Search Terms: medical w/5 information w/5 privacy, House or Senate or Joint
Document 108 of 124.
Copyright 1999
Federal News Service,
Inc.
Federal News Service
View Related Topics
APRIL
27, 1999, TUESDAY
SECTION:
IN THE NEWS
LENGTH:
1891 words
HEADLINE:
PREPARED TESTIMONY OF
LADONNA SHEDOR
CHIEF INFORMATION OFFICER (CIO)
CENTRA HEALTH
ON BEHALF OF THE HEALTHCARE LEADERSHIP COUNCIL
BEFORE THE
SENATE
COMMITTEE ON LABOR
HEALTH, EDUCATION, LABOR AND PENSIONS
SUBJECT - CONFIDENTIALITY OF MEDICAL INFORMATION
BODY:
Good morning, Mr. Chairman and Members of the Committee. My name is LaDonna Shedor and I am the Chief Information Officer (CIO) of Centra Health, a notfor-profit healthcare provider in Lynchburg, Virginia, comprised of a two-hospital campus, a home health care service, and a long term care facility. We also support 9 clinics and practices, two professional buildings, Lynchburg Family Practice and Residency Program, and a free clinic, and are a 50% partner in Piedmont Community Health Plan. Centra Health is a member of VHA, a nationwide network of more than 1800 leading community-owned health care organizations and their physicians. The VHA network comprises 24 percent of the nation's community hospitals. Centra is also a member of the American Hospital Association.
I am here today testifying on behalf of the Healthcare Leadership Council (HLC), which is a Washington, D.C.-based trade association which represents the leaders and innovators in the health care industry from all its various sectors, including hospitals, health plans, physicians, and pharmaceutical, biotech and device manufacturers.
Thank you for this opportunity to testify regarding the most important topic of patient confidentiality. As Chief Information Officer at Centra Health, I am acutely aware of the power of patient information, both from its potential to dramatically advance the quality of health care services we deliver to our patient population as well as its potential to be harmful if abused or misused in any way.As a result of this powerful duality, Centra Health has invested significant resources - both time and money -in developing information systems and policies which provide strong protections for the patient information we use daily, as well as state-of-the-art applications of this information to enhance quality and affordability of services. Maintaining the confidence and trust of our patients by ensuring the responsible and confidential use of their medical information is a fundamental cornerstone of our practice at Centra Health. We fulfill this promise today and every day through our commitment to and investment in security, and our policies regarding use and access.
As you are aware, the HLC has been leading a broad coalition effort in Washington in support of federal legislation which mirrors the Centra Health philosophy -- federal, uniform standards that provide strong protections for patient health information, but that also recognize the reality that our 21st Century health care delivery system is driven by information. Simply put, access to information directly results in improved patient care. Ease of access to patient information directly results in greater utilization of such information, and of course, more utilization of the information means there exists the greater potential for abuse.
This crucial yet delicate balance is recognized at Centra Health, and is the very balance that this Committee's effort must achieve if it is to successfully enact new law that demands greater accountability for how information is safeguarded, disclosed andused, but that also facilitates the responsible and appropriate use of the patient information to fulfill our mission of providing better, higher quality, more responsive health care services. Far too often, I hear that we can only guarantee patient confidentiality by limiting through onerous authorization requirements, or even eliminating access to patient information, or that quality health care can be achieved only by sacrificing confidentiality principles. In fact, neither premise is true.
However, to enact federal legislation which achieves the twin goals of patient confidentiality and enhanced health care quality requires you to develop a system of accountability and responsibility. But to work in the real world, of standards and accountability must provide for flexibility -o flexibility to design the systems and to implement policies which work in the particular environment in which the patient information is stored and used. In addition, any authorization processes established through federal legislation must be workable and ensure that information is readily available and accessible for activities that are vital to the on-going delivery of high quality health care services and items.
For example, Centra Health has invested several millions of dollars in its electronic record keeping and security system, but the Centra Health method may not be appropriate for a hospital system serving a larger population, or for a highly integrated health plan which has partnerships with numerous hospital systems, physician group practices and employer sponsors of health care benefits.Furthermore, federal patient confidentiality legislation must address the use of patient information by all of the players in our integrated health care delivery system, meaning that all of the standards Congress develops and implements must work for all different shapes and sizes of hospitals, health plans, and other components of our health care system.
At Centra Health, we boast a single information system for an area population of approximately 250,000, with a significant amount of patient information provided online. Our system experiences approximately 850,000 transactions per day, as fifty percent of our local physician offices access CentraNet. We have a fully secured environment and are expanding our capability for a longitudinal electronic medical record which will enable us to access years of demographic information, medical results, medical histories and other critical information.
