on how to manage the storage requirements for this vast amount of data.
This article will examine the steps that all members of the dental team can take to ensure that they are able to store and use their images effectively. It will briefly explain how different back-up systems work and the advantages of systems that are relevant to dentistry.
In addition, with the increasing number of litigation claims for dental treatment now being seen in court, it would be sensible for practitioners to try to use digital photography as an additional method of record-keeping. However, images can easily be manipulated with readily available software and therefore only particular types of images can be classified as acceptable pieces of record-keeping which could be used in medico-legal cases.
The RAW image
The vast majority of digital SLR cameras allow the operator to take images in a format that is referred to as the RAW format. Currently, each camera manufacturer has its own extension for captured images. Whilst there are numerous camera manufacturers and RAW formats, there are two which are the most popular, Canon and Nikon. An image taken on a Canon DSLR could be named 0001.cr2, whereas a Nikon camera would show the image as 0001.nef.
The significance of a RAW image is that the image cannot be manipulated, thus this property allows the image to have legal relevance. RAW images record every pixel that the camera captured and therefore a situation arises in which the operator may find it difficult to store these large files. If a RAW image is to be edited, the image editing software will prompt the users to save their new image in a different format. Such practice allows the authenticity of RAW images to be maintained as well as the original data.
Whilst current recommendations for dental photography are to set the camera to record both the RAW and JPEG version of the photograph, this practice can complicate the storage of photographs as it greatly increases the amount of storage needed. There are a number of systems available for dental professionals to manage this situation appropriately.
SD cards
If RAW images are to be used in dentistry, consideration must also be taken to choose the correct SD card for the camera. As the RAW images are very large, an SD card should be fast to ensure that picture-taking is as quick as possible. SD cards are categorized according to the speed at which they are able to write data. There are two major categories of SD cards termed ‘Speed Class’ and ‘Ultra High Speed Class’. Marks are given to subcategories within these categories. The Speed Class is divided up into Marks 2, 4, 6 and 10, the Ultra High Speed Class being divided up into Marks 1 and 3. It is recommended that any SD cards in the Ultra High Speed Class or Mark 10 in the Speed Class should be used in dentistry. They can be found in many shops marketed as ‘Class 10’ SD cards.
Over the last few years, SD cards with built-in Wi-Fi have come onto the market, which allows the operator to auto-store and back-up all the photographs taken to a secondary device such as a server or computer. Using a Wi-Fi card can reduce the number of steps and time required to back-up digital photographs.
Back-up systems
The external hard drive
Currently, the commonest approach used by the majority of professionals is the use of external hard drives. Images may be stored on a personal computer and further backed-up to an external hard drive, giving two copies of the images. An alternative approach may involve using two external hard drives to back-up the images with no images stored on the computer.
Whilst the ease and relative cost-effectiveness of this approach may seem attractive to healthcare professionals, there are fundamental flaws with this approach that risk the loss of data. This is because the data is stored in a single premise and therefore an event such as a fire or robbery could risk the loss of all data.
Another major limitation for the use of external hard drives is the manner in which the devices are used, since all users may not have the time to copy their images onto two different devices. Therefore, an approach that could automatically carry out this step for the user would be beneficial and lead to a lower risk of data loss.
Network-attached storage devices
A network attached storage (NAS) device is simply a miniature computer that has no visual display. It consists of a basic processor and either a single large or multiple hard drives. The device is plugged into a router or a switch on the network. This allows devices connected to the network, such as computers or laptops, to access the storage device. These devices often have greater controls built into them in order to allow greater storage and security management. The latest generation of such devices also has the ability to back-up automatically whole computers or assigned folders from the computer.
Furthermore, towards the high-end of the NAS market, there are numerous companies offering devices that automatically back-up the NAS device. This could be in the form of the NAS device containing two hard drives, with only one being available to the user. Information is then automatically backed-up onto the other drive. Other NAS devices offer the ability to plug in an external hard drive and set a schedule to back-up the device automatically.
NAS devices also offer the user the ability to view these images whilst away from the premises, with all major companies providing proprietary mobile and desktop applications. This may be advantageous if images are required by professionals whilst working in different practices.
