This Transcript is Unedited
Room 705A
Hubert H. Humphrey Building
200 Independence Avenue, SW
Washington, D.C. 20201
AGENDA ITEM: Call to Order, Welcome and Introductions – DR. COHN, Chair
DR. COHN: Okay, we're going to get started here in just a minute. I believe we're both on the Internet and we have John Paul Houston on the phone, is that correct?
MR. HOUSTON: I'm here.
DR. COHN: Oh, good. Thank you for joining us.
Okay, good morning. I want to call the meeting to order.
This is the third day of three days of meetings of the Subcommittee on Standards and Security of the National Committee on Vital and Health Statistics. The Committee is the main public advisory committee to the U.S. Department of Health and Human Services on national health information policy. I'm Simon Cohn, Chairman of the Subcommittee, and the Associate Executive Director of Health Information Policy for Kaiser Permanente.
I want to welcome fellow subcommittee members, HHS staff and others here in person, and I also want to welcome those listening in on the Internet and on the phone lines, John Paul.
I also want to remind everyone to speak clearly and into the microphone. This morning we begin with a HIPAA update. It's been a while since we've had a chance really to discuss the progress of the HIPAA rules and it's, I think, an opportunity for us to reflect on how the implementation is going.
Also, the Subcommittee on Privacy and Confidentiality recently had a half-day session specifically on security, and part of the HIPAA update is, I think, directed at asking questions and getting some clarification about advisories and other aspects of the security implementation, knowing that we're just a couple of months now from the actual full implementation of that rule. And for that reason we have our corresponding member who is really the security lead, John Paul Houston, on the phone joining us for this first session.
This will be followed by an update by industry work groups on progress to improve the e-prescribing standards. As many of you will remember, the NCVHS recommendations called upon the industry to work together to improve e-prescribing standards in a number of areas, including codified SIG, the development of standards for transmitting formulary and benefits information, and then the issue of harmonization of HL7 and NCPDP e-prescribing transactions. We have representatives here this morning to give us updates on all those activities.
After the break, we have an open microphone, then we move into subcommittee discussions primarily related to what we've heard over the last couple of days and discussions of next steps, including our January and February meetings.
The intent is that we will adjourn no later than 12:30.
I always want to thank Jeff Blair, our Vice Chair, for his leadership in all of this, and Maria Friedman, without whom we would not have been able to put things together over the last two and a half days of very interesting testimony.
I want to emphasize, of course, that this is an open session. Those in attendance are willing to make brief remarks and will ask questions on any of the issues coming before us today.
Finally, for those on the Internet, we welcome letters and email on any of the issues coming before us.
With that, let's have introductions around the table and then around the room, and John Paul, we'll ask you also to introduce yourself. For those on the National Committee, I would ask if you have conflicts of interest relating to any issues coming before us today, if you would indicate that during your introduction.
And John Paul, since you're on the phone, why don't you start with the introductions.
[Introductions,
No Conflicts of Interest Expressed]
DR. COHN: Now, our first representative is Nathan Colodney. Nathan, a couple of days we welcomed you to the subcommittee for your first meeting, and obviously today we get to welcome you for your first presentation to the subcommittee, I'm sure of what will be many to meetings with us as well as the full Committee.
I think, as all of you know, Nathan is the new Director of the Office of HIPAA Standards and CMS. Obviously, we want to thank you not only for joining us the last couple days but obviously taking time to give us his presentation, so thank you.
AGENDA ITEM: HIPAA Implementation Update – MR. COLODNEY
MR. COLODNEY: Thank you very much, Simon.
I'd like to go through a couple of the compliance and future regulations that are upcoming.
On the TCS compliance, we've had a total of 270 complaints, of which 123 remain open; the remainder have all been closed. I think we're going through those at a fairly consistent rate and addressing them as they're needed.
Eighty percent of the complaints have been against private sector organizations. The reasons for these complaints fall into several categories – 43 percent of them deal with trading partner agreements, 38 percent deal with the rejection of a compliant transaction, 12 percent deal with the rejection of a compliant code, three percent deal with the receipt of a non-compliant transaction, and the remainder cite companion guides or violations of the NCPDP standards.
As to Medicaid compliance, 16 states are compliant. Thirty-four states remain under a contingency plan. Eleven of those states plan to lift the contingency by the end of this month. The state of Maine continues to be unable to accept HIPAA compliant transactions. It is the only state unable to do so.
Ninety-eight percent of the inbound claims are compliant into Medicare.
As for the private sector, we currently have no new data from industry sources.
As for future regulations, we have the enforcement proposed regulation coming out expectedly in the first quarter of calendar year '05. This will detail the procedures for the enforcement of HIPAA. It will also detail how violations will be determined and penalties will be calculated under the regulation.
The claims attachment proposed rule is expected to come out also in the first quarter of calendar year '05 and it proposes the adoption of standards for electronic claims attachments.
A notice of CMS complaint procedures is expected to be published in the first quarter of calendar year '05, the Federal Register notice of time frames for complaint investigation procedures.
We also have the national plan ID proposed rule adopting unique identifiers for each health plan and that's expected to be published in the summer of 2005.
And then we have a regulation concerning – or a modification of the electronic TCS proposed rule which proposes a series of policy updates to the initial TCS regulation. That's expected to be published in the summer of '05.
I'd like to say a few words about the security regulation which is of course mandatory as of April of '05. We held a roundtable in November and had approximately 2100 participants.
An overarching theme that came out was a desire for information on technical standards, that is, minimum technical standards, which of course the regulation forbids us from giving, given that it's all based on the risk assessment of each covered entity, and each covered entity must take appropriate security precautions relative to the risk to determine in the risk assessment.
Unfortunately, organizations would like us to come out with specific minimum technical standards – for example, minimum authentication standards – which we cannot do, so this continues to be a recurrent theme.
If there are any questions from the subcommittee, I'd like to entertain those.
DR. COHN: Sure. Are there questions from the subcommittee before we move on to John Paul? Yes, Jeff?
Questions, Answers and Comments
MR. BLAIR: Nathan, welcome. This is the first time you've been able to take this role in front of our subcommittee here.
One of the questions that we often hear from the vendors and the networks and the folks involved with e-prescribing, and I'm not sure that you'll be able to give a definitive answer at this time, but they sort of wonder when HHS, CMS would be able to provide guidance for the pilot tests. Whatever plans you might have that you could share with us I think people would be interested in.
MR. COLODNEY: Well, we're currently looking into – are you referring specifically to the pilot tests for e-prescribing?
MR. BLAIR: Yes – I'm sorry.
MR. COLODNEY: We're currently looking into those. I think the first thing we need to do is determine if there's a standard that's out there that we can accept; if not, then to plan the pilot test.
So I think to talk about the pilot and get too much into detail may be a little bit premature at this point in time.
MR. BLAIR: Okay.
MR. COLODNEY: I think we'll have a much better idea perhaps by the next meeting.
MR. BLAIR: Okay.
DR. COHN: Okay, let's move back to HIPAA, if we can. This is on HIPAA, Mike?
DR. FITZMAURICE: Yes.
DR. COHN: Okay, good.
DR. FITZMAURICE: Last July, the CMS announced that they had a new compliance procedure. It went into effect July 1st. Is there going to be a change in that compliance procedure, the extending 15 days will delay payment if it's a non-compliant transaction?
MR. COLODNEY: I'm unaware of any changes right now. However, I would warn you that I've only been there for all of six weeks, so there may have been things that have been said or things that are planned that I have not yet been briefed on.
DR. FITZMAURICE: Okay. And do you know who's responsible for the implementation of the pilots that Jeff asked about? Is that the responsibility of the Office of HIPAA Standards or is it the responsibility of some other place that we should know?
MR. COLODNEY: Planning those will be the responsibility of the Office of HIPAA Standards.
DR. FITZMAURICE: Thank you.
DR. COHN: Please, Harry?
MR. REYNOLDS: Nathan, do you have any statistics on the inquiry transactions, 27Xs, you know, 271, which would be eligibility response, and 277, which would be claims response?
MR. COLODNEY: The only one I have – I have 835, which is 65 percent. I don't have a further breakdown.
MR. REYNOLDS: And what's the status of CMS's implementing their single clearinghouse?
MR. COLODNEY: To be honest, I'm unaware of that. I can get back to you.
MR. REYNOLDS: Okay.
DR. COHN: Yes, and certainly you have our congratulations on moving to 98 percent compliance with the 835, which is very impressive – 837. I'll wake up here eventually. I think we'll start moving to two-day hearings for next year!
[Laughter.]
DR. COHN: John Paul, obviously we have you on the line –
MR. HOUSTON: Yes.
DR. COHN: -- because we wanted to talk some about the security rule.
MR. HOUSTON: Right.
DR. COHN: And maybe I'll start out, and I don't know, John Paul – I'm sure you probably have some other questions.
MR. HOUSTON: I do. But is that surprising to you?
DR. COHN: What?
MR. HOUSTON: Is that surprising?
DR. COHN: No, that is not surprising. Well, let me just start out and just ask a couple of questions.
I mean, we know a couple of months ago we had an update from Stan Nachimson about the security rule and we heard that there were plans for various advisories to be coming out on a couple of problematic issues, and we were just sort of curious about any updates about advisories that have come out at this point.
MR. COLODNEY: We are currently working those and staffing them within the Department.
DR. COHN: Okay. Now, John Paul, do you have a couple of questions?
MR. HOUSTON: Sure. I do. I have a general question and I have a couple specific ones specifically related to our testimony of a few weeks ago.
You had indicated that the overwhelming theme of the discussion was the desire to have technical standards, which I agree with you, you know; not only can you not do but I don't think necessarily should try to do.
Were there other themes, because frankly from my end and from everything I have read and tried to understand about the issue and from my own organization's implementation of the security rule which I'm responsible rule, really the silence has been deafening in terms of issues. What other themes have you heard of?
MR. COLODNEY: The only one that really came out was just the desire for minimum technical standards. I would say about 90 percent of the questions on that conference call, on that roundtable, consisted of requests for specifics – that is, does this solution satisfy this provision? And we could not address those.
MR. HOUSTON: But were there any discussion or desire to ask for any type of delays?
MR. COLODNEY: I did not hear any.
MR. HOUSTON: Okay, so nobody was screaming that this was an unworkable deadline?
MR. COLODNEY: I have not heard any expressions of an inability to comply by the April deadline.
MR. HOUSTON: Okay. But I have a specific question. We had held testimony a number of weeks ago regarding medical equipment specifically, and I think one of the themes that came out of that meeting was that
HIPAA's been perceived as a stumbling block for the use and implementation of medical devices and that the bulk of medical equipment out there today that in some way stores medical information has some type of security limitation whether that be because of simply the design of the equipment or because of potential FDA regulation and the like. And one vendor even indicated it would take five years in order for the medical equipment in general to become HIPAA compliant by a strict reading of the rule.
I'd be interested in hearing your comments on that.
MR. COLODNEY: I had a chance to review the FDA paper on that matter, and it's my understanding that the first – and please correct me if you believe otherwise – that the primary problem deals with equipment that is connected to the network as opposed to stand-alone equipment and that's because at least as far as the FDA understood it, the security really stems from the connection to the outside world as opposed to a stand-alone, protected system, and that the patches for those would be considered normal and not requiring further approval from the FDA unless it totally changed essentially the composition of the equipment.
MR. HOUSTON: Right.
MR. COLODNEY: And therefore in my mind I wouldn't see any significant problem unless the equipment manufacturer were to say that there is a significant risk to the network that they cannot fix through a patch and that the patch would take years to correct.
MR. HOUSTON: Well, I think there were a number of cases, and by example, where equipment may store – even if it's not network-attached – may store protected health information but may not even have such rudimentary things as user log-in. It's just a device that you turn on, you use, it's stores equipment but doesn't really have any inherent security to it. That was, I know, one of the points that was brought up; I don't know if it was in the testimony or in a side conversation. That was clearly something people were concerned about in terms of compliance.
MR. COLODNEY: I believe those sorts of matters will require further discussions to determine the risk posed against versus what the regulation requires.
MR. HOUSTON: Okay. Do you have any thoughts – again, I heard, at least from a number of people, that there was sort of this thought that five years was really a realistic time frame for some of this equipment to either phase out of the inventory and be replaced by equipment that could meet the requirements of the security rule. Is there any thoughts on that?
MR. COLODNEY: I haven't had a chance to talk to any of the manufacturers, although I'd be particularly interested in doing so, particularly some of those who have a significant market share, to share what they have to say and their approach to doing it so that we could take this into consideration when trying to craft a solution and determine what's appropriate.
Obviously, I don't think we'd want to be unrealistic with manufacturers but we certainly want to make sure they're going down the correct path and then assess everything and strike a balance in how we approach this.
DR. COHN: And John Paul, let me chime in also on this one just because I was also at the hearings, as was Harry. I think what we heard a lot was that anything that's currently produced is pretty much okay was done with the knowledge of HIPAA security and has the appropriate safeguards and approaches, so from their view everything from the last year is probably okay.
The problem is that there's a large part of the industry that has equipment that's a little older than that, and so the question gets to be around remediation. Do you remediate? Can you remediate? Do you necessarily have to take things out of use just because of HIPAA security, that they're otherwise good pieces of equipment, especially if you're in a situation where the equipment was neither software nor the equipment was designed with the HIPAA principles in mind?
And this is, to our view, sort of a complex issue but one that needs some clarification.
MR. HOUSTON: That's a good clarification, Simon. I appreciate you saying that.
MR. COLODNEY: I think that this area is particularly sensitive given the relationship to patient care versus so much of the remainder of the HIPAA regulation which was more administrative support and administrative management. Certainly, obviously, security access to clinical systems is of concern and clearly envisioned during HIPAA.
But I think those systems are not as direct into patient care when you talk about – I recall, for example, from the FDA paper, talking about a ventilator, and although a ventilator doesn't maintain any sort of information on the patient, certainly any sort of equipment like that that may pose a security risk because it does maintain some sort of data on the patient I think it's a little different than the other sorts of equipment we envisioned when HIPAA was originally written and therefore requires a slightly different analysis.
MR. HOUSTON: I think we want to make sure there's clarity on this subject because I think some people read the HIPAA security rules very strictly and say, okay, this medical equipment, you know, HIPAA applies to it and it can't be remediated.
MR. COLODNEY: Again, I think we just need to take a look at that for further discussion.
DR. COHN: Okay. Well, I think probably the purpose of this conversation was to raise the issue. We were trying to decide, and are trying to decide, whether we need to send some sort of an emergent letter to CMS to raise this issue but we thought a conversation would sort of may be a lot more timely than a letter. Harry?
MR. REYNOLDS: Yes – if I read it correctly and we're doing it correctly, the security rule says that by March, or May –
MR. COLODNEY: April.
MR. REYNOLDS: That's right.
MR. COLODNEY: We'll negotiate!
[Laughter.]
MR. REYNOLDS: -- by April you have to have done an assessment and you have to have put forth a plan on how you're going to have everything aligned.
MR. COLODNEY: I believe you have to remediate the deficiencies that you found during your risk assessment.
MR. REYNOLDS: Right, okay.
MR. COLODNEY: Correct.
