[This Transcript is Unedited]
Call to Order and Introductions - Simon P. Cohn, M.D., Chair
HHS Briefing - William Braithwaite, M.D.
Review of Subcommittee Workplan for 2000 - Simon P. Cohn, M.D., Chair
Review of First Draft of the NCVHS Report to Congress on Implementation of HIPAA Administrative Simplification - James Scanlon
Reviewing Recommendations from Work Group on Computer-Based Patient Records
Agenda Item: Call to Order and Introductions
DR. COHN: The purpose of this meeting is to both have a briefing on the current status of the regulations and implementation, review the subcommittee work plan and the NCVHS report to Congress on implementation of administrative simplification. That is what we will be doing this morning.
I think it is expected that after we finish, we will go back as the work group and continue with various discussion items related to recommendations to the NCVHS on clinical data standards. So, that will be probably happening late this morning.
With that, let's introduce people around the table and then in the audience.
I am Simon Cohn. I am chair of the subcommittee, the national director for health information policy for Kaiser Permanente and a member of the committee.
Jeff.
MR. BLAIR: I am Jeff Blair, vice president of the Medical Records Institute and a member of the committee.
DR. BRAITHWAITE: I am Bill Braithwaite from the Office of the Assistant Secretary for Planning and Evaluation at HHS and staff to the committee.
DR. FITZMAURICE: Michael Fitzmaurice, senior science advisor for information technology for the Agency for Healthcare Research and Quality and government liaison to the committee.
MS. TRUDEL: Karen Trudel, Health Care Financing Administration, staff to the subcommittee.
MS. BALL: Judy Ball, Substance Abuse and Mental Health Services Administration and staff to the subcommittee.
MS. GREENBERG: Marjorie Greenberg from the National Center for Health Statistics, CDC and executive secretary to the committee.
MR. ZUBELDIA: Kepa Zubeldia, vice president of ENVOY Corporation and member of the committee.
DR. COHN: Would those in the audience please come to a microphone and introduce yourselves.
MR. GRODOCK: I am Doug Grodock, Blue Cross/Blue Shield Association.
MS. JACKSON: Debbie Jackson, NCHS staff.
DR. COHN: Thank you.
With that, let's proceed on to the briefing. Dr. Braithwaite, would you like to take the lead and Karen Trudel?
DR. BRAITHWAITE: Okay. We are going to give you an update on the tentative schedule for publication of the various rules that we have been working on administrative simplification, talk a little bit about the enforcement team that is getting together to put together an enforcement regulation.
We are going to talk about our implementation plans as far as we have gotten with those, a memorandum of understanding between the Department and the various standards developing organizations and data content committees that are working on these standards and a little bit about the plan for collecting information so that this subcommittee will be able to evaluate the implementation of HIPAA standards as we move forward in time so that we can create the report that we are required by the legislation.
Given the fact that we have published now five notices of proposed rulemaking, just to give you a flavor for where we are with those, we have already passed the dates on which we had expected to publish the final rules for those -- at least the first four of those. The transactions and code set standards were -- which was the first one that we had hoped to publish in final.
We don't expect to get that out now until March of this year. The national provider identifier, we are putting in expected publication date of June and the national employer identifier also in March. The security rule, I suspect, will not be out until May or June of this year and the privacy rule, which is still open for comment until February 17th, we -- since we extended the comment period until February the 17th, we don't really have -- we haven't made a decision. We haven't heard of a final date for publishing that final rule yet. So, that is still unknown.
We have other NPRMs in development. The national health plan identifier is in development and we are hoping to publish that NPRM in April of this year and the claims attachment NPRM, which is already into the clearance process that we hope to publish in March.
As you know, the national identifier for individuals is on hold, pending implementation of privacy protection. So, we are not -- we don't have a date for that. And then the final round, the NPRM for enforcement, I will talk a little bit more about.
All of the regulations, the rules that I have just talked about, are accompanied in the legislation, at least, by penalties, civil money penalties for failure to meet the standards and criminal penalties for failures of maintaining the privacy of the information that is associated with individuals.
It is clear that the Justice Department will be enforcing the criminal penalties and writing lots of rules and regulations in place for how they do that operation. So, I don't know if they will come out with something particular or special for violations of privacy, which are the things that trigger the criminal penalties. But that is up to the Justice Department and we won't be involved except peripherally in that regulation.
However, for the civil money penalties for the violation of the standards that we are putting out in these regulations. We will be involved. The sections that are referred to are typically implemented by some branch of the Department, like the inspector general's office or the Office of Civil Rights, which is used to handling that sort of thing. We think at this point that the Office of Civil Rights is the appropriate because this is, in fact, most analogous to a civil right, the right to privacy.
So, we expect that our central and regional offices will be handling that enforcement. We have put together a team of federal employees with not just HHS, but also some folks from other federal departments to work on this regulation and we don't have a target date for when that will be published, but it is not a standard. It is a regulation for the enforcement of the other standards.
So, we believe that it is not subject to the two year delay after effective date. So, we expect the effective date to be equivalent to the first date on which the first standards are required to be complied with, which is two years after the effective date of our first rule, which, as I said, would be sometime in March of this year. So, that would be the effective date for compliance. The requirement would be May -- yes, May of 2002, because there is a 60 day delay period after we publish before the effective date.
So, we are working hard. We are meeting regularly on enforcement and coming up with all of the rules and regulations. We are trying to decide first of all of the regulations, all of the standards should be enforced in exactly the same way or whether there should be some differences between enforcement of security and privacy versus transactions, for example.
There are lots of questions to be answered in this process. So, we are moving forward and I think that is about all I can tell you about that process.
Karen, do you want to talk some about implementation on the MOU?
MS. TRUDEL: Yes.
DR. COHN: Bill, do you want to just break and let's talk about -- ask questions about enforcement for a minute?
Jeff, did you have a question?
MR. BLAIR: Yes. Bill, the only date that you gave that was not exactly what I had expected from recent rumors was for health claim attachments and you said March of this year we would have the NPRM for health claim attachments. Is that right? Is it March or is it May?
DR. BRAITHWAITE: No, it is not quite right. What I said was the tentative expected potential publication date for health claim attachment NPRM was March. It is a guessing game. We are just trying to give people a signal about what we expect, but there is absolutely no way to nail down these dates.
DR. COHN: The question actually about the enforcement piece, which I think is obviously an important part of all this, things are just starting now. So, it is a little much to ask for expected completion dates. But is that generally thought of as something that will be completed this year in terms of the regulation for that?
DR. BRAITHWAITE: I don't know, Simon. It is possible we could get the NPRM out this year. There is no real pressure to get the final rule out, you know, a couple of months before we actually have to enforce something. So, there isn't the pressure on this particular regulation that there is on the others. We want to take it slow and get it right. I don't want to predict a date at this point.
DR. COHN: Okay.
Kepa.
MR. ZUBELDIA: Again, on enforcement, I have heard about various no budget for enforcement or for this for enforcement. Is there going to be a budget for enforcement?
DR. BRAITHWAITE: There is no appropriation in the HIPAA language for any of the HIPAA implementation, but there will be a budget for enforcement, as there is a budget for all of the other activities. We just have to take it out of the appropriations that we have received from Congress for everything else.
DR. COHN: Any other questions?
All right, Karen.
MS. TRUDEL: Okay. I will talk about the memorandum of understanding first. There have been a number of discussions about how to best implement the ongoing process of maintaining and changing standards over time. There have been discussions underway between the three content committees that are mentioned in the statute, which is the National Uniform Billing Committee, National Uniform Claim Committee and the American Dental Association and also three of the standards developing organizations that will be involved in HIPAA standards, which is at the 12 end, health level 7 and the NCPDP for prescription drugs issued.
