Conclusions and Recommendations
Ensuring that the Internet becomes a suitable, ubiquitous medium for supporting health applications is a challenging task. Not only must the Internet provide connectivity among the participants in health-related information transactions, but it must also ensure that such transactions can occur predictably, efficiently, and without endangering patient safety. Consumers must be able to determine the quality and provenance of the information they retrieve from the Internet. Care providers who access patient records remotely must be assured that the network will be available when and where needed. Administrators must be sure that bill payment and enrollment information is not corrupted as it crosses the Internet. Without proper security protections, use of the Internet to transmit medical records could make personal health information more susceptible to breaches of confidentiality and loss of integrity. Without adequate assurances of network reliability and quality of service (QOS), use of the Internet for remote monitoring of patients, controlling remote medical equipment, or conducting remote medical consultations could impair rather than facilitate the delivery of quality health care. Addressing these concerns demands efforts in many areas, both technical and nontechnical.
This chapter summarizes the committee's main conclusions and recommendations for making the Internet capable of supporting a wide range of health applications. Drawing upon the material presented in Chapters 2 and 3 of this report, it identifies the technical capabilities the Internet must possess in order to provide the security, reliability, andcontinue
quality of service that health care applications demand. But it does not stop with recommendations on technical requirements. It also discusses the policy and organizational issues that must be resolved to make the health community more capable of adopting Internet applications in both the short and long term. The capabilities the Internet offers to consumers, care providers, public health officials, health care administrators, and researchers promise to reshape the landscape of the health sector. Accommodating these changes will require actions within individual organizations and across them, enlisting the support of technologists, practitioners, legislators, and the general public. This chapter, accordingly, makes recommendations in areas ranging from identification of the needed technical capabilities of the Internet to specification of the organizational and policy issues that constrain its use in health applications. The recommendations are targeted at policy makers, the networking research community, researchers in health-related fields, health care administrators, and managers of health-related organizations. Taken together, the recommendations aim to provide guidance both on short-term measures that can set the process in motion and on long-term and continuing needs in communications, information technology, and health care.
The Internet can support a wide range of applications in consumer health, clinical care, health care financial and administrative transactions, public health, professional education, and biomedical research. The networking capabilities needed to support these applications are not unique, but they do reflect distinctive characteristics of the health environment.
In each of the domains examined by the committee, the Internet could be used to facilitate communications among parties in ways that can improve quality and efficiency. For example, in the clinical care domain, care providers already use the Internet to search the professional literature for information on particular diseases or to examine evidence-based practice guidelines for managing a particular disorder. As ongoing projects demonstrate, the continued research, development, and deployment of Internet applications will allow care providers to more routinely access electronic medical records held by an affiliated health care organization or to interpret medical images (such as mammograms) sent to them from a remote mammography center. They will be able to offer remote medical consultations to patients in rural areas or to adjust settings on remote dosimetry equipment or pacemakers without establishing fixed, dedicated connections between sites. They will increasingly participate incontinue
online discussions with other care providers to consult on particular cases, sharing medical records and images as needed.
The success of any of these applications depends on a variety of factors, including their cost-effectiveness, ease of use, and ability to improve on existing processes. While some applications are already being used in operational environments across networks other than the Internet, many represent new capabilities that have no parallel on other networks or that have not been fully implemented on a large scale, such as remote medical consultations. As a result, not enough information has been gathered to allow evaluation and comparison, and continued experimentation will be needed to explore and evaluate their true potential, their technical needs, and their real-world operational requirements. A preliminary assessment (Table 6.1) shows a diversity of technical needs, with some commonality, at least within a particular domain (e.g., clinical care, public health) or class of application (e.g., real-time video, file transfers, collaboration). Consumer applications, for example, tend to demand high levels of security to protect confidentiality; clinical applications require a combination of security (to protect confidentiality and data integrity), reliability, and QOS. Virtually all collaborative applicationsregardless of whether they are in clinical care, public health, biomedical research, or other domainsdemand high levels of QOS, and file transfers in any health application tend to strain technologies for authenticating the identity of communicating parties. Determining which technical capabilities health applications will demand must be viewed as an ongoing process as workers envision, develop, and evaluate new applications.
The technical capabilities demanded by a number of health applications of the Internet exceed those provided by the current Internet, but they are not necessarily unique. Applications in other sectors (e.g., defense, entertainment, financial services) also require better security, reliability, and quality of service. However, when these technical characteristics are combined with factors such as the distributed nature and economic structure of the health industry and the constraints of operating in a health care environment, it can be seen that health does occupy a distinct, if not unique, position. Solutions to problems of authentication and QOS, for example, must scale sufficiently to support the activities of numerous independent health organizations and hundreds of millions of potential users. This argues for full participation by the health care community in defining the research agenda and contributing to its resolution, as the Internet moves forward with new architectures and technical capabilities.
Security and availability are critical technical needs for health applications of the Internet and are not adequately met by today's Internet.break
(table continued on next page)
There was a problem loading page 239.
(table continued from previous page)
There was a problem loading page 241.
All applications that involved the transmission of personal health information (such as data contained in electronic medical records, claims for payment, prescriptions, or public health reports from testing laboratories) demand that information be kept confidential. Furthermore, virtually all applications in consumer health, clinical care, health care financial and administrative transactions, public health, and biomedical research require that the integrity of information be assured and maintained both during and after transmission. Meeting these requirements demands a variety of technical supports (as well as policies governing the disclosure of information), including suitable encryption of information during transit and rigorous authentication of both the source and the recipeint of information. Access controls are also required to ensure that users can view only the information they are authorized to see; auditing technologies are needed to ensure that successful attempts to circumvent access restrictions are identified so that violators can be punished.
The need for data protection and access control is acute in health applications because some personal health information is extremely sensitive. Not only can loss of confidentiality cause embarrassment and social stigmatization, but personal health information can affect an individual's employment and insurance coverage, especially for people with private insurance or who work for self-insured organizations. Moreover, once health information is divulged, its confidentiality cannot be regained; there is clearly a difference between the prospect of losing $50 when one's credit card number is stolen and losing privacy when one's HIV status is revealed to friends and co-workers. Confidentiality problems are compounded in health care because many people have a legitimate need to see sensitive patient information. These include workers involved, for example, in the provision of care, payment for services, and filling of prescriptions. In additoin, legitimate access may be needed by someone with whom the patient has had no previous relationshipperhaps a physician at an institution that the patient has not visited before (e.g., in an emergency room situaton).
