[This Transcript is Unedited]
Hubert H. Humphrey Building
200 Independence Avenue, SW
Washington, D.C. 20201
MEMBERS
STAFF
MR. ROTHSTEIN: Good morning, everyone. We've got a full schedule today that should be very interesting, so I hope we can start on time, or slightly late, even though we are expecting more people to join us as we proceed.
My name is Mark Rothstein. I'm the Director of the Institute for Bioethics Health Policy and Law at the University of Louisville School of Medicine and Chair of the Subcommittee on Privacy and Confidentiality of the National Committee on Vital and Health Statistics.
The NCVHS is a Federal advisory committee consisting of private citizens that makes recommendations to the Secretary of HHS on health information policy. On behalf of the Subcommittee and its fine staff, I want to welcome you to today's hearing on the National Health Information Network.
We are being broadcast live over the Internet, and I want to also welcome our Internet listeners.
As is our custom, we will begin with introductions of the members of the Subcommittee, staff, witnesses and guests. I would invite Subcommittee members and full members of the NCVHS to disclose any conflicts of interest they may have. I will begin by noting that I have no conflicts of interest on today's issue, although I have taken many public positions on matters related to health privacy.
And so it's my great pleasure to introduce Maya Bernstein, the new lead staff to the Committee, and she will begin the introductions.
MS. BERNSTEIN: I'm Maya Bernstein. I've just joined the Department yesterday and –
[Laughter]
MS. BERNSTEIN: -- It's my second day and I'm looking forward to hearing what you all have to say and to mostly listening, but I will be the lead staff succeeding Kathleen, who will help me to make that transition, and I'm just looking forward to being here and to hearing what you have to say.
MS. FYFFE: Yes. And Maya has an excellent background, having worked at the Office for Management and Budget and also as the privacy czar at the Internal Revenue Service. And we are very delighted that she has joined our EEH staff.
MR. ROTHSTEIN: Kathleen, you might as well begin by –
[Introductions; no conflicts of interest stated.]
MR. ROTHSTEIN: Thank you, and welcome to everyone.
This afternoon from 3:15 to 3:45, members of the public may testify for up to five minutes on issues relating to the topic of today's hearings. If you're interested in testifying, please sign up with Marietta Squire at the registration table.
The first panel of witnesses have been asked to limit their initial remarks to 20 minutes. After all the witnesses on the panel have testified, we will have time for questions and discussion.
Witnesses throughout the day may submit additional written testimony to Marietta Squire if they desire within two weeks of the hearings. I would request that witnesses and guests turn off their cell phones. Also, during the hearing, if we all speak clearly into the microphones, those listening on the Internet will be very appreciative, I'm sure.
Today is the first of several rounds of hearings on the National Health Information Technology system. The second round of hearings is scheduled for March 30th and 31st in Chicago. Additional dates and locations will be announced as soon as they are scheduled.
As I'm sure everyone in this room knows, the United States is committed to adopting a system of electronic health records.
TELEPHONE OPERATOR: Excuse me; Simon Cohn joins.
MR. ROTHSTEIN: Good morning, Simon.
DR. COHN (on phone): Good morning, Mark. Sorry for breaking in in the middle here.
MR. ROTHSTEIN: Oh, that's okay. Welcome. Simon is Chair of the National Committee on Vital and Health Statistics, and it's very early in California and we appreciate your joining us.
DR. COHN: Thank you for having me.
MR. ROTHSTEIN: So let me just back up for a minute. I started to say that, as you all know, the country is committed to a system of electronic health records within the next decade.
There are many reasons why electronic health records are claimed to be better than paper-based records. These include greater access to records from remote locations, accurate and fast information from cognitively or otherwise impaired individuals, cost savings, increased safety, as well as research and public health benefits from such a system.
Senator Bill Frist wrote in The New England Journal of Medicine in January of this year: "Widespread adoption of electronic health records will reduce errors, improve quality, eliminate paperwork and improve efficiency. Once fully implemented, electronic records will dramatically reduce cost and improve quality."
It remains to be seen whether a National Electronic Health Records system will produce any or all of these claimed benefits. I would note that in a study of medication errors in 2003 which was released in the last few weeks and summarized in the American Medical News, computer entry and other electronic errors far outnumbered the medication errors caused by illegible or unclear handwriting on paper prescriptions.
So substantial implementation problems will still need to be addressed under any system.
Even assuming that the promised benefits from electronic health records will be realized in terms of safety and efficiency, there are very serious challenges for health privacy and confidentiality raised by creating a cradle-to-grave, comprehensive, longitudinal electronic health record for every person in the United States.
Some of the privacy protections that we now have are the direct result of the fragmented nature of health records. When an individual moves from one city to the next, his or her health records do not automatically follow the individual, and new records can be generated with new providers. In addition, patients who want to get a second opinion from a physician without the second physician knowing what the first physician recommended may now do this easily.
So the lack of coordination and integration, clearly a deficiency in paper-based systems, may also have positive unintended consequences.
I believe that realizing the benefits of electronic health records while protecting privacy and confidentiality is one of the greatest challenges to bioethics and health policy in recent years.
Numerous questions come to mind. For example, what level of patient control over the contents of the records will be permitted? If too little, patients will have insufficient privacy and may object to the system as being overly intrusive. If patients have too much control, then health care quality may be jeopardized.
Health care providers may believe it is necessary to supplement the electronic health record with additional questioning, and they may even be concerned about liability for medical errors that could have been avoided with greater knowledge of the patient's health history.
The Subcommittee on Privacy and Confidentiality fully recognizes the difficulty and importance of these issues. We have decided to begin our consideration by calling on some of the world's leading experts on health privacy and confidentiality to give us background and perspective and to help us frame the issues that we will need to be pursuing through our next sets of hearings.
On behalf of the Subcommittee, but especially personally, I want to thank all of you and for now the two members present of the first panel for joining us today and for your willingness to help us try to deal with these issues.
So without further introductory remarks, it's my great privilege to introduce Dr. Thomas Murray, who is the President of the Hastings Center.
DR. MURRAY: Thank you, Mark. It's somewhat chastening to be talking about privacy, health privacy, in the presence of one of the world's great experts and champions of privacy, Alan Westin, Columbia, and I hope in the soon to be presence of Anita Allen, who is one of the great legal theorists about health privacy. But I'll do my best, do it in plain English.
Here we're talking about not all forms of privacy. Scholars distinguish among may different concepts of privacy. We're talking here about informational privacy. It's not the kind of privacy that was at issue in Roe v. Wade; this is privacy about health information.
And I know of no better definition than Mr. Westin's, who talked about privacy as the claim of individuals, groups or institutions to determine for themselves when, how and to what extent information about them is communicated to others. That will be my working definition.
A little background on the state of the electronic medical record in the United States, and I apologize if the Committee is boringly familiar with some of these numbers but I'm not sure that all the listeners or people in attendance will know them.
Among primary care physicians in the United States –
MR. ROTHSTEIN: I think – could we have his microphone turned up a little bit, please. Thank you.
DR. MURRAY: By 2002, 17 percent of U.S. primary care physicians were using electronic medical records. That compared to 58 percent in the United Kingdom and 90 percent in Sweden. So we are not the first adopters.
If one thinks broadly about e-health, you have a number of functional categories:
You have the category of medical records, and privacy is clearly at issue there.
Of communication between physicians, other health professionals and patients. Privacy is implicated there.
Of decision support where individual recommendations might be forthcoming electronically to help providers.
And of knowledge base management, where security is a big issue and if security were to fail, privacy could be pierced.
The electronic medical record is conceived of as being potentially useful in many different venues, in many different ways:
In patient care, obviously.
In population health, by alerting, for example, a health provider that a patient fitting these criteria and therefore this profile should be screened.
In public health, if one could get access to aggregate data.
In health services research and in quality improvement efforts.
In population-based research. For example, in genetic research which is linking genes to health outcomes in places with the enormous databases now available in Utah and the smaller database, but still an important one, in Iceland, for example.
In registry research, wherein particular outcomes, for example, cancers are noted. In registry research, by the way, it has become quite apparent that trustworthy intermediaries play an essential role in having a well-functioning registry, well-functioning in two senses:
First of all, that one can get complete or near complete data in the registry. If you simply leave it up to individuals whether or not they want, for example, their cancer noted in the cancer registry, you will get something less than full population agreement on that. But if you can have a fully trustworthy intermediate and assure the individual that no one will know who they are without sufficient protections, one can have a functioning registry.
There are important barriers to the electronic medical record. Among physicians, many of them find a very stressful learning curve in dealing with the electronic medical record. Primary care docs spend more time with electronic medical records than with paper charts, several studies show. Time spent answering patient email in at least one important study was actually greater than the time saved in phone and office visits.
So many of the miracles we're hoping for and are promising with the electronic medical record are rather like the miracles promised by many other technologies, not least gene therapy.
And I'm told that many physicians don't like to type, though I wonder if that's a cohort phenomenon. There are studies that show this, that younger physicians, being accustomed to using computers, are probably going to be more comfortable with this.
To put in place a full electronic medical record system could cost a practice $50,000 per doctor in the first year. That's a significant capital expense. In one study, at least 10 primary care residency programs purchased and tried to use and then abandoned electronic medical records systems, just finding them too cumbersome and trouble-making.
Other barriers include incompatible and the fear of ever-changing software. Now, I know that efforts to standardize data fields and such in medical records will go a long way towards overcoming that particular obstacle.
Lack of reimbursement. Some places are, I guess, reimbursing or crediting physicians with answering patient email but many people who work in a fee-for-service system, that's just an extra burden on the physician with no reimbursement.
And the last, but the one I will focus on, barrier is the problem of patient privacy.
So, philosophers don't have a lot of tools, but making distinctions is one of our most important ones. So let me lay before you three distinctions which I think are important. I don't know that they're the only ones, or the most important, but they're three that struck me as ones that you are wrestling with, or should be wrestling with.
First, we should distinguish between the issue of control over the content of the electronic medical record and the control over access to that content. It may seem fundamental and obvious, but it's an important distinction to bear in mind at all points, I think.
As we think about control over content, which I think for many health professionals is the more problematic issue because a doctor doesn't want to have less than full information from a patient if the physician is prescribing a drug or prescribing an appropriate treatment or trying to diagnose an illness. Physicians rightly have been taught that they should get as full a picture of all the relevant information as possible.
Giving a patient control over the content of that could result in a less than optimal, and therefore a less than good decision, diagnosis, treatment, drug prescription et cetera for that patient. The health professionals don't want that.
On the other hand, patients may not want certain things in their health record at all, and certainly – I mean, I would wonder if we should take a little survey here – is there anything that could possibly have been in your lifelong medical record that you would not want anybody to know, any physician to know, or any health professional et cetera? Most of us have items that we'd rather not have widely available. So control over content will be important, as will control over access.
I'm not here ready to recommend a particular view of control over content or over access, but keep the distinction in mind, and just bear in mind that you have my sympathy; I think this is one of the great challenges you will have to confront in your work.
The second distinction is to distinguish among purposes of access. For what purpose does an entity want access to all or some portion of your electronic medical record? It might be for your medical care, so in that case, an ER physician who's never met you before and your primary care physician who you've been seeing for 20 years both have the same purpose: They want to care for you in this episode of illness.
But others, of course, may want access to the same information – prospective or current employer, an insurance company, a Federal agency that is investigating potential health fraud, or researchers interested in questions that aspects of your medical record might help important questions, might help them answer. So that's the second set of distinctions. It's distinctions among the purposes for which people might seek the record.
And the third distinction would be the relationship between you, the subject of this electronic medical record, and the entity seeking the information. It could be, in that case, the primary care physician and the ER doctor are quite different. The primary care physician you presumably have learned to trust over these 20, 25 years, knows many of the most intimate details of your life, and that's okay with you. The ER doc you've never met before, will never see again, in fact may have been unconscious throughout the entire treatment. They're both treating you, so the purpose is the same but the relationship is quite different.
And then other relationships. Again we can talk about entities that may want access to your electronic medical record with your best interest at heart, your medical care, and others who have a different relationship with you, like your health insurer or your prospective life insurer or some vendor who may want to sell you a product and they'd be very interested to know if you've ever been treated for erectile dysfunction. Or your spouse's divorce lawyer who may see some interesting ways of improving her action against you if she could get access to your record.
So those are the three distinctions. The control over content versus control over access, the different purposes and the different relationships.
The data in electronic health records are distinctive in a couple of ways. For one, they're persistent, and Mark Rothstein mentioned this. Potentially, if you had an electronic health record, medical record, that began prenatally, that could follow you into the nursing home with every data element intact.
As Mark mentioned today, health records follow us quite imperfectly. If any of you have moved a couple of times and take your children to school and they want to see their immunization record, if you didn't keep that, good luck, because odds are it somehow got lost along the way. That would change potentially with an electronic medical record.
It's also ubiquitous, the electronic medical record, in a special sense, but here I don't mean that it's out there for anyone at any time for any purpose, but it's ubiquitous in the sense that it's not limited by time and place in the way that paper records have been limited. Access in principle is available at any time in any geographical location.
Another challenge that we all face in an effort to move towards a constructive use of electronic medical records is public trust. You probably read today's paper, the Palm Beach incident where the names of people being treated for HIV were emailed out. It's not the first time such a thing has happened; it's not the last time such a thing has happened.
It's not a distinctive problem with the electronic medical record. Back in the early 1980s, the Hastings Center became involved in the very earliest work on the – at that point it was just AIDS; we didn't know what the virus was or even if it was a virus – and the names of people, of gay men, were released in New York City and the interest group that represented those men who were all gay people in New York City urged no collaboration whatsoever with researchers because they didn't trust them anymore, and we were brought in to help come up with a way of protecting the privacy of individuals and yet allowing researchers to go forward with the necessary research which was going to benefit everyone, including that population. And that didn't require email, but email makes it easier information to be transmitted.
We're also going to have to assure people that the technology works reliably and well. I was just in Davos at this World Economic Forum, which was rather an interesting experience – quite a strange experience, if any of you have been there; I found it quite strange.
And Hewlett Packard provided everyone with a Davos Companion, a little IPAQ hand-held, wireless hand-held, so you could closely keep track of your schedule and send and receive emails and the like. And mine failed by the last day and I talked to another colleague and hers had failed, and so I think we need to be assured that the technology is going to be stable, easy to use, and reliable.
Now, I don't know that there's any connection between the failure of the Davos Companions and what happened to the head of HP a couple of weeks later, but I just note the coincidence.
So to give you a sense of how I think people might view the electronic medical record and why they might have privacy concerns, let me give you a hypothetical patient. Call her "Amy."
Amy had enurisis; she was a bed-wetter at age five. And so her parents took her to the pediatrician and the pediatrician examined her; you know, found no significant physical problems. Eventually that problem went away. But that's now on her electronic medical record.
At age 12, Amy's father discovers a pack of cigarettes in her room, marches her over to the doctor again; in fact, Amy's been taking up a little bit of smoking. They try the nicotine patch. That's all in her electronic medical record.
At age 15, an acquaintance of Amy pushes her to try – pick your drug of choice, illegal drug of choice. Amy becomes frightened and thinks I really – I tried this a few times, but I'm scared; I really don't want to get hooked on this drug. I want to go to my doctor. But if I go to my doctor, is that from now on permanently in my electronic medical record? What will that mean? And for a 15-year-old, you know, life is wrapped up in the next moment – I mean, it's hard. She may not be thinking ahead to her first job or later life choices, but she may still be frightened of going to the doctor, particularly if she believes, not knowing, if she believes that this record is permanent and indelible.
Let's say she goes. Now at age 23, she's been out of college for a year, knocking around, doesn't really have the kind of job she hoped for; she's a little discouraged and she has a bout of depression. So she goes to see her physician, who diagnoses a clinical depression, mild case, and prescribes the appropriate medication for it. That is now a part of Amy's electronic medical record.
Other people, Amy's friends, may be less willing to go to a doctor for fear that a diagnosis of depression would be entered into her record and that that might come back to hurt her later on in her life choices.
So I don't think I've solved anything here, but I've made the distinctions, and I hope they will be helpful, something that I think this group probably understands very well, but I'm not sure that everyone understands, is that the medical record, including the electronic medical record, is not a unitary thing.
We talk about the medical record as if it were one entity and everything in it is of an equal status. We can't think that way any longer. We have to simply disabuse ourselves of that over-simplification. The medical record, including the electronic medical record, would be composed of a welter of disparate types of information, some of it very time specific and of no continuing interest, most of it quite inane for most of life purposes, but some of it will be exquisitely sensitive.
The questions of how to understand that medical record, how to identify sub-categories within that record – and I would say that if you can do that, to the extent that that is accomplished, that would be an enormously valuable thing to do so that we have not an infinite number but a relatively small number of major categories of information that are attuned to the sensitivity and other major dimensions that would be of interest to the subject of the record, the patient, and to health providers.
The reason I'm hammering home this point is in the debate over Social Security, privatization of Social Security, one of the issues that's come up is that people don't deal well when they're given a huge variety of choices. They tend to tune it out.
So to find some way, and this would have to be actually studied empirically, coming up with a sort of good number of choices which would be a handful or a couple of handfuls probably at most of categories. You don't want people to judge all 400-plus categories in the medical record. You want them to have a handful. You can say this, I'm comfortable with this purpose but not for that one, this user but not for that purpose. That will be important.
So issues about control over content will be a challenge. The control over access will be a challenge. And finding those categories that will make whatever choices we decide are in the end in the interest of people, that will serve their medical interest but will also permit them to make sensible choices and not be overwhelmed and bewildered by those choices. Those are, I think, key challenges that you face.
Thank you.
MR. ROTHSTEIN: Thank you, Tom. Appreciate the comments, and we will go to questions after Bartha's talk.
I've been informed that Anita Allen will not be able to join us this morning. She is unfortunately ill. I don't know what's wrong with her, and even if I did, I wouldn't tell you.
[Laughter.]
MR. ROTHSTEIN: But I do with her well and we will certainly make use of her prolific writing in this field and perhaps even consult with her personally to get her input on this.
It's now my great pleasure to introduce another one of my good friends and colleagues from the University of Montreal, Dr. Bartha Maria Knoppers.
DR. KNOPPERS: Good morning, everyone. Not being a techie, it's only proper that I'm having difficulties with – you all have the PowerPoint in front of you, so I will speak to it rather than read it out. And my background is largely in research ethics and the laws of different countries around the world with respect to medical data for research purposes.
I think the reason that Mark invited me here today is because there is an increasing number of international trials, increasing number of patients around the world involved in these trials, and the need for comparability of data and a flow of data between countries, researchers, and obviously, if participants are participating in research, they should be able to benefit from those trials. So we will look at these European approaches, see what lessons have been learned, and then
I'd like to make some concluding remarks which are not in the PowerPoint which you have in front of you.
Now, I need to remind you that the European Union on which I will largely concentrate now has 25 countries, and so we are talking about a legal entity that actually prepares directives or conventions and laws and so on and has an effect on a great number of countries, so look at it in a way as an example of the difficulties you would have with a national approach, considering the fact that the states usually have jurisdiction over privacy and health legislation within their own area, within their own geographical and political area.
So I begin with a few general remarks, look at health data, how it's treated, the effect member states have – we'll only look at one country, France, the problem with what we call "extra-territoriality" – what happens when you want to send data out of a given legal system to another country, specifically from the European Union to the United States or from the European Union to my own country, which is Canada? And then conclude, as I said, with personal remarks.
Now, all the countries that I'm dealing with have universal health care systems, but I wish to tell you that it's not because there's universal coverage or a two-tier system in some of the countries in question, that the issues of privacy or electronic e-records or the use of medical data is any different. It's surprising to see in genetics has shown us this, that the Europeans were much faster to regulate against genetic discrimination even in countries with a universal health care because they saw life insurance as being a socio-economic right and did not want insurers in countries such as Belgium and France and so on to have access to genetic data.
So in 1995 already in Europe we've had the directive which I state has legal force on the processes of personal data. And health data is seen under this directive as sensitive data but is included under a very broad notion of personal data.
And the effect of the directive was to force countries in their domestic national legislation to harmonize with the directive and to be in conformity with it so as to offer an equivalent level of protection in the countries that were members of the European Union. So that's 10 years ago, also very important because the ultimate goal, of course, is to have what we call portability, to be able to go from one country to the other within the European Union and have equivalent protection, equivalent rights, and equivalent treatment of medical data.
Now probably for me, but that's just – and it'll come back in my conclusion, the most important thing about the directive is that it incorporated the principles that were found in the OECD guidelines on the protection of privacy in trans-border flows.
And the reason that it's important is people often fail. You and your principles, you know, because I'm always working on ethical codes and principles and so on; it's just political, you know, decoration, window-dressing, whatever. And yet, if you look at the power of these principles over time, not only are they reflected in the European directive 15 years later, but the majority of countries within Europe obviously harmonized and incorporated the principles but other countries outside the European Union were equally inspired to adopt these principles. You can see the power and the flexibility, not limit to any one technology that principles have.
So, it's a negative principle, the one that deals with health data; it's not a "you may" – it's actually "you may not" unless specific and suitable safeguards are there. And this is a non-limited list. In other words, there can be additions made.
One obviously, which is now subject to contention – I'll get back to that – is the explicit consent except where you have laws that authorize, such as either national security, public emergencies, state surveillance programs and so on that constitute legitimate because they're already in the law's exceptions to the need for explicit consent.
For those who are weak or vulnerable or incapable and so on, it's their vital interests that need to be protected, and so consent is listed for that as well.
So you have the overriding power of the state, you have the protection of persons, and finally, very large exception as you can see, the processing for the purposes of preventive medicine, medical diagnosis, the provision of care or treatment, or the management of health care services, provided it's by a health professional subject to professional secrecy, and I'll get to professional secrecy in a minute.
You cannot run health care systems – I'm talking at the level of systems – without having to come in. I mean, they're going to do your blood type, they're going to do routine tests. A system cannot work, you cannot be cared for, if there aren't this basic exception, if you like, to explicit, written – or it doesn't say written, sorry – explicit consent by the individual.
And of course you have that additional protection of professional secrecy by those health professionals involved.
Now, France even prior to the directive had already adopted in 1978, so it's even much earlier, a loi – if there are no official English translations in titles, I don't usually put them down, but loi relative to informatique, its informatics, fichiers would be files and freedoms, or dossiers, let's say, and freedoms, recently modified in the 6th of August, 2004.
They already had the wording that eventually found itself to the European directive and applied it to public and private sectors, because in European countries you can still buy additional health insurance or buy additional kinds of private services and so on if you have the means. I think that is not allowed in my own country.
The prohibition of the Article 8 of the European directive 1995 was reiterated in the recent August 6, 2004, law in France. So again, it's a negative principle, and here they talk about express written agreement. The same provision to protect the vulnerable person, the same article about processing, so again as a state possibility of overriding and a systems one for overriding if there's a health professional subject to professional secrecy.
But what we have are two interesting new additions here. One, exception for processing for research in the health sector and the possibility of anonymizing data without express consent, now written, if you get the authorization of the CNIL. The CNIL is the national commission for informatics and freedom, and this was created way back in '78 with the earlier law.
Now, we'll have at a look at this processing in the health sector. It's obviously necessary for quality assurance in any given health care system; you have to have data to know whether you're cut off for different tests are accurate and so on. In a health care system, you have to have surveillance data and incidence data to know whether is HIV going up, is it going down, are there pockets in the country that are at higher risk for environmental or epidemiological or other reason. So there is a reason for including research in the list of exceptions.
One comment on anonymization, if I forget to do it in my conclusion: Anonymization is legally and ethically expedient; it gets rid of a lot of problems. It means that you use various – and there's a slate of about 32 different terms in documents unfortunately around the world that's irreversibly anonymized, i.e., enough identifiers have been removed that you cannot retrace an identifiable person.
Now, we all know that it only takes seven snips et cetera, et cetera; we all know that there's no such thing as impossible in the world of computers and snips and the like. So let's say in a practicable, reasonable context it works.
But it works to the detriment, one of science in the long run, because once you've anonymized, you cannot update that data because you can't trace it back to anyone. So if clinically something changes, whether a person dies earlier or never dies at all or never develops the disease, you won't know; the data is static in time.
And secondly, so scientifically your shortchanging yourself, after five years the data's good only for controls; it's not good for anything long-term.
And you may be even shortchanging the individuals whom we're trying to protect sometimes against themselves because their participation in research then does not achieve the goal which usually is to find some sort of therapy or at minimum a test for certain conditions. So it's easy to get it through the larger half – the ethics committees are happy; but think about the goals before you do it.
So when they added this research exception in France, they also created another committee, and this one is the consulting, or advisory committee, I should say, on the treatment of information in research in the health sector. And it was under the Research Ministry that this committee was created, because the CNIL is a big, large commission that they've had since 1978; they're not experts on health research. And just because they'd be doing informatics and personal data processing opinions for 25 years at least doesn't mean they understand the particularities of health research that uses patients' medical records and so on and research feeding back in member clinical trials, feeding back into the medical record.
