RE: Advisory Committee on Online Access & Security -- Nomination P004807
DATE: 30th December 1999
I am writing to nominate myself, Gregory Miller, for appointment to the Federal Trade Commission's Advisory Committee on Online Access & Security. I understand the time commitments and parameters for participation and believe I can be an asset to the effort.
I am part of the senior management team for MedicaLogic, Inc - an Internet software company that makes and provides Internet-based electronic medical records products and services. MedicaLogic has been in the business of building and maintaining patient medical records for hospitals and clinics in the ambulatory setting for more than a decade.
Recently, MedicaLogic launched an Internet-based version of its Logician EMR tools and this coming spring will launch the first-ever consumer web site for secure access and maintenance of their authentic medical records (see http://www.98point6.com).
There are three specific points I wish to make in this nomination with regard to my potential contributions.
The services I am helping to design and build must meet the demanding specifications of the consumer's wishes. For instance, we take a very exacting approach to how healthcare data is collected and used on the Internet by giving the consumer-patient the complete choice in advance of any use.
Moreover, we continue to run pilot programs (see http://www.aboutmyhealth.net) to determine the consumer's preference for how healthcare data is collected, managed and accessed through the Internet. There is very valuable data and information from these projects and studies that can be contributed to the work of the Advisory Committee on Online Access and Security.
For example, as the Secretary is probably aware, there are forthcoming regulations from the Department of Health & Human Services concerning the protection of healthcare information online. My company's services will be subject to regulatory compliance. Therefore, one of our efforts at MedicaLogic is to consider how to define HIPAA compliant mechanisms by which the adequacy of measures taken by our web services to protect the security of personal and healthcare information collected on-line or made available on-line will be assessed. For instance, what might constitute reasonable steps to ensure the integrity of patient's records, and what managerial and technical measures must be undertaken to protect this information from unauthorized use or disclosure?
The results of our work on protecting patient records and the associated personal information can be of value to the Committee's efforts.
I am fully aware of the time commitments, travel requirements, and participation expectations associated with this appointment, and I stand ready, willing, and able to fulfill them, with my Company's approval. I believe for the reasons stated above, I can be a valuable contributor on the Commission's Advisory Committee on Online Access and Security.
I sincerely appreciate your consideration
/s/ Gregory Miller