Testimony by Pamela Miller for the March 30, 2005 NCVHS Subcommittee on Privacy and Confidentiality Hearing

National Committee on Vital and Health Statistics

Subcommittee on Privacy & Confidentiality

March 30-31, 2005

Chicago, Illinois

Good morning Mr. Chairman, members of the subcommittee, ladies and gentlemen.

My name is Dr. Pamela Miller. I am a practicing optometrist and an attorney and have maintained a private solo optometric practice in Highland, California for over 30 years. I am very pleased to appear before you today, on behalf of the American Optometric Association, representing the concerns and issues of the doctors of optometry in the areas of Privacy and Health Information Technology.

The AOA is closely monitoring developments in this area. The association of more than 30,000 members has already submitted broad formal comments to the Department of Health and Human Services on the President’s goal implementing nationwide use of Electronic Health Records in 10 years. Those comments were submitted in January, as publicly requested of all stakeholders, by Dr. David Brailer, National Coordinator of Health Information Technology, who also reports to the Secretary of Health, the Honorable Mike Leavitt.

These are exciting times, but also very daunting and even threatening for the private health care provider. Technological advances are so rapid that it is extraordinarily difficult to keep abreast of new changes and still maintain competency in this arena. Furthermore, some professions grant no continuing education credit for this integral part of practice. It is safe to say that there is both concern and apprehension on the part of my colleagues in optometry.

There is a significant disparity in practitioners who utilize computer technology, ranging from simple practice management software programs to complete EHR technology. Solo practitioners or smaller practices will be less likely to utilize current technology due to the significant investment required and the realistic lack of financial return on that investment in the day to day operations of their practice.

There are three areas of concern when addressing Privacy and Health Information Technology.

First is the physical hurdle of implementation and training. Most doctors and their staff are not techno-savvy. There is significant fear and trepidation anytime we embark on an unknown road. Staff resistance is often most challenging. It is the staff who is charged with the responsibility of actual implementation, updating, record entry and access. They rarely receive any formal education and attempt to fit new technology and methods into an already busy day – literally fitting it in whenever and wherever they can. Most offices today have one full time staff person who is responsible for electronic patient authorizations, billings, lab order and stock entries, etc. This individual is often stretched to the limit just keeping up with the current day to day electronic entries.

Doctors are often no more, and frequently less, computer savvy than their staff. Their primary concern is meeting the care and health needs of their patients. Relatively few doctors currently utilize any form of electronic health records, even in the most rudimentary form. The smaller practices, comprised of one to a small handful of doctors are often the last to come on board, often because they are the only one in the office who can initiate and maintain the entire process of electronic implementation.

The potential for widening the gap in patient care between offices that are involved in electronic health record communication and those that are not up to speed in this field is tremendous. Potentially, doctors may leave practice for no other reason than the electronic technology demands on their offices, thus depleting an already finite resource of patient care and choice.

The second area of concern is the cost factor. Both hard and soft costs enter into the picture. Not only is there the actual hardware and software costs, but the soft costs of training, upgrading both software and staff/doctor education over the ongoing period of implementation and utilization are significant. Every time the software is upgraded, there is a new learning curve which takes place.

Typically one staff person is the key “computer” or electronic entry individual. This person now becomes indispensable in the health care office. When that person leaves, the entire learning process often starts over. This is a recurring cost that is virtually impossible to put a dollar amount on.

With the implementation of electronic health records, it is critical to bear in mind that hardware and software costs will typically escalate. Realistically, there will need to be access in every examination room, pre-testing station, and every staff desk. Even in a small office, this is a significant investment. Realistically, we must also include the following factors to this basic cost: the ongoing maintenance issues and the times when our computers or programs are down or inoperable, resulting in a significant loss of productivity and inability to see or care for our patients. Couple those issues with the fact that our cost factors increase proportionately and are difficult to recoup. These areas of concern add substantially to the mix when evaluating overall costs of initial implementation and ongoing maintenance.

The third area of concern is that of loss of privacy with respect to patient information and the increasingly significant potential for inadvertent or even intentional dissemination. Patient confidentiality is sacred and has long been at the heart of the patient-provider relationship. If that relationship is to stay healthy to optimize the care and well being of the patient, it must be vigorously safe-guarded by every stakeholder who will have approved access to EHRs.

Threats to this principle are more real than ever in the post 9/11 high technology age. Our country now lives with the frightening specter of electronic terrorism that is aimed at disrupting large computer networks and infrastructures. Furthermore, there continues to be the costly havoc periodically unleashed on public and private computer networks by grudge-holding or mischief-making hackers.

There are specific threats to EHRs – both in the reality and in the minds of health care professionals. These include access to EHRs by patients’ employers, insurers, or other non-privileged individuals, fraudulent information selling, wireless technology interception, etc. Theft of patient information is big business and becoming even bigger. With the implementation of HIPAA, this concern is a significant one for everyone concerned with protecting the patient’s right to privacy.

Privacy issues cover the gambit from the patient’s right to obtain information that is in their individual health care records, to doctors’ notes, which may or may not be intended for patients’ eyes, to the issues of billing and specific testing data in patients’ records.

There is no question that it is of the utmost concern that implementation be smooth, cost effective, and easily integrated. The issue of accountability remains paramount.

There are also three positive benefits to the implementation of electronic health records.

First, is the most obvious. Patients can and should receive improved levels of service and communication between their health care providers, resulting in significantly improved treatment at a cost-savings. Record transmission allows for more rapid diagnostic and treatment alternatives as well as improved consulting services between health care practitioners.

Second, the professional health care specialist is better able to consult with colleagues, keep everyone informed about the patient’s care, and interact with fellow health practitioners to better serve the patient’s health needs. This includes both diagnostic and treatment modalities, as well as ongoing patient care.

The third benefit is improved documentation, quicker and correct billing and coding, and faster reimbursement. Effective electronic implementation allows for a faster turn around time for authorization for services and also improved coordination of the appeal process of any denied claim.

I cannot emphasize enough that, although the benefits of electronic health records, electronic transmission and telemedicine are impressive, the financial impact on the healthcare provider cannot be underestimated or ignored. It runs the risk of escalating fixed expenses, presenting another potential burden to the practitioner, coupled with flawed managed care delivery systems and the lack of adequate access to care, that the individual practitioner must absorb.

I have three key recommendations to make which are specific to the privacy and security of EHRs.

1. HIPAA compatible rules must be developed for the EHR environment.
2. As necessary, new laws must be developed spelling out specific rules for safeguarding EHRs, as well as the entire national health information network. Such laws must require the highest, most sophisticated security access standards for approved EHR users.
3. The development of strong laws must also set forth harsh penalties for those not approved to access EHRs and who, intentionally and fraudently breach the security of EHRs.

These are indeed exciting times we live in. We are once again, on the brink of a new way of conducting the business of patient health care and professional interaction. I thank you for the privilege of addressing this subcommittee and being allowed to offer insight from an optometric point of view, as my profession, along with other health care professions, prepare to meet this challenge.

Pamela Joyce Miller, OD, FAAO, JD
6836 Palm Avenue
Highland, CA 92346-2513
909 862-4053
drpam@omnivision.com