So they've created the committee since August 8th – the 6th, sorry, 2004 – to examine the requests for processing of health data for research. And they give an opinion on the research methodology. So they'll build up a corpus of knowledge, if you like, that makes them particularly – well, hopefully – well informed about this domain.
And they give their opinion prior to going to the big body. You can get stopped right there where you're processing of health data as an exception to the explicit written consent or presence of a law.
So once you have this opinion and the authorization of the CNIL, notwithstanding the rules of professional secrecy, you still have certain conditions. If the data allow identification of any way, you must code the data, so obviously that's a minimalist protection, what I would call it; except obviously where people were taking drugs and you have to find them and follow them in pharmaco kinds of studies and so on.
But the results, once published – again, to me this is obvious – but they have to put it in to not allow the identification direct or indirect on the data subject. But they create a possibility of opposition.
Opposition is not the same thing as consent and refusal. Opposition is about at the level of assent and opposition. So you oppose, but they won't deliberately go out and deliberately and seek your consent if you don't want to have your data used in a research and any processing. Interesting to see what will come if anyone will oppose. And then you can obviously suffer the sanctions of the higher body if you fail to respect such an opposition.
So what's happened with other countries, then, because this is 1995. The science found its way obviously into many international trials. You could only export data from countries, members of the European Union, if the other countries offer an adequate level of protection. So how do you evaluate if they're offering an adequate level of protection?
Well, it's written in front of you – the nature of the data, the purpose, the duration, look at the rules of law in the countries – the general ones, the state ones, the security measures and so on. And every country in Europe in its own legislation has this sort of extra-territoriality. It's very rare that a law goes beyond their own borders and says "you can't do this other countries unless you follow these rules." You can imagine the chilling effect that this had in 1995.
Let's look at the United States then, a minute. What happened then in companies, international and others, or research projects that were international?
Well, there was the beginning of negotiation with respect to recognizing whether the United States or member states or whatever, states within, met the levels of the protection offered by the directive. So we waited till July, 2000, to get a decision from the European Commission on the adequacy of your privacy principles and since then obviously HIPAA has come into effect.
Just a brief reminder of what the Safe Harbor Privacy Principles are and we'll move right on then to the frequently asked questions that you can find on the website.
If personal data are collected in the European Union and they're transferred to the United States for pharmaceutical research, do member state laws apply or do the Safe Harbor Principles apply?
And the answer then on this FAQ from the Commission was that the member state law applies to the collection and processing prior to the transfer, so you have to meet your own laws before you transfer. The Safe Harbor Principles, however, apply to data once they've been transferred to the United States. And again they come up with the year 2000 -- data used for pharmaceutical research and other purposes should be anonymized when appropriate.
So what if you've been recognized in another country and an individual in Germany, let's say, wants to withdraw the data and the data's already sitting here with a research group at Johns Hopkins, so what happens to an individual's data if the person wants to withdraw? This is a universal, Helsinki declaration. If a person wants to withdraw from research, he should be able to do so.
Or the sponsor might want to withdraw someone for reasons by looking at the data that a certain group of participants are more vulnerable. So participants may decide, or sponsors may decide, to withdraw. Any data collected previous to withdrawal may still be processed. You can't really go back and start taking stuff out of data sets; it makes absolutely no sense and you probably can't do it. And along with any other data collected as part of the clinical trial. If this was made clear to the participant at the time that they participated that data collected prior to the request to withdrawal could not be removed but that you would stop using it at that particular time.
Final frequently asked question that comes up is: If you're key-coding at the country of origin and the country to which you're transferring health data cannot access the key either through a custodian or by contract or any other way, get back to unlock that code to identify the person.
So let's say a company here does not have the key; it stays in Germany. If the unique key code is held in the country of origin so that he or she could only identify research subject under special circumstances, i.e., maybe needed for medical care, some toxicity of a very small group or particular individual is discovered, does it transfer from the European Union to the United States of data coded in this way constitute a transfer of personal data? No. In other words, the whole directive would not apply to such data.
What about my own country then, Canada, where every province has jurisdiction under the Constitution over health?
Well, we asked the European Commission as well whether the new Canadian Personal Information Protection Electronic Document Act met the equivalent protection, just like the states needed to know in the year 2000.
And what's interesting is that personal health information under this Act includes not only information but you can see under C information concerning the donation by the individuals of any body part or bodily substance. So in addition to health services information, physical and mental information, or any kind of other, you'll see that samples, what we call "wet data," are now subject to this Act.
It's interesting about this Act -- it wasn't even supposed to apply to health; it was supposed to commercial activities in Canada. But commercial activities are sort of seeping in in the sense that with research, a lot of it's a public/private sponsorship. There's always a company there usually. It's very rare that you have a 100 percent publicly funded, non-commercial, whether it goes from buying servers or paying for communications or whatever, as soon as you have a commercial entity somewhere, it fall under commercial activity. So we end up with a law that wasn't meant for health data applying to health data.
Now, another interesting feature about this law is that to insure flexibility over time with additional technologies or new knowledge coming up, they attached to the law as an annex but as part of the law the Canadian standards association code on the protection of data.
Now, codes, as you know, as set by CSA or ISO, let's say, can be modified and changed over time to take into account new technologies or when knowledge changes, if you like, or new protections are required or old protections become redundant, which means that by changing the code over time, you don't have to go back to Parliament and start to read the whole legislative process. Annex is part, but it's "professionally" kept up to data.
We also have a tri-council policy statement covering all research involving all research – demographic, medical, historical and so on – involving humans, which is being updated, as you can tell, by the Canadian Institutes for Health Research draft Privacy Best Practice Guidelines.
The statements of ethical conduct in 1998 are increasingly seen as over-protectionist and paternalistic, i.e., since 1975, the twin pillars of privacy and autonomy have reached a point where health research, which is more for finding out things about certain conditions and not necessarily individually oriented, was seen as hampered by the need for explicit individual consent.
So it's going to be very interesting. All kinds of epidemiological research – leftover blood spots in newborn screening programs were batched together by the thousands so you couldn't figure out where they came from and we were checking for HIV prevalence. Well, because of the explicit consent, that whole program was dropped. So we have no idea if HIV is going up or down. You can see
how this privacy autonomy when taken to extreme individual autonomistic sort of extremes can harm, if you like, harm the individual and thwart the role of the state to protect, prevent and promote health.
So these are the principles, then; I won't go into them.
And finally, then, for Quebec. It's a province, well, let's say state, can show that their internal legislation meets the substantial equivalent – it's sort of like what the European Union did with their directive – then provincial legislation or state legislation does not have to follow. You can follow your own internal, once you've proven substantial equivalence. That's an interesting mechanism as well.
So in conclusion, in the 25 member countries of the European Union, health privacy is a fundamental human right. In countries of civilian tradition – so the countries that followed the Napoleonic Code and I suppose the Common Law tradition such as the U.K. or Australia or Canada except for Quebec – not only is privacy a fundamental human right, it is what they call a subjective right. It is found in the civil codes of most of these countries in the chapter on the rights of personality, distinct as rights concerning goods or objects or other chapters in civil codes.
If it's a subjective right, that means you don't have to show harm when you consider that there's been an infringement or a breach. You do not have to show any economic or other loss. So it's an automatically what we call actionable right. And this makes it very powerful. At the same time, privacy, like honor, which is in there, like reputation, which is in there, is amorphous, it's ambiguous, it's hard to define.
And it's also found in all the countries as a constitutional – in the German constitution, for instance, right, and under private law, in different statutes.
So for concluding remarks that are less on the European Union or on France or even on Canada, and Tom already mentioned some of these issues with transfer to e-records, concerns over content, concerns over access, and I look at it more concerns over the quality of research, for me, that's quality.
Use of data, data transferability, is extremely important. And we have several barriers to this. If we're looking at some of the large international studies or even if we look with comparison, let's say, between population studies that are emerging, population studies that involve large cohorts where let's say the U.K. bio-bank, 500,000, they want to build a resource, it's not a research project. They want to build a research infrastructure, a research tool, a research resource based on data that would be at the level of let's say normal genomic variation before you get different diseases, testing themselves against this background, you cannot build these infrastructures, you cannot build these resources that have no immediate benefit for the person, that are really longitudinal studies that construct research tools against which you can then later do your hypertension, your diabetes, your cancer studies. You can't build them with the current ethics and legal requirements surrounding research.
And we've run into a problem, that the protection of privacy is such that, to coin a phrase, we've run unto semantic inoperability. We cannot compare data because enter it differently, they protect it differently. What's called de-identification under your HIPAA, you find it under the international code on pharmaco genomics as meaning double-coding, which is totally different.
So people are using irreversibly anonymized, delaying anonymized, truly anonymous, de-identified, traceable and so on, and we can no longer know whether we've got equivalent levels of privacy and protection.
We need a concordance, we need a language that we can understand – double-coded means back there; we're not saying everybody has to use the same words. We need to know, to protect privacy, what we're talking about.
We can never validate, we can never gain statistical significance, if we can't understand how we're protecting privacy.
Secondly, the whole issue of consent, explicit consent. The OHRP here in the United States at the end of August put out a very revolutionary, if you like, statement on if certain conditions were met with respect to research with codes, with data holders, with contracts and so on, that an explicit consent was no longer required because a person would not be identifiable, and you're only a person under law, for privacy purposes, if you're identifiable.
So this whole notion of consent, broad consent, authorization, is major.
Thirdly, we're getting to the issue of portability in Europe and Canada as well. Smart cards or administrative – all the countries in Europe, if you're a Portuguese person traveling in Italy and you have a car accident, how to insure with the eventual harmonization that they're looking for that you can give your card as a Portuguese and get treated in an Italian hospital as a member of the European Union. And I'm not even talking about adding a few little basic medical data such as allergies and so on onto that; just talking at the level of an administrative health card.
And in closing, since there's a lot of people here from public health and from WHO, I'd like to make a plea in your privacy considerations not to forget the need for accessibility to certain minimal data not on persons but on populations for public health purposes.
This is extremely important. We saw with anthrax, we saw with SARS in Canada, we will see it again with the Avian flu, that unless we get used to a citizen providing the state, who's supposed to protect, promote and prevent, needs a minimum amount of health data to fulfill that role.
And people will turn to the state and say, "Why didn't you do this?" And you're going to say, "Well, we didn't get your explicit written consent. We couldn't follow you. We had no idea what was happening in the country. We couldn't think ahead. And we were waiting for WHO to come out with their international health regulations."
So there's a plea here to make sure that we do live in society, we do live in relationships and in communities, we do travel on airplanes, and there is that public health aspect that needs to be kept in mind.
Thank you.
Questions, Answers and Comments
MR. ROTHSTEIN: Thank you very much, Bartha. Both of you have raised so many questions, it's hard to know where to begin. But I will, and I'd like to ask one question first to Tom and then see what see Bartha's response as well is.
I think fairly over the last 30 or so years, one of the dominant themes in law and bioethics is autonomy in health care, that a competent adult has the right to decide whether to see a physician at all – and now I'm leaving aside public health issues – whether to see a physician at all, whether to comply with the advice given by the physician, and even to the extent of lifesaving therapies.
So my question is: How do we work in to an electronic health record system the notion that we have built up of patient autonomy so that an individual level one could say that you have a right not to go to the physician if you don't want to? You could also say that the physician has the right not to treat you unless he or she has sufficient data from which to base a diagnosis and treatment. But clearly there is going to be some level of autonomy in the individual relationship between a particular patient and a particular physician where they could in theory at least negotiate what is done with the results of the information; that happens all the time today.
So given that dominant ethnical principle at the individual level, how are we to give, or maybe oughtn't give, any effect to that at a societal level when our task is to try to make recommendations about the level of privacy and, I would add, inevitably autonomy, that individuals should have, or might have, in the electronic health record systems. So I'll just begin with that simple question.
DR. MURRAY: That's a lie; that is not a simple question.
[Laughter.]
DR. MURRAY: That goes right to the heart of the problems that I think you face.
You're certainly correct in identifying a major theme in the whole field of medical ethics over the past 35 years, at least dating back to the birth of the Hastings Center in 1969. And that is a concern for empowering patients in the relationship with physicians. The bete noir was the paternalistic physician and the hero was the autonomous patient.
That was a horse that people rode for about 20 years very successfully. It turned out to be a bit of an oversimplification of this complex relationship between patient and physician. It was an important corrective because at that time few people were standing up for the individual autonomy of patients.
How do you integrate that now into our understanding of what to do about health records?
We clearly need to be very sensitive to the interests and reasonable and informed preferences of patients. Those are important qualifiers.
It is true that a patient today could go into a physician and give minimal information and request treatment. It's also true that a physician could refuse to treat a patient on those grounds, right?
Back 25 year ago when we did the first study on drugs in sports at the Hastings Center, not how to use them but the ethics of performance-enhancing drugs in sport, I learned that the first question that a savvy trainer asked when you ran out on the football field after a player was injured was, "What have you taken today?" because you didn't want to give the player drugs that would interfere with drugs that would interact with drugs that they were already taking.
So, I mean, a good physician would probably want to say, "What are you taking? Before I prescribe anything to you, what are you taking?" That has to be negotiated, and there is a certain amount of – there's complexity there. There are issues about professional integrity of the health professional that I think are weighty and there are issues of the autonomy and privacy rights and interests of the patient. All of them are important.
Bearing that in mind, I think it goes back to the distinctions that I tried to make earlier. The challenge that you face is figuring out to what extent patients would have control over the content of their record and over who has access to sub-areas of content within that record.
I don't think a once-for-all answer except to say that the interests you've identified are in fact legitimate and significant interests.
MR. ROTHSTEIN: Bartha, would like you to comment?
DR. KNOPPERS: Yes, and I'll start with Tom's last comment and work backwards.
I totally agree with his concluding remarks, his previous concluding remarks that he just reiterated about the idea of breaking up levels of privacy protection into categories and selected – in other words, creating a hierarchy, if you like, within the medical record by broad categories, as opposed to saying "no access at all" or total control by the patient as to what's in or out, which of course would be a medical disaster.
I would also argue in favor of elaborating broad principles for electronic records rather than leaving the SOPs perhaps to the IT experts as to what kind of procedures best respect those principles.
Your statement about autonomy still being the overriding, if not prevailing –
MR. ROTHSTEIN: I didn't say "the," I said "a" –
DR. KNOPPERS: A, all right. And, as Tom said, empowering the patient, moving away from the sort of formal imperialist or authoritarian or paternalistic or whatever people called it.
We've had 35 years of this, and I'm still a believer in it, and as Tom said, provided that autonomy is exercised in a reasonable and informed way.
The new emerging glory of that, as you see mainly in Europe, is the right not to know, which has now found its way into charters and constitutions and so on. Difficult to know how much information you have to give someone to exercise the right not to know so that the giving of fully informed consent as to what they don't want to know without giving away what they don't want to know. So this is a quagmire in terms of legally trying to figure this out.
I would argue that autonomy has reached an apex in terms of individual preferences, individual exercise, individual choice. I now see a large margin of autonomy being taken away ironically by the overriding preoccupation with privacy. In other words, either legally or through ethics committees, we're starting to protect people against themselves.
If I want to give a broad consent to a particular longitudinal study and I say as long as there's continual ethics review, annual audit, and the research question, you know, is not something in one of these following areas – let's say bioterrorism or some areas that personally would go against my values, I want that consent to be valid over time. And it's not specific enough for most ethics committees and so on and so they will say, "To protect your privacy, we're not going to allow you that consent."
So we're now in an ironic situation where privacy which was once seen as a liberty interest, in some countries privacy is seen as a freedom close to autonomy, yet is being undermined by second guessers in the name of privacy. So – I'm not sure if I answered your question at all.
MR. ROTHSTEIN: No, but I'm not sure you did, either, but I liked your comments.
[Laughter.]
MR. ROTHSTEIN: And so let me recognize my colleagues who may have questions. Dr. Harding?
DR. HARDING: Well, thank you both for beginning this very good discussion.
During the last 10 years, we have discussed this sub-category issue, or sub-classification, in electronic medical records, and it's been called various things, especially sensitive information and so forth; you know, talking about OB-GYN, genetics, infectious disease, mental illness and so forth, those kinds of things.
Dr. Murray, you were mentioning sub-categories and then trying to limit choices of those sub-categories to a reasonable number, because if you have too many, it gets out of hand – or did I kind of extrapolate a little bit from what you were saying? But if you both could comment on what you see as the sub-categories and how they might be utilized, I would appreciate it.
DR. MURRAY: I don't think I could add much to your deliberations on the question of what are the appropriate ways of parsing out this data and creating the sub-categories except to say that whatever good ideas we may have about how this ought to be done. Say we end up with seven sub-categories of data – I don't know what they are. One's going to be psychiatric and psychiatric-related. Another may be reproductive health-related. But they may be just segmented off from other categories.
What I would suggest is that we should take whatever our guesses are how to chunk these, how to parse these, as a hypothesis to be tested empirically and bring it out to patients, the public, through various ways you could test things and look at opinion surveys and focus groups and other ways. Try it out with health providers; does it work for them? Does it turn out to be a sensible way to enter and process data and use data to do optimal medical care for them? I would take it as a hypothesis.
One lesson I think we've learned in bioethics is sometimes people have had wonderful ideas that look just great in principle and they flopped completely and sometimes even worked the other way. I mean, the idea of the so-called "required request" for organ procurement for transplant, we thought the barrier to getting more organs for transplantation was that doctors weren't asking the families of dying patients. It turns out that when they require doctors – we've passed laws requiring doctors – we got fewer organs, because doctors resisted and kicked back and it just didn't work.
So, any great ideas we come up with, we need to road test them. So that's one thing I'd say.
And my point about the number of categories, it's simply an acknowledgment of the limitations of human information processing. More choices, the menu gets very long, people's choices, if anything, may become less informed.
And I mean less informed by their own standards in the sense that in the end you say, "Here's what you did; my God, I didn't mean that to happen. What I really wanted was this." So we need to do is present an array of choices that are optimally designed so that when people exercise choice in these ways, they get the results they had hoped for. And if they had been wiser and could see ahead, they're the results that they would be pleased to live with.
And that's not a trivial task. It's not one philosophers are going to solve for you.
DR. KNOPPERS: If we do have categories, they would have to be reviewed. We'd have to make a concept on them automatically written in.
For instance, 50 years ago, if you had the "big C," you didn't talk about it. I mean, and in a lot of European countries still today, victims can hold back and cannot communicate such what they call "fatal prognoses" under their codes of ethics.
So what is sensitive today might actually be considered normal 10 years from now, and the hope is that genetic data and psychiatric data will just be normal data, part of the human condition, and a lot of the stigma that's associated with it will disappear.
So those sensitive and so on would have to be reviewed.
Now I remember what I wanted to say here – then I get off in another – in terms of privacy to sort of match without seeming paternalistic, a really neglected area is the de-entological, or professional, ethics, not just a code of code of conduct in a professional sense but actually legally actionable. In other words, if you have professional secrecy as in Europe, it's not only in their codes of psychiatrists, physicians, nurses and so on, all those handling health data in their own professional codes, so they're subject to disciplinary, but it's also found in other statutes as well.
In France, it's in the criminal code. In other countries, the right to professional secrecy, the obligation of the professional is actually in the constitution. They've raised it to a higher level. In other words, you'd better protect data not by asking the person all the time what they want but actually imposing on the health professional this very serious obligation of professional secrecy to avoid breach. I mean, I think that's a window that we haven't really sufficiently explored, how to up, if you like, the legal obligation surrounding professional secrecy.
MR. ROTHSTEIN: Mr. Reynolds?
MR. REYNOLDS: Excellent testimony. I'm not sure whether to run out of the room screaming before the rest of the people speak or what.
[Laughter.]
MR. REYNOLDS: That's not that I'm not comfortable with privacy.
A number of things that you mentioned, as you look at the privacy rule under HIPAA right now, privacy notices are a big deal there. They're complicated, they're lengthy.
One of the things you mentioned in the testimony was clear to the participant the notice at the time he or she plans to participate, and that's most every time somebody goes to a doctor in the United States when it's not a privacy notice.
And then you're talking about opting out, you talk about we have treatment, payment and health care operations which is another philosophy under which our privacy is dealt with. You mentioned parsing available data, the patient's choice to parse data in or out.
Then we try to get the good medicine and some of us have been adjudicating e-prescribing. You try to get the good medicine and then you anonymize versus de-identify, which is what we call it. And then you have the liability of the doctors involved and so on, based on treaty.
So you gave us a lot of information. With that framework, that's kind of the way we do things here right now, and I really enjoyed understanding what they do in Europe. Where do you start when you think of the electronic? What is the hierarchy? You know, so I mean, there's lots of subjects and one doctor could have a good privacy notice and the other one could have one that would allow them to do a whole lot more but because it's a privacy notice and because it's signed by the patient and everything, they could do it, could fall under certain –
So what is the hierarchy, as we look at electronic medical records, as we even look at what we have currently in the privacy, what's the hierarchy, in your opinion, really approach this? Because you've got to have some starting point as kind of the Holy Grail of what we deal with.
DR. KNOPPERS: Tom was mentioning the idea of field-testing. You might want to field-test one or two different approaches.
My preference would be, since the controllers both of the quality of data, the type of notices, the data that's in there that's correct and not – and Mark's opening statements reflecting the errors may be even greater than on written records which were in open drawers and hallways of hospitals and so on – the preference I think would be to begin with the health care providers themselves and ask them. Say, this is your chance to feed into a future system that you're going to have to live with and be subject to and liable for, for moving this way not only what you think would work; how would you best protect your patients' interests in terms of the confidence that is inherent in the physician/patient relationship?
If you don't have that trust in the – I think it was Tom again that mentioned it – you're not only going to get poor medical care, you're going to get poor medical data and the relationship itself will deteriorate.
So I would go back to starting with the framework of principles of which professional secrecy, or medical secrecy, whatever you call it, is reiterated, reborn, retooled, and becomes a reminder, but in the building of it under this new context of e-records becomes part of the profession's work before the AMA or whatever and actually get them involved in how this could work, because it's really at the family physician.
I mean, I've worked mainly with researchers, but I can see that treating physicians' patients who are eventually involved in the research and the data that comes back. So I would start with a framework of principles, two or three approaches that would translate those principles into different kinds of systemic applications and actually go out there and test them. If you don't get buy-in, if you don't get participation, then you need the consumer, the patients' organizations, involved. Sometimes they don't like what we come up with and it's awful. You've gone through five years of work and you really talked amongst each other but not exactly to the people who are at the front lines, i.e., the physicians and the patients.
And they want quality care. I think they'd worry more about a wrong prescription than taking out the fact that they live on this particular part of town. You'd be surprised what people are sensitive to. And yet if you don't know that they live on that part of town, right next to the iron smelter, that's a very important environmental data. Not a thing about the usual thing about abortion or psychiatry or all these sensitive genetics or whatever, you're missing a piece of vital data. You miss subjective – you know, opting in and selecting and parsing. I'd be very, very careful because there's data there that doesn't look medical but is equally as important.
Marital breakups, for instance. You have three in a row and you don't know it and you've just moved somewhere and you've got a patient in front of you. You won't even be able to diagnose where the stress comes from.
So I would involve patients' organizations as well.
And then actually check out some of these countries that have otonic records such as the U.K. and Sweden and say, "What are the lessons learned?" That would be the third sort of empirical data-gathering, as Tom called it, and say, "What works? What doesn't work? And why?" so that we really use their data for a project that you can't really sort of build yet because you're not there, but they've done it and maybe they've learned something that you need to know.
DR. MURRAY: With no disrespect meant towards the Chair or my friend and colleague testifying or any other attorney in the room, to me it would be a very sad thing if what we ended up with were detailed, legal descriptions that people didn't read but signed anyway. I mean, I don't know how many privacy notices I get in the mail these days from all the different entities with which I deal. How many of you read every single one, every word of every single one that comes in, and how many of you understand all the implications of everything you read now?
DR. KNOPPERS: Even the lawyers don't.
DR. MURRAY: Well, maybe they don't. So that wouldn't be a step forward empowering patient autonomy, right?
If you really are after respecting patients and respecting their liberty, promoting individuality, the kind of the moral foundations that lie behind our concerns for privacy, lawyering it up, as the expression goes, doesn't get us there. It gets the entities off the hook legally, maybe, but it doesn't actually accomplish the human moral goals that all of us here really are seeking.
There's a constant tension whenever you create a consent form particularly for clinical trials today between, you know, wanting to do it in such a way that specifies every possibility in there and so it goes on in boring and technical detail. Few people read it carefully; even fewer understand it.
Try to explain in as simple a language as you can what really is at stake if you agree to take part in this trial. And that's a tension – there's not an easy way to resolve it – and it's a tension that you will face in this, and I just hope that, A, you're aware of the tension, and, B, you will always push against the impulse to take recourse in exculpatory language, right? We want to be as clear, transparent and truly empowering as we can be, thus the shorter menu rather than the massive menu with many other choices.
