Copyright 2000 eMediaMillWorks, Inc.
(f/k/a Federal
Document Clearing House, Inc.)
Federal Document Clearing House
Congressional Testimony
March 30, 2000, Thursday
SECTION: CAPITOL HILL HEARING TESTIMONY
LENGTH: 1960 words
HEADLINE:
TESTIMONY March 30, 2000 ARTHUR ANDERSEN LLP TECHNOLOGY RISK CONSULTING
HOUSE SCIENCE TECHNOLOGY HEALTH CARE IN ELECTRONIC AGE
BODY:
Statement of Gregory E. Hedges Partner,
Technology Risk Consulting, Arthur Anderson LLP March 30, 2000 Regarding:
Establishing Accountability in eHealth Technologies Chairwoman Morella, Members
of the Subcommittee, distinguished guests, my name is Greg Hedges and as a
Partner with Arthur Andersen LLP, I lead Technology Risk Consulting in the
Firm's Chicago office. I have 20 years experience helping organizations manage
problems caused by people implementing new technologies. It is a great honor to
address you today. In the next few minutes, I will illustrate why we believe
that the trust of the American people is at stake with respect to the delivery
of healthcare. Privacy and confidentiality are at risk as more and more
healthcare companies take advantage of the internet in eHealth applications.
What's the impact of the Internet on Healthcare? - Internet improves quality of
life and patient care - American Public still expects healthcare professionals
to be held accountable for patients' diagnoses, treatment, privacy -
Accountability includes protecting privacy and confidentiality - Accountability
requires processes and systems to retain proof of: - Who accessed information
and changed medical records? - What medical information changed? - When and in
what order were medical records altered? - Where is private information sent? -
Internet has no inherent accountability Use of the Internet already
significantly improves the quality of patient care by providing more access to
specialists and information. Internet or not, the American public still expects
Healthcare Professionals to be held accountable for the diagnoses they make, the
treatments they prescribe, and for protecting the privacy and confidentiality of
patient information they handle. Accountability requires eHealth systems to
retain electronic, convincing proof of, for example: - Who accessed medical
records and changed them? - What diagnoses or treatments were ordered or
changed? - When or in what order were records changed? - Where is private
information being sent? Today, at least there is a signed paper trail. On the
internet, there is no inherent accountability. Implementing electronic evidence
of secure communications is hugely complex and necessary. HI PAA is a Good Start
- Good Standards established for Old Economy healthcare - eHealth creates wide
gap between standards and implementation - HIPAA requires accountability for
integrity and confidentiality - No clear eHealth standard to deliver
accountability - Public Trust for eHealth remains at risk-- even with HIPAA
HIPAA legislation provides a good starting point for implementing
Accountability, but it falls short for eHealth applications. While the standards
are sound, they are open to wide interpretations. The standards could be
compared to your being asked to pick up something 'good for dinner' on the way
home. The standard is 'good for dinner.' Depending on your point of view, that
could mean just about anything, all of which is edible, none of which may meet
the needs of your family- except you. Thousands of different entities need to
trust the integrity of shared private medical information. If there is a single
specific standard, we will achieve accountability much, much faster than having
every entity interpret a standard for its own benefit. Let's take advantage of
this situation now and solve this problem before years pass. Otherwise, we are
in for some interesting headlines. Lack of Accountability undermines Public
Trust No Accountability of who prescribed what to whom Unless
pharmacies manually validate every internet
order, anyone with a computer and online access could impersonate a doctor,
order fraudulent prescriptions, and distribute drugs illegally. Similarly, care
workers may deny errors they make in prescriptions, medical diagnoses, and the
treatments they recommend. Technology needs to be consistently implemented to
prove the identity of the sender and the integrity of what was sent. Lack of
Accountability undermines Public Trust No Accountability of Internet identity In
this scenario, there is no accountability of Internet identity and the outcome
proves disastrous. Goals and Recommendations Goals: - Preserve the public trust
in the healthcare delivery system - Encourage Accountability for security,
confidentiality and data integrity as the primary eHealth issue Recommendations:
Bridge gap between standards and implementation -Take advantage of current
industry and government pilots -Continue government support for integration
activities Speed implementation of secure technologies - Specific standards are
needed to achieve security and confidentiality The Government has a unique
opportunity to help the American people by encouraging effective specific
security standards while eHealth is still in its infancy. By taking advantage of
current industry and government pilots, together we can begin to bridge the gap
between Ambiguous Standards and Effective Implementations throughout the
Industry. Unambiguous security standards will speed implementation of a secure
technologies that preserve the public trust in healthcare delivery. Please
review the enclosed Appendix for information regarding eHealth security
technologies. Thank you for inviting me to join this eHealth discussion in this
exciting digital age.
LOAD-DATE: April 10, 2000, Monday
