Vice President – Information Systems



January 23, 2007

On behalf of Wal-Mart Stores, Inc., I appreciate the opportunity to provide written comments to the National Committee on Vital and Health Statistics and its Subcommittee on Privacy and Confidentiality concerning personal health records and the role of privacy policies in providing a trusted and secure environment necessary for the widespread adoption and use of electronic health records.

Based in Bentonville, Arkansas, Wal-Mart is the nation’s largest retailer. Wal-Mart employs 1.8 million associates worldwide and more than 1.3 million in the United States, making Wal-Mart the largest private employer in the U.S. Wal-Mart operates more than 3,800 facilities in the United States and more than 2,600 in Argentina, Brazil, Canada, China, Costa Rica, El Salvador, Guatemala, Honduras, Japan, Mexico, Nicaragua, Puerto Rico, and the United Kingdom


No issue facing the business community in America is more significant than how the public and private sector will work together to address the national health care crisis. This is both a fiscal, and a quality of life issue, for millions of hard working Americans.

Wal-Mart fully endorses and supports the initiatives set forth by the administration to promote price and quality transparency, to drive health information technology standards, and to provide options that promote quality and efficiency. President Bush and Secretary Leavitt have put forward a vision that, in the Secretary’s words, “would create a personal health record that patients, doctors and other health care providers could securely access through the internet no matter where a patient is seeking medical care.” With 1.3 million associates in the United States, and company health insurance costs growing at 19% per year over the past three years, we certainly support these initiatives.

At Wal-Mart we are committed to bringing about solutions to some of the most pressing health care challenges facing America’s working families. We’ve made this a major focus of the last year. Our more affordable health benefits improvements are a prime example. We are making a real difference for our associates, our customers and the communities we serve. And we are building on those efforts. That’s why Wal-Mart, along with several other large employers who are concerned about the rising cost of health care and inefficiencies in the current system, are coming together to form Dossia, a new non-profit organization that will provide a framework for electronic personal health records. With employers paying almost half of all U.S. health care costs, Dossia will be an important component in making the health care system more efficient and effective, eliminating waste and duplication of effort on behalf of consumers and providers.

About Electronic Personal Health Records

Electronic records allow individuals to manage an extensive and comprehensive record of their personal medical history and ultimately receive the best possible treatment. These records can help eliminate duplicate medical tests, erroneous or lost information, reduce administrative costs and help prevent thousands of serious illnesses or deaths that result from prescription or other medical errors every year. Because these records are electronic, there’s no paperwork to lose and no files to transfer.

For example, an associate and his or her doctor can review recent prescriptions and track office visits. Doctors can evaluate past x-rays, immunizations or screenings to make comprehensive decisions about the proper course of treatment, avoiding duplicate or unnecessary tests. A record of a patient’s medical history will be available to them and to their doctor, saving money and saving lives.

There has been a tremendous amount of interest in the issue of electronic medical records, and hospital and doctor groups have long supported efforts to computerize medical records. However, little progress has been made due to financial and technological constraints. As a result, today only a small percentage of doctors in the United States use a completely electronic record-keeping system.

About Dossia

Dossia is a first-of-its-kind collaboration between Wal-Mart and other employers, and it represents an important first step toward bringing greater efficiency, quality and transparency to the U.S. health care system. Dossia will provide Wal-Mart associates, and employees at other founding companies, with a framework through which they and their doctors can both build and maintain private electronic personal health records.

The mission of Dossia is to empower people and their doctors to be active partners for health by providing secure, convenient access to lifelong health information. Dossia’s objective is to transform the U.S. health care system, reducing waste and facilitating better care by developing and making widely available a lifelong personal health record.

Employee participation as a Dossia network user is completely voluntary. At the request of employees and other eligible individuals, the Dossia network gathers health data from multiple sources. Once gathered and securely stored in a decentralized database, the health information is continually updated and is available to individuals for life even if they change employers, insurers, or doctors.

Electronic health records provided through Dossia will be personal, private and portable. They will not be tied to an individual’s employer or health care provider or to their software, which will provide choice and differentiation for employers and consumers. Individuals will own their personal health record, and can decide who, outside of their doctors, has access to their medical information.

Employers will not have access to their employees’ personal health record. Dossia is hosted by an independent not-for-profit institute, creating a barrier between employee data and outside parties — including the founding employers of Dossia. Quite simply, Wal-Mart will not be able to view associates’ personal medical records. They will be 100% private.

