PDF File: 

HCT1_wp_levinson.pdf

SBC

Internet-based, global information technology has revolutionized the technological landscape for the health care industry. While privacy and security issues persist in patient care, safety is within reach utilizing existing security devices and systems.

Hospitals have been kept from achieving interconnectivity by brick-and-mortar infrastructures and 1970s vintage legacy systems. HIS has created "islands" of local area networks (LANs) within hospitals. These LANs traditionally have been isolated by separate functionality — an HIS LAN, a laboratory LAN, a radiology LAN, and more. Until recently, these individual networks were unable to communicate with each other, let alone share data in a common format.

During the 1970s, the state of the practice for HIS was mainframe- and minicomputer-based data centers with user terminals distributed through the institution as necessary. In the 1980s, the technology landscape shifted to a client-server topology. The data that was formerly held in a central location was distributed to a number of servers in a variety of locations. As the 1990s advanced, the distributed data was again collected into a single location, now called a data warehouse, with connectivity provided by Internet protocol (IP)-based networks called intranets. Also, in the 1990s, paper medical records started to migrate to various electronic formats, which for the first time enabled a single patient record to exist in multiple places at a given moment in time.

The single event that has enabled medical institutions to migrate from isolation to connectivity has been the advent of the Internet. The Internet, with its IP-based addressing structure, has finally created a common telecommunications infrastructure. The IP architecture has enabled LANs to become intranets and wide-area networks to become extranets.

IP is the most important of the telecommunications protocols that the Internet is based upon. IP is a standard that describes the software that keeps track of the network addresses for different nodes, routes, and incoming and outgoing messages. It allows a packet of information to traverse multiple networks on the way to its intended destination.

An IP address is a unique 32-bit number that represents both the identification of the computer and of the network in a single component. In the same way that a street address uniquely identifies a building, an IP address uniquely identifies an individual user or individual system on the Internet. Since there is a one-to-one correspondence between users and IP addresses, information can be accurately and reliably routed to its intended destination.

An intranet is a local-area-network that uses Internet browser and IP addressing technology to provide LANs with the same features found on Web sites, with the same point-and-click ease. Additionally, intranets have the same full-featured email capability as the Internet, with the ability to send and receive multimedia attachments.

An extranet is a wide-area network that uses the same Internet browser-based technology to enable a selected group of participants to have secure access to a common area where they can exchange information and access applications, software, and email confidentially within the group.

The Internet has begun to remove the brick-and-mortar barriers among hospitals. This new telecommunications capability has created a completely new paradigm for HIS. Using Internet-based technology, all of the different systems within an institution can be linked together with any and all of the information available on any hospital workstation.

A single workstation on a nursing floor is now able to access traditional HIS functions, view radiological images, access patient records in remote locations, contact pharmacies, communicate with participating physicians, send email throughout the institution, and many other functions. Internet technology has created the potential for a single point of information access and telecommunications services.

Medical institutions have become direct beneficiaries of Internet- and IP-enabled communications. The geography of cyberspace is completely different than the network environment of the 1970s and '80s. Within the cyberspace of the Internet, there are no physical locations and no barriers to communications. The previous HIS structures of many different (specialized) networks are now migrating toward a consistency of network communications that had not previously existed.

The combination of the Internet, intranets, and extranets has altered the brick-and-mortar world by changing the definition of the words "inside" and "outside." Now that all of the participants within a hospital's networked environment are both defined and separated by IP addresses, the difference between being inside the institution and outside of the institution is no longer a wall, a door, or a separate network. The differentiation of geography is one of simply having a different IP address. Therefore, many different systems and networks have effectively become one network with IP addresses, separated by firewalls.

The good things about seamless telecommunication architectures for hospitals is that medical records and other vital information can be passed between users within the institution via intranets and extranets. This is a particularly effective technique for large, complex medical centers that have a number of physical locations. Information can be sent from one building to another, even if the buildings are not on the same physical campus. In fact, in the Internet-enabled world, all of the users of an institution are on the same "logical" campus. Additionally, the medical community as a whole is now connected for the purposes of reference, research, and advance study. More hospitals are providing Internet access capabilities on all HIS workstations to enable instant research and reference capability. Internet resources can now be used for patient diagnosis, to obtain treatment information, and to consult with specialists worldwide.

In addition to email and research capabilities, the Internet is the enabling technology for telemedicine. Health care professionals can now consult with patients regardless of geography. A visiting nurse is able to attach biomedical monitors to a patient and transmit the results over the Internet to medical professionals who are in locations far away from the patient. Some patients are now able to attach themselves to monitoring equipment and have the results sent to their physicians via the Internet.

Information that was once restricted to internal networks can now be sent anywhere in the world via the Internet. Now that patient records are becoming electronic, the information can be easily extracted and sent via the Internet for research studies, clinical trials, and many other purposes. The electronic patient record is a multimedia collection of files and data that can include EKG and EEG traces, radiological images, and lab test results. The required information can be extracted and transmitted without having to send the entire record. The patient record can now include data sources from multiple locations seamlessly.

The bad part of all of this seamless Internet connectivity is that a host of security and privacy issues can result from confidential medical information being sent over Internet circuits. Secure technology remediation techniques such as firewalls and crypto-security are being employed to create secure barriers in cyberspace and enforce the security and privacy of confidential information.

A firewall is a device that enforces a boundary between two or more networks. A firewall is also able to limit the exposure of an internal network to penetration attempts by computers that are outside the enforced boundary. Firewalls provide the geographical boundaries in cyberspace.

Firewalls are the primary technology that is used to separate networks. Intranets and extranets are kept separate from each other and kept confined to the specified group of users and IP addresses that they serve. Firewalls keep internal networks from "touching" the Internet so that the participants within the intranet are able to communicate with each other in a controlled, confidential way. Firewalls also provide internal users and systems with controlled, filtered access to the Internet and services outside of the institution's logical perimeter.

Crypto-security is a technique that encodes or scrambles messages and data with a mathematical algorithm so that only the authorized, intended recipients can correctly view the information. Crypto-security is primarily used to encrypt messages and attached files so that they can be sent over public networks like the Internet without compromising the confidentiality of the information.

Conclusion

The Internet and Internet-based technology have revolutionized the information technology landscape for the health care industry. Seamless connectivity between and among internal HIS components and the connection of those HIS functions to any location regardless of geography have provided the health care industry with unprecedented capabilities. These telecommunications services enable medical institutions and physicians to better serve patients and to function more effectively and efficiently. While all of the new telecommunications capabilities have been a tremendous asset to health care, they are not without risk. The current and anticipated HIPAA regulations are an attempt by government and industry to enforce the privacy and security of health care communications. Proper implementation and use of secure technology devices and services can minimize the risks from the Internet-enabled telecommunications infrastructure without compromising the benefits from global information connectivity.