Those groups got together and we facilitated some of their discussions and they talked through a process for involving all of them and set up this process to be a focal point for requests for changes to standards and they have set up a protocol for how those will be considered, how they will be processed, who will be involved in the process, the rules that they will use, ways that they will publicize and involve the public in these processes.
They have developed in concert a memorandum of understanding, which each of them would sign and it indicates what each one's role is and their interest and willingness to participate in this process over time. This is what we think is the optimum means of maintaining the standards over time. Because they are industry standards, we want industry input. We would like it to be a very collegial process where all of the groups involved have an opportunity to contribute their expertise to the process, but we also wanted to make sure that it was not so cumbersome that we would never be able to change a standard because the amount of time involved would be much too long.
We think that the process that these groups have come up with meets those requirements. It obviously will have to be tested in reality to find out how it works and how well it works and whether there are any problems that haven't been foreseen.
The Department, as I understand it, will sign the MOU, but will be a liaison, an observer to the process, will not be an active leader in the process, simply make sure that this process continues to carry out the set of ten guiding principles that we established in the regulations to begin with.
The MOU is now being reviewed one last time by our general counsel and we expect that as my staff goes to the X12 meeting next week in Denver, they will be able to carry the news back to that group and to the NUBC and NUCC in following weeks, that the MOU is approved and that these groups can go ahead and start the process of refining it.
So, I think that is a very big step forward. I didn't think we were going to get there this time last year or even in August, but I really commend all the groups that were involved. They did a really remarkable job.
Are there any questions on that?
MR. BLAIR: When might we be able to have a copy of the memorandum of understanding?
MS. TRUDEL: I would think as soon as we have the general counsel's approval.
DR. COHN: Karen, just for me to understand the process a little better, is the MOU going to be signed by all the parties without modification efforts being reviewed by the general counsel? Are we at that stage now?
MS. TRUDEL: Yes.
DR. COHN: So, it is not likely that as it goes back to any of these groups that there will be last minute modifications and changes that have to go through another cycle?
MS. TRUDEL: I never say never, but there has been quite a bit of review. We have made a number of changes based on the requests of the various organizations and at least informally I understand that as it is now written, the groups are all feeling that they can sign it as is.
DR. BRAITHWAITE: I think, just a comment, this is really a major achievement given that HIPAA was passed without any appropriation and no money to motivate any of this to happen. The fact that various previously competing bodies in the private sector were able to get together in one room and agree on a rapid process for things that they have disagreed with and competed about in the past is remarkable and a real achievement in moving forward with a cooperative standard setting approach for the future.
DR. COHN: Yes. I guess I should probably just take this moment to inform the subcommittee that, hopefully, either February or March, depending on how things proceed, there may actually be more of a formal discussion related to the MOU with some of the parties involved, just because I think the NCVHS is going to wind up working very closely with the data content and standards organizations listed in the MOU. So, once that all gets -- begins to get settled, we can begin to have that conversation.
MR. BLAIR: I was sort of waiting to see if there were other questions on the topics we just covered.
My question is related to them and it is a little bit of an extension. You know, both of you have been immersed in going through the NPRM process and then coming out with the final rules and I guess that you are now experts, if you haven't been before in what it takes to navigate through the political process and the Department of Health and Human Services process.
So, here is my question. This subcommittee is working on an additional work effort, which is a report to the Secretary due in August of this year, which is on uniform standards for patient medical record information, that is going to hit in August of this year, which is like what, four or five months before new elections. Clearly, we are really putting a great deal of effort into trying to make this a meaningful report that moves things forward.
But it would be really helpful if we could have guidance from both of you with respect to either the message that is in there or messages or the style or how we characterize that. I know that you have been busy. You haven't been able to take a look at the draft to this point. Will it be possible like in our February meeting, will you be there and have an opportunity to critique this report at that point? Because it would be helpful. Our next chance for a full NCVHS meeting is June.
So, I am asking hopefully that we could have your guidance at that point.
MS. TRUDEL: I am planning on being at the February meeting.
DR. COHN: Are you referencing what participation might be there?
MR. BLAIR: Yes.
DR. COHN: At the full NCVHS meeting?
MR. BLAIR: Yes, and I am hoping we might be able to read the report that we send out prior to that meeting, so that you could give us some guidance later this month. Bill, would you --
DR. BRAITHWAITE: I am planning to do that. I have actually read the draft and --
MR. BLAIR: You have?
DR. BRAITHWAITE: Yes.
MR. BLAIR: Oh, good.
DR. BRAITHWAITE: I am quite pleased with it actually. There is some tweaking to do, obviously, but the general message of the need for standards for the exchange of this information and the need for a process to bring those forward and maintain them is a very good message. I am not quite sure yet how we are going to implement that message within HHS. The more advice you can give us about that, the better.
MR. BLAIR: Okay. Well, thank you. I am pleased to have feedback. Thank you.
DR. COHN: Are there other questions on the topics that we are discussing?
MS. TRUDEL: I would like to talk a little bit about our plans for implementing the standards for Medicare. We have been doing a lot of thinking about that very recently. Although the final rules have not been published at this point, we are aware that the implementation guides themselves, because they are industry guides, they have been balloted. They are final. They are available on the Web for anyone to look at. That represents a low risk in terms of beginning to think about how to implement.
So, we are going ahead with beginning to develop our instructions for implementing the transaction standards. We are beginning with the claim and we will work our way through in hopefully easy stages, trying to do this in a way that doesn't put a huge work load at any point in time and also gives us the ability to work this work load in with other priorities that were backed up and waiting as a result of Y2K. We need to work around the implementation of prospective payment systems and some other major initiatives that HCFA has underway.
But we have already prepared and are beginning to clear an instruction for the implementation of the professional claim, the A37-40-10. It is in our review process right now. We are getting comments back from a variety of folks around HCFA and that will be -- we expect the first thing that we roll out and we are hoping to begin to work on that in the fall.
We will then proceed with the institutional claim and probably some of the standards that we already use in X12 formats, like the remittance advice and we will work our way through that process very gradually.
We have gotten as we go out and speak to people a lot of questions about what is Medicare going to do. When can you actually share your plans? When can you tell us what the dates are? Obviously, this is of interest for everyone's planning needs and we are mindful of that and we are working at this point to clear through HCFA senior staff at least a very high level plan with some dates that will allow the industry to do some planning.
We are also in the process of scheduling some training. This would be for Medicaid state agencies, for Medicare contractors, carriers and fiscal intermediaries and for some of the regional people. We have a syllabus. We are talking about basically a three day session that would include an intro to HIPAA and then break out sessions that talk about how to go through an implementation guide, how to read the implementation guides for the various standards and will give people not all of the information that they need to implement these standards, but will certainly get them on their way.
There will be a three day course in, I believe, nine different locations and we would very much like to share the course material when it is completely prepared with anyone who thinks that it would be useful. So, we would like to make everything that we do to implement something that can be ported out to assist others if they would like to utilize it.
We also have a Medicare HIPAA newsletter that has been prepared. I think we have done two different editions of that at this point to Medicare state agencies, to explain to them what is going on with HIPAA and what they think about and just a variety of issues and answering questions and we will be doing more of that on the Medicare side as well.
So, I think that kind of sums up the Medicare plans right now. Are there any questions about that?
DR. BRAITHWAITE: Just before the question gets asked. Yes, we are going to post the educational materials on the administrative simplification Web site as soon as they are available.
DR. COHN: Karen, maybe I will start with a couple of questions here. The relationship between Medicare obviously, HCFA, the nation's largest payer and these various standards is obviously an intriguing one. Do you plan to have separate complete implementation guides for Medicare for each of these standards or are you -- what is it that you are going to be doing different than is already going to be in the standards guides? Maybe you can clarify that.
