My name is Jean Narcisi. I am the Director of the Office of Electronic Medical Systems for the American Medical Association (AMA). It is my pleasure to appear today on behalf of the AMA before the Subcommittee on Standards and Security of the National Committee on Vital and Health Statistics (NCVHS). I would like to thank you for the opportunity to testify.
The growth of online health care services could be dramatic in the next few years, as physicians, hospitals, pharmacists, insurance companies and others move to streamline interactions with each other and with consumers. Effective and affordable user authentication will be a key enabler of this business growth, providing the foundation for the high level privacy and confidentiality that are essential in the health care industry. The authentication and electronic signature process must be simple, quick and reliable, and it must be flexible enough to authenticate users across a complex network of health care Web sites.
However, the use of computers as well as the use of the Internet by physicians has not yet caught up with that of other industries. Physicians are reluctant to jump online. And rightly so. Despite the wonders of the Web, its wide accessibility has posed security challenges especially when it comes to private medical records. As background information, I would like to share with you the following findings of an AMA study.
In 1997, the AMA conducted a large-scale benchmark survey of physicians in the United States to determine the penetration of Web usage in the physician population. This study sought to identify physicians’ patterns and habits in World Wide Web usage. In 1999, the AMA conducted a follow-up survey of physicians in the US to determine changes in Web usage. For the purposes of both studies, a Web user is defined as someone who uses the Web him or herself for personal or professional purposes.
Since the benchmark study in 1997, the proportion of all physicians who have access to a computer remained virtually unchanged, at 42% versus 41% in 1999. This means that 59% of all physicians reported they do not use a computer. The proportion with access to the Web, however, nearly doubled, from 20% in 1997 to 37% in 1999. Of the Web users, 27% of physicians indicated they had a Web site in 1999, which is up from 17% in 1997.
The 1999 study indicated that the majority of the physician Web users consider the Web most useful as a communication tool (78%). Other uses included accessing medical information (64%), news and information resource (65%), as well as a drug information resource (43%).
As for security, the 1999 study indicated that 67% of physicians believed it was risky to give their credit card numbers out over the Web for purchases and 83% indicated they have concerns about data security and confidentiality of medical records on the Web.
The AMA is working with the Intel Corporation to deploy a new form of electronic identification called the AMA Internet ID that will protect physician and patient privacy and confidentiality when they use the Internet to send and receive medical information. Intel introduced Intel Internet Authentication Services (IAS), which develops and operates authentication services for associations, organizations and e-Health sites that want to offer branded e-Health digital certificates to their users. The AMA Internet ID will uniquely identify physicians over the Internet, providing a more reliable authentication technique than passwords for secure Internet transactions. The AMA Internet ID functions in the online world in the same way drivers’ licenses, passports, and other trusted documents function in the paper world.
The AMA and Intel believe that the potential for physicians to use the Internet as a tool to store and retrieve patient files or to communicate to pharmacies makes it vitally important that systems are in place to ensure that the patient’s privacy and confidentiality are protected. Furthermore, by authenticating the identity of the physician, this system will allow for a wide and growing variety of routine medical transactions to occur online. Ultimately, this development will enable better patient care and lessen the administrative burden on busy physicians and their staffs.
The AMA believes that in the future, authentication services will be used by physicians for many online applications including:
The AMA Internet ID uses industry-standard Public Key Infrastructure (PKI) encryption technology and Internet IDs based on X.509v3 digital certificates. These standards-based technologies enable flexible integration with a wide variety of existing industry components. They also provide a scalable framework for taking advantage of new security technologies.
As I mentioned previously, the collaboration between AMA and Intel to create the AMA Internet ID will enable physicians to authenticate their identity and conduct secure communication and transactions over the Internet. The AMA Internet ID is essentially a digital ID in the form of a digital certificate. Digital certificates can be used for almost any transaction that currently requires a signature. The real value of electronic signatures is not in their application to transactions but in the level of security and trust they provide in a business process. They should be able to provide authentication of the sender and non-repudiation of the contents of a document. They should also be simple to use, secure, and meet all legal and regulatory requirements as laid down by any legislation.
The AMA has granted Intel access to the AMA Physician Masterfile Database for the sole purpose of creating digital certificates for physicians. For over a half a century, the AMA has collected and maintained the AMA Physician Masterfile and its inter-relational files. These files contain the most accurate and comprehensive data available regarding physicians. The AMA Physician Masterfile Database includes 850,000 uniquely identified records of AMA members, non-members, and all active and inactive physicians in the US and territories. The technological infrastructure upon which the service will run is Intel’s. Intel has highly secure architecture and operations. All systems for generating, validating and monitoring AMA Internet IDs are housed in Intel’s Internet Authentication Services facilities equipped with multiple security systems. This includes system management software and the activity logs that contain a record of all authentication activities.
Digital Certificates meet the requirements for the following applications:
Several competing methods for electronic signatures are currently being used, however, there is not yet a universally accepted standard, or a clear market leading product or approach. Legislatures and regulatory agencies around the world have taken various approaches in their effort to take advantage of these emerging technologies, however, these technologies have not yet fully evolved. In the past, electronic signatures claimed limited acceptance in the marketplace; thus, policy-makers were left with the task of predicting how e-signatures would be used, rather than reacting to how they are used.
Although many use the terms digital signature and electronic signature synonymously, they are different. A digital signature essentially consists of a document tightly bound to a “hash” mark, which is a unique number or a fingerprint.
An electronic signature, however, can be an electronic sound, symbol or process associated with a record and executed by a person with the intent of signing the record. It could be anything, including a digital signature, an X or simply a name typed at the bottom of an e-mail.
