Page 235

6—
Conclusions and Recommendations

Ensuring that the Internet becomes a suitable, ubiquitous medium for supporting health applications is a challenging task. Not only must the Internet provide connectivity among the participants in health-related information transactions, but it must also ensure that such transactions can occur predictably, efficiently, and without endangering patient safety. Consumers must be able to determine the quality and provenance of the information they retrieve from the Internet. Care providers who access patient records remotely must be assured that the network will be available when and where needed. Administrators must be sure that bill payment and enrollment information is not corrupted as it crosses the Internet. Without proper security protections, use of the Internet to transmit medical records could make personal health information more susceptible to breaches of confidentiality and loss of integrity. Without adequate assurances of network reliability and quality of service (QOS), use of the Internet for remote monitoring of patients, controlling remote medical equipment, or conducting remote medical consultations could impair rather than facilitate the delivery of quality health care. Addressing these concerns demands efforts in many areas, both technical and nontechnical.

This chapter summarizes the committee's main conclusions and recommendations for making the Internet capable of supporting a wide range of health applications. Drawing upon the material presented in Chapters 2 and 3 of this report, it identifies the technical capabilities the Internet must possess in order to provide the security, reliability, andcontinue



The National Academies | 500 Fifth St. N.W. | Washington, D.C. 20001
Copyright © National Academy of Sciences. All rights reserved.
Terms of Use and Privacy Statement



Below are the first 10 and last 10 pages of uncorrected machine-read text (when available) of this chapter, followed by the top 30 algorithmically extracted key phrases from the chapter as a whole.
Intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text on the opening pages of each chapter. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.

Do not use for reproduction, copying, pasting, or reading; exclusively for search engines.

OCR for page 235
Page 235 6— Conclusions and Recommendations Ensuring that the Internet becomes a suitable, ubiquitous medium for supporting health applications is a challenging task. Not only must the Internet provide connectivity among the participants in health-related information transactions, but it must also ensure that such transactions can occur predictably, efficiently, and without endangering patient safety. Consumers must be able to determine the quality and provenance of the information they retrieve from the Internet. Care providers who access patient records remotely must be assured that the network will be available when and where needed. Administrators must be sure that bill payment and enrollment information is not corrupted as it crosses the Internet. Without proper security protections, use of the Internet to transmit medical records could make personal health information more susceptible to breaches of confidentiality and loss of integrity. Without adequate assurances of network reliability and quality of service (QOS), use of the Internet for remote monitoring of patients, controlling remote medical equipment, or conducting remote medical consultations could impair rather than facilitate the delivery of quality health care. Addressing these concerns demands efforts in many areas, both technical and nontechnical. This chapter summarizes the committee's main conclusions and recommendations for making the Internet capable of supporting a wide range of health applications. Drawing upon the material presented in Chapters 2 and 3 of this report, it identifies the technical capabilities the Internet must possess in order to provide the security, reliability, andcontinue

OCR for page 235
Page 236 quality of service that health care applications demand. But it does not stop with recommendations on technical requirements. It also discusses the policy and organizational issues that must be resolved to make the health community more capable of adopting Internet applications in both the short and long term. The capabilities the Internet offers to consumers, care providers, public health officials, health care administrators, and researchers promise to reshape the landscape of the health sector. Accommodating these changes will require actions within individual organizations and across them, enlisting the support of technologists, practitioners, legislators, and the general public. This chapter, accordingly, makes recommendations in areas ranging from identification of the needed technical capabilities of the Internet to specification of the organizational and policy issues that constrain its use in health applications. The recommendations are targeted at policy makers, the networking research community, researchers in health-related fields, health care administrators, and managers of health-related organizations. Taken together, the recommendations aim to provide guidance both on short-term measures that can set the process in motion and on long-term and continuing needs in communications, information technology, and health care. Conclusions Conclusion 1. The Internet can support a wide range of applications in consumer health, clinical care, health care financial and administrative transactions, public health, professional education, and biomedical research. The networking capabilities needed to support these applications are not unique, but they do reflect distinctive characteristics of the health environment. In each of the domains examined by the committee, the Internet could be used to facilitate communications among parties in ways that can improve quality and efficiency. For example, in the clinical care domain, care providers already use the Internet to search the professional literature for information on particular diseases or to examine evidence-based practice guidelines for managing a particular disorder. As ongoing projects demonstrate, the continued research, development, and deployment of Internet applications will allow care providers to more routinely access electronic medical records held by an affiliated health care organization or to interpret medical images (such as mammograms) sent to them from a remote mammography center. They will be able to offer remote medical consultations to patients in rural areas or to adjust settings on remote dosimetry equipment or pacemakers without establishing fixed, dedicated connections between sites. They will increasingly participate incontinue

