Networking Health Prescriptions for the Internet (2000) / Chapter Skim
Currently Skimming:
3. Technical Challenges
3. Technical Challenges
Pages 132-177
The Chapter Skim interface presents what we've algorithmically identified as the most significant single chunk of text within every page in the chapter.
Select key terms on the right to highlight them within pages of the chapter.
From page 132... ...
Health applications whether supporting consumer health, clinical care, financial and administrative transactions, public health, professional education, or biomedical researchare not unique in terms of the technical demands they place on the Internet: nearly all sectors have some applications that demand enhanced QOS, security, and broadband technologies. Nevertheless, particular health applications require specific capabilities that might not otherwise receive much attention.
|
From page 133... ...
It gives examples of challenges that real-world health applications can pose for networking research and information technology research more generally. In this way, it attempts to inform the networking research community about the challenges posed by health applications and to educate the health community about the ways in which ongoing efforts to develop and deploy Internet technologies may not satisfy all their needs.
|
From page 134... ...
No capabilities have yet been deployed across the Internet to ensure QOS. Virtually all Internet service providers (ISPs)
|
From page 135... ...
Increasing Bandwidth One approach taken by ISPs to improve their data-carrying capacity and relieve congestion across the Internet has been to dramatically increase the bandwidth of the backbones connecting points of presence (pops) .2 Today's backbone speeds are typically on the order of 600 megabits per second (Mbps)
|
From page 136... ...
The Transmission Control Protocol (TCP) , which underlies most popular Internet applications today, is designed to determine the bandwidth of the slowest or most congested link in the path traversed by a particular message and to attempt to use a fair share of that bottleneck bandwidth.
|
From page 137... ...
Both diffserv and int-serv will enable greater use of the Internet in some health applications, but it is not clear that these programs will meet all the needs posed by the most challenging health applications.
|
From page 138... ...
Differentiated services do not currently define any mechanisms by which QOS levels could be determined for different communications sessions on demand; rather, initial deployment is likely to be for provisioned QOS that is agreed upon a priori. As a simple example, a customer of an ISP might sign up for premium service at a certain rate, say 128 kilobits per second (kbps)
|
From page 139... ...
. Health care organizations have widely varying needs for bandwidth over time.
|
From page 140... ...
provides quantifiable, end-to-end QOS guarantees for particular data flows (e.g., individual applications) in networks that use the IP.8 The guarantees take the form of "this videoconference from organization A to organization B will receive a minimum of 128 kbps throughput and a maximum of 100 milliseconds end-to-end latency." To accommodate such requests, int-serv includes a signaling mechanism called resource reservation protocol (RSVP)
|
From page 141... ...
The goal of such approaches is to provide finer granularity and stronger guarantees than are provided by diff-serv while avoiding the scaling and administrative problems associated with int-serv's perapplication reservations. One such approach, which is being pursued in the Integrated Services over Specific Link Layers working group of the IETF, combines the end-to-end service definitions and signaling of intserv with the scalable queuing and classification techniques of diff-serv.~2 Another approach, referred to as virtual overlay networks (VONs)
|
From page 142... ...
Accordingly, the design of policy servers, which are responsible for storing policy data and making policy decisions, would benefit from the input of the health care community. Policy also has a role in a diff-serv environment.
|
From page 143... ...
Health care applications of multicast may emphasize different design and implementation features than would applications in other domains. For example, users in the health arena may be unlikely to create large multicast groups consisting of a single primary transmitter of information and millions of receivers, an approach more suited to the entertainment industry.
|
From page 144... ...
To date, malicious attempts to sabotage the availability or integrity of electronic health information have been rare.~4 However, the confidentiality of electronic medical records has on some occasions been compromised by individuals such as health care providers or administrators who have legitimate access to some aspect of an electronic record. Indeed, a previous study by the Computer Science and Telecommunications Board
|
From page 145... ...
Nevertheless, security technologies are increasingly important in an Internet environment. Health organizations have tended to rely on trust among health professionals to maintain the confidentiality of personal health information and have favored broad access to information (with some form of review of accesses)
|
From page 146... ...
Other functions, such as authentication of routing updates, need to be supported by network elements such as routers. Security features operate at different network layers (Box 3.1)
|
From page 147... ...