MS. TRUDEL: We will be referring to the implementation guides and referring to the Washington Publishing Web Site. Some of the things that we will be doing that are a little different will be providing some cross walking between our own formats, like the NSF, that we are using now, and the version 4010 so that all of our contractors don't have to do their own mapping.
There also are some operational issues that are Medicare specific that we need to cover with the contractors in terms of how they are going to do testing and essentially it will not be a different implementation. The whole point of HIPAA is that there would not be a different implementation. This is simply a way to work this into our own programmatic flows.
DR. COHN: Okay. Now, I do -- I was sort of taken by your comment about the fact that there were a number of initiatives going on in HCFA at this point, many of which have been delayed because of Y2K and I really applaud HHS, again, for having their data council to help coordinate a lot of the various activities going on. Is there similar coordination going on now at HCFA in relationship to the various data requirements occurring -- that are being asked by HCFA because of all these delays and HIPAA coming on board and prospective payments and sort of -- et cetera, et cetera, et cetera.
Is there some other sort of oversight occurring within HCFA?
MS. TRUDEL: It is happening at a number of different levels, yes. The priorities are set at an executive level and then there are various groups that make sure that those policies are carried out and then made operational.
I participate in a group that actually does the scheduling of some of these various things and make sure that the priorities are carried out and that we are within our resources.
DR. COHN: Okay.
Other questions?
MR. ZUBELDIA: I have a couple of questions.
In doing that, a lot of people will migrate to this one version of EDI, now 4010. Are you streamlining the endowment process, the EDI agreement, all that paperwork associated with starting on EDI?
MS. TRUDEL: There are a number of initiatives in that direction that, again, were stalled because of Y2K. I think they will flow along with this, but I frankly would rather have the transactions in place with a clunky enrollment process, than a streamlined enrollment process in their transactions. So, if that is the choice that I have to make, I will balance it that way. I am really mindful that we need to do that and as we migrate to fewer shared systems and begin to go down that road, I think maybe that is the place to do some of this enrollment.
MR. ZUBELDIA: And then you also mentioned that you are you going to be issuing new instructions for testing. Have you looked at use in ENAC(?) transaction compliance verification systems that come from the testing of this testing process?
MS. TRUDEL: We are looking at that. Actually, there are several other sites that offer that service in addition to ENAC and we are looking at all of them.
DR. COHN: Other questions?
MS. TRUDEL: Thank you.
DR. COHN: Okay. Judy, do you want to tell us about the attempt to get information -- our progress in implementation for the committee?
MS. BALL: Yes. You have at your places a piece of paper that his double-sided and what this is is one side has a list of the types of organizations that are covered by the Faulkner & Gray Health Data Directory that they do annually. This is the list from the 1999 edition.
It includes in some categories large numbers; in other categories much smaller numbers. Clearinghouses, for example, there were 80 organizations. With Medicare fiscal intermediaries, there were 40. Blue Cross-Blue Shield plans, there were 63. I am just hitting the high points here.
But hospitals, there were only 465. So, the coverage is quite variable across the industry. The communication -- Simon sent a letter to the editor of Faulkner & Gray a few months ago, asking some specific questions about how they choose their respondents and how they collate the data and how -- whether or not it would be possible for us to work with them so that the NCVHS could use data from the survey in your annual report to the Congress on HIPAA implementation.
The response that I got back from the editor was very positive. He expressed considerable interest in working with the NCVHS on this, is glad that Faulkner & Gray could be -- has information that can be available.
On the issue of data sharing, it is new territory. They have never worked out an agreement before for letting other entities use their data. They were not closing the door on that possibility but it was simply something new.
The other page that you have in front of you lists a summary of the kinds of data items that Faulkner & Gray asked the respondents. The items certainly vary by respondent, but in general, they are the following. They typically asked about the numbers of claims or encounters that are processed or submitted or received, depending on which side of the transaction a body is on, and the percent of those claims that are electronic.
In some instances they asked about the total transactions that are processed. They asked about other electronic transactions other than the claim, such as claim status or eligibility verification. They asked if X12N 4010 transactions are in use. They asked questions of some respondents about whether or not they use the public Internet for sending and receiving this information.
They asked about software and information systems that go in other directions. They asked about claims processing. They asked about EDI. But they also ask about claims analysis and they have some questions to some respondents about electronic medical records. And for electronic patient records, they asked also the kinds of components that those are.
Again, I am summarizing here. The actual content of their instrument, their instruments, because they vary across respondent types, are proprietary and they have shared with us information that they wouldn't necessarily otherwise share.
For large systems they ask questions about enterprise-wide networks and how those work and what functions those cover in those enterprises. Then, of course, they ask some information about characteristics of respondents, the number of hospitals that might be included in the system, the number of physicians and practices, those sorts of things.
So, we have this information from Faulkner & Gray. The plan originally was that we would seek out this information so that we could plan for gaining information from Faulkner & Gray for future reports to Congress on implementation. And the question before you now, I think, is how to proceed and I think there are options.
One way that I might suggest would be to actually bring in the editor of Faulkner & Gray and talk with him, have him speak with the subcommittee or with the committee about their activities and how their activities might work hand in hand with the NCVHS. But there are certainly other ways of going about this, too, and I will leave that to your determination.
DR. COHN: And I guess the sense you have at this point is that they actually have information that we could already -- that we could pull in from their previous survey.
MS. BALL: Well, the information that they publish annually in some respects is quite detailed, but there is certainly information in their database that is probably not published necessarily in a way that you would want to use the information and they seemed open and willing to discussing access to that information for the NCVHS expressed purpose for advising Congress.
DR. COHN: Okay. Let me just tell the subcommittee what we have been sort of thinking about, at least one piece of this, and then the question gets to be what else we need to do in relationship to this. I think we have identified that there was really a need to develop a greater understanding of the current state of implementation.
So,, as we begin to talk about what is going to be happening this year, in June, there was really a focused set of hearings on early implementers and it seemed a very appropriate time to, at the very minimum, hopefully, have people, such as Faulkner & Gray and others. There is probably a host of groups that have a view of really what the status of implementation is, to come in and share their thoughts and beyond thoughts, any hard facts they have with us and views on really sort of the current status of implementation.
Now, we will talk about whether that exactly makes sense and how we want to use that, but I think Judy is bringing up the question of what else do we need to do specifically with Faulkner & Gray. Now, our options go from my just having a conversation to having them come in at one of our hearings over the next while for discussion.
What is the interest? Do people have questions that they want to ask Judy in relationship to that?
Jeff.
MR. BLAIR: In terms of the role we are to play, which is to try to identify difficulties in implementation and to make recommendations as quickly as possible to correct them, I would think that in addition to the information that Faulkner & Gray might be able to give us, which would be helpful, maybe we need to also develop some type of mechanism to be able to tap into the critiques and feedbacks that the SDOs are getting.
Karen, you mentioned that there is the memorandum of understanding, where there is a process that the SDOs agreed to, to be able to collect and respond to improvements or correction to the standards, the message format standards. And I am almost wondering -- I don't want to suggest something where we are overloaded with technical details that, you know -- that the SDOs can handle on their own, but maybe if there is a quarterly summary of the types of things they are having to deal with, that gets reported back to our subcommittee, then we could get a feeling with the kind of problems that are coming through that route.
That is a suggestion, sort of an open-ended suggestion. Is that reasonable? Is that feasible? Is there some other mechanism? Or, Simon, maybe you have part of the answer? Karen --
DR. COHN: Karen was actually raising her hand to respond.
MR. BLAIR: Good.
MS. TRUDEL: Yes. Actually, I have already spoken to the board of directors of WEDI and asked them whether they would be willing to have that organization take on a role of coordinating and serving as a sounding board for that kind of information about how implementation is going.
Actually, I believe that most of the groups that would be participating in the MOU process are either WEDI participants or actually members of the board of directors. I think almost all of them are. So, I think that would be a possible avenue for that kind of information.