OCR for page 235
Page 237 online discussions with other care providers to consult on particular cases, sharing medical records and images as needed. The success of any of these applications depends on a variety of factors, including their cost-effectiveness, ease of use, and ability to improve on existing processes. While some applications are already being used in operational environments across networks other than the Internet, many represent new capabilities that have no parallel on other networks or that have not been fully implemented on a large scale, such as remote medical consultations. As a result, not enough information has been gathered to allow evaluation and comparison, and continued experimentation will be needed to explore and evaluate their true potential, their technical needs, and their real-world operational requirements. A preliminary assessment (Table 6.1) shows a diversity of technical needs, with some commonality, at least within a particular domain (e.g., clinical care, public health) or class of application (e.g., real-time video, file transfers, collaboration). Consumer applications, for example, tend to demand high levels of security to protect confidentiality; clinical applications require a combination of security (to protect confidentiality and data integrity), reliability, and QOS. Virtually all collaborative applications—regardless of whether they are in clinical care, public health, biomedical research, or other domains—demand high levels of QOS, and file transfers in any health application tend to strain technologies for authenticating the identity of communicating parties. Determining which technical capabilities health applications will demand must be viewed as an ongoing process as workers envision, develop, and evaluate new applications. The technical capabilities demanded by a number of health applications of the Internet exceed those provided by the current Internet, but they are not necessarily unique. Applications in other sectors (e.g., defense, entertainment, financial services) also require better security, reliability, and quality of service. However, when these technical characteristics are combined with factors such as the distributed nature and economic structure of the health industry and the constraints of operating in a health care environment, it can be seen that health does occupy a distinct, if not unique, position. Solutions to problems of authentication and QOS, for example, must scale sufficiently to support the activities of numerous independent health organizations and hundreds of millions of potential users. This argues for full participation by the health care community in defining the research agenda and contributing to its resolution, as the Internet moves forward with new architectures and technical capabilities. Conclusion 2. Security and availability are critical technical needs for health applications of the Internet and are not adequately met by today's Internet.break

OCR for page 235
Page 238 TABLE 6.1 Primary Technical Challenges and Limiting Technical Factors in Selected Health Applications of the Internet   Class of Application     Real-Time Video Transmission Static File Transfer Remote Control Information Search and Retrieval Real-Time Collaboration Primary Technical Challenges Application Domain Consumer health Remote medical consultations to the home, office, or wherever the patient is located. Accessing personal health records online. Downloading educational videos. Sending periodic reports on health conditions to a care provider. Remote control of patient monitoring equipment. Online searching for health information or self-assessment guides. Looking for a doctor or hospital. Collaboration with care providers. Participation in chat groups and support groups. Protection of sensitive patient information from breaches of confidentiality and from corruption. Ubiquity of access so that all health care consumers can be reached at the location at which care is needed. Tools and policies for validating the quality of online information. Clinical care Remote medical consultations between clinician and patient or between two clinicians. Transfer of medical records and images (e.g., X rays, MRI, CT scans). Remote and virtual surgery (a long-term possibility being examined by the defense and space communities). Practice guidelines. Searches of professional medical literature. Consultation among care providers, such as for surgical planning, which may involve manipulation of digital images. Access to sustained bandwidth and low latency for remote consultations and collaboration. Security of clinical records. Network reliability. Ubiquity of access for care providers. Administrative and financial transactions Videoconferencing with real-time sharing of documents. Payment of services, enrollment of patients, quality reviews, etc. Large medical records and images may be transmitted in support of some claims. N/A Consumer access to information about health plans, participating practitioners, eligibility for procedures, covered drugs in formulary. N/A Security to ensure confidentiality and integrity of records. Network reliability sufficient to support regular use for business transactions. Standards for data exchange and definitions of data elements. Public health Videoconferencing among public health officials during emergency situations, such as chemical or biological attacks by terrorists. Incident reporting. Collection of information from local public health departments and laboratories. Surveillance for emerging diseases or epidemics. Transfer of epidemiology maps or other image files for monitoring the spread of a disease. N/A Access to published literature and research results as well as epidemiological data. Delivery of alerts and other information to practitioners or other health workers. Videoconferencing among public health officials during emergency situations, such as chemical or biological attacks by terrorists. Security to ensure confidentiality and integrity of laboratory reports and other public health information that may contain personal identifying information. Network reliability. Security from information warfare or attacks on the network's physical infrastructure. (table continued on next page)

OCR for page 235
CONCLUSIONS AND RECOMMENDATIONS 239 Information Search Real-Time ntrol and Retrieval Collaboration Primary TechnicalChallenges ntrol of Online searching for Collaboration with Protection of sensitive patient monitoring health information or care providers. information from breaches of :. self-assessment guides. Participation in chat confidentiality and from Looking for a doctor groups and support corruption. Ubiquity of access so or hospital. groups. that all health care consumers can be reached at the location at which care is needed. Tools and policies for validating the quality of online information. d virtual Practice guidelines. Consultation among Access to sustained bandwidth long- Searches of care providers, such and low latency for remote bility professional medical as for surgical consultations and collaboration. dined by literature. planning, which may Security of clinical records. e and involve manipulation Network reliability. Ubiquity of munities). of digital images. access for care providers. Consumer access to N/A Security to ensure confidentiality information about and integrity of records. Network health plans, reliability sufficient to support participating regular use for business practitioners, eligibility transactions. Standards for data for procedures, exchange and definitions of data covered drugs in elements. formulary. Access to published Videoconferencing Security to ensure confidentiality literature and research among public and integrity of laboratory reports results as well as health officials and other public health epidemiological data. during emergency information that may contain Delivery of alerts and situations, such as personal identifying information. other information to chemical or Network reliability. Security from practitioners or other biological attacks information warfare or attacks on health workers. by terrorists. the network's physical infrastructure. continued