MR. REYNOLDS: So any guidance, I think, that could come out as you look at these issues, and any guidance you could come out with about these subjects like this medical equipment or any other that come up would help people understand if they could put a plan together or just what would happen because it is a short time frame between now and then and that does have a lot of people pretty concerned as to exactly what that is.
You guys have done a great job on the FAQs and a great job on the other stuff with the transactions and I think this would be a good one to step up on and really –
MR. COLODNEY: I know we have some documents in the works that we're looking to try to get out as soon as practical.
MR. HOUSTON: To follow up on Harry's comment, too, by the way, I'm somewhat delinquent in getting the letter drafted from the last set of hearings. Unfortunately, my schedule has been pretty bad. So I'm hoping to get that done over the next week, for at least for draft.
DR. COHN: Yes, well, John Paul, we do understand and we'll look forward to your draft comments.
I guess from my view just generally, Nathan, I know you've only been doing this for six weeks and it's sort of tough to have you jump in and suddenly you're not responsible for all of this but I think most of us who have been through all these HIPAA regs sort of know that as we move to three, four, five months before a regulation implementation, suddenly we discover all of these things and it isn't intentionally that people have been ignoring them or otherwise but suddenly the urgency increases because there is a deadline, as you well know, and so I think what we've often called for in previous HIPAA regs is usually a sort of a hurry up process, you know, like the two-minute offensive in the last part of a football game, so that we really can give everybody as much notice as possible about this and really move quickly to clarify any of these sorts of – sometimes they're odd issues, sometimes they're actually full industry concerns.
I do applaud you for having open roundtables on a frequent basis with the industry but I think you have to be prepared that even though you may not be hearing a whole lot at this point, you may be surprised at what you hear starting in January or February as people really, I mean to say, get serious.
MR. COLODNEY: No, I really wouldn't be surprised! [Laughter.]
DR. COHN: Okay, you wouldn't be surprised. And I guess my hope would be that we're in a mode where we can be very responsive in terms of FAQs and advisories.
MR. COLODNEY: We are prepared, based on past experience, with the transaction code sets to handle a significant increase in questions and to help the industry address these problems that they face as they get closer to the mandatory date.
DR. COHN: Okay. Well, thank you. We do appreciate that. Harry?
MR. REYNOLDS: Yes, one other comment. I think it's actually been good that there hasn't been a lot of major issues come up to date because if you think of the way most people approach this, they approached it by looking at the security of their perimeter first, and then they went in, as you aptly put it, and looked at their administrative systems, and now they're starting to trace out through their network.
And so obviously there haven't been major stumbles over the first two, which could have equally been as large subjects, if not more significant subjects, than what we're finding at the end of the network, into the internal network.
MR. COLODNEY: And that's not really any great surprise because I think as a former CIO, one of the last things I would think of would be the actual clinical systems that are used for patient care as opposed to any sort of administrative systems. And we typically don't think about those as storing data on any of the software that run them.
MR. REYNOLDS: So, Simon, different than the other regs, I think it's good that there hasn't been significant findings or significant uproar in the industry to this point. And the only uproar to date is at the very end of networks where it would have been maybe in some cases the last places you'd look.
MR. HOUSTON: But Harry – Harry, this is John. I think one thing that I've heard that was just sort of people have got sort of burned out on HIPAA and I think also some of the reason why we haven't heard as much, which right or wrong I think is occurring.
DR. COHN: Well, Harry, maybe I need to understand, John Paul, I need to understand that a little better. What do you mean by "burn out on HIPAA?" I can imagine people being really still focused on getting all the administrative and financial transactions –
MR. HOUSTON: I think that's probably more correct. I mean, I think what's happened here is this security is – I think people have taken a lot of time on privacy on the transaction standards and I think a lot of people simply are just – it's just another piece of HIPAA and they're spending so much effort on other things that it hasn't gotten a lot of attention the way that the other rules have. "Burn out" has been a term I've heard used by a number of people. In articles, too.
DR. COHN: Harry, and then Jeff.
MR. REYNOLDS: The one interesting thing, though, that security's probably a little different than any of the other HIPAA issues is most people already have security. They didn't have transactions in code sets and they didn't have some of the other stuff. Most every institution has some security, so most people have gone through audit after audit after audit with security and so now it's just conforming to what this reg was much as anything and John, I agree with you, and some people say, well, I got enough security, and then when they finally look at the detail, they may have to do some things differently, so you're right.
MR. COLODNEY: Harry, I might be included to agree with you in part. Yes, everybody has security, but as we find out, as we found out with other industries, although they had security, people, as you said, really weren't meeting the standards that exist today. You know, typical industry-wide standards. When I say industry-wide, I'm talking about the security industry.
And so when people do their risk assessment, they're looking – okay, what do I do? And also now, people are delving into more detail on what's expected on security rout, the corporate world in general.
I think within the last three years we've seen such a significant development in information security and an emphasis put on it not just with the HIPAA regulation but security out in other industries after we've seen security breaches and other problems, security accidents, and with the increasing complexity and sophistication of the equipment and of hackers, that people are reacting to it now and it's becoming a far more sensitive area.
And certainly health care organizations are finding a need now to perhaps hire chief security officers, specifically, CISSPs, if they can find them. Certainly, the development and further increase in the number of CISSPs is in itself something that's relatively new to industry. We didn't find the numbers that we have now three, four years ago when a lot of this was originally conceived.
We find security overall changing throughout our country, you know, the increased emphasis put on it within the government itself.
MR. REYNOLDS: But I would say that the HIPAA security rule is less invasive than Sarbanes-Oxley and some of the external auditors, in many cases.
MR. COLODNEY: I would agree to less invasive in that it's less prescriptive, but it may not be less invasive if a good risk analysis is done. So the emphasis is really what's done during a risk assessment.
If you do a shabby risk assessment, you're going to say, yes, it's not really invasive. If you're really scrutinizing your security and doing a solid risk assessment, the standard should not be any different.
The only difference is that Sarbanes-Oxley comes out specifically and says "you will do X, Y and Z," much like in the federal government we have the Federal Information Systems Management Act which – it's somewhat like HIPAA in that it doesn't get prescriptive, but I think the federal government has certainly come down saying, hey, we have certain expectations depending on the risk you find. And we all know across the security industry that there are generally certainly acts you take to prevent certain threats. How people want to scrutinize those threats is up to the individual institution.
MR. REYNOLDS: I was actually complimenting CMS. I don't think it's that invasive of a law --
[Laughter.]
MR. REYNOLDS: -- compared to the other stuff.
MR. COLODNEY: Are you advocating the application of Sarbanes-Oxley across the health care industry?
[Laughter.]
MR. REYNOLDS: No, I want it clearly on the record I did not say that.
[Laughter.]
DR. COHN: Jeff, I think you have a question?
MR. BLAIR: Yes. Nathan, I'd like to introduce a different perspective to this entire activity that I think tends to get lost because as we begin to go through the regulations for the HIPAA financial administrative transactions and all the identifiers and all the code sets that support them and we get concerned about compliance and we get concerned about complaints, which all of those things we have to do, but if there's any opportunity for CMS to gather data on the success and the benefits that are being achieved by the industry by moving this portion of the health care industry into the information age, I think that that is very much needed.
My comments are equally true, and may be even more true, in terms of the privacy regs for HIPAA where there's a lot of complaints that are heard in the industry about the burden of compliance but there's very little public relations about the improvement of privacy. This is not your area, I understand, but I'm just giving it as an example, and the public just doesn't realize the importance and the achievement and the improvement to the privacy aspects of their health information.
By the same token, I think the nation really doesn't know what is being achieved by the level – what the compliance means, what the level of compliance means. What are the benefits?
And if there's any way to measure either cost savings, time savings, other efficiencies that have come out of this transformation, I think that that is equally if not more important than all of the data that we have about compliance and complaints in helping the industry make the transformation.
MR. COLODNEY: I would agree with you, Jeff. I know on my side of the HIPAA house, I've asked my staff to start to look at those so we could tell people, tell the industry, why it's important as well, the public and the industry.
As far as the privacy side, while I can't really talk to that, I can tell you that I think there is a misunderstanding on the part of the public as to what HIPAA is. I know when I first told my parents I was taking this job, their reaction was: "You mean that stupid regulation that says we can't do this, this and this?" And I thought, Oh, God, yes. And then they proceeded to launch into a 20-minute session on what's wrong with HIPAA.
So I hear that from all over and I think they see obviously, like most of us, we see those things that are negative but unless somebody points out the positive, we naturally overlook them. And I think maybe we haven't done a very good job of pointing to the positive, assuming that people inherently understand that, but that's not necessarily always the case. People don't understand that.
Certainly, when we look at things like identity theft, if we said, look, this prevents identity theft, it minimizes the likelihood of that with your medical records, they might say, oh, yes, now we understand. But it hasn't necessarily been sold like that. We've been so busy trying to get the industry to conform and getting it going.
I think you're right. It may be the next phase that we need to look at.
MR. BLAIR: Thank you.
DR. COHN: Harry, other questions? Okay. I guess one question – I mean, you'd mentioned some FAQs and other advisories coming out of there. You used the term "soon." Do you want to get any more specific than that?
MR. COLODNEY: I can't.
DR. COHN: Okay. Well, great. Well, listen, we'll look forward to it. Expect that you'll be probably receiving some additional communications on the medical device area and we obviously just wanted to alert you and CMS about the issue.
John Paul, do you have any comments or questions?
MR. HOUSTON: I don't. Thank you very much.
DR. COHN: Well, thank you for joining us.
MR. HOUSTON: Thanks.
DR. COHN: Okay.
MR. HOUSTON: You all have a great holiday.
DR. COHN: And Nathan, thank you very much for the very insightful presentation and discussion.
With that, let's move into the industry work group update.
AGENDA ITEM: Industry Work Groups Update, Codified SIG, Formulary and Benefits – MS. GILBERTSON
MS. GILBERTSON: Ready to roll? Hi, my name is Lynne Gilbertson. I'm with the National Council for Prescription Drug Programs. I'm here to provide testimony status on the NCVHS recommendations to HHS on electronic prescribing for the MMA.
As a first statement, I want to say I'm very proud to represent the numerous, numerous volunteers who are getting together, using their time and effort, sharing their information, and working together really to bring forth some industry collaborated standards.
I'm going to go very quickly through this document because as you can see, it's voluminous, but I had your time and it was time to give a good status, so I'm going to shortcut the words that are in there and just go to the highlighted areas.
Starting at Observation 3, which is the Prescription Messages related to the fill status notification. The status on that is NCPDP Work Group 11 Prescriber/Pharmacist Interface formed a task group in August to work on guidance for the Fill Status Notification transactions. The task group leader is Teresa Strickland of Healthcare Computer Corporation.
The task group has met one to two times per week and is building the guidance. Their goal is to provide implementation and operational guidance to pharmacy and physician participants for the consistent utilization of the Fill Status Notification transactions. Easy for you to say.
The guidance recommendation will be submitted for approval at the next NCPDP work group meetings in March. If the guidance is approved, the updates will be made to the SCRIPT Implementation Guide and that will go directly to the NCPDP Board of Trustees for approval. Approval would occur probably in the next month after that.
The guidance includes operational challenges such as automatic triggering of fill status notifications, triggering on return to stock, inferring pick up, privacy, liability, coordination with medication history, a patient changing physicians, et cetera, all these different things that come out of the woodwork.
Future steps may include some requests for modifications to the SCRIPT standard.
Observation 4, which is the Coordination of Prescription Message Standards. Ross will provide more update to that of the HL7-NCPDP collaboration. We've been actively meeting two to three times per week to continue working on this project.
Observation 5, the Formulary Messages – the recommendation was an NCPDP standard for formulary and benefit information file transfer using the RxHub protocol as a basis.
The status – in August, NCPDP Work Group 11 Prescriber/Pharmacist Interface formed a Formulary and Benefit Task Group led by Teri Byrne of RxHub. The Task group consists of approximately 60 industry representatives. They have met via conference calls and in a two-day face-to-face meeting in November, which we were very proud CMS was able to attend.
MultiMedia, RxHub and other companies have shared their information as the starting basis so it start a kick start and jump started quite effectively.
An aggressive work plan has been developed. The task group is striving to submit a standard to NCPDP at the March, 2005, work group meeting. The draft standard includes the sharing of formulary status lists with codes to explain how to treat non-listed brand, generic, over-the-counter; whether the drug is on formulary or preferred status, the relative value limit and other things.
It will list formulary alternatives, which is alternatives for specific drugs – the source/the alternative.
Benefit coverage lists, conditions under which the patient's pharmacy benefit covers the medication.
Benefit co-pay lists, which is the extent to which the patient is responsible for the cost of the prescription. The specification supports multiple ways to state this cost, including flat dollar amounts, percentages, and tier levels.
Cross-reference files for user-recognized health plan product names to identifiers that are used within the Formulary, Alternative, Coverage, and Co-Pay. Lots of cross-referencing meaning to go on.
There was much discussion about the identification of drugs. The task group decided to support at this point multiple drug identifiers. Further analysis will be done to understand how or if – that's an important "if" – RxNorm may be used and to what level it could be qualified.
Observation 6, Eligibility and Benefit Messages – one of the bullet recommendations was NCPDP's efforts to create a guidance document to map the pharmacy information on the Medicare Part D Pharmacy ID Card to the appropriate fields in the X12 270/271 message that a prescriber might use to inquire about eligibility in a pharmacy benefit.
Work Group 3 Standard Identifiers formed a task group led by Todd Walbert of Walgreen's and they are building their scope now. They are collaborating with X12 Work Group 1 Health Care Eligibility as appropriate.
Observation 7, Prior Authorization Messages – one of the recommendations: Developing prior authorization workflow scenarios to contribute to the design of the 2005 pilot tests; automating prior authorization communications between dispensers and prescribers and between payers and prescribers in the 2006 pilot.
The status – NCPDP Work Group 11 Prescriber/Pharmacist Interface formed a Prior Authorization Workflow-to-Transactions Task Group during the November work group meeting. The task group leader is Tony Schueth of Point of Care Partners.
NCPDP extended an invitation to X12N Work Group 10 Health Care Services Review Co-Chairs and their participants to jointly work on prior authorization from workflow to transactions.
The task group welcomes all interested stakeholders. Tony's been blasting emails throughout the industry lately.
The task group will work with X12N participation to understand the identified gaps of medication prior authorizations in the 278 and recommend modifications to the standard.
The task group will be working to understand the dialogue as well, questions with answers, that is necessary for prior authorization processing.
And it's possible that this group may require support and funding of face-to-face meetings or Webcasts. This group is specifically looking at business flow, workflow, and then leading into the transactions and all that and not doing it backwards.
Observation 8, Medication History Messages from Payer/PBM to Prescriber – the recommendation was NCPDP standard for medication history message for communication from a payer/PBM to a prescriber, using the RxHub protocol as a basis.
The status – RxHub submitted what we would consider a data maintenance, a DERF, a Data Element Request Form, at the November work group meeting requesting that a medication history standard be approved by ballot and it's based on the SCRIPT standard.
The DERF was approved, with the modification that pharmacies be included in the medication history flow so that basically any of the participants can share as they deem appropriate, not just payer, or payer-to-prescriber, but also pharmacy-to-prescriber, pharmacy-to-payer, so just not distinctively only allowing payer-to-prescriber.
