The Internet has great potential to improve Americans' health by enhancing communications and improving access to information for care providers, patients, health plan administrators, public health officials, biomedical researchers, and other health professionals. Ongoing research and development (R&D) efforts, such as the federal government's Next Generation Internet (NGI) initiative and the complementary Internet 2 program of the private sector, could help to realize that potential. Such efforts promote the creation and deployment of new networking technologies to enhance the Internet's capabilities, enabling a growing range of applications in health and other sectors. But what technical capabilities do health applications demand of the Internet? How do these capabilities differ from those needed by applications in other sectors, such as banking, defense, and entertainment? What types of experiments and demonstrations should be undertaken now to learn quickly about the requirements and benefits of different health applications of the Internet? And how can the health community ensure that its needs are considered within the networking research community and in standards bodies that are defining future capabilities?
Questions of this nature prompted the National Library of Medicine (NLM) to request a study by the Computer Science and Telecommunications Board of the National Research Council that would evaluate the technical capabilities demanded by health applications of the Internet. As the health community's primary representative in the NGI initiative and a longtime supporter of R&D focusing on health applications of informa-soft
tion technology (IT), NLM sought advice on which capabilities should be deployed in the NGI testbed networks and, ultimately, the Internet. It recognized that the potential for health applications of the Internet had contributed to policy discussions of information infrastructure for several years but that progress in realizing that potential had been slower than in other economic sectors. This report responds to the NLM request by examining applications of the Internet in six health-related areas: consumer health, clinical care, health care financing and administration, public health, professional education, and biomedical research. It draws on a series of visits by members of the committee to organizations that are actively designing, developing, and in some cases operating networked applications. It identifies the technical capabilities that these applications demand of supporting networks and makes recommendations regarding the capabilities that need to be deployed to enable the health community to take fuller advantage of the Internet. It also identifies additional work that is needed to develop complementary and appropriate information technologies, such as tools to help consumers evaluate the quality of the information they find on the Internet and access controls to reliably limit Internet users' ability to access resources such as patient medical records.
But the report does not focus exclusively on networking technologies, since the capabilities needed in networks are intertwined with other technical, organizational, and policy considerations. As the committee learned during its site visits, an adequate communications infrastructure is not the only prerequisite for expanded Internet use within the health community. Efforts are also needed to surmount organizational and policy impediments to the adoption of the Internet and Internet-based applications. At present, health care organizations are ill prepared to deploy Internet-based applications, because they lack information upon which to base investment decisions, face an uncertain financial environment, and have difficulty attracting the talent needed to design, develop, and implement such applications. A number of public policy issues, ranging from concerns about patient privacy to the lack of payment mechanisms for some medical consultations delivered remotely, also stand in the way of greater deployment of Internet applications. All of these issues need to be addressed if health organizations are to take advantage of the capabilities offered by an enhanced Internet.
Health Applications of the Internet
The most visible examples to date of the Internet's role in health-related activities are in the consumer domain. Tens of thousands of sites on the World Wide Web (the Web) offer information on health topics, and a growing number of companies have established Web sites to providecontinue
consumers with information on specific diseases, therapies, and healthy lifestyles. Some sites allow consumers to evaluate risks to their health, manage chronic medical conditions, purchase health-related products, pose questions to health professionals, or engage in discussions with other consumers. These systems take advantage of the Internet's broad, public reach to engage significant portions of the online population, often with information that is specially tailored to their needs. An estimated 30 million users searched for health information on the Internet in 1999 alone, and in 1998 consumers and studentsas opposed to practitioners and researchersaccounted for roughly 30 percent of the use of the NLM's MEDLINE system, which contains references to millions of journal articles (Lindberg, 1998).
Although health-related Web sites garner considerable media attention, they represent only a small sampling of the ways in which the Internet can be used in health, itself a large sector embracing health care, public health, health education, and biomedical research. Because the Internet, in theory, can link all the participants in the health community, it can be used to improve consumer access to health information and health care, to enhance clinical decision making and improve health outcomes by making better information available to clinicians on demand, and to reengineer the processes of care to make them more efficient. The Internet can also be used to improve the education of medical professionals, enhance public health surveillance, and facilitate biomedical research. In each of these domains, specific applications can be envisioned in which the Internet is used to transfer text, graphics, or video files (and even voice); control remote medical or experimental equipment; search for needed information; and support collaboration, in real time, among members of the health community (Table ES.1). For example, the Internet could do the following:
• Enable consumers to access their health records, enter data or information on symptoms, and receive computer-generated suggestions for improving health and reducing risk;
• Allow emergency room physicians to identify an unconscious patient and download the patient's medical record from a hospital across town;
• Deliver care instructions to a traveling businessperson who begins to feel chest pains while in a hotel room;
• Enable homebound patients to consult with care providers over real-time video connections from home, using medical devices capable of transmitting information over the Internet;
• Support teams of specialists from across the country who wish tocontinue
(table continued on next page)
There was a problem loading page 5.