OCR for page 235
Page 240 (table continued from previous page) TABLE 6.1 Continued   Class of Application     Real-Time Video Transmission Static File Transfer Remote Control Information Search and Retrieval Real-Time Collaboration Primary Technical Challenges Professional education Distance education: either real-time transmission of lectures or on-demand streaming video with integrated graphics. Real-time consultations with experts about difficult cases. Accessing electronic medical records from remote clinics. Downloading sets of reference images or prerecorded videos of lectures. Simulations of surgical procedures. Virtual environments for exploration of three-dimensional environments. Accessing reference materials and course materials. Virtual classrooms. Distributed collaborative projects. Distributed discussions. Sufficient bandwidth to accomodate large numbers of transactions from a single educational institution or to support access to remote scientific and clinical simulations. Ubiquity of access for students in remote clinical rotations and to support educational applications in the home. Biomedicla research Visual feedback from remote instrumentation. Online conferences. Collaboration among distant researchers. Transferring large data sets between computers for highspeed computation and comparisons. Reviewing results of remote experiments. Searching archives of three-dimensional medicla images. Controlling experimental equipment, such as electron microscopes. Searching remote databases and professional literature. Collaboration among researchers. Peer review. Interactive virtual conferences. Sufficient bandwidth to support rapid transfers of large sets of data for distributed simulations. Low latency to accomodate remote control of equpment. Limiting Technical Factors   Availability of sustained, predictable, high-bandwidth connections to many locations, including rural health clinics and patients' homes (to support remote consultations). Authentication of source and recipient of information. Security of personally identifiable information in transit across the network and in storage at either end of the network. Availability of sustained high-bandwidth connections for transfer of large, time-critical files. Network latency and bandwidth. Ability to obtain guaranteed bandwidth for predictable periods of time. tools for locating information of interest and for determining the quality of retrieved information. Means of allowing anonymous searches. Sustained access to high-bandwidth, low-latency networks for collaborations involving real-time video or manipulation of images. Multicast protocols to make more efficient use of networking resources.  

OCR for page 235
CONCLUSIONS AND RECOMMENDATIONS 241 ntrol Information Search and Retrieval Real-Time Collaboration Primary Technical Challenges is of Procedures. nts for n of tensional nts. tat :, such es. atency Width. obtain for periods Accessing reference materials and course materials. Searching remote databases and professional literature. Tools for locating information of interest and for determining the quality of retrieved information. Means of allowing anonymous searches. Virtual classrooms. Distributed collaborative projects. Distributed 1- alscusslons. Collaboration among researchers. Peer review. Interactive virtual conferences. Sustained access to high-bandwidth, low-latency networks for collaborations involving real-time video or manipulation of images. Multicast protocols to make more efficient use of networking resources. Sufficient bandwidth to accommodate large numbers of transactions from a single educational institution or to support access to remote scientific and clinical simulations. Ubiquity of access for students in remote clinical rotations and to support educational applications in the home. Sufficient bandwidth to support rapid transfers of large sets of data for distributed simulations. Low latency to accommodate remote control of equipment.

OCR for page 235
Page 242 All applications that involved the transmission of personal health information (such as data contained in electronic medical records, claims for payment, prescriptions, or public health reports from testing laboratories) demand that information be kept confidential. Furthermore, virtually all applications in consumer health, clinical care, health care financial and administrative transactions, public health, and biomedical research require that the integrity of information be assured and maintained both during and after transmission. Meeting these requirements demands a variety of technical supports (as well as policies governing the disclosure of information), including suitable encryption of information during transit and rigorous authentication of both the source and the recipeint of information. Access controls are also required to ensure that users can view only the information they are authorized to see; auditing technologies are needed to ensure that successful attempts to circumvent access restrictions are identified so that violators can be punished. The need for data protection and access control is acute in health applications because some personal health information is extremely sensitive. Not only can loss of confidentiality cause embarrassment and social stigmatization, but personal health information can affect an individual's employment and insurance coverage, especially for people with private insurance or who work for self-insured organizations. Moreover, once health information is divulged, its confidentiality cannot be regained; there is clearly a difference between the prospect of losing $50 when one's credit card number is stolen and losing privacy when one's HIV status is revealed to friends and co-workers. Confidentiality problems are compounded in health care because many people have a legitimate need to see sensitive patient information. These include workers involved, for example, in the provision of care, payment for services, and filling of prescriptions. In additoin, legitimate access may be needed by someone with whom the patient has had no previous relationship—perhaps a physician at an institution that the patient has not visited before (e.g., in an emergency room situaton). Although technologies have been widely deployed for encrypting information transmitted across the network (e.g., Secure Socket Layer encryption), technologies for authenticating the identity of users at both ends of a transaction are not in widespread use, especially among consumers. This approach is effective in electronic commerce applications because most vendors can obtain certificates to authenticate themselves to consumer Web browsers, but despite some early efforts no effective mechanism yet exists for providing authentication devices in large numbers to consumers, including patients. This is not an impediment to electronic commerce because most merchants are willing to authorize a transaction once a valid credit number is presented, but an artifact such ascontinue