Our approach has been successful in our small community. We have worked diligently to raise awareness through formal agreements with our employees, the physicians with whom we work and their staff. Our system grants access to information based on role, location and need- to know policies. In addition, we maintain an audit trail of all access, searchable by medical record number, user, location and time. All of these rules and security tactics are bolstered through strict enforcement,including a policy of using "good judgment" which can, and has, resulted termination of employment.
It is important that federal legislation be flexible enough to allow private sector to design its own systems and policies so they are workable in a variety of settings.
As mentioned earlier, it is also critically important that proposals requiring patient authorization for use of information be workable and allow such information to be used for vital health care delivery activities.
We believe the appropriate way to handle the sensitive issue of authorization is to establish a mechanism whereby health plans are able to obtain a single authorization up front, which then enables the use and disclosure of patient information for specific purposes related to health care delivery, including all of the activities we provide as a care giver.
This "consolidated authorization" approach is taken in Senator Bennett's (R-UT) "Medical Information Protection Act of 1999" and, to some extent, Senator Jefford's (R-VT) and Dodd's (D-CT) "Health Care Personal Information Act" (S. 578). Specifically, these bills allow health plans to secure a single authorization at the time of enrollment in the plan for the disclosure and use of patient information for "treatment," "payment," and "health care operations" -- terms carefully defined in the bill. Treatment and payment are well understood functions. Health care operations include the behind the scenes -- yet equally important -- services and functionsfundamental to the on-going and daily management and operation of the delivery system and the benefits contracts. Such services include coordinating patient care, risk assessment, case management, quality assessment, accreditation, credentialing, and utilization review.
Conversely, we strongly oppose "multiple authorization" schemes that would require that a separate authorization be obtained from the individual each and every time medical information is accessed. Such a multiple authorization scheme would unnecessarily interfere with the ability of systems such as Centra Health to provide effective treatment, to conduct important research activities and to ensure higher quality of care.
As mentioned, our system at Centra Health experiences approximately 850,000 transactions per day. A requirement that a separate patient authorization be secured each time even a small subset of these transactions is attempted would interfere with our ability to provide the health care we deliver to thousands of patients. It would also be met with the disapproval of the vast majority of our patients who already chafe at the volume of paperwork required in our system.
In the rare cases where states have enacted a multiple authorization requirement, the results have been predictable. Most recently, the State of Maine suspended their "Act to Provide for the Confidentiality of Health Care Information" just14 days after it took effect in large part because chaos that ensued due to cumbersome multiple authorization requirements.
While we strongly support consolidated authorization mechanisms, we oppose proposals that would extend this approach to treatment and payment only, requiring separate authorizations for the use of information to conduct crucial health care operations. This is the approach taken in the "
Medical Information Privacy
and Security Act," (S. 573). Such a scheme is unworkable in our highly integrated health care delivery system.
For instance, it makes no sense to allow the use of information to treat an acute asthma attack, while requiring a separate authorization to use the same information to prevent the attack by effectively coordinating care for the patient through an asthma management program.
Importantly, the authorization mechanism established under the Bennett bill limits the use of information to specific healthcare-related activities. Authorization for the use of information beyond purposes of treatment, payment and health care operations would require a separate and specific authorization by the patient. As such, egregious abuses of health information would be prohibited.
In addition to Senator Bennett's bill's approach to authorization procedures, we support the overall approach taken by Senator Bennett's legislation as it mosteffectively establishes a workable and balanced systemic approach to protecting confidentiality. Very simply, it will create accountability by: (1) requiring that patient information be safeguarded; (2) drawing clear, uniform, and understandable boundaries around how patient information can be disclosed and used; (3) providing strong incentives to use non-identifiable information where possible; and, (4) establishing tough penalties for violating these requirements. This is preferable to other approaches which attempt to minimize possible abuse by micro-managing information flow to the ultimate detriment of the system and to patients.
In conclusion, I want to reiterate the importance of your effort and the need to meet the August deadline imposed on Congress for action. I hope this Committee will build on these principles outlined in my testimony and pass legislation that strikes the balance we all believe necessary.
END
LOAD-DATE:
April 28, 1999
Document 108 of 124.
Search Terms: medical w/5 information w/5 privacy, House or Senate or Joint
To narrow your search, please enter a word or phrase:
Copyright © 2002, LEXIS-NEXIS®, a division of Reed Elsevier Inc. All Rights Reserved.
