Networking Health
Prescriptions for the Internet

Committee on Enhancing the Internet for Health Applications:
Technical Requirements and Implementation Strategies 

Executive Summary

(read complete book)

The Internet has great potential to improve Americans' health by
enhancing communications and improving access to information for care
providers, patients, health plan administrators, public health officials,
biomedical researchers, and other health professionals. Ongoing
research and development (R&D) efforts, such as the federal
government's Next Generation Internet (NGI) initiative and the
complementary Internet 2 program of the private sector, could help to
realize that potential. Such efforts promote the creation and deployment
of new networking technologies to enhance the Internet's capabilities,
enabling a growing range of applications in health and other sectors. But
what technical capabilities do health applications demand of the
Internet? How do these capabilities differ from those needed by
applications in other sectors, such as banking, defense, and
entertainment? What types of experiments and demonstrations should be undertaken now to learn quickly about the requirements and benefits of different health applications of the Internet? And how can the health
community ensure that its needs are considered within the networking
research community and in standards bodies that are defining future
capabilities? 

Questions of this nature prompted the National Library of Medicine
(NLM) to request a study by the Computer Science and
Telecommunications Board of the National Research Council that would
evaluate the technical capabilities demanded by health applications of
the Internet. As the health community's primary representative in the NGI
initiative and a longtime supporter of R&D focusing on health
applications of information technology (IT), NLM sought advice on
which capabilities should be deployed in the NGI testbed networks and,
ultimately, the Internet. It recognized that the potential for health
applications of the Internet had contributed to policy discussions of
information infrastructure for several years but that progress in realizing
that potential had been slower than in other economic sectors. This
report responds to the NLM request by examining applications of the
Internet in six health-related areas: consumer health, clinical care, health
care financing and administration, public health, professional education,
and biomedical research. It draws on a series of visits by members of
the committee to organizations that are actively designing, developing,
and in some cases operating networked applications. It identifies the
technical capabilities that these applications demand of supporting
networks and makes recommendations regarding the capabilities that
need to be deployed to enable the health community to take fuller
advantage of the Internet. It also identifies additional work that is
needed to develop complementary and appropriate information
technologies, such as tools to help consumers evaluate the quality of the
information they find on the Internet and access controls to reliably limit
Internet users' ability to access resources such as patient medical
records. 

But the report does not focus exclusively on networking technologies,
since the capabilities needed in networks are intertwined with other
technical, organizational, and policy considerations. As the committee
learned during its site visits, an adequate communications infrastructure
is not the only prerequisite for expanded Internet use within the health
community. Efforts are also needed to surmount organizational and
policy impediments to the adoption of the Internet and Internet-based
applications. At present, health care organizations are ill prepared to
deploy Internet-based applications, because they lack information upon
which to base investment decisions, face an uncertain financial
environment, and have difficulty attracting the talent needed to design,
develop, and implement such applications. A number of public policy
issues, ranging from concerns about patient privacy to the lack of
payment mechanisms for some medical consultations delivered
remotely, also stand in the way of greater deployment of Internet
applications. All of these issues need to be addressed if health
organizations are to take advantage of the capabilities offered by an
enhanced Internet. 



HEALTH APPLICATIONS OF THE INTERNET


The most visible examples to date of the Internet's role in health-related
activities are in the consumer domain. Tens of thousands of sites on the
World Wide Web (the Web) offer information on health topics, and a
growing number of companies have established Web sites to provide
consumers with information on specific diseases, therapies, and healthy
lifestyles. Some sites allow consumers to evaluate risks to their health,
manage chronic medical conditions, purchase health-related products,
pose questions to health professionals, or engage in discussions with
other consumers. These systems take advantage of the Internet's broad,
public reach to engage significant portions of the online population,
often with information that is specially tailored to their needs. An
estimated 30 million users searched for health information on the
Internet in 1999 alone, and in 1998 consumers and students--as opposed
to practitioners and researchers--accounted for roughly 30 percent of the
use of the NLM's MEDLINE system, which contains references to
millions of journal articles (Lindberg, 1998). 

Although health-related Web sites garner considerable media attention,
they represent only a small sampling of the ways in which the Internet
can be used in health, itself a large sector embracing health care, public
health, health education, and biomedical research. Because the Internet,
in theory, can link all the participants in the health community, it can be
used to improve consumer access to health information and health care,
to enhance clinical decision making and improve health outcomes by
making better information available to clinicians on demand, and to
reengineer the processes of care to make them more efficient. The
Internet can also be used to improve the education of medical
professionals, enhance public health surveillance, and facilitate
biomedical research. In each of these domains, specific applications can
be envisioned in which the Internet is used to transfer text, graphics, or
video files (and even voice); control remote medical or experimental
equipment; search for needed information; and support collaboration, in
real time, among members of the health community (Table ES.1). For
example, the Internet could do the following: 

Enable consumers to access their health records, enter data or
information on symptoms, and receive computer-generated
suggestions for improving health and reducing risk; 

Allow emergency room physicians to identify an unconscious
patient and download the patient's medical record from a hospital
across town; 