OCR for page 235
Page 243 a credit card may not be suitable to allow access to an online health record. In telemedicine applications or the retrieval of medical records, a compelling need exists to identify the end user reliably. There are comparable circumstances in which an authenticated third party needs to gain access to information via the Internet, such as an emergency room physician accessing a patient's health record that is stored at another institution connected to the Internet. In addition to security, high levels of network availability are needed to support many health-related Internet applications, particularly in clinical care, in finance and administration, and in public health. Health care organizations must be assured that the network will be available almost around-the-clock if they become dependent on using the Internet for accessing electronic medical records, for remote monitoring of patients, or for clinical decision support. Payers and administrators will also demand high levels of availability if they are to use the Internet instead of private networks for important transactions. The network must be made robust against failure and against hostile attacks, whether directed at its physical infrastructure or at denying its services to end users by flooding its capacity (denial-of-service attacks). The need for security and availability is compounded by the fact that in many clinical applications of the Internet, human life and health may be at risk. Errant decisions based on incorrect information—whether in diagnosing a condition or filling a prescription—can be harmful or fatal. Hence, ensuring data integrity and properly authenticating individuals are even more important than in many other spheres of application. Inability to access patient information (such as from an electronic medical record), to complete a distant consultation, or to control remote monitoring and dosimetry equipment can also undermine the quality of care and, thus, the health of the populace. Internet-based applications, including the physical networks on which they run, must be robust in the face of failures. A broken fiber-optic cable should not prevent an application from running when an alternative path exists. Remotely controlled instruments should not perform any damaging action if they lose contact with the controller as the result of a network interruption. Guarantees of network performance must be extremely robust in order to prevent statistically unlikely events from having serious consequences. Conclusion 3. The quality of service needed by a number of high-end health applications will not necessarily be deployed soon across the Internet in a form that meets the needs of the health industry.break

OCR for page 235
Page 244 A number of potential health applications of the Internet demand guarantees on the quality of service they get across the Internet. The need for QOS derives from the frequent need for smooth and responsive interactivity. For example, care providers engaging in remote video consultations with patients or other care providers need sustained access to high-bandwidth connectivity (roughly 384 kbps for simple interactions and 768 kbps for higher quality video) for the duration of the consultation. So do molecular biologists who wish to control visually an electron microscope located at a remote facility, or medical students who wish to practice a surgical technique using multimedia simulations that are available on remote servers, or groups of surgeons from different parts of the country who wish to collaborate in planning a difficult procedure. QOS is also needed for making practical the real-time exchange of large images, whether medical images such as X rays and mammograms or anatomical images for educational purposes. QOS would not only need to ensure that adequate bandwidth is available to provide timely delivery of images but would also need to offer real-time interaction to allow a primary care provider and a consulting specialist to point out specific items of interest in the image. Whether the Internet will provide the needed capabilities in the near future is uncertain. The protocols currently deployed across the Internet for routing packets do not contain mechanisms to support guaranteed QOS; rather they provide best-effort service, in which packets are delivered as best the network's resources and traffic levels will allow. Internet service providers (ISPs) are attempting to improve service quality across their networks by deploying additional bandwidth, but this approach does not allow explicit guarantees to be made on bandwidth, latency, and jitter. Protocols have been developed to support different forms of QOS across the Internet (e.g., the differentiated service and integrated service models described in Chapter 3), but they have not yet been deployed, and even if deployed, they may not fully support health applications. For example, the differentiated services (diff-serv) standard does not include mechanisms for providing QOS guarantees for packets that must traverse the networks of different ISPs. Hence, individual ISPs may be able to offer improved QOS to customers attached to their networks, but they cannot provide guarantees related to traffic flows among organizations connected to different ISPs. Because the health industry is highly decentralized and individual care providers' offices may need to interact with a number of different managed care organizations, insurers, and other care providers, inter-ISP mechanisms will be important for health applications. The challenge of providing QOS in a health environment is further complicated by the extremely variable QOS needs of individual health organizations over time. The kinds of information exchanges in which ancontinue

OCR for page 235
Page 245 organization engages typically vary considerably in the course of a day, from simple exchanges of information regarding a patient's coverage by a health plan, through transfers of medical records with affiliated organizations, to the exchange of large medical images for interpretation and diagnosis. The bandwidth needs of a small medical clinic could, accordingly, vary enormously during the course of a day, ranging from near nothing one minute to several megabits per second the next. Finding ways to satisfy such variable demand for bandwidth economically represents a significant challenge. The integrated services (int-serv) approach to QOS can support variable bandwidth needs through protocols for reserving capacity, but such protocols may not be sufficiently scalable to support widespread deployment across the Internet, as health applications could demand. Nor can it be assumed that QOS mechanisms that are optimized for content distribution (i.e., information flows that are predominantly one-way) will be effective for the more symmetric transactions typical of many health care applications. Conclusion 4. Ensuring widespread access to the Internet is essential to achieving its promise in health applications. One of the most dramatic effects of the Internet is its ability to engage patients and consumers more actively in health issues. As the amount of health-related information on the Web increases, patients become more actively involved in maintaining their health: seeking information related to specific ailments or topics of interest, discussing medical problems with peers in online chat groups, e-mailing care providers with questions regarding symptoms or treatments, assessing their health, scheduling appointments with care providers, and maintaining their own health records online. These actions are reinforced by a number of fundamental factors in the nation's health care system, including greater consumer choice in selecting among alternative health plans, concerns about the quality of care provided by health care organizations in an increasingly competitive environment, and pressures to shift the site of care away from the provider location and to the consumer's location and to shift from unilateral to shared approaches that bring patients into the decision-making process. All of these factors encourage—and in fact require—consumers to become more educated about their health and health care. As these trends continue, the Internet will probably play a more central role in supporting the processes of health care, reinforcing the calls for expanding consumer access to Internet resources. Persistent inequalities of access to the Internet could exacerbate existing inequalities of access to health care. Strong social pressures exist to ensure some degree of equity in access to health resources. Recent statistics show that thosecontinue