Is that along the lines that you were thinking, Jeff?
MR. BLAIR: That is good. Maybe I am thinking of a little bit of a distillation and periodic reporting step and I don't even know if we have to create anything new because maybe those pieces are already there. And Kepa, I believe, is on WEDI and SEX12. So, he might be able to give us some thoughts on this.
Something where we could wind up getting a feeling for maybe the volume of problems that people are finding with the standards and if they are clustering in certain areas and maybe the third thing is let's say they are clustering in certain areas. Are these areas, which are just technical issues that the SDOs can handle just fine by themselves, they just need the time, or maybe they are overwhelmed with some area.
Maybe they need some help or maybe it gets to an issue, which is something that we overlooked. So, just a mechanism of process to feed us that type of information. So, is that already in place or do you think we need to do something so that we could get that?
DR. COHN: Bill.
DR. BRAITHWAITE: Jeff, I think it is a great idea. Clearly, the MOU indicates that these groups will be setting up a common Web site, where everybody can report requested changes in the standards. There will be a common place that anybody who has problems in implementing the standards can request changes. It would be an excellent source for the signatories to the MOU to go through as part of their process of going through each one of those comments is to perhaps ask them to come up with a summary of this kind of clustering idea if there are particular areas, non-technical areas, where there are problems that we might be able to help with and they could get that either directly to us or perhaps with some additional analysis through WEDI.
I think that is an excellent idea.
MR. ZUBELDIA: Jeff, this is Kepa.
I think that it is very important to have that kind of report, direct report from the trenches, maybe through the MOU Web site or some mechanism because in the Faulkner & Gray analysis is very well respected, I think that in our case, in the case of implementing these handouts, Faulkner & Gray is looking at the top of the cream of this industry. I think everybody in the report is already doing some sort of EDI.
We want to see how those people migrate to HIPAA standards. We would also want to see how the non-EDI physicians, non-EDI hospitals are migrating into EDI. I don't know of any one good mechanism to find that. Maybe a Web site is one of the mechanisms. Maybe we need to get involved with the AMA, ADA, AHA doing surveys to their members, the pharmacies. That is a different environment. I mean, there are so many different environments. I don't think there is only one method that can be used.
MS. BALL: My conversations with the editor at Faulkner & Gray leads me to believe that they are not -- they wouldn't object to suggestions to increase the sampling frame that they use for their survey. In fact, I think they would welcome suggestions from the committee about ways that they could collect more information from a broader set of bodies that could serve this purpose as well.
The one thing that it currently does give us that we really don't have from anyplace else is it gives us some baseline.
MR. BLAIR: So, if our readers are able to read these documents to us during this next week and we were to wind up getting back with you in a week or so with maybe either some additional questions we would like to see added to their survey or maybe -- any refinements or concerns or questions on that that would be received. Okay?
MS. BALL: Yes. The next couple of weeks probably wouldn't be a good idea since I am going to be in Florida, but, otherwise, yes.
DR. BRAITHWAITE: You should have been there the last couple of weeks.
DR. COHN: Judy, what is the survey cycle in terms of the timing and all of this? There is nothing very helpful to them for us to give them advice right after they have finished conducting the survey.
MS. BALL: Yes.
I think that is a question that we asked them that I can look to see what we already know on that.
DR. COHN: Other comments?
MR. ZUBELDIA: I don't know if it has gone out yet or not, but if it hasn't, it will be going out pretty soon because it is typically done in the first quarter of the year.
MS. BALL: Well, that means it will also be done in the first quarter next year.
DR. COHN: It is just the timing of how quickly we need to deal with them. If you will let us know about the timing on that, that would be helpful. I think what I am hearing is that interest to actually have us meet with the editor and have a discussion with him or her in relationship to what are the questions that ought to be asked and we can get a slightly better understanding.
Now, whether or not that needs to occur in June or whether we can wait until July or March, I think depends somewhat on their survey cycle. So, I think that bit of information would be pretty helpful.
MR. BLAIR: Yes. I think the other thing that I would be concerned about is to make sure that if they are doing one in the next two or three months, that there be some baseline questions so that we could measure change for the areas that we are interested in.
MS. BALL: As I said, I have other information, the back and forth that I have had with the editor. I just don't have it here and wanted to give you something to summarize what they are currently doing.
MR. ZUBELDIA: Maybe Bill can answer this. Is the Department going to provide that common work site for the MOU or is somebody else going to provide that site?
MS. TRUDEL: The groups that are involved in this have already spoken to Washington Publishing Company, which is the group that publishes the implementation guides. They have worked out a process whereby that is where the Web site will be. That is already underway.
MR. ZUBELDIA: What would be the process for including in that Web site a survey that people can take and answer direct to the Web site from their implementation of HIPAA and to publish in that Web site the results of the survey and results of other implementations that could be gathered by the industry.
MS. TRUDEL: That is something that I would need to take up with the MOU organizations and have them discuss with Washington Publishing. There is -- since they are the ones that are making the arrangements, it is not a federal Web site. It is not supported by federal funding. We really need to make suggestions to them and then see how they respond. But we can definitely do that.
That may be something that we want to discuss when -- if some of the spokesmen come in and talk.
DR. COHN: Can you remember that one when they come to talk? I think that would be a wonderful discussion to have with them. I am hearing that we think that they could be -- they all could be a very valuable group to help provide us with implementation issues.
Now, one has to say, though, of course, that the group, just like the group filling out the Faulkner & Gray forms, you have to be pretty sophisticated to even know where to go with the problem. I mean, 90 percent of the people out there dealing with implementation issues are either calling their local consultant, looking to the ceiling, sometimes cursing or otherwise. I mean, they are not thinking to be going on to the Web site making a request through an MOU for a change to the standard.
MR. ZUBELDIA: One thing that I think would help is to have a standard survey that can be sent to all the WEDI members, all the AFEC(?) members, all the AMA, ADA, AHA, pharmacy chains and have a standard survey so we can compare the results. Otherwise we are going to end up with some results from Faulkner & Gray that are different from results of the Web site, different from what WEDI is telling us and may not be very easy to compare, especially with trying to draw a baseline.
I don't know who would prepare such a survey, but I think it would be a great tool.
DR. COHN: Maybe I will try to answer that one. I think we were hoping that Faulkner & Gray would play a key role in that effort actually. We were hoping to leverage, I think, the work that they are already doing to create that baseline, rather than -- we were not looking to have a complete separate HHS initiative to do that.
Judy, you may have a comment.
MS. BALL: Well, I do have a comment that there are certainly other organizations that already survey health care organizations and the AHA certainly comes to mind. Doing the kind of survey to cover the health care system in such breadth is a really expensive proposition and certainly HIPAA with no appropriation for what we are doing now probably wouldn't be able to manage that.
MR. ZUBELDIA: Yes. I don't that HCFA would -- I think that is something that could be useful to the AMA to know where their members are. It would be useful to the AHA to know where their members are and, in general, would be helpful to other constituents that use that survey and give us a tool for them to measure their constituents and feed us back results because I understand that is a humongous effort to do it on a national basis.
DR. COHN: Other comments on this point? And, actually, Kepa, let me just ask did you -- was this a standards survey or a standard survey?
MR. ZUBELDIA: It is a standard survey of the standards.
DR. COHN: I see. Okay.
Well, I mean, maybe we should just -- I mean, is this an avenue that we want to explore further? I think we have been going so far with the idea of trying to leverage currently existing efforts, rather than initiating a whole separate survey.
Now, obviously, we -- it is not the point to make a complete decision, but is this something we want to mull over and pursue further or is this something we want to evaluate first what is being produced by Faulkner & Gray and others and then make this decision after we have seen what it is that they are able to produce for us?