Whilst NAS devices solve the problem of being a more convenient way to access and back-up images, a fundamental flaw is still present insofar that they do not protect from data loss from events such as robbery or fire.
RAID
Loss of data can have significant implications for dental practitioners, as it may impede the ability to show patients their ‘before’ and ‘after’ pictures. More significantly, it may be a loss of a part of a treatment record.
RAID is a data storage virtualization technology that combines multiple hard drives for use in data redundancy or performance improvements. There are seven major types of RAID that are used in computers and servers across the world. They are named RAID 0, 1, 2, 3, 4, 5, and 6. There is only one type of RAID dentists should be familiar with as the rest are of historical significance or not relevant to dental practices.
RAID 1 comprises mirroring the data being copied from one hard drive onto another. This allows two hard copies of all data to be created. If one hard drive fails, there is no loss of data as it is still present in the other hard drive. This is the most appropriate use of RAID in dental practices. However, it must be noted that two hard drives must be used instead of one for storage of the same amount of data and therefore implementation of this RAID system creates cost implications as double the amount of capital must be used in the purchase of hard drives. This RAID system should also be implemented when purchasing servers for the use of recording patient records using digital note-taking software.
A study by Google Inc in 2007 showed that the annual failure rate of hard disks was 1.7% in the first year and 8.6% in three-year-old hard disks.1 Furthermore, another study by BackBlaze, a company selling dedicated file servers, showed that the survival rate of hard drives depended on the manufacturer of the drives: with 96.9% survival rate of Hitachi hard drives at 36 months, 94.8% for Western Digital and 73.5% for Seagate drives over the same period.2 Whilst one manufacturer may be more reliable than another, no manufacturer provided 100% reliability. This is a quite worrying statistic, as loss of data can become a significant problem for dental practitioners. The data loss was measured for only 36 months, however, it can be seen that the problems might increase still further if data is kept for longer, as dental practitioners are expected to do. Dental Protection (UK) states that records should be kept for 11 years for an adult, with children's records being kept for 11 years or up until the age of 25, whichever is longer.3
Hard disks are composed of many moving parts and therefore, if any part is damaged, the whole hard drive will be damaged, leading to complete loss of data. The past few years have seen the introduction of Solid State Drives (SSDs), which have no moving parts and therefore are much less likely to break. The only disadvantage with SSDs is that they are much more expensive compared to their equivalent capacity hard disks.
Whilst performance of modern hard disks have been accepted as adequate for use in dental practices, the mirroring properties and reduction in the risk of data loss offered by the RAID 1 scheme make it the only practical solution that should be used in dental practices. RAID 1 should be the only RAID system considered when establishing a back-up protocol for servers that store digital notes or for the storage of images such as radiographs and clinical photographs.
Security of cloud-based solutions
Even though data may be stored on multiple hard drives in the practice as a back-up feature, the risk of losing data still remains, as the premises could have a fire or theft. Therefore, the advent of cloud-based storage systems has become an attractive option for practices to use. However, a major risk associated with online-based services is the risk of loss of data and data falling into the wrong hands. There are steps available to practices to avoid such events from occurring.
The cost of these cloud storage services is reasonable, with many companies offering initial storage space for free and a small monthly fee for large amounts of further data. This gives practices the advantage that they would only pay the amount of storage they need to use and then gives them the facility to expand their storage availability both quickly and cost-effectively, without the need to buy further equipment.
A major disadvantage associated with cloud-based back-up services is that they rely upon a fast and reliable internet connection being present at all times. The initial back-up process can take a long time and further changes to files can then automatically be updated when added to the network.
To reduce the risk of data falling into the wrong hands, a difficult password for the cloud-based account should be decided. Google Inc has produced a series of guidelines to help users to create passwords that make it virtually impossible to be guessed by others.4
It must be remembered that no password is infallible with the main cause of illegal entry into computers and other electronic devices being through the use of social engineering. There is software available such as LastPass that allow users to create complex passwords and forget them, as the software remembers the passwords and inputs them for the user when required.5
However, more importantly, a cloud-based storage solution should only be used when a multi-factor authentication system is used. There are three possible factors of authentication, which can be split into the following categories:
Something only the user knows, eg password or pin;
Something only the user has, eg mobile phone or bank card;
Something only the user is, eg biometric identification such as a fingerprint.
