Federal Trade Commission
Room H-159
600 Pennsylvania Avenue NW
Washington, DC 20580

RE: Advisory Committee on Online Access & Security -- Nomination P004807

Gregory Miller
Chief Internet Strategist
MedicaLogic, Inc
20500 NW Evergreen Parkway
Hillsboro, Oregon 97124

DATE: 30th December 1999

Dear Secretary:

I am writing to nominate myself, Gregory Miller, for appointment to the Federal Trade Commission's Advisory Committee on Online Access & Security. I understand the time commitments and parameters for participation and believe I can be an asset to the effort.

I am part of the senior management team for MedicaLogic, Inc - an Internet software company that makes and provides Internet-based electronic medical records products and services. MedicaLogic has been in the business of building and maintaining patient medical records for hospitals and clinics in the ambulatory setting for more than a decade.

Recently, MedicaLogic launched an Internet-based version of its Logician EMR tools and this coming spring will launch the first-ever consumer web site for secure access and maintenance of their authentic medical records (see

There are three specific points I wish to make in this nomination with regard to my potential contributions.

1. My participation will promote a balance of points of views represented and functions to be performed by the Committee. I can represent the significant perspective of healthcare information privacy and security on the Internet - it is what we do daily at MedicaLogic. We are custodians of consumer's authentic medical histories and have an absolute obligation to serve and protect their best interests.
2. I have the expertise in and knowledge of the issues that will be the focus on the committee's work. I have more than 20 years technical experience in Internetworking, 8 years experience in business development of the commercial Internet, and experience as a trained lawyer in areas of public policy and technology law.
I am the Chief Internet Strategist for MedicaLogic. Among my tasks in that role, I am charged with researching and developing technology paths that are consistent with existing and planned government regulations on the management of healthcare information. To that extent, I am involved with planning Internet security architecture, and participating in regulatory compliance in general.
Accordingly, I can bring an important perspective on the collection and use of consumers' medical information through the Internet. I can also bring a depth and breadth of knowledge of Internet technologies, security and privacy mechanisms, best practices, and policies.
3. I believe my participation will positively reflect the views of the relevant affected interests from the consumer healthcare community. Unlike many of the eHealthcare participants, MedicaLogic provides an immediate and direct system for the warehousing and management of authentic patient healthcare histories.
My daily efforts are guided by an absolute commitment to serve the consumer's best interest in having unbridled, but secure and private access to their medical records.

The services I am helping to design and build must meet the demanding specifications of the consumer's wishes. For instance, we take a very exacting approach to how healthcare data is collected and used on the Internet by giving the consumer-patient the complete choice in advance of any use.

Moreover, we continue to run pilot programs (see to determine the consumer's preference for how healthcare data is collected, managed and accessed through the Internet. There is very valuable data and information from these projects and studies that can be contributed to the work of the Advisory Committee on Online Access and Security.

For example, as the Secretary is probably aware, there are forthcoming regulations from the Department of Health & Human Services concerning the protection of healthcare information online. My company's services will be subject to regulatory compliance. Therefore, one of our efforts at MedicaLogic is to consider how to define HIPAA compliant mechanisms by which the adequacy of measures taken by our web services to protect the security of personal and healthcare information collected on-line or made available on-line will be assessed. For instance, what might constitute reasonable steps to ensure the integrity of patient's records, and what managerial and technical measures must be undertaken to protect this information from unauthorized use or disclosure?

The results of our work on protecting patient records and the associated personal information can be of value to the Committee's efforts.

I am fully aware of the time commitments, travel requirements, and participation expectations associated with this appointment, and I stand ready, willing, and able to fulfill them, with my Company's approval. I believe for the reasons stated above, I can be a valuable contributor on the Commission's Advisory Committee on Online Access and Security.

I sincerely appreciate your consideration

Respectfully submitted,

/s/ Gregory Miller