MR. BLAIR: I guess I kind of think that there are maybe two issues. No. 1 is after we have gone through here, if we wind up seeing that there are certain questions that need to be added to the Faulkner & Gray survey, that is one thing or revised or reformatted.
The other piece is the frequency of the survey. If they only do their survey once a year and we really need a quarterly feedback, then either maybe they could accommodate us or if they can't accommodate us, then maybe there could be another body that could help us with more frequent reports. And maybe we could get back to Judy after, you know, we have gone through this thing and maybe a conference call with Judy, we could discuss these things with her and see where we go.
DR. COHN: Well, actually I think that Judy is probably going to be joining us, I suspect, for some of these hearings, discussions and otherwise. At least I would expect as we begin to move into these issues about early implementation, status, whatever, you will be us, I presume.
MS. BALL: I certainly plan to be. And I will share with you the more detailed information that I also have on this particular survey.
DR. COHN: Okay. Other comments on this particular piece? I mean, I realize for everyone this is -- as I have commented to many of you, this is the first time we are dealing with this implementation. So, in all of this we are sort of trying to feel our way, figure out what works the best.
I am sure some of the things we are going to be doing are going to be absolutely the right things. Other things, we are going to have to look at after three to six months and say "no," we should be doing them differently but we are just going to have to recognize that it is -- I wouldn't say we are groping, but I think we are going to have to -- this is in some extent trial and error in finding out the most effective processes for what we need.
Marjorie, do you have a comment or --
MS. GREENBERG: No.
Agenda Item: Review of Subcommittee Work Plan for 2000
DR. COHN: Okay. Now, are there any other bits -- I want to talk a little bit about what we are going to be doing this year, but -- and which all of you are, I think, really part of. I think this is an occasion to among other things talk about when we are having hearings and sessions for the rest of the year, which I hope that you are all available for.
Now, there is as you know a fair amount of overlap with the work group, which luckily has the same membership of the subcommittee, but it is a good happenstance. There are actually a number of things that are, I think, on our work group. Now, I have not revised the work plan per se, only because all the things we are talking about are really already on the work plan. Certainly from a high level overview, as we know, the subcommittee's responsibility is to respond to the NPRMs as they are produced.
There is also the responsibility to develop the annual report, which we will be talking about in a couple of minutes. Then I think as we begin to move to implementation, a major focus for us has to do with these implementation and enforcement issues, which we have just been talking about.
We have just mentioned industry readiness and we are going to have to go into that further this issue. The issue of identifying and resolving implementation issues, monitoring implementation, monitoring early implementers and then identifying the need for new and revised standards. Those are sort of all the various pieces that we somehow need to fit into our activities this year.
Now, first of all, as we know, our next meetings are March 30th and 31st. There is a work group on computer-based patient records to, I think, do our next revision on the recommendations after the NCVHS meeting and then on March 31st, we expect another meeting of the subcommittee.
Now, the agenda for that is not finalized. If we, indeed, are able to get people to talk about the MOU in February at the NCVHS meeting, that would be on the agenda for March. If that somehow doesn't happen, then we will obviously bring that up and spend some time exploring with the MOU -- people who have signed the MOU, the nature of the MOU and how we can all work together.
That may be a February activity during our breakout at the NCVHS or it may be a March 31st activity. Similarly, if we are luck enough to have any of the NPRMs out by the end of March, it will also be an occasion to occasion to actually develop at least a draft response to be discussed by the full NCVHS in relationship to either of the claims attachments for other NPRMs that are created.
So, that is the meeting in March and April. Now, the next session of the next meeting of the overall group is going to be June the 1st and 2nd. June 1st will be, once again a -- I think the intent is to be a meeting of the computer-based patient records work group, hopefully, our final look at the recommendations prior to the end of June NCVHS meeting.
Hopefully, this will be a happy and short session, but then again I am known to be an optimist. But I think that we should keep that on the calendar. I don't think we will be cancelling that. Now, on the second -- obviously, the main priority for that meeting is to make sure that anything that needs to happen to that report is completed, but it is also an occasion to, obviously, take care of any further subcommittee business that we may have, which may include if we need to meet with Faulkner & Gray representative earlier, may be a good occasion for that if we feel we need to do that before the July meeting.
I have made notes here and I can't even read them. Now, by July, I think we are going to be looking at spending full sessions dealing with implementation issues. We have identified July 13th and 14th as a set of hearings for the early implementation.
Actually, let me go back for a second to the May meeting, to the subcommittee and NCVHS meeting. Somehow in those hearings, either the hearing or the full NCVHS meeting, there will be some discussions related to coding systems and preparing them for changes, as in hearing from people, you know, if we do begin to move towards future coding systems, what the industry needs and what the issues are likely to be. I don't know if that will be a subcommittee issue on the first or whether it will be a full committee issue, but I know that Marjorie Greenberg and I are talking about that and trying to figure out where it makes the most sense -- having missed that, I knew there was something that we were going to be dealing with right then.
The 13th and 14th is the early implementers session, either here in Washington or I think in New Jersey, I think, with some discussion potentially.
MR. BLAIR: That is July?
DR. COHN: That is July 13th and 14th. I think at that point we would be expecting to really get into this issue of what is the status of implementation. I think we have all already observed that many different organizations see very different parts of implementation and have very different parts of implementation and have very different views on what the status of implementation and we are likely to hear different things from Faulkner & Gray than from the AMA, than from WEDI, than from X12, than from NCPTP. But I think we need to begin to hear from all of them to begin to get a complete picture of really where we are with implementation.
I think we will spend some time focusing on that, as well as obviously hearing from anybody that is out there trying to implement the systems and trying to make them work and what are the issues they are beginning to observe.
Do people have other things that they want to bring up? Bob has had time to do a little more planning, but that is -- I think, will be the focus of that session. It has got to be a good meeting or else people aren't going to show up on the 13th and 14th, in the middle of summer, either in Washington or otherwise on the East Coast.
Comments about that session? Okay.
Now, the next session will be, I think, in late -- likely be in late September. I would ask people to hold the 21st and 22nd of September, which were the two days after the NCVHS meeting. I think we are still hearing from subcommittee members to make sure that we have a quorum for that session. But if it doesn't go then, it will go right around then likely. I think there is a recognition that what we need to do is to have a yearly session to talk about the issues around revisions to standards, new standards, et cetera, that need to be recommended for the Secretary.
I think one of the things that we will be talking to the MOU signers about will be is September a good time for a session that might explore that. My sense is that it probably is a good time of the year to be talking about it. I think that there is probably going to need to be a couple of months after recommendations come from the NCVHS for the Secretary to deal with them. So, this may be the appropriate time. But they also may have other suggestions, based on their calendars and cycle and, of course, when the final regs come out.
So, this is a session that we will reserve, but if we begin to conclude as the year progresses that September is too early, we can certainly move it to October or November.
Now, I think I have finished up the fiscal year. To my view, that is really what we need to be doing this year. I think the question that I have for the work group, the subcommittee and others is does this sound about right? Are we missing anything? Is there something else we should be doing around implementation that we are missing or that we should be doing to make this more effective?
Silence. Okay. Well, I am glad that we got this on tape so I can remember this.
But I think that this -- this once again is, I think, what we have come to. I mean, we have talked about this in the work plan. It is actually referenced as we begin to look towards the -- we will see Jim Scanlon a little bit -- we will begin to elements of this in the third annual report to Congress on implementation of administrative simplification.
Certainly, if any of you have any other thoughts about how we need to be either monitoring implementation, how we need to be identifying issues, how we need to be resolving issues, I think that needs to be an ongoing discussion.
I didn't mean to be so definitive here. Anybody have any other questions about any of this? Well, actually, I think our next item is to talk about the first draft of the report on implementation. I think maybe we ought to take a ten minute break and find Jim -- and have Jim Scanlon join us for that since he has put a tremendous amount of effort into this report and we can begin to get into it.