Although RxHub stated they didn't have experience in pharmacy sharing in this medication history messages, the standard is going to support that exchange.
The request will be balloted, beginning in January, 2005; we'll adjudicate the ballot at the March work group meeting.
Observation 9, Clinical Drug Terminology – the recommendation, include in the 2006 pilot tests the RxNorm terminology in the NCPDP SCRIPT standard for new prescriptions, renewals and changes.
Status – in August, NCPDP spoke with NLM and asked if they could help map some examples of what's prescribed to what shows up at the pharmacy and how the pharmacy would use it to show the flow of a prescribed clinical drug using RxNorm through to the pharmacy dispensing of an NDC. We've gotten a status a few months ago that they were looking at a contractor to do that, but I don't have any status of if those examples have yet been created.
During the November NCPDP work group meetings, a great presentation was given by some of our members to help explain RxNorm in the pharmacy vernacular. The presentation included mapping examples from RxNorm to drug databases and discussed where gaps exist and recommendations to close those gaps and how the standards might support it.
The Work Group 2 Product Identification formed a task group to clarify more how RxNorm would be used in electronic prescribing, identify the gaps in usage, and present recommendations to NCVHS during the January subcommittee meetings, and we would like to be added to the agenda with that topic.
And during the January NCPDP annual conference in March, 2005, the NLM has accepted an invitation to speak on RxNorm.
Let's see – there was a recommendation dealing with the Structured Product Label, the SPL. During the NCPDP November work group meetings, Dr. Randy Levin of the FDA presented on the SPL, which was followed by a quite informative question and answer session.
Observation 10, Structured and Codified Sig, the recommendation of NCPDP, HL7 and others, especially including the prescriber community, in addressing SIG components in their standards.
The status – in August, NCPDP Work Group 10 Professional Pharmacy Services created an Industry SIG Task Group. We had fun with that one because the minute we sent invitations to HL7 folks, they said "special interest group?" No, no, another kind of SIG!
Participants who testified on the SIG who were here at NCVHS, for example, were invited as stakeholders, so I went through the Minutes and anybody who mentioned they thought SIGs were a good idea got invited.
Over 50 members, including doctors, pharmacists, representatives from SNOMED, ISMP, HL7, CMS, VA, NCPDP, pharmacies, health plans, vendors, processors and clearinghouses are all participating, and ASTM, yes, that's right.
The task group leaders are Laura Topor of Allina Hospitals and Clinics and Keith Fisher of SXC Health Solutions, Inc.
The task group began meeting in September and has met numerous times to propose foundational working documents. CMS is very nicely sponsoring the calls for us.
Some members of the task group were also able to meet during the NCPDP joint technical work group meetings in Atlanta in November, and a face-to-face meeting is being discussed with sponsorship by AAHSI HISB and AHRQ.
Some of the work they have doing, since this is a topic everybody loves to talk about, is data gathering. Work by NCPDP, HL7, the Continuity of Care Record, DrFirst and others have been reviewed. So anybody who had any thoughts of how you codify or standardize SIGs were kind of thrown into the pile.
The task group is research current medical practice management systems to understand prescriber workflow and processes. They are looking for potential consistency and efficiency between inpatient and outpatient settings. The focus has been on U.S. activities right now, with an eye to international work.
Their scope definition and management – they want to maximize the use of the standard for inpatient and outpatient whenever possible to simplify the process for prescribers and pharmacies and to address safety concerns.
They accept that some SIGs won't lend themselves to the standard, but they're focusing on either the 80/20 or the 90/10 rule, whichever they come up with. An input from pediatric prescriptions is being sought. They want to optimize technology by using computable fields.
The draft operating assumptions – there will be no abbreviations in the SIG.
Leverage and maximize existing standard vocabularies, for example, SNOMED, external code lists, and data dictionary.
Defaults may be overridden, for example, the verb "take," "apply," et cetera, then the user may be able to change that to something else, "dissolve under tongue," for example. Or if a system defaults a common set of instructions, 1 po 2 times daily, the user must be allowed to change to "2 po 1 time daily" if desired. So those are some fundamentals they've gotten out on the table.
Textual representation will accompany a codified SIG. And they will have mathematical and computable options wherever possible.
The standard is about interoperability transfer, not interface creation. The standard should be able to be incorporated into various standards as applicable, such as HL7, NCPDP, et cetera.
The next steps – they have done a lot of work right now with mapping common scripts into proposed formats. It began in November and the task group is now reviewing. They've got lists of SIGs they're just plowing through to make sure base rules are applying to all sorts of strange looking SIGs.
They are going to draft implementation guides for NCPDP and HL7 versions to demonstrate the flexibility of the model. It may be how you think in the HL7 world, how you might think in the NCPDP world, and to help people with a frame of reference.
They will continue their bi-weekly calls and schedule face-to-face meetings as needed. And they're still identifying other stakeholders and developing communication plans for 2005 such as – they listed TEPR, HIMSS, ASAP, et cetera.
The timeline – they're headed for the January, 2006, implementation; actually, they went backwards, excuse me. November, 2004, they met, for those who could meet, at the NCPDP meeting. In March, 2005, they're going to meet again just as a spot; there may be other meetings, but this is one spot where there's quite a few stakeholders who just wanted to get some work done face to face as well.
In summer, 2005, they want to release proposed standards for coding and testing and they recognize that CMS and NCVHS has acknowledged that the timeline does not allow for completion of the ANSI approval process but it at least gets things going. And in January, 2006, be ready for implementation. Pretty aggressive.
And they want to include the 2006 pilot tests as developed through the SDOs.
Observation 11, Dispenser Information – this is related to the NPI and just the status – SCRIPT supports the NPI; it has for quite a while.
Let's see. There were no specific other action items along that line for NCPDP.
Observation 12, Prescriber Identifier – the NPI again; SCRIPT supports the NPI, as I mentioned, for both prescribers and dispensers. I put a caveat just for myself, it also is a reminder, that there may need to be input from industry participants for any modifications or clarifications to the SCRIPT standard because the NPI has the lack of location specificity we talked about in the last testimony. If needs are shown, we'll process those requests from the industry and move forward with the standard. It's not a big deal. But until the industry evaluates how the NPI is going to affect them for registering or for identifying, or if it even does affect them because it's at a lower level in the transaction, I don't have an action.
Observation 13, Pilot Test Objectives – there were no specific action items for NCPDP.
Observation 14, Support for Standards Collaboration – same thing.
Observation 15, Policies to Remove Barriers – no specific action.
Conformance Testing and Certification, Observation 16 – as we noted during testimony when this recommendation was built, NCPDP is looking for guidance on what exactly needs to be stated. We may already satisfy these requirements in the standards; we don't know. So that's still an open issue. Remember, we talked about what certification versus conformance and what are the criteria and things like that.
Nest steps. Electronic signature we talked about the last two days. If I'm interpreting where we ended up yesterday, NCPDP could offer to, through one of our task groups, look at the ASTM appropriate documents and then look at if they need to build guidance or what you might call the registration process related to the e-prescribing. I'm not sure if that's what the Committee wants, but we could make that offer, to go back to the task group and say that's something the Committee would like us to look at.
The other item is a directory that would identify prescribers, nursing facilities, pharmacies et cetera. The status is during the NCPDP November work group meeting, Work Group 11, once again, created a Provider Broadcast Task Group. Alan Smith of ProxyMed is the task group leader.
In the past, a standard was designed using the common segments and fields from NCPDP SCRIPT but was abandoned because there were other things going on that were more important at that point for the e-prescribing world.
Trading partners are using this draft standard, which is, once again, based on SCRIPT, as their starting point. So the task group has been sharing their each interpretation of the draft standard and they're going to bring forth a standard to propose to the industry. They don't have a specific timeline, but it's going to be soon because they're all – I mean, it was amazing – they're all in agreement.
So that's the status.
DR. COHN: I guess I should ask the subcommittee: Do we want to talk about this before we move on to the HL7-NCPDP coordination efforts, or do we want to do it all at once?
MR. BLAIR: There's so much that she had there.
DR. COHN: Yes, I know. That was sort of what I was sort of thinking. Ross, I hope you don't mind if we sort of get into this and then we'll talk about the coordination.
Questions, Answers and Comments
Jeff, did you have a question? And certainly I have a couple.
MR. BLAIR: Yes. I think that NCPDP and all of the vendors and members of NCPDP deserve congratulations for the tremendous amount of work that you have done. Then I guess personally I'd just add my personal thanks for the way you have committed yourself to following through on NCVHS recommendations, and just thank you.
MS. GILBERTSON: I'll accept that on behalf of all the industry participants and our wonderful task group leaders.
MR. BLAIR: It's really a major achievement.
DR. COHN: Yes. It's going to be very interesting to see what you come up with. I'm actually very curious about how many SIGs you discover after all is said and done.
MS. GILBERTSON: Yes, the chart's growing as we speak.
DR. COHN: Yes, I can imagine. I did have one question – this is almost more clarification because I don't want to get into exactly figuring out right this moment what NCPDP needs to do from our conversations on e-signature.
But you used the term "registration function," and I found myself going – gosh, we talked about credentialing, we talked about authentication, we talked about security, we talked about all of these other things. What exactly do you mean by registration? Is that the credentialing function or is that something else?
MS. GILBERTSON: Well, it's interesting. When I hear the term "credentialing," I think what makes a doctor allowed to practice or what makes a pharmacist allowed to practice. So I have trouble using the term credentialing.
And so therefore we're trying to understand what it is the Committee thinks where something's lacking or where we could improve something.
So we were thinking if there were guidance for what is the minimum you need to be assured that you have gotten the right information and established verification of a doctor allowed in the e-prescribing system, for example, a pharmacy allowed in the e-prescribing system, or a pharmacist? And that whoever is allowing the entry in – say, it's the point of care vendor or the pharmacy practice management system or something has these kind of established procedures for allowing that user on. And things like after you've gone through and validated you're who you say you are and you're not somebody else, that there are controls like a user ID and a password, and that another level could include a PIN and another level could include whatever else. And those kind of trusts built of that base level that says this is at least the floor of what you must have to verify or – guarantee is kind of a hard word, but that you are only allowing the right allowed people through in this e-prescribing process.
So I wasn't sure if that was exactly what the Committee was headed for or if that was one of the things you thought as an action, but it's something we thought we would bring forward.
DR. COHN: I don't know if I have the answer to that one other than at least I understand what you mean by registration. But others may have comments. I don't know if we want to solve this one.
DR. FITZMAURICE: Add me to the question list.
DR. COHN: I'll add you to the question list. On this issue, or something else?
DR. FITZMAURICE: On this issue, yes.
DR. COHN: Okay – Michael, and then – okay, Michael.
DR. FITZMAURICE: I also want to echo Jeff's comments about praise for the industry and for NCPDP for pulling a lot of this together and putting a lot of resources into it.
I will note that in good part to Lynne Gilbertson's intercession – I'll use intercession – and Maria Friedman's intercession – AHRQ was able to support in small part the Minneapolis meeting of the Formulary Standard and we're probably looking forward to providing support and partnership with the industry to help keep this moving along and to undertake things that might otherwise not be undertaken.
I have a question about your testimony. It says "NCPDP extended an invitation to X12N Working Group 10 to work jointly on prior authorization from work flow to transactions." Was that invitation accepted?
MS. GILBERTSON: Oh, yes, very definitely.
DR. FITZMAURICE: So there is a firm and consistent pattern of industry cooperation –
MS. GILBERTSON: Yes.
DR. FITZMAURICE: -- and everybody is moving very rapidly to get these standards in place, and we're looking at the pilot date which is coming up in just a little bit over a year. So again, much kudos and much appreciation to the industry.
DR. COHN: Harry and –
MR. REYNOLDS: Yes, a comment on Lynne's recommendation on the registration and so on, exactly at least what I was driving at.
MS. GILBERTSON: It is, or is not?
MR. REYNOLDS: It is.
MS. GILBERTSON: Okay.
MR. REYNOLDS: That part of the picture that was going on yesterday – you know, what we talked about, the picture talking about secure networks, talking about other things.
You mentioned the process of registration and then – you have registration, then you have it going through the secure network and then picked up by whoever it
is. That's exactly – because as you look at – again, back to our earlier discussion about, we talked some yesterday, about the whole idea of Level 2 and Level 3. When you establish those guidelines as to what kind of a password, what kind of PIN, those kinds of things that you're talking about, it's allowing us to have the industry look some kind of a structure that would allow it to fit into the things that we're going to have to be able to recommend, or CMS would recommend, or the Secretary would recommend.
And these are the basics. You've got to do these things, because this whole idea of knowing who did it is really going to be one of the trip points in this whole discussion. And I think the registration itself, because that's where the industry's stepping up and saying, if we're going to interface with a system in a physician's office, we're going to require this before we let anybody into the network, before they can send the prescription over, before they can do this and before they can do that.
And then when the pharmacy gets it, they will know these things, which gives them assurance that it is who it was.
That's what I was looking for. So the picture's great.
Then the next other step is: Do you have any further guidance, and it might not be NCPDP, on exactly what types of standards for those secured networks once they're registered and once the data starts to flow? Is there anything there? That's where I was. That's the whole place I was going yesterday. So yes, that's a nice first step.
MS. GILBERTSON: Well, something else I just thought of that – since we all know and love him, I was looking at ENAC, and they've got some guidance as well and I know it would be very willing to help with some of those pieces.
DR. COHN: Steve, and then Jeff.
DR. STEINDEL: Yes, Lynne, I'd like to add my congratulations to the wonderful industry mobilization we've heard to bring this together.
I also would like to pick on one of my sister agencies because in the midst of all this mobilization, I'm looking at several comments concerning RxNorm. And Vivian, I would like you to take back to the Library my comments and perhaps maybe of others. It seems like that they asked for examples way back when and they're still missing, and there was some nodding of heads here between Simon and Maria when you requested to be put on the agenda in January to prevent to us gaps that you've noticed in RxNorm. I actually would not like to hear from you in January. I would like to hear from the Library on how they're filling those gaps.
We have a very rapid schedule going, and what I'm hearing in a sense is that one of my sister agencies is not working at the pace that other federal agencies are working at and are supporting.
MS. GILBERTSON: One of the things that was really a light bulb to me during the presentation that was given at the NCPDP meeting was that there's some misconceptions of where RxNorm is appropriate. And there were some misconceptions that you used, for example – and I'm going to get out of my league very quickly – but the things that struck me: You would use RxNorm as the prescribing drug, the prescribed drug. It's meant as a mapping device, not as a definition of what I prescribe, not as what I dispense. But yet, when people say, can I throw it into SCRIPT? Into SCRIPT only means I've provided what I prescribe in some form as well as this mapping key so that when you get to the other side, if you don't understand what I said, you can use the mapping key to use what you are familiar with. That's an important point.
One of the other important points was that there are many different representations in the model, and we need to get to what is a vendor implementing? I mean, you throw up a screen that's got, I don't know, eight, 12, 10 boxes, whatever it is – where do I go get what I need?
All the doctor wants is a list. Where out of all these tables do I pull it up?