(table continued from previous page)
There was a problem loading page 7.
plan particularly challenging surgical procedures by manipulating shared three-dimensional images and simulating different operative approaches;
• Allow a health plan to provide instantaneous approval for a referral to a specialist and to schedule an appointment electronically;
• Enable public health officials to detect potential contamination of the public water supply by analyzing data on nonprescription sales of antidiarrheal remedies in local pharmacies;
• Help medical students and practitioners access, from the examining room, clinical information regarding symptoms they have never before encountered; and
• Permit biomedical researchers at a local university to create three-dimensional images of a biological structure using an electron microscope a thousand miles away.
A number of these applications have been demonstrated in localized settings, such as individual hospitals or health care delivery systems. For reasons of technology, organizational capabilities, and public policy, many of them have yet to be deployed more broadly across the Internet or on private networks that rely on dedicated communications links. As a result, little is known about their costs and benefitswhether they would improve health or research capabilities, how much they would cost to implement, or whether they would reduce health costs if deployed on a larger scale. That kind of knowledge will require continued exploration and evaluation, as well as an understanding of how the economics of the large but decentralized health sector can influence the development of the Internet, driving decisions about which capabilities will be deployed, and when.
This report addresses a broad spectrum of health applications in an attempt to demonstrate the diversity of needs and the degree of commonality in the technical capabilities they require. It is intended to guide a faster realization of the Internet's potential for health, a potential that has eluded the health sector for too long. The report recognizes that the applications themselvesand the technical capabilities they demandare moving targets with uncertain trajectories. While today's demonstration programs hint at the kinds of capabilities that will be needed in the future, the evolutionary path of health applications of the Internet is unclear. Will, for instance, remote medical consultations become viable between any patient and any care provider connected to the Internet, or will this capability remain more localized in its reach and limited to patients and providers in the same health plan? The answer depends on technical, economic, social, and policy considerations that are difficult to predict, and different answers could drive the need for significantly different technical capabilities, as well as a different scale and scope ofcontinue
deployment. The report attempts to recognize these uncertainties and to derive conclusions that are reflective and cognizant of them.
The technical capabilities needed to support health-related use of the Internet vary considerably from one application to another. The relative importance of bandwidth, latency, availability, security, and ubiquity in six different classes of health application is shown in Table ES.2 (see Box ES.1 for a definition of the technical terms used in this report). For the most part, these considerations are common to Internet applications in other sectors, and that broader base increases the likelihood of affordable solutions. But in communicating with Internet researchers and technology developers, the health community (i.e., all those active in health-related activities, such as provision of care, public health, professional education, and biomedical research) can call attention to its need for particular attributes, and it can point out the characteristics of the health sector that differentiate its needs from those of sectors such as entertainment, defense, or finance.
For example, security is a primary concern in virtually all health applications of the Internet because the extreme sensitivity of personal health information demands high levels of confidentiality. Furthermore, the paramountcy of safetyindividuals' health and lives are at stake, after allrequires that information not be corrupted before, during, or after transmission across the network from one party to another. Although security is also important in many other Internet applications, including electronic commerce (e-commerce, itself a player in the evolv-soft
ing health environment), health applications pose special challenges, the solutions to which may lie in the computers attached to the network rather than in the network itself. For example, the exchange of electronic medical records, payment data, or prescription information demands that the identities of both the sender and recipient of the data be validated (authenticated) with high levels of assurance. Mechanisms for authenticating individuals that are more secure than passwords are not in widespread use across the Internet. This situation has not, however, impeded consumer-oriented e-commerce applications, because online vendorscontinue
have robust means of authenticating themselves to their customers' Web browsers (using electronic certificates provided by a handful of certificate authorities, as described in Chapter 3). Moreover, the vendors do not necessarily require strong authentication of users who present a valid credit card number: credit card companies and vendors who accept credit cards expect to incur some costs from fraud, and consumer losses are generally capped at nominal levels. By contrast, health has a low tolerance for losses and other kinds of mistakes: before an electronic prescription can be filled or a copy of an electronic medical record sent, the identity of the requester must be verified as rigorously as the identity of the supplier. The constantly shifting relationships among health organizations further complicate security considerations. Other aspects of security also present challenges in health applications, as outlined in Chapters 2 and 3 of this report.1
Network availability is also important in health applications of the Internet. High levels of availability are needed in mission-critical applications in many industries, and similar needs obtain in health: if insurance companies and managed care organizations are to rely on the Internet for claims processing, referrals to specialists, or checks on eligibility for particular services, they must be sure the network will be running when needed and that data will not be corrupted. But the health sector's need for high levels of network availability to and from a large number of possible locations can also be greater than in other sectors, because health, well-being, and even life may be at stake. If care providers are to use the Internet to access electronic patient records when treating patients in the emergency room, they must know that the network and the applications are operational 24 hours a day, 7 days a week. Accordingly, health applications add to the call for the Internet to be made resistant to malicious attacks and resilient in the face of failures of hardware, software, or human operators.