Although technologies have been widely deployed for encrypting information transmitted across the network (e.g., Secure Socket Layer encryption), technologies for authenticating the identity of users at both ends of a transaction are not in widespread use, especially among consumers. This approach is effective in electronic commerce applications because most vendors can obtain certificates to authenticate themselves to consumer Web browsers, but despite some early efforts no effective mechanism yet exists for providing authentication devices in large numbers to consumers, including patients. This is not an impediment to electronic commerce because most merchants are willing to authorize a transaction once a valid credit number is presented, but an artifact such ascontinue
a credit card may not be suitable to allow access to an online health record. In telemedicine applications or the retrieval of medical records, a compelling need exists to identify the end user reliably. There are comparable circumstances in which an authenticated third party needs to gain access to information via the Internet, such as an emergency room physician accessing a patient's health record that is stored at another institution connected to the Internet.
In addition to security, high levels of network availability are needed to support many health-related Internet applications, particularly in clinical care, in finance and administration, and in public health. Health care organizations must be assured that the network will be available almost around-the-clock if they become dependent on using the Internet for accessing electronic medical records, for remote monitoring of patients, or for clinical decision support. Payers and administrators will also demand high levels of availability if they are to use the Internet instead of private networks for important transactions. The network must be made robust against failure and against hostile attacks, whether directed at its physical infrastructure or at denying its services to end users by flooding its capacity (denial-of-service attacks).
The need for security and availability is compounded by the fact that in many clinical applications of the Internet, human life and health may be at risk. Errant decisions based on incorrect informationwhether in diagnosing a condition or filling a prescriptioncan be harmful or fatal. Hence, ensuring data integrity and properly authenticating individuals are even more important than in many other spheres of application. Inability to access patient information (such as from an electronic medical record), to complete a distant consultation, or to control remote monitoring and dosimetry equipment can also undermine the quality of care and, thus, the health of the populace. Internet-based applications, including the physical networks on which they run, must be robust in the face of failures. A broken fiber-optic cable should not prevent an application from running when an alternative path exists. Remotely controlled instruments should not perform any damaging action if they lose contact with the controller as the result of a network interruption. Guarantees of network performance must be extremely robust in order to prevent statistically unlikely events from having serious consequences.
The quality of service needed by a number of high-end health applications will not necessarily be deployed soon across the Internet in a form that meets the needs of the health industry.break
A number of potential health applications of the Internet demand guarantees on the quality of service they get across the Internet. The need for QOS derives from the frequent need for smooth and responsive interactivity. For example, care providers engaging in remote video consultations with patients or other care providers need sustained access to high-bandwidth connectivity (roughly 384 kbps for simple interactions and 768 kbps for higher quality video) for the duration of the consultation. So do molecular biologists who wish to control visually an electron microscope located at a remote facility, or medical students who wish to practice a surgical technique using multimedia simulations that are available on remote servers, or groups of surgeons from different parts of the country who wish to collaborate in planning a difficult procedure. QOS is also needed for making practical the real-time exchange of large images, whether medical images such as X rays and mammograms or anatomical images for educational purposes. QOS would not only need to ensure that adequate bandwidth is available to provide timely delivery of images but would also need to offer real-time interaction to allow a primary care provider and a consulting specialist to point out specific items of interest in the image.
Whether the Internet will provide the needed capabilities in the near future is uncertain. The protocols currently deployed across the Internet for routing packets do not contain mechanisms to support guaranteed QOS; rather they provide best-effort service, in which packets are delivered as best the network's resources and traffic levels will allow. Internet service providers (ISPs) are attempting to improve service quality across their networks by deploying additional bandwidth, but this approach does not allow explicit guarantees to be made on bandwidth, latency, and jitter. Protocols have been developed to support different forms of QOS across the Internet (e.g., the differentiated service and integrated service models described in Chapter 3), but they have not yet been deployed, and even if deployed, they may not fully support health applications. For example, the differentiated services (diff-serv) standard does not include mechanisms for providing QOS guarantees for packets that must traverse the networks of different ISPs. Hence, individual ISPs may be able to offer improved QOS to customers attached to their networks, but they cannot provide guarantees related to traffic flows among organizations connected to different ISPs. Because the health industry is highly decentralized and individual care providers' offices may need to interact with a number of different managed care organizations, insurers, and other care providers, inter-ISP mechanisms will be important for health applications. The challenge of providing QOS in a health environment is further complicated by the extremely variable QOS needs of individual health organizations over time. The kinds of information exchanges in which ancontinue
organization engages typically vary considerably in the course of a day, from simple exchanges of information regarding a patient's coverage by a health plan, through transfers of medical records with affiliated organizations, to the exchange of large medical images for interpretation and diagnosis. The bandwidth needs of a small medical clinic could, accordingly, vary enormously during the course of a day, ranging from near nothing one minute to several megabits per second the next. Finding ways to satisfy such variable demand for bandwidth economically represents a significant challenge. The integrated services (int-serv) approach to QOS can support variable bandwidth needs through protocols for reserving capacity, but such protocols may not be sufficiently scalable to support widespread deployment across the Internet, as health applications could demand. Nor can it be assumed that QOS mechanisms that are optimized for content distribution (i.e., information flows that are predominantly one-way) will be effective for the more symmetric transactions typical of many health care applications.
Ensuring widespread access to the Internet is essential to achieving its promise in health applications.
One of the most dramatic effects of the Internet is its ability to engage patients and consumers more actively in health issues. As the amount of health-related information on the Web increases, patients become more actively involved in maintaining their health: seeking information related to specific ailments or topics of interest, discussing medical problems with peers in online chat groups, e-mailing care providers with questions regarding symptoms or treatments, assessing their health, scheduling appointments with care providers, and maintaining their own health records online. These actions are reinforced by a number of fundamental factors in the nation's health care system, including greater consumer choice in selecting among alternative health plans, concerns about the quality of care provided by health care organizations in an increasingly competitive environment, and pressures to shift the site of care away from the provider location and to the consumer's location and to shift from unilateral to shared approaches that bring patients into the decision-making process. All of these factors encourageand in fact requireconsumers to become more educated about their health and health care.