Deliver care instructions to a traveling businessperson who begins
to feel chest pains while in a hotel room; 

Enable homebound patients to consult with care providers over
real-time video connections from home, using medical devices
capable of transmitting information over the Internet; 

Support teams of specialists from across the country who wish to
plan particularly challenging surgical procedures by manipulating
shared three-dimensional images and simulating different operative
approaches; 

Allow a health plan to provide instantaneous approval for a
referral to a specialist and to schedule an appointment
electronically; 

Enable public health officials to detect potential contamination of
the public water supply by analyzing data on nonprescription sales
of antidiarrheal remedies in local pharmacies; 

Help medical students and practitioners access, from the examining
room, clinical information regarding symptoms they have never
before encountered; and 

Permit biomedical researchers at a local university to create
three-dimensional images of a biological structure using an
electron microscope a thousand miles away. 

A number of these applications have been demonstrated in localized
settings, such as individual hospitals or health care delivery systems.
For reasons of technology, organizational capabilities, and public
policy, many of them have yet to be deployed more broadly across the
Internet or on private networks that rely on dedicated communications
links. As a result, little is known about their costs and benefits--whether
they would improve health or research capabilities, how much they
would cost to implement, or whether they would reduce health costs if
deployed on a larger scale. That kind of knowledge will require
continued exploration and evaluation, as well as an understanding of
how the economics of the large but decentralized health sector can
influence the development of the Internet, driving decisions about which
capabilities will be deployed, and when. 

This report addresses a broad spectrum of health applications in an
attempt to demonstrate the diversity of needs and the degree of
commonality in the technical capabilities they require. It is intended to
guide a faster realization of the Internet's potential for health, a potential
that has eluded the health sector for too long. The report recognizes that
the applications themselves--and the technical capabilities they
demand--are moving targets with uncertain trajectories. While today's
demonstration programs hint at the kinds of capabilities that will be
needed in the future, the evolutionary path of health applications of the
Internet is unclear. Will, for instance, remote medical consultations
become viable between any patient and any care provider connected to
the Internet, or will this capability remain more localized in its reach
and limited to patients and providers in the same health plan? The
answer depends on technical, economic, social, and policy
considerations that are difficult to predict, and different answers could
drive the need for significantly different technical capabilities, as well
as a different scale and scope of deployment. The report attempts to
recognize these uncertainties and to derive conclusions that are
reflective and cognizant of them. 



TECHNICAL CONSIDERATIONS


The technical capabilities needed to support health-related use of the
Internet vary considerably from one application to another. The relative
importance of bandwidth, latency, availability, security, and ubiquity in
six different classes of health application is shown in Table ES.2 (see
Box ES.1 for a definition of the technical terms used in this report). For
the most part, these considerations are common to Internet applications
in other sectors, and that broader base increases the likelihood of
affordable solutions. But in communicating with Internet researchers and
technology developers, the health community (i.e., all those active in
health-related activities, such as provision of care, public health,
professional education, and biomedical research) can call attention to
its need for particular attributes, and it can point out the characteristics
of the health sector that differentiate its needs from those of sectors such
as entertainment, defense, or finance. 


BOX ES.1
Glossary of Technical Terms


A range of technical capabilities must be
considered in determining the suitability of
different networking technologies for particular
applications. Among the more important are
five that are emphasized throughout this
report: 

1. Bandwidth is the data-carrying
capacity of a network, usually expressed as
the number of bits per second that can be
transmitted across a particular link or the
network as a whole.

2. Latency is the time required for an
individual packet of data to be transmitted
between communicating entities on a network.
A related concept is response time, which
refers to the time required for an entire
message or file to be transferred across the
Internet and acknowledged.

3. Availability is the likelihood that the
network is available for service and functioning
properly. Availability can be compromised by
the failure of individual components or network
links, by hostile attacks that overload the
system, or other causes discussed in Chapter
3. 

4. Security, as used in this report, refers
to the capability of a network to ensure the
confidentiality and integrity of information
transmitted across it. An important part of
ensuring confidentiality is authenticating the
identity of participants in a network-based
transaction. 

5. Ubiquity is the degree of access to a
network. The telephone system is highly
ubiquitous because access can be achieved
by almost anyone in the United States from
almost any location. Access to private
networks is, by design, less ubiquitous
because it is constrained to a limited number
of people and/or a limited number of
geographic locations.

Related to the first two of these terms is
quality of service (QOS), which refers to the
capability of a network to provide a range of
guarantees about its performance, measured
in terms of sustained bandwidth, latency,
and/or packet loss rates. The current Internet
contains no provisions for QOS, offering only
best-effort delivery of packets of data,
although several protocols have been
developed for implementing QOS. 