DR. KNOPPERS: Totally agreeing in deference to all my legal colleagues. Consent has become like a notarized deed. It's absolutely pathetic, totally understandable, and it's just preemptive legal cover-up, and I think we should stick to principles and mechanisms and procedures that translate those principles in an understandable way with the participation of the patients themselves. I totally agree with my colleague on that.
MR. ROTHSTEIN: Other Committee member questions? Michael?
DR. FITZMAURICE: Health information seems to be special. When I apply for life insurance, I've got to sign away things that say they can get any information they want to in order to give an actuarial judgment about whether they're going to make money off of me or not.
Same thing when I get car insurance. Have you had any accidents, any tickets? Do your kids have any accidents or tickets? You have to reveal it and you have to sign away information.
But health insurance seems to be somewhat different. Many people try to work for a large employer where you don't have to reveal any pre-existing conditions in order to get coverage. And so I'm not sure what the range is. Is there a right of privacy for health insurance for health information that doesn't exist for life insurance and for auto insurance? And certainly, people are more resistant to giving out that information.
And my questions. When we were writing the privacy rule, it was very hard and it was hindered only at the last moment in the privacy rule if you have at least one case of the use of contracts between the holder of patient information and the use of that information to protect the confidentiality of that patient information. I guess one would be a business associate agreement.
But what I'm thinking of is a limited data set given to a researcher who in turn signs a data use agreement with the giver, usually a health provider, for the use of that information in research, and it has several different conditions in it – you won't try to contact the person, you won't try to re-identify the information.
And my question is: Is the use of contracts similar in the European Union and in Canada to protect the confidentiality, protect the personal health information, when the patient has not given authorization for its use?
DR. KNOPPERS: For that particular answer, you'd have to look at the laws of every country, unfortunately.
DR. FITZMAURICE: Is there a simple case then where they do have contracts?
DR. KNOPPERS: Yes. There are model contracts, but normally most states would already have legislation in place that would cover sensitive data such as health data and yet not use the language of limited data sets but actually use a body such as in France to approve the kind of arrangement needed for that particular type of research.
So those kind of personal contracts with physicians or entities and eventual users are not the way it's usually done because there's already a legal framework that would dictate – or a body in place to vet it.
DR. FITZMAURICE: Something like going to an IRB for research?
DR. KNOPPERS: But a health information IRB, yes, yes --
DR. FITZMAURICE: Okay.
DR. KNOPPERS: -- in the different countries.
I only gave the example of France but they exist in other countries as well.
A contract approach might work, provided that I think that somewhere there is a minimal content because the access to a limited data set would probably be the institution who would hold the data set that the person, the researcher, wanted. The user, the researcher, knows the particular needs of a protocol, what kind of data, doesn't need all the data, needs certain data.
And to be able to do that without any kind of patient consent or knowledge, or even a notification: "All ye who enter into this institute, we send out limited data sets for approved research protocols" and you presume to remember that, and so you've consented, might be problematic. I think it would be problematic in Europe unless it said, "Contractual arrangements will be permitted under law if they contain the following elements" and then, having passed a law on the public context, the legislature, i.e., the politicians who are in touch with the writings, would know and would have received this.
So I think there is a role for contracts to play, but not without any kind of minimal content required by law.
MR. ROTHSTEIN: Other questions? Oh – Michael, sure.
DR. FITZMAURICE: I want to follow up with one more, and that is, there's a presumption you make, at least in the United States, about opting in versus opting out. There are times when a patient has to opt in, that is, I have to give you my authorization for use of my information if you're going to use it for other than treatment, payment or health operations purposes.
Other times, you have to opt it where it's presumed that you've opted in, such as when you're being wheeled into a hospital and they say, "Is it all right if we put your name in a hospital registry?" You say, "Ah" – they've given you a medication and you're dopey – oh, we gave them the opportunity; that's all we have to do. So we assume that the person did not opt out.
Is there a principle such as maybe autonomy or self-determination that applies to whether you would use opt-in or opt=out, or is it a matter of balancing the benefits against the harm? Is it a weighing versus the application of a principle?
DR. KNOPPERS: Yes, I know it's a really important question. Tom mentioned the Icelandic health sector database. In Iceland, the health sector database law of 1998 was deemed unconstitutional because it presumed an opting in on the part of Icelanders unless they opposed. They weren't asked, but you could oppose, and citizens were supposed to know; it's a small country and there are 50,000 and so on. And it was seen as a way of creating a database of clinical data that was missing from what they already have, which is an excellent demographic genealogical database, and the nation's budding, growing genetic database with explicit consent. That was deemed to be unconstitutional and so the law was declared three years later invalid because of the opting in.
And I think the only kind of opting in that we can really presume, and this is totally personal, would be for routine tests. A hospital can't run if you can't, you know, have basic information for quality control using leftover samples without identifiers obviously for calibrating machines and checking that there isn't Aspergillis in the operating room and all the kinds of things that you need to know to run a quality hospital. Patients expect quality care; they presume you know how to take care of things and run things and they don't really care what their leftover urine is used for.
So that's a different level of opting in that's presumed from being in a dataset without knowledge.
If you are sufficiently anonymized, however, and you're no longer identifiable, then all the privacy law protections from a legal point of view – I'm not saying ethical, but from a legal point of view, would not apply. They're obliged, for instance, for incidence reports to see how many people still in the hallway or how many – so you end up being an aggregate in a dataset. Again, there, I think, you don't need an explicit opting in.
The only kind of opting in presumed might be at that level. I can't see other levels where you wouldn't need a consent or –
DR. MURRAY: That's a terrific question, I think. And I'm not sure that I follow your either/or as to whether it's going to be application of a principle or sort of balancing.
It's a sort of a principle balancing. The categories I was trying to provide earlier are an effort in a way to understand the structure that lies underneath that balancing.
So, for example, it matters what the purpose of getting the information is. It's really important if I show up unconscious in an ER that you know what my allergies are, right? And I can't tell you today, but that would be really important information to have before you start treating me.
So the information, you look at the sensitivity information and the utility of the information in the context of the purpose why people want the information – what's their purpose and what's their relationship with you? Are you in a care-giving relationship? Are you in potentially adversarial relationship with them, say as a life insurer?
So that's in a way the underlying moral structure, aspects of the information itself, purpose and relationship, I think.
Now, there may be more. That's a first pass at this. But that's the way I would think about it.
MR. ROTHSTEIN: Other questions? Yes, please, Bob?
MR. HUNGATE: Kind of an observation to start with. I'm perhaps dating myself, but when I hear the term "autonomy," I think of Robinson Crusoe on his island all by himself, fully autonomous, no issues at all. But most of us don't deem that the life we wish, so we choose to live in a society in a place in a community. But we don't, as individuals, any more understand what we've given up in that, and that's kind of where I'm coming from in this.
Your mention of simple choices made me wonder whether you're thinking in terms of within the system, the categories of information being a limited number of different degrees or whether that is the way in which the patient expresses maybe at the bottom of the HIPAA form the choices they would wish in terms of their degrees of autonomy.
Am I making any sense in relationship to the simple choices that you spoke of? Were those within society or were those at the individual interface?
DR. MURRAY: If the question is this first problem of to what extent and in what ways do individuals have control over the content – not access to the content of their medical records; it was a sort of threshold question that you're going to have to deal with, I think parsing out these, you know, handful or two handsful of relevant categories that pass muster with individuals and with health professionals as being meaningful and usable, useful, that's where you might make decisions about what sort of categories might individuals choose to have or not have in their medical record. And also whether to provide these under certain conditions of access, certain purposes.
It very quickly becomes an extremely complex problem. I don't mean this in a disrespectful way, but I want choices to be meaningful and not really formal, right? Presenting a huge array of choices with many boxes to tick off pretty quickly loses meaning for most of us.
So I would say, you know, let's road-test it, let's make it a meaningful set of finite, relatively small number of crucial choices, so that people really can exercise autonomy in a way that really serves their interest and is meaningful for them and doesn't turn out to be the case where they look back five years and say, "I didn't mean to deny this kind of information to these people. I didn't understand what I was doing." We want people to make choices that they can later take ownership of and feel good about.
MR. ROTHSTEIN: And I think the idea, to pick up on Bob's point, and this sort of goes back to the initial question I asked, is even more complicated technically, assuming that we decide what sort of stuff people will have a right to keep out of their records as to how to do that. So you could imagine not getting the information at all in the first place, having a right to excise that information once it already existed, having the right to modify that information in some way so that you have the diagnosis but not the explanation of a psychiatric condition or you have the effect of, say, domestic violence in the record in terms of broken bones or whatever but not the cause necessarily.
And so even reaching an agreement on what sorts of things, then we would have to deal with the issue of sort of technically how to do that and even making those choices is a reflection on what we consider objectively that someone subjectively might want to exclude. In other words, I mean, if we're really autonomous, we would have 280 million different choices as to what we want, but that's totally impractical. So we're going to have to, as a group, somebody is going to have to make a judgment call as to what it's reasonable to exclude if we want to do that weighed against the costs medically and so forth of doing so.
Steve?
MR. STEINDEL: I just wanted to add to your list. I think we need to consider the transfer of information out of your record to someone else, because I could see where if you're going to see someone for mental health purposes and they're keeping an electronic health record, you might want the information kept in that record but not necessarily transferred out.
DR. MURRAY: Right. To me, that would be the access issue: Who would get access to that particular category, right.
MR. ROTHSTEIN: And at our last hearings, which were not specifically on the National Health Information Network, we spent a considerable amount of time talking about third party access to health information which some would argue is much more of a problem than the unauthorized access to information where anyone with economic leverage over you can require as a condition of all sorts of things that you sign an authorization disclosing your records.
And, in fact, I'm in the process of trying to estimate how many compelled authorizations there are each year and we think it's – I mean, this is a very wide range – between 20 and 50 million. I hope to have a closer number in a few weeks. But, I mean, it's just extraordinary.
Marta?
DR. KNOPPERS: Isn't that where insurers – or let's just even take life insurers and say we're private contractors, we're doing a contract on your eventual death and it's, you know, a statistics game as to who's going to make money, lose money, and so on. Even there where you do sign that line at the bottom, by saying insurers for life insurance purposes will only have access to the following categories, a lot of the fear -- and the economic version, you can't get a mortgage or buy a car or get a loan if you don't have life insurance; you need life insurance in order to get another economic good. So it's an entry point for other economic goods in society but it's a forced disclosure of something that is really quite intimate to the person.
So you can say, okay, insurers, this is the game. We know you're private and premiums have to be, you know, no adversarial selection and so on and so on, then have them only get limited categories of access to data that they really need for their actuarial tables.
MR. ROTHSTEIN: Well, and the same thing could be argued for employers –
DR. KNOPPERS: Same thing, same thing.
MR. ROTHSTEIN: -- and so on, but the problem is that at the current time, with a paper-based system, there's certainly no practical way that this can be done. I mean, it just would be cost prohibitive, time prohibitive, and so even when they get them with limited authorization just as a matter of convenience, health care records holders tend to send everything because it's so much easier.
And unless we build into the electronic health record of the future the capacity to limit the fields of disclosure, something that is quite daunting, I would add, in many cases, we'll never have that capacity, and my understanding is that is not even currently being done.
DR. MURRAY: That seems to me a fundamentally important thing to attend to now. Again, maybe it's identical with this notion that I've been promoting of having, you know, a finite number of categories of information in terms of their sensitivity and utility or I would hope it's the same thing, but for example, a life insurer doesn't need to know if you and your wife needed to consult an infertility specialist in order to try to have children – right? – unless they can show good actuarial data that that is somehow of predictive in a way that they will use. Can we then find a way to construct, you know, data sets that limit? They would be limited data sets not in the sense that Dr. Fitzmaurice was talking about, but only the relevant data goes to you.
If we could do that, then we could actually improve some aspects of personal privacy with electronic medical records over the current paper record, which is actually as you've described it, the use of those records.
MR. ROTHSTEIN: Yes. Yes, I mean – and I'm very anxious to hear from Alan Westin after the break about public views on this, but I think a common misconception is that electronic health records pose this tremendous privacy threat when in the context that we're talking about, it represents a great hope or possibility of protecting privacy but only if we seize it, and I for one certainly advocate for doing so.
Other comments? Yes, please. Beverly?
MS. DOZIER-PEEPLES: Along the same lines as the life insurance, you mentioned in the beginning of your presentation that some European countries were early to get on board with privacy laws to protect the genetic information for this reason. Could you just kind of briefly describe what that looks like? I mean, is it an anti-discrimination type law or is it restrictions on what information insurers can obtain, or what exactly does that look like?
DR. KNOPPERS: Okay. There's three or four different approaches across Europe.
The first was Belgium in 1992 which put it in their chapter in their civil code on insurance, simply saying there will be no access to genetic data for life insurance purposes – stop. This was interesting because there were protests outside the Senate at that time by people complaining that their condition hadn't been labeled genetic, i.e., they were being discriminated against because insurers would have access to their data. There's one established. So you can legislate it simply with the problem that that leads to.
Plus, all of the approaches, and there's three more, that actually put genetics separate make it seem as though genetic data is not medical data, something different, which leads to exacerbations of stigmatization and discrimination and reinforces the idea that there's something spooky about genetic data.
A second approach is a moratorium. This is when insurance companies wanted to forestall – because once you get it into law, it's really hard; civil codes don't have sunset clauses, they're not statutes. And so voluntary moratoria. Sometimes time-limited because they wanted to open it up, but maybe they could change their mind in the future. But in France, for instance, until the recent laws, they had a moratoria; now it's in the law.
But there's still countries that have moratoria. Holland, for instance, has a moratoria, which means that they will test or ask for. But if it's in your medical record, they will still have access to it, which then leads the problem of people saying, "Well, I don't want to go participate in genetic research or go for a test when you're doing linkages or pedigrees to help my sister find out if she has it; if it goes in my medical record, then it's obviously so. There's a weakness to that as well.
And the last approach is one in the U.K. where they've set up a special commission which decides which conditions are so certain, genetically speaking, that of course a life insurer should have access to them. And the only one they've able to come up with, and even there they take it on and they put it back it and they off and so on, is Huntington. But they would have found that out from the family questionnaire in any event. I mean, they've been doing questionnaires – you've seen them; what did your aunt die of, your mother, your sister? – as a basic requirement for selecting what risk group you belong to. That would have been in your family questionnaire anyway.
So this commission who decides when there's sufficient actuarial evidence so that insurers can legitimately discriminate in spite of discrimination legislation is, you know, a work in progress, let's call it.
So it's legislated either in a code or in a human rights code or it's a moratorium or it's a commission.
The most interesting approach, though, and this is not a particular country and I'll stop there, is that the European Convention on Biomedicine and Human Rights in 1997, which countries as they sign in ratify their internal law has to be in conformity, all they said, and it's quite smart, all they said was no tests shall be done that are not done for medical reasons. That's it. They didn't mention insurance, employment; they didn't say who they were aiming this at. By saying that all tests should be done for medical reasons, that means you cannot do a test simply – a genetic test – for insurance purposes, because it's not a medical reason. That's an interesting approach.
MR. ROTHSTEIN: Tom, you wanted to comment?
DR. MURRAY: Well, just quickly. My conversion to heresy began in the early 1990s when I chaired a task force for the genome project on genetic information and insurance. And so we set out to make the case that genetic information ought to be and could be distinguished from other kinds of health-related information.
And over the two years of the life of this task force, we ultimately decided that was either dishonest or impossible. The great majority of conditions that people suffer from that affect your health, your longevity, that are causes of illness, that create expense, health care expenses, are very complex combinations. They're actions of genetics and a host of other environmental factors, developmental factors, and the like.
So to try to cleave off genetic information and treat it as distinctive, toxic, et cetera, in the larger context of, for your purposes, the electronic medical record, makes no sense whatsoever.
MR. ROTHSTEIN: With that final word, I want to thank the members of our panel and I also want to thank the questioners for helping to further flesh out these issues.
We are going to recess for 15 minutes, take a break, and then we'll back with Professor Alan Westin.
DR. MURRAY: Thank you.
[Break from 11:04 to 11:20 A.M.]
MR. ROTHSTEIN: We are back in session now. This is Day One of our hearings of the Subcommittee on Privacy and Confidentiality of the National Committee on Vital and Health Statistics.
And we have a unique privilege this morning not only to hear from one of the great experts in the country on privacy issues, and has been for many years, but also to get access to some very important new data that he has collected and will be sharing with us.
So I'm very pleased to introduce Professor Alan Westin.
DR. WESTIN: Thank you, Mark. My name is Alan Westin and I am Professor Emeritus at Columbia University. My background is in law and in political science where I have my Ph.D. And I taught for 37 years on Upper Broadway in Columbia.
It's been about four decades that I have been working on privacy issues. I go to Japan a lot because of interest in what the Japanese are doing, and once when I got off the airport, there was a gentleman meeting me and he had a large sign and it said, "Father of Privacy."
[Laughter.]
DR. WESTIN: I like that, because especially in Japan I could even be Grandfather of Privacy and still be appreciated.
But the issues of information technology and privacy have been an occupation of mine ever since the 1950s and in my prepared testimony I give you a little background on the various studies and publications I have done specifically on the health area.
I kind of left this alone for the last three or four years as the HIPAA issues unfolded. I was an advocate of Federal health privacy legislation, but once it became the domain of the lawyers, even though I am a lawyer, I thought that I really didn't have that much to contribute to all of the very specifics about the privacy rule and so forth.
But now, with the movement toward electronic health records and technologically oriented health care system, I'm back in play, and as I'll mention, I'm the director of a new program on information technology, health records and privacy at the non-profit center that I head called the Center for Social and Legal Research.
I was interested in Tom's comment about being very careful to be aware of the limits and the challenges of technology approaches. I learned this very early, in the late 1960s when I was writing my first book on privacy and freedom. It was mail merge techniques were just developed in word processing, and so once I got an actual letter that was addressed to me and it said: "Mr. Alan F. Westin 1100." The second line said "Trafalgar Street." Third line said: "Teaneck, New Jersey," then the zip code. And then, using the mail merge, it started off: "Dear Mr. ll00."
[Laughter.]
DR. WESTIN: But the best thing was the first line of the letter: "You are not just a number to us."
[Laughter.]
DR. WESTIN: That's when I learned that technology can get things very wrong.
I'm here today to report to you on a survey that we have just done last week on how the public views the application of computerization to the health care system. Let me start, though, by saying that I view the electronic health record initiative as a very positive potential step in reshaping the nation's health care system, and the reasons that are usually given for doing it – enhancing patient care, reducing medical errors, reducing high paper handling costs – seem to me to be very, very worthy and important objectives.
And we all know that this is going to reshape the medical record as we know it and the flows of health information throughout not just the first sector, which is patient care, and the second sector, which is payment and quality assurance, but it's going to reach into the third sector, which are all the social uses of patient information – employers, licensing, insurance, research et cetera -- very important, but not themselves the givers and providers of health care.
And so I'm very pleased that you've taken the topic of sounding out how the public feels about this early in the game. And my program was able to sponsor with Harris Interactive a national survey on public views of application of computers and effects with HIPAA and also attitudes toward the computerization of health records.
Our survey was just in the field February 8th to the 13th. It was a telephone survey conducted by Harris Interactive. We had a sample of just over 1,000 respondents and they represent approximately 214 million adults. And a survey of this size has a margin of error, as the statisticians like to say, of plus or minus three percent.
Before I do that, though, let me just remind us all that long before we did our survey last week, there have been, by our count, 14 national surveys between 1978 and the present that have dealt either completely with health privacy issues or have had major sections of health privacy questions on them. And there are a series of sort of top line findings that are very well established.
When you ask people, here's a list of information about you; what do you consider to be the most sensitive, or which of these you would be most concerned if the information was released without your knowledge or consent, health information and financial information are always the top two scorers. And in many ways, I think personal health information these days would be slightly ahead of financial information in any kind of a rating.
The surveys show that people are concerned by very large majorities about the privacy and security implications of going to computers and having electronic collection and use of health information. This is because the public essentially views technology, rightly, I would say, as a two-edged sword – enormous benefits in many, many situations in our contemporary life, but also sharp problems and problems that often seem to be beyond effective control arising as a result of high technology settings.
Because of this, when people visit health websites, and we find that 80 percent of the online population report that they have visited a site that dealt with health and health conditions, they are often highly concerned about their privacy and security and they don't share their personal data or take full advantage of these sites because of that nervousness over the privacy and security dimension.
Especially we find in the surveys that consumers who have chronic or genetically based health conditions are particularly concerned about the flows of their health information into the zone three, all the social uses of personal information from the health sector.
So we began our survey by first repeating a question which we used in 1992 in the Harris Westin survey on health information privacy. We gave a list of people in the health care system and said: Do you believe that any of the following have disclosed your personal medical information in a way that you felt was improper?
When we asked it in 1993, 27 percent of the public, which represented then 50 million adults, said they believed that one of these five groups had released their personal medical information in which at the respondent considered an improper way. And this year, when we asked the same question, it dropped from the 27 percent down to 14 percent, which is really quite dramatic. It's almost halving of the number of people who have this feeling of improper release of their medical data.
In each one of the five categories, as you can see from the numbers there, the total was down. At the same time, we should remark that 14 percent of the current American population means 30 million people, so it isn't as if two people and a dog are complaining about this; we're talking about a very substantial part of the public that feels this way.
On the other hand, to put it in some perspective, in all the surveys that I've done over the years, we have about 25 percent of the public that says, I believe that business or government has invaded my privacy.
So you start off with a quarter of the American Population having a view that in general they have been the victims of privacy invasion. So a 14 percent figure is not outside the parameters that we'd expect when you have that kind of a general victimization perception on the part of roughly a quarter of the American public.
It was sort of interesting the health insurance company was the biggest drop – that was 15 percent in 1993 and it dropped down to eight, and I find it interesting that it's eight percent for the health insurers who were the dirty birds back in 1993 of getting to patients' information; now it's on a level with a clinic or hospital that treated you or a family member, which is sort of a rise one could think in the health insurer status and a drop in the clinic and hospital status.
We then turned to HIPAA because we asked ourselves: Is this drop in the perception that medical information has been released improperly an effect of the
privacy notice and the whole HIPAA roll-out system, which as we know dates from April of 2003? So in our question we said, In the past three years, have you ever received one of these HIPAA health privacy notices? We first described it, and the text of all of our questions is in the appendix of my testimony which you all have copies of so you can see exactly how we worded every single question and all the responses.
When I started out with this, you always ask yourself when you're developing a survey: What do you think the answers are going to be? And when I wrote this question, I said, geez, we'll get 90-plus percent of people who say they've received the privacy notice. You can't go to a doctor, a dentist, a pharmacy, you can't have health insurance without having had privacy notices thrust at you for the past two and a half years.
Astonishingly, 32 percent of the public, representing 68 million adults, say they can't remember ever receiving a HIPAA privacy notice.
Now, think about that for a minute. All of us in the room think that this is all-pervasive and the American public is seeing what's going on. It cautions you that many of the things that are done, especially with complicated lawyer-driven notices and the way in which this may be shown to people by pharmacist or a doctor et cetera, that 68 million adults, if they had to raise their hand and say, swearing on a Bible, have you ever received a privacy notice? "Don't believe so."
Let me make one other cautionary comment.
Sometimes in survey research, you get worried that people will give you what's known as a socially acceptable answer. For example, every study that asks people, Did you vote in the last election? Finds that millions and millions more people say they voted than actually voted because not voting is considered not socially acceptable. I don't think here that we had a socially acceptable phenomenon at all. I don't think if somebody said no, I don't remember getting a notice they were trying to present themselves in more socially acceptable ways.
On the other hand, it's always a question of which figure you like to look at. Two-thirds of the public does remember recalling a privacy notice, and that represents 158 million adults. Here, only one percent said they weren't sure, so the main figures are the ones that are interesting.
We then asked the people who said they remembered receiving a privacy notice the following question:
"Based on your experiences and what you may have heard, how much has this Federal privacy regulation and the privacy notices increased your confidence that your personal medical information is being handled today in what you feel is the proper way? And we got 67 percent who said it increased their confidence.
But please notice that only 23 percent chose "a great deal" as their answer and 44 percent said "only somewhat." That tells you that joy does not reign supreme in the nation over the HIPAA effect and that the verdict is out, you know, in terms of how people perceive their medical record being handled after the privacy notice phenomenon.
We then turn to the real intended focus of our survey, the electronic health record or electronic medical record situation. We described it in this fashion, and the way we described it I think it's very important for you to understand and you can make your judgment about whether this is the acceptable or best way it could have been done:
"The Federal government has called for medical and health care organizations to work with technology firms to create a nationwide system of patient electronic medical records over the next few years. The goal is to improve the effectiveness of patient care, lessen medical errors, and reduce the costs of paper handling. Have you read or heard anything about this program?"
Here, my prediction was sound. I said, gee, you know, this is not something that engages the American public yet in a deep way; yes, the President spoke about it in his State of the Union message. Yes, he went out to Cleveland and talked about it and made the television station. But I didn't think that this would have a majority of the American public shaking their head "yes, I've heard of the war in Iraq and, yes, I've heard about Social Security."