So we're trying to get it into the pharmacy and the prescriber vernacular to say these are the types of questions we're hearing, too; can you help us with that? And just whatever we can do to help facilitate –
DR. STEINDEL: If I can comment, my sense would be, based on development et cetera, if we would like to start pilot studies in January, '06, this guidance needs to be in place to the industry probably a year earlier.
DR. COHN: Ross, do you have a comment on this one?
DR. MARTIN: Yes, if I could just comment on the RxNorm issue.
One of the things I know that got talked about a lot in the last sessions were about differentiating features and the notion that RxNorm doesn't always capture every concept of a drug that the prescriber may want to indicate in their preferences.
And we've toyed around with the idea of adding – assuming that there's a place for the RxNorm in SCRIPT, in NCPDP SCRIPT, that we would add a product differentiator field that would kind of be the difference between what the RxNorm code captures – Erythromycin, 500 milligram capsules, versus what the doctor was ordering – maybe they want a particular salt of that Erythromycin capsule and it's important to that patient for some reason, that would kind of bubble out and say, here is the piece of it that's missing from the semantic clinical drug, the RxNorm code semantic clinical drug code, and that would be added so that when the pharmacist wanted to fill this, the PDRX norm code, they'd also see that differentiating features field and they would know that the doctor stated a preference about that.
In the instance where the doctor doesn't really care, the RxNorm code would be sufficient, and if there is something that the RxNorm code doesn't capture in terms of a difference and they've got two products on their shelves that are specifically different entities, they're different drugs but they both fit into that RxNorm code, they can say the doctor doesn't care; I'll pick either one, according to my preference as a pharmacist, or I can ask the patient. Normally, there would just be no preference at all.
And that's being debated right now. That may be submitted as a DERF in the next work group meeting of NCPDP depending on discussions that are happening with some of the drug database companies.
MS. GILBERTSON: And what I'd like to do is take back to the task group the recommendation and we can ask NLM if they would like to be involved in the task group, if that would be appropriate, if they'd be comfortable, if whatever. And I was just thinking of Apelon and a few companies like that that are involved in some translations, too. Maybe we can cut to the chase quickly, a little quicker.
And I have to say Vivian's been great as my contact.
DR. STEINDEL: I think you read between my lines. Thank you.
DR. COHN: Okay. It looks like we're developing some to-do's for January, it sounds like, in terms of conversation. Yes, do you have a comment or question? You need to introduce yourself again – sorry.
MR. SCHUETH: My name's Tony Scheuth and I'm Managing Partner of Point of Care Partners.
And on the subject of RxNorm, I just want to disclose that RxNorm has retained us to gather industry information to address and look at some of the things that Lynne talked about. So it's not like they're off doing their own thing without listening to the industry.
I just wanted to disclose that so you would know that they have retained folks. And it's not just myself; I have people that are quite experienced in different areas including pharmacists and technology experts that are helping sort of advise them on some of the gaps that Lynne talked about.
We also took the feedback, the testimony, the presentation that was given to NCPDP, we've taken that back to them as well as done an additional analysis. We've actually taken the top 100 drugs from the Department of Defense and run through sort of a usability testing, and we're providing that with feedback to Stuart Nelson.
MS. GILBERTSON: Do you think that'll be something you can provide to the task groups?
MR. SCHUETH: I'd have to speak to Stuart about that. We have a draft of a report that will be going back to him in my computer right now. I mean, we're close; within the next week or so, we'll be giving him this feedback.
I also would like to say Stuart was not able to present at the NCPDP meeting. Instead, it was industry folks that were sort of doing some education. I do believe that if he was able to present, he might have been able to shed some light on some of the kind of concerns, some of the questions, that folks had about RxNorm. Not that there aren't holes and gaps and that the industry concerns aren't relevant, but just so you know, I think there's a little bit of an education issue and educating the industry about RxNorm, there's a little bit of a challenge there. Certainly, he has challenges. He's aware of those and he has folks sort of helping him understand those.
DR. COHN: If you don't watch out, you might be asked to testify in January.
DR. STEINDEL: Just a comment. Thank you very much for that update, because from Lynne's comments, it wasn't clear that the library was actually moving aggressively in this area and it sounds like they are, so I think this is very positive.
DR. COHN: Vivian, do you want to make any comments, I mean, because you're a sister agency?
MS. AULD: Only a minor one, that I have been trying to get a hold of Stuart to give an update to the Committee, but because I asked for it so late, he wasn't able to give it to us, and we're going to give it to you later. But Steve's points are well taken.
DR. COHN: Yes. Do you think January's a good time for that update? Is that a reasonable –
MS. AULD: That's what I was aiming for at this point, yes.
DR. COHN: Okay, good. Okay. Michael?
DR. FITZMAURICE: I would mention that AHRQ and NLM have been working together to fund a good deal of RxNorm and outreach and Betsy and I have had just preliminary exchanges about what we'll be doing in '05. It sounds this would be a good part of – maybe rise to the top of the list of things that we'll be talking about.
MS. GILBERTSON: If there's anything you think of that might be appropriate at the NCPDP annual conference that we include on the agenda, and I'm not trying to sell anything – it's just a matter you've got a captive audience there of pharmacy-related industry perspectives – so perhaps that would be an educational opportunity that could be considered.
DR. COHN: Lynne, thank you. Jeff, did you have a – please.
MR. BLAIR: The only other thought I had is I hate to leave questions lying unanswered, and Lynne, you had wound up saying which of those ASTM standards you'd be looking at considering. And I was wondering if Margaret Amatayakul might be able to provide a little bit of clarity on that since is much better familiar with those standards.
MS. AMATAYAKUL: Jeff, I am not familiar with all of the ones that were identified yesterday, but I certainly would be happy to undertake a review and try to parse out which ones would seem applicable.
I believe that Lynne had asked for clarification from the subcommittee on the last recommendation relating to conformance testing?
DR. COHN: Oh, is that a question for us or are you going to answer it? Okay.
MS. AMATAYAKUL: A memory jogger.
DR. COHN: Okay. Well, Lynne, let me try to provide some clarity and I think as much as I can give you and I'll look to the other subcommittee members to see if you have other thoughts.
I don't think any of us were thinking that NCPDP had a responsibility for certification of software solutions, vendors or otherwise. We think that the issue of certification is really much more of an issue related to a certification group that is being formed, I guess been formed in the industry, potentially an issue for the office of the National Coordinator for Information Technology. How exactly it happens is yet to be determined.
However, I think we're all aware that there's this issue of knowing whether somebody could certify, your conformance testing – can you conform? I mean, is there a test that could be applied to a software or application that would say, yes, your application conforms with NCPDP? And I think there's just sort of a general expectation that that's really something that standards development organizations know better than anybody else and that there are likely candidates to actually develop those conformance tests. And I think that was really what the expectation –
Now you may already have your standards so well specified that essentially one could identify a conformance test from it. That certainly has not universally been the case.
So, as I'm saying this one, I guess I'd have to think through your standard and see if it's there or whether there's something more, just taking it from your standard and specifying a variety of conformance tests that might be appropriate. That was, I think, really the activity that we were sort of recommending.
Now as I say that, Jeff, do you agree with my comments?
MR. BLAIR: Mmh-hmm.
DR. COHN: Okay, good. Well, that's good. Do others have comments on that? Then, okay, please.
MR. BROOK: Richard Brook. One of the things that have taken place over the last couple years are the boards of pharmacy getting involved with networks like myself and SureScripts that wants to be sure that the certain software applications that are sending electronic transmissions to retail pharmacies, that they meet certain requirements. There hasn't been particular language and I'm not really sure.
I've been before Washington State, Ohio, and Washington, some of these states who were thinking about that. Their point of care vendors had to meet certain requirements. It's almost they were letting a ProxyMed or SureScripts potentially or RxHub to be the trusted authority.
I'm not sure if there's exact language to that, but we've testified before the boards of pharmacy in Washington State because they didn't have the time to go out and look, where Ohio has some pretty has some pretty interesting regs where each application has to be approved as well as our network had to be certified and approved.
Just to let you know there is some potentially model legislation out there as far as an application meeting certain requirements to be able to send an electronic prescription within certain states.
DR. COHN: Thank you.
MR. BLAIR: If I may – in any way does that model legislation in terms of certification of e-prescribing functions begin to match or worked with the work at HL7 for the minimum function set for e-prescribing functions? Or is that something that is entirely different? And if it is entirely different, could you clarify it?
MR. BROOK: Yes.
MR. BLAIR: Maybe Steve can help with that since he has responsibility for the HL7 work.
MR. BROOK: Steve, do you want to take it first?
DR. STEINDEL: The only input that we may have had on it, which means that we have had no specific input on it, has been from the work group members who are familiar with it and have worked on modifications of the conformance criteria such that it means what they know about these particular –
MR. BROOK: And, Jeff, I'm not aware – it was just really us as networks that were certified to be – I'm not aware of anything else that was taking place, and I don't think they had any thought further to take it than that we were going to be like the certified network for an application.
And again, it doesn't get saying that they have to use SCRIPT; however, we all know that in order to get to the retail pharmacies, we support and only – only actually there's no proprietary formats that are going out there that send prescriptions back and forth. It's almost a de facto that we're using SCRIPT to be able to send prescription messages back and forth through our networks. Thank you.
DR. COHN: Lynne, has this been helpful at all for you? Or, Harry, do you have a – is it on this issue? Okay.
MR. REYNOLDS: Yes. Then I think you find yourself, at least in my opinion, in a position of an aggregator. In other words, if you look at this document – no, you look at this document and then you talk about registration and you talk about some of the other things
that we've talked about, it's a pretty significant end to end look at the basic premise of what e-prescribing can be built on. It can be built on SCRIPT, it can built on the agreed upon standards that you put within there, if you step into registration and you step into these others.
And also, you happen to have at the table, by reading this, this industry – you're bringing the industry to the table. So you are an environment that could at least recommend or at least put forward what a structure would be to consider certify anybody that would want to use this, would want to do e-prescribing.
So again, I don't think it's so much that you would do exactly what it is, but you sure have the people at the table. You're having the people at the table many, many times. You have them all looking end to end through the whole thing. So that may be a plus, why this is like it is. That's my feeling.
DR. COHN: So have we helped or are we further confusing you?
MS. GILBERTSON: I'm fine.
DR. COHN: Okay, good.
MS. GILBERTSON: Thank you.
DR. COHN: Okay.
MS. GILBERTSON: There was only one other observation that I think Maria mentioned would be maybe we start talking in January and that is some kind of information about what metrics, what measurables, what general information is going to be put into the pilot or what do we want out of it? And just maybe a status from CMS of what kind of general things they might looking at.
I know it may not be to the level of detail exactly who is going to participate or things like that, but surely we can start building some of the what is the pilot going to look like, what does it need to prove it's supposed to do, what are we going to measure once we start doing some of these things, or we're already doing some of these things; what do we want to measure about them? And those kind of things would be very helpful because we mentioned in testimony that that's a perfect opportunity to use that information as metrics going forward and as educational opportunities for going forward as well, because the pilot's not going to sell it, but the information about what was proven or shown or saved or whatever will help for the future.
DR. COHN: Do you have a comment?
DR. FRIEDMAN: I'm just thinking. We appreciate the offer, and as you know we're still working internally; we have some issues running through on the pilots and we are looking at design issues and that kind of thing, so –
MS. GILBERTSON: Just anything you could share just to give us an idea of what –
DR. FRIEDMAN: We'll do our best.
MS. GILBERTSON: -- kinds of things you're looking at, that would be helpful.
DR. FRIEDMAN: We'll do our best.
DR. COHN: Okay. Other questions or issues on this particular presentation? I think, Lynne, we've all said thank you, congratulations. I mean, we think you guys are doing great. You're all doing great work. We know that you're fully occupied, so we really think you're going in the right direction, so thank you.
Ross, do you want to talk about the NCPDP-HL7 collaboration?
AGENDA ITEM: Presentation: HL7/NCPDP Harmonization – DR. MARTIN
DR. MARTIN: Sure, thank you. I hope to be uncharacteristically brief. I had a choice of either doing this or having all these movers at my new home with my three-and-a-half-year-old and naturally – my name is Ross Martin. I'm a Senior Manager of Business Technology at Pfizer and I'll be giving you a project update on the HL7-NCPDP mapping coordination project.
Just from the last summary I gave you back in August, although it seems like it was last week, we did launch a coordination project to try to map out the differences between HL7 and NCPDP so that the primary use case we were looking at was discharging a patient from the hospital or an emergency room where HL7 are more typically used and sending a discharge prescription with that patient electronically to the retail pharmacy setting.
As I told you back in August, we had 16 participants at that initial meeting and chose to develop a demonstration project that would be done at the 2005 HIMSS and NCPDP conferences in February and March.
And then we looked at doing further projects that would include mapping to Version 3. Currently we're mapping to Version 2 X-portions of HL7 instead of Version 3 but we intend to move forward with the Version 3 shortly and also develop a change management plan so that we can kind of build this into a regular process instead of just a one-off.
So since that time, from the original meeting participation – and by the way, your handouts, those are old hat; I made those at about 8:15 this morning and now these were the ones I made in the last few minutes, so there's –
[Laughter.]
DR. MARTIN: Along those lines, there was an ideal that the standards organizations about which I am talking would have reviewed this material, but aligned with my last comment, they hadn't had a chance to do that yet, so there are plenty of people in this room who can make corrections if I've made any substantive errors.
So this was the first group. There were 16 participants. And now we have about 50 that are on the Yahoo group server, and many of them actively participate and many of them also vocally participate in this process, so we have a lot going on.
We are still focusing on the Phase 1 scenario of looking at that discharge prescription process so that it can go from an Hl7-based electronic prescribing system and then be translated into an NCPDP message that would be able to be digested by a retail pharmacy.
We've also been adding some other portions of that and had to retract from a bit of them, too, that I'll get into in just a second.
So we do have the demonstration projects going on at HIMSS in February in Dallas, Texas, and then in NCPDP in March of 2005 in Phoenix, Arizona.
For the HL7 demonstrations, the signed participants at this point, and I hope I have all this right, is SureScripts doing the prescription transmissions to the ambulatory for the retail pharmacy space; Epic Systems, who's kind of representing – and Cleveland Clinic, which will be the inpatient system that will be submitting prescriptions and then the Cleveland Clinic will be showing some of their functionality as a translator and Epic Systems as well; NDCHealth will be serving as the pharmacy vendor with one of their products; Apelon has also added another kind of piece of this where they're taking RxNorm and the National Drug File reference terminology translation so that they can do medication history delivery; and then RXHub – at the time, we weren't sure if they were going to participate from the initial meeting but they've been very active since then and they're sort of representing ExpressScripts in showing formulary eligibility and delivery, medication history delivery, and also prescription transmission to the mail order space.
The entities in parentheses there, the reason they're different is they're not necessarily signed on, they didn't pay the fee to participate in the demo, but they're the entity that is being represented, like Apelon is using the NextGen electronic medical records system to do this functionality; RxHub is just the vehicle for ExpressScripts to do that but they're providing the technology framework for it.