For example, security is a primary concern in virtually all health
applications of the Internet because the extreme sensitivity of personal
health information demands high levels of confidentiality. Furthermore,
the paramountcy of safety--individuals' health and lives are at stake,
after all--requires that information not be corrupted before, during, or
after transmission across the network from one party to another.
Although security is also important in many other Internet applications,
including electronic commerce (e-commerce, itself a player in the
evolving health environment), health applications pose special
challenges, the solutions to which may lie in the computers attached to
the network rather than in the network itself. For example, the exchange
of electronic medical records, payment data, or prescription information
demands that the identities of both the sender and recipient of the data be
validated (authenticated) with high levels of assurance. Mechanisms for
authenticating individuals that are more secure than passwords are not in
widespread use across the Internet. This situation has not, however,
impeded consumer-oriented e-commerce applications, because online
vendors have robust means of authenticating themselves to their
customers' Web browsers (using electronic certificates provided by a
handful of certificate authorities, as described in Chapter 3). Moreover,
the vendors do not necessarily require strong authentication of users
who present a valid credit card number: credit card companies and
vendors who accept credit cards expect to incur some costs from fraud,
and consumer losses are generally capped at nominal levels. By
contrast, health has a low tolerance for losses and other kinds of
mistakes: before an electronic prescription can be filled or a copy of an
electronic medical record sent, the identity of the requester must be
verified as rigorously as the identity of the supplier. The constantly
shifting relationships among health organizations further complicate
security considerations. Other aspects of security also present
challenges in health applications, as outlined in Chapters 2 and 3 of this
report.1 

Network availability is also important in health applications of the
Internet. High levels of availability are needed in mission-critical
applications in many industries, and similar needs obtain in health: if
insurance companies and managed care organizations are to rely on the
Internet for claims processing, referrals to specialists, or checks on
eligibility for particular services, they must be sure the network will be
running when needed and that data will not be corrupted. But the health
sector's need for high levels of network availability to and from a large
number of possible locations can also be greater than in other sectors,
because health, well-being, and even life may be at stake. If care
providers are to use the Internet to access electronic patient records
when treating patients in the emergency room, they must know that the
network and the applications are operational 24 hours a day, 7 days a
week. Accordingly, health applications add to the call for the Internet to
be made resistant to malicious attacks and resilient in the face of
failures of hardware, software, or human operators. 

Many of the applications that can be envisioned in the health domain
demand high levels of bandwidth or timely delivery of data, often for an
extended period of time.2 Consider the case of remote medical
consultations, which could make expert care more equitably available
across the country, regardless of the location of the patient. Video
consultations demand high-bandwidth connections (roughly 384 kilobits
per second) in both directions between two communicating sites for the
duration of the session--as long as 30 minutes in some cases--even if
one of the sites is a small medical practice or a patient's home. Although
the backbone networks that make up the Internet have sufficient capacity
to accommodate such needs, they cannot currently guarantee that
adequate bandwidth and latency will be available whenever needed,
because other traffic with unknowable bandwidth needs will also be
traversing the network. These types of applications therefore demand
mechanisms for ensuring quality of service (QOS) across the Internet,
whether by allowing users to subscribe to higher-end services (referred
to as differentiated services, or diff-serv) or allowing them to reserve
capacity on an as-needed basis (referred to as integrated services, or
int-serv). 

The Internet Engineering Task Force (IETF) has codified standards for
both diff-serv and int-serv, but neither has yet been deployed across the
Internet. Moreover, it is not clear that Internet service providers (ISPs)
will deploy them in the near future--or in ways that support the health
industry. For example, the highly decentralized nature of the health
industry implies that health organizations will obtain their Internet
service from many different ISPs rather than from a single provider. To
provide QOS between the many different sets of communicating parties
that are possible, QOS mechanisms would need to be deployed through
the entire Internet, not just across a single ISP's network. However,
mechanisms do not yet exist for supporting QOS (either diff-serv or
int-serv) between ISPs, precluding the possibility of end-to-end QOS
guarantees any time soon. Furthermore, the protocols for supporting
int-serv will not necessarily scale sufficiently to allow their use across
the Internet. The decentralized structure of the health industry makes it
hard for health organizations to come up with viable business models
whereby they can pay ISPs to deploy the kinds of QOS they need.
Almost any solution to this problem will require the participation of the
insurance companies and other third-party payers who finance health
care in the United States. 

Ubiquity of access is particularly important in health applications of the
Internet because people in need of health care and related services can
be almost anywhere. Indeed, the most significant advance in health care
brought about by the Internet may prove to be better access for care
providers, consumers, and administrators operating in relatively
isolated environments. Although many near-term applications that extend
to individual consumers do not require high-bandwidth connections,
future applications--whether remote medical consultations or the
downloading of educational videos--could easily drive a need for
ubiquitous, broadband access technologies. Of particular interest could
be broadband technologies for residential access that provide sufficient
bandwidth both upstream (from the end user to the Internet) and
downstream (from the Internet to the end user). Most existing residential
broadband technologies--such as cable modems and digital subscriber
line service using the telephone network--allocate much more
bandwidth downstream than upstream, consistent with a view of the
Internet as a mechanism for distributing content from a centralized
source (such as an entertainment company) rather than facilitating
collaboration and interaction among multiple participants. 