And so, 29 percent, which still represents 62 million adults, said they had read or heard about it.
And when I took a quick look at our demographics, it was, as you'd expect, the better educated, higher income, and technology using members of the public that were the ones that said they had read or heard.
We then developed six concerns that we said some people have about the effects of having an electronic health record system. We talked about leakage of sensitive health data, whether there'd be more data sharing without the patient's knowledge, whether there wouldn't be adequate security for health data stored on computers, whether this might lead to an increase rather than a decrease in medical errors, whether people would be less willing to provide necessary information to their health care providers because of their concern about computerization, and finally, that there might be a reduction of Federal health privacy rules in the name of efficiency in this kind of a system.
The bottom line, as I'll go into next, is that two-thirds of the American people say they're concerned about each of these possibilities.
Specifically, on the sensitive medical information being leaked because of weak data security, that was our number one choice. Seventy percent said they were concerned about this. And I give you the "very" column because it's often important to look at the people who choose "very" anything, and so 38 percent said they were "very concerned" about this.
More sharing was at 69 percent, and the highest "very" here, 42 percent, were worried about the sharing without their knowledge.
Inadequate data security, 69 percent, and 34 percent
"very."
Increasing errors rather than decreasing them, 65 percent, and 29 percent
saying "very."
That some people wouldn't disclose the information to their provider because of worries that it would go into computerized records, 65 percent, and 29 percent saying "very."
And that the Federal health privacy rules would be watered down, 62 percent, and 28 percent saying they were "very concerned."
It's typical in surveys like this, and I've been doing these for 30 years, that after you describe some kind of business practice or government program and you ask people how concerned they are about aspects of it that you develop what's often called a "tie-breaker question" – that is, you say, well, you've told us about the program, you told about your concerns; what's your balanced view then on this program?
And so our question was phrased:
"Overall, do you feel that the expected benefits to patients in society, which we already mentioned in our non-question, outweigh potential risks to privacy, which we had just probed in our concerns, or do you feel that the privacy risks outweigh the expected benefits?
And the winner was: No one. The public is deeply divided – 48 to 47 percent on their view whether the benefits outweigh the privacy risks or the privacy risks outweigh the benefits.
And I was able to look at the demographics before I came down but not by the time I was preparing this, and I'd say the most important thing is that the people who believe the privacy risks outweigh the expected benefits are very widely distributed across the demographic categories. That is, it's not concentrated in Democrats and liberals and African-Americans and so forth.
It is so widely distributed that you would be absolutely sound in saying that this impacts at that level men and women, upper income and lower income, high education, low education, et cetera.
And we will be publishing in a couple of weeks all of the demographic information, the factor analysis and so forth, and I'll make sure that your Committee gets this.
One of the things I've done over the years has been to create what's called a segmentation of the public on privacy issues. The way we do this is to create three or four trend questions that tap fundamental attitudes and then we see in the public how many people take the strong privacy view on all of the trend questions, how many take it on some of the trend questions, and some of them that don't take the privacy view on any of them.
And that enables us to create a high, medium and low segmentation of the public and puts some numbers on how many people fall into each category and then to look at the demographics for each of those segments to say: Who are the people then who are not concerned about privacy, or highly concerned?
And we created this here by taking the six concern questions that you have heard me describe, and if somebody chose their concern in five or six statements, we call those high electronic medical record privacy concern. And what I think is a striking finding, 56 percent of the public scores high in their privacy concern related to electronic health records.
Sixteen percent fell into the medium category, meaning that they expressed concern in three or four statements. Fourteen percent chose one or two. And no statement was chosen by 14 percent of the public.
So, we have a solid, national majority in a high electronic medical record privacy concern camp. And that compares, and I think this is a very meaningful comparison, with our studies that show only 35 percent of the public when you deal with consumer privacy issues score in this high or fundamentalist orientation. So we have almost double the number of people in an intense privacy view in the health area as in the general consumer privacy area.
And this is about what we found – it's a little more intense, but it's close to what we found in 1993 when we did a similar segmentation when President Clinton was promoting the national health insurance plan.
We wanted to test what I have always thought was gong to be one of the most critical issues in this whole electronic health record development, which is: What's the role of the patient going to be here? Not the providers, not the insurers, not the health data analysts, but the end user, the patient.
So we framed a question that read:
"Since most adults now use computers, the new patient electronic medical record system could arrange ways for consumers to track their own personal information in the new system and exercise the privacy rights they were promised. How important do you think it is that individual consumer tools be incorporated in the new patient electronic medical record system from the start?"
Eighty-two percent of the public believes that this is important, and here, 45 percent rated this as "very important." Only 17 percent did not see this as important.
That was a little bit of a socially acceptable answer here. If you don't have to pay any price, if you're not worried about the tradeoffs between the patient's access or the patient content control and giving the patient these tools we described, what does it cost to respond to this, to say "Yup, that's very important"?
Having said that, though, I still think that this is an extremely important finding. And the way I view it is that this is a public mandate for what I call a privacy design specification for any electronic health record system. That is, from the start, the public is saying: Program me in in my privacy choices, my privacy access, my technology access. Otherwise, I am not going to be confident that this system serves my interest and is good for me and for society.
And so I think everybody who is an advocate and manager and participant in the building of this system as the decade unfolds really has to say what laws, what rules, what practices, what technology arrangements, what education about privacy and what kind of building of positive patient experiences will it take to get that 47 percent of the total public to feel that the privacy risks are not outweighed.
Let me turn to some conclusions and recommendations I draw from the study. Incidentally, the study is being released today, so you are the first to hear it, but I do believe you'll read something about it in the media and in health publications and so forth since it's now out there for general public discussion.
My first premise is that an electronic medical record or electronic health record system does hold enormous promise for patients, health care delivery, for breakthrough research, and for the interests of the whole society. I also think that probably the system is more likely to proceed now than at any time in the past, and I'm sure all of you here remember that in the ‘60s and the ‘70s and the ‘80s and the ‘90s there were major efforts to go to computerization in the health care system and enormous sums of money were spent with I think one has to say limited result, if not often complete failure of some of those health records.
I remember when Dr. Weed's problem-oriented record was seen as the great gateway by which we would computerize the record and change the whole way in which the medical record would be used in the system. Didn't happen.
On the other hand, I think it could happen now. Step one, medical professionals are now pretty much technology conversant. They've got laptops, they've got cell phones, they're used to going into databases. And obviously this is something of an age-related phenomenon, but I think the generations of current health care professionals are now more open and ready to using technology than has been the case in previous decades.
Secondly, the technology is much more powerful. We now have data mining and data linkage techniques and we have software power, a whole host of tools which major technology firms have been developing and university research has developed which I think hold much more promise to achieve the cost effectiveness and the reduction of medical error problems and so forth than previously.
It's true, of course, that technology has been growing steadily ever since the computer came along, but up until fairly recently, I did not myself see the technology tools as having the sophistication and the depth and the reliability that I think is needed. And so I'm more optimistic about the technology opportunity that I would have been five or 10 years ago.
On the other hand, I hope the survey results remind us all that no matter how good the technology and no matter how ready the medical practitioners are to embrace the technology, this system will not succeed if public concerns over privacy are not understood and addressed.
So, what do we need?
I think there needs to be an institutionalized privacy-by-design working group, and the best analogy I think is the excellent LC program with the human genome project where major money, very talented people and institutional support was given to examining the kinds of issues that the breakthroughs in genetics rush before society. So it has to be active, well-funded and impressively staffed.
It may be that such an organization is government supported but not government run, that it calls for a kind of consortium of government, private sector, consumer and patient advocates and so forth. But it's charter is: How do you design privacy, from the start, into an electronic health record system?
Secondly, I would be very worried if privacy becomes a sub-topic of what is being discussed now as an electronic health record standards board. I think the standards board is extremely important in terms of interoperability issues and regional system linkage issues, et cetera, certainly, the medical record issue itself.
But if privacy is consigned inside that board, I'm afraid that it will not have the right kind of pressure, the right kind of poise, and so forth.
So I would like to see an independent privacy standards board that sits alongside the larger technology and record standards board.
The kinds of things I would see a privacy-by-design working group to carry out would be, first, take the excellent materials that over two or three decades we've developed on how to do privacy risk assessment and threat assessment and apply it into the concrete development of electronic health record systems. There are many, many organizations that do this kind of privacy risk assessment. There are auditing firms, there are law firms, there are university firms and so forth. It is a specialty and we know how to do it well. I think it has to be a continuing privacy risk assessment, not a one-time.
Secondly, I see the group looking to identify the kind of system design elements that would enhance rather than defeat privacy interest. For example, I think there's probably broad agreement that creating one national health record system organized nationally and under the Federal administration no matter how benign is a disaster for privacy and therefore, regional systems with linkages and interoperability standards and so forth seems to me an initial major design component that is privacy oriented.
There are many other things that I could talk about here but in the interest of time I just want to say that across all of the technology and organizational design choices that are coming up, I think this privacy-by-design group should have the charge to say: What are the privacy implications if we do it this way compared to if we do it that way?
Third, I think that identifying anonymization techniques would facilitate research and data trend analysis is absolutely essential. This was mentioned earlier today, that if we pursue privacy at the expense of fundamental epidemiological and health system research, it will be a heavy casualty. And it doesn't have to be, I don't think. There'll be some problems that we'll find it very, very difficult to work out, but in general, I think we can apply anonymization techniques in ways that will still allow important and socially valuable research to go forward.
In order to do this, though, I think we will have to – and I'll talk about this in a minute – try to conceptualize a segmented medical record that will have in it parts that are for identification and use and other parts which from the start are identified as the kind of things that are subject to anonymization and therefore will be organized differently in the medical record. And I'll explain that in just a minute.
As far as the legal and policy rules are concerned, I think most people would agree that you can't just take the current HIPAA privacy rule, slap it on something called the electronic health record, and think you've done your job. It's going to take a lot of very thoughtful consideration as to what the policies and the legal rules should be for the kind of systems that will be rolling out with electronic health records. And I think this privacy-by-design working group should pay a lot of attention to just that kind of issue.
Obviously, lots of others will be doing this. For example, the Markle Foundation has a find project on connectivity in which they've got excellent people looking at the privacy and security issues. So even for the beginning I'm not suggesting that this kind of a function is going to be the only one. It's going to have many, many parallels and competitors and so forth and to me, that's fine.
Fifth, I think that the privacy-by-design working group should try to identify and test procedures that would, responding to the 82 percent of the public, empower individual patients to access systems directly so they can see certain kind of information that's there and so they can carry out with all the power of the computer technology the privacy rights they are given.
Today, we have a paper-based, almost a ballpoint pen-based, patient access system. I think that as we move the medical record into high computerization, we've got to move the patient access and patient control functions into equal technology driven opportunity.
A hundred and sixty-five million Americans are now online. We have become a society which more and more has people comfortable in using information technology in the online world. I think that should be a major understanding as we think about this system – not the patient coming to the doctor's office, sitting in a chair, being thrust a notice, but being able to sit in their kitchen or their study and have access to the system under the right defined rules and so forth and to be able to exercise their privacy rights wherever they are, sitting in a airport terminal with their wireless and coming and looking at something in their medical record. I think that's a tremendous opportunity that we've got to grasp right away.
Finally, as these approaches are done, it seems to me we have some real test beds we can think about. As the regional programs unfold in the electronic health record systems, those are the beta sites for looking at the privacy design world.
My experience in doing a lot of empirical studies is that you want to go to the place where the pioneers are putting forward new technologies, changing the way things are done, altering balances of rights and responsibilities. You want people there who are going to do objective, empirical research into what difference does it make that this is happening now in this clinic or in this hospital or this doctor's office in this IMS Health data set. You want really to have people studying hard the actual impact of technology in the organization, on the patients, et cetera.
That's why my organization has created the program that I said I'd say a little more about. We see ourselves as a not-for-profit research organization continuing to conduct public opinion surveys on how the public and various health care leadership groups and others feel about more and more and more specific aspects of an electronic health record system.
We'd like to do some of those empirical case studies that I mentioned of how the programs are actually working as they roll out. We would like to help develop the legal and policy rules that are necessary for privacy, confidentiality, subject access, due process and so forth. We think this will require going quite beyond HIPAA.
I was very glad to hear the discussions of what the Europeans are doing and what is going on with electronic health records in other countries. There's much to be shared and learned in those countries, and one member of my staff is an expert in this and we would like to see not just what the legal rules are but what the actual experiences and patient reactions are in countries that are also experimenting and moving forward with electronic health records.
We are going to be publishing in a couple of weeks a white paper in which we take a broad look at computers, health records and privacy in the 21st century and we will have a variety of other reports and we expect to publish a quarterly electronic newsletter and as always to organize seminars and hold conferences on program themes.
You can go to our website, www.pandav.org. You'll find posted there today the top line results of our survey, a report that we've done on how the public views health privacy, survey findings from 1978 to 2005. I think many of you will find a lot of interesting specifics there, not just like the top line couple of comments that I made.
My testimony from today's hearing will be there and this PowerPoint will be there as well.
We will publish an expanded survey report with all the demographics and factor analysis, and the white paper that I mentioned is listed there.
Let me just add one thing that was not in my prepared testimony because I was stimulated by some of the conversation earlier today to share this with you.
If we think about a patient medical record as a one thing, all unified and all there, I think we'll be making a privacy-by-design mistake. Rather, I think we could imagine a six- or seven-segmented and formatted medical record which the technology is perfectly capable of storing and retrieving in that kind of segmentation.
And how might it be divided?
First, a segment on personal identifiers – name and address and Social Security number and all the stuff the hackers will try and get to.
Second could be a medical transaction segment – came in, complained of knee problems, probably arthritis, going to put him on whatever the latest acceptable Cox-2 is or isn't.
Third would be a prescription history, something that systematically listed the pharmaceutical agents that had been used by the patient in their medical record history.
Fourth would be anything that had mental health or psychological or psychiatric components.
Fifth would be life style information, all the terribly sensitive stuff about sexual life and drugs and alcohol and bungee jumping and everything where life style as we know can affect the medical system.
Finally, what I'll call anonymized data, data that from the beginning is seen to be important for research purposes and which is stored in the medical record ready to use in anonymized form so that we institutionalize some of the research function right from the start – we don't wait for a research protocol to be done and then go back and scratch our heads and say, you know, what do we need from the medical record? Even though, of course, that'll always be necessary with highly customized research.
But for a great deal of epidemiological research, pharmaceutical utilization research and so forth, I think we could create from the beginning a set of patient data that would be what we see as high value for research and therefore under the proper research access would be acceptable from the record.
And just to show you where this goes, the psychiatric segment obviously requires the highest level, or one of the highest levels, of access power. It probably should be kept in encrypted form because we really must pay attention to data security.
As you know, many health systems today only store the psychiatric data in encrypted form and I think that's exactly the kind of requirement that would have to be set, whereas the anonymized data, there would be no need for patient consent, opt in, opt out, or anything. From the beginning, explain to the patient there would be a set of data that was going to be useful for public health purposes, for research purposes, and so forth.
Now, I'd be the last one to say that I've just given you the Lord's work on a segmented medical record, but I think it's interesting to think about and to say, since the technology is capable of giving people access to 1, 2 and 4 but not to 3, 5 and 7, that if we have the right rules as to patient access and the right rules as to third party access and provider access, we could think about a medical record as being a set of records, not a record, in which rules of privacy and access and consent and disclosure would be customized for the nature and sensitivity and functions of the different types of information.
With that, just to show you there's a lot of work to do, let me stop and invite comments and questions.
MR. ROTHSTEIN: Thank you very much. We greatly appreciate your sharing the new survey data with us and I'm sure that will generate some questions. But I'm equally, or perhaps more fascinated, by some of your comments and conclusions and recommendations.
Let me just ask one question before we sort of open things up. And I'm sort of taken by your suggestion that there should be some sort of external group that you call the privacy-by-design working group that would be tasked with helping to design a system for electronic health records in which privacy would be a key element.
I don't disagree with the aim, but my personal observation is a very practical one, and that is, it seems to me that the electronic health record train is zooming down the track and the thought is that those of us concerned about privacy, our job is just to make sure that the train doesn't leave the track, whereas what I hear you suggesting is that the privacy element is so fundamental that it really needs to be worked out in advance of the system itself.
So perhaps you could explain your thinking some more.
DR. WESTIN: I guess the first thing I should do is say "amen." I think you said it just right. I think that the privacy issues are so central to whether this will succeed – incidentally, we can be very concrete and suggest that Congress and the state legislatures will take their cue from how the public feels about this whole electronic health records system. You want get appropriations? You want to get Congressional committees to give this the kind of support that the human genome project was given in the LC appropriation? You've got to convince the legislators that this an acceptable privacy system.
So I don't think the train can go down the track; it's not going to have any fuel when you get to it if there is not this kind of clear mandate for privacy. Now, I'd be the first one to say, being a political scientist, but how you institutionalize this, where you locate it, and public/private, and funding and so forth, are all very important questions.
But however it's done, I'm looking for there to be a free-standing, high prestige, well-funded and well-staffed entity that is like a privacy impact assessment group is inside Federal agencies if you know that was required, a privacy impact assessment in Federal agencies now when they are in e-government programs and so forth.
You know, I'm looking for those kinds of functions to be institutionalized, and I think you've got it right. Some people believe the train is going and it's too late already. I don't think so. I think that the train is gathering steam but one of the other things that I have in my prepared testimony that I get on to the laptop was that unlike some situations where a business program or a government program is in fundamental collision with the consumer and privacy groups, and you really have to have a confrontational, dragged out kind of battle, that is not the way I read the situation here. I think the health care community is privacy oriented. I think the technology groups that are building many of the software tools also accept the importance and centrality of privacy.
But I think there's more community of interest and intention in this area than you find in some other areas, homeland security or telemarketing and other kinds of collision areas for privacy versus the other interests. If that's the case, then I think there's more possibility of creating this kind of an institution and getting the right kind of support for it than there would be in some other privacy area.
MR. ROTHSTEIN: Thank you. And now, questions from my colleagues? Mr. Reynolds?
MR. REYNOLDS: Excellent survey and excellent coordination of this information – thank you.
You mentioned on Slide 14 that for any national EMR system, as you think of the philosophy of segments, as you think of the philosophy of privacy, as you think of the philosophy of structure, and then you think of regional things, one of the things everybody ran into in HIPAA was everybody had done their own thing for so many years and set things up and then we tried to come up with a standard and it was a bit of a fist fight getting it all done, whereas do you see any of these categories or any of these segments or any of these other things that could be put in place so that as regionals do their work, they are basing it on some kind of a foundation that when you try to tie multiple regionals together, if you don't go through a singular EMR system, you have some kind of a structure that allows you to play off of the benefits of doing it regionally but then be able to transfer that information because more and more with the special centers of excellence and everything else that goes on, people are going to be moving around to get care? It may be the more significant only in the future than they are now, so any comments you can make on that?
DR. WESTIN: I have to start by saying I'm not a technologist though I watch technology. But my understanding of some of the things that are happening among the technologists is that, first of all, they are working hard on interoperability. They understand the need for operating standards that will cut across various technology approaches and systems.
And secondly, that they're looking at linkage techniques rather than uniformity techniques.
So I would myself assume that you should take a look at those kinds of studies and offers and see whether they're going in the right direction and if not, some pressure might be needed to make sure that the people who are developing the whole new system see the need for that kind of interoperability and so forth.
But I want to start by saying that though I think there are answers out there, I'm not a technologist.
On the other hand, I think that probably the moment is right, given the technology, to move into much more uniformity in medical record formats. I don't think every hospital's way of doing it and every clinic's way of doing it must be saluted and preserved.
And to the extent that we are able to come up with highly refined and correct estimates of language and the techniques, I think that we are going to move in the next decade to a much more uniform system of reporting and formatting and so forth.
A couple years ago, I helped a company that was developing some small medical record software. They asked me to come in and deal with the privacy issues. And what they were doing was hoping to move the physician from a pad with a piece of paper to a hand-held data device which was all formatted so that if there was a diagnosis or there was a prescription, it was uniform throughout their entire system. That seems to me to be easy to do and we're ready to do. So there are some approaches that already are pretty well tested that I think will now move into more and more use.
MR. ROTHSTEIN: Mr. Hungate?
MR. HUNGATE: A question. Going back to your segmented record, in thinking about consent by a patient, then one level of consent might be the linking of the personal identification information to the autonomized data. An example might be that your genomic information would be in your personal identifier and the PO coding information would be in the anonymized data. Is that a correct conclusion?
DR. WESTIN: Yes, that's very promising. In other words, I was taken by the comments earlier that the dilemma with anonymization is that when you truly anonymize without any preserved linkage file, you lose the ability to update the file or to add relevant information to it.
And so one solution, as I'm sure everybody knows, is the trusted keeper solution. For example, some years ago when anti-war demonstrations were at their height, the American Council on Education, which did annual surveys of college students and would ask people, "Are you using marijuana? Are you against the war?" and all kinds of questions of attitude, decided that they would promise anonymity and they would take the linkage file and move it to Canada and promise that if a subpoena was ever given by a Congressional committee, people would thumb their nose from across the border and would never give the linkage file.
So I think there's a range of ways that we could go at this that have to do with both the linkage of the personal information to the anonymous data and also maybe we are going to need these trusted organizations, and I'm sure you know that there are organizations that are now promising to be your trusted agent for purposes of your creating your own medical record, your personal health record, and so forth.
MR. HUNGATE: Right.
DR. WESTIN: And I think there's a lot of promise in that because the trusteeship concept, if it's the right people institutionalized in the right way with the right legal sanction behind them so you don't have to run to Canada, I think that's very promising.
MR. HUNGATE: I agree. My sense, though, is that I ought to worry about it. I believe in chaos theory.
But a friend of mine is one of those people that's developing that trusted organization and he assures me that he can take care of all the privacy issues through what he's doing. I have reason to doubt from this discussion that that could really happen.
But given that there is strong incentive and strong commercial interest behind these kinds of efforts, I wonder if there isn't some way to get an understanding within that group, the developers of those specialized personal information systems, that they, in order to be a trusted source, are going to have to have a way of dealing with this privacy issue and whether that's not an interested party, too.
DR. WESTIN: I think that's very important.
MR. HUNGATE: The next level.
DR. WESTIN: I'm glad you mentioned it.
MR. ROTHSTEIN: Dr. Steindel?
MR. STEINDEL: Thank you, Mark. Thank you for this really fascinating and very, very timely survey.
I like the idea of this national privacy data board in getting involved in the design of EHRs early et cetera; it's a very strong point with a lot of people and I think very necessary. What concerns me about that, though, is expressing privacy in EHR systems is done usually through security. Privacy is a concept and you have to somehow express that in the software.
And yet we see in one of your bullets where you ask the five or so different questions that the consumers do not have high confidence in computer security. So what should we be addressing? If we put this board in place and the board says, you know, the EHR should be designed with this, this and this, whatever it comes out to be, how do we assure the public that we can design computer systems that express the needs of the board?
DR. WESTIN: I thought about that when I was putting a label on that, and I thought about privacy and security design function. My problem is I think that the security area probably belongs deep in the technology sector much more than it does in what I think of as the policy orientation of the privacy.
When people ask me what's the difference, my favorite way of saying it is: Data security is the way you keep your promises of privacy and confidentiality. It doesn't define what is privacy, it doesn't set the confidentiality, but it enables you to have confidence.
On this, though, let me express some deep reservations.
Many of you have seen recently that one private data supplier just was hacked into by a Nigerian ring which
set up 50 false customer accounts and got into 150,000 to 500,000 records and used them for identity theft. All over the world, identity theft through a variety of techniques, sometimes employees inside being corrupted, sometimes the hacking from outside, it's a very insecure world, and I think anybody who runs a data system would say that it's next to impossible to provide truly 100 percent data security.
So we're dealing here in how close can we get to a system that will give confidence to the public that in fact there's adequate data security? That's why in my full testimony I talked about the fact that I think we're going to need a biometric identifier for the public and I think we're going to have one by the end of the decade primarily for homeland security purposes, but I think this electronic health record system will be another driver of the creation of a biometric system. And that would have an enormous damper on identity theft because it would have a much more secure way of authenticating who people are.
And of course that raises its own privacy issues and we'll have to address them, but if you take a combination of biometrics – for example, a finger image and a retinal scan – and you add to it a smart card chip, you've got about as secure a way of authenticating people as you could want. And the ability for somebody to corrupt all three of those is going to be extremely small.
So I think that when we look at how technology can enhance privacy, not just press against it, let's keep in mind that there are technologies that are going to enable people to be much more secure in access to their data and other people's access to the data via technology solutions.
MR. ROTHSTEIN: Dr. Harding?
DR. HARDING: Well, I very much appreciated your testimony, and I think most of us know that Mr. Westin was the research coordinator for the National Commission on Confidentiality in Health Records in 1980 or so, around that time, and really led out in this area, kind of was a precursor of this group and we really appreciated your work through the years.