OCR for page 235
Page 258 nology in health organizations. Most have tended to focus on stand-alone applications that operate within a single organization. Many of the challenges of Internet-based systems derive from the interconnection of many organizations to a large network. DHHS and its constituent agencies (NLM in particular) should fund pilot projects and testbeds that explicitly connect multiple organizations for purposes of information exchange. These projects are not intended to develop community-wide repositories of health information, as was attempted with community health information networks (CHINs), but should try to facilitate information exchange among limited sets of organizations, whether for clinical care (e.g., exchanges of medical records, the sharing of clinical guidelines, or remote consultations between an urban medical center and several remote clinics) or administration (e.g., payment of claims). Only by establishing testbeds on a large scale can the issues of scalability and the effects of decentralization be identified and evaluated. These projects should explore the capabilities, limitations, and performance requirements for health applications in a highly networked environment with amny participating users at different organizations. For example, projects could be supported in application domains such as (1) public health surveillance, (2) clinical care, (3) home-based care, (4) remote consultations, and (5) payment for services. Pilot projects that integrate entire vertical slices of the ehalth care delivery process could also be tried. Such projects would help private and public organizations experiment with possible applications of the Internet and determine the ways the Internet can be used most effectively. By involving a large number of organizations, the projects will also aid in understanding issues associated with access to information resources, especially if the projects involve outreach to individual consumers. They would look at whether the research efforts outlined in Recommendation 1.1 had achieved the infrastructure required for health networking applications. Thus, demonstrations that show the effective use of advances in bandwidth, latency, QOS, and reliability would be most appealing. Recommendation 2.2. Federal agencies such as the Department of Veterans Affairs, the Department of Defense, the Health Care Financing Administration, the National Institute of Health, and the Indian Health Service should serve as role models and testbeds for the health industry by deploying Internet-based applications for their own purposes. The information technology and health, care industries need to do considerable experimentation, standards development, and integration work before the Internet can be used routinely for health care purposes.continue

OCR for page 235
Page 259 The government could play a proactive, catalytic role in this effort. It operates a subjstantial health care operation of its own, in the form of the health care systems operated by the Veterans Health Administration (part of the Department of Veterans Affairs, or VA), the Department of Defense, and the Indian Health Service. The Health Care Financing Administration operates an enormous system to pay for care provided under the Medicare, Medicaid, and related programs. By partnering with industry, these government agencies could use the Internet aggressively in their health-related systems. HCFA could, for example, develop policies and standards for the electronic submission of Medicare claims and could act as the certificate authority for a public key infrastructure for authenticating people and organizations that submit claims. The DOD and the VA could use their telemedicine programs and efforts to exchange medical records as testbeds and demonstrations that could influence private sector initiatives. In effect, these would be pilot implementations and they would help industry develop apprpriate standards and software. An open-source model could be required, thus making the fruits of this effort available broadly to industry. This is an are where governmental leadership is likely to be crucial and where passivity on the part of the government will cause many lost opportunities. Recommendation 2.3. Health organizations in industry and academia should continue to work with the Department of Health and Human Services to evaluate various health applications of the Internet in order to improve understanding of their effects, the business models that might support them, and impediments to their expansion. Health organizations will adopt health care applications of the Internet largely on the basis of their ability to improve the quality of care and reduce its costs. Deployment of needed infrastructure will be motivated by the development of business models for supporting the applications and paying for network services such as QOS. To date, the health industry has had little guidance in these areas, and its adoption of the Internet will be slow without better information. Work is therefore needed to determine the effect of internet applications on care quality and costs; organizational performance; job skills; relationships between participants (e.g., changes in the role of patients and responsibilities of patients); the economic or business models of care (e.g., use of the Internet to establish contractual relationships between affiliated care providers rather than buying them outright); provider workflows; and confidentiality and liability concerns. Across all of these areas, evaluations should seek to understand whether Internet-based applications have a different impact oncontinue