Many of the applications that can be envisioned in the health domain demand high levels of bandwidth or timely delivery of data, often for an extended period of time.2 Consider the case of remote medical consultations, which could make expert care more equitably available across the country, regardless of the location of the patient. Video consultations demand high-bandwidth connections (roughly 384 kilobits per second) in both directions between two communicating sites for the duration of the sessionas long as 30 minutes in some caseseven if one of the sites is a small medical practice or a patient's home. Although the backbone networks that make up the Internet have sufficient capacity to accommodate such needs, they cannot currently guarantee that adequate bandwidth and latency will be available whenever needed, because other traffic with unknowable bandwidth needs will also be traversing the network. Thesecontinue
types of applications therefore demand mechanisms for ensuring quality of service (QOS) across the Internet, whether by allowing users to subscribe to higher-end services (referred to as differentiated services, or diff-serv) or allowing them to reserve capacity on an as-needed basis (referred to as integrated services, or int-serv).
The Internet Engineering Task Force (IETF) has codified standards for both diff-serv and int-serv, but neither has yet been deployed across the Internet. Moreover, it is not clear that Internet service providers (ISPs) will deploy them in the near futureor in ways that support the health industry. For example, the highly decentralized nature of the health industry implies that health organizations will obtain their Internet service from many different ISPs rather than from a single provider. To provide QOS between the many different sets of communicating parties that are possible, QOS mechanisms would need to be deployed through the entire Internet, not just across a single ISP's network. However, mechanisms do not yet exist for supporting QOS (either diff-serv or int-serv) between ISPs, precluding the possibility of end-to-end QOS guarantees any time soon. Furthermore, the protocols for supporting int-serv will not necessarily scale sufficiently to allow their use across the Internet. The decentralized structure of the health industry makes it hard for health organizations to come up with viable business models whereby they can pay ISPs to deploy the kinds of QOS they need. Almost any solution to this problem will require the participation of the insurance companies and other third-party payers who finance health care in the United States.
Ubiquity of access is particularly important in health applications of the Internet because people in need of health care and related services can be almost anywhere. Indeed, the most significant advance in health care brought about by the Internet may prove to be better access for care providers, consumers, and administrators operating in relatively isolated environments. Although many near-term applications that extend to individual consumers do not require high-bandwidth connections, future applicationswhether remote medical consultations or the downloading of educational videoscould easily drive a need for ubiquitous, broadband access technologies. Of particular interest could be broadband technologies for residential access that provide sufficient bandwidth both upstream (from the end user to the Internet) and downstream (from the Internet to the end user). Most existing residential broadband technologiessuch as cable modems and digital subscriber line service using the telephone networkallocate much more bandwidth downstream than upstream, consistent with a view of the Internet as a mechanism for distributing content from a centralized source (such as an entertainment company) rather than facilitating collaboration and interaction among multiple participants.break
Organizational Barriers to the Adoption of Internet Applications
A handful of pioneering health organizations are developing and deploying innovative applications of the Internet, but such capabilities are diffusing slowly throughout the sectorin traditional care provider organizations, in particular. A number of factors have impeded the broader deployment of Internet-based systems within the health sector, including the structure of the sector itself. Despite some consolidation over the past decade, the sector is very diverse and decentralized and marked by local solutions to problemsit has been characterized as a ''trillion-dollar cottage industry." As a result, effecting wide-scale change can be difficult, as is achieving a unified voice on issues of technology and its application.
Further slowing adoption is a paucity of reliable information on the costs and benefits of Internet-based applications in operational settings. How much will Internet-based systems cost to deploy, operate, and maintain? How will they improve care and/or reduce costs? How well can Internet-based systems be integrated with legacy databases in large health care organizations? Health care professionals tend to be cautious in adopting unproven technologies because of the overwhelming need to ensure patient safety and positive health outcomes. Organizations that pay for health care (including traditional insurance companies and the Health Care Financing Administration, or HCFA, which processes Medicare and Medicaid payments) also want evidence of cost savings or medical effectiveness if they are to pay for services based on the new technology. Although Internet applications have been demonstrated to improve efficiency in some applications run across enterprises, Internet technology is still fairly new and untested in health care applications, making evaluations and comparisons difficult and prompting caution in the pursuit of Internet strategies.