Let me ask you a political question. Your Slide Number 11 said that it's 48-48 on the issue of privacy versus the benefits and that there's no red state/blue state kind of thing; it's not a political – there's a little bit of education involved.
If you were talking about the Congress votes when they are influenced by the electorate, how do you go about doing that --
DR. WESTIN: I think probably –
DR. HARDING: -- in such a split, non-demographic kind of way.
DR. WESTIN: I welcome your question. Let me try to give you a reaction.
First of all, the people who believe the benefits outweigh the privacy risks are not hostile to privacy. It's just that when they look back on it, they see the benefits as being quite significant. So it isn't even just the 47 percent that you have to address. You have to address that segment of the 48 percent that even though they think the benefits outweigh the risks, they're going to be responsive to privacy.
My feeling is that we're going to need some champions in Congress. We need some Senators and Representatives who will say, gee, this is a good issue. Same way that it took genetic information legislation and other kinds of legislation to need a champion, I think we need to identify and stimulate some leading Senators and Congresspersons to say, this is an issue of the decade; it's good for me, it's good for the country, because that's the way things get done.
When I remember how the LC program was put in, that was done because one member said we ought to put some money into these ethical, legal and social issues instead of just assuming that it'll happen. And that whole program really was the result, first, of a staffer and then of the
Senator putting it in and not being opposed because the money was not up to the national debt level or something like that.
So politically, I think that Congress is an important place.
Now, the Administration obviously is important, and HHS is important. But from a larger political sense, I think there should be political leadership of the privacy campaign, and I could think right off the bat of some people I would love to see lead it and probably all of you, too. We should make it happen.
MR. ROTHSTEIN: Final question of the morning. Ms. Wattenberg?
MS. WATTENBERG: Yes. You said before that electronic health records goes beyond HIPAA, and I just wanted to get a little bit more of a read from you on –
MR. ROTHSTEIN: Sarah, a little closer to the mike, please.
MS. WATTENBERG: Oh – sorry. You said before that electronic health records goes beyond HIPAA, and I just wanted to get more of a read from you if you have any sort of more specific thinking on that.
DR. WESTIN: Not really, not yet. I took a list of the HIPAA mandate and laid it next to the electronic health records. It didn't seem to me that there was a good fit yet because these whole issues about control and access as they were mentioned this morning, the whole concept that you would have a patient participation that is technologically enhanced and so forth, isn't there yet.
And so I think that's where we would have to start thinking. What will it take?
And, of course, one of the problems is the whole liability system, and everybody's aware that as you build these records, practitioners are going to say: What duties do I have in relationship to these records not to be brought up on malpractice and not find myself disciplined et cetera, et cetera?
And so I think we have to rethink some of our liability system if we're going to use the medical record in as positive a way as we'd like to. So that's just something.
MS. WATTENBERG: Can I ask just a follow-up question --
MR. ROTHSTEIN: Certainly.
MS. WATTENBERG: -- since there's so many attorneys in the room?
I mean, is it true that it's a liability issue that if a patient says, no, you can't have access to a certain kind of information and treatment is prescribed based on what they have, is that still a liability issue for the physician? This doesn't make sense to me, but –
MR. ROTHSTEIN: Let the Internet listeners appreciate that there were several nods of the affirmative on the question.
I want to thank Professor Westin for his typically expert and provocative comments and we appreciate very much your coming here to spend some time with us.
We will now stand in recess for our lunch break until 1:15 and then we'll hear from Panel 2 on privacy in health care and in society.
[Lunch break from 12:22 P.M. to 1:25 P.M.]
MR. ROTHSTEIN: Good afternoon. We are back with the afternoon of Day One of the hearings of the Subcommittee on Privacy and Confidentiality of the National Committee on Vital and Health Statistics.
Before we begin Panel 2, I just want to mention that we have at the moment no public testimony scheduled from 3:15 to 3:45, so we will just move forward the rest of the afternoon agenda and so we should be adjourning approximately 4:15 this afternoon.
For those of you who were with us this morning in person or on the Internet, I'm sure you will agree that it was a very fascinating discussion and either you could look at this in a either positive or negative way but it certainly raised more questions than it answered, so it was provocative, and that's the positive side of it, and also daunting, in the negative side that there's so many issues that we need to deal with.
And I'm sure that this afternoon's panel is going to be equally provocative, and I appreciate very much the folks who have joined us today for Panel Number 2. So without further ado, I will recognize Panel Number 2, reminding you to please limit your initial remarks to 20 minutes and then we will have at least 45 minutes for questions and answers with the Committee and staff.
So with that, I would like to welcome and recognize Dr. Bernard Lo.
DR. LO: Thanks very much, Mark. It's a pleasure for me to be here. I know that this morning's panel is a very tough act to follow, and since then we've had our healthy NIH lunches, so there may be a bit of a post-prandial slump. I will take literally, Mark, your exhortation to be provocative, and I'll be provocative.
So let me start by asking: How many of you in the room have had back pain, knee pain, shoulder pain that was so great that you thought about taking a medicine for it?
MR. ROTHSTEIN: Have or currently have?
DR. LO: Ever have had?
[Laughter.]
DR. LO: Okay. So then you have been very interested in the news about all these new miracle arthritis drugs that turned maybe not to be so much of a miracle. And we all know that one of the large manufacturers actually voluntarily withdrew one of the Cox-2 inhibitors, Vioxx, because of reports that it actually increased cardiac problems.
Well, let me tell you first about what one integrated health care system clinic did in response to this, really taking advantage of electronic health records. And they actually wrote about this in a publication which is referenced in your hand-outs.
What they did is they notified by patients by mail within 24 hours of Merck's recall. They immediately withdrew the drug from the pharmacies so you could not get a refill prescribed. They notified every provider, all the patients for whom she had prescribed the medication, and they also used their electronic record so that the next time the patient came to clinic, an alert, a flag, went up to the physician reminding her to talk with the patient about how to manage this new information.
So this strikes me as a very innovative, effective use of the sophisticated electronic health record really to respond quickly to changing information all in the best interest of the patient.
Now, of course, once the original drug, Vioxx, was withdrawn, everyone then started to say: Well, what about other drugs? And if you were taking another drug – Celebrex is another cousin Cox-2 inhibitor – you naturally asked: Well, is it safe for me to take that drug? And I think those of you in practice probably had your emails and phones ringing off the hook from patients who were very worried.
And the news picked this up and this headline reads: "Cardiologists Question Safety of Vioxx-Like Painkillers/Doctors to Avoid Prescribing" two others that he named.
There's another headline, again, raising questions that were on every patient's mind, I think.
Well, given that you really only had the existing data to go on and that it was impossible on the spur of the moment to design and carry out and analyze a large, definitive, randomized clinic trial, how could you provide relevant information?
Well, I'm going to skip that and just say one example – this was carried out by Kaiser of Northern California – was to use, again, a comprehensive, sophisticated, electronic medical record to look through and identify patients who had been on various drugs, follow them out through the medical record to track outcomes. And this study was done very quickly, as soon as the question was raised, using pre-existing data that already existed within a sophisticated, integrated electronic medical record system. And this was published in a fast-track publication through the Lancet because it's such timely news of vital health importance.
Well, let's think for a minute about database studies. If we're going to have the opportunity to answer questions quickly using existing data on questions that have real sort of health import for many people in the country, what kind of database do you use?
Well, first I would argue you need comprehensive data. You need to pull together lots of different types of information which may not be integrated in existing medical record systems. You need to integrate pharmacy data, outpatient visit data, hospitalizations, laboratory tests and deaths.
And I think the point I want to sort of put in front of you is to do this in systems that aren't totally integrated, you need to maintain individual identifiers to cross-link all these different types of data.
You also, I would argue, need complete follow-up. What that means is you have to be able to access care outside the system.
So if a patient in Cleveland Clinic or in Kaiser has chest pain, gets taken by the ambulance to the nearest emergency room and has a heart attack there, that data, that information, may or may not be captured in their home base electronic record, so you need to be able to integrate care outside this, and again, you need an individual identifier for that.
You also need to have very few refusals or dropouts. If you allow people to say, "I don't want you to use my personal information in this kind of research," I would argue that you're not going to get a scientifically valid answer to the question: Does Drug X cause greater or fewer heart problems compared to any other drug you might choose?
The reasons are that you would, first of all, lose statistical power if a lot of people didn't allow their data to be used. But more importantly, you could well have selection bias, that the people who don't allow their records to be used may be different from those who do in a way that actually makes the results come out differently than the way that the scientific relationship actually is.
Let me also parenthetically say there are other uses you might make of an electronic medical record, again, in an ideal system, to respond to this kind of breaking news of great health impact. And this, I think, would fall into the rubric of quality improvement. For many of these drugs, and this is one of them, the current data showed that it's only at the higher doses, highest doses, that you see this adverse association between use of the drug and adverse cardiac influence.
So one thing you might do is alert physicians who are prescribing above the recommended dose that once they cross that threshold, they may be entering into the realm of undesirable side effects.
Secondly, again, as part of a theoretical quality improvement mechanism, you might say that I certainly have patients who love these drugs because they haven't responded to other drugs, they have stomach problems that have precluded the use of the standard arthritis drugs, for them the advantages of these drugs might outweigh the benefits, but only because we know that they have other contraindications to other drugs. And again, you could put a sort of tickler, a reminder, in the electronic record system if the doctor prescribes one of these Cox-2 inhibitors, to say, having tried other drugs, that may be safer.
Okay, let me switch gears a minute and say, of course, this is not the only example that's been in the news recently about an important health issue where there was real uncertainty based on the existing, randomized clinical trials and the existing data where the drug's benefits outweighed the risks, or vice versa.
So here's an example from psychiatry, as it turns out. "Prozac," this headline reads, "Linked to Child Suicide Risk. Study Finds 50% Greater Chance. Companies Defend Anti-Depressant."
So again – front page news, a huge issue in terms of depression in children, adolescents, a serious public health problem and the concern on the one hand that effective drugs might be withheld because of unsubstantiated concerns about suicide versus the countervailing concern that these drugs might actually increase suicide risk.
So again, one way to try and get at more data on this question is to go back to large databases that have the comprehensive data I just talked about.
Well, when you're dealing with a sensitive condition, and certainly depression and suicide are very sensitive, we need to think about the potential for benefit and the potential for harm. The potential for benefit from database might be to do database research, to use the electronic medical record to inform patients and doctors of concerns about, or uncertainty or controversy about, the use of drugs, and again, to enforce quality control in prescribing.
But on the other side, I don't think very people are concerned that the fact that they have severe back pain or knee pain is very sensitive information like psychiatric data, but with sensitive conditions, concerns about privacy and confidentiality obviously are heightened.
And as you well know, medical health records may have special protection under HIPAA and under various state laws and in fact it's not uncommon in our health care system to have separate mental health and medical providers and records. At least in California, much of mental health care is a carve-out totally separate from the medical system.
Lest you think I'm sort of a wild person sort of ripping apart privacy and confidentiality, let me say that there clearly are very important reasons why privacy and confidentiality are important in this. You know, we believe it encourages people first to seek medical information and secondly to disclose sensitive information.
And I would actually posit, suggest, to you, that's not just psychiatric information, substance abuse, things like that that are sensitive. But just by going to a doctor for an ordinary exam, you get a routine check-up, you get asked questions about all kinds of things –- sexuality, for example; you're asked to take your clothes off; as part of cancer screening, the doctor may probe your body in ways that would be unthinkable in the non-medical context. So for many patients, just going to the doctor is very sensitive, let alone special topics like mental illness or genetic information as we talked about this morning.
We think that confidentiality prevents stigma and discrimination and we think it also is morally and ethically important because it respects patients as persons, so there's good reason for starting with a very strong presumption of confidentiality in the medical care system.
But, and again, this is something that you've all worked on with your work on HIPAA, confidentiality is not an absolute ethical goal and actually I would suggest perhaps dual policy goals – and again, this is part of the sort of supporting language in HIPAA – on the one hand, we want to protect confidentiality, but on the other hand, we want to have access to information for clinical care, for public health and research.
You know, what's interesting is everyone would agree, I think, that in SARS, anthrax, avian flu, things like that, the public health system needs access to individualized medical records for contact tracing, epidemiological source outbreak research, and the issue is not does the patient have to consent; the issue is really notifying the patient in a compassionate way and carrying out that investigation in a way that respects their privacy and confidentiality to the greatest extent possible.
Research we ordinarily think of, I would argue, as being somewhat more elective, that wouldn't it be nice to do research but it's not a moral necessity, and certainly our common rule, our Federal regulations for research going back to the Delmar(?) Report suggests that it's optional – it's morally desirable, but optional.
But I would turn it around and say on issues like Cox-2 inhibitors for arthritis where, you know, these drugs really, two of these drugs at least, are in the top 10 prescribed drugs in the country, blockbuster drug; the question of depression and suicidality in children and teenagers is again a pressing public health problem, I would argue to you or I would suggest to you that certain types of outcome research may be more like public health than research that we typically think of (?).
So if we are going to really do certain types of databased research on really important topics of great public health import, what are some of the issues?
Well, first I see the technical challenges, and you talked about some this morning. You need compatibility between different organizations that have very different data formats.
In terms of how myocardial infarction is recorded in one medical care provider electronic record system may be very different than the way it's recorded in another. And you need to be able to protect identifying links if you're going to merge different databases that have different types of information you need to answer the research question.
Patient authorization. As you know, under HIPAA, the starting presumption is you need patient authorization and then there's certain exceptions or waivers. The empirical data are very clear: If you ask patients about authorization to use their personal health information for research, they say it's important. And in fact, in studies where attempts were made to enroll patients into a database where just their data will be collected and pooled, about half the patients do not give permission.
Now, I must say that one problem with all these studies is it's not clear what the patients were told about the database, why it's important, how it might help other people like them, so it's not clear how well they're informed. But they certainly gave a preference in terms of not sending back the consent, the authorization.
What's, I think, even more disturbing is that there's clear evidence of a selection bias. One very nice published study – it's actually a Canadian database on stroke – showed there was clear selection bias, that the sickest patients, the most complicated patients, did not agree to allow their data to be used. Now, whether it's they really refused, they were just too sick to fill out the form, we don't know.
But my concern is that incomplete data may be misleading and it could conceivably even be worse than no database at all because you might find associations that really are spurious.
So the issue of patient authorization and how it might actually serve as a deterrent to the kinds of research we would like to see done in certain conditions I think is a tricky condition that I hope you can sort out.
Okay, and finally there's the oversight regulations which I think is really in your bailiwick. I think we need to distinguish between what the regulations literally say and how they're implemented, interpreted, on the front lines by IRBs, by privacy boards, by researchers.
As you know, there's provisions under the current HIPAA regulations for de-identification of data, a waiver of authorization.
First, let me point out that de-identified data will not suffice to do the kind of databased research I was talking about because you need identifiers to link these different databases. Waiver of authorization is permissible, is possible, under HIPAA. I think that the impression you get talking to IRB chairs and researchers is that IRBs are confused about this and they're not allowing waivers to be granted in situations where it would seem from a, you know, straightforward reading of the protocol in HIPAA that it would fall under that.
Now, obviously IRBs, privacy boards are allowed to be stricter than the regulations themselves, but this, I would suggest to you, has the impact of making research more difficult.
So I think at the very least there needs to be guidance for IRBs and privacy boards and I actually put in researchers as well as what kind of outcome databased research is permissible under HIPAA.
And I also think there's a problem at the other end, that even if the IRB approves a study involving existing data under a waiver of authorization, the provider may be reluctant. The hospital, the doctor, the clinic may be reluctant to provide the data.
In California, we've seen that where there's actually a state-mandated cancer registry where access to that squarely falls into one of the HIPAA black letter provisions. Hospitals are not submitting the data to the cancer registry as they had been before HIPAA and as HIPAA clearly permits because of their concerns about their liability and their concerns about patients' concerns about privacy.
So I think this at least needs to be clarified, but I would argue even if the regulations work on the ground as they were intended to on paper, it still may make it difficult or impossible to do the kinds of studies we talked about in the beginning of my presentation.
Okay, so let me be provocative and throw out some things for you to chew on.
First, I think there needs to be a lot of public education about the value of databased research, both its value and of course its limitations, but also I think about the tradeoffs between confidentiality and patient benefit as evidenced by the possible usefulness of outcomes research.
Secondly, I would suggest we might want to think about some research as being similar to public health, and the implication, I would suggest, might be that the ethical issue might be notification rather than consent or authorization as the kind of the entrée into the data.
And finally, I think there needs to be a focus on confidentiality as well as privacy. Professor Westin and others have clearly documented the public's concerns about leakage of their personal data to people who really shouldn't be seeing it. So how personal health information is protected and could be protected and making that as airtight as possible I think is a real challenge.
So let me stop there, and I hope I stimulated you to think about these things. And I'm going to now disconnect so the third speaker can get –
MR. ROTHSTEIN: Thank you, Bernie, and I can tell you the answer is: Yes, you did stimulate lots of sort of synapses firing and I'm other sure others will have questions as well when we have our panel discussion.
It's now my pleasure to recognize our second speaker on this panel, someone who has shared her expertise with us many times in the past, and we're always very grateful for her comments, Joy Pritts.
MS. PRITTS: Good afternoon. I'd like to thank the Committee for inviting me back to speak with them.
And I've been asked to speak about patient interest in health information technology, and I have to say, after listening to Dr. Lo, I'm really torn between doing a full rebuttal of everything he said and going on with my presentation as planned, but I think there'll be time for that during the question and answer period.
Where I would like to start is a period almost 10 years ago I think it was, with a quote from the former
Secretary of Health and Human Services, Donna Shalala. And she was talking about health information technology and people and where it might lead us, and she posed a question which I think is as valid today and will continue to be valid in the future as it was 10 years ago. She asked:
"When all is said and done, will our health records be used to heal us or to reveal us?"
And I think this is a question that we have to continue to ask as we continue in the process of developing health information technology.
Essentially what she's asking is a point which has been brought up by other speakers during the day, which is this balancing between the benefits and the risks, and particularly what I'm going to speak of is how patients perceive those benefits and risks.
We'll start with the benefits, because clearly there are benefits to patients to having some information in electronic form. Patients aren't all about just protecting their own information and keeping it quiet. There are some valid reasons for having information in electronic form and developing health information technology.
A lot of these have been mentioned earlier in the day, so I'll just briefly touch on some of them. The improved quality of care from doctors having complete set
of records, from being able to read the records between different health care providers where illegible records result in unfortunate errors. The records are more complete. Theoretically, at some point in our lives, we may have a longitudinal record of our health from before we were born until the current time, which gives a doctor a full picture of your whole medical condition.
Electronic records are more readily accessible to providers. They could be more accessible to patients if the system is set up in a certain manner.
They can eliminate duplicative tests which for any patient who's had to undergo more than one test for a condition can really be a large improvement.
And they can streamline the administrative process. Any human being who's ever been in a hospital system knows what it's like when you go from department to department and you're asked the same questions every new department. And with an electronic medical record, that should be no longer a problem.
Now, that might seem to be a minor point, but when you're in the hospital and you're upset, it becomes a very major inconvenience, and in fact, a major interruption to the health care system.
But for every one of these benefits, you can kind of flip the coin and see also the risks that are associated with it. These risks are real, and they must be taken into account when we look forward in developing health information technology.
Yes, the records are more accessible. They're accessible to providers in their office, at home, on wireless networks, and it raises the concern with a lot of people as to how secure the records are. Are they being protected? As has been told to me, somebody could potentially sit in a cafeteria with a WIFI and pick up some information that they probably should not be picking up because it's being transferred within the hospital.
The records are also potentially more accessible to others outside of the health care system. As interesting as the National Health Information Infrastructure is kind of bubbling along and we're talking about how it's developing, there are different players who are coming into the system that I'm not really sure were originally anticipated being central core players in the system, including, as I'm sure you've heard me on this course before, banks and financial institutions.
And we see that this is happening right now. There are financial institutions who are administering health savings accounts, so they have access to very detailed health information. They are not covered by the privacy rule, and we have yet to see any of the regulations come out from the banking authorities as to how they may use that information under the FACCT act – that's the acronym and I can't remember what all the letters stand for right now, but it's dealing with financial information.
So we're still not sure, even though it's moved to that point, it's happening now; we don't know if that information is covered. We know it's not covered under HIPAA, and right now actually it's not covered under anything because the regulations are out.
There's also more information accessible, as I said here. You could have this longitudinal record of everything that's happened to you from birth, and one hand that's really good, but a lot of people have things happen to them at times in their lives, often when they are younger, that they would just as soon not have subject to review perhaps when they are older, and that's something that some people are a little bit concerned about: Are the sins of their youth always going to be around to haunt them?
Overall, there is also seeming to be kind of a loss of control over your health information, and this just comes from technology in general, that people believe that once it gets in the system, it's beyond their control; they don't know who has access to it, they don't know what information they're seeing. And I would say that the notice of privacy practice unfortunately has not really helped alleviate this concern.
One of the other benefits I mentioned was that it's possible that the information could be more accessible to the patient. But it's also possible that it will be less accessible to the patient. If it's written in code, some uniform codes so that it can be transferred easily between providers and health plans, are patients going to be able to access this information and understand what it says?
It's a problem that's not too much different from how it is now. Many people can't understand what their health records say when they get access to them. They're often written in medical jargon or shorthand. But there are resources that you can go to that explain what that means.
So there is some concern that you'll get some obscure computer code somewhere down the line and you'll have no idea what it means. Some people who get explanations of benefits have certainly already experienced this. And there's no requirement under HIPAA that any of this information be translated into plain language or English.
There's also a possibility that the movement towards electronic records is going to leave some patients behind. There's a real potential here to widen the health care gap because not everybody has access to a computer. In fact, some of the most vulnerable populations health-wise do not.
And as we move forward, it's a privacy concern in the sense that people should have access and be able to control their information. It's also just a general issue of fairness and equity that, as we move along, people should be brought up so that everybody has an even playing field.
So these risks really can result in harm. And the harm that comes from the downside of the electronic medical records includes the stigma that's attached to certain medical conditions being spread. The consent that most people that are at the top of almost everybody's list, they're afraid they're going to lose their job and they're afraid they're going to lose their insurance, and that's because of the way our health care system is.
Most people have their health care insurance through their employer and people are concerned that if their employer finds out they have certain health conditions that they're going to lose your job and if you lose your job, you lose your health insurance, and if you lose your health insurance, you're in big trouble.
The majority of bankruptcies in this country today involve health care costs and health care debt.
There's also a concern about police power and how authorities are going to access information if it's on this electronic database. Now, I believe Dr. Westin talked this morning about how opposed people would be to a national database, and I can guarantee you, every time I've been in a meeting or a conference and anybody mentions that word, you almost see the helicopters circling the room; it really does provoke a very adverse reaction from people.
And the unique identifier has been mentioned as something that is necessary in order to transfer information between providers, and it also an item which provokes very adverse reaction among many people. And I think there are a couple of reasons why people are really adverse to the unique identifier.
One is the experience we've had with Social Security numbers. They ended up being used for a purpose that they never really were intended to be used for, and people are afraid that the national health unique identifier would fall in the same category.
I think it also probably increases the potential risk for identity theft. Having all this information in an electronic form, you now not only have the person's name, their address, their date of birth, their Social Security number, you probably also know their mother's middle name
if you have this longitudinal record, so you have information all in one place that is very tempting for people who have possible bad motives.
A recent example of this is the case that happened out in Seattle at the end of last year where an employee of a cancer clinic obtained the patient identification of a cancer patient. He had his name, the Social Security number and his date of birth, and he obtained credit cards in this patient's name and he charged $9,000 under the patient's name and I think four or five cards, all while the man was undergoing chemotherapy. And I think that we need to be aware of this because people who are sick are vulnerable and they do not have the time or the strength or the energy to be dealing with these types of issues.
Now, the person in Seattle actually pled guilty and he was sentenced under HIPAA for a criminal violation of HIPAA, and I believe that's the first one in the country.
But I will also say that many legal experts came out afterwards and said that they believed that HIPAA didn't even apply to this gentleman because he isn't a covered entity. He's not a health plan, he's not a health care clearinghouse, and he's not a health care provider under HIPAA.
So there was a lot of discussion in the legal community saying that, you know, people who hack into medical systems to get this kind of information probably are not subject to the HIPAA civil and criminal provisions, and that is a gaping hole that needs to be fixed.
When you're balancing these interests, I think that you would find when you talk to different patient groups, you'd find that they give very different weight to the benefits versus the risks.
And the question pretty much comes down to, well, what do you think you have to lose? If you're healthy, if you're young, if you're kind of in the background – nobody really knows about you, you probably don't have a lot to lose. But if you're sick or somebody in your family's been sick, then the ratio changes pretty quickly.
It also changes depending on in some ways what your background is. We've heard a lot that people who are in different ethnic groups have different perceptions of these major databases, and a lot of this runs back to Tuskegee and the mistrust that that engendered in the African-American community, and that needs to be repaired, even though it's not clinical trials going on or things of that sort, but the trust in the clinical community as to what you can do with health information comes from how you've been treated in the past.