So, it is now 9:55. Why don't we take a ten minute break and we can come back at 10:05.
Thank you.
[Brief recess.]
DR. COHN: Let me call us back in session. The topic is the review of the first draft of the NCVHS report to Congress on implementation of HIPAA administrative simplification.
I want to thank Jim Scanlon for joining us and I also want to thank him for his work to help create the draft of what we are reviewing today.
Jim, do you want to -- do you want me to introduce the topic or do you want to --
MR. SCANLON: Let me introduce the requirement itself and the topic and then we can open up the discussion. You will recall that in HIPAA not only does the law give new responsibilities to NCVHS but it also requires that the NCVHS submit an annual report on the status of implementation of the administrative simplification requirements, as well, beginning one year after the enactment of the law.
The committee has submitted two previous reports. In a way, they were dealing largely with preparing for implementation and the extensive concentration process and comments and the adoption of what standards should be adopted themselves.
This is the third now of the annual reports to Congress. We are still in the pre-implementation stage, of course, but things have moved along to the point where the standards are known and progress is working its way through on security, as well as on privacy. So, there is more to report there, but I think the committee -- the subcommittee itself thought that we may want to begin looking at some of the issues now relating to implementation and readiness and so on and what the committee would want to focus on and that maybe we would highlight those in the report itself.
So, you have before you really what we all regard as the first draft that tries to pull together the factual information in terms of where things stand, but it also kind of looks ahead to -- I think there were six or so issues that related to preparing for implementation that the subcommittee discussed at one of our previous meetings and wanted to include in the report itself.
The report itself -- well, I think in terms of the overall process, the subcommittee hoped to present this report, assuming we have agreement, to the full agreement at its meeting towards the later part of February for consideration by the full committee and then on the assumption that it would be approved or approved with further editing, we would hope to actually send it up probably March or so or depending on how long the -- we could do it right after the February meeting or we could do whatever we are submitting or editing would be.
Hopefully, it won't last -- hopefully, we will be able to finish it fairly soon.
DR. COHN: So, Jim, you are suggesting that the process is for our review, hoping the full committee would suggest editorial revisions, have them finally approved by the executive subcommittee or some other group and then going in as the final report.
MR. SCANLON: Yes. And I think if we followed that approach last year, the only -- we had a complicating factor last year because some of the members wanted to submit separate views and presumably we will allow for that as well this year. It is just that we had to establish a process last year and by the time it was all worked out, it took us back to the full June meeting of the national committee last year and then we didn't actually get it out until after June.
So, hopefully, we can -- now that we have a process for considering other views, we will simply include them in the report. I think we can -- you know, clearly we shouldn't take as much time.
So, the report as it stands now pretty much reflects the discussion of the subcommittee at our meeting back in December, I think, in terms of the issues we wanted to highlight, the issues the subcommittee sort of wanted to project for where do we want to be prepared for the year ahead.
And, of course, it also it also describes where things stand in terms of each of the standards. I think Bill has already given you a -- Bill has already told you where each of the standards stands now, including the privacy standard.
So, what I can do if there -- see if there are any other questions on the overall process about -- what we can do then is to just -- I can give an overview of the report. I don't think we want to do line editing today though we are clearly open to line editing after -- in terms of anyone getting -- having comments. But I think we wanted to agree that this is what the committee wanted -- this is the basic framework and these are the issues or the areas that the committee wanted to emphasize.
There may be additional issues. There may be areas that the subcommittee would want to state differently, but that is kind of where we would be.
There is an executive summary that actually turned out to be about eight pages. So, it is kind of a long summary, but -- and then there is a fair amount of detail in the report itself. We have included in the -- at least in the first draft some of the material that we have reported previously in terms of process and requirements, largely for documentation's sake. We may want to turn those over to an appendix or even just reduce them. But it is sort of this
-- it is a fair amount of detail.
DR. COHN: Let me suggest this process, only because I think it is -- I noticed, for example, that this came out recently enough that not everyone has had a chance to review this thoroughly. Yet, I agree with you. We don't want to do line editing. I think, however, there needs to be a little bit of a balance in terms of how we would review this. Now, first of all, I don't want us to focus on the executive summary. As I reviewed this document and I have looked at this -- for the subcommittee to really try to move this forward.
I think the executive summary is redundant and needs to be significantly rewritten. I expect that by the time we are done, it will be three to four pages as opposed to eight pages and, once again, it is one of those things where every -- I think there were a lot of things that got put together that probably could be simplified and brought down significantly.
However, I actually thought that the body of the report itself, once I started getting into that was actually very good, from the writing and from the content. Now, I think we look at it and see if there are other things we need to put in. So, I think that we need to focus on the actual body of the report, recognizing that the executive summary will reflect the body when we are done. I think that we can have confidence that Jim and I can review it and anyone else who wants to review the executive summary can do that, but obviously the content is the important part here.
Now, I think with that, I think that maybe what we can do is to actually just sort of walk through the sections and maybe you can talk briefly about what is in each section. If there is something that is not quite -- just looking at the table of contents, but it briefly reviews what is in each section without line editing with the view generally that if any of you have reviewed it and have it and more importantly, if there are content pieces that are missing, we can all kind of make sure to include that.
Everyone okay with that? Jeff, Kepa? Okay.
Do you want to just comment about these little pieces of paper that you used?
MR. SCANLON: Yes. There are two -- we have actually circulated the draft within HHS to the Data Standards Committee for comment and we have been getting comments back. You have before you two suggestions for addition.
One of them deals with inclusion of the HIPAA security summit, you know, a little description of what the HIPAA security summit was. As an example of industry taking the initiative in some of these areas. So, there is a paragraph here that describes that that we would include and, in addition, there is another paragraph suggested from the standards committee that describes the memorandum of understanding process that I think Bill and Karen described earlier this morning.
This is for identifying the need for new and revised standards and what will this process look like. So, those would be fairly -- those would be good additions to the report itself. So, you will want to take a look at those, but they are proposed for addition as well.
Let me go to the -- the beginning of page 9 is the table of contents. It is fairly detailed. We could clearly cut this back if desired, but it is a fairly extensive documentation of pretty much what is in the report and it breaks it down into the subheadings.
Let me go into the report itself. We started out with -- on page 11 with basically the background. Why did HIPAA get passed and what is the issue HIPAA administrative simplification was trying to address.
So, there is basically in a few paragraphs in terms of background sets the stage for why was HIPAA enacted and what is the general purpose of HIPAA. It is followed then by a brief paragraph that says what the purpose of this report is and that includes both meeting the legislative requirement, as well as kind of a report to HHS and the Congress and the public and the industry about where the committee sees this situation -- progress and where the situation -- what the situation is currently in and what it will look forward to.
Then the content of the report -- there is a brief paragraph that describes the content that will follow the report and then we go on to the requirements of HIPAA itself. This is language you have seen a number of times before, what HIPAA requires in terms of the administrative simplification.
There is more detail then on page 13 and I think we are open to any -- you know, any editing or suggestions for shortening, but this is more or less standard, taken from the law itself and other documents that the committee has written and HHS has written in terms of what the specific requirements for standards are.
The next section deals with the timetables that were required in the law. Here, again, we just repeat what was in the Act itself and the timetable that was specified in the law. Then we begin to describe -- and maybe this can go somewhere else -- we begin to describe what proposed rules have been -- have already been issued. Let me come back to that. It is kind of a summary here in terms of timetables.
Then on page 15, there is a discussion of the expanded responsibilities for the national committee, which is largely taken from the law. Again, we may not want to -- we don't necessarily have to include this in the report. We may want to put it in an appendix or refer to it, but for at least the first draft, it is included.