As these trends continue, the Internet will probably play a more central role in supporting the processes of health care, reinforcing the calls for expanding consumer access to Internet resources. Persistent inequalities of access to the Internet could exacerbate existing inequalities of access to health care. Strong social pressures exist to ensure some degree of equity in access to health resources. Recent statistics show that thosecontinue
most in need of health care and who could benefit most from Internet-mediated caresuch as those in rural and inner city areasare also those with the least access to the Internet. Furthermore, many of the local strategies used to expand access, such as the provision of Internet-enabled computers in libraries, classrooms, and community centers, may not be as effective in addressing consumer health needs. Access may be needed outside normal business hours (especially if the Internet becomes a medium for providing care or real-time advice on medical emergencies), and many users might feel uncomfortable researching or discussing personal health problems in a public venue. They will increasingly want such access in their homes and may come to view it as a necessary component of a comprehensive health care system.
Access concerns will not be limited to consumers, however. Care providers, too, will need simplified, high-speed access to the Internet for a range of information services and to provide clinical services. In rural areas, in particular, it is not always easy for local care providers to access the Internet, and they often need more advanced networking services than consumers do. As health education shifts its focus from hospitals and medical centers to local offices and remote-practice clinics (both for training students and residents and for continuing medical education), ensuring broad access to Internet resources will become increasingly important. The same Internet that delivers health care to the home and curriculum materials to students in the health professions (e.g., doctors, nurses, and pharmicists) can also deliver information resources for patient and consumer education. The issue of access becomes even more complex for health applications that demand high bandwidth, because broadband technologies are still not widely deployedespecially in places such as rural areas that could most benefit from remote consultations. Access concerns also have implications for quality of service. High QOS cannot be provided cost-effectively to all Internet traffic, and many applications do not require it. Cost is one mechanism that is generally considered as helping to control demand for high QOS capabilities, meaning that QOS could be limited to those who are willing (or can afford) to pay for it.
Technical advances are needed across many areas of information technology (not just networking) if the potential of the Internet is to be achieved in support of health applications.
Networking capabilities are not the only technical impediments to many health applications of the Internet. For example, there is great concern regarding the quality of health information on the Internet and the inability of many consumers to assess adequately the credibility of information provided on different sites. While a number of nontechnicalcontinue
approaches can be taken to rate the quality and provenance of information and to determine whether it comes from an authoritative source, there is considerable room for technological solutions as well. Other health applications demand different technological advances. Remote medical consultations (to rural medical clinics or the home, for example) will demand medical instruments (e.g., stethoscopes, blood pressure monitors, and respiration monitors) that are suitable for personal use and that can interface with home computing devices.
Health care organizations are ill-prepared to adopt Internet-based technologies and applications effectively.
A number of transformations in the health care industry are driving the use of the Internet as a medium for sharing information among providers, patients, and administrators. New Internet-based health companies are being established to offer consumers medical information, tools to help them to monitor their care more effectively, and other medical products and services. Existing organizations are using the Internet to alter their position, relationships, role, and power in the health care industry by moving into new areas, often ones that involve their reaching out directly to patients. The more innovative care organizations are providing customers with Internet-based resources to help them to better assess their medical needs and to seek appropriate advice. These trends reflect and reinforce ongoing attempts to reduce medical costs by reducing hospital stays and outpatient care, especially in the emergency room, and by promoting prevention through better monitoring of wellness, chronic disease, and behavior.
Nevertheless, the health care industry as a whole is ill-prepared to accommodate this change. Despite continuing consolidation among providers, insurers, and managed-care companies, health care is still largely a decentralized industry populated by diverse organizations with different motives, resources, and incentivesit is sometimes referred to as a ''trillion dollar cottage industry." It comprises thousands of hospitals and hundreds of thousands of physician's offices and includes academic medical centers, community hospitals, large physician groups, solo physician practices, home health agencies, health centers, and rehabilitation hospitals. Other participants are pharmaceutical companies, managed care organizations, and traditional indemnity insurance companies. This diversity brings with it different degrees of sophistication and a diverse set of challenges, resources, and missions but makes it difficult to speak with a unified voice or to adopt a critical mass of technology. Recent consolidation of the industry has somewhat improved the industry's ability to achieve critical mass more quickly, but much of the consolidation (e.g.,continue
the formation of integrated delivery systems that link different types of care provider organizations under a single organizational umbrella) tends not to remove the diversity as much as mask it behind single organizational identities.
Current fiscal constraintson care provider organizations, in particularfurther hinder the industry's ability to make major investments in information infrastructure and applications unless these investments can be shown to lead to significant and low-risk returns. Information technology will be adopted rapidly if it results in a material and obvious advance in medical practice (such as magnetic resonance imaging machines), but adoption is more difficult for technologies with less quantifiable benefits, such as the security technologies that control access to medical records. The Internet itself is such a new phenomenon that its eventual contribution to the delivery of care is poorly understood by the industry as a whole. It is unrealistic to expect that the industry will rapidly overcome its fragmentation and diversity to speak loudly and with one voice. The traditional conservatism of the health care industry in the face of information technology is likely to persist in the face of the Internet.
In addition to these larger structural problems, impediments exist within individual health organizations. Provider organizations lack information about the potential benefits and effectiveness of Internet-mediated health interventions in terms of both cost and quality, making it difficult for them to make decisions about Internet investments. Industry reference models have yet to be developed, and not much information has been developed or shared about the kinds of Internet-based systems that are demonstrably effective in improving care. Organizations also lack authoritative guidelines to help them develop formal policies related to Internet applications, such as rules for e-mail exchanges between patients and providers and for monitoring sponsored discussion groups. Reflective of a tight labor market overall, health care organizations also often have difficulty attracting qualified engineers and programmers to develop information technology systems for use in health-care settings.
A number of difficult public policy and regulatory issues constrain the adoption of Internet-based health applications by health organizations and consumers. Some of these issues are specific to the health sector; many others extend beyond the health sector but require the health community's active participation in their resolution.
Many of the same issues that have slowed the growth of traditional forms of telemedicine (using private networks) will continue to impedecontinue
the expansion of Internet-based medicine. For example, health care providers are currently licensed by individual states and are generally prohibited from providing care across state linesa clear issue when a patient is in one state but the physician at the other end of a telemedicine link is in another. Liability claims are also handled at the state level, with considerable variation among states. Such policies have made it difficult, if not impossible, for physicians to practice telemedicine across state boundaries. So has the lack of means for paying for a full range of remote medical consultations in the Medicare program and in many traditional insurance companies.1 These policy issues limit the returns that health care organizations can expect to receive from investments in network-based health care solutions. They also affect the willingness of physicians to adopt new technologies and practices.