, so information is encapsulated into packets that are passed through the network from node to node without encryption. Software programs called "sniffers" can be run on any node through which packets pass and can scan the contents of a message even if the message contains sensitive health information or a user's password.
|
From page 148... ...
For example, a firewall might be configured to allow e-mail messages from outside the corporate network to pass through as long as they are destined to the appropriate mail server. Similarly, a firewall might allow access to an organization's public Web server but not to other Web servers
|
From page 149... ...
Although such networks often are designed to limit such external connectivity to one or two points, it is difficult to prevent unauthorized connectivity at other points. Individual users may establish dial-up modem connections to the Internet without the knowledge of the network administrators, creating a back door into the corporate network.
|
From page 150... ...
All use encryption as the basis for authentication and confidentiality. Encryption Technologies Encryption technologies generally are classified as either symmetric key systems (also called private key cryptography)
|
From page 151... ...
Distribution of Encryption Keys A major challenge in using asymmetric cryptography is the distribution of public keys. A person who wishes to use a certain public key for either encryption or authentication needs to know for certain that the key belongs to the appropriate entity; otherwise, authentication is not possible, and encrypted data may be read by an unintended recipient.
|
From page 152... ...
Good initial progress has been made in issuing certificates to Internet vendors of goods and services, but the process has not been extended to individual consumers. One way to make the process more scalable is to arrange CAs in a hierarchy, with the root CA certifying lower-level CAs that issue certificates to even lowerlevel entities, and so on down to the level at which certificates for individual users are issued.
|
From page 153... ...
The Simple Public Key Infrastructure working group of the IETF is attempting to develop an Internet standard that incorporates these ideas, but no related commercial products are available. Internet Protocol Security Internet Protocol Security is an architecture and set of standards that provides a variety of services, such as encryption and authentication of IP packets, at the network layer (Kent and Atkinson, 1998a,b,c)
|
From page 154... ...
Often, unencrypted data are sent over a LAN until reaching a VPN gateway; in other cases, as with frame relay, the data are not encrypted and are subject to misrouting. Transport Layer Security An alternative mechanism for providing encryption and authentication across the Internet is transport layer security, which is widely used across the Internet in the form of the Secure Socket Layer (SSL)
|
From page 155... ...
As a result, users can readily verify the identity of the organization with which they are communicating, but the server site typically cannot verify the identity of the person using asymmetric encryption techniques. Existing transport layer security, therefore, has been used for credit card transactions in which authentication of the user is not performed cryptographically but rather by some other means (e.g., verification of card number, expiration date, and billing address or a name and password)
|
From page 156... ...
This process introduces significant delay in password assignment, making the process inappropriate for health applications in which an emergency room physician may need access to a patient record at a remote hospital. The distribution process is also limited in that a mailed password can easily be intercepted by the wrong member of a household a vulnerability that may have more serious consequences with health data than with financial information.
|
From page 157... ...
Because they operate at the level of bits, access controls can be used to permit users to access portions of an encrypted file while still protecting the overall confidentiality of the information. Access controls can operate at virtually all layers in a networked applicationfrom the physical layers defining the communications medium itself through the application layer consisting of software programs and can extend access privileges based on various characteristics, such as the user's identity or role in the organization (Box 3.3~.
|
From page 158... ...
58 NETWORKING HEALTH: PRESCRIPTIONS FOR THE INTERNET accreditation boards, and policy makers and 34 representative types of institutions. Each of these users needs different information, and their access privileges could be markedly different, compounding the difficulty of developing effective access controls and confidentiality policies (upon which access controls are based)
|
From page 159... ...
The introduction of networking (e.g., the Internet) compounds the access control problem by facilitating the exchange of electronic medical records among different users of health information.
|
From page 160... ...
High availability is a key requirement for missioncritical and time-critical applications of the Internet, including many in health care. If the availability of the Internet is uncertain, then health care providers cannot rely on it for the provision of remote patient care or access to electronic medical records in the emergency room, although they may still be able to use it (with some degree of frustration)
|
From page 161... ...