This next slide is just an example of the transactions that are going on that will be demonstrated in the HIMSS meeting at the HL7 booth and it just shows that there will be messages going from the Cleveland Clinic data
center through VPN connections and Internet connections that are going to these different entities. So it's not just a demo in a box, although these are obviously not going to be real patients that we'll be using.
So this is where it is and –
[Laughter.]
DR. MARTIN: -- please come to Booth 3919 in Dallas, Texas, and we'll be waiting for you.
In terms of the timetables, we have experienced a few delays. Things have been going very well. We have a lot of participants. Yesterday, a call I was on, even though it was – a lot of the people were in this room yesterday who couldn't be there. We still had a good number of people on the call just for the mapping part, the technical part. We also have regular calls about not only the mapping but also the business processes and the workflows and things.
We did have some project management turnover, and that has affected our ability to move extremely quickly. We've only been working very quickly at this point. And we are on target for doing the HIMSS demonstrations. We are probably going to be a little later on the actual publication of an implementation guideline is my guess at this point, but it should coincide with the demonstration. And just in terms of scope, we really have been trying to focus on an implementation guideline that fulfills the needs of the demonstration project alone.
We've also in that process been adding what's becoming an increasingly long list of things that we want to address in short order following the demonstration that we've worked out either completely or partially or we know that we still have to get back to it because there are lots of issues around e-prescribing that we're not addressing in this first round.
This little mass print that I can submit to you electronically, since it wasn't in the original deck, is just about the project subteams, and this is just evidence of how robust this is becoming. We couldn't just do it with our one group so we have all these other subgroups that are being formed to deal with things like: How do you educate people on this? How do we publish the guidelines? You know, the project management itself, the change management, just the demonstration projects and then communication marketing, to the point that I think, as I looked on this list a moment ago, I realized that my name wasn't on any of those subteams, so we've gotten a lot of support from many, many people.
So, future collaboration communities – this is the same slide from my last presentation and we still looking to map toward HL7 Version 3. Some of that work is already beginning.
I forgot to mention something about one thing that isn't happening in the demonstration project that initially we had intended. We were planning on having not only an HL7 to NCPDP e-prescription, meaning a prescriber within an HL7 environment prescribing to a pharmacy that uses NCPDP as its messaging format, and we were also going to do it the other way around where we had an ambulatory physician who would use NCPDP as a transaction message going to, let's say, an institutional pharmacy like a Cleveland Clinic or at a Kaiser or at an Intermountain Health Care, and specifically to the VA.
We had to drop that part of it. VA is still extremely involved in the process, but because our mapping was a little bit – we didn't have the deliverables for that quite in time for them to be able to internalize it and have it ready for the demonstration. They fully intend to do this part of being able to receive an NCPDP message, convert it into HL7 for their use, but they just weren't ready for the demonstration and they had to bow out of that. But that's just the one – it wasn't part of our original scope; we added it in, and then it had to be pulled back out again. So we're still ahead of the curve in terms of what we are demonstrating in February, but we had higher hopes at one point that we had to curb back a little bit.
Again, VHA specifically through Jim McCain has been extremely supportive and providing a lot of informational and expert resources for this project.
So as Lynne already alluded to, the SIG stuff has gotten beyond this project scope and it's gone over to another work group entirely, or task group entirely. We are still looking at the telecommunications standard as a future project. Actually, I should have probably dropped that one out because that's probably being handled differently as well, not for this group.
But the bi-directional medication history information exchange, as was already mentioned – and I think Teri's going to be talking about later, is that right? No, is not going to be talking about later – that proposed standard was approved at NCPDP at the last work group meeting, as Lynne just mentioned. It's being balloted in the January '05 cycle and so the timeline is as aggressive as it possibly could have been for that getting through the process at this point. So that will be demonstrated at HL7; it is not technically a balloted standard, but it's well on its way.
We continue to enjoy the support of both boards; HL7 and NCPDP have been very involved in helping this move along. And lots of stakeholders have been providing in kind support.
We had said at the last hearing where we testified about this that Café Rx would be a great source of project management support for this if they would come up to the plate, and they in fact did, and that has come to us in the form of Capgemini providing project management office services for this project ongoing, which is why we now have subteams and submessaging lists and all sorts of things that were not there before.
So it's been extremely helpful to have them. They've been very diligent in providing support for this. And what we continue to ask for is further support for educational meetings and the need for this because Version 3 is specifically so much different from the world that most of the other people have been used to living in and even the HL7 people. I think it would be very helpful to have a Version 3 to NCPDP summit that provides education on both sides of that for a larger audience that could be involved.
I think that's all I've got. You can still join the Listserv. You do not have to be a member of HL7 to join it even though it's an HL7 list, and the information is there. And you can contact any of the project coordinators – myself, Karen Eckert, Jim McCain, Lynne, or Scott Robertson from Kaiser Permanente to join that list or join the Yahoo group.
I will entertain questions.
Questions, Answers and Comments
DR. COHN: Okay. Well, thank you. I think Jeff has a question, I know, others.
MR. BLAIR: I don't want to be getting in a mode where I'm pandering, but –
[Laughter.]
MR. BLAIR: -- obviously, congratulations to your team as well – applause, applause, outstanding.
My question might blur slightly beyond the demonstration project that you're involved in and this might involve Teri a little bit, too, but it sounded as if you began to look at medication history information. You indicated that that message is going to be balloted. So my question gets to whether there was any investigation of some mergers of medication history that might come from the PBM or payers and medication history that might come from either the acute care sources or the ambulatory sources. And if that was investigated, what kind of issues did you find, and where you able to solve some of those merger issues?
DR. MARTIN: Well, Teri just sat down to address part of that. I can start with the demonstration project side.
Because this was not part of our original scope for the demonstration project, we did not actively review that. But it brings up a good point about the effect of the conversations that are going on in these mapping discussions.
I was just on one of the calls yesterday and did talk with Tim McNeil from RxHub and also somebody from SureScripts; I'm sorry, his name is escaping me at the moment – Reese – just about what the impact that these discussions have had on their processes in the areas that aren't specifically focused on the mapping.
And they both acknowledged that these conversations about HL7 versus NCPDP have informed these processes quite a bit, including things like the medication history standards, and even though that's not a scope of this project. And I speak it speaks a lot about how helpful that can be.
We have not looked at any source for medication history other than the PBMs at this point because it was out of scope, and my understanding from the NCPDP process of the DERF that was approved recently that the pharmacies have not even really looked at that standard but intend to look at it to see how they can contribute to the medication history for the portion that they're aware of that maybe the payers are not aware of. But I don't think that work has begun yet, and I do think that those are issues that should be addressed.
MR. BLAIR: Teri?
MS. BYRNE: Jeff, hi. This is Teri Byrne with RxHub.
Part of the things to remember is the medication history is really just a standard that transports data, so certainly the point of care applications have learned how to migrate information from their own applications or from their EMR applications and combine it with the medication history that the payers provide, along with drugs that have been prescribed. So although we're only receiving information from the payers utilizing this transaction, these applications certainly have their own data source of information that they're integrating with.
So I think a lot of it is going to be up to the applications themselves and then the standard will just transport the information from any source to any other source.
And as far as what we did talk about when we talked about considering the pharmacies either providing or receiving this information, we said certainly the industry is probably going to move there someday, but we didn't adding that to the standard to slow down the process for getting it approved.
So we approved it as is, with the wording that the pharmacies could use it. And then we all agreed that at some point if we need to modify the standards to support pharmacies, we'll certainly do that.
MR. BLAIR: Do you think that this issue is something that should be included in the pilot test?
MS. BYRNE: The issue of pharmacies providing information?
MR. BLAIR: The fact that medication history can come from a number of different sources and that somehow the prescribing system probably will need to find some way of grouping this for the prescriber so the prescriber isn't looking at three independent sources, eventually three, when they're doing their prescription. Do you feel like this is the type of thing that should be included in the pilot test?
MS. BYRNE: I think there's kind of two questions there. And the first one is should we pilot looking at how the information is presented to the physician and combined with other information that the application has? And I really that's more of an application functionality issue. And some probably do it better than others et cetera.
MR. BLAIR: Yes.
MS. BYRNE: As far as piloting it from the pharmacies, I don't know. I think that might add complexity. I don't want to seem unsupportive of that, but I think if there are willing participants who think that they can figure it out and then pilot it ahead of time, it may be a good idea, but right now we don't have access to that so from RxHub's perspective I can't say that we could do that.
DR. COHN: Please introduce yourself.
MS. HELM: Thank you. I am Jill Helm from Allscripts.
I'd just like to add another perspective to this dialogue, and that is that the continuity of care of record, there's a number of projects underway right now regarding the continuity of care record and the concept of a medication list, or a patient's active medications in that list, which would be an output from potentially an EMR or personal health record and would be a combined list of medications not only that were created by a prescriber through an EMR but also could be received by an RxHub-type feed into an EMR as well as any patient-reported or office-administered medication.
So in thinking about whether or not that type of kind of combined medication list or transport of that information should be part of the NCVHS or HHS pilots under MMA, we should look at the work that's already being done with the CCR and see if maybe they're not addressing some of those issues.
DR. COHN: Jeff, did you get an answer to your question?
MR. BLAIR: I think so, I think so, yes.
DR. COHN: Okay. I think one would observe, and I think as I've looked at this over the last year, and Michael, then I'll let you ask your question or make a comment, is that there seems to be – I mean, I think it's still an evolving business case as well as exactly how some of these things are going to happen is likely to sort of evolve as we move along and it probably is okay in certain aspects that there be at least some redundancy in what we're seeing as opposed to just but one standard to do it all. But I think it's something people need to keep a watch on. That's just sort of an observation over the last year as I've been listening to all of this.
Michael, did you have a comment?
DR. FITZMAURICE: Jeff asked my main question so I guess two comments.
One is, again, to give well deserved kudos to Ross Martin and to Lynne Gilbertson not only for their effort in pulling this together but then they're giving credit to a lot of the people who work with them. Every time I talk with them, it's not just them; it's a lot of the people who work with them. They deserve a lot of credit for this.
Secondly, Jeff asked the question that I was going to ask about the need to demonstrate this in a pilot. And if I were Nathan Colodney, I would start making a list of things that would be in the pilot and things that are suggested because some of the things I hadn't thought of until today, so this seems to keep on growing.
DR. COHN: Yes, and I'm glad we have Margaret keeping notes for us. Teri?
MS. BYRNE: I just want to add one other note that I just thought of kind of to help you with your question, Jeff. A part of the AHRQ's field task group, we're talking about sending information back from the pharmacy that a prescription was filled, which will certainly complement the medication history information as well. So it kind of covers those cash transactions.
We've had some conversations about that – well, how is this different than medication history from a pharmacy? And we're not really sure ultimately how that question gets answered, but I think as part of the pilot, having that RX field transaction in there will certainly complement the information.
MR. BLAIR: Thanks.
DR. MARTIN: If I could just comment on that growing list of potentials for the 2006 pilots. Knowing that this is a continuum of development, that there will be
certainly many things that we want to pilot that are – Lynne gave you this large list of things that have happened since the letter came out from NCVHS about those recommendations – and the anticipation of those pilots which are working very, very hard, when we add another list on there, it's often the same 50 people who are participating in these things. And so it's just the usual suspects show up at these calls.
But there will be things for the pilots that we may need to pilot that aren't intended for this should be ready by 2007 or 2009 or whatever the date's going to be, but this is something that we understand is an issue that is our next layer of things that we're going to nail down, but not expect for out of the gate. When this is required, this will be done.
But I think that the example of medication history coming from multiple sources trying to present that in a way that's a unified view of that that says this prescription that the patient said I'm taking is corroborated by the fact that they're filling it, or isn't corroborated by that. They say, oh, yeah, I'm taking my anti-epileptic or whatever it's going to be, and you see that in fact they haven't filled it in two months, that's very useful information.
MR. BLAIR: I have a suggestion –
DR. COHN: Sure, Jeff.
MR. BLAIR: -- if I'm not out of turn.
DR. COHN: And we'll try to break here in a couple of minutes. Please.
MR. BLAIR: We're all running as fast as we can, and clearly the pilot tests become a real opportunity to achieve a number of major objectives. It validates the standards that are either recommended or under development. It also might be a test ground for standards that might be emerging that might be considered later. So it has multiple purposes.
The thing I'm thinking of is that CMS, and Maria, this is in part a question to you or to anyone else from CMS at this point, there's limitation and constraints on CMS in terms of how quickly they could provide the industry guidance. The industry has asked multiple times for guidance in terms of the pilot test, and CMS has reasons why they haven't been able to provide it yet and others that may delay them somewhat further.
So the suggestion I have is that I think the industry might be both better prepared to move faster and to articulate what they could do in pilot tests and maybe the team of Lynne and Ross might be in an especially good position to gather maybe on an informal basis – we don't have to make this formal – but on an informal basis, since you're already dealing with the software vendors, with the PBMs, with the pharmacies, with the networks, all of the folks that would be part of these pilot tests, maybe if they began to send to the two of you during the next 90 days, for example, the types of things that they would like to see and that they feel that they'd be capable of including in the pilot tests, and that would be an information but maybe useful list that CMS could use as it begins to craft what its guidance might be.
So as a suggestion I would ask Maria, is that constructive or not constructive? And I'd ask Lynne and Ross whether they feel like this is something that they'd feel comfortable doing or not.
DR. FRIEDMAN: Well, let me start off. I think one of the things with the pilots is a chicken and egg issue for us, and aside from the fact that we still have some issues internally that we have to resolve before we can really start throwing some guidance out. But I think it would be helpful for us to actually have kind of a menu, if you would, of people and stuff that we could kind of consider as we go along and maybe mix and match because, very frankly, once we get ready to go, we're not going to have a whole lot of time to not only design these pilots but to sign folks up for them.
And so I think having an informal list of potential participants and testable items would be beneficial. I can't say that we could use all of it, but it certainly would inform our thinking and help jump start the process.
MS. GILBERTSON: Maria, this is Lynne. Could you explain what you mean by the chicken and the egg?
DR. MARTIN: And who's the chicken and who's the egg?
MS. GILBERTSON: I'm just trying to understand, because we know what MMA said, we know what the recommendations said, and we know we're heading toward these, so they're either on the list and are being done today and easily go into a pilot because they're being done or they're being developed and they could drop off the list if for some reason they don't get done. But I'm not following the chicken and the egg.
DR. FRIEDMAN: Well, I probably expressed that incorrectly and I think you're take is probably more accurate. It's just that, from our perspective, we have a scope issue in trying to figure out what might be in and what might be out. And then as everybody knows, there are all these wonderful things that are going on out in the world and people keep popping up all the time who might be participating and might have value added.
So to the extent that we can work together to help figure that out, that would be useful.
MS. GILBERTSON: Because one of the other things I was thinking is I'm not sure what like AHRQ might be – I mean, one of the things we talked about is what do we want to get out of the pilot? What is it we're trying to do? And I honestly don't feel comfortable trying to provide that guidance. I know exactly where I'd go for help, but I'm not a statistician, I'm not marketing, all those kind of functions of what makes a good study and what doesn't, and how do you prove what it is you're after.
So I'm wondering if we have some resources that people can at least just rope in or whatever, because one of the things we have to be very careful of: We're not trying to solve all the problems of health care in this pilot, so there's got to be some things you can say, this is what we're testing and this is how we're going to test it, and this is what we expect as deliverables or to measure or whatever, period. Past that, wonderful, good, wouldn't it be cool – but not in scope.