Other policy concerns also threaten to slow the spread of health-related applications of the Internet. Concerns over the security of personal health information continue to dampen consumers' enthusiasm for Internet systems that share such information. The Department of Health and Human Services has promulgated draft regulations governing privacy and security of electronic health records, but these provisions have yet to be finalized and will not cover all exchanges of information among the many kinds of organizations that collect, process, and distribute health information. Beyond the issue of medical records privacy lies the larger issue of the privacy of online searches and transactions that has arisen in many forms of electronic commerce and Web browsing. What kinds of information can be collected about individuals online, and how can that information be shared? Recent accusations that several health-related Web sites have not adequately disclosed their information-gathering and data-sharing practices have brought renewed attention to this issue (Clausing, 2000). Other issues associated with the protection of intellectual property on the Internet also have repercussions for health care, especially in regard to the dissemination of professional literature and educational courseware designed for use over the Internet. Efforts are needed on the part of governmental, industrial, and provider groups to craft an effective solution.
Enhancing the Internet to support the health community more effectively will require active stewardship on behalf of health organizations, the information technology industry, the research community, and government. These groups must attempt to ensure that the Internet evolves in ways that support health care and that the health sector is prepared to incorporate the Internet into its processes for delivering care, paying forcontinue
care, conducting research in biomedicine and health services, improving public health, and providing health education. Action is needed in four areas, as outlined below: (1) ensuring that suitable technical capabilities are developed and deployed in the Internet, (2) demonstrating and evaluating Internet-based applications in the health and biomedical sectors, (3) educating the health community on ways to incorporate the Internet safely into their routine activities, and (4) resolving policy issues that impede use of the Internet in health.
Research, Development, and Deployment of Needed Technical Capabilities
To ensure that the Internet has the ability to support health applications, additional technical capabilities need to be developed and deployed. Although some existing technologies could be deployed in the Next Generation Internet (NGI) to facilitate experimentation with and evaluation of health and biomedical applications, other technologies will require further research. The health community must articulate its needs to the information technology research community and must actively engage in developing Internet-based systems. The goal is to assure that developers better understand the ways in which the requirements needed for health care applications of the Internet diverge from, or converge with, those needed to support Internet applications in other sectors. To this end, the committee makes four recommendations.
The health community should ensure that technical capabilities suitable for health and biomedical applications are incorporated into the testbed networks being deployed under the Next Generation Internet (NGI) initiative and eventually into the Internet.
The NGI testbed networks being deployed by federal agencies such as the Defense Advanced Research Projects Agency, the National Science Foundation, the National Aeronautics and Space Administration, and the Department of Energy will provide a basic communications infrastructure on which a number of high-end health applications could be demonstrated and evaluated. To help the health community experiment with new networked applications, these testbed networks must be deployed with the technical capabilities to support a range of high-end health applications, such as medical consultations at a distance, remote control of research equipment, surgical simulation, and collaboration among researchers and clinicians. The networks are expected to be deployed with bandwidth that can support a wide range of health applications,continue
although other technical capabilities will need to be deployed as the technologies become sufficiently stable:
• Quality of service mechanisms. QOS mechanisms should be deployed in the NGI to support applications that require, for example, the rapid transfer of digitized medical images (or medical records), the use of real-time video for remote medical consultations, and the control and receipt of imagery from remote experimental equipment, such as electron microscopes. Remote videoconferencing, for example, may require less than 1 Mbps of bandwidth to be effective, but that bandwidth must be predictably and reliably available for the duration of a clinical consultationperhaps 30 minutes or more. In addition, low latencies will be needed to support more natural, real-time interaction among participants. The differentiated services (diff-serv) and integrated services (int-serv) models for QOS can each support a range of anticipated health applications. Both should be deployed across the NGI to allow further experimentation with their capabilities and their limitations. Deployment of the diff-serv model would be a valuable first step because it would allow users to experiment with applications that demand quantifiable QOS guarantees and to develop policies for determining which types of data traffic need a higher level of service and which can be satisfied with lower levels of service. Deployment of the int-serve model could expand the number of end-user organizations that take advantage of QOS capabilities because it would allow them to reserve premium services for use when needed, rather than having to subscribe to a premium service that they may leave unused much of the time. Deployment of int-serv across the NGI testbed networks would also allow researchers to better investigate the ability of the protocols to accommodate large numbers of users in an operational environment; issues of scalability have yet to be resolved with int-serv. Moreover, deployment of diff-serv and int-serv protocols in the NGI testbeds would enable the health community and ISPs to investigate effective business for financing the wide-scale deployment of QOS mechanisms throughout the Internet. Considerable work must be done to find a way of creating an incentive for ISPs to deploy QOS capabilities in a way that is consistent with the health community's needs.
• IP Security. Deployment of IP Security (IPSec) protocols would allow further experimentation with virtual private networks among health care organizations involved in the NGI program and would allow further testing of the ability of the protocol to scale sufficiently to support effective interchanges of information among health organizations. The use of IPSec across the Internet could allow secure communications between fixed sets of health organizations and permit the transfer of health records among affiliated care providers or the exchange of payment, enrollment,continue
and other administrative information between care provider organizations and third-party payers and administrators. While Secure Socket Layer (SSL) protocols can also support confidential transactions across the Internet, the use of IPSec could simplify security administration by providing a central point at which all traffic can be encrypted and authenticated as it leaves one site destined for another. It could further mitigate concerns regarding the authentication of individual users, as discussed below.
• Public key infrastructure. The use of SSL encryption across the Internet already enables a wide range of health applications, including remote access to medical records. What is now missing from such systems is typically a secure way of authenticating end users. While most online vendors use cryptographic certificates to validate their identities, most implementations of SSL rely on simple password schemes to validate the identity of end usersor they simply require a valid credit card number to be presented for billing purposes. The NGI program offers an ideal environment for experimenting on a limited basis with stronger forms of authentication, including the use of public key infrastructures to distribute and validate cryptographic certificates for individual end users. Effective and scalable PKI strategies could be developed to allow more routine sharing of information among more loosely affiliated participants in the health community.
To ensure that the Internet evolves in ways supportive of health needs over the long term, the health community should work with the networking community to develop improved network technologies that are of particular importance to health applications of the Internet.