In the initial stage of the program, founding members’ employees will have access to this service. However, over time it will be expanded to include more and more health care consumers.

Currently, Dossia’s founding members include Wal-Mart, Intel, BP, Pitney Bowes and Allied Materials. Together, employees at these firms represent about 2.5 million U.S. health care consumers. Participation in Dossia is open to other employers interested in bringing electronic health records to their employees and transparency and efficiency to the U.S. health care system.

Developing a Personal Health Record with Dossia

There are many different groups and entities offering personal health records, but Dossia provides what is missing today in terms of portability, accessibility and transparency.

Dossia is based on the Connecting for Health Common Framework, a set of design and policy standards established by a collaboration of industry stakeholders, including consumer advocacy organizations, physician groups, insurers, technologists and privacy advocates. Connecting for Health is funded by the Markle and Robert Wood Johnson Foundations. The goal of the Common Framework — and of Dossia as its first real-world deployment — is to provide a robust, secure and flexible data capture and authentication system through which consumers can aggregate their health information to create one independent, lifelong personal health record.

The unique Dossia framework gathers health information on behalf of the individual from various sources and stores it within secured databases. Dossia’s open architecture will support multiple personal health applications, allowing users to organize and summarize their information in ways that are most useful to them. Health records will be secure and private, accessible only by the individual or by others to whom they have granted permission. Records also will be portable, enabling individuals to continue using the records even if they change employers, health plans or doctors.

Dossia enables an individual to develop a personal health record via two means: entering the data themselves and enabling the system to search and securely aggregate their individual health data from various sources. Once Dossia is complete, it will begin drawing information from all available electronic sources within the health care system on behalf of each individual who requests it.

Despite all our efforts to build the broadest possible network, a tremendous amount of our medical information will remain on paper for years to come. As a result, Dossia will also allow patients and consumers to capture and store scanned images of any documents they feel are important and may one day want to share with their caregivers.

What others are saying about electronic personal health records

“Adopting and using health information technology will reduce medical mistakes by making patient-specific information and the latest condition-specific information readily available to treating providers at the point of care. We are rapidly approaching the time when health care organizations and providers must rely on information technology to be credible providers of safe, quality care.” Helen Darling, President, National Business Group on Health, Market Wire, 4 October 2006

“It has always seemed unusual to me that the medical record is seen as the property of the medical system. The best integrator in the end is the patient.” Donald Berwick, chief executive of the Institute for Health Care Improvement, Wall Street Journal, 29 November 2006

“Once in place, the [Dossia framework] would allow consumers and insurers to evaluate price and performance data from millions of employees. Eliminating duplicate tests and erroneous or lost information would also slash administrative overhead, which is estimated to account for 40% of medical costs. And electronic prescriptions alone could help prevent the 98,000 serious illnesses or deaths that result annually from prescription mistakes.” Wall Street Journal, “Big Employers Plan Electronic Health Records,” Gary McWilliams, 29 November 2006

“For far too long, America made the mistake of investing little in health-related information technology. It’s long past time to move the entire nation towards health care that’s truly systematic and working in sync with our information-age economy. If we create a privacy-protected electronic medical record for every citizen who wants one, we’ll not only save money, we’ll save lives.” Bill Frist, U.S. Senate Majority Leader, The American Enterprise Magazine, July/August 2006

“Broad adoption of health information technology that is interoperable is absolutely crucial to providing patients with better care, at lower cost, and with less hassle.” U.S Department of Health and Human Services Secretary Mike Leavitt, US Fed News, 26 October 2006

Trust and Privacy

We all know that trust is a vital component of any health care initiative or relationship. This is certainly true for ehealth initiatives. As discussed earlier, ehealth has enormous benefits for consumers. However, if individuals do not trust the system, they won’t use it, provide complete information, or otherwise reap those benefits.

Trust in how medical information is handled could be improved, even in regulated areas. Surveys continue to show that significant percentages of consumers are not as confident as they should be that health records will be secure, and that they won’t be shared in inappropriate ways. EpicTide, a security provider for the health care industry, reports in its December 2006 survey that 98% of consumers believe that health care organizations should protect medical records, but that only 40% feel confident that providers do secure those records. This is consistent with other surveys since 2000. There are also increased reports that medical identity theft is rising. Given the need for trust and public concerns, personal health records and other ehealth initiatives will need to focus on this issue. At Wal-Mart we take very seriously the privacy of our associates and our customers. Trust is a focus for our initiatives.