And that's the kind of stuff I'm kind of looking for what CMS is thinking.
DR. FRIEDMAN: We're still working on that. I really wish I could make that presentation today, and that's why I mentioned we have scope issues because that's a critical threshold for some of these other things. So I hope we can present something in January.
DR. FRIEDMAN: And Mike, from your perspective of life, do you see anything you could help with? I mean, I'm not committing; I'm just trying to understand.
DR. FITZMAURICE: I think that as things come up, there are avenues that AHRQ can help with, particularly in working with the SDOs and the private sector.
We've had some discussions with CMS about are there funds available to help speed this up? And word always gets back to us, did Congress give CMS a billion dollars and is any small part of that billion dollars available, as opposed to is there any part of AHRQ money available?
The thing is, AHRQ has $10 million of standards money to help speed up the development and implementation of health care data standards that's going to improve patient safety and quality of care. This certainly would, so it fits in.
So I think there could be partnership with CMS, there could be partnership with the industry. AHRQ is looking at how best to do this.
Last year, our partnerships were with federal agencies who then partnered with the private sector to get things speeded up like RxNorm, like the FDA standards for the product listings, and we intend to continue to support that, but we also are looking at how better to support the private sector in doing this.
Part of our partnership with the federal agencies is that's where the expertise is. AHRQ doesn't know everything about this, but NLM, FDA, NITS, CMS, they know better what they need and how to specify what they need from the private sector. That was the purpose of our partnership.
We know that we want to improve patient safety and quality of care and we can see the link between the technical standards and the health care data standards and getting better quality of care for the consumer and getting more information to the prescriber and the physician to make these better decisions. So we're all looking for: What is specifically that needs to be done?
You and Ross have given us great reports on what the private sector is doing. You've called for HHS support that I think needs to be addressed in '05. We need to know what the scope will be for the pilots, and CMS is charged with that so that we all need to hear from CMS I would hope January, but time is getting short for what the scope is or what the considerations for the scope are. And then maybe getting feedback from the industry, yes, that's a reasonable scope, and then partnerships for how can we bring this about? It's got to be the government, it's got to be the health plans, it's got to be the standard developing organizations, and the vendors working together to find out what's at the top of this list of priorities? What standards are in the way of making it work smoothly? What partnerships in the private sector need to come together to say, here are the elements that need to be exchanged to make this happen? And then the government needs to support that.
MS. GILBERTSON: And I see taking that and at the dummy level creating a spreadsheet that says, what are we trying to prove? Do we have standards for it? Do we have any participants in the industry already doing it? You know, you start making the check boxes.
But then there's a layer above that that says, for example, what are the metrics? What do we want to get out of this? Do we just want a count of transactions? Is that all we're looking for? Or another way, or above that, is there anything we can learn from this that could benefit – a message to doctors, for example, about the benefits of why this pilot was so good, or what they proved, or things like that?
And standards organizations – I don't have any expertise myself in trying to figure out what a doctor might want or what the message be going out, so I see that as another layer of participation from some groups, whoever's comfortable doing those kind of things.
DR. COHN: Okay. And I'm going to try to – Michael, is there something absolutely pertinent that you need to say at this point?
DR. FITZMAURICE: I was just going to say that what we've learned is that the industry has shown us they can pull together and they can achieve a goal. And if the government can be used as a lever in the private industry, they can use us to achieve this. What we need to give them is some financial support and some set of priorities to work on, and I think we can get the job done.
DR. COHN: Yes, okay. And I just want to sort of bring this sort of back to reality as well as give us a break here in just a second because I think we've gone a little long.
First of all, I want to remind everybody that the role of the NCVHS is to advise the Secretary. We are not going to design the pilots and we're not down at that level. Certainly, I think we will talk in January and February some about the pilots, but I think at the end of the day it's really CMS's responsibility.
Having said that, of course, we've had a 15-page letter, first set of recommendations, and we'll have a second set of recommendations. And if one just reflects on this a bit, obviously one of the first purposes of the pilot will be to prove and identify standards for e-prescribing. I mean, that's really what these pilots are all about. And then beyond that there is the piece of the value added of having e-prescribing.
So the real question, I think, for the industry is not to rethink everything that needs to be piloted, but is there something critical that we sort of haven't talked about already, something that's being missed here that really needs to be tested or piloted as we move forward?
And I think that's really the conversation.
I think CMS, as the rule-making process allows, will probably be happy to update us on their thinking and involvement, but, I mean, this is once again, yes, we are an advisory committee and we will help advise as this process moves forward.
Now, like everyone else, Ross and Lynne, you are doing a great job. I do want to state for the record that you are neither eggs nor chickens.
[Laughter.]
DR. COHN: But we really appreciate your help in all this stuff. And what we are going to do is take a 15-minute break and then we'll get together and sort of talk about the January and February hearings. So thank you very much.
[Committee takes a break at 10:55 a.m. and resumes meeting at 11:18 a.m.]
DR. COHN: Okay. Will everyone please be seated. We're going to get started.
Okay, this is our last session of these three-day hearings. We're going to start with just an open microphone session in case anybody has any additional comments, wants to make any statements related to any of the issues or discussions we've had over the last three days.
[No response.]
DR. COHN: Okay. I guess we've allowed people I guess free expression and I think they've had their say.
MR. BLAIR: Maybe there's one other comment I'd like to make.
DR. COHN: Do you want to use the open microphones to make a statement?
MR. BLAIR: Oh, I'm sorry.
DR. COHN: Please.
MR. BLAIR: No, I'm going to listen.
DR. COHN: Well, we were just sort of finishing that up and are going to move to subcommittee discussion, so I was just finishing off. You do not want to make an open –
MR. BLAIR: No.
DR. COHN: Okay. You do not want to use the open mike, okay.
AGENDA ITEM: Planning for Next Meetings
DR. COHN: Now, just in terms of the final session, which is really our opportunity to sort of next steps and all that, I do want to remind the subcommittee and others listening on the Internet and here in person that we obviously have hearings coming up in both January and February.
DR. FRIEDMAN: Do you want to give those dates?
DR. COHN: Yes. January dates are Thursday, January 13, and Friday, January 14, and we would expect that the 14th would be a day that finishes in the early afternoon, probably about the same time as today.
And then we have another set of hearings, and we had a whole place, but I think based on I think our conversations over the last couple days, we realize we're going to need the time, on February 1st and 2nd, which is a Tuesday and Wednesday.
I think, as you all know, the next full Committee meeting is in early March, which is the 3rd and 4th, which is a Thursday and Friday, and I think the intent is to make good on our promise to come up with a second letter of recommendations on e-prescribing, including the issues that we decide to put into it, as well hopefully in these sessions also take some time to actually talk about HIPAA
issues. So I think the intent, once again, in the next two hearings, is sort of a combination of e-prescribing, follow-up of our current conversations, discussions about whether there's any other issues we need to delve into, and then hopefully spending at least a half a day on a variety of actual HIPAA implementation issues, updates, discussions with the industry, and all of this.
So are people generally okay with that?
DR. FERRER: Simon, February is two days or a day and a half?
DR. COHN: Well, it would be a day and a half, and the same sort of all day Tuesday and probably a half-day on Wednesday. Once again, on each of these, we need to see what the agenda looks like to know whether we finish it at 12:30 or 1:30 or whatever, but hopefully we'll be able to keep it to a reasonable time. Okay?
AGENDA ITEM: Subcommittee Discussion
DR. COHN: Now, I guess I'd open the floor to the subcommittee members to talk about I think what people perceive as the next steps. Obviously, I have my notes, but let's hear from others first. Harry?
MR. REYNOLDS: I think we've had a good education on this process which I think has been very, very helpful and I appreciate all the testimony.
I think that the next step is to figure out exactly what types of recommendations and/or guidance we would want to put in the letter, based on what we heard these last few days. In other words, are there are categories, are there subjects, are there specific things that we want to say?
And I was sitting here drawing a picture of the whole e-prescribing again and what we've heard, not heard, and what the categories were. And obviously there's good progress being made on the things we've already done, so that feels good.
But whole idea of do we want – when we talk about whether it's e-signature or just the whole idea of the flow of this data and the processes, what I can't quite get a handle on yet as to what do we want to say – are we talking about e-signatures? What are we talking about?
So I'm not sure I got an answer. I started first and I may come back after I hear some other things. But I think if we could make a list of what subjects we heard and what the subjects over the last few days break into and I have some ideas, then we at least could debate what our step is.
DR. COHN: Well, I think we could all sort of comment on that – and I'm not sure that I think that we have all of the answers at this point.
MR. REYNOLDS: No, I don't, either.
DR. COHN: So I think that part of it is the next steps to resolve some of those questions that you are very appropriately bringing up.
Jeff, do you have some of the answers or a framework?
MR. BLAIR: Oh, I don't know. I think one of the things that I began to struggle with, I think many of the other subcommittee members began to struggle with, is MMA gave us the assignment of considering electronic signatures for e-prescribing but it wasn't entirely clear what the objectives or goals of electronic signatures are in this context. And, to make it more complicated, we also are aware of the fact that whatever recommendations we make, we don't want them to be a constraint in terms of using electronic signatures in other health care contexts, like electronic health records.
So I think that our subcommittee probably needs to do some work in figuring out what our criteria are, the criteria meaning what are the goals or objectives of electronic signatures both within the context of e-prescribing exclusively and within a broader context and maybe also within a long-term time frame and a short-term time frame because we've heard a lot of folks say that there maybe other options in the future but they're not available now, they're not pragmatic, there's other limitations on those.
So we may have to look at this in terms of a short term, and the short term might be the next two to three years and the long term might be sometime beyond three years.
So I think that that is work that we need to do before we can go forward.
The other piece is there's that major entity that we need to hear from and that's the DEA to understand how they've come up with their guidance and recommendations on e-signatures. There may be something important for us to understand on that, if at all possible that we hear from them.
DR. COHN: Other comments? Stan, did you –
DR. HUFF: At this point, I think we need to hear from the DEA. My impression is that we can do some good by making some recommendations that would put into place best practices, as many of the testifiers have suggested. It seems it would be a high hurdle to get over if we require digital signatures in the next year or two, but I think we need to hear from the DEA before we could formulate what we would say as our final recommendations in this area.
DR. COHN: Judy, do you have a comment?
DR. WARREN: Yes, I just wanted to follow up on one of the things Harry said.
I think we've heard quite a bit this time and we really need to distinguish, when we make our recommendations, between what is security and what's authentication and how they're related, because we've even kind of wrapped them up together and then unwrapped them and unbundled them. So I think if we can provide some clarity in there, we'll be doing really good, too.
DR. COHN: Well, I think that's a very good point. As I thought about this one, I sort of don't have the answers either on all of this stuff. I think there's a couple of action items that I think Harry, I'm sure, is already thinking about.
There's something we talked about yesterday – I mean obviously Jeff and others who made comments about needing to hear – I mean, the business rationales and the use cases and all of this, for example, from the DEA, and we've talked about that as well as law enforcement, which might help inform some of our conversations.
There's actually some industry experience out there in this whole use of PKI and others that, you know, hearing from the VA, hearing from the DOD, would be good additional information just because these are real world users to either validate or give us a different perspective of what we've already been hearing the two days, and I think that's always valuable.
Now, I agree with you; there is a difference between security and electronic signature/authentication, and yet they are very close concepts. And I think that there's a piece of work we talked about yesterday, which I'm actually looking at Margaret A., around that we really do need to take, I think, the diagram that has been so well provided and well developed by the industry and map that against the HIPAA security rule just to sort of see how that all connects, or doesn't connect, if there's any disconnects there, because there is that broad issue of sort of overall security.
And that to me is like the fundamental security question, sort of the end to end process et cetera. As opposed to us trying to figure out what security is, it's really more a question of does the security rule apply to all the entities here and will that be sufficient?
Now then there's the other question about this issue of authentication, and once again I guess I have high hopes in the 60-page NIST document, which I know everybody's going to read on the flight home tonight, but I think that with some thinking, once again going from a what is it that's needed back to what sort of authentication, non-repudiation, do we really need here, then going back to looking at some of their guidelines to sort of what are they recommending in terms of the extent, but then also at that point putting in the technical issues about what's really there, what's real today versus real in three years, whatever, along with that whole concept which I think is well known in security in mitigating issues and all that to provide some guidance both for the industry and for CMS in terms of moving forward on all of this stuff.
I mean, that's sort of the frame I guess I'm thinking about. I don't know if I'm reflecting – Maria, you have your hand up first, and then Harry, I think, wants to make a comment. And I may not have it right, so, I mean, you may all have better ideas than I do.
DR. FRIEDMAN: I think just from my own perspective, flipping through the NIST document, they're not standards even though NIST is a standards organization.
However, they may be de facto standards, again, that people are using when they address these concepts.
And it looked like there's a fairly close correlation between what's in there and what OMB provided in their framework as well.
And so my question again is, if we map back, if we find out that current industry practice maps back or tracks closely to these, is that good enough, count as a standard or what? I don't know.
DR. COHN: Well, I think that's a piece of information. I guess I was going from an end – I mean, I think the question is if we discover it maps to a level, acts, we're still left with the question: Is that the right level?
Harry, do you have a comment?
MR. REYNOLDS: Yes. I also leafed through the NIST document last night and partially this morning and I think you take the NIST document, which I know Margaret was going to take a look at, and you take a look at these levels that we've talked about, and then you hear this thing called "registration," which is really authentication, I'd love to have, whether it's somebody from NIST that could help pull that together or it's somebody that testified already because there's a lot of people that we've heard from that already do registration, which is their form of authentication. And the industry's already doing that for millions and millions of transactions that we've heard.
So trying to start from a NIST, because Level 3 basically says here "high confidence in asserted identity," and as we said yesterday, it's going to be real hard to pass something forward and you're a whole lot less than a high certainty it might be the person.
But on the other hand, this document doesn't go into the detail to help you really get with 2-8, 2-9, rather than to absolutely require on digital signature, and so I'd love to hear somebody from NIST tell us a little more about – and if he used this as kind of a framework and had the industry talk about how their registration and their authentication matches to this kind of a structure which again is a federal structure so we might as well not walk away from it.
And then secondly, if NIST would help us understand – this thing puts down some pretty hard things. Two is PIN and password and three is digital certificate. That's a big chasm between those.
So I think that subject is one that's key because I think at some point, using the word "industry standard" for secured networks probably allows the Secretary or anyone else plenty of leverage because there are so many ways out there now to secure networks. I'm not sure.
But this whole idea if we say "digital signature," "electronic signature," "digital certificate," those are the kind of things that really are going – we can either shut this thing down pretty fast as what's already going on or we can keep a good momentum going, and we're going to have to balance that because I know that's the toughest thing I'm going to have when I put my hand up as to which way we go, because you want to keep the industry moving but there's also some place holders that make you just double-check.
So if anybody could do that, that would be, I think, a real good next step, at least for me, for January, to really understand that. We could put that one to bed.
DR. COHN: Sure. And maybe that's a NIST or a consultant or something like that trying to put it all together.