It is difficult to predict which particular technologies will be needed, but based on the evaluation presented in this report, several areas seem reasonable as starting points for continued research:
• More readily scalable techniques to provide bandwidth guarantees on demand. Techniques are needed for ensuring that individual organizations (or individual end users) can receive high-level QOS across the Internet on an as-needed basis. Smaller health care organizations and individual users in particular are unlikely to be able to afford to subscribe to statically provisioned premium-level QOS offerings, but they may need on occasion to send large files quickly across the Internet or to engage in remote video consultations. The diff-serv model that has been standardized by the Internet Engineering Task Force (IETF) does not yet incorporate mechanisms for providing premium services on demand. Nor havecontinue
standards been defined for the provision of end-to-end QOS across multiple service providers using diff-serv. The int-serv model, which does provide such reservation mechanisms, may not, however, be sufficiently scalable for widespread utilization across the Internet backbones. There are also concerns that the level of QOS assurance provided by the diff-serv model are not strong enough for mission-critical applications. Research programs are under way to develop scalable mechanisms for providing QOS on demand across the Internet and must continue to be supported.
• Stronger forms of authentication. Additional research is also needed to develop methods for authenticating users of networked applications to ease the problem of reliably identifying individual consumers and allowing secure communications between parties that have not established relationships beforehand. Technologies and processes must be developed for key and certificate management systems that can be used by individuals and small organizations to authenticate their identities in online transactions. Solutions must be capable of scaling up to the size of the entire population and must address the issues of delegation of trust that certification hierarchies face. Work on smart cards, token-based authentication, and biometric authentication devices would seem to be especially useful in serving health needs.
• Symmetric or dynamically reconfigurable broadband technologies for the last mile. Techniques are needed to enable consumers to transmit information at data rates similar to those at which they can receive it. Current technologies for high-speed Internet access tend to be configured to allow much greater bandwidth into the home than out of it. For many health applications, however, it is conceivable that consumers will send as much information into the network as they retrieve from it (home-based remote medical consultation is an example). This capability might be achieved by deploying more symmetric forms of broadband access (e.g., symmetric DSL or cable modems that allocate more bandwidth to upstream capacity) or by developing ways to allow end users to use some downstream bandwidth for upstream communications when needed.
• Hardened QOS guarantees. Mechanisms are needed to ensure that critical health care applications do not lose their QOS guarantees as a result of link failures across the Internet, except in those cases in which the network suffers catastrophic failures that leave it without connectivity between desired points of communication. Part of this effort will require work on techniques for rapid reconvergence after link failures. Approaches are needed to ensure that Internet routers can determine updated communications paths across the network should a particular link fail and to ensure that data are not lost during the reconvergence period. Applications such as remote control of experimental or clinical equipment andcontinue
patient monitoring may not be able to tolerate the brief loss in connectivity (and perhaps loss of packets) that characterize reconvergence efforts on today's Internet. In particular, efforts are needed to address disruptions in service between two ISPs, where existing link recovery schemes may not be effective.
• Disaster operations. Techniques are needed to ensure delivery of high-priority traffic (including, but not limited to, health information) in the event of a natural or man-made disaster that disrupts large segments of the nation's information infrastructure.
The National Library of Medicine should forge stronger links between the health and networking research communities to ensure that the needs of the health community are better understood and addressed in network research, development, and deployment.
To date, interactions among members of the networking community and the health informatics community have been minimal. The health sector is generally underrepresented in standards-making bodies such as the IETF, and few research projects attempt to explicitly forge alliances between networking researchers and health researchers. Bridging this gap would help networking researchers and standards developers to better understand the challenges that health applications pose for networking infrastructure and would help the health informatics community to learn how to incorporate new networking technologies more effectively into their applications. One way of encouraging more cross-fertilization between these communities would be for the National Library of Medicine to encourage or require recipients of its contracts and grants for networking-related projects to participate in meetings and conferences of networking researchers and standards-making bodies. It could explicitly indicate that it would support travel and related costs for such endeavors. The NLM could also explicitly require collaboration among networking researchers and health researchers in some of its awards. It could also itself play a more aggressive role in establishing contact between the health community and the networking community. It could speak for the health community in conveying needs to networking researchers and in reaching out to ISPs, presenting health care as a cutting-edge example of a peer-to-peer application that demands networking capabilities beyond those now being deployed (e.g., QOS throughout the network and symmetrical forms of broadband access for residential use). The NLM could also establish an ad hoc task force to explore other ways of communicating health-related needs to the networking community.break
The National Institutes of Health and its component agencies should fund information technology research that will develop the complementary technologies that are needed if the health community is to take advantage of the improved networking technologies that can be expected in the future.
As noted above, putting adequate network infrastructure in place is not sufficient for enabling Internet applications in the health domain; other information technologies are needed to enable network-based applications to develop. The medical service arena is a problem-rich one with considerable need for research into new technologies and new network capabilities. The Department of Health and Human Services (DHHS), by virtue of its broad purview over health-related efforts in the federal government, should play a leading role in funding research on information technologies of particular importance to the health community. At present, DHHS provides only a small portion of the federal government's funding for computing research (the vast majority of funding comes from the Defense Advanced Research Projects Agency and the National Science Foundation, with other significant contributions by the National Aeronautics and Space Administration and the Department of Energy). Two recent reports encouraged DHHS (or elements within it, in particular NIH, AHRQ,2 and NLM) to become more actively engaged in information technology research. A report by the Working Group on Biomedical Computing (1999) of the National Institutes of Health, for example, calls for increased basic research on information technology tools to support biomedical computing and for the establishment of national programs of excellence to advance research in areas of biomedicine where computation is increasingly important. Similarly, the President's Information Technology Advisory Committee concluded that "the National Institutes of Health (NIH) should support biomedically motivated basic research in information technology and view it both as important information technology research and as fundamental biomedical research" (PITAC, 1999). It is not possible to identify in advance all areas in which the health community needs to become engaged, but the analysis in this report identifies the following topics as pertinent preliminary areas of inquiry:
• Validation of online information. Effective techniques are needed to help consumers to judge the quality of the health information they retrieve from the Internet and to give them more confidence in it. The goal of these techniques should not be to prevent dissemination of certain information via the Internet but to ensure that consumers have a way of judging the quality of what they find there. Different technical approachescontinue
may be effective in automating what is now a more or less manual process of labeling content to indicate its provenance.
• Tools for protecting anonymity online. Technologies are needed to improve privacy on the Internet, so that users may pose queries, receive replies anonymously, and browse Web sites without necessarily divulging their identities. Use of the Internet to retrieve health information or to purchase products can reveal much about a person's health status and concerns. A provider's use of online clinical resources could also provide clues about his or her knowledge of a given subject area. Such information could be used in ways that harm Internet users. The health community therefore has a strong interest in developing tools to protect the identities of online users.