ORGANIZATIONAL BARRIERS TO THE ADOPTION
OF INTERNET APPLICATIONS


A handful of pioneering health organizations are developing and
deploying innovative applications of the Internet, but such capabilities
are diffusing slowly throughout the sector--in traditional care provider
organizations, in particular. A number of factors have impeded the
broader deployment of Internet-based systems within the health sector,
including the structure of the sector itself. Despite some consolidation
over the past decade, the sector is very diverse and decentralized and
marked by local solutions to problems--it has been characterized as a
"trillion-dollar cottage industry." As a result, effecting wide-scale
change can be difficult, as is achieving a unified voice on issues of
technology and its application. 

Further slowing adoption is a paucity of reliable information on the
costs and benefits of Internet-based applications in operational settings.
How much will Internet-based systems cost to deploy, operate, and
maintain? How will they improve care and/or reduce costs? How well
can Internet-based systems be integrated with legacy databases in large
health care organizations? Health care professionals tend to be cautious
in adopting unproven technologies because of the overwhelming need to
ensure patient safety and positive health outcomes. Organizations that
pay for health care (including traditional insurance companies and the
Health Care Financing Administration, or HCFA, which processes
Medicare and Medicaid payments) also want evidence of cost savings
or medical effectiveness if they are to pay for services based on the new
technology. Although Internet applications have been demonstrated to
improve efficiency in some applications run across enterprises, Internet
technology is still fairly new and untested in health care applications,
making evaluations and comparisons difficult and prompting caution in
the pursuit of Internet strategies. 

Evaluating the costs and benefits of health applications of the Internet is
made more difficult by the uncertainties surrounding the effects of
Internet-based communications on relationships among the numerous
entities involved in health care. For example, little is known about the
ways in which the Internet will alter the traditional relationships among
patients, primary care physicians (PCPs), medical specialists, and
hospitals. Will the Internet change the way consumers seek care,
enabling them to learn enough about their health to bypass PCPs and go
directly to specialists, or will they be confused by all the information
and need to consult their PCP more often? Will Internet-based care
improve management of the chronically ill, and if so, how will it affect
the cost structure of health care organizations? Restructuring may also
be needed within individual organizations. As has happened with other
applications of information technology, Internet applications have been
shown to alter work patterns within organizations in unanticipated ways.
What types of skills will information systems staffs need to develop and
implement Internet-based systems for health care? What types of skills
will administrative staff and health professionals need to work with
Internet-based health care systems? What type of training do intended
system users need? Answers to these questions will come only after
additional experimentation and evaluation. 

Internet applications also tend to demand new (or modified)
organizational policies and procedures. For example, when should
electronic mail (e-mail) be used between patients and care providers?
What types of liability does an organization assume for the quality of the
information that is relayed in the online discussion groups it hosts? How
can patient privacy be protected in electronic transactions, and what
balance between security and access is acceptable to consumers who
want online access to their health records? Progress is being made on a
number of these issues (e.g., the American Medical Informatics
Association has developed a set of guidelines for clinical uses of
e-mail, and the Department of Health and Human Services has
promulgated draft regulations governing the privacy and security of
electronic health information), but new issues continue to arise and
managers of health organizations are struggling to keep up, at times
slowing the broader deployment of new applications. 



PUBLIC POLICY ISSUES


Public policy influences the ways in which health organizations can use
the Internet to achieve their goals. For example, state-based practices
for licensing health care professionals and resolving malpractice suits
hamper efforts to provide remote medical consultations across state
lines. Uncertainties over evolving federal regulations for the privacy
and security of electronic health information continue to deter
organizations from implementing systems for sharing health records or
administrative and financial information across the Internet. Other
issues, such as the protection of intellectual property contained in
materials developed for educational purposes, affect a broad base of
constituents, including some in the health community. So does the issue
of unequal access to the information infrastructure, the so-called digital
divide. Reports show that people in different geographic regions and
socioeconomic classes and with different levels of educational
attainment have considerably different degrees of access to the Internet
(NTIA, 1999). Such differences are alarming in a number of
contexts--the delivery of government services and educational
opportunities among them--but take on added significance in a health
care setting, where limited access to the information infrastructure could
exacerbate the existing differences in access to quality health care.
Furthermore, many of the near-term remedies proposed for enhancing
Internet access for the general public--such as the wiring of schools,
libraries, and community centers--do not necessarily translate well to
health care, because consumers may be reluctant to conduct transactions
in public settings and may need access outside normal business hours.
Policy issues such as these have to be resolved if health applications of
the Internet are to become more pervasive and more effective. Their
resolution will require the health community to become more actively
engaged in the policy-making process to ensure that health-related
interests are addressed. 



EVOLVING THE INTERNET TO MEET HEALTH
NEEDS


Before Internet use can become widespread throughout the health
community, action is needed in four areas: (1) research on, and the
development and deployment of, technologies suitable for health
applications of the Internet, (2) continued demonstration and evaluation
of health applications of the Internet, (3) educational needs of health
care organizations and their workers, and (4) resolution of policy issues
that impede the use of the Internet in health applications. The
committee's recommendations are intended to guide efforts in each of
these areas, and progress is needed in all of them. As a group, the
recommendations recognize that what differentiates health from other
sectors is the juxtaposition of exacting technical requirements with a
vast geographic expanse and a highly decentralized industrial structure
and economic base. This combination exacerbates the difficulties
arising from the failure to articulate technology needs or to devise
means to ensure that needed services are provided. By advocating the
needs of a broad constituency, NLM can provide timely leadership in
enhancing the Internet for health. 