As I stated previously, the AMA Internet ID is essentially a digital ID. It is a collection of authentication mechanisms coupled with dynamic data. Its two-part design enables both the verification of a previously established identity and the real-time confirmation that the identity is still valid. Initially, an AMA Internet ID utilizes X.509v3 Public Key Infrastructure (PKI) certificates as authentication mechanisms. However, the architecture of the AMA Internet ID can support additional authentication technologies as well as multiple independent or combined sources of dynamic identity data.
The AMA believes that the value of using PKI encryption technology and X.509v3 digital certificates is that these standards-based technologies enable flexible integration with a wide variety of existing industry components. They also provide a scalable framework for taking advantage of new security technologies.
PKI technology has tremendous potential for securing electronic business but it also suffers from interoperability and deployment problems. As with any standard, there are different ways to implement PKI. Each requires its own policy documents, recovery mechanisms, trust relationships, risk analyses and administration processes. In addition, policies/guidelines for potential risks and liabilities (e.g., online malpractice) associated with the use of the Internet have not been developed.
The AMA believes that the most efficient and cost effective manner of providing authentication of documents is with the use of industry-standard Public Key Infrastructure (PKI) encryption technology and Internet IDs based on X.509v3 digital certificates. As I mentioned previously, these standards-based technologies enable flexible integration with a wide variety of existing industry components. They also provide a scalable framework for taking advantage of new security technologies.
The AMA believes that the government should maintain a minimalist approach and aim to facilitate the use of electronic signatures generally, rather than advocate a specific protocol or technology. The primary focus should be to remove existing legal obstacles to the recognition and enforceability of electronic signatures and records. Ensuring that electronic signatures and records fulfill existing legal requirements for tangible signatures ordinarily does this. Therefore, a minimalist approach focuses on verifying the intent of the signing party rather than on developing specific forms and guidelines.
The fragmented regulatory environment makes it impossible to define a “one size fits all” guideline or standard in some areas. In addition, if the government was relying on an open standards process to seek consensus on one correct guideline or element, the real world would have moved on to new technology or techniques before a standard or guideline would be promulgated in a regulation.
However, high security standards need to be in place with health care transactions because of the critical privacy and liability issues associated with online transactions. Protecting confidentiality and privacy is essential in health care. All systems that generate, validate and monitor Internet IDs should be equipped with multiple security systems, encryption, and back-end secure technology. In addition, there should be activity logs that contain a record of all authentication activities. The technical features should include:
The recently-adopted Electronic Signatures in Global and National Commerce Act (“E-SIGN”) gives electronic signatures the same legal validity as traditional paper signatures and explicitly forbids the denial of an electronic agreement simply because it is not in “writing.” The law also forbids any state statute or regulation that limits, modifies, or supersedes E-SIGN in a manner that would discriminate for or against a particular technology. However, E-SIGN does not supersede the state laws in the area of retention of medical records. The retention of medical records in some states may become an obstacle for physicians wanting to use electronic signatures because some states require that medical records be stored for a very long time (e.g., after death or until a child turns 18) and this would require paper or microfilm storage. In addition, the E-SIGN law has very low security standards and as a result, it appears that electronic signatures could be repudiated easily.
The Uniform Computer Information Transactions Act is a law that is intended to govern all contracts involving computer software and information that can be obtained electronically. It also stretches easily to cover computers, printers and other computer peripherals, and software that are embedded in goods. This proposed law grants new intellectual property rights to software and information publishers beyond those of the United States Copyright and Patent laws. It will make it almost impossible to hold vendors of defective products accountable for defects and misrepresentations. This could put more liability on physicians, which could create another obstacle that would limit the use of electronic signatures.
Medical information is private and confidential and it is not replaceable. It’s not the same as credit card information. Protecting confidentiality and privacy is imperative to ensuring and strengthening consumer trust and autonomy in a changing technological health care environment. Electronic communications are drastically changing how patient information is stored and transmitted. But what hasn’t changed is the physician’s responsibility to maintain the confidentiality of patient records. And, electronic patient records are no different from paper medical records in that they contain privileged information that may not be divulged without permission from the patient. The AMA Internet ID comes at a time when there is a growing awareness of the threat to breaches of medical privacy, confidentiality and security of the medical record in the digital age.
The potential of business opportunities and enhanced customer convenience services offered by the Internet is phenomenal. From home banking to network shopping and online information subscription services, security remains a growing concern.
Governing access control through the use of a simple password is no longer thought to be adequate. More and more companies doing business on the Internet are awakening to this reality and requiring the use of digital certificates by their customers. In addition, levels of security, reliability, and quality of service that are necessary for physicians to use the Internet may go beyond those needed for typical e-commerce.
Internet authentication technologies are evolving rapidly to meet new business requirements. Like other online businesses, health care service providers will need to adapt their content and security procedures to address the requirements of new access devices, such as PDAs, cell phones, and other hand-held devices. In addition, many PCs and other digital equipment will soon come equipped with fingerprint scanners, iris scanners, and other biometric authentication systems. The AMA Internet ID and the Intel IAS infrastructure are designed to be extensible, so they can smoothly accommodate these and other evolutionary changes. AMA and Intel are currently working to integrate a variety of new features, including:
As online health care evolves, AMA and Intel are committed to providing a high level of authentication integrity that will be combined with procedures and tools to make it easy for businesses to deploy and administer their authentication services as well as make it increasingly simple for end-users to obtain secure access to the information and services they need.
Thank you for this opportunity to present the views of the American Medical Association. I would be pleased to respond to any questions that you might have.