OCR for page 235
Page 260 quality, cost, and access to care than non-Internet based applications (e.g., are Internet-based implementations of electronic health records materially different from non-Internet implementations?). Simialrly, studies should identify factors that hinder the expansion of health applications of the Internet from portotypes or demonstrations to broad organizational or national use. Additional work is needed to develop mechanisms whereby the health industry can afford the investments in information infrastructure needed to enable more sophisticated applications. Elements within the Department of Health and Human Services can continue to play a vital role in providing financial support for these evaluations, as has been done by the National Library of Medicine and Office of Rural Health Policy. Recommendation 2.4. Public and private health organizations should experiment with networks based on Internet protocols and should incorporate the Internet into their future plans for new networked applications and into their overall strategic planning. Even though several years may pass before the Internet can provide the QOS, security, and reliability needed for health-related transactions, health care organizations need to start preparting now so that they will be equipped to use the improved capabilities offered by future generations of the Internet. They must develop an understanding of the ways the Internet can support their missions, prepare their infrastructures to be compatible with Internet technologies, develop the human resources needed to design, develop, and deploy effective systems, and put policies in place to govern the use of the Internet and Internet-related applications. Individual organizations and professional societies have roles to play in this endeavor. Because the health care industry has limited experience with Internet-based applications and because models for delivering and paying for health care continue to evolve, it is not yet clear how the Internet can best be used to improve health and minimize costs. In the end, some balance between Internet-based and private networks will probably emerge to meet the full spectrum of capabilities needed by health care organizations. In the meantime, these organizations should take steps to understand better the benefits of Internet-based systems and to have Internet-ready resources in place. They should establish institutional connectivity to the Internet and among their constituent organizations. They should establish network-based relationships with vendors that allow them to explore electronic commerce opportunities. They should begin using networks that incorporate Internet protocols such as TCP/IP, e-mail, FTP,continue

OCR for page 235
Page 261 and HTTP for internal communications. And they should begin thinking about ways in which the Internet can enhance and extend their missions. These represent relatively inexpensive steps for gaining critical insight into the ways the Internet may become more fully engrained in health processes at a later date. Without such experimentation, health organizations risk missing out on future opportunities. Addressing Educational Needs In order for the Internet to achieve its full potential in health applications, not only must it provide adequate technical capabilities, but health organizations also must be capable of adopting it. Health organizations will need the internal capability to envision ways in which the Internet could support their missions and to design, develop, and implement systems that fulfill those visions. The experimentation outlined in Recommendations 2.1 through 2.4 will improve organizations' capabilities considerably, but additional efforts will likely be needed to bolster internal policy development and human resource development. Efforts in three areas are recommended. Recommendation 3.1. Professional associations with expertise in health issues and information technology should work with health care organizations to develop and promulgate guidelines for safe, effective use of the Internet in clinical settings. Improved information outlining best practices for using the Internet in health applications would help individual organizations benefit from each other's experiences and develop informed policies and procedures to guide their own efforts to harness the capabilities of the Internet. Professional associations have an important role to play because their membership spans large numbers of organizations that face common challenges. Professional associations with expertise in health care and information technology could help convene groups that would develop standards and guidelines based on the experience and expertise of their memberships. Some associations have already taken productive steps in this direction. The American Medical Informatics Association, for example, developed a set of guidelines for using e-mail in clinical settings, and the Association of American Medical Colleges has initiated programs to evaluate the information technology needs of academic medical centers that could also produce valuable guidelines. Similar efforts are needed to develop guidance in (1) monitoring and conducting health-related chat sessions, bulletin boards, and forums, (2) remote education of health professionals, (3) disseminating information to a broad audience, (4) appropriate andcontinue

OCR for page 235
Page 262 inappropriate creation of provider/patient relationships, (5) assurance of the integrity and accuracy of patient-maintained health records, (6) means to assess trade-offs between security, confidentiality, and access, (7) direct marketing to patients of health care services (e.g., pharmaceuticals, prostheses), (8) communication across traditional boundaries (e.g., patient to provider), (9) clinical e-mail, (10) Web information services, and (11) privacy and security of electronic health information. Recommendation 3.2. Government, industry, and academia should work together and with professional associations having experience in health and information technology to educate the broader health and health care communities about the ways the Internet can benefit them. Part of the inability of health organizations to aggressively pursue Internet strategies derives from a lack of appreciation among health workers about the potential benefits of Internet-based applications. Many have had limited formal education in computing and communications technology and continue to have limited experience using it. Educational programs could go a long way to overcoming institutional resistance and helping workers to better use such systems. Academic health organizations and professional associations have important roles to play in educating the health community at large about the potential benefits of Internet-based systems in health care. Academic health organizations are among the leaders in applying the Internet to health applications and educate a range of health professionals. Associations can draw upon their large and diverse membership to pool ideas and reach out to individual organizations. They must also work individually to assemble information-technology-savvy staff who can envision and develop Internet-based health systems. Chief information officers and other high-level information systems professionals should have expertise in both information technology and health care. Recommendation 3.3. The Department of Health and Human Services should commission a study of the health information technology workforce to determine whether the supply of such workers balances the demand for them, to identify the kinds of training and education that workers at different levels will need, and to develop recommendations for ensuring an adequate supply of people with training at the intersection of information technology and health. For health applications of the Internet to be envisioned, developed,continue