Evaluating the costs and benefits of health applications of the Internet is made more difficult by the uncertainties surrounding the effects of Internet-based communications on relationships among the numerous entities involved in health care. For example, little is known about the ways in which the Internet will alter the traditional relationships among patients, primary care physicians (PCPs), medical specialists, and hospitals. Will the Internet change the way consumers seek care, enabling them to learn enough about their health to bypass PCPs and go directly to specialists, or will they be confused by all the information and need to consult their PCP more often? Will Internet-based care improve management of the chronically ill, and if so, how will it affect the cost structure of health care organizations? Restructuring may also be needed within indi-soft
vidual organizations. As has happened with other applications of information technology, Internet applications have been shown to alter work patterns within organizations in unanticipated ways. What types of skills will information systems staffs need to develop and implement Internet-based systems for health care? What types of skills will administrative staff and health professionals need to work with Internet-based health care systems? What type of training do intended system users need? Answers to these questions will come only after additional experimentation and evaluation.
Internet applications also tend to demand new (or modified) organizational policies and procedures. For example, when should electronic mail (e-mail) be used between patients and care providers? What types of liability does an organization assume for the quality of the information that is relayed in the online discussion groups it hosts? How can patient privacy be protected in electronic transactions, and what balance between security and access is acceptable to consumers who want online access to their health records? Progress is being made on a number of these issues (e.g., the American Medical Informatics Association has developed a set of guidelines for clinical uses of e-mail, and the Department of Health and Human Services has promulgated draft regulations governing the privacy and security of electronic health information), but new issues continue to arise and managers of health organizations are struggling to keep up, at times slowing the broader deployment of new applications.
Public Policy Issues
Public policy influences the ways in which health organizations can use the Internet to achieve their goals. For example, state-based practices for licensing health care professionals and resolving malpractice suits hamper efforts to provide remote medical consultations across state lines. Uncertainties over evolving federal regulations for the privacy and security of electronic health information continue to deter organizations from implementing systems for sharing health records or administrative and financial information across the Internet. Other issues, such as the protection of intellectual property contained in materials developed for educational purposes, affect a broad base of constituents, including some in the health community. So does the issue of unequal access to the information infrastructure, the so-called digital divide. Reports show that people in different geographic regions and socioeconomic classes and with different levels of educational attainment have considerably different degrees of access to the Internet (NTIA, 1999). Such differences are alarming in a number of contextsthe delivery of government services and educational opportunities among thembut take on added significance in a healthcontinue
care setting, where limited access to the information infrastructure could exacerbate the existing differences in access to quality health care. Furthermore, many of the near-term remedies proposed for enhancing Internet access for the general publicsuch as the wiring of schools, libraries, and community centersdo not necessarily translate well to health care, because consumers may be reluctant to conduct transactions in public settings and may need access outside normal business hours. Policy issues such as these have to be resolved if health applications of the Internet are to become more pervasive and more effective. Their resolution will require the health community to become more actively engaged in the policy-making process to ensure that health-related interests are addressed.
Evolving the Internet to Meet Health Needs
Before Internet use can become widespread throughout the health community, action is needed in four areas: (1) research on, and the development and deployment of, technologies suitable for health applications of the Internet, (2) continued demonstration and evaluation of health applications of the Internet, (3) educational needs of health care organizations and their workers, and (4) resolution of policy issues that impede the use of the Internet in health applications. The committee's recommendations are intended to guide efforts in each of these areas, and progress is needed in all of them. As a group, the recommendations recognize that what differentiates health from other sectors is the juxtaposition of exacting technical requirements with a vast geographic expanse and a highly decentralized industrial structure and economic base. This combination exacerbates the difficulties arising from the failure to articulate technology needs or to devise means to ensure that needed services are provided. By advocating the needs of a broad constituency, NLM can provide timely leadership in enhancing the Internet for health.
Research, Development, and Deployment of Technical Capabilities
Broadening the utility of the Internet for health applications demands that the Internet possesses the necessary technical capabilities. This can be done by deploying the technologies that will soon be available for improving security, availability, QOS, and ubiquity across the Internet and by continuing to research and develop improved capabilities over the long term. Efforts must also be made to ensure that the health community's needs are relayed to the networking research community and that advances are made in complementary technologies that will enable health organizations to take advantage of the networking infrastructure. Thesecontinue
efforts need to reflect the many uncertainties surrounding health applications of the Internet and their technical needs.