Such disasters could be confined to the network, in which case mechanisms are needed for ensuring continued transmission of a variety of network traffic, or they could be more widespread fires, earthquakes, or storms and thus might call for ways of mobilizing health care resources despite widespread network outages. In both cases, mechanisms are needed to ensure adequate network availability for missioncritical applications and to handle high-priority traffic.
|
From page 162... ...
Organizations will meet many of these needs by leasing communications lines with the needed capacity. Alternatively, some organizations that provide content over the Internet and expect high demand for their services may attempt to offload some of their functions to third parties that can acquire the needed capacity, although there may be limitations to this model in health applications (see Box 3.4~.
|
From page 163... ...
Although leased lines, frame relay, and ATM are viable alternatives for a variety of institutional users, they are generally too expensive for residential users and small businesses (such as private practioners)
|
From page 164... ...
This requirement for symmetry in upstream and downstream bandwidth allocation represents a significant shift from most current consumer Internet applications, which assume the majority of information will flow from the Internet to the consumer. Two of the more popular technologies currently available for broadband access in the local loop modems using cable television lines and digital subscriber line (DSL)
|
From page 165... ...
TECHNICAL CHALLENGES 165 TABLE 3.2 Wireline Technologies for Residential Broadband Access Technology Downstream Data Rate Upstream Data Rate Dial-up modem Asynchronous digital subscriber line Cable modem Up to 56 kbps Up to 10 Mbps; typically 1.5 Mbps Up to 10 Mbps Up to 56 kbps Up to 768 kbps; typically 384 kbps 384 kbps NOTE: kbps, kilobits per second; Mbps, megabits per second.
|
From page 166... ...
Asymmetric DSL (ADSL) services typically can support data rates up to 1.5 Mbps downstream and 384 kbps upstream over twisted pair up to 18,000 ft.
|
From page 167... ...
The spotty coverage and high cost of high-bandwidth access technologies mean, unfortunately, that those who could benefit most from the health care applications of the Internet such as people in rural areas with limited access to medical specialists are the least likely to have high-speed Internet access. Work in many areas, both technical and policy-related, will be required to enhance network access for health applications.
|
From page 168... ...
The Internet may ease some such concerns because it enables consumers to find health information without visiting their care providers, and it may eventually allow them to seek consultation from, or be examined by, multiple providers in different parts of the country. But without additional privacy protections, a host of new companies could collect information about personal health interests from consumers who browse the Web, exchange e-mail with providers, or purchase health products online.
|
From page 169... ...
Encryption is the basic engine that underlies all of these mechanisms. Until now, most research on anonymous communication has been carried out informally and without specific attention to health care applications.
|
From page 170... ...
A straightforward approach to providing anonymous Web browsing uses a trusted intermediary, analogous to a simple re-mailer. The user forwards the universal resource locator (URL)
|
From page 171... ...
Onion routing needs a separate screening mechanism to anonymize the data flowing between client and server, so that the server is blocked from sending messages to the client that will cause client software to reveal its identity. Although the Onion Routing Project has implemented an anonymizing proxy to perform this type of blocking, a server can play any of an increasing number of tricks to determine the client's identity.
|
From page 172... ...
The Web server receiving the packet can only identify the jondo that last forwarded the packet; it cannot deduce the packet's true origin. Return traffic follows the same randomly generated path in the reverse direction.
|
From page 173... ...
CONCLUSION As the discussion in this chapter demonstrates, ongoing efforts to enhance the capabilities of the Internet will produce many benefits for the health community. They will provide mechanisms for offering QOS guarantees, better securing health information, expanding broadband access options for consumers, and protecting consumer privacy.
|
From page 174... ...
1997a. For the Record: Protecting Electronic Health Information.
|
From page 175... ...
1998. "Anonymous Connections and Onion Routing," IEEE Journal of Selected Areas in Communication 16~4~:482494.
|
From page 176... ...
12. The charter of the Integrated Services Over Specific Link Layers working group of the IETF is available online at |
From page 177... ...
23. Participating organizations in the HealthKey initiative are the Massachusetts Health Data Consortium, the Minnesota Health Data Institute, the North Carolina Healthcare Information and Communications Alliance, the Utah Health Information Network, and the Community Health Information Technology Alliance, based in the Pacific Northwest.
|
Key Terms
This material may be derived from roughly machine-read images, and so is provided only to facilitate research.
More
information on Chapter Skim is available.