Overall, Chapter 2 here describes the implementation process both what -- the process set up in HHS, as well as the consultation process and, again, we can cut this back, but this basically describes the role of the data council, the implementation teams, the data standards committee, the whole Federal Register process and how everyone could have input into the process and then the plans for low cost distribution for the standards and implementation guides themselves.
Again, we can shorten that, but more or less factual information in terms of background. We included as well, following that, the guiding principles that HHS and the committee adopted for adoption of standards. Remember, there were ten guiding principles that everyone thought we should guide the adoption of the standards. Again, we could include those in the report refer to them or include them as an appendix.
MR. BLAIR: With the guiding principles -- well, you know, actually that one does refer to the ones that were in -- with the financial administrative ones. So, the comment I was about to make was that we have revised them for standards on patient medical record information, but that is not going to be relevant to what you are presenting. So, never mind.
MR. SCANLON: The guidelines that Jeff referred -- guiding principles that Jeff referred to are followed by a short section on consultation and this simply describes, as we have in previous reports, how the industry and others can provide input and comment into the process. There were seven steps here.
That is followed on page 18 -- and here we get into the actual -- to the report on progress itself. There were -- and this follows previous reports. There is a section describing what the NCVHS had done in the way of hearings during the past year, 1999.
DR. COHN: Yes. Actually just one modification here. You mentioned standards for computer-based patient records. It is actually --
MR. BLAIR: Standards for patient medical record information.
Actually, Jim, we consider that an important distinction.
MR. SCANLON: Sure. We will put that in.
Then there were other hearing you will recall on the flow of information in the pharmaceutical industry in disclosure of prescription information, employer use of health information and those involve panel discussions.
Then the other issue is here we would indicate that the NCVHS -- well, we actually would -- we would refer to the comments on the NPRM for privacy, just say that they are under development or that the committee was -- began to develop comments on the privacy NPRM as well.
DR. COHN: You mentioned some hearings and not others for 1999 and I was sort of struck, for example, that there could be, for example, a comment having to do with, for example, the work around statistics for the 21st Century. I mean, you had a whole section here for outreach for public health and health services research. But you didn't mention statistics for the 21st Century. I was just curious about the decisions about what was in and what was out in this section.
MR. SCANLON: I think the basic cut was -- and we can do this either way -- the basic cut here was hearings related to HIPAA, HIPAA requirements, not all activities of the NCVHS. Those are covered in other reports. This was meant to be just focus on HIPAA-related -- maybe we should say that, HIPAA-related --
MS. GREENBERG: The update of the 45 year history or what will be the -- the 50 year history will include all 1999 activities.
DR. COHN: That is right. Think about the outreach. The outreach was really specifically around the uses of HIPAA.
MR. SCANLON: Even that was related to HIPAA and trying to draw in the participation of the health services research and the public health community there. That is the next paragraph. There is another section dealing with the following dealing with a very brief NCVHS comments on the NPRMs. Here, we more or less refer to what will be on -- what is already on the NCVHS Web site.
Finally, a -- again, this is all in the nature of background and legislative requirements and what happened but the next section, 3, actually talks about where each of the standards currently stands. We just go through each of them starting with transaction standards and code sets in terms of where they stand and we will put in -- we could put in the projected dates, I guess, that we have now got on the Web site. We could actually use the month and the dates. So, we have projected publication dates as well.
So, the first is the -- the first is the transaction in code sets. I think we would hope to have that issue that is the first of the final regulations relating to the standards.
The first report of injury, we did not include this, remember, in the first set of standards. We may have to look at this wording to see where that may stand. I will ask Bill and Karen to look at that. We may want to revise the wording there.
We then go through each of the standard identifiers in terms of where it stands, beginning with the provider identifier, then the national employer identifier and the plan identifier. Unique health identifier for individuals, we simply say here that work has been suspended as a result of the Congress's and the White House's directions to us to hold up until privacy protections are in place.
MR. BLAIR: Is that an important word for us to lock onto because the word I had heard up until now was
"deferred" and is "suspended" something that everybody for political purposes has adopted and that we should be careful to use as well?
MR. SCANLON: I don't think so. No special significance, I think. It is just -- I don't think we have any special wording. And the language of the HHS appropriations act -- that is what matters. In fact, we shouldn't even be talking about this. At any rate, that is the -- there was just no further work there. That is extended into this year's appropriations as well.
DR. COHN: I was going to say -- this actually -- appropriations language is actually stronger than previous ones, I mean, isn't it?
MR. SCANLON: This is the same as the --
DR. COHN: -- legislations enacted specifically approving the standard. I thought it was just -- that there wasn't a requirement, that they are saying they are actually going to do legislation on it.
MR. SCANLON: It is stronger than the White House language, which left a little wiggle room. But this is exactly what is in our current appropriations as well.
MR. ZUBELDIA: Jim, this requires legislation. So, even after the privacy final rule comes out, there is still no legislation for individual identifiers, right?
MR. SCANLON: They would -- yes. The adoption of an -- in their language, the adoption of a unique identifier for individuals would require literally an act of Congress.
DR. COHN: I guess the new process would be if we identify an approach for a standard for this, we would have to be recommended to Congress for legislative approval.
MR. SCANLON: I would think so or they would. Though I doubt they would initiate something on their own, but literally it would require the opportunity to -- it would require some sort of enactment on their part.
DR. COHN: -- the issue comes up from time to time.
MR. SCANLON: Yes.
And then, let's see, the next standard I think that we review the status of is security and electronic signatures. Again, Bill reported on where we are and I think we gave a projected date there as well. Now here we do say that we are at least harmonizing -- I guess I used the word "coordinating" -- the security rule with the privacy standards and I don't know if that is the best word, but there is no -- it just means that they would be -- they would be looked at each other so that they -- where necessary, they were harmonized. Maybe "harmonized" is a better word. I don't think it --
DR. FITZMAURICE: "Coordination" sounds pretty good to me.
MR. SCANLON: "Coordination."
DR. COHN: Question. This has to do with the electronic signature part of this one. My understanding was is that that was being deferred. Should we make a comment about that or is that --
MR. SCANLON: In fact, Karen gave me some suggested language about -- we will add that to -- to just simply say that that has been deferred -- we are referring to NIST, I guess, on the electronic standards.
MR. ZUBELDIA: I have been asked several times about what happens if the privacy comments indicate a displeasure of some of the changes when the security be uncoordinated from privacy because I understand security is now being made to be in alignment with the definitions in privacy and so on and what if some of those definitions need to be changed again? Will security be once more delayed to be recoordinated with the new changes in privacy or will security just move ahead with whatever it has and have to be corrected later?
MR. SCANLON: It is too early to tell. Bill or Karen, you can hop in, too. Until we see the extent of the need for change, I don't -- it is hard to predict.
You are talking about should the privacy comments result in changes back to security as well?
MR. ZUBELDIA: Bill suggested that we may have security in June, final rule, and privacy may not be ready by then. Are we going to always have them out of sync or do we always want to keep them in sync and, therefore, delay security until the privacy is also ready, too.
MR. SCANLON: I don't know that we can answer that until we see sort of exactly what the privacy comments look like. There is no -- it is hard to predict exactly what will happen here. This is largely new territory, as you all know, and, of course, there is the -- the process itself allows for revision of the standards, but we will have to see how -- what the comments on privacy look like in terms of how they would affect the -- how they would then affect the final version of privacy, how would it look like in terms of -- in relating to -- in relation to security.
Obviously, we don't want conflicts. So, we may have to -- at a minimum, we would want to make sure that they were not in conflict, but I wouldn't want to project a date or anything like that or what it may ultimately look like. I don't think we really know until we see the comments on privacy.
DR. BRAITHWAITE: There is no procedural reason why we can't put out a final rule for security and then come back with a final rule for privacy later that tweaks some of the things that were actually put out under security. It is common. It happens all the time. There is no procedural reason to hold one up for the other. You just don't want to publish two things closely together in time that are wildly divergent.