The health community should ensure that technical capabilities suitable for health and biomedical applications are incorporated into the testbed networks being deployed under the Next Generation Internet initiative and eventually into the Internet.
As a first step toward enhancing the Internet to support health applications, the health community should push to have the capabilities described below deployed in the testbed networks being constructed under the federal government's NGI initiative. Without these capabilities, future health applications could be thwarted or delayed and the opportunities the Internet offers could be lost. While the entire nation has a stake in ensuring that these capabilities are deployed, it is the health community itself that is in the best position to identify the capabilities it needs, to communicate them to the network research and development community, and to help shape the business case that will impel their deployment. The networks being deployed under NGI will support a range of experimental health applications, such as remote medical consultations, collaboration among practitioners and researchers, and access to online repositories of information (see Appendix B for a listing and brief description of ongoing NLM projects). The testing of technical capabilities in these testbed networks will provide an opportunity for evaluations and refinements that will be incorporated into the demonstration projects, enabling the health community to better assess the capabilities its applications demand. Those that prove effective should be deployed in the public Internet as they become more stable. These technologies are described in more detail in Chapters 3 and 6 of the report.
• Quality of service. QOS protocols should be deployed across the NGI testbed networks so that users are guaranteed access to needed capabilities (e.g., bandwidth and latency). A number of academic medical centers will have access to the NGI via their universities and have received funding for projects to demonstrate a variety of applications that demand high bandwidthfrom remote medical consultations to real-time transmission of high-resolution radiological or biological images. The deployment of differentiated services would allow users to experiment with premium services that could eventually be offered across the Internet. The deployment of integrated services would allow further experimentation with protocols for reserving capacity as needed for particular events and would allow further evaluation of the scalability of existing proto-soft
cols. By experimenting with these protocols, users may be able to better understand the specific capabilities required and devise business models that will support the deployment and effective use of the new protocols across the public Internet.
• Security. Both Secure Socket Layer (SSL) encryption and IPSecurity (IPSec) should be deployed in the NGI testbed networks to allow the continued evaluation of different modes of securing transactions across the Internet. Although SSL is already in widespread use across the Internet, the broader deployment of IPSec would provide a complementary means of protecting information exchanges among organizations, and it might prove effective for financial and administrative exchanges among affiliated organizations. Before either of these protocols (especially SSL) can be used successfully in health applications, a public key infrastructure must be established, along with the technical mechanisms needed to support stronger authentication of all parties involved in transactions across the Internet. Such mechanisms are generally lacking across the Internet, although there are enclaves where they are used in the private sector and within the federal government. More research is needed to develop means of authenticating large numbers of users, many of whom need to communicate securely despite having no established relationships.
To ensure that the Internet evolves in ways supportive of health needs over the long term, the health community should work with the networking community to develop improved network technologies that are of particular importance to health applications of the Internet.
Continued research will be needed to make the Internet even more capable of supporting healthand otherapplications in the long term. The technologies of most interest to the health community include the following:
• More readily scalable techniques to guarantee bandwidth on demand. Existing protocols for providing QOS on demand across the Internet, such as the integrated services model, may not scale sufficiently to allow widespread use. To enable applications such as remote consultation, new protocols will be needed.
• Stronger forms of authentication. Continued effort will be needed to find ways of identifying participants in Internet transactions, including participants who have not previously communicated with each other. The new techniques will need to scale to cover all Internet users and be simple to administer. Work on smart cards, token-based authentication,continue
and biometric authentication devices should be pursued. This kind of R&D may fall under two headingshigh-confidence systems and NGI researchwithin the federal government's portfolio of information technology research programs.
• Symmetric or dynamically reconfigurable broadband technologies for the last mile. Users of residential-grade access technologies (e.g., cable modems and digital subscriber lines) will need either access to a more balanced allocation of bandwidth into and out of their homes or the capability to reconfigure the allocation as needed to support applications such as remote medical consultations, which could extend to many small health clinics, places of employment, and patients' homes.
• Hardened quality-of-service guarantees. Mechanisms will be needed to ensure that critical applications in health (and other sectors) do not lose QOS guarantees except in extreme circumstances, such as a major network outage. One area of interest is techniques for rapid reconvergence after link failures to ensure that new paths across the Internet are found quickly in the event that a particular link fails. Many parties and sectors want QOS guarantees, and many Internet users are responding to offers by large ISPs who make such guarantees within their own large networks. The challenge for health (which serves a dispersed national population) is finding a way to improve QOS and availability of service across multiple ISPs.