Research, Development, and Deployment of Technical
Capabilities


Broadening the utility of the Internet for health applications demands that
the Internet possesses the necessary technical capabilities. This can be
done by deploying the technologies that will soon be available for
improving security, availability, QOS, and ubiquity across the Internet
and by continuing to research and develop improved capabilities over
the long term. Efforts must also be made to ensure that the health
community's needs are relayed to the networking research community
and that advances are made in complementary technologies that will
enable health organizations to take advantage of the networking
infrastructure. These efforts need to reflect the many uncertainties
surrounding health applications of the Internet and their technical needs. 

Recommendation 1.1. The health community should
ensure that technical capabilities suitable for health and
biomedical applications are incorporated into the testbed
networks being deployed under the Next Generation
Internet initiative and eventually into the Internet. 

As a first step toward enhancing the Internet to support health
applications, the health community should push to have the capabilities
described below deployed in the testbed networks being constructed
under the federal government's NGI initiative. Without these
capabilities, future health applications could be thwarted or delayed and
the opportunities the Internet offers could be lost. While the entire nation
has a stake in ensuring that these capabilities are deployed, it is the
health community itself that is in the best position to identify the
capabilities it needs, to communicate them to the network research and
development community, and to help shape the business case that will
impel their deployment. The networks being deployed under NGI will
support a range of experimental health applications, such as remote
medical consultations, collaboration among practitioners and
researchers, and access to online repositories of information (see
Appendix B for a listing and brief description of ongoing NLM
projects). The testing of technical capabilities in these testbed networks
will provide an opportunity for evaluations and refinements that will be
incorporated into the demonstration projects, enabling the health
community to better assess the capabilities its applications demand.
Those that prove effective should be deployed in the public Internet as
they become more stable. These technologies are described in more
detail in Chapters 3 and 6 of the report. 

Quality of service. QOS protocols should be deployed across the
NGI testbed networks so that users are guaranteed access to needed
capabilities (e.g., bandwidth and latency). A number of academic
medical centers will have access to the NGI via their universities
and have received funding for projects to demonstrate a variety of
applications that demand high bandwidth--from remote medical
consultations to real-time transmission of high-resolution
radiological or biological images. The deployment of
differentiated services would allow users to experiment with
premium services that could eventually be offered across the
Internet. The deployment of integrated services would allow
further experimentation with protocols for reserving capacity as
needed for particular events and would allow further evaluation of
the scalability of existing protocols. By experimenting with these
protocols, users may be able to better understand the specific
capabilities required and devise business models that will support
the deployment and effective use of the new protocols across the
public Internet. 

Security. Both Secure Socket Layer (SSL) encryption and
IPSecurity (IPSec) should be deployed in the NGI testbed networks
to allow the continued evaluation of different modes of securing
transactions across the Internet. Although SSL is already in
widespread use across the Internet, the broader deployment of
IPSec would provide a complementary means of protecting
information exchanges among organizations, and it might prove
effective for financial and administrative exchanges among
affiliated organizations. Before either of these protocols
(especially SSL) can be used successfully in health applications, a
public key infrastructure must be established, along with the
technical mechanisms needed to support stronger authentication of
all parties involved in transactions across the Internet. Such
mechanisms are generally lacking across the Internet, although
there are enclaves where they are used in the private sector and
within the federal government. More research is needed to develop
means of authenticating large numbers of users, many of whom
need to communicate securely despite having no established
relationships. 

Recommendation 1.2. To ensure that the Internet
evolves in ways supportive of health needs over the long
term, the health community should work with the
networking community to develop improved network
technologies that are of particular importance to health
applications of the Internet. 

Continued research will be needed to make the Internet even more
capable of supporting health--and other--applications in the long term.
The technologies of most interest to the health community include the
following: 

More readily scalable techniques to guarantee bandwidth on
demand. Existing protocols for providing QOS on demand across
the Internet, such as the integrated services model, may not scale
sufficiently to allow widespread use. To enable applications such
as remote consultation, new protocols will be needed. 

Stronger forms of authentication. Continued effort will be needed
to find ways of identifying participants in Internet transactions,
including participants who have not previously communicated with
each other. The new techniques will need to scale to cover all
Internet users and be simple to administer. Work on smart cards,
token-based authentication, and biometric authentication devices
should be pursued. This kind of R&D may fall under two
headings--high-confidence systems and NGI research--within the
federal government's portfolio of information technology research
programs. 

Symmetric or dynamically reconfigurable broadband
technologies for the last mile. Users of residential-grade access
technologies (e.g., cable modems and digital subscriber lines) will
need either access to a more balanced allocation of bandwidth into
and out of their homes or the capability to reconfigure the
allocation as needed to support applications such as remote
medical consultations, which could extend to many small health
clinics, places of employment, and patients' homes. 