Jeff, you had a comment?
MR. BLAIR: Yes. My colleagues on the subcommittee may beat me up for this, I don't know. I think that clearly in the January session we're going to try to get additional information from DEA and VA and DOD and NIST and gather additional information. And it's a very short time frame.
But I do think that we will need to have an initial draft of our thinking and our framework and our criteria available for the February meeting so that there could be industry reaction comment at that point in a public session. That doesn't leave us a lot of time for an initial draft, but I sort of feel like that's the only opening we really have because -- that puts some pressure on us to do it that quickly, but once again I think we need to do that.
DR. COHN: Anybody have a comment or somebody reacting to that? And, Maria, are you reacting to that? Okay.
DR. FRIEDMAN: I have a process issue to throw out. Actually, I thought the process we had the last time worked well. Not only did we have some working sessions that were closed just to the subcommittee members but we also had some open calls, and that seemed to work very well with the short time frames we're on. So I just want to remind people we have that model; that seemed to work pretty well.
My second question is one of substance. It seems to me, given the time pressures we're under, that the next set of recommendations may focus I won't say on e-signature but some of those relating issues. And we had talked in previous meetings about maybe addressing some other topics and it looks to me like that might be off the table now just given the time constraints.
DR. COHN: Well, I don't think we've gotten to that conversation yet so I think we should finish up what we're trying to do here and then talk about whether or not there are other things that we think we have band width for. I mean, you may be right; it's just that I'm not sure that we made that decision.
DR. FRIEDMAN: Well, no, I just wanted to put that out as we talk about – and I'm also looking at that with enlightening self-interest, restructuring the next set of hearings.
DR. COHN: Okay. That's right.
DR. FRIEDMAN: They're close together. We have the holidays, and I'm going to have to start working the phones pretty quick.
DR. COHN: Sure. No, I think that makes sense. Do other people have other pieces? I think Jeff's overall structure of, I mean, just based on our previous experience, plus we'd also like to have the industry have a chance to comment on something that's substantive as opposed to – I mean, I think there's nothing much more anxiety provoking than vague comments made by subcommittee members asking questions that worry people where they don't actually see a sentence or two that's an actual statement of anything.
I'm hearing some laughter from back here but I presume that that laughter reflects the reality of the situation. Michael?
DR. FITZMAURICE: Comments. When we go to the electronic signature, there are questions that arise about scalability: Can you do it for hundreds of thousands of transactions? And what about the vendor adoption? Not the networks, but each physician is going to have to adopt something that would permit e-signature.
I'm concerned that there's no bridge across lots of certificate authorities, although there is a government bridge project. I don't see a lot of applications of electronic signatures. And all of us are kind of hard pressed to come up with one and the government even, when we describe it, but I'm sure there must be five or maybe 10.
There is a time with security rule which was mentioned earlier. Should a risk assessment be undertaken in the pilot to help guide people who have to apply the security rule to electronic prescribing and can some guidance for that come out of the pilot test?
And also, recommendations for pilot test points for standards – do we want to think about here's some standards being worked on; do we want to recommend that they be tested in the pilots or let CMS determine what they want to test and what they don't want to test? Is it helpful for us to make those kinds of recommendations to CMS? Maybe down the road, maybe not in March, but maybe by the end of summer.
And to look for gaps to be tested in the pilot, gaps in the standards – in other words, report back from the pilot tests to us or to the industry what gaps do you find in the pilot test that need to be filled, because there are some funding and some certainly resource interest in filling those gaps. Then you do identify it and the public needs to be looking at them.
Then finally, as guided by MMA, probably we would need to know what functionality does CMS want in the
e-prescribing pilots, and then do the standards support them? What should happen after the pilots are over, when there's no guidance from MMA? Is there an ongoing process that should be developed for continual refinement, maybe continual testing, and reporting back from the industry to some place like NCVHS as to what the next steps are over the next five or 10 years?
And then there ought to be some thinking somewhere along our lines in the next year about not making a lot of these things HIPAA standards, which will cross a regulation every time you make a change, but to have a different process. A process might be set up, and maybe it would take a law, that would have the Secretary reaffirm or change standards that the Secretary has adopted every three months, and so every two months you say, yes, this is still working – no changes. But then you might say, there are some demands for changes and we're going to consider making a change in six months. In three months, you say, yes, we're going to make the change, and then at the end of time period, a change is coming, so that there's a way to warn the industry without us being the problem of holding it up.
So, somewhere we need to think about a new process and advice on what that new process could look like.
DR. COHN: I actually want to compliment you on your brilliance because some of these things we've all actually already put together and I think some of those are actually in the initial recommendations. Are you suggesting we put them also into the subsequent letters?
DR. FITZMAURICE: Yes, I'm suggesting we put them in the subsequent letters.
And we have highlighted problems but we haven't come up with some solutions to those problems, like what are some possible new processes that might – we've said, we can all be the enemy because of our bureaucracy; can we make bureaucracy work for us instead? It's like opt in versus opt out. We say, yes, we reaffirm it, as we have to reaffirm it, but then we reflect that changes have been recommended and what we're going to do about those changes on a regular basis.
DR. COHN: Okay, great. Okay, Harry?
MR. REYNOLDS: Yes, thinking about why not just comment and then your original question.
I see four areas that could be included in a letter as we consider it.
And the first obviously is e-signature, and obviously we could consider presenting a continuum as part of this recommendation. Obviously for the pilots and obviously what the industry is doing right now is not
e-signature and it's not PKI and it's not the other things. But on the other hand, it's proven it's working and it would be a good thing to test to allow the industry to consider as part of the pilots – while Maria's making faces. Let me finish and then you can respond.
Second would be a status on previous recommendations. In other words, I think we heard that and I think that would be good because that would show that the recommendations came forward and oh, by the way, they're happening, and oh, by the way, we got that response, and so you keep going. Your momentum is good, keep going; looks like the key pieces are going to be in there.
The third would be, again, items that need further review but won't hold up the pilots. Okay, so what might we want to do? Prior auth was mentioned; that would be an example of some of these things. You could still do the pilots, you could still do e-prescribing, but you don't necessarily have to hold the world up, but, yes, we think we ought to do some more work on it. Back to Jeff's point of we've got to something about it in March, but that doesn't mean e-prescribing goes away and poof, it's all happy and done.
And then I think a fourth would be whether or not we want to make any comments or we want do any further discussion on a relationship of e-prescribing and HIPAA, as you had mentioned.
So those would be four categories of thoughts that I think could constitute a letter that would show we gave them the originals and kind of moved us along, because I still think this whole continuum idea on e-signature, you can justify from the testimony we heard, you can justify e-signatures, you can justify PKIs, you can go as far as you want to go.
We also have talked about trying to make it cost-effective, so we've got a lot of people that are giving people prescriptions, and I think the other thing we could reference – the paper world right now, I think that was a great chart that just really kind of summarized it, the paper world right now is fraught with so many things that a continuum of moving kind of where the industry is now, then looking at moving to this and moving to this if it doesn't, throughout the tests or whatever it is, doesn't afford what would be considered by everyone to be reasonable protection and reasonable assurance, because remember, in the end, the pharmacist and the doctor are on the hook. And if we go through the pilots and the pharmacist and the doctor in the end say, we're willing to take the liability and responsibility, adding a lot of technology and add a lot of bells and whistles and gizmos doesn't necessarily buy you an ultimate end.
So that's the balance that I think – that would be my –
DR. COHN: Okay. Maria, and then I want to – I'm sorry; Margaret –
DR. FRIEDMAN: Let me just follow on him real quick to explain why I made that face. I'm struggling with the pilots and what might be tested and what might not, and I'm struggling in this instance with what's already adequate industry experience with maybe not standards but what's going on out there and does that need to get tested again? Or, what's tested is something the next level, like PKI or some of the other enhancements.
So I just wanted to clarify why I made the face.
MR. REYNOLDS: I would maybe consider both. In other words, remember, there's stuff out there now, and, I mean, one of the reasons we were talking to Lynne today about this whole registration process. But there are many, many different flavors of it, and some of it I would say to you don't meet this Level 2 and 3 we're talking about.
So, again, this has all got to be tied to what we're thinking a reasonable – so if we go with this idea of this Level 2-8 rather than just saying "digital certificate," then I think whatever would be tested needs to be some kind of – and that's why we talked to Lynne about the idea of somebody putting together what a good registration would be or a good authentication.
There may be people using PKI and that would be good; put them in the pilot. And that's why the continuum, because there is a continuum right now on intensity, and that continuum goes through many steps.
DR. COHN: Okay. And I think the reality is we're not ready to make the recommendations yet but I do think your framework – I think we're just still information gathering because, I mean, there's a set of outcomes to e-signature conversation. One could be, hey, we've reviewed it and everything is fine. One could be, geez, there needs to be a couple of small things piloted. Another might be digital signatures may need to be piloted.
At the far extreme, there might be some belief or opinion where there really needs to be a new technology implemented.
So I mean, there is a really vast array. And I don't think we've decided. But I think the framework of at least considering that, and I think Maria's right – if there's something that currently exists, that's not the point of the pilot; the pilot of the pilot is not to test things that are foundation standards or that are effectively already out there.
Now, Margaret, you have a comment? And then I want to sort of move on from e-signature because there are other things, and I think Harry brought them up, of other issues that we probably want to reflect on in the next couple hearings.
MS. AMATAYAKUL: I just had a question for Mike. You had identified as your first consideration vendor adoption of PKI. Which vendor are you talking about?
DR. FITZMAURICE: Well, the first consideration was e-signature in general, and one of the points was the scalability as one point.
Then the second point was vendor adoption. I don't know that a lot of vendors out there have them built into their record systems that physicians and prescribers would buy and to have a lot of different e-signature solutions being posed would cause an increase in the price of their software.
And so the question is: Is the benefit worth the cost to the vendors and eventually to the prescribers and the pharmacists who would wind up having to pay for this initially? And then it gets built into the costs of the system and eventually to patients.
DR. COHN: Okay. So let's move on from
e-signature only because I thought I heard talk sounds like yesterday's testimony. Are we okay on e-signature for the moment? Okay.
Now, I think Harry brought up some other issues, and I actually sort of agree with him about this – I mean, obviously there's a piece that I think we began to get into today with Lynne and Ross about, sort of this how we've been doing with our previous recommendations. I think we've heard that we need to probably hear more from RxNorm as well as some other probably perspectives on all that. And I think that that's certainly something that's likely a January conversation because I think we really do have responsibility.
And, Harry, I agree with you about all the things that we've asked to start happening, how they're doing, as well as some judgments that we need to make for the March schedule about. Remember, there were some things we sort of said, geez, is this a foundation standard, is this a pilot, is this something that needs to be further explored as we go along? And I think we're going to have to be sort of capturing information both probably in January and likely into February on all of that.
Obviously, we sort of opened the door today a little bit on these pilot test objectives and all of that. I don't know how we want to handle that. I don't think that's a January conversation. It might be a February conversation. Maybe a report from CMS if there's progress, and the rule-making progress has progressed far enough for a conversation about that.
But I do want to remind people, as I say – and I've tried to put a box around it – our first 15 pages of recommendations are really things that we've talked about for pilots, so it isn't we have to start back at ground zero and reprioritize and think again and ask the industry. I think really the question is: Is there anything else that's critical? Or more along the lines of – which I think Lynne has expressed very well – are there picker outcomes from all of this? Is it just that it worked? Did it improve patient safety? I mean, we can actually look back at the actual regulation, or the legislation, to find out a couple of outcomes that at least Congress felt was important enough that we should be concerned about.
And so, once again, yes, we may decide we want to talk about that more, but I'd say that that is not a January; that may be more of a February conversation, if everyone's okay with that. Jeff's nodding his head – that's good.
MR. BLAIR: Yes.
DR. COHN: Jeff nodded his head a lot at me today.
Now, another question I'd have for you is that there were – and once again I'm just referring back to work we did during conference calls and all that, just trying to clump these recommendations. I mean, I think we talked about e-signature and we've talked about e-signatures as an issue we wanted to somehow wanted to get our arms around.
We have this issue of following up on basic and previously recommended standards. We've talked about that.
Now there's one other issue here. It's called clinical decision support. And we have it under – we have A, is sort of this codification of allergens, drug interactions, other adverse reactions. Drug therapy indication codes were another one. Medication history being sent around was another issue, and we actually heard about that today from Lynne a little further.
There's also medical history which remember was not part of the really initial requirements but is a place holder, or is there anything else that we want to do about this particular item either in January or February? Harry?
MR. REYNOLDS: Yes, I think one thing, since it was a subject that we did talk about and it does complete the circle in many cases of e-prescribing, at least discussing it in one of these upcoming hearings would help us as we think of the privacy, the security, the e-signature and everything else. Is there something related to decision support that brings other information or another view in that would make us think differently?
We kind of went through that picture, and that picture only stopped at the pharmacy, but yet some of this other stuff's going to come either from a person or a doctor's record. Is there anything, based on that clinical decision support, that would make us think differently about any of our other recommendations, either previous or the ones that we're deliberating with now?
And so at least talking about it would allow us to know that anything that we recommended, we at least know that that's not going to change it dramatically. So that may be helpful at least to solidify that we do have this picture and we do know where the data's coming from and the information's coming from and who might have it and who the players are, and at least we take a deep breath before we –
DR. COHN: Maria?
DR. FRIEDMAN: My recollection of decision support is that it's all over the map. There are some things like medication history that are there, and everything else is in various stages of baking and batter, so I'm struggling with is it going to be really helpful or are we going to just hear something that's all over the map?
MR. REYNOLDS: Well, Simon boxed it last night in a comment he made. If you take the medication history plus the allergen, those two may be a reasonable package to give you a good solid base e-prescribing, may or may not.
And you're right. Once you go past that, you're into electronic health record and every lab result. But do we have a basic subset that we at least want to touch, because even though we've talked about medication history, thinking about it now as really a part of decision support, what do we think? It may be one presentation, it may be none, it may be two.
I'm also wondering about the bite issue. I mean, it's another huge area that –
MR. REYNOLDS: Which one?
DR. FRIEDMAN: You know, scope issue. I'm kind of reeling after the e-signature presentations. It was all very good and useful information, but it turned out to be a lot more and a lot more complex than I or I think any of the rest of us thought. I mean, I was feeling overwhelmed.
DR. COHN: Yes, I think we're all used to this level of complexity. I'm not sure bite issue; a question of band width is how I would describe it. Getting away from the food and chicken and egg stuff for a minute.
[Laughter.]
DR. FRIEDMAN: I'm sorry, but I know my priorities!
[Laughter.]
DR. COHN: Jeff, do you have a comment?
MR. BLAIR: Yes, I'm going to weigh in with
Maria. As we started to look at e-signatures, we thought it would be a day, then a day and a half; it's two days, and we still haven't received testimony from VA, DOD, NIST or –
DR. COHN: DEA.
MR. BLAIR: -- DEA. And so there's three days of gathering information, education gathering information, before we could deal with this one.
And when I start of think of decision support, there's so many different dimensions and interrelationships that I can't see we could fit it into the January session or even if there's a part of a day in February in order for us to be able to give careful recommendations by March.