• Disaster operations. Techniques are needed for delivering mission-critical, health-related traffic even in a major natural or man-made disaster.
The National Library of Medicine should forge stronger links between the health and networking research communities to ensure that the needs of the health community are better understood and addressed in network research, development, and deployment.
The diverse and decentralized nature of the health sector impedes the development of a unified voice through which it can express its needs to those involved in networking research, development of Internet standards (e.g., by the IETF), and deployment of Internet services. The NLM, by virtue of its leadership in health informatics, could play a more pronounced role in this area, actively forging links between the health and networking communities, which have historically had limited interaction. This could be done in several ways, perhaps by providing special funding to recipients of NLM grants and contracts that would support their participation in conferences and meetings of the networking community or by funding projects that explicitly involve researchers from the health and networking communities. Additional activities would undoubtedlycontinue
be needed to help the health community find ways to more effectively identify and communicate its needs to the networking community. An ad hoc task force could be set up to explore additional ways to accomplish this goal. The NLM itself could work more closely with the networking community, leveraging its long-standing attention to information technology development and speaking for the health sector as a whole. It could also serve as a focal point for contact with ISPs, the business entities responsible for deploying the capabilities that would benefit health. It could advance the perspective that health is a leading example of a peer-to-peer application (as opposed to the more asymmetric application associated with many other kinds of content distribution) that requires advanced networking services from the Internet, helping create a more unified voice for the decentralized health sector.
The National Institutes of Health and its component agencies should fund information technology research that will develop the complementary technologies that are needed if the health community is to take advantage of the improved networking technologies that can be expected in the future.
Health applications of the Internet pose a number of challenges for information technology research on topics other than networking. The National Institutes of Health and its constituent centers and agencies should pursue research in those areas that are of particular importance to the health community, such as (1) validation of information retrieved from the Internet, (2) tools for protecting the anonymity of Internet users, (3) access controls governing the ability of many different types of users to access different resources on the network, (4) controls on the secondary distribution of information, (5) improved capabilities for auditing the logs of accesses to databases and information, (6) QOS policies that are suitable for health and health care applications, and (7) applications that are alert to QOS offerings and that use them appropriately. Other technical needs will undoubtedly emerge as new applications are developed and gain acceptance within the health community. The constantly changing context of the Internet implies that the set of applications will evolve and that the need for research will remain.
Demonstration and Evaluation of Health Applications
Continued experimentation and evaluation will be key to the development of a better understanding of the types of health applications that may become popular on the Internet and of the technical capabilities theycontinue
demand. Through demonstrations of applications such as remote consultation, remote control of experimental equipment, and online access to electronic medical records, members of the health community will gain an opportunity to examine the relative costs and benefits of these applications, the business models needed to support them, and the organizational policies needed to govern their use. A number of public and private organizations have supported programs to allow these types of demonstrations. Such efforts need to continue as new Internet technologies become available and new applications are envisioned. Demonstrations will serve as venues for continued identification of technical needs that the networking community can address and other problems and issues for the health community to resolve. The process will be increasingly important to the health community if it is to establish a dialog with the Internet community about evolving needs and technical requirements and if it is to leverage that dialog to grow capabilities from the confines of a demonstration to widespread deployment. To provide information that will inform this dialog, a number of parallel efforts will be needed, as recommended below:
The Department of Health and Human Services should fund pilot projects and larger demonstration programs to develop and demonstrate interoperable, scalable Internet applications for linking multiple health organizations.
Pilot projects are needed to explore the full range of health uses of the public Internet, particularly projects that link multiple distinct organizations in an operational context. They could include projects to allow the patients of one organization to obtain remote consultations with specialists at other organizations or to allow the transmission of financial and administrative information among organizations that provide, pay for, and manage health care. Few health care organizations have a strong incentive to implement such systems on their own, given the significant uncertainties surrounding the effectiveness of different Internet-based systems in health care, the fragmented and proprietary nature of the industry, and the scale at which such systems would need to be built. Federal funding could play an important role in stimulating such work, especially if it focused on applications that link multiple organizations.
Federal agencies such as the Department of Veterans Affairs, the Department of Defense, the Health Care Financing Administration, the National Institutes of Health, and the Indian Health Service should serve as role models andcontinue
testbeds for the health industry by deploying Internet-based applications for their own purposes.