General Privacy Principles for ehealth Initiatives

Before turning to personal health records and particularly the Dossia framework, I thought it would be helpful to put personal health records in context by framing some key privacy principles that seem to be common throughout many of the existing ehealth efforts. I’ll then discuss unique aspects of personal health records in more detail.

For purposes of this discussion, I am pleased to use the definition for privacy submitted by this Committee in its June 2006 report—health information privacy is an individual’s right to control the acquisition, uses, or disclosures of identifiable health data. This is a good definition for privacy in other contexts too, and shows the distinction with security. Privacy involves the deliberate policy choices afforded to and exercised by the individual, and the entities the individual deals with, regarding managing health information. Basic privacy principles include the fair information practices of: notice, choice, access, security, and redress. As the report notes, control is a concept that overlays ehealth initiatives, and particularly personal health records.

Notice concerns how the individual understands how the collector manages information, including e.g. acquisition, uses, disclosures, access, and security.

Choice concerns options individuals may exercise regarding data management. Examples include whether health records are contained in an ehealth system, or who has access to health records.

Access concerns who has access to that data. Individuals should have access to their own health information conveniently and affordably.

Security involves how the integrity, security and confidentiality of health information is protected.

Redress concerns how an individual can ask questions or file complaints about data practices. How data is managed should be transparent.

Privacy and Personal Health Records

Personal health records offer unique privacy issues, and certain privacy enhancements. I’ll first discuss personal health records as their own system, then personal health records as part of a network.

With personal health records, by definition, the individual controls more aspects of the system. This starts with the decision to participate in the personal health record at all, as well as exercising control over access to that information. Simply put, the individual is the driver of his or her health information.

Given this model, I’d like to describe some examples about how fair information principles operate in the personal health record context. The first is notice. The main issue with notice is how to communicate data practices and to make that communication effective, rather than for instance a check box model that may or may not be read. With personal health records, individuals need to have a basic understanding of how it works before signing up for – and then using – the system. Personal health record models will need to focus on the communications and notice aspect with some robustness.

Other examples are choice and access. Personal health records give individuals a new level of access. Never before have they had access to their health records at their fingertips at any given time in quite the same manner. This level of access allows the individual to check their records and update them for completeness and accurateness. Not only do they have immediate access, but the individual can determine who else should have access to their records, which again, gives them control.

Personal health records can also function as part of a larger network, such as a nationwide health information network. Data exchanges between networks raise privacy issues too. One of the biggest questions is how centralized or decentralized those networks should be. There are pros and cons to the varying approaches, including with regard to ease of use, data accuracy, and risk management. These issues will have to be carefully considered as networks are developed.

Dossia’s Privacy and Security

The first and last job of any medical records system is security. This begins with an industrial strength, shared system for verifying a user’s identity.

Dossia features stringent privacy and security policies and procedures, including a strong authentication system. Individuals opt-in to the system and then decide what information to share and with whom. No one can see an individual’s information without his or her permission. Additionally, since Dossia is hosted by an independent third party, there is an organizational barrier between the data and outside parties, including employers and health insurers.

Because Dossia will be connected to data networks that exist today behind the curtain of the health care system, and because of the sophisticated and rigorous security and patient record location intelligence included in the Common Framework design, the user of a personal health information product will be able to quickly access his or her information. The information that will pass through the Dossia network into the patient’s control will be completely de-identified, assuring privacy in the unlikely event that it is not the patient’s actual medical data. Furthermore, in keeping with the principles of the Common Framework, and as a final way of ensuring data integrity, the user will have the ability to review that data and choose to include or exclude it from their record.


Wal-Mart, as a founding member of Dossia, is committed to the success of ehealth records, personal health records, and privacy and security for these records. We are prepared to assist members of the Committee in any manner as it continues to consider the important impact of personal health records and the use of health information technology for Americans. We are committed to working with state and federal leaders to define real action steps that can be taken to move the discussion forward.

There are more than 45 million Americans without health insurance today. Affordable and accessible health care is out of reach for many Americans. Wal-Mart understands that our nation can’t address this problem without a combination of technology and common sense. This is what we do each day in urban areas, and small towns, across America, and this is how we hope to assist in this vital national effort.

Wal-Mart appreciates the opportunity to present our views. We look forward to any questions you may have.