Whilst three-factor authentication is currently not available in consumer grade products, two-factor authentication is available in the vast majority of cloud-based services.
Two-factor authentication is a technique whereby the password to the account is not the only determining factor for access to the cloud-storage system. This feature is enabled with the users providing their mobile number. When an attempt is made to log into the account with the correct password, the user is prompted to enter the code that is sent to him/her via a text message on his/her mobile.
This technique allows greater security when using cloud-based back-up solutions. Without such a feature enabled, it would not be a wise decision to use cloud-based back-up services to store dental images. At the time of writing this article, all major cloud storage providers, including OneDrive, Google Drive, Dropbox and Box offer this feature for free.
There are other providers of cloud storage, such as Jungle Disc, which target corporate customers. These allow you to control both the storage location and the encryption of the data. This category of storage providers are more suited to dental practices, as they provide a large storage facility and are cost-effective. They also allow you to sync a server to their storage locations, rather than to individual workstations, reducing overheads. They also use a more secure 256 AES encryption, which is not available on personal storage products from other leading technology firms. Furthermore, as major companies such as Google and Dropbox hold a large amount of information, they are often hit with denial of service attacks by computer hackers. If the data is stored in your own area in the cloud, you are much less likely to have it stolen or lost.
Furthermore, Google Inc has recently announced the introduction of a USB Security Key to add an additional layer of security to their services.6 The key must be entered into a computer when signing into their service as well as a password. A perpetrator would have to get the password as well as the USB key to steal the data. This would make the loss of data much less likely than the perpetrator needing the password alone.
The 321 system
The 321 system is a name given to a method of backing-up data that reduces the risk of loss; it is the most commonly used method of backing-up in modern technology firms.
It is the view of the author that there must be three copies of all data, with two being on the premises and with at least one being away from the premises.
Whilst every dental practice will have differing needs of a data back-up system, an ideal back-up system for their data can incorporate the principles of the 321 system.
A back-up system that is based on the RAID 1 standard scheme should be employed. This could be achieved via a dedicated file server or simply two external hard drives onto which the operator copies images. An NAS device offering RAID 1 configuration could also be used.
A solution for external storage of the images should also be sought. This could be the storage of an external hard drive on premises different from the location of the original images. Another solution to allow storage of images outside the premises includes cloud-based services. However, the operator must understand the risks associated with using such services, using methods such as strong passwords and multi-factor authentication, causing it to become very difficult for the loss or theft of data.
Automatic back-up
Whilst creating three copies of each image can be a time consuming exercise, there are ways in which three copies of the images could be created when simply copying images from the memory card onto the computer.
To do this, a system of RAID 1 on a dedicated file server or a NAS drive must first be set up. This creates the two copies of images or data needing to be backed-up automatically. The cloud program of the users' choice can then be set up to upload actively any changes to a specific folder, for example, uploading of clinical photographs.
After setting up, this allows the operator to copy the file from his/her cameras once and then three copies of this image are made automatically, with two being on the premises and one being uploaded to his/her chosen cloud storage system which has maximum protection.
Recommendations
Storage of images taken digitally is more important than ever, with increasing rates of litigation against dental professionals. It must be noted that all data we gather, including clinical photographs, are subject to the Data Protection Act 1998 and therefore we must follow its guidance to ensure that we store data safely and securely.7
To secure clinical photographs safely, it is recommended that the 321 system is incorporated into clinical practice, with two copies of the images being stored on the premises and one copy being stored at different premises, such as a cloud-based storage provider. However, it must be emphasized that using cloud-based storage providers can only be recommended when a very strong password has been used, alongside two-step authentication being enabled on the account.
Conclusion
It is important that, when practitioners start to use photography in their clinical practice, they also pay attention to the type of photographs they are taking and how to store them. If photographs are to be used as a clinical record, then they must be correctly taken and should be stored appropriately. The 321 system is ideal to use in dental practices to store images safely and securely. The use of cloud-based storage providers can only be recommended when a multi-factor authentication system is used.