Hardened quality-of-service guarantees. Mechanisms will be
needed to ensure that critical applications in health (and other
sectors) do not lose QOS guarantees except in extreme
circumstances, such as a major network outage. One area of
interest is techniques for rapid reconvergence after link failures to
ensure that new paths across the Internet are found quickly in the
event that a particular link fails. Many parties and sectors want
QOS guarantees, and many Internet users are responding to offers
by large ISPs who make such guarantees within their own large
networks. The challenge for health (which serves a dispersed
national population) is finding a way to improve QOS and
availability of service across multiple ISPs. 

Disaster operations. Techniques are needed for delivering
mission-critical, health-related traffic even in a major natural or
man-made disaster. 

Recommendation 1.3. The National Library of Medicine
should forge stronger links between the health and
networking research communities to ensure that the needs
of the health community are better understood and
addressed in network research, development, and
deployment. 

The diverse and decentralized nature of the health sector impedes the
development of a unified voice through which it can express its needs to
those involved in networking research, development of Internet
standards (e.g., by the IETF), and deployment of Internet services. The
NLM, by virtue of its leadership in health informatics, could play a
more pronounced role in this area, actively forging links between the
health and networking communities, which have historically had limited
interaction. This could be done in several ways, perhaps by providing
special funding to recipients of NLM grants and contracts that would
support their participation in conferences and meetings of the
networking community or by funding projects that explicitly involve
researchers from the health and networking communities. Additional
activities would undoubtedly be needed to help the health community
find ways to more effectively identify and communicate its needs to the
networking community. An ad hoc task force could be set up to explore
additional ways to accomplish this goal. The NLM itself could work
more closely with the networking community, leveraging its
long-standing attention to information technology development and
speaking for the health sector as a whole. It could also serve as a focal
point for contact with ISPs, the business entities responsible for
deploying the capabilities that would benefit health. It could advance the
perspective that health is a leading example of a peer-to-peer
application (as opposed to the more asymmetric application associated
with many other kinds of content distribution) that requires advanced
networking services from the Internet, helping create a more unified
voice for the decentralized health sector. 

Recommendation 1.4. The National Institutes of Health
and its component agencies should fund information
technology research that will develop the complementary
technologies that are needed if the health community is to
take advantage of the improved networking technologies
that can be expected in the future. 

Health applications of the Internet pose a number of challenges for
information technology research on topics other than networking. The
National Institutes of Health and its constituent centers and agencies
should pursue research in those areas that are of particular importance
to the health community, such as (1) validation of information retrieved
from the Internet, (2) tools for protecting the anonymity of Internet users,
(3) access controls governing the ability of many different types of users
to access different resources on the network, (4) controls on the
secondary distribution of information, (5) improved capabilities for
auditing the logs of accesses to databases and information, (6) QOS
policies that are suitable for health and health care applications, and (7)
applications that are alert to QOS offerings and that use them
appropriately. Other technical needs will undoubtedly emerge as new
applications are developed and gain acceptance within the health
community. The constantly changing context of the Internet implies that
the set of applications will evolve and that the need for research will
remain. 



Demonstration and Evaluation of Health Applications


Continued experimentation and evaluation will be key to the
development of a better understanding of the types of health applications
that may become popular on the Internet and of the technical capabilities
they demand. Through demonstrations of applications such as remote
consultation, remote control of experimental equipment, and online
access to electronic medical records, members of the health community
will gain an opportunity to examine the relative costs and benefits of
these applications, the business models needed to support them, and the
organizational policies needed to govern their use. A number of public
and private organizations have supported programs to allow these types
of demonstrations. Such efforts need to continue as new Internet
technologies become available and new applications are envisioned.
Demonstrations will serve as venues for continued identification of
technical needs that the networking community can address and other
problems and issues for the health community to resolve. The process
will be increasingly important to the health community if it is to
establish a dialog with the Internet community about evolving needs and
technical requirements and if it is to leverage that dialog to grow
capabilities from the confines of a demonstration to widespread
deployment. To provide information that will inform this dialog, a
number of parallel efforts will be needed, as recommended below: 

Recommendation 2.1. The Department of Health and
Human Services should fund pilot projects and larger
demonstration programs to develop and demonstrate
interoperable, scalable Internet applications for linking
multiple health organizations. 

Pilot projects are needed to explore the full range of health uses of the
public Internet, particularly projects that link multiple distinct
organizations in an operational context. They could include projects to
allow the patients of one organization to obtain remote consultations
with specialists at other organizations or to allow the transmission of
financial and administrative information among organizations that
provide, pay for, and manage health care. Few health care organizations
have a strong incentive to implement such systems on their own, given
the significant uncertainties surrounding the effectiveness of different
Internet-based systems in health care, the fragmented and proprietary
nature of the industry, and the scale at which such systems would need to
be built. Federal funding could play an important role in stimulating
such work, especially if it focused on applications that link multiple
organizations. 

Recommendation 2.2. Federal agencies such as the
Department of Veterans Affairs, the Department of
Defense, the Health Care Financing Administration, the
National Institutes of Health, and the Indian Health
Service should serve as role models and testbeds for the
health industry by deploying Internet-based applications
for their own purposes. 