OCR for page 235
Page 263 and deployed, knowledgeable workers are needed who understand both the technical capabilities of the Internet and the nuances of operating in a health context. Information technology firms perceive a distinct shortage in the number of qualified information technology workers they can hire, although a formal assessment of the situation is still under way.3 The supply of workers with both information technology and health skills may be even tighter, but the situation has not been well investigated. Impressions of supply and demand tend to be based on anecdotal evidence about the demand for graduates of existing programs. All health organizations will be affected by the Internet and will need to develop competencies to work with it. To date, support for training in areas such as medical informatics has come almost exclusively from the National Library of Medicine, but it will soon need to come from other sources as well if the pool of qualified workers is to grow. It is not clear what kinds of skills workers at different levels in a health organization will need. Additional study is required to determine the extent of the problem and the best avenues for addressing it. Addressing Policy Issues A number of impediments to Internet-based health care must be addressed at a policy level. While it is not possible to identify or predict all the barriers that will arise as the Internet becomes more widely used in the health sector, there is a need to ensure that regulatory barriers do not unnecessarily impede application of the technology as it evolves and that all demographic groups are active participants in health on the Internet. The impediments include issues such as payment for services delivered via electronic networks, licensure, and malpractice. These impediments have slowed past attempts to deploy telemedicine services more broadly; they exemplify the kinds of mismatches that may result from attempts to use laws and regulations created in the past to govern a growing range of Internet-mediated services. What were minor concerns in the past may become more important as the capabilities of the Internet grow and its applications expand into health and health care. The committee notes that it is not possible to enumerate all the ways in which the legislative and regulatory environment may need to be altered to accommodate the Internet in health and health care, but some of the areas that have been identified hint at the larger set of issues to come. Although it is beyond the scope of its charge and its expertise to provide recommendations for remedying these policy concerns, the committee notes that they pose a significant barrier to the deployment of Internet-based applications in health and health care and makes the following recommendation to hasten their resolution:break

OCR for page 235
Page 264 Recommendation 4.1. The Department of Health and Human Services should more aggressively address the broad set of policy issues that influence the development, deployment, and adoption of Internet-based applications in the health sector. Addressing the policy issues that are raised in this report will require strong leadership from federal health agencies. Not only does DHHS need to ensure that concerns and needs of the health community are reflected in attempts to address policy issues such as intellectual property protection, privacy, and access to the information infrastructure, but it can also help to ensure greater coordination of the efforts of federal health agencies in these areas. Elements of DHHS are involved in missions that are affected by these issues and have taken steps to address them, and the DHHS itself has taken steps to address issues such as the privacy and security of electronic medical records. Additional focus would help ensure that these issues are suitably addressed by the policy-making community. DHHS could play a number of roles: • Providing strategic leadership for Internet-related programs within the department and its constituent agencies and coordinating them with those of other federal agencies. Because the Internet may transform a number of aspects of health care, including many of those overseen by federal agencies, government would be well served by a process that would assess, manage, and monitor the implications of the Internet for federal health activities. Many of the agencies within DHHS, including the Health Care Financing Administration, the National Institutes of Health, and the Centers for Disease Control and Prevention, have ongoing plans to evaluate Internet applications in some of their mission-critical operations, but little higher-level strategy exists within DHHS for better harnessing the capabilities of the Internet throughout the organization. • Convening public and private bodies to identify and examine issues related to the Internet and health care. These bodies could help federal agencies identify issues that need to be resolved, provide guidance on the kinds of approaches that might be most effective, and ensure greater coordination of public and private efforts. The National Committee on Vital and Health Statistics (NCVHS) has been playing a similar role in the area of privacy and security of electronic health information and could serve as the model—or the seed—for other such groups. • Exploring cross-cutting issues that affect a number of government health agencies and developing programs for addressing them. For example, DHHS could examine ways to implement a public key infrastructure that would support a range of federal health activities, from provision of care in DOD and VA facilities to payment of Medicare and Medicaid claims.break

OCR for page 235
Page 265 • Encouraging sharing of information and perspectives among health-related agencies. Development of a health information infrastructure will involve a multitude of participants with different responsibilities and interests: provision of care, payment for care, monitoring of care, health-related research, public health, and others. Because of its broad interest and activity in many of these areas, DHHS could serve as a focal point for encouraging dialog among these constituents and coordinating activities. • Advancing the national debate regarding key information technology issues that affect health care. As noted throughout this report, considerable uncertainty exists about the ways in which the Internet is likely to influence the health sector and about the effectiveness of different applications. Based on experience with its own systems, its interactions with the private sector, and its ability to serve as a neutral meeting ground, DHHS could help the entire health community become better informed about use of the Internet in health care and about the technical, organizational, and policy issues that must be addressed. • Creating organizational structures to ensure that issues at the nexus of health and information technology are identified and addressed promptly and efficiently. The speed with which the Internet and its applications are advancing requires proactive consideration of opportunities and challenges and the structures that can respond to a rapidly changing environment. Progress has been made along some of these lines by establishing the DHHS Data Council and redefining the charter of the NCVHS. The NCVHS has, in fact, begun to address the creation of a health information infrastructure (NCVHS, 1998), but additional effort along these lines will be needed to ensure that adequate attention is paid to this emerging area. A Final Word The recommendations offered above are intended to set the nation on a course that will ensure that technology, organizational practices, and public policies converge in ways that will lead to broader deployment of Internet-based systems in health applications (see Box 6.1). Undoubtedly, this course will have to be recharted over time to reflect progress made along each of the fronts and as Internet-mediated health processes continue to unfold. Changes in the structure of the nation's health care will continue to drive the kinds of health-related systems that will operate over the Internet, and the Internet will, in turn, drive changes in the structure and nature of health care. Continued dialog between the information technology community and the health community will be central to ensuring that the Internet evolves in ways that meet the ever-changing demands and specialized needs of the health sector—and to ensuring that the Internet will support the health of the nation.break