• Access controls. Mechanisms are needed to limit users' access to just the programs, databases, and data fields they need to perform their job function or play their role in an online transaction. Development of robust access controls is especially difficult in health care because there are many kinds of actors (care provider, educator, researcher, etc.), each of whom requires access to information, and many kinds of information, most of which should be privileged. These problems are further complicated by the dynamically changing nature of the relationships in health care, e.g., between a patient just admitted to an emergency room and the health care providers at the admitting hospital.
• Controls on secondary distribution of patient health information. Research is needed to develop effective mechanisms for managing the distribution of health information beyond the walls of the organization that originally collected it. A number of technologies, such as digital property-rights-management languages and encrypted containers, have been developed to control the distribution of digital media and to ensure the adherence of recipients to particular provisions or use of the information (e.g., payment for access, limits on redistribution). Additional work is needed, however, to extend such capabilities into the health environment, where the new technologies may be able to control the distribution and use of health records and other confidential information.
• Improved audit capabilities. Additional work is needed to develop tools for reviewing audit logs that health care organizations could compile on accesses to electronic medical records. These tools would need to automatically identify potential violations of confidentiality, drawing from external databases such as scheduling calendars and referrals to differentiate between legitimate and illegitimate accesses.
• QOS policies that are suitable to health and health care. Policies are needed to govern the provision of QOS in high-traffic environments to ensure that critical health-related messages receive their requested QOS in emergency situations. Mechanisms for defining and propagating QOScontinue
policy across a network are currently being defined, and it is important that such mechanisms are developed in a way that meets the needs of the health community. Work is also needed to establish guidelines for determining which packets sent by particular institutions will receive the highest priority.
• QOS-aware applications. Work is needed on networked applications that are tightly linked to the underlying QOS capabilities of the network. Only by creating networked applications that leverage emerging QOS capabilities can the shortcomings of those capabilities for health applications be determined and requirements for new QOS capabilities be established. Furthermore, by demonstrating the utility of such capabilities in a health care context, it may be possible to influence the deployment of new QOS capabilities by ISPs in a direction that is useful to health care.
Demonstration and Evaluation of Health Applications of the Internet
Continued experimentation and evaluation is a central component of efforts to understand better the kinds of health applications that may become more widespread across the Internet and the technical capabilities they demand. By demonstrating health applications such as distant consultation, remote control of experimental equipment, and online access to electronic medical records, members of the health community will have a better opportunity to examine their relative costs and benefits, the business models needed to support them, and the kinds of organizational policies that are needed to govern their use. A number of public and private organizations have supported demonstration programs to allow such exploration. These efforts need to continue as new Internet technologies become available and new applications are envisioned. They will be increasingly important to the health community if it is to establish a dialog with the larger Internet community about its evolving needs. The efforts will allow continued identification of technical requirements that the networking community can address and of other problems and issues for the health community. To provide the kinds of information that will inform this dialog, a number of parallel efforts will be needed, as recommended below.
The Department of Health and Human Services should fund pilot projects and larger demonstration programs to develop and demonstrate interoperable, scalable Internet applications for linking many health organizations.
Public and private organizations have supported a range of pilot projects and testbeds to demonstrate the capabilities of information tech-soft
nology in health organizations. Most have tended to focus on stand-alone applications that operate within a single organization. Many of the challenges of Internet-based systems derive from the interconnection of many organizations to a large network. DHHS and its constituent agencies (NLM in particular) should fund pilot projects and testbeds that explicitly connect multiple organizations for purposes of information exchange. These projects are not intended to develop community-wide repositories of health information, as was attempted with community health information networks (CHINs), but should try to facilitate information exchange among limited sets of organizations, whether for clinical care (e.g., exchanges of medical records, the sharing of clinical guidelines, or remote consultations between an urban medical center and several remote clinics) or administration (e.g., payment of claims). Only by establishing testbeds on a large scale can the issues of scalability and the effects of decentralization be identified and evaluated.
These projects should explore the capabilities, limitations, and performance requirements for health applications in a highly networked environment with amny participating users at different organizations. For example, projects could be supported in application domains such as (1) public health surveillance, (2) clinical care, (3) home-based care, (4) remote consultations, and (5) payment for services. Pilot projects that integrate entire vertical slices of the ehalth care delivery process could also be tried. Such projects would help private and public organizations experiment with possible applications of the Internet and determine the ways the Internet can be used most effectively. By involving a large number of organizations, the projects will also aid in understanding issues associated with access to information resources, especially if the projects involve outreach to individual consumers. They would look at whether the research efforts outlined in Recommendation 1.1 had achieved the infrastructure required for health networking applications. Thus, demonstrations that show the effective use of advances in bandwidth, latency, QOS, and reliability would be most appealing.
Federal agencies such as the Department of Veterans Affairs, the Department of Defense, the Health Care Financing Administration, the National Institute of Health, and the Indian Health Service should serve as role models and testbeds for the health industry by deploying Internet-based applications for their own purposes.
The information technology and health, care industries need to do considerable experimentation, standards development, and integration work before the Internet can be used routinely for health care purposes.continue
The government could play a proactive, catalytic role in this effort. It operates a subjstantial health care operation of its own, in the form of the health care systems operated by the Veterans Health Administration (part of the Department of Veterans Affairs, or VA), the Department of Defense, and the Indian Health Service. The Health Care Financing Administration operates an enormous system to pay for care provided under the Medicare, Medicaid, and related programs. By partnering with industry, these government agencies could use the Internet aggressively in their health-related systems. HCFA could, for example, develop policies and standards for the electronic submission of Medicare claims and could act as the certificate authority for a public key infrastructure for authenticating people and organizations that submit claims. The DOD and the VA could use their telemedicine programs and efforts to exchange medical records as testbeds and demonstrations that could influence private sector initiatives. In effect, these would be pilot implementations and they would help industry develop apprpriate standards and software. An open-source model could be required, thus making the fruits of this effort available broadly to industry. This is an are where governmental leadership is likely to be crucial and where passivity on the part of the government will cause many lost opportunities.
Health organizations in industry and academia should continue to work with the Department of Health and Human Services to evaluate various health applications of the Internet in order to improve understanding of their effects, the business models that might support them, and impediments to their expansion.