Federal agencies that operate large-scale health care programs should,
whenever possible, attempt to be leading-edge users of Internet
technologies. By doing so, they could not only demonstrate the
feasibility of deploying different health applications but also provide a
testbed for developing needed standards and supporting technologies.
The Department of Defense already has a sizeable program under way
for delivering health care at a distance (i.e., telemedicine), the
Department of Veterans Affairs has a network of hospitals that share
patient information as needed, and the HCFA processes Medicare and
Medicaid claims. Each of these programs, as well as those of the Indian
Health Service, could serve as a testbed for Internet applications while
helping to fulfill important government missions. Additional support
might come from other ongoing efforts to reengineer federal activities. 

Recommendation 2.3. Health organizations in industry
and academia should continue to work with the
Department of Health and Human Services to evaluate
various health applications of the Internet in order to
improve understanding of their effects, the business
models that might support them, and impediments to their
expansion. 

Work is needed to evaluate the effectiveness of different forms of
Internet-based health care and to compare their effectiveness against
applications run across different network infrastructures. Health care
organizations have little evidence or data on which to base their
decisions about Internet strategies. Because such evaluations would
benefit a wide range of health-related organizations, not just those
directly involved in the studies, active federal support would be
justified. 

Recommendation 2.4. Public and private health
organizations should experiment with networks based on
Internet protocols and should incorporate the Internet into
their future plans for new networked applications and into
their overall strategic planning. 

By using networks that incorporate Internet protocols--whether the
Internet protocol suite per se or those associated with the Web--health
organizations could gain a better understanding of the capabilities and
trade-offs inherent in the use of the Internet for health applications
without exposing themselves to the associated risks and uncertainties.
Using these protocols locally would also prepare health organizations to
take better advantage of the Internet--and the continued advances in its
abilities--once technical tools are in place to make it safer and reliable
enough for health applications. 



Addressing Educational Needs


Wider deployment of Internet-based applications in health care will
require that organizations in the health sector adopt, adapt, and extend
Internet technologies to fit their missions and develop the internal
capabilities to do so. The Internet promises to radically transform the
provision of health care and the education of health professionals, and
organizations that fail to take steps now may find themselves ill
prepared when improved Internet technologies become available. To
make better use of the Internet, health care organizations will also have
to learn how to evaluate the benefits of Internet technologies and
develop effective policies for guiding their use, just as they had to learn
how to use earlier and more localized forms of information technology,
an effort in which the health care system is still lagging. Efforts are
recommended in three areas: 

Recommendation 3.1. Professional associations with
expertise in health issues and information technology
should work with health care organizations to develop and
promulgate guidelines for safe, effective use of the
Internet in clinical settings. 

Part of the challenge of Internet use in health care is the development of
suitable policies, practices, and procedures to guide its use. For
example, how should providers handle e-mail from patients to ensure
timely responses, maintenance of patient confidentiality, and the
incorporation of necessary information into the medical record? How
can care providers be sure of the identity of a patient to whom they are
sending e-mail? What is the role of a health care organization in
monitoring discussion groups that operate under its initiative or that of
affiliated care providers? Health care organizations have little
experience upon which to base such policies, but they can learn from
each other's experiences. Professional associations have a significant
role to play in helping define industrywide guidelines for safe, effective
use of the Internet. The American Medical Informatics Association has
developed guidelines for clinical uses of e-mail (Kane and Sands,
1998). Similar guidelines on other topics would support industry efforts
to develop Internet-based systems. 

Recommendation 3.2. Government, industry, and
academia should work together and with professional
associations with experience in health and information
technology to educate the broader health and health care
communities about the ways the Internet can benefit them.

One obstacle to the greater use of the Internet in health care is that health
workers at all levels (care providers, administrators, and information
systems staff) do not fully appreciate the ways in which the Internet can
improve the provision and administration of health care. The growing
amount of publicity for e-commerce and even
consumer-health-information Web sites does not translate into the kinds
of institutional and procedural changes that would make the most of
Internet capabilities in health care. Educational outreach programs
would create a more receptive audience for new technologies.
Academic health centers and professional associations have unique
capabilities to educate members of the health community. 

Recommendation 3.3. The Department of Health and
Human Services should commission a study of the health
information technology workforce to determine whether
the supply of such workers balances the demand for them,
to identify the kinds of training and education that
workers at different levels will need, and to develop
recommendations for ensuring an adequate supply of
people with training at the intersection of information
technology and health. 

The process of developing, deploying, and evaluating health
applications of the Internet demands workers with a solid understanding
of the Internet, of other information technologies, and of the processes
involved in health care. The policy community has already expressed
concern about a perceived shortage of skilled information technology
workers.3 Anecdotal evidence indicates that similar concerns may apply
to the field of health informatics, and in June 1999 DHHS announced its
Biomedical Information Science and Technology Initiative, which
would boost the pipeline of people educated as computational
biologists. However, there is little documentation with which to
evaluate these concerns or to project the types of IT skills that workers
at different levels within a health organization will need. Additional
study would be required to determine the extent of the problem and the
best way of solving it. 