Federal agencies that operate large-scale health care programs should, whenever possible, attempt to be leading-edge users of Internet technologies. By doing so, they could not only demonstrate the feasibility of deploying different health applications but also provide a testbed for developing needed standards and supporting technologies. The Department of Defense already has a sizeable program under way for delivering health care at a distance (i.e., telemedicine), the Department of Veterans Affairs has a network of hospitals that share patient information as needed, and the HCFA processes Medicare and Medicaid claims. Each of these programs, as well as those of the Indian Health Service, could serve as a testbed for Internet applications while helping to fulfill important government missions. Additional support might come from other ongoing efforts to reengineer federal activities.
Health organizations in industry and academia should continue to work with the Department of Health and Human Services to evaluate various health applications of the Internet in order to improve understanding of their effects, the business models that might support them, and impediments to their expansion.
Work is needed to evaluate the effectiveness of different forms of Internet-based health care and to compare their effectiveness against applications run across different network infrastructures. Health care organizations have little evidence or data on which to base their decisions about Internet strategies. Because such evaluations would benefit a wide range of health-related organizations, not just those directly involved in the studies, active federal support would be justified.
Public and private health organizations should experiment with networks based on Internet protocols and should incorporate the Internet into their future plans for new networked applications and into their overall strategic planning.
By using networks that incorporate Internet protocolswhether the Internet protocol suite per se or those associated with the Webhealth organizations could gain a better understanding of the capabilities and trade-offs inherent in the use of the Internet for health applications without exposing themselves to the associated risks and uncertainties. Usingcontinue
these protocols locally would also prepare health organizations to take better advantage of the Internetand the continued advances in its abilitiesonce technical tools are in place to make it safer and reliable enough for health applications.
Addressing Educational Needs
Wider deployment of Internet-based applications in health care will require that organizations in the health sector adopt, adapt, and extend Internet technologies to fit their missions and develop the internal capabilities to do so. The Internet promises to radically transform the provision of health care and the education of health professionals, and organizations that fail to take steps now may find themselves ill prepared when improved Internet technologies become available. To make better use of the Internet, health care organizations will also have to learn how to evaluate the benefits of Internet technologies and develop effective policies for guiding their use, just as they had to learn how to use earlier and more localized forms of information technology, an effort in which the health care system is still lagging. Efforts are recommended in three areas:
Professional associations with expertise in health issues and information technology should work with health care organizations to develop and promulgate guidelines for safe, effective use of the Internet in clinical settings.
Part of the challenge of Internet use in health care is the development of suitable policies, practices, and procedures to guide its use. For example, how should providers handle e-mail from patients to ensure timely responses, maintenance of patient confidentiality, and the incorporation of necessary information into the medical record? How can care providers be sure of the identity of a patient to whom they are sending e-mail? What is the role of a health care organization in monitoring discussion groups that operate under its initiative or that of affiliated care providers? Health care organizations have little experience upon which to base such policies, but they can learn from each other's experiences. Professional associations have a significant role to play in helping define industrywide guidelines for safe, effective use of the Internet. The American Medical Informatics Association has developed guidelines for clinical uses of e-mail (Kane and Sands, 1998). Similar guidelines on other topics would support industry efforts to develop Internet-based systems.
Government, industry, and academia should work together and with professional associations withcontinue
experience in health and information technology to educate the broader health and health care communities about the ways the Internet can benefit them.
One obstacle to the greater use of the Internet in health care is that health workers at all levels (care providers, administrators, and information systems staff) do not fully appreciate the ways in which the Internet can improve the provision and administration of health care. The growing amount of publicity for e-commerce and even consumer-health-information Web sites does not translate into the kinds of institutional and procedural changes that would make the most of Internet capabilities in health care. Educational outreach programs would create a more receptive audience for new technologies. Academic health centers and professional associations have unique capabilities to educate members of the health community.
The Department of Health and Human Services should commission a study of the health information technology workforce to determine whether the supply of such workers balances the demand for them, to identify the kinds of training and education that workers at different levels will need, and to develop recommendations for ensuring an adequate supply of people with training at the intersection of information technology and health.
The process of developing, deploying, and evaluating health applications of the Internet demands workers with a solid understanding of the Internet, of other information technologies, and of the processes involved in health care. The policy community has already expressed concern about a perceived shortage of skilled information technology workers.3 Anecdotal evidence indicates that similar concerns may apply to the field of health informatics, and in June 1999 DHHS announced its Biomedical Information Science and Technology Initiative, which would boost the pipeline of people educated as computational biologists. However, there is little documentation with which to evaluate these concerns or to project the types of IT skills that workers at different levels within a health organization will need. Additional study would be required to determine the extent of the problem and the best way of solving it.