Now, there are other groups of people who also have a lot to lose. If you have the fortune, I guess, of being famous, your information is probably a lot more vulnerable than somebody who's kind of anonymous like most of us are.
When President Clinton was hospitalized, they found 17 people who tried to access his health information while he was in the hospital who weren't supposed to have any access to it. They ranged from doctors to clerks. Not one of them was fired, I would like to note. They were suspended.
I think that's what's noted here is – I'd like to quote from the newspaper article. They talked to some of the employees. They interviewed one who's leaving and she said, "I'm not surprised. People are nosy. It happens all the time." So it's not only President Clinton, ex-President Clinton, who has to be worried about it.
This curiosity factor also applies to people in small communities where everybody knows everybody else. It happens to people who work within the health system – you go into a hospital; everybody knows you. People are curious, they want to see your records. People know you because they're related to you. You're involved in a divorce action or something of that nature and people have an interest. So it's not just people who are famous, but there's a large kind of curiosity factor that applies to many just everyday people.
Also, people who have diseases that are still largely stigmatized in the community have a lot to lose. Here in Washington, we saw this a number of years ago with a local hospital where a gentleman went to a local hospital and he knew the clerk who was checking him in. As a matter of fact, they both worked at another job together in the evenings.
And the clerk was curious as to why the gentleman was there, and she found out he had HIV. She went back to her workplace, the other workplace, and she spread the rumor all around that the man had that "alphabet disease." And they made his life pure, unmitigated hell.
He sued the hospital and he won $250,000, even though the hospital had all these great policies in place about who could have access to the information. And the reason he won was because even though they had those policies, nobody was really enforcing them.
There is a recent survey that's done by HIPAA Advisory which came out a few months ago which showed that a lot of people are not following up on the privacy policies that they have in place. They're not monitoring. And that just is not following through the way people should.
On the other hand, there are a lot of people who have chronic diseases for whom following through with having electronic medical records and following through with their care would provide an unbelievable benefit to how they can manage their care. Being able to transmit their health symptoms on a daily basis to their doctor could really remove a lot of doctor visits and improve their care.
Another thing that we've seen – I've heard this at a lot of conferences and in my older age I'm fairly amused by it – there are some of younger people who say, "Well, you know, we surf all the net all the time. You know, we don't really care about privacy that much. We get information all the time."
But I'd also like to say that this is the same group of people where, you know, they get on these Internet sites and they're not giving necessarily the accurate information. You know, the 25-year-old male is now an 18-year-old female who's in college or something.
So, you have a group here that's used to giving information but they're also used to subverting the system, and patients have always tried to subvert the system and we should be aware that there just may be new ways of doing it.
I think some of the unifying things here are that, no matter which end of the continuum you're on, people want to have some ability to control how their health information is used and who it's shared it and they want to know who has access to it. They want to be able to trust that it's being used properly, as Dr. Lo said, that it's being used for health care purposes and not other purposes.
And they want accountability. If somebody violates their privacy, they want the person held accountable. And I've heard this time and again.
We did a series of focus groups with veterans dealing with how they felt about having their health information used for research purposes, but that's a whole other discussion, but one of the items that came up repeatedly was: What happens if someone violates the rule and actually discloses the information? So this is a concern that people have. They want to see accountability.
And – which leads to, well, does HIPAA do this? And I would say it's a good start, but it doesn't do it all. In some ways, HIPAA was outdated the day it was written because the health care system continues to evolve so quickly that it's hard to keep up.
One of the areas that really needs to be addressed is that HIPAA does not directly cover everybody who will have access to health information, to a health information technology. This is something that has to be resolved by Congress; it's not something that HHS can solve.
But as we see, you have many more players coming into the picture and we don't know how they are covered, or whether they will be covered. And the system is leaving the station and the privacy protections are back on the platform.
In HIPAA, as they are written now, there are at least many people who believe the penalties apply only to covered entities. That also needs to be resolved by Congress. Penalties should apply directly to anybody who improperly accesses health information. And I think that's maybe what they were intended to do, but there are a substantial number of people out there who think that they do not do that.
And I also believe on a more practical note that that the notices of privacy practice need to be improved. They aren't doing the job, and it would be, I think, good for everybody to go back and revisit them and look at why we want them and what information they should have in them and why they're not serving the purpose, because time and again we have heard that people don't read them or if they do read them, they do not understand them.
Thank you.
MR. ROTHSTEIN: Thank you very much, and I know we'll have questions for you at the conclusion of the panel presentations.
And the third witness of this panel is Mr. Thomas McLellan.
MR. McLELLAN: Thank you very much.
I enter the debate on the other side, I guess. I do think the electronic health record train is leaving and my pitch is really quite a simple one. That is, that addiction treatment information should be part of the electronic health record.
And there are really two reasons that I take this position. One is that it's necessary for public health and public safety and two, because you can do it, okay? And I'll try to be brief and direct in talking about this.
I should say I'm a researcher in the substance abuse treatment field. I'm a professor of psychiatry in the Department of Psychiatry at the University of Pennsylvania and I have a small research institute. But I'm not an advocate; I don't represent a particular treatment perspective or organization.
I think it's very important to have addiction information, substance use and substance abuse information, in an electronic health record because addiction itself is a chronic illness that requires treatment. There are at least two million people in specialty care alone, but many more receive unrecorded care through primary care and other mechanisms of mental health.
Moreover, literally every month, new medications, therapies, interventions are entering the scene, which means that there's going to be more access, more availability, more options. It's going to be a much more mainstream event.
So, for no other reason, it's time to acknowledge that addiction's an illness, that it's being treated in the health care system, and that it needs the same kind of information to manage it as any other illness.
But wait, as they say on the game shows, there's more. And that is, that addiction is part of addiction or substance use. Even problematic or excessive substance use, sub-diagnostic, is a very important part of the management of lots of other chronic illnesses. Diabetes, hypertension, asthma, breast cancer, sleep disorders, chronic pain, they all are affected by substance use. Too often, these illnesses now are badly treated because of poorly disclosed, unavailable information.
Now, a lot of people think you don't really need it; this is a completely segregated system, the addiction treatment, and it's a very simple one. You basically take a substance abuser, you put him in a box called – I don't know if you have these slides if you're looking for them – but you put him a box called an addiction treatment program. They stay there for 28 days and like a washing machine, they come out a non-substance abuser.
Well, that's the old days. Now, addiction treatment is much more like the treatment of other illnesses. There's an acute care phase, usually in hospitals, for brief purposes to transfer often to specialty care, but sometimes directly to continued care. And all of the options that are available in other areas of medicine are becoming, or are already, available in the treatment of addiction.
The point here is that like the rest of medicine, like the rest of health care, addiction also is affected now.
So those are the reasons why I think addiction treatment, addiction information, substance use information, should be included.
Now I want to tell you why I think it's possible, and I take this broadly within the rubric of the Institute of Medicine Crossing the Quality Chasm principles of patient-centered care. So all the points that I would make are within that rubric.
First, you might say, no, you can't really do this with substance abusers because they have diminished capacity or they have loss of control; they don't have the wherewithal to make informed decisions about the use of their information – and let's remember, it is their information. That's not so.
Yes, people in the throes of withdrawal are under temporary incapacitation as are patients who have strokes or who have terrible pain. It's not qualitatively different. And it is temporary.
What we're recommending – I'm recommending – is that the sharing of the information within the confines of the medical health system be the standard, but as Dr. Lo was talking about, we think within the boundaries of patient-centered care, the patient definitely has to be notified of this and definitely has the right to deny that.
Too often now, the standard is not for the benefit of the patient, just for the sake of reduced workload and hassle, not sharing simply to hide behind that. Not to say that there aren't important issues – of course there are – but my point, again, is that the same issues as lots of other – of the ones that you'll be confronting.
Now, unlike other areas, I think there are special provisions that are going to have to happen if this is to be done the right way, which is what I think we all want.
One, there are codes for most of the contemporary medications, therapies, interventions that are presently under delivery. They're not widely disseminated, they're not widely used, and that prevents accurate communication of things. And I think that's very remediable.
Finally, however, the addiction treatment specialty care sector has special problems due to decades of under-funding and segregation really. There aren't the capacity for computer integration information management specialty that there are in the rest of health care, and I think special provisions are going to have to be made.
So in summary, I think for the sake of patient safety and public health safety, it is necessary and wise to include addiction information into the developing electronic health record. It's good for both the patients and for the rest of those who are affected by addiction and substance use in mainstream health care.
Moreover, I think that within the confines of patient-centered care and existing statutes, it is possible and practical to integrate this information, and that would be my call.
So – thank you.
MR. ROTHSTEIN: Thank you very much.
Well, those three statements were certainly provocative and they've provoked me to ask several questions, but I will keep my initial questions short so my colleagues will also get a chance.
I'd like to begin with Dr. Lo and ask you a question that relates both to your testimony and testimony that we heard this morning. And I think it's fair to say that you suggested that certain kinds of sensitive information should be treated distinctly, is that fair to say?
DR. LO: I'm not sure I'd say that. I just noted that certain types are currently treated.
MR. ROTHSTEIN: Okay. So is it your position that that should be changed or that should be continued in some degree in the –
DR. LO: Well, let me go back to the topic.
MR. ROTHSTEIN: Okay.
DR. LO: To the extent that certain types of information are singled out for special treatment, it makes outcomes research using large databases on those conditions harder to do because you don't have access to comprehensive, integrated information.
So I think as you decide whether genetics or HIV or psychiatric therapy should be separate or not, keep in mind what you may be giving up in terms of research that I would argue is close to public health, obviously.
MR. ROTHSTEIN: Okay. Well, instead of asking you the question then – I'm still determined to ask this question –
[Laughter.]
MR. ROTHSTEIN: -- so maybe I'll start with Joy and then ask the others to comment.
We have heard several people clearly say at least that there should be separate rules for certain unspecified classes of medical information that's considered to be sensitive. And the question I have, and I think it's a very important one, is whether those should be inclusion rules or retrieval rules, which are quite different.
In other words, let's suppose we decided we wanted to treated Condition X separately because it's very sensitive. Does that mean that X does not get into medical records in any place, or does that mean in retrieving those records, certain classes of people who have access to the records don't get that?
And I think that's an important distinction, and so let me ask whether – I'm not saying you've said anything about that; I'm just asking whether you've got a comment about that point.
MS. PRITTS: It is my understanding that there are electronic health record systems that are designed the way that you spoke of, which is that all the information is in somebody's record, but it's not necessarily retrievable by all health care providers in a system.
MR. ROTHSTEIN: Yes, I think in Alan Westin's comment when he was talking about a segmented health record, he wasn't talking about six different health records or six components. I think he was really talking about a sort of a retrieval algorithm, and so –
MS. PRITTS: I'm sorry – I didn't see his, but I know I'm thinking of – I believe it's Duke University or somewhere; I may have the wrong –
MR. ROTHSTEIN: Well, he said that the elements of what he called a segmented health record were personal identifications, medical transactions, drug history, mental health which had to be encrypted, life style information and anonymous data that could be used for research purposes.
And my take on this is that what he was suggesting was a retrieval algorithm where the information where the information would be in the record. Yet, an argument could be made that in promoting patient autonomy there should be certain classes of information that the patient should have the ability or right to not get into the record at all. And so I'm trying to see if you buy that and if you do, is it an inclusion rule or is it a retrieval rule?
MS. PRITTS: It's a hard question to answer. I think it depends on who – I mean, even within the patient community you'll get different answers on that because there are some patient privacy advocates who very firmly believe that the patient should have the right to say what gets in the record and what doesn't get in the record. And that's kind of on the extreme edge of things.
I would say the group that's kind of moved one over from that says that the patient at least gets to say who gets to see what's in the record. And I find it a little disturbing that as we're talking about the electronic health record and how consumer driven this is, I keep hearing that term used with it, that it's consumer driven, that really the consumer, the way things are now, doesn't really have a whole lot of say in who the record goes to and how they can use it.
The retrieval system helps in that it gives the patient the option. It kind of fits within the privacy rule because it's like the patient can request a restriction on how the information is used for treatment and payment in saying, "Well, yes, it's in the record, but I'd prefer that this information only be available to my treating physicians."
MR. ROTHSTEIN: So you used the example in your testimony about things that you did many years ago, right?
MS. PRITTS: Right.
MR. ROTHSTEIN: But under your discussion of a retrieval rule, you wouldn't have the right to expunge that now; you would just have the right to limit who could see it, is that what you're saying?
MS. PRITTS: You know, on the one hand I think it makes perfect sense if you want your medical record to be complete to have it all there.
On the other hand, you know, a lot of us would like to go back and erase things that we did in the past. And they may not really be relevant now.
And I'm not a physician, so I don't feel like I'm qualified to say how relevant some of that information is.
But I do remember the DES cases when they had to go back quite a bit of time to find out information about mothers who took DES and were able to make the connection with I believe it was cancer in their daughters.
So, you know, I think from a medical point of view it's kind of hard to say that you should be able to really just expunge your medical record at some point.
MR. ROTHSTEIN: Okay. Bernie, now that the statement has not been attributed to you, would you like to comment?
DR. LO: No, no – I like your second question better than the first.
[Laughter.]
DR. LO: I would think that, as you put it, retrieval rules are a lot more flexible than exclusion rules. So what happens all the time, I think, in medicine is that it depends on the situation. If I'm coming in for a vaccination, I think a lot of information really isn't relevant to that encounter. If I'm coming in because I suddenly fall down in the street and I'm comatose, a lot of information, all the drugs I've ever been prescribed and taking become very relevant.
So I think if the data are there, then they're potentially usable for the direct benefit of the patient for clinical care decisions and presumably a treating physician in an emergency or acute situation should have access to a pretty broad spectrum of information. But if the information never got in in the first place because of an exclusion rule, then that would be absolutely irretrievably lost.
MR. ROTHSTEIN: MR. McLELLAN?
MR. McLELLAN: Yes, I think the principles are safety and efficacy first, patient preference second, because they have the rights to deny. But with those rights come unavoidable consequences.
If you don't make pertinent information of yours accessible for your medical care, you cannot expect complete health care.
I still think that's the right of the patient, because after all – and it's quite consistent with the Institute of Medicine's rules. But it's like full disclosure to the patient – yes, you may keep this sensitive information out of your record, but it may complicate the treatment of your other condition down the road.
The one that I can't quite figure out is where public health and public safety information – the patient has cholera and doesn't want that put in his record, is that permissible? What level does that occur?
The other point I would make is that if you go down the list of things that are seemingly not very sensitive and those that are very sensitive, you're going to quickly find that the sensitive ones are way more prevalent than the not sensitive ones. Even something like a vaccination, you have a terrible reaction to it two weeks later is going to be sensitive.
MR. ROTHSTEIN: I have one question from your testimony. You mentioned – I don't believe you gave a figure, but you said there were many people who were in drug treatment programs who receive "unrecorded care," right?
MR. McLELLAN: Yes.
MR. ROTHSTEIN: How many of those would forego treatment altogether if it had to be recorded?
MR. McLELLAN: An excellent question. It's an issue that we're looking for all the time. But you can imagine if you don't know how – I don't even know how to ask that question.
The answer is I don't know. But it is widely reported. Not just for substance abuse but for mental health diagnoses of all types. Physicians prescribe medication under a different diagnosis. They don't record them at all. The primary care physicians give brief interventions for substance use that aren't recorded at all.
MR. ROTHSTEIN: Yes. I mean, that's one of the things that does give me pause. If we adopted an inflexible, non-patient-controlled system, are we going to have a proliferation of Mark's drive-through, no-record, no-research, no-questions-asked health care that would cater to people who are very privacy conscious and would we be, you know, making things worse not only for their treatment but for all sorts of other things that we're concerned about – public health and research and so on?
Let me recognize other members of the Subcommittee with questions. Mr. Reynolds.
MR. REYNOLDS: In one of the previous presentations, it talks about the public being divided equally between – 48 percent say that the benefits outweigh the risks to privacy and 47 say the reverse. As I listened to the presentations – we had a class last week on how to look at things maybe differently, and I heard "no, because" and "yes, because."
So as you hear presentations, some people say, "No, don't do it because of this" and others say, "Yes, do it because of this." So think about how you would answer it if you said "yes, if" or "no, if." In other words, "yes" – so, Joy, for example, in your testimony, you obviously have a lot of good points of what the concerns are. But if this were to happen, what would be the list of stipulations that would absolutely need to be, you know, foundation agreements, and the same thing with Dr. Lo and the same thing with Tom.
So, you know, that's because we continue to hear testimony where it's very clear that there are keen points of view. And those points of view all have merit. But as you try to drive to if this should or shouldn't happen and if it does, what would be the stipulations under which you could take the 48 and 47 and try to make somebody – you know, make that a much larger number that accepts it and then the ones that don't, they would have some way to do something. So –
And I'm not asking you to re-testify everything, but just – you know, those are the kind of things that I'd just love your opinion as to whether those approaches would be more of a way to really get to the bottom line on what ought to happen.
MS. PRITTS: I see your point, and I think that there are some basic issues that – first of all, I think that it's going to happen whether you want it to or not because people are moving into electronic health records. They'll do it in the medical field just like they've done it in every other field. So I don't think that's a question. It will happen.
And so, when it is happening, I think that it's essential that – I mean, this kind of goes back to really the basic. I think that if people trusted the system a little bit more, then you would weigh more towards people who saw the benefits. But people don't trust the system right now, and so I think the question is, well, how do you make them trust the system?
And one way you make them trust the system is you make sure that everybody who has access to the information is subject to penalties if they use the information incorrectly. I mean, and in an ideal world, what you would also do is you'd say, you're going to have health insurance no matter what your medical condition is.
And since you asked, I'm going to go there, because I think that one of the reasons people don't like their medical information being kept in electronic form where it's, you know, shared a lot between health care providers and insurers, they don't like their insurance companies to know what's wrong with them. And the reason they don't want them to know what's wrong them is because they're afraid they're going to lose their health insurance.
And I don't know that you're really going to solve this issue until you solve the general just health care issue of how people get health care in this country. I know that's not really where we wanted to go with this, but I think it's a macro level issue that really needs to be addressed because I think fears would be much reduced if people weren't afraid they were going to lose their job and they were going to lose their insurance and then they're going to lose their house if they get sick.
MR. REYNOLDS: I understand when you asked a "yes, if" you expect –
MS. PRITTS: Okay!
[Laughter.]
MR. REYNOLDS: No, it brings the issues right – well, maybe a little more clearly.
MR. McLELLAN: I'll throw my two cents in. I don't think there's anybody who wouldn't say yes if, just as you were saying, the system were secure and under their control.
I'm on an Institute of Medicine panel right now looking at quality of care issues, a follow-up to the Crossing the Quality Chasm. We're debating this issue because there are tremendous errors in medicine at all levels because of lack of information. At the same time, there are dangers.
But nobody, I think, would take the position that it is inherently bad to have that information in the hands of people that can do you good. The question is how, not whether, how to keep it out of the hands of people that can do you harm, and who has authorization.
The second question, I think, was answered by the Institute of Medicine in their last report, and that it's patient's information. It's not the health system's information, it's the patient's, and that person has the right to ultimate decision with the attendant responsibilities for what occurs in the course of their care.
Now, that's quite glib for me to say it's simply a question of how. There are lots of thorny issues. Financial systems have been very good – not perfect, but very good at handling this kind of information. Perhaps you can learn lessons from them.
MR. ROTHSTEIN: Dr. Harding? Did you – I'm sorry –
MS. PRITTS: I disagree with something you said. I think there are some patients, there is a group of patients, that even if the information were secure, there would be a large difference of opinion as to who should have access to that, even within like researchers.
Some people feel it's my information and even though they'd be in the public good, I don't want researchers to have information to it unless they ask me. And it goes back to what you're saying about asking, but it's not that it's secure. It's almost like the sense of ownership, that it is my information, it's part of me, and, you know, I want people to at least ask me if they can have it.
MR. ROTHSTEIN: Richard?
DR. HARDING: You, Mr. McLellan, have raised a unique thing of testimony that we have had for some time where you have suggested that we should have substance abuse, or one of the sensitive issues, made a part of the general record instead of being separated out in some way. I think you're the first person who has made that recommendation to us.
Now, is that because you're saying that the bar should be raised for all medical issues and therefore high enough that sensitive issues can be covered. That's what you're saying today.
MR. McLELLAN: I'm saying there's nothing qualitatively different about venereal disease, mental health illnesses, infectious diseases, substance use, that make it so distinct that it shouldn't be a part of it.
I don't think it has anything to do with the information or its relevance to health care. I think it's merely a historical fact that some illnesses have been segregated financially.
DR. HARDING: Okay. And because of prejudice or whatever, okay. So then your issue is with access to that information.
MR. McLELLAN: Yes.
DR. HARDING: You want it all in there.
MR. McLELLAN: Yes, sir.
DR. HARDING: But then who accesses it, or how it's accessed?
MR. McLELLAN: My point specifically is if you made a system that would protect a person with venereal disease or who had abortion or anything else, that system would easily accommodate substance use information, mental health information, Alzheimer's information, things like that.
DR. HARDING: Does anybody else have a comment about that?
DR. LO: Well, is it pertinent that substance abuse is often linked with illegal activities and the legal implications are more than what occurs with these other medical conditions?
MR. McLELLAN: Not within the confines of the health care. It doesn't matter to the doctor that's treating it whether –
MR. ROTHSTEIN: But it does matter to the patient when the police --
DR. HARDING: The crack mother --
MR. ROTHSTEIN: -- come in and subpoena the records. I'm sorry –
DR. HARDING: The crack mother or something like that.
MR. ROTHSTEIN: Yes. Ms. Wattenberg, you wanted to say something?
MS. WATTENBERG: Yes, and I'll just sort of add on some comments here.
You know, for those of you who know me, and I work over at SAMHSA, I think I have finally sort of really gotten substance abuse in the protection of those records and that we have this other existing Federal statute – it's
the Part II regulation – I think I'd like to pat myself on the back, sort of fairly successful in that. And here I, you know, invite Tom to come, knowing that he was sort of in direct opposition to that.
You know, I do think that –
MR. ROTHSTEIN: Your open-mindedness is much appreciated.
MS. WATTENBERG: Another pat on the back, right?
[Laughter.]
MS. WATTENBERG: You know, but there are issues about, you know, avoidance of help-seeking behaviors, and I do think that there is this overlay of the legal issues that HIPAA does not protect records from law enforcement in the same way that Part II does.
So I'm not sure that that's sort of what SAMHSA would be advocating or that, you know, a large portion of what the substance abuse community would be advocating. And yet, as I pointed out in one of the previous hearings, right now substance abuse information, health care information, is subject to sort of this very myriad implementation where if you're doing screening a brief intervention in an emergency room because you don't meet the definition of a program, some information is part of the general health care record. And yet if you're from a program like a Betty Ford Center, then that information is not part of the health care record.
So, you know, in preparing and sort of talking to people for this particular hearing, I now have a list of like 20 things that we in the substance abuse community really need to think about.
That's all I want to say.
MR. ROTHSTEIN: I'd like to recognize Bob Hungate now.
MR. HUNGATE: Thank you. I was just trying to get my arm in front of Richard.
[Laughter.]
MR. HUNGATE: I take some of my information from The New Yorker instead of from health services researches and listened to Dr. Groopman and Dr. Atuguaday(?) in their recent articles about medical information.
Groopman talked about the fact that there is little research on pediatrics in many medications. In your comments on Celebrex, I think wouldn't it have been nice if somebody took the database that you referred to and parsed it and found out which of those patients were particularly susceptible and published that two years ago instead of now?
Patients don't understand how much is lost by not doing that. I learned it when I worked at Hewlett Packard and sold medical devices and began to understand the silo that we drew around our product and the silo the profession did around their product.
And with electronic health records, we can cut across that and use database research to do some more things. But patients don't have the understanding of that. And so I think it's different if there were some organization that were doing that for my benefit and I knew it, I would be more willing to divulge it than to this broad spectrum of researchers who are nameless people that I know nothing about. It just seems to me there's something there that's not done that might help the understanding.
DR. LO: Again, let me try and tie that back with Dr. Reynolds's "what if" question. I mean, I think what you're suggesting I would certainly agree with is that patients really need to understand the potential benefit of the uses of health information that are not the classic that doctor and nurse taking care of you looks at in the medical record.
But I think that when we've talked about how this all has to be patient-centered and a patient has to have the final say, we want that to be an informed decision. I think this morning you heard a lot of testimony that the current notification under HIPAA where you get this piece of paper and some people don't even remember getting it doesn't do that job.
So I think there needs to be some effort, and I think you're right. If people really understood what certain types of outcomes research might do, how it might benefit them or their families, and the protection that would be taken to make sure the data doesn't leak out, then I think they would make an informed decision.
And I think most people would say, sure, if you can tell me whether Drug A works and doesn't from this data, not a final answer but better than just sort of my doctor's personal opinion, let's go for it.