Health organizations will adopt health care applications of the Internet largely on the basis of their ability to improve the quality of care and reduce its costs. Deployment of needed infrastructure will be motivated by the development of business models for supporting the applications and paying for network services such as QOS. To date, the health industry has had little guidance in these areas, and its adoption of the Internet will be slow without better information. Work is therefore needed to determine the effect of internet applications on care quality and costs; organizational performance; job skills; relationships between participants (e.g., changes in the role of patients and responsibilities of patients); the economic or business models of care (e.g., use of the Internet to establish contractual relationships between affiliated care providers rather than buying them outright); provider workflows; and confidentiality and liability concerns. Across all of these areas, evaluations should seek to understand whether Internet-based applications have a different impact oncontinue
quality, cost, and access to care than non-Internet based applications (e.g., are Internet-based implementations of electronic health records materially different from non-Internet implementations?). Simialrly, studies should identify factors that hinder the expansion of health applications of the Internet from portotypes or demonstrations to broad organizational or national use. Additional work is needed to develop mechanisms whereby the health industry can afford the investments in information infrastructure needed to enable more sophisticated applications. Elements within the Department of Health and Human Services can continue to play a vital role in providing financial support for these evaluations, as has been done by the National Library of Medicine and Office of Rural Health Policy.
Public and private health organizations should experiment with networks based on Internet protocols and should incorporate the Internet into their future plans for new networked applications and into their overall strategic planning.
Even though several years may pass before the Internet can provide the QOS, security, and reliability needed for health-related transactions, health care organizations need to start preparting now so that they will be equipped to use the improved capabilities offered by future generations of the Internet. They must develop an understanding of the ways the Internet can support their missions, prepare their infrastructures to be compatible with Internet technologies, develop the human resources needed to design, develop, and deploy effective systems, and put policies in place to govern the use of the Internet and Internet-related applications. Individual organizations and professional societies have roles to play in this endeavor.
Because the health care industry has limited experience with Internet-based applications and because models for delivering and paying for health care continue to evolve, it is not yet clear how the Internet can best be used to improve health and minimize costs. In the end, some balance between Internet-based and private networks will probably emerge to meet the full spectrum of capabilities needed by health care organizations. In the meantime, these organizations should take steps to understand better the benefits of Internet-based systems and to have Internet-ready resources in place. They should establish institutional connectivity to the Internet and among their constituent organizations. They should establish network-based relationships with vendors that allow them to explore electronic commerce opportunities. They should begin using networks that incorporate Internet protocols such as TCP/IP, e-mail, FTP,continue
and HTTP for internal communications. And they should begin thinking about ways in which the Internet can enhance and extend their missions. These represent relatively inexpensive steps for gaining critical insight into the ways the Internet may become more fully engrained in health processes at a later date. Without such experimentation, health organizations risk missing out on future opportunities.
Addressing Educational Needs
In order for the Internet to achieve its full potential in health applications, not only must it provide adequate technical capabilities, but health organizations also must be capable of adopting it. Health organizations will need the internal capability to envision ways in which the Internet could support their missions and to design, develop, and implement systems that fulfill those visions. The experimentation outlined in Recommendations 2.1 through 2.4 will improve organizations' capabilities considerably, but additional efforts will likely be needed to bolster internal policy development and human resource development. Efforts in three areas are recommended.
Professional associations with expertise in health issues and information technology should work with health care organizations to develop and promulgate guidelines for safe, effective use of the Internet in clinical settings.
Improved information outlining best practices for using the Internet in health applications would help individual organizations benefit from each other's experiences and develop informed policies and procedures to guide their own efforts to harness the capabilities of the Internet. Professional associations have an important role to play because their membership spans large numbers of organizations that face common challenges. Professional associations with expertise in health care and information technology could help convene groups that would develop standards and guidelines based on the experience and expertise of their memberships. Some associations have already taken productive steps in this direction. The American Medical Informatics Association, for example, developed a set of guidelines for using e-mail in clinical settings, and the Association of American Medical Colleges has initiated programs to evaluate the information technology needs of academic medical centers that could also produce valuable guidelines. Similar efforts are needed to develop guidance in (1) monitoring and conducting health-related chat sessions, bulletin boards, and forums, (2) remote education of health professionals, (3) disseminating information to a broad audience, (4) appropriate andcontinue
inappropriate creation of provider/patient relationships, (5) assurance of the integrity and accuracy of patient-maintained health records, (6) means to assess trade-offs between security, confidentiality, and access, (7) direct marketing to patients of health care services (e.g., pharmaceuticals, prostheses), (8) communication across traditional boundaries (e.g., patient to provider), (9) clinical e-mail, (10) Web information services, and (11) privacy and security of electronic health information.
Government, industry, and academia should work together and with professional associations having experience in health and information technology to educate the broader health and health care communities about the ways the Internet can benefit them.
Part of the inability of health organizations to aggressively pursue Internet strategies derives from a lack of appreciation among health workers about the potential benefits of Internet-based applications. Many have had limited formal education in computing and communications technology and continue to have limited experience using it. Educational programs could go a long way to overcoming institutional resistance and helping workers to better use such systems. Academic health organizations and professional associations have important roles to play in educating the health community at large about the potential benefits of Internet-based systems in health care. Academic health organizations are among the leaders in applying the Internet to health applications and educate a range of health professionals. Associations can draw upon their large and diverse membership to pool ideas and reach out to individual organizations. They must also work individually to assemble information-technology-savvy staff who can envision and develop Internet-based health systems. Chief information officers and other high-level information systems professionals should have expertise in both information technology and health care.
The Department of Health and Human Services should commission a study of the health information technology workforce to determine whether the supply of such workers balances the demand for them, to identify the kinds of training and education that workers at different levels will need, and to develop recommendations for ensuring an adequate supply of people with training at the intersection of information technology and health.
For health applications of the Internet to be envisioned, developed,continue
and deployed, knowledgeable workers are needed who understand both the technical capabilities of the Internet and the nuances of operating in a health context. Information technology firms perceive a distinct shortage in the number of qualified information technology workers they can hire, although a formal assessment of the situation is still under way.3 The supply of workers with both information technology and health skills may be even tighter, but the situation has not been well investigated. Impressions of supply and demand tend to be based on anecdotal evidence about the demand for graduates of existing programs. All health organizations will be affected by the Internet and will need to develop competencies to work with it. To date, support for training in areas such as medical informatics has come almost exclusively from the National Library of Medicine, but it will soon need to come from other sources as well if the pool of qualified workers is to grow. It is not clear what kinds of skills workers at different levels in a health organization will need. Additional study is required to determine the extent of the problem and the best avenues for addressing it.