Resolving the Policy Issues
Public policy issues that impede Internet-based activities in health, health care, and biomedical research need to be addressed. These includecontinue
issues specific to the provision of health care services over the Internet, such as payment for services, professional licensure, and liability, as well as issues of patient/consumer privacy, intellectual property protection, and equitable access that extend far beyond the health domain. Such issues could stand in the way of use of the Internet in health care and in the education of health professionals. Accordingly, although the committee was not constituted with the range of expertise needed to make recommendations for solving these problems, the report offers the following recommendation for advancing the debate on these policy issues:
The Department of Health and Human Services should more aggressively address the broad set of policy issues that influence the development, deployment, and adoption of Internet-based applications in the health sector.
Ensuring that the Internet evolves in ways that meet the needs of the health care community and enabling the health sector to better take advantage of these capabilities will require the continuous coordination of many independent activities and stakeholders in the public and private sectors. The concerns and needs of the health community must be reflected in efforts to resolve national policy issues such as intellectual property protection, privacy, and access to information infrastructure, and specific efforts are needed to ensure that policy issues of concern only to the health community, such as licensure of care providers, payment policies, federal funding for health informatics research, and the supply of health information technology workers, are addressed. While many of these issues are being addressed by various elements of the federal governmentincluding agencies within DHHSother issues have seen little input from the health community. The constituent agencies of DHHS vary in the importance they attach to these policy issues and in their approaches to resolving them. Strong, stable leadership is essential to keep these policy-related activities focused and sustained.
DHHS should assert itself more aggressively in this arena. Private-sector organizations also have significant leadership roles to play, but their effectiveness in bringing about industrywide change can be limited because the private sector is so highly decentralized. DHHS is not the only federal agency with responsibilities in health (the Department of Veterans Affairs, the Department of Defense, the Indian Health Service, and the National Aeronautics and Space Administration all have health-related programs), but the breadth of its programs and its mission argues for it to play the lead role within government for coordinating Internet-related activities, especially as they relate to the health community.break
The establishment of a data council within DHHS and the realignment of the National Committee on Vital and Health Statistics into an advisory committee on health data, statistics, and national health information policy are positive steps that should be built upon. They have enabled DHHS to make significant strides in policy areas such as the development of regulations for protecting electronic health information. There are other roles for DHHS to play in this effort: (1) providing strategic leadership for Internet-related efforts within the department and its constituent agencies (this would include the use of the Internet in support of department and agency missions) and coordinating them with those of other federal agencies, (2) convening public and private bodies to identify, examine, and propose mechanisms for addressing issues related to the Internet and health care, (3) exploring cross-cutting issues that affect many health agencies and developing programs for addressing them (e.g., implementing a public key infrastructure that would support a range of federal health activities), (4) encouraging federal health agencies to share information and perspectives on their many responsibilities and interests, including the provision of care, payment for care, monitoring of care, health-related research, and public health, (5) advancing national debate about key information technology issues that affect health care, including the technical, organizational, and policy issues identified in this report, and (6) creating the organizational structures needed to ensure that issues at the nexus of health and information technology are identified and addressed promptly and efficiently. Although these activities will not by themselves resolve the issues, they will set in motion processes that can lead to a resolution.
These recommendations are intended to help the nation move forward on technical, organizational, and policy fronts so that it can reap the benefits of the Internet for health applications. Additional work will be needed to identify other networking technologies of interest to the health community and to ensure that related information technology needs are met. This report prescribes the actions needed now to develop a truly healthy Internet in the future.
Kane, Beverley, and Daniel Z. Sands. 1998. ''Guidelines for the Clinical Use of Electronic Mail with Patients," Report for the AMIA Internet Working Group, Task Force on Guidelines for the Use of Clinic-Patient Electronic Mail, Journal of the American Medical Informatics Association 5(1). Available online at <http://www.amia.org/pubs/pospaper/positio2.htm>.break
Lindberg, Donald A.B. 1998. Fiscal Year 1999 President's Budget Request for the National Library of Medicine. National Library of Medicine, Bethesda, Md., March 18. Available online at <http://www.nlm.nih.gov/pubs/staffpubs/od/budget99.html>.
National Telecommunications and Information Administration (NTIA). 1999. Falling Through the Net: Defining the Digital Divide. U.S. Department of Commerce, Washington, D.C.
1. As an example, a large number of individuals may have legitimate needs to review a patient's medical records, making the determination of access rules extremely complicated. In an emergency room situation, information may have to be accessed by a care provider with whom the patient has had no prior relationship, perhaps even at a hospital the patient has never visited.
2. Timeliness is not critical in many health care functions, such as when information is transmitted for review at a later time. But in some cases, such as acute trauma and remote consultation, timeliness can be important.
3. CSTB has a project under way to examine issues related to the information technology workforce. Information is available online at <www.cstb.org>.break