MR. HUNGATE: My sense is that that would have to be an independent entity, a UL lab kind of a thing that's separate that looks across the system and has obligations, a vetting process that guarantees that it is a kind of an entity that's different than the vested entities people are accustomed to dealing with.
DR. LO: And that entity needs to be very transparent and very accountable back to the public.
Yes. I have things like that in public health. I mean, we have public health departments that try and achieve that amount of trust by sort of really going the extra mile at least in crisis situations to explain, to be credible, to address concerns and fears.
MR. HUNGATE: But it's not well understood.
MR. ROTHSTEIN: Yes, Mr. McLellan?
MR. McLELLAN: I've come to think of it, again, as part of the deliberations in our IOM panel as the same kind of a disclosure and conversation that you would get in if you were starting to talk with the patient about surgery.
You have a recommendation and it's based, if you're a physician or you're part of the health field, you have a recommendation based on the research, you have a recommendation based on prior care. It's ultimately the patient's decision. So that's why you're trying to inform them.
And I see it the same way with regard to the collection and utilization of information. I think it is a fact that if all information that's pertinent to health care is not available within the health care system, there are risks, definable risks, to safety and benefit.
Ultimately, the patient must weigh those risks versus what he/she is willing to share. And that's how I've come down on it.
MR. ROTHSTEIN: Well, I'd like to follow that up because I think Dr. Lo's provocative suggestion regarding automatic access to database research is perhaps more radical than people think at first hearing because with the exception of the kinds of waivers that an IRB or a privacy board could give with regard to authorization or informed consent to researcher access to certain database information, we have not since Nuremberg recognized the dichotomy between clinical intervention and other forms of research.
And I think what I hear you suggesting is some sort of carve-out justified by the sort of the public health/research value of doing that. I mean, you might be able to make an argument that is persuasive to some people, but it clearly is, it seems to me, a major shift from the way we currently view research. And I'll give you a chance to respond to that.
Even if one could support that on its own merits in terms of public health in the broadest sense, I think we would need to be concerned about the slippery slope to other areas including anti-terrorism where Homeland Security might want real time monitoring of all the people who come in with fevers et cetera, et cetera, et cetera.
And so that we appreciate that privacy costs, and part of the cost is clinical care and part of the cost is public health and part of the cost is research and so on. I would be much more comfortable with your educational model where people were better informed about the value of broad participation in research studies certainly that don't have any physical risk to them and the value of the security protections that would be built in and so forth than this change from the way we've viewed research for the last 50 years.
So I wonder if you could comment on that.
DR. LO: Well, first I would want to try and make a difference between – there's a spectrum of outcomes, databased research, and I think some of it frankly is of the trivial who cares and some of it, I think, starts to get very close to other areas where there's evidence that there is some public policy that supports access without patient consent.
So states that have cancer registry, you don't consent to have your case included in the cancer registry; your legislature voted to have that. And you can go to the legislatures and repeal the law but that was a public policy geared for a specific condition with certain kind of qualifications.
MR. ROTHSTEIN: And all sorts of infectious disease reports. Sure.
DR. LO: And again, I think the most recent sort of attempts to balance the need for public health access to data and protections for privacy and individualized more generally have tried to sort of say both values are very, very important. We would like to have both, but there are situations in which the individual may not have the right to say I'm not giving you information. Certainly in public health, that's most apparent because there's immediate, serious, visible harm to individuals which you'll be able to identify.
With databased research, it's statistical harm, but the number of people potentially affected – you know, again, people can sort of extrapolate numbers, but some people are saying as many as 10,000 people may have had heart attacks, fatal heart attacks, due to use of these Cox-2 inhibitors when in fact, had it been known, they would not have been on the drug.
So I think you have a tremendously important task to sort this all out and as you all know, the sort of directness of the threat and the threat to identify individuals makes it more pressing. But I think we do need to sort of at least be open to the possibility that there's some types of research that may be so beneficial for the public, so serious, so widespread, that we may choose to say that if we can get the safeguards strong enough and have the public understand it well enough to agree, we may be willing to proceed without individual –
MR. ROTHSTEIN: And how would you make that determination of whether it's so important, and who would make the determination of whether that's so important that it could be accessed without consent or authorization?
DR. LO: Again, I think it really comes down – I mean, I think you were getting at that question. It needs to be someone who's perceived as trustworthy, someone who's accountable, and someone who is transparent in terms of stating actually what's being done, why it's important, and, you know, the ability to sort of have that decision reviewed.
And again, in public health now we're sort of thinking about what are the parameters under which we will allow a governor or a state department of public health to declare an emergency with quite broad powers but having some sort of due process procedures that makes the public feel that they're not overstepping their bounds. But I think there are models.
MR. ROTHSTEIN: Joy?
MS. PRITTS: Yes. I'd like to announce that many of the states that have these disease registries like cancer registries also have very stringent rules that are imposed directly on the people who have access to those registries as to what they can do with the information and how they can share it. A little different than it is currently at the Federal level where you only have – it's kind of bootstrapped in where the provider is the one who really bears the responsibility for insuring that the researcher have their ducks in a row so that if you were to move to any system such as is suggested by Dr. Lo, I think it would be imperative that the laws address the researchers directly, not through this indirect fashion. And that would, I think, really go a long way to help people trust a little bit more if they knew they are directly responsible and they are directly accountable if they do something wrong with the information.
DR. LO: I think you could make that even stronger. You could say that you may not pass that information on to a third party.
I think the other thing that must be kept in mind is that you only need the initial identifier to link the data. Once you have your database to do the Cox-2 study, you can turn it over to the researcher in de-identified format.
Now again, someone with enough computer time and savviness might be able to identify some people, but you could make that as de-identifiable as you'd like once you've got all the information in place. Now, you lose the chance to go back. You have to reassemble the data to do a, you know, five-year follow-up down the road, but those are the sorts of tradeoffs I think that you have to look at.
MR. ROTHSTEIN: So maybe you're saying that if we did that, besides the things that Joy suggested, we might consider a kind of minimum necessary and least identifiable form consistent with the uses requirement to add on?
DR. LO: Yes – well, I would be willing to go further, that this isn't sort of an open-ended, here's a great database; see what you can mine it for. It's that we have a really pressing problem; let's create a database tailored to that and then we don't want you to really use it for anything other than this extremely pressing research question which we think really is so close to public health investigation that we really want to treat it similar to that. And this is what public health officials are used to doing.
MR. ROTHSTEIN: And maybe some sort of board to make those –
Bob?
MR. HUNGATE: I'm an old marketing guy, and you got to look for somebody that wants something. And Vioxx is up in lights. We don't have all the data we need to know what's right. If Vioxx comes back on the market, why shouldn't the piece of paper that you get at the druggist when you get your drug say, "This is going to be treated as data in a public health way and these are the safeguards and we're going to do this with this information. And a condition of taking this medication is that you're part of that trial." Now, why couldn't we do that?
DR. LO: Well, I think you could, and yet there's a precedent for that in the FDA with warnings for Accutane for women who might become pregnant.
So I think, again, to the extent that you tailor it and you offer people alternatives and have ways to educate them, I think that's an option you would want to look at.
MR. ROTHSTEIN: But I think you would have to do it on a case-by-case basis. You couldn't automatically turn everyone who took a prescription into a research subject.
DR. LO: No. But I'm thinking that we have a public privacy issue here and a need to communicate a way of doing things that's different. And we have a medication that is up in lights. And so there's a way of physicians I think a teachable moment, public, and limited to that specific medication, to test.
MR. ROTHSTEIN: Well, it may be going forward that people are on notice of that, but we've needed to look back.
When Vioxx came on the market, there wasn't the assumption that==
DR. LO: No, I understand. But I'm thinking that why not create an entity which is the kind of entity we think would be needed to guarantee the privacy around a specific example and do a test? That's kind of what I'm arguing here.
MR. McLELLAN: My only point on that is Vioxx is the most recent and visible example, but how do you know that the next, there's not a drug tomorrow that's going to come out?
That's why I'm arguing that the standard ought to be sharing but the thing that I would disagree with you about is that I wouldn't make it mandatory. I would give the patient the ultimate right to not participate.
DR. LO: Well, I think I would agree with that. But all I'm trying to argue is that rather than go off and study this approach for some time and think about what the best way to do it is, an alternative is to also test. And that's the part that I'm trying to articulate as a way of also trying to grapple with this.
MR. ROTHSTEIN: Joy, did you want to comment?
DR. PRITTS: I find this discussion pretty disturbing. I think that at the state level when you have cancer registries, they've at least been enacted by your state legislature and if you don't like it, you vote them out. So there's accountability there.
The idea of having some kind of nebulous entity deciding when something becomes an issue enough that you're going to do this, I just find it disturbing.
MR. ROTHSTEIN: Well, there is I think clearly a sense of potential abuse or slippery slope or whatever and whether it can be saved is an open question and what the price in privacy we would pay for putting that into effect is remains to be seen. I mean it's now Issue Number 87 for us to deal with.
Other questions or comments for this panel?
Thank you very much for your testimony. We appreciate your being here.
We will take a 15-minute break and then proceed with the rest of the afternoon's agenda.
[Break from 2:58 P.M. to 3:16 P.M.]
MR. ROTHSTEIN: We are back with our hearing, the National Committee on Vital Health Statistics Subcommittee on Privacy and Confidentiality.
We have two individuals who have signed up for public testimony, and so we are happy to recognize each of them for five minutes. The first one is Kathryn Serkes.
MS. SERKES: Thank you. I'm Kathryn Serkes. Today I'm speaking on behalf of the Medical Privacy Coalition, and that is a coalition of 29 groups, a nonpartisan coalition including the American Conservative Union, the American Mental Health Alliance, American Policy Center, Americans for Tax Reform, Citizens for Health, Foundation for Health Choice – I'm not going to read all 29, I promise – Free Congress, Public Citizen's Congress Watch project, the Republican Liberty Caucus, American Psychoanalytical Association, the World Privacy Forum, and Citizen Health Advocacy Group and the Association of American Physicians and Surgeons. Also, the Pain Relief Network and the Drug Policy Alliance, which I mention in light of the testimony on the addiction.
I have just a couple of brief comments for you today. Particularly this morning, you heard about the attitudes in the survey that were presented, attitudes on privacy, attitudes on the success or problems with HIPAA. And I'd like to give you a little bit of information to tell you about privacy in action and the application.
A survey of AAPS physicians show that physicians believe that third parties ask for information that they believe to violate confidentiality, overwhelming number of physicians. Fifty-one percent of physicians surveyed report such requests from government agencies that they believe stretch the bounds of privacy, and 70 percent believe that requests from health plans exceed what is necessary and violate privacy.
Now, on the patient side, 87 percent of physicians surveyed report that a patient had asked that information be kept out of the record, and 78 percent of physicians said that they had indeed withheld information from a patient's record due to privacy concerns.
While only 19 percent would admit to lying to protect a patient privacy, which may have been a loaded word, 74 percent state that they have withheld information for that reason.
Okay, so that's what we have in practice.
The Medical Privacy Coalition objects to the standard in general of the way the privacy is enforced now in that it is based on the assumption that there is a compelling need for the individual's medical information and the position that the public health usurps the individual rights. That is a concern of the Coalition.
Patients who fear disclosure of their sensitive information to government agencies have no choice but to withhold the information from the physicians. That's the perception now of patients.
Another area of concern is law enforcement. The biggest concern – you talked about research; you've heard from people talking about the payment, et cetera – but the biggest concern for members of the Medical Privacy Coalition is government access to the medical records. And as you heard Joy Pritts talk about patients subverting the system, that's what we have now, is we have increased ways for a patient to try to subvert the system by asking that information be withheld from the record.
I've given you the survey information. Anecdotally, I can tell you that physicians tell us that the requests are on the increase to withhold information.
I'd like to also respond to a couple of things that we heard in the testimony. Dr. Westin's presentation about the privacy notice – he said 32 percent say they had not received a HIPAA privacy notice. We would contend that people may or may not have received that privacy notice, that people don't really know whether they're getting it or not, because as some of you remember, when you go in to see a new physician, you're signing a lot of papers. So we're not sure about that. The problem is that they don't know what they're signing when they're signing. They think they're signing a consent form for privacy as opposed to – they still don't get it – that there is a difference between the consent and being advised of the information under HIPAA.
The Chairman talks about the issue of retrieval versus inclusion in the record and the problem with that. This brings up the issue and it has been mentioned around, the difference between the clinical use of information and the others – payment, research et cetera. And there is a need for clinical use of the information, there is a need for inclusion, because that is the concern now, is that physicians are getting incomplete medical records because of the privacy concern.
And the area of addiction that we brought up is that patients foregoing treatment, and it was suggested that patients would forego treatment if everything had to be included in the record. The difference between addiction and other illnesses or infectious diseases is the issue of law enforcement because patients are concerned about law enforcement access to that information.
And the difference here is that because of the way that HIPAA was written, nothing in the rule, if you remember, nothing in the rule permits covered entities from avoiding disclosures required by other laws. And there are limited restrictions on law enforcement. So we believe that the information from law enforcement, that the Fourth Amendment should apply to this information as well. Medical records should be at least as well protected as the papers in one's home.
Do you follow me on the difference with addiction? You're talking about the illegal use of substances. So patients fear the criminal prosecution when they put that into their record, not just whether they will be stigmatized because they have AIDS or because of cancer.
The Chair also asked the question whether we would end up with a whole new class of drive-through type of medical treatment where there are no questions asked.
I can say that we have that now. We've seen a large increase in the number of cash-based practices. We call them patient-doctor direct practices where there is no third party payment and patients frequently are doing this to avoid privacy intrusions or because of their concern for privacy. They are preferring to pay a doctor directly and they may or may not file an insurance claim, depending on their concern for privacy.
What we're seeing now is that the benefit of any IT advances will be lost unless patients and physicians can be guaranteed privacy. I think that's been a recurring theme in what you've heard today.
And I think I agree with what Joy Pritts mentioned, that HIPAA was almost obsolete when it came into effect because we now need a new set of rules. HIPAA was really geared to moving towards a national database, moving towards a centralized idea of medical records and centralized electronic records.
And what we're seeing now is a push away from that. We're hearing patients say, we want electronic medical records, but we don't particularly want them to be in a government nationalized database of medical records. We can see the savings, we can see the advantages of having electronic medical records. I can see the advantage of having my physician be able to share with another physician and having an electronic medical record.
What's really ringing with patients now is the personal health record. Again, back to the issue of patient-centered and controlled, where the patient controls the record. And in fact the Association of American Physicians and Surgeons is working with a company named WorldDoc that has a personal health record – exactly that, controlled by the patient. The patient chooses whom to give the information and what parts of the records to give the information, which gives the patient the confidence that that is being protected.
And just as a sidelight on that, of the physicians who have started using this personal health record, eight percent of the patients are actually paying an annual fee to be able to use that type of system. So there is a demand for that.
I would like to sum up by saying that we would like to see the personal health record as the first step so we can try this out and move towards that so that the patients are in control. And the bottom line is that Joy Pritts asked, how do we make patients trust the system again? And there is a simple, though not particularly easy, answer, and that is to reinstate the issue of consent. Rather than advising patients of how their records may be used and their information may be used, but reinstituting the actual provision of consent, once again allowing patients to decide and make the decisions how their medical records will be used.
Thank you very much.
MR. ROTHSTEIN: Thank you. If you could stay there for just one second, I have one quick comment and a short question as well.
On your statement about the notice of privacy practices, I went to a new physician about two weeks ago and I filled out all the papers and the last thing that I was given was the acknowledgment form to acknowledge that I had received the notice of privacy practices, which I had not been given.
And so I felt compelled to –
PARTICIPANT: They didn't know who you were!
[Laughter.]
MR. ROTHSTEIN: -- initiate a discussion as to the obligations of a covered entity under the privacy rule. And I said, "Don't you think it would be a good idea if you would give me a copy of the document that you're asking me to acknowledge that I have received?"
And the response was, "Nobody wants to see them, nobody reads them when we give them the copies anyhow; why would you want to read them?"
[Laughter.]
MR. ROTHSTEIN: And so that was a bad idea to ask me a "why" question. So then we critiqued line by the –
[Laughter.]
MR. ROTHSTEIN: Okay.
MS. SERKES: The question is, did you ask them for a restriction to see what they did?
MR. ROTHSTEIN: I'm seeking new medical care now.
[Laughter.]
MR. ROTHSTEIN: Okay. The question that I have is: Do you have a copy of that survey that you referred to that we could –
MS. SERKES: Yes, it was a very short – essentially the questions that I mentioned were the questions that were asked.
MR. ROTHSTEIN: Okay, but can we have that in some sort of form?
MS. SERKES: Certainly.
PARTICIPANT: Is it on your website?
MS. SERKES: No. I will email that to you and – I'll email it to Marietta --
MR. ROTHSTEIN: If you would email it to Marietta, that would be great.
MS. SERKES: -- so you have it for the record.
MR. ROTHSTEIN: Okay. We have another question.
DR. FITZMAURICE: I wanted to follow up on what our esteemed Chairman was asking about the survey. You mentioned a large number of government agencies' requests for information to doctors, that they reported receiving a large number of requests.
It could be disturbing, but I wonder how many of those were Medicare and Medicaid information requests to make decisions about the reasonableness of claims, that it's something dealing with a payment, for example, versus another purpose such as law enforcement or public health. Did the questionnaire get at any of that information?
MS. SERKES: No, that's why I say the questions were as simple as I stated them, and so I guess that reflects that you're correct; some of the questions that may have been asked may have been for treatment, but at the same time that the physicians felt that they overstepped what was necessary, I guess if we want to go back to the issue of the minimum necessary, that was necessary for the treatment, payment or operations into violating confidentiality.
So the short answer is I can't answer how much of that was treatment and how much of that was law enforcement et cetera.
MR. ROTHSTEIN: Thank you very much.
MS. SERKES: Thank you. We'll be happy to work with the Committee any way we can to advance the personal health records.
MR. ROTHSTEIN: Our next public witness is Sue Blevins.
MS. BLEVINS: Good afternoon. I'm actually speaking on behalf of Robin K. first who has prepared a one-minute statement and then I'll speak on behalf of the Institute for Health Freedom.
Robin K. is a private citizen and I'm going to read her statement:
"My name is Robin K., an attorney who has tracked medical privacy since 1996 as a concerned private citizen. Thank you for allowing the opportunity for Sue Blevins to present my comments today. My comments are as follows:
"Some things in life are obviously not good ideas. Some things usually have demonstrable risks associated with them, like driving without your seat belt, smoking in bed, leaving your wallet out where strangers can take it, or throwing sensitive personal health information out in the trash without taking precautions to protect against identity theft.
"In the rush to embrace technology, well-intentioned Federal officials and consultants are ignoring hard evidence that putting ultra-sensitive medical information into electronic format and exchanging such information between health care providers and entities will expose sensitive medical information to being hacked into and wrongfully disseminated.
"The danger of wrongful access or human error resulting in wrongful dissemination has been demonstrated again and again, yet the Federal government is contemplating requiring every citizen to have his medical information placed into an electronic medical record that tracks him from birth to death. In a free country, shouldn't it be up to each American citizen whether he wants to accept such a risk of exposure of his sensitive medical information?
"I have testified in front of this Committee that if electronic medical records are the wave of the future, regardless of the inherent risks involved, each citizen should be able to opt in or opt out of such a system.
"My central premise that private information stored electronically is wrongfully exposed again and again continues to manifest almost daily. Just this month alone, it was reported that a confidential list of 4,500 persons with AIDS and 2,000 others who are HIV positive, mostly living in Florida, was inadvertently emailed to more than 800 Palm Beach County health care workers.
"Also this month it was reported that ChoicePoint Inc., a company in Georgia that gathers private information
on nearly everyone in the United States, transmitted personal data on as many as 145,000 persons to thieves using stolen identities to create what appeared to be 50 legitimate businesses were found to be fake companies.
"And last month, the public learned that a hacker in California was able to read Secret Service emails and files after he breached the cellular network of T-Mobile. Ironically, he did the hack-in during the Secret Service's ongoing investigation targeting underground hacker organizations. This is a classic example of how vulnerable an electronic system can be. In this system, it was a hacker who was being pursued by the Secret Service who breached their own electronic communications system.
"Time and time again, these example show that no electronic database system is foolproof and failsafe.
"Therefore, with such obvious risks of improper access of information, a resulting invasion of privacy, each and every American citizen should be given freedom of choice whether he wants his sensitive information to be stored electronically.
"In conclusion, in view of these seemingly unending and inappropriate electronic disclosures and violations, no citizen should be compelled to risk a similar disclosure of his most private and personal medical information.
"Thank you for this opportunity to share my thoughts on this issue."
And this was written by Robin K., who is an attorney and really, really cares about this issue.
Now I'll read a statement on behalf of the Institute for Health Freedom, and I'm speaking as Sue Blevins now.
Good afternoon. My name is Sue Blevins, and I am founder and President of the Institute for Health Freedom, a Washington, DC-based think tank that studies and reports on individuals' freedom to make their own health care choices and to maintain their health privacy, including genetic privacy.
It is clear from thousands of public comments submitted to the U.S. Department of Health and Human Services and public opinion polls that Americans highly value and expect medical privacy. Citizens want to exercise the right to give or withhold consent before their personal health information is shared with others.
Unfortunately, however, the Federal medical privacy rule, which was released in December, 2000, and modified in August, 2002, eliminated the precious right to give or withhold consent before one's personal health information could be accessed by many others.
Thus, until the right to give or withhold consent is restored, individuals do not, and I repeat do not, have control over who has access to their personal health information. And I need to interject there and say the Office for Civil Rights really needs to make that clear. The public is still confused, and in fact that Office's website states the exact opposite, so the public really needs to be told the truth, that they do not have control over the flow of their personal health information.
Additionally, moving toward adopting electronic health records is a recipe for privacy invasions, and here's why. It is clear that combining the lack of consent with adopting electronic medical records would lead to a greater number of persons accessing patients' medical records without their permission.
The U.S. Department of Health and Human Services acknowledges concerns about electronic health records, and I want to read three quotes from HHS's own analyses that were released with the Federal medical privacy rule regarding electronic information. The first quote:
"The electronic information revolution is transforming the recording of health information so that the disclosure of information may require only a push of a button. In a matter of seconds, a person's most profoundly private information can be shared with hundreds, thousands, even millions of individuals and organizations at a time."
And I'd be happy to provide references for these quotes.
The second quote, and this one is very, I think, important to health care providers:
"In short, the entire health care system is built upon the willingness of individuals to share the most intimate details of their lives with their health care providers. The need for privacy of health information in particular has long been recognized as critical to the delivery of needed medical care. More than anything else, the relationship between a patient and a clinician is based on trust. The clinician must trust the patient to give full and truthful information about their health, their symptoms and medical history. The patient must trust the clinician to use that information to improve his or her health and respect the need to keep such information private. In order to receive accurate and reliable diagnosis and treatment, patients must provide health care professionals with accurate, detailed information about their personal health, their behavior, and other aspects of their lives. The provision of health information assists in the diagnosis of an illness or condition and the development of a treatment plan and in the evaluation of the effectiveness of that treatment. In the absence of full and accurate information, there is a serious risk that the treatment plan will be inappropriate to the patient's situation. Individuals cannot be expected to share the most intimate details of their lives unless they have confidence that such information will not be used or shared inappropriately. Privacy violations reduce consumers' trust in the health care system and institutions that serve them. Such a loss of faith can impede the quality of health care they receive and can harm the financial health of health care institutions."
There's one last short quote:
"Patients who are worried about the possible misuse of their information often take steps to protect their privacy. Recent studies show that a person who does not believe his privacy will be protected is much less likely to participate fully in the diagnosis and treatment of his medical condition. One in six Americans reported that they have taken some sort of evasive action to avoid the inappropriate use of their information by providing inaccurate information to a health care provider, by changing physicians, or by avoiding care altogether."
So in conclusion, I think it's very important for us to consider that basically, unless we reinstate consent and uphold true rights to privacy, we're putting all citizens in the position of choosing between three options:
One, they can seek care and have information shared without their permission.
Two, they can lie to their health care providers and others if they really want their privacy.
Or three, they can forego care altogether in order to maintain their privacy.
And I have to add that for some people maybe privacy isn't an issue and they aren't being squeezed or pressed to choose between those three options, but I'm sure, as you probably heard today, many, many people care about privacy.
So I want to thank you all for the opportunity to comment today and for considering these comments and I think for your work on trying to help privacy become a reality in this country. Thank you.
MR. ROTHSTEIN: Thank you. A couple of quick questions.
Do we have a copy of that study that you referred to where you said one in six took evasive action?
MS. BLEVINS: I'd be happy to get that for you.
MR. ROTHSTEIN: Thanks.
MS. BLEVINS: That was cited in the HHS's – when they released the privacy rule, but I've cited it in a paper and I'll make that available to the Committee.
MS. WASSERMAN: That actually, Mark, was, I think, the health privacy project – sorry. The California HealthCare Foundation had that data.
MR. ROTHSTEIN: If we can get copies of that, though –
MS. BLEVINS: Sure. HHS is cited, but I'd be happy to get that for you, too.