I do think it's a really important topic, and to be honest with you, I don't have a clear idea in my mind. There's a lot of questions I have about decision support.
And again, this is related to standards but it's also related to the source of the data, it's related to how that information is used, what the knowledge rules; you could go on and on and on. And at this stage, I would feel like if Maria were to craft an agenda for a meeting, it would only be the first iteration which would grow a lot, so I sort of don't want to get started on it until we could do a good job on it.
DR. FRIEDMAN: I agree with you.
DR. COHN: Okay. I see Stan, and then Michael.
DR. FRIEDMAN: Judy was first.
DR. COHN: Oh, I'm sorry – Judy.
DR. HUFF: Well, I would quit calling it "decision support" and just say some particular topics that I think we could attack.
I think, in fact, there's a limited scope on what we need to allergies and what would enable drug-drug interaction checking. And I think those two things would be hugely important in recognizing the benefits that were hoped by doing this electronic messaging.
And so rather than call it "decision support" and thinking that we have to do everything that might be implied by that, I would scratch that and say, let's talk about drug allergies and let's talk about drug-drug interactions and what transactions and code sets, or standards and code sets or whatever, would enable that kind of activity to occur in an automated way so that we could recognize the expected benefits from the drug transactions.
MR. BLAIR: Let me ask one other question about that, all right?
DR. COHN: Judy? Okay, go ahead, Jeff.
MR. BLAIR: And I don't know the answer to this question, so it's not like I'm trying to take a position – my question is, with respect to allergies and drug-to-drug interactions, our job is to recommend standards, and the private sector with the drug knowledge base vendors and with the e-prescribing vendors work with this to some degree now. I mean, especially the drug knowledge base vendors; there's a whole little industry there.
And standards are necessary where the industry is having difficulty, where there's an Impediment and standards are needed to break down an impediment. I'm not aware that with respect to drug allergies or the other areas of drug-to-drug interactions that the industry has a problem that they need us to solve.
DR. HUFF: They work fine as long as you stay within a single vendor solution, and so you never need standards if you're only talking to yourself. It's when you're talking from a hospital system or somebody's other system and the pharmacy wants to verify those actions and one's using MediSpan and one is using First DataBank or some other code system that you need to worry about interoperability standards.
And it may be that this even short. I mean, that might be the outcome of the hearing, is that we get testimony from these guys and they all say they're all interactive, they all work together, and whether you're prescribing with one system or another system and whether your prescribing system uses MediSpan or Fist DataBank or
RxNorm, it all works together and there's no problem.
But I'm guessing that's not actually the situation.
DR. COHN: Okay. Let's let –
DR. WARREN: In thinking about this, and I think Stan stated some of my concerns, is in MMA, we were to address medical history, medication history, and that was implicit in there that we look at drug-drug interaction and allergies in order to do those kinds of things.
Somewhere in our own discussion we kind of rolled that up with decision support. And I agree; I don't want to slow things down by talking about decision support.
But I do think we need to talk about these other things that were explicit in it. Now, for our letter, it may be the only thing we can say is this is still on our plate and it's the next level. But some of these, like allergens, may wind up being something that happens for us much the way SIGs did, is that because of the testimony we brought in and looking at it, the industry starts getting together and either provides us with code sets that we can recommend, or standards, or however that plays out.
But I wouldn't like us to back away from this in our letter. At least give a status statement that we're working on these things.
DR. COHN: Okay. Please introduce yourself.
MS. ECKERT: Karen Eckert from Medispan. In our earlier testimony, we had identified the need for a standardized vocabulary for allergens for the (?) notice, and I believe FDB echoed that, is we all have our own proprietary but due to clution(?) reasons, we can't talk to each other and share that; we need to go through an intermediary. And we didn't know if that was going to be SNOMED or some other term, but we had recommended that there is one, so I think we would very much like to have some guidance on a standardized terminology for allergens.
And I guess on the drug interaction side, I'm a little confused, because as you get the patient medication history, and comparing that to the new drug you're prescribing, each side, whether it be the physician or the pharmacy or even the plan can do drug interactions.
And I thought we had talked about setting the results of the drug interaction, sharing that among parties to say, yes, I've done this and I know about it, rather than trying to codify the exact interactions or trying to share that across parties.
DR. WARREN: Actually, I think that's a good point to clarify, because I was confused on what we were sending. I was kind of like saying if we have to share what the interaction is, but if it's just that you've done the checking and there is a problem –
MS. ECKERT: Again, in our testimony, and I believe FDB also echoed it in their testimony, is there's places already in the SCRIPT standard that can do the DUR result to say, yes, I found an interaction.
And that's a lot of the sharing that needs to be done, is when a physician's already done an interaction check and found there'd be an interaction, feels it can be managed, and still wants to give the drug, and they send that across to the pharmacy, the pharmacy is doing that interaction checking again and then calling the doc saying, do you know about this, and the doc's like, yes, I know it; damn it, give it out.
So if you could share that information of – yes, I mean, to do that – sorry –
[Laughter.]
MS. ECKERT: -- I think that would help a lot and cut down some of the phone calls, which is I thought the intent of what we're trying to do.
DR. HUFF: Yes, I know we wanted to enable the interaction that you described -- if we decided consciously that we didn't want to communicate the interaction itself -- I'd forgotten about that.
MS. ECKERT: I guess it was the level of interaction. I mean, what's already available in the standard today is identifying the type of interaction it was, that it was a drug interaction, and I believe it's the offending drug because you're coming in on the new drug. And so it's sharing that information.
And then I think it's giving a reference back of severity, based upon who your source is. It doesn't give you the complete monograph or complete messaging.
DR. HUFF: Oh, actually – yes, the more I think about it, I think – I'm remembering the same as you now. So the thing that's related, though, is the question of whether in fact there's any standardization needed for communicating which drugs interact with which drugs, because now that's proprietary format, too, and whether there's any value in standardizing the drugs and the level of severity of the interactions that are occurring and some way to share that information, because, I mean, what we see now – this is my own experience – is that if we implement everything that is provided in the knowledge bases, then everything alerts and pretty quick they ignore every alert.
And so there's a strong need, in fact, to get experience from the field to say which of things are people really using and find useful and at what level or what – that sort of stuff.
So you're right. I think it's not an individual patient reaction to say this drug interacts with this drug; it's a general knowledge base. And I think maybe the
question is whether there should be some further investigation about ways that we could share a standard knowledge base, or the way that the knowledge base is shared so that it's easier to use and more effective.
DR. COHN: I think Lynne wanted to make a comment. Do you want to respond?
MS. GILBERTSON: I sort of heard two things. Just a clarification. With the way SCRIPT provides the drug interaction message back, it's a text string, so it's not codified, so you don't run into the problem of not being able to identify the drug based upon your knowledge source.
But you are correct when it goes to the severity – that is listed by supplier, and then what the severity was.
The second issue, of trying to standardize the drug interactions, there have been several different initiatives going on – AMCP and I think APHA had done some, of trying to identify the really hot, or the top, interactions you do minimally want to screen for. And I think that's good information to bring back and that can be supplied as a filter.
But I guess I'm trying to figure out you're really looking out a standard for the threshold of content, and the maintenance of that, and I'm just wondering if that is a need for the industry but I'm not sure, and maybe a guidance from NCVHS that this needs to be done by the industry, but I'm trying to figure out the role of what the role of NCVHS is directly in that area.
DR. COHN: Okay. Lynne?
MS. GILBERTSON: It's a clarification that the SCRIPT standard does contain some of DUR, the level of effort, the interactions, the results information that Karen mentioned, and those codes have also been incorporated into the HL7 standard as well. That's one of the code sets that's been shared.
DR. COHN: Yes, Phil?
MR. ROTHERMICH: I really just wanted to make an observation that sort of parallels what Karen just made.
Yesterday, we heard I think a pretty broad consensus from a number of testifiers about sort of where the industry is on a number of things with respect to security and authentication, and at the end of the day we heard a reticence by the committee to adopts things as standards solely because that's what people were doing if they weren't really developed by ANSI-accredited standards organizations.
And where I hear the conversation going today is maybe we should create standards from scratch and I don't hear –
DR. HUFF: No. We're talking about standardizing code sets that already exist, saying that we use RxNorm or we use SNOMED as the code set that identifies the allergies.
MR. ROTHERMICH: Okay. And I see value in decision support, but based on what's going on in the industry, I don't see any level of consensus as to how it should be done. That's really the point I was trying to make.
MR. BLAIR: Please – you wound up saying our "reticence." The NCVHS, when it winds up gathering information and going through our decision-making processes, heard very loudly and clearly the consensus that the industry stated, and it was not lost. It was not like we did not hear that loud and clear.
We're winding up trying to think of – okay, now that we've heard that, are there other considerations from a broader scope, from a time frame, from the industry as a whole?
But I have a sense that you are concerned that the testimony from the first two days would be ignored or overridden. And I don't think --
MR. ROTHERMICH: That wasn't the point, Jeff. I didn't mean it as a criticism at all.
MR. BLAIR: No –
MR. ROTHERMICH: What I really was just trying to say is with respect to decision support, I think it's a lot bigger thing to tackle, given what's going on in the industry, and I just really wanted to make that point.
MR. BLAIR: Okay.
DR. COHN: So, Stan, do you want to try to put this together in terms of a proposal? I mean, you've heard now a couple of things, and I think what I'm hearing – and I have a couple pauses I'm somehow messing up Lynne's comment – but I'm hearing that it sounds like allergens are an issue that sort of everybody recognizes as needing codification. I'm hearing that there's a fair amount of plus and minus about the sort of drug-to-drug interaction testing. Am I –
DR. HUFF: Yes.
DR. COHN: And I guess the question – I guess I would ask you and Judy: What do you think at this point and what you like to see happen?
DR. HUFF: I think we could benefit from hearings that would ask: What standards could we adopt both in terms of message standards and code sets that would allow allergy information to be exchanged appropriately between the parties? I'd be happy to take drug interactions off the table for now, but I think even there we could ask the question: Is there a use case for drug-drug knowledge bases to have some standard way of being exchanged?
DR. COHN: Into more interoperable –
DR. HUFF: Yes.
DR. COHN: Steve? And then, Harry.
DR. STEINDEL: I know the question of allergies in particular has been raised very strongly by VBA and DOD to CHI as trying to look at the standard terminologies in that area. And so far, the groups haven't been convened for various reasons.
It might be just useful for NCVHS to recommend that CHI convene this group in an expeditious fashion.
MR. COLODNEY: They have. They're starting to do it now.
DR. STEINDEL: They're starting to do it? Did that happen at the last meeting or something?
MR. COLODNEY: Over the last couple of days.
DR. STEINDEL: Last couple days.
MR. COLODNEY: Thirty days.
DR. STEINDEL: So Nathan is the head of my knowledge base. Because I know this was a very big issue to them, and so now we've heard from the group that's over CHI that there is a federal task force that's looking into it and they will, as in the past, report to NCVHS.
DR. COHN: Well, maybe you said it in a slightly different way. As I'm listening to all this, this sounds to me like a February discussion as opposed to a January discussion. Maria, hang on. And I'm thinking that at the very least we want to have the CHI group come and give us a status update on where they are and we may want to hear, based on, I think, communications between now and then, we can determine whether there needs to be a wider discussion about what's happening.
I guess I would look to maybe Stan to sort of help us sort of frame all of that together, assuming you're comfortable with that.
DR. HUFF: Sure.
DR. COHN: But we need to get the other things that we've been talking about sort of under control first, and I'm reminded that the allergen issue is an important one, but let's pull everything we can together with the idea of maybe by February. And maybe if CHI knows that we'd like to hear from them in February, maybe it might help them move along a little more quickly; it's hard to know. Certainly having a business case to get work done sometimes is helpful.
DR. FRIEDMAN: We can take that back to CHI. I'm just thinking again in a process issue because their previous deliberations have taken longer than a month on other issues. So we can ask them for a status update in February; I'm just not saying when they'll have anything to tell us.
DR. COHN: Well, in that case we'll have a process update.
DR. STEINDEL: A comment on that. There were some CHI groups that did report back within weeks.
DR. COHN: But I think in all of this stuff I think what we've identified is that we have somehow been able to take this overall issue of decision support and turn it into some concrete things.
And Judy, are you comfortable with what we're describing, which is based on how we do in January as well as what we're hearing from CHI – I mean, I'm not sure that the fact that CHI is working on it negates the fact that we may want to hear from people, and it may actually make it more pertinent because they may need to hear from these people also and that might be a value added.
But I think, yes, we need to in some way, in whatever these March recommendations, I think reinforce the importance of this particular areas. So I think we've all come to the – there's industry support of the idea, it's in the legislation, and we don't have an answer to it yet. So that's a reasonable outcome? Okay.
Now, I guess the other question is are we missing anything else? Harry?
MR. REYNOLDS: Can I make a comment?
DR. COHN: Please.
MR. REYNOLDS: I had had a question a minute ago.
I think the thing I know I'm feeling and I think listening to some of the others, we had a lot of things, we had a lot of testimony, and then we came up with a base set of recommendations. And the expert testifiers can come up to the microphone and remind us exactly what the details of each of those pieces were.
But now that we've got those basics out of the way, I think we just need – I need to hear one more time on a couple of them. That's my point. I'd just like to hear it by itself, not hear it over huge numbers of days of hearings.
For example, the allergens. For example, the drug-drug interaction. In other words, yes, we talked about them and yes, we know about them, but the fact that we got all this at once and we got it from testifier after testifier over the whole picture, I know where I am is so just hearing one more time where it's just the subject, not that e-prescribing – and we're sitting here trying to piece it all together – that's what I was trying to hit. And that's why I also listed on here these items that need further review.
And also, I would like to respond briefly to Phil, because I was the one obviously in the conversation
with him on a regular basis, his comment about the committee. I think the point is that when the committee continues to ask questions, that means that the committee doesn't understand what industry standard is if you've got 45 people in the room. It doesn't understand what it should use as a framework. It is not challenging whether people are – or at least my standpoint; when I speak, I am not challenging anybody from the standpoint of what they are doing or not doing. We are trying to understand what that industry standard is. And if they have one or two or three, those would be good to know, rather than reminding us that there are industry standards.
That's the help I could surely use, on a continuous basis, so that's what I'm really looking forward to.
DR. COHN: Well, any other comments, questions or otherwise? I mean, I think we're getting the flavor of what we're going to be doing in January, and I think with the combinations of hearing more on e-signature, sort of these various discussions on RxNorm and probably we want to hear about the daily med and other SPL things like this.
And, yes, I think we will have a pretty full session, I would imagine. Of course, other items to be added. As I said, either in January or February. We will stick a half-day to talk specifically about HIPAA and Harry
and I will try to coordinate that based on all the other stuff that's going on though I am potentially being persuaded, given that we have sort of a time urgency, and as I think Jeff has commented, we would like to have a letter for us to discuss in February as opposed to be writing the letter in February. We may want to hold the HIPAA thing in February.
MR. REYNOLDS: I have a draft list that I'll send to you next week.
DR. COHN: Okay, great, okay. Now, is there anything else we're missing from all these conversations? Okay.
Well, I want to thank everybody and I want to wish everybody happy holidays, and the meeting is adjourned.
[Meeting adjourned at 12:21 p.m.]