OCR for page 235
Page 266 BOX 6.1 A View of the Future Two scenarios demonstrate the kinds of capabilities that could be achieved if the recommendations outlined in this report are implemented:1 Scenario 1: Georgia Johnson, a 64-year-old widow with hypertension and congestive heart failure, lives in Quincy, Pennsylvania. Her physician, Dr. Ramesh, is located in Baltimore, where she lived before her husband died. Ms. Johnson sees her doctor biweekly, through a videoconference visit that is hosted in her home by Marcus Brown, a student in the University of Virginia's distance-learning nurse-practitioner program. During a routine video visit, Dr. Ramesh tells Georgia that she needs to reduce her salt intake and gives her an information prescription. Marcus fills the prescription by adding two new features to Georgia's personal health Web page: an interactive diary that she will use to track her own sodium intake and a three-part multimedia series on living with congestive heart failure. During the visit, Georgia hears the doctor suggest that Marcus visit the NLM's Internet library of chest sounds to learn more about how to recognize congestive heart failure. At Georgia's request, Marcus shows her how to use this resource and links it to Georgia's Web page, too. After showing Georgia how to post a copy of the interactive diary to her electronic medical record, Marcus heads out for his next home visit. As he walks to his car, Marcus calls his e-transcription service, logs in, and dictates visit notes into Georgia's electronic medical record. Scenario 2: Juanita and Santos Del Rios have lived in the United States for 3 years. They live in a large apartment complex in downtown Miami with their four children, who range in age from 2 to 9. They are learning English, but they also depend on their 9-year-old, Rosa, who learns English in school, to help translate for them. Last year, their health plan sent someone to deliver a home health kit consisting of Internet connectivity, a digital thermometer, a heart rate monitor, a stethoscope, and a videocamera. The installer, who spoke Spanish, showed them how to use the equipment and to connect to the Internet through their television. One night, Juanita is awakened by the baby, who is coughing, wheezing, and crying. She wakes up Rosa and asks her to call the HMO for advice. Hearing the (box continued on next page) References Clausing, Jeri. 2000.''Report Rings Alarm Bells About Privacy on the Internet," New York Times, February 7. Health Care Financing Administration (HCFA). 1997. Telemedicine Report to Congress, Department of Health and Human Services, Washington, D.C., December 4. Available online at <http://www.hcfa.gov/pubforms/telemed.pdf> National Committee on Vital and Health Statistics (NCVHS). 1998. Assuring a Health Dimension for the National Information Infrastructure, October 14. Available online at <http://www.ncvhs.hhs.gov/hii-nii.htm>break

OCR for page 235
Page 267 (box continued from previous page) symptoms, the pediatrician on call asks to have a quick look at the baby. Rosa turns on the set, while Juanita sets up the health kit. Rosa establishes an encrypted session with the server and reserves a suitable level of bandwidth for a videoconference, using the "bandwidth wizard" on the server. When the connection is complete, Rosa selects the "habla Español" option for simultaneous subtitles, so her mother can communicate directly with the doctor, and pages the doctor. Remembering a recent news item about a rash of respiratory problems in this neighborhood, the pediatrician links to the local public health department e-channel to check on specifics. While waiting for the doctor to finish her research, Juanita scans the index of the HMO's self-help library and downloads two items, Las Syntomas de la Asma and El Gripe y su Niño, for later reading. These scenarios require advances in technology, organizational capabilities, and public policy in order to become commonplace in the future. The first scenario requires dependable bandwidth on demand, authenticated remote access to patient records, and widely accessible Internet-based collections of resources like the multimedia series. It also requires cross-border licensing arrangements and health care reimbursement policies that cover this kind of service. The technical requirements for the second scenario include cable modems, reservable bandwidth, encrypted server access, digital instruments, and instantaneous language translation. The nontechnical requirements include a health plan that supports home telemedicine and online access to Spanish-language consumer health information. Most features of these scenarios exist now but are not widely available or easily accessible to those who may need them. The expanded capabilities for health care outlined in these scenarios could be achieved in the near future given action on some of the recommendations outlined in this report. Even more exciting are the applications that could be imagined if the nation were to begin to use the Internet to its full potential in health applications. 1 These scenarios were first described by Valerie Florance of the Association of American Medical Colleges in a public briefing to release a prepublication version of this report. Because of the interest they generated, they have been included here. President's Information Technology Advisory Committee (PITAC). 1999. Information Technology Research: Investing in Our Future, National Coordination Office for Computing, Information, and Communications, Arlington, Va., February 24. Available online at <http://www.ccic.gov/ac/report/> Working Group on Biomedical Computing, Advisory Committee to the Director. 1999. The Biomedical Information Science and Technology Initiative, National Institutes of Health, Bethesda, Md., June 3. Available online at <http://www.nih.gov/welcome/director/060399.htm>break

OCR for page 235
Page 268 Notes 1. HCFA is already working to investigate means of reimbursing the costs of some types of remote consultation and has funded demonstration projects to explore alternative payment schemes. For information on HCFA's efforts on paying for remote health services, see HCFA (1997). 2. The Agency for Health Care Policy and Research was recently renamed the Agency for Healthcare Research and Quality (AHRQ). 3. The Computer Science and Telecommunications Board is studying workforce needs in information technology. Additional information on this project is available online at <http://www.cstb.org>.break