Resolving the Policy Issues


Public policy issues that impede Internet-based activities in health,
health care, and biomedical research need to be addressed. These
include issues specific to the provision of health care services over the
Internet, such as payment for services, professional licensure, and
liability, as well as issues of patient/consumer privacy, intellectual
property protection, and equitable access that extend far beyond the
health domain. Such issues could stand in the way of use of the Internet
in health care and in the education of health professionals. Accordingly,
although the committee was not constituted with the range of expertise
needed to make recommendations for solving these problems, the report
offers the following recommendation for advancing the debate on these
policy issues: 

Recommendation 4.1. The Department of Health and
Human Services should more aggressively address the
broad set of policy issues that influence the development,
deployment, and adoption of Internet-based applications in
the health sector. 

Ensuring that the Internet evolves in ways that meet the needs of the
health care community and enabling the health sector to better take
advantage of these capabilities will require the continuous coordination
of many independent activities and stakeholders in the public and
private sectors. The concerns and needs of the health community must be
reflected in efforts to resolve national policy issues such as intellectual
property protection, privacy, and access to information infrastructure,
and specific efforts are needed to ensure that policy issues of concern
only to the health community, such as licensure of care providers,
payment policies, federal funding for health informatics research, and
the supply of health information technology workers, are addressed.
While many of these issues are being addressed by various elements of
the federal government--including agencies within DHHS--other issues
have seen little input from the health community. The constituent
agencies of DHHS vary in the importance they attach to these policy
issues and in their approaches to resolving them. Strong, stable
leadership is essential to keep these policy-related activities focused
and sustained. 

DHHS should assert itself more aggressively in this arena.
Private-sector organizations also have significant leadership roles to
play, but their effectiveness in bringing about industrywide change can
be limited because the private sector is so highly decentralized. DHHS
is not the only federal agency with responsibilities in health (the
Department of Veterans Affairs, the Department of Defense, the Indian
Health Service, and the National Aeronautics and Space Administration
all have health-related programs), but the breadth of its programs and its
mission argues for it to play the lead role within government for
coordinating Internet-related activities, especially as they relate to the
health community. 

The establishment of a data council within DHHS and the realignment of
the National Committee on Vital and Health Statistics into an advisory
committee on health data, statistics, and national health information
policy are positive steps that should be built upon. They have enabled
DHHS to make significant strides in policy areas such as the
development of regulations for protecting electronic health information.
There are other roles for DHHS to play in this effort: (1) providing
strategic leadership for Internet-related efforts within the department
and its constituent agencies (this would include the use of the Internet in
support of department and agency missions) and coordinating them with
those of other federal agencies, (2) convening public and private bodies
to identify, examine, and propose mechanisms for addressing issues
related to the Internet and health care, (3) exploring cross-cutting issues
that affect many health agencies and developing programs for addressing
them (e.g., implementing a public key infrastructure that would support a
range of federal health activities), (4) encouraging federal health
agencies to share information and perspectives on their many
responsibilities and interests, including the provision of care, payment
for care, monitoring of care, health-related research, and public health,
(5) advancing national debate about key information technology issues
that affect health care, including the technical, organizational, and policy
issues identified in this report, and (6) creating the organizational
structures needed to ensure that issues at the nexus of health and
information technology are identified and addressed promptly and
efficiently. Although these activities will not by themselves resolve the
issues, they will set in motion processes that can lead to a resolution. 



LOOKING FORWARD


These recommendations are intended to help the nation move forward
on technical, organizational, and policy fronts so that it can reap the
benefits of the Internet for health applications. Additional work will be
needed to identify other networking technologies of interest to the health
community and to ensure that related information technology needs are
met. This report prescribes the actions needed now to develop a truly
healthy Internet in the future. 



REFERENCES


Kane, Beverley, and Daniel Z. Sands. 1998. 
"Guidelines for the Clinical Use of Electronic Mail with Patients,"
Report for the AMIA Internet Working Group, Task Force on
Guidelines for the Use of Clinic-Patient Electronic Mail, Journal
of the American Medical Informatics Association 5(1). 

Lindberg, Donald A.B. 1998. 
Fiscal Year 1999 President's Budget Request for the National
Library of Medicine. National Library of Medicine, Bethesda, Md.,
March 18. 

National Telecommunications and Information Administration (NTIA).
1999.  Falling Through the Net: Defining the Digital Divide. U.S.
Department of Commerce, Washington, D.C.



NOTES


1 As an example, a large number of individuals may have legitimate needs to review a patient's medical records, making the determination of access rules extremely complicated. In an emergency room situation, information may have to be accessed by a care provider with whom the patient has had no prior relationship, perhaps even at a hospital the patient has never visited. 

2 Timeliness is not critical in many health care functions, such as when information is transmitted for review at a later time. But in some cases, such as acute trauma and remote consultation, timeliness can be important. 

3 CSTB has a project under way to examine issues related to the information technology workforce. 

Copyright 2000, the National Academy Press.