Addressing Policy Issues
A number of impediments to Internet-based health care must be addressed at a policy level. While it is not possible to identify or predict all the barriers that will arise as the Internet becomes more widely used in the health sector, there is a need to ensure that regulatory barriers do not unnecessarily impede application of the technology as it evolves and that all demographic groups are active participants in health on the Internet. The impediments include issues such as payment for services delivered via electronic networks, licensure, and malpractice. These impediments have slowed past attempts to deploy telemedicine services more broadly; they exemplify the kinds of mismatches that may result from attempts to use laws and regulations created in the past to govern a growing range of Internet-mediated services. What were minor concerns in the past may become more important as the capabilities of the Internet grow and its applications expand into health and health care. The committee notes that it is not possible to enumerate all the ways in which the legislative and regulatory environment may need to be altered to accommodate the Internet in health and health care, but some of the areas that have been identified hint at the larger set of issues to come. Although it is beyond the scope of its charge and its expertise to provide recommendations for remedying these policy concerns, the committee notes that they pose a significant barrier to the deployment of Internet-based applications in health and health care and makes the following recommendation to hasten their resolution:break
The Department of Health and Human Services should more aggressively address the broad set of policy issues that influence the development, deployment, and adoption of Internet-based applications in the health sector.
Addressing the policy issues that are raised in this report will require strong leadership from federal health agencies. Not only does DHHS need to ensure that concerns and needs of the health community are reflected in attempts to address policy issues such as intellectual property protection, privacy, and access to the information infrastructure, but it can also help to ensure greater coordination of the efforts of federal health agencies in these areas. Elements of DHHS are involved in missions that are affected by these issues and have taken steps to address them, and the DHHS itself has taken steps to address issues such as the privacy and security of electronic medical records. Additional focus would help ensure that these issues are suitably addressed by the policy-making community. DHHS could play a number of roles:
• Providing strategic leadership for Internet-related programs within the department and its constituent agencies and coordinating them with those of other federal agencies. Because the Internet may transform a number of aspects of health care, including many of those overseen by federal agencies, government would be well served by a process that would assess, manage, and monitor the implications of the Internet for federal health activities. Many of the agencies within DHHS, including the Health Care Financing Administration, the National Institutes of Health, and the Centers for Disease Control and Prevention, have ongoing plans to evaluate Internet applications in some of their mission-critical operations, but little higher-level strategy exists within DHHS for better harnessing the capabilities of the Internet throughout the organization.
• Convening public and private bodies to identify and examine issues related to the Internet and health care. These bodies could help federal agencies identify issues that need to be resolved, provide guidance on the kinds of approaches that might be most effective, and ensure greater coordination of public and private efforts. The National Committee on Vital and Health Statistics (NCVHS) has been playing a similar role in the area of privacy and security of electronic health information and could serve as the modelor the seedfor other such groups.
• Exploring cross-cutting issues that affect a number of government health agencies and developing programs for addressing them. For example, DHHS could examine ways to implement a public key infrastructure that would support a range of federal health activities, from provision of care in DOD and VA facilities to payment of Medicare and Medicaid claims.break
• Encouraging sharing of information and perspectives among health-related agencies. Development of a health information infrastructure will involve a multitude of participants with different responsibilities and interests: provision of care, payment for care, monitoring of care, health-related research, public health, and others. Because of its broad interest and activity in many of these areas, DHHS could serve as a focal point for encouraging dialog among these constituents and coordinating activities.
• Advancing the national debate regarding key information technology issues that affect health care. As noted throughout this report, considerable uncertainty exists about the ways in which the Internet is likely to influence the health sector and about the effectiveness of different applications. Based on experience with its own systems, its interactions with the private sector, and its ability to serve as a neutral meeting ground, DHHS could help the entire health community become better informed about use of the Internet in health care and about the technical, organizational, and policy issues that must be addressed.
• Creating organizational structures to ensure that issues at the nexus of health and information technology are identified and addressed promptly and efficiently. The speed with which the Internet and its applications are advancing requires proactive consideration of opportunities and challenges and the structures that can respond to a rapidly changing environment. Progress has been made along some of these lines by establishing the DHHS Data Council and redefining the charter of the NCVHS. The NCVHS has, in fact, begun to address the creation of a health information infrastructure (NCVHS, 1998), but additional effort along these lines will be needed to ensure that adequate attention is paid to this emerging area.
A Final Word
The recommendations offered above are intended to set the nation on a course that will ensure that technology, organizational practices, and public policies converge in ways that will lead to broader deployment of Internet-based systems in health applications (see Box 6.1). Undoubtedly, this course will have to be recharted over time to reflect progress made along each of the fronts and as Internet-mediated health processes continue to unfold. Changes in the structure of the nation's health care will continue to drive the kinds of health-related systems that will operate over the Internet, and the Internet will, in turn, drive changes in the structure and nature of health care. Continued dialog between the information technology community and the health community will be central to ensuring that the Internet evolves in ways that meet the ever-changing demands and specialized needs of the health sectorand to ensuring that the Internet will support the health of the nation.break
(box continued on next page)
Clausing, Jeri. 2000.''Report Rings Alarm Bells About Privacy on the Internet," New York Times, February 7.
Health Care Financing Administration (HCFA). 1997. Telemedicine Report to Congress, Department of Health and Human Services, Washington, D.C., December 4. Available online at <http://www.hcfa.gov/pubforms/telemed.pdf>
National Committee on Vital and Health Statistics (NCVHS). 1998. Assuring a Health Dimension for the National Information Infrastructure, October 14. Available online at <http://www.ncvhs.hhs.gov/hii-nii.htm>break
(box continued from previous page)
President's Information Technology Advisory Committee (PITAC). 1999. Information Technology Research: Investing in Our Future, National Coordination Office for Computing, Information, and Communications, Arlington, Va., February 24. Available online at <http://www.ccic.gov/ac/report/>
Working Group on Biomedical Computing, Advisory Committee to the Director. 1999. The Biomedical Information Science and Technology Initiative, National Institutes of Health, Bethesda, Md., June 3. Available online at <http://www.nih.gov/welcome/director/060399.htm>break
1. HCFA is already working to investigate means of reimbursing the costs of some types of remote consultation and has funded demonstration projects to explore alternative payment schemes. For information on HCFA's efforts on paying for remote health services, see HCFA (1997).
2. The Agency for Health Care Policy and Research was recently renamed the Agency for Healthcare Research and Quality (AHRQ).
3. The Computer Science and Telecommunications Board is studying workforce needs in information technology. Additional information on this project is available online at <http://www.cstb.org>.break