MR. ROTHSTEIN: Yes, I'd like to see the original. And can we get copies of the statements that you read?
MS. BLEVINS: Absolutely. Those I can send them on electronic format so that –
MR. ROTHSTEIN: Okay.
MS. BLEVINS: -- they're easier to transfer.
MR. ROTHSTEIN: And now I have one question about consent, and I really don't want to spend too much time on this, but it's a point that I think has to be made.
The Committee has spent hours and hours on the issue of consent, as most of you know. I would support consent only because it's a traditional prerequisite of medical care and is, I think, a very important symbolic value.
I don't think it has any practical value whatsoever because if you go back to my visiting this new physician two weeks ago and they put a bunch of papers in front of me, if the paper had been called at the top not "acknowledgment of receipt of blah-blah-blah-blah" but "consent to treatment and uses and disclosure of medical information which says I consent to the disclosure of information for reimbursement purposes et cetera, et cetera" and I don't get to see the doctor unless I sign that form, how is that any different from the form that they gave me to sign based on the assumption that they'd given me the information that they didn't give me?
So I don't think we're advancing the interest of privacy by getting hung up on this, whether it's, you know, an acknowledgment or a "consent form." I think what we need to do, if we're interested in privacy, sort of deal with the substantive questions of who gets access to the information and how much and under what circumstances and how is it disclosed et cetera, because under any regimen, the patient is going to have to sign something in order to get to see the doctor, assuming that they are conscious. And what we label that, unfortunately, in my judgment, is not the sticking point.
MS. BLEVINS: Can I comment?
MR. ROTHSTEIN: Sure.
MS. BLEVINS: I have to say I respectfully disagree, and let me tell you why. And I say that respectfully because this isn't for me; I don't personally feel like I have a need that I'm hearing from a lot of people who quite frankly are telling me, A, I lie; I don't tell my doctor I drink anymore. You heard about the case in Pennsylvania where a man lost his license because it became routine to report people if they had a – I don't know the specifics, but a DUI, DWI, and anyway, later it was reported by his doctor and he lost his license.
Again, I know there are legitimate reasons for why there has to be reporting at times. But if you just hear from people – and quite frankly, I think people who really care about privacy, they're not going to contact your Committee and they're not even probably going to report things to the Federal government, and that has nothing to do against the view of the government but just that people that are privacy conscious call me up and they want to tell me things and they don't want anyone else to know. When reporters ask me for cases and I say I can't even tell you the case, because if I tell you the case, I'm giving away people's very sensitive information.
So I say I come here on behalf of those people who will not come before a government committee. They will not talk to you. They probably wouldn't even write or send in comments to HHS.
And I differ. I say the difference between consent and notification is if you just imagine we change the rule regarding who has access to your home and instead of asking for your consent before someone enters, they now have permission, if they're a legitimate person, to do something in your home. They just to notify you that they're coming in. There's a huge difference there.
And where I agree with you strongly is that what we have as consent is coercive consent, and the doctor or the nurse and everyone says in order to treat you, I need to be able to share your information. And at that point, that's where the individual gets to sit down and say, okay, who gets it, what happens? That's a whole different scenario and even legal. It's a different ethic than notification.
MR. ROTHSTEIN: I agree with you, but I think it's a sort of a symbolic value and I don't think it has that much difference in practice if it's –
MS. BLEVINS: I think it does. I mean, I won't spend a lot of time, but I'm a former nurse; I worked at Johns Hopkins Hospital. I took care of a lot of "VIPs." And I can just give you one example.
There was one time – and I can't even get too detail oriented – there was one time a gentleman who was hospitalized who had a very big name on Wall Street, and this was way back in the 1980s, and he asked – and that was before we had – I don't even know what they use in hospitals now; I'm assuming everything's digital, nobody gets paged. This was when we had the old intercom system and they would page nurses and doctors and even patient's names over an intercom.
And this man was like "Please do not page my name." And it wasn't that he was guilty and had something to hide, but he was so "humanly powerful" that if the word got out about his disease and his prognosis that that would affect his company and their bottom line.
So there's so many reasons why people care about privacy. And I agree with you that most people – the reason why I think it would be so easy to reinstate consent and make it work is that the majority of people are going to say "fine," and it will work. But when you take it away, when you basically say, okay, we're going to take away that right to decide who can come into your house, most people, if they're calling an exterminator or an electrician or somebody, they're glad to have them just come into their house and they're glad to have a neighbor have a key, go in, open it up for them.
But there is a small minority who really care, and I just feel so strongly that for those people, I'd love to see that ethic maintained.
And anyway, I agree with you strongly that it's symbolic and it's coercive, but it's still a fundamental ethic that we've had for many years.
MR. ROTHSTEIN: Okay, thank you.
MS. BLEVINS: Thank you.
MR. ROTHSTEIN: Let me alert our Internet listeners as well as those of us who are here about some schedule changes for tomorrow that may affect the timing.
We will begin tomorrow at 9 A.M. as scheduled and there are no changes in Panel 3, disease and health advocacy groups.
After lunch, there is a change. We will not have a witness from the Electronic Privacy Information Center; they are not able to be with us. Neither will we have anyone from Patient Advocates in Research. So Panel 4 will only have two individuals.
And Panel 5, Dr. Marshall will not be able to be with us and WebMD will submit written testimony instead.
There are two session marked tomorrow for Subcommittee discussion, 11 to 11:45 and then again 4 to 4:30. We're going to have a brief Subcommittee discussion this afternoon and I think that will obviate the need the second of our Subcommittee discussions scheduled from 4 to 4:30.
There is some threatening weather tomorrow, I understand, so it may well be that we will be able to finish earlier in the afternoon, although I'm not sure exactly what time that will be yet. That will depend on some factors that we will get to tomorrow.
For today's Subcommittee discussion –
DR. HARDING: Mr. Chairman?
MR. ROTHSTEIN: Yes, please – Dr. Harding?
DR. HARDING: They're talking about three to four inches of snow tomorrow morning. Do things work? I mean, do we start at 9 o'clock here? I mean, you know, I'm from Ohio. That doesn't stop many people but in South Carolina it would paralyze the city for the next two weeks.
MR. ROTHSTEIN: Well, I would assume that the rugged folks at HHS laugh at three to four inches of snow.
DR. HARDING: Okay.
[Laughter.]
DR. HARDING: So we'll make the assumption it's 9 o'clock, no matter what the weather.
MR. ROTHSTEIN: Yes, we will come, rain or snow. We will start at 9 o'clock because if we don't, we're going to get all messed up with flights going out and so on. If people can't make it, we will make arrangements to hear from them at some other time at one of our later hearings. That's okay.
Now, you should have been distributed a two-sided hand-out. On side it says "Draft 11/21/04" and the other side , "Observations and Recommendations." Let me remind you that the side that says "Draft 11/21," this is the document that the Subcommittee approved as a result of our
November 18th, 2004, hearing on issues related to e-prescribing, and the purpose of this was to draft some language that would be sent to the Subcommittee on Standards and Security to be incorporated into their overall statement which will be coming before the full NCVHS at our next meeting, which is March 3rd and 4th.
So at this time, what I would like to do is note for you the revisions that were made – you can see on sort of the side, and they are, I think, primarily editorial changes in the language that was used by the Standards and Security Subcommittee perhaps to make this similar to other kinds of phrasing in the other document.
So at this point, the question that I would have for the members of the Subcommittee is whether there are any changes that you think, you know, changed our meaning or that we need to change back or whether we can accept the revisions and express that to the other Subcommittee.
So let's put it this way. I'll give you a minute because perhaps you haven't seen it.
DR. FITZMAURICE: Mark, while we're reading, could I ask a question about the work "implicate?" Is that the right use of the word "implicate?"
MR. ROTHSTEIN: Can you tell me where you are, Michael?
DR. FITZMAURICE: This first line of the second paragraph: "E-prescribing regulates implicate other –" It's like pointing to a criminal and saying, "He was in it, too." But maybe that's a proper legal use of the term; I just don't know.
MR. ROTHSTEIN: Well, we could make it "relate to," if that bothers you.
DR. FITZMAURICE: I would understand it better.
MR. ROTHSTEIN: It was not meant as a term of art, just "raise issues involving" – I mean there are a variety of ways that we can say that that I'm sure would be acceptable. Do you have one in mind?
DR. FITZMAURICE: No, I don't. I just was wondering about the word "implicate." I'd not seen it used in that context before, but maybe it's all right.
MR. ROTHSTEIN: Okay, so we'll leave it for now and then we'll see whether the full Committee is similarly troubled by the implications of that word.
[Laughter.]
MR. ROTHSTEIN: Richard?
DR. HARDING: Could you read the last paragraph in its final form to me?
MR. ROTHSTEIN: Okay, I'll try.
"The NCVHS recommends that any e-prescribing pilot project initiated in 2006 by HHS include measures to identify and address the privacy interests of consumers and
the inclusion of substance abuse, mental health and –" To address – to identify and address the privacy interests of consumers – I don't understand why they did that.
Harry, can you help?
MR. REYNOLDS: Where are we going?
MR. ROTHSTEIN: We're in the last paragraph of the 11/21 draft. It now is sort of odd.
DR. FITZMAURICE: Could I suggest that it might be "and to include substance abuse, mental health and HIV providers" – replace "the inclusion" with "to include." I think that's the sense of it.
MR. ROTHSTEIN: Okay. "...to identify and address the privacy interests of consumers and to include substance abuse, mental health and HIV/AIDS providers?"
DR. FITZMAURICE: Yes. So that their privacy concerns will be studied in the pilot project.
MR. REYNOLDS: Where did you use –
DR. FITZMAURICE: "To include."
MR. ROTHSTEIN: Richard, does that –
DR. HARDING: That's better. And there's a period after "meaningful way?" Is that –
MR. ROTHSTEIN: Yes.
DR. HARDING: And then –
MR. ROTHSTEIN: It's still not great, but it's better. It was great before and then Simon got a hold of it.
[Laughter.]
MR. ROTHSTEIN: He's not listening.
MR. REYNOLDS: We won't defend him until – we won't jump as a Committee –
[laughter.]
MR. ROTHSTEIN: No, I think it's okay.
So are there any other questions about the language? There being none, then I think we're comfortable with that.
Now, if you would flip over the page, and this is language that we did not draft. This is in particular – especially the recommended action item.
MS. FYFFE: Who drafted it?
MR. ROTHSTEIN: This was drafted by the Subcommittee on Standards and Security.
MR. REYNOLDS: Taking input from the letter.
MR. ROTHSTEIN: So they said – you know, the letter is at the top, and then they have come up with – fortunately, Harry's on both subcommittees – drafted these two recommended actions, 10.1 and 10.2. Do you want to discuss, Harry, explain the thinking?
MR. REYNOLDS: On the wording?
MR. ROTHSTEIN: Well, on why you did what you did.
MR. REYNOLDS: Basically just trying to keep it in the same wording, the same framework, the same other that we have done on the rest of the letter. So we have come up with observations; we have a list of observations.
The full letter is 18 pages.
MR. ROTHSTEIN: Right.
MR. REYNOLDS: We have a list of observations ranging all the way from new testimony to things that have been covered in the past, giving updates on those, as well as pulling in the information from this Committee.
So we turned this into one of our observations, tried to keep pretty much the content, and then, in line with the rest of the letter, actually came up with recommended action.
MR. ROTHSTEIN: Okay.
MR. REYNOLDS: And I would recommend that unless there's anything dramatic missing above the recommended action or you see something that you felt was omitted from the original letter, well, that would be good to include that. Otherwise, I think it would be good for the Committee to look at the recommended actions and make sure that those are actions that are amenable to the Committee as it goes forward to the Secretary.
MR. ROTHSTEIN: Well, I have a concern about Action 10.2.
MR. REYNOLDS: Okay.
MR. ROTHSTEIN: I think 10.1 accurately reflects the opinion of the Privacy and Confidentiality Subcommittee with regard to what should be done during the 2006 pilot tests. I think that's fine.
But 10.2 then goes beyond the pilot phase and says "HHS should use experience gained from the pilot tests to develop and communicate guidance to the industry."
And so what this suggests to me is a choice of sort of soft regulation. Based on the pilot test, it seems to me that HHS could develop regulations dealing with e-prescribing and it might call for something that is stronger, more prescriptive, in terms of what covered entities have to do and what they can't do, et cetera, et cetera, et cetera, whereas Action 10.2 says "based on the pilot test results," all that HHS is going to do is develop and communicate guidance on handling privacy issues rather than developing, you know, privacy rules. Am I misreading that?
I am misreading that? Okay. Wouldn't be the first time.
MS. FRIEDMAN: This is Maria Friedman, and I have a different view. And the view is that the pilot tests are really supposed to inform the implementation of the Medicare Part D benefit and the pilot, we're in the process
of developing an RFP for pilot participants, so there's concern not about the replicability on the larger scale necessarily, but I think you're going a lot farther downstream than the results of the pilots would take us.
MR. ROTHSTEIN: Okay. I wonder if you could explain that distinction between sort of the post-pilot phase and something further downstream.
MS. FRIEDMAN: Okay. The pilots are supposed to be conducted during calendar year 2006. There's an evaluation in 2007. The final rules will come out – and again, the pilot tests were standards to help inform the implementation of Part D benefits, okay? The final rule comes out in 2006 to be implemented a year later, sometime in 2009. So that's the timeline.
MR. ROTHSTEIN: So, I mean, here's my concern. Maybe this is misplaced and then you can help me again.
I'm reading this to say that CMS is not going to be enforcing anything other than to give suggestions and guidance to the industry and there may be things – I don't know what they are yet; we haven't done the pilot – that we need sort of stronger rules on.
Am I way off on that?
Sue McAndrew and then –
MS. McANDREW: If I could also comment here. I mean, it seems to me that the way the pilots are being structured, their main focus is going to be to prove both the effectiveness of the foundation standards that are being adopted to the rule-making this year as well as the other initial sets of standards for e-prescribing that will then, following the evaluation, be formulated into regulations like the foundation standards are.
But the focus, and the focus of the evaluation, is on the standards for the e-prescribing system, and unless one of the standards included in the pilot is actually going to be a privacy-based standard –
MR. REYNOLDS: HIPAA privacy-based standard.
MS. McANDREW: -- then there is nothing for the pilots to test or evaluate with regard to privacy and it's not going to be a function of the pilot tests to evaluate other operative law such as the HIPAA privacy standards.
MS. FRIEDMAN: And, of course, pilot participants will have to adhere to HIPAA privacy and security laws anyway. I mean, that's a given.
MS. McANDREW: But it's not a moving component, you know; it's not a standard that is being tested through the pilot. And so the outcome of the evaluation is not going to be focused on, or in a position to direct, changes, regulatory changes, in standards that aren't part of any of these pilot-tested systems.
That's not to say that the experience gained through the pilots would not otherwise inform us as the Department and the regulator of either the security standard or the privacy standard that in this context X needs to happen. And then the determination is, can we get to X by guidance or do we get to X by a rule change?
But I think that is something that right now is outside of the standards that are being scoped up for the pilot tests.
And it's also outside of the scope of the pilot tests.
MR. ROTHSTEIN: Okay, so let me explain – I'm going to try one more time.
I could, I think, live with deleting 10.2. I could live with revising 10.2 to point out that we don't know what the various regulatory options are or what regulatory options we or the Department might want to pursue as a result of the pilot in terms of the privacy rule and e-prescribing rule. But the choice that the other Subcommittee made seems as if they made sort of a substantive determination that all that is needed as a result of this is guidance, and I don't think we've made that determination yet. That's what it seems to me. Michael, maybe you can clear this up.
DR. FITZMAURICE: I agree with everything that Sue said, and my take is that the 10.1 says as long as you're doing these pilots, try to learn something about privacy; so, identify any privacy issues that come up. And then 10.2 says, if you learn something useful, be sure to tell the industry.
Now, you could quarrel maybe a little bit with guidance and say should "report out to the industry," but I don't think anybody has a sense that we're going to go change the privacy rule on the basis of these pilots.
MR. ROTHSTEIN: Kathleen?
MS. FYFFE: My superficial reading of this implies more regulation, which is what you're saying.
I mean, HHS should identify and address any privacy issues within the context of the HIPAA privacy rule that arise during these tests. I read that and I say, uh-oh, HHS is going to come out with more regs.
DR. FITZMAURICE: No, no, they're looking for burdens and benefits.
MR. ROTHSTEIN: It's interesting. I read it just the opposite way.
MS. McANDREW: I mean, I read the parenthetical within the context of the privacy rule is you run these pilots, the rule is extant.
DR. FITZMAURICE: Applies.
MS. McANDREW: It's there. It applies as is.
MR. REYNOLDS: Yes. Throughout the document, I think we continually reference we're setting standards that are not already in place. HIPAA security and HIPAA privacy are in fact in place.
MR. ROTHSTEIN: Right.
MR. REYNOLDS: And so as this is discussed – but also we felt it was important that if you are going to do e-prescribing to take another look at privacy to see if the implementation of e-prescribing brings up other issues that were not dealt with because the difference in e-prescribing – I'm not saying this just to make the distinction – most of the HIPAA that has gone in before has been claims-related, eligibility-related, kind of non-care related, you know, non-actual giving somebody care.
So as we're looking at putting in a process that would actually be at the point of care, would actually be involved in other things, we have more information that would be downloaded from a PBM, then, you know, as part of the medical history, different than what you get – a claim is a claim is a claim – and some of the other stuff are individual transactions.
We want to make sure that at least it gets looked at. And then, we had recommended guidance. And I understand your concern that either we should recommend that if there is significant findings that something happens and whether that comes back to NCVHS or whatever.
Or, we thought about things like they've used an excellent job in using frequently asked questions, they've done an excellent job in doing some of these other things based on the other HIPAA transactions and code sets which would allow the industry to truly understand the privacy rule as it relates to e-prescribing and nothing more than a frequently asked question as to how you would address that, using that current rule, are the kind of things we also thought about.
MR. ROTHSTEIN: I'm sorry, Harry.
MR. REYNOLDS: Yes, so that's kind of it.
Let me ask Harry –
MR. REYNOLDS: Is that a fair statement?
MR. ROTHSTEIN: Let me ask Harry and Maria and others what you would think of, at the end of 10.2, just adding these words: "Communicate guidance to the industry on handling privacy issues or take other regulatory action as necessary."
DR. FITZMAURICE: I would think that by saying taking other regulatory action, you're saying that's regulatory action – putting guidance out is regulatory action. I think it is.
MR. ROTHSTEIN: Yes, or other regulatory –
DR. FITZMAURICE: I don't think that's regulatory action. I think that's informing the industry. I get the sense that this is to inform the industry. If the Committee wishes to recommend regulatory action back to HHS once they see what is learned from the pilots, that could be another set of recommendations.
MR. ROTHSTEIN: Well, all that I'm – I guess I've made my point poorly too many times already.
MR. REYNOLDS: No, you haven't. Keep going.
MR. ROTHSTEIN: I don't want to prejudge the issue before we do the pilots on what may be necessary in 2007 or whatever, and it may be that we need to do something besides issue guidance to the industry. It may be FAQs, it may be more outreach, it may be different – you know, revisions to the privacy rule or what have you. I don't know what. But as I read this, it says what we find out has just got to be used to guide industry and that seems to be too soft.
MS. FRIEDMAN: That's presuming what you find.
DR. FITZMAURICE: Depends on what you find.
MS. FRIEDMAN: Yes, I was just going to say we don't know what we're going to find.
MR. ROTHSTEIN: We may not need to do anything, and I don't want to just say this is what we're going to do.
MS. FRIEDMAN: That's why there's some benefit in leaving it "some guidance." Guidance can run the range from FAQs to regulatory action and leaving that door kind of open till we see what comes out of the pilots.
MR. ROTHSTEIN: Well, then, how about if we just say "HHS should use experience gained from the e-prescribing pilot tests to develop appropriate responses" or something like that?
MS. McANDREW: Appropriate actions.
MR. ROTHSTEIN: Appropriate actions or innovations or something. I'm happy with that. I'm happy to leave it open-ended. I don't want to pick "guidance" beforehand and make it look like we're wed to guidance and only guidance.
MR. REYNOLDS: So then what we're doing is we're leaving whatever that is up to CMS and NCVHS, right?
MR. ROTHSTEIN: Yes, exactly.
MR. REYNOLDS: But it's not just saying it's guidance.
DR. FITZMAURICE: And it doesn't urge them report out what they found, either.
MR. REYNOLDS: Well, the process, I think, is set up that the pilot tests are to be reported back to NCVHS.
MS. McANDREW: The evaluation.
MR. REYNOLDS: Do you have a problem with those words?
DR. FITZMAURICE: I don't have a problem with that at all.
MR. ROTHSTEIN: Okay, so what words are you happy with? I forgot.
MR. REYNOLDS: Your last ones.
[Laughter.]
MR. ROTHSTEIN: The clerk will repeat my –
[Laughter.]
DR. FITZMAURICE: Whatever is appropriate, I think.
MR. REYNOLDS: HHS should use experience gained from the e-prescribing pilots –
MR. ROTHSTEIN: To develop –
MS. McANDREW: -- appropriate action.
MR. ROTHSTEIN: -- to develop appropriate actions?
MS. FRIEDMAN: On handling privacy issues?
MR. REYNOLDS: Right.
MR. ROTHSTEIN: Yes.
MS. WATTENBERG: I have an additional comment. I don't know if it's welcome at this time or not.
MR. ROTHSTEIN: But I just need to make a statement. I want to celebrate my victory!
[Laughter.]
MR. ROTHSTEIN: I get so few victories, even the teensy-weensy ones I'm very happy to –
MR. REYNOLDS: We have a conference call from 5 to 6:30 at which your praises will be sung.
[Laughter.]
MR. ROTHSTEIN: Sarah?
MS. WATTENBERG: Yes. My concern is about 10.1 and the parenthetical material about identifying the privacy issues within the context of the HIPAA privacy rule. I'm sure many of you will know what I'm going to say, which is – [laughs] – is are we also going – I talked previously with Maria about the issue of the Part II and that it has sort of a higher level of restrictions on some information.
DEA also has restrictions on information about I think Category I drugs that can be electronically transmitted and whether or not state HIV laws on electronic information are also sort of regulatory issues that the e-prescribing needs to account for.
MR. REYNOLDS: One thing – again, as I said, it's an 18-page letter. That discussion is dealt with in a significant way in numerous places throughout this, because it is – I mean, obviously since we were the standards and security. I mean, the whole idea, and the DEA testified, and the whole idea of whether or not e-prescribing as it exists now, if the DEA comes in and puts significantly other monitoring on the controlled substances, what that would or wouldn't do to adoption and what that does or doesn't mean and how they need to work together. And we recommended HHS works with them.
So that's predominant throughout because that is a significant issue because you've got non-controlled – 85 percent of the drugs, I think it was, were non-controlled, in the testimony had and then 12 percent were Schedules III to V and two to three percent were Schedule IIs, okay? So we address that in significant –
MR. ROTHSTEIN: Harry, one way I think clearing that up perhaps to Sarah's satisfaction, if you take a look at the end of the second paragraph under Observation 10, because we talk about drug abuse, the last sentence says any e-prescribing regulations must consider these – that is, the ones mentioned in that paragraph – and other health records laws.
One thing that we could do and let me see what you think of it is in that parenthetical, in 1, say HHS should identify and address any privacy issues, paren, within the context of HIPAA privacy rule and other health records laws which tracks the prior language. Would that be okay?
MR. REYNOLDS: Yes.
MS. CHAPPER: And other health records laws?
MR. ROTHSTEIN: Well, yes. That's the language that we used at the end of the second paragraph.
MS. McANDREW: Now is that your triumph or mine?
MR. ROTHSTEIN: No, I'll give you credit for that –
[Laughter.]
MR. REYNOLDS: We only have an hour and a half conference call, so if all of you are going to need accolades, write them short, nice and short.
MR. ROTHSTEIN: Okay. Michael, did you have –
DR. FITZMAURICE: No, no.
MR. ROTHSTEIN: -- something else? Are you okay with that?
DR. FITZMAURICE: Yes.
MR. ROTHSTEIN: Other comments? So I would entertain a motion to endorse the revisions as amended. Dr. Harding?
DR. HARDING: To endorse the paragraphs as amended?
MR. ROTHSTEIN: Correct. Any opposed? I mean – a second? Any discussion? All in favor say "aye."
PARTICIPANTS: Aye.
MR. ROTHSTEIN: Opposed? Okay, so we are on the record as supporting that.
MR. REYNOLDS: We would like it noted in the record that it was unanimous vote and camaraderie amongst the Committee.
MR. ROTHSTEIN: Yes, absolutely.
Okay, it's now 4:15, and do I hear any requests for additional business to consider? Hearing none, I am very pleased to adjourn nearly a half an hour early, and we will start tomorrow rain or shine, snow or sleet, at 9 o'clock. Thank you on the Internet for hanging with us. And we'll see you tomorrow.
[Hearing adjourned at 4:18 P.M.]