Is the World Wide Web (WWW) the best medium for a Telemedical Information Society?

Professor Sherrilynne Fuller, Head Division of Biomedical Informatics, University of Washington, USA

We should distinguish between the viewers, such as Netscape or Internet Explorer, on the one hand and the hyperlink approach, providing access to the Internet resources on the other. Netscape for instance, each time looks different. The hyperlink phenomenon truly meant a revolutionary breakthrough whereas the looking field is absolutely not the way we'd like it to be. It is not intuitive nor pretty. The linking itself though, needs to live in our thought process as a means of integration.

Dr. Tuomo Kauranne, University of Joensuu, Finland

The linkage and the fact you don't have to worry what source the other party disposes of, is indeed the most important feature you have. HTML is building upon itself without having to introduce new standards.
Within the medical community, however, and with regard to the medical images processing, the values change. Intensive care units for example, are very closely controlled by dedicated computer systems, operating by means of extremely narrow bandwidth channels. The transmission and analysis of analogue medical records is quite complicated through a channel of 16 bits per second. Obviously, these situations will still continue to be reality in environments with closely coupled medical systems whereas you would like the analysis outcome to be available on some kind of compatible application, offering high speed communication. The Web is not really appropriate for use in the local look.

Dr. Gudrun Zahlmann, GSF - National Research Centre for Environment and Health, Germany

We should clearly distinguish between the Web technology and the use of the Internet as the world wide network. Some portions of the Internet are too slow for certain network services, such as videoconferencing. Intranet is the best solution for hospitals, also with regard to security.
Of course, if we are talking about patient medical records which have to be consulted at remote distances, the World Wide Web constitutes the obvious tool to provide this kind of service.

Professor George Papadopoulos

In a Telemedical Information Society (TIS), we are dealing with a distributed environment. Intranets are not fit for a global information society, so we have to move towards the Internet, also for teleconferences.

Mr. Adam Koprowski, Head of Computer Department, John Paul II Medical Centre, Krakow, Poland

We want to connect our systems to the Internet to exchange medical information. Different experts have warned us that this is not safe, so we have decided to try and build firewalls to protect our vulnerable medical databases. What are the experiences of the US colleague with built in protocols for security of medical data?

Professor Sherrilynne Fuller

We have a balanced view on security. For instance, if a patient is dying, there is little concern about security because we just want the information to save his or her life. Emergency goes before safety of medical data.
We have a very pragmatic way of handling security. We're doing our best to protect the medical information, using the technology that is currently available, such as secure socket layers and appropriate encryption. There is however a more fundamental issue. Technically, we can create very secure records but it's the people's part which generates problems. Security standards are needed in institutional environments as well as in the legal environment of the country. You often hear confidential information being exchanged in casual conversations between clinicians. Technology isn't going to help us in these situations.
Some of the worst violations in the USA are happening between the walls of insurance companies. Information about sports players for example, often is being manipulated for the sake of the highest bidder. You have to try and balance technologies with policies. Every country in Europe has a powerful legal standard of protection. In the United States, we have no law for the protection of medical data.
In any case, we have to change our visions, since a technology model of security alone, will not solve the problem.

Dr. Andy Marsh

There is another concept which I wish to throw on the floor. All the time, we have been discussing about having our medical records distributed between various machines. When you want to transmit the data from one place to another, you have to reckon with complex matters of bandwidth and security. The other end of the spectrum is that we develop the concept of a smart card or CD Rom which has all our data on it, and that we carry with us. No more problems whatsoever, except that we could lose it. The Web technology and hyperlinks are dragging us into one direction whereas we might just as well be moving to an alternative one. Which way should we be going?

Mr. Vladimir Cerny, Institute of Physics, Bratislava, Slovakia

The patient is not the only important keyword. We might also be interested in a particular diagnosis. You can have an excellent database with information and images on some special disease. This can be very useful for other colleagues or for educational purposes. This situation is ideal for an Internet background. If we want to introduce large scale projects, like for instance the general practitioner (GP) having access to all sorts of information, we should use the Egyptian philosophy of building the temple. You do not act according to a preconceived plan but develop the structure in an improvised way according to functional needs. One should always have something functioning.
In our country, for instance, the GPs are persuaded to buy a PC because the social security system requires that the medical data are put on a diskette. One day, they might be advised to take an Internet connection because the billing data have to be transmitted over the Web. The GPs perhaps also may want to use this investment for other purposes like the search for useful information. So the facility should be there.
Most of the information search would not be done through database access but rather via the AltaVista type of search possibilities. Instead of aiming at a complete information, you should at least be sure to have the correct information. The security of course remains important in the case of sensitive information, that's true, but it is also necessary to follow the Egyptian way and have everything just start to function. If you want to wait until everything is ready and everybody is connected with everybody in countries like mine, it's absolutely hopeless.

Dr. Sanzio Bassini, Cineca, Italy

We can avoid a lot of security problems by putting the patient's medical record on a microchip which can be kept safe in his own wallet. Instead, we can use the Internet for added value services such as medical images' transfer and diagnosis proposals. We don't need extreme security as long as no personal information is transmitted over the Web. With this approach, we are able to and should share as much scientific information as we can to support our future activities.

Drs. Ad Emmen, Genias Benelux, The Netherlands

Does anyone know how remote the medical data records are used in practical cases? Are they being distributed in only one city or do they travel much further?

Professor Sherrilynne Fuller

The question is whether the record has to go anywhere or whether you provide access to people who have authorisation to see the record or pieces of it. One of the opportunities we have in the research area, is creating a greater good, improving care for a particular problem based on past practises and looking for better ways to treat diseases across the population. So, there is an important use of patient records and medical data for this kind of purpose.
The ideal combination solution consists of providing the patient medical record with links to all the places representing pieces of his medical history. Health services or research institutions have to be able to consult medical records across the nation or the world of, for instance, all people over age fifty, who have suffered from a cardiac infarction.
We are thinking of ways to segment the information and offer limited access based on the specific needs to know.

Dr. Andy Marsh

How long do you need to keep the records stored? You can only do a search if they are kept on-line. Do they have to be accessible until the patient's decease which amounts to a huge collection of records, or should there be a well-defined period to have access to them? In the United Kingdom, this period has been fixed on seven years.

Dr. Denis Mrejen, Member of the board of the French National Health Information Technology Industrial Association

This problem would not even exist, if the patient had a mobile medical record. The solution the French have chosen to implement is to provide the patient with a chip card carrying only a little emergency information concerning allergy or current diseases, and a personal code, kept by the physician. The GP has his own small card and matching both cards together, he can have access to the information which has not been written on the card. The hospital record has to be kept for twenty years after the patient's death for legal purposes or eventual lawsuits.

Professor George Papadopoulos

For educational purposes, perhaps it is possible to use the medical record of a deceased person for which no security measures are required.

Dr. Andy Marsh

In that case, you might need a donor card.

Dr. Gudrun Zahlmann

The card technology is only a temporary solution. The Web-based approach will overrule the medical patient card. Our final goal should be the establishment of a medical patient record on the Web and we have to take the practical steps to realise this.

Professor Zoran Jovanovic, University of Belgrade, F.R. Yugoslavia

The medical record has to be adapted for multimedia purposes. The Web is built for multimedia and will progressively implement Java. Of course, there will be changes in the standard but we need the Web and it will not be replaced for many years.
As far as security is concerned, medical systems and networks are always technically insecure. One way to solve the problem is to put up a firewall. You can also install a private network for medical purposes but it will still be insecure because you reduce the problem to a smaller community. For a worldwide medical network, you'll have to set up firewalls at all national levels, at each hospital level, at every department level, to protect the data.
Another way of solving the problem that is actually already implemented in academic institutions throughout the world, is putting computers on the network that monitor the traffic. If a security problem occurs, you have walls within the operating system on the network by means of which you try to find out who is attacking the system. If you find him, you can formally forbid access.
All other technologies are far away from working with Internet facilities.

Dr. Massimo Luciolli, European Commission, EC

There are two points I would like to talk about. The discussion is starting to get very technical. We should focus more on which new services Internet technology enables today. One of the advantages of the Web is that the patient need not to travel anymore. He can have his CT scan made in the city. By means of teleconsultation, it can be interpreted for diagnosis. The patient can have the results without having to move.
For research purposes and for legal reasons, it is necessary to keep the medical records in the hospital instead of on smart cards.
We should not concentrate on today's technology neither. It is important to aim at long term portability. CD Rom is now a popular tool but will it still be in the future?

Dr. Tuomo Kauranne

Referring back to the Internet technology, we must realise that a closed medical internet is socio-economically inviable. You can't build your own network cable. You have to buy the separate components but they are not sufficiently capable. You also need to have two firewalls, one protecting the servers from the external attacks, and one for the internal ones.
By the end of this year, the smart cards will include Java virtual machines. They got programmable computers and therefore, you can download whatever application you want. The companies will only select a limited number of players.
For eighteen years, I have been involved in weather forecasting. Every single component, including the supercomputer and the data storage, has changed many times over without any interruption of the operation. The volume of data incorporated in our system grows every single day. We have always been able to continue without having to throw away any past data, so we don't expect this is going to form a real problem in the future.

Professor George Papadopoulos

End of round two. Thank you all for joining us in this second session.