MR. ZUBELDIA: And in that sense, I would encourage to have the security published as soon as possible, rather than just wait.
DR. COHN: Thank you for that input.
MR. BLAIR: Simon, you mentioned that there was something about a deferral on electronic signatures and you acknowledged something about NIST and -- could you tell me what that is?
DR. COHN: Karen, why don't you -- Karen is the expert.
MS. TRUDEL: In the course of looking at the comments that we received on that regulation and also of reassessing some things that are some additional technological things that are going on in the area of electronic signature, NIST had requested that we allow some additional time for them to do some reevaluation and rather than hold up the entire regulation, we decided to split the two apart, proceed now with security and especially considering that none of the transactions now require an electronic signature of any kind -- prompted that request, but that is what we are essentially doing.
So, we will either publish an electronics security final rule by itself or couple it with one of the subsequent final rules that comes down the road.
MR. SCANLON: We will write it up that way in the report.
The next standard that is described in the progress report is the claims attachment and here again we
-- as you remember, we still are to issue a proposed rule on this standard. I guess we are hoping to have one this spring. I would like to say late winter, but we -- and, so, again -- and we simply describe what the status of that would be as well.
Now, the relatively new section here is on privacy protection standards because here, while we have reported on the status of the other -- the HIPAA EDI standards previously, the privacy standard, here, a number of things have happened during the year and we are just describing what happened here. You will recall that the -- as HIPAA laid out this process for privacy, the first step was that the Secretary would issue her recommendations. She did so in 1997. Congress then set for itself a date by which it basically set up a trigger.
If they did not pass a privacy law by this past August, then HHS was required to issue final regulations to protect -- literally this is the way it is written -- the information transmitted in connection with the HIPAA standards by February of 2000, this month, actually.
So, the August date having passed, that triggered this other requirement that HHS now issue proposed rules for health information privacy and as you know, these were issued in November. The comment period is now open until February 17th and there is every expectation that a final rule would be issued during this year.
DR. COHN: Just very quickly, there are two wordsmithing things. First of all, since August has passed, it is does not enacted -- it is actually did not enact private protection.
Actually, the question is -- you mentioned this occurrence triggered the HIPAA requirement. Actually, I don't think the not doing something is really an occurrence. It is probably lack of an occurrence. It is a wording issue, but I think --
MR. SCANLON: Yes.
Let's see. I guess I want to reserve most of our time for the implementation issues because these are really -- they are largely new issues for the report itself. So, the final section, I think, here, Section F, on page 22, talks a little bit about other aspects of implementation, including the arrangement for publication of the implementation guides and so on and some communication efforts and educational efforts and the reference to the Web sites where all the information is available.
DR. COHN: I think Kepa has a question here.
MR. SCANLON: Sure.
MR. ZUBELDIA: One part of that is not here, is the coordination of benefits and I understand coordination of benefits has been approached in the past as part of the claim. But the coordination of benefits, we probably should look into other things, other than just the claim. Not for this year, but maybe for next year we need to start looking at what is the progress of that coordination and whether there is an implementation and the process for coordinating benefits, not just the standard, the model for coordination of benefits.
DR. COHN: Why don't you put that on the list for our September hearings.
MR. ZUBELDIA: And those are part of the process of the progress report for next year.
MR. SCANLON: For next year. Okay.
The next section of the report -- and unfortunately, it is the last section of the report, so we clearly want to move -- you know, we want to make sure we do a good job on the executive summary. This is the section where the subcommittee and the full committee wanted to identify potential issues or areas of emphasis for the year ahead, given that this is where the status is and you will recall that there were about half a dozen issues that the subcommittee wanted to identify.
Let me briefly review these and these are obviously the areas where the subcommittee wants to make sure this is the way we want to say it and that these are the right issues. Let me describe the issues first. The first one, I think, dealt with the issue of industry readiness and there may be another way to describe this, but it is basically the issue of given where things stand, given that the basic framework for all of the standards is now known, well, for most of them is known, given the security framework and the emerging privacy framework, attention now turns to, well -- and given that the Y2K crisis is over, how ready are those covered entities in the industry for this?
I think there the issue would be through hearings or through other means, to sort of look at the issue of the industry readiness. A secondary would be how to -- the issue of if during implementation issues arise, how do they become identified and what is the process for kind of bringing them to the attention where they can be resolved.
A third area is the whole area of how do we monitor the success of implementation? A fourth area deals with how do we actually enforce the standards and a fifth deals with, I think, Kepa's idea of learning from early implementers. In other words, even though each of the standards will have a 24 month implementation period, there will be some health care organizations that may -- that will start to implement before that and those are the areas where you could learn about how it is all working and we would want to bring them in for hearings or other experiences.
Then, finally, identifying the need and revised standards, as we move towards actually implementing these standards, most likely there will be needs for new standards or revisions and so on that come up and what would be the process and what would be the nature of the standards for moving forward there.
So, those I think the group may want to spend a little more time on. Those were the six areas, as I am remembering and in each of the areas, it is basically a short description. Maybe we should just go through that to make sure everyone is comfortable.
In terms of readiness, I think -- industry readiness, the first area here, I think the point here is that the attention is now turning towards actually having requirements and standards to implement. Presumably, the industry has been gearing up for these. We don't really have a good measure of or a good sense of, on a systematic basis anyway, of how ready people are. According to the overall EDI industry analyses, there clearly are some sectors of the industry that are much further ahead than others, but -- pharmacy, for example, and certainly hospital claims more so than ambulatory claims and certainly providers, individual providers, much less than the institutional providers, but I don't think -- even there, the information is not systematic and clearly even in that group, it is not clear the extent to which the exact standards that we are proposing are currently being used or what their readiness is.
So, I think what the committee wanted to say here was that we would -- the committee would want to focus in the year ahead on perhaps some hearings where the various sectors could be brought in to talk about what they see as how ready, how ready is everyone and are there issues that are anticipated and what shall we do, you know, if there are some barriers to overcome?
Now, the readiness is -- obviously, that is an implementation issue, but there are other -- even aside from that, the next topic here talks about all sorts of implementation issues. It really sort of outlines -- it says that the committee, obviously, wants to assist in this process and would hold hearings.
DR. COHN: Jim, since -- I know Jeff hasn't had a chance to review it and I know --
MR. SCANLON: Sort of reviewing it.
DR. COHN: This area, since you are focusing in on it, you might want to just -- starting with this ready -- identifying and resolving the implementations use, it might be as fast just to read the page and a half or so that specifically relates to this.
MR. SCANLON: Okay.
DR. COHN: I agree with you. It is really --
MR. SCANLON: This is the new --
DR. COHN: -- the crux of really the things we are talking about for the coming year, just to make sure everybody is comfortable with it. It probably would not take any longer than trying to describe it.
MR. SCANLON: Should I just read -- let me read verbatim. I can go back to the industry readiness here actually to start.
So, under "Industry Readiness," this is what the draft currently says. "The HIPAA data standards will apply to health plans, clearing houses and providers, who transmit health information electronically. These covered entities will have 24 months from the effective date of the final rules to come into full compliance. Small plans will have an additional 12 months to comply. It is currently difficult to assess industry readiness for HIPAA implementation, although the use of EDI to support administrative transactions in health care has been increasing for several years, concerns about the century day change and other issues may have diverted attention from the HIPAA effort and baseline levels of EDI use in claims and related transactions vary decidedly among types of providers and health care organizations.
"The NCVHS is encouraged to note that many sectors of the industry itself have been very active in the HIPAA standards adoption process and in educating and preparing their respective constituencies for implementation. The NCVHS plans to examine the issue of readiness in the year ahead with public hearings planned to focus on readiness and other potential implementation issues."
So, that would be the first of the --
DR. COHN: Okay.
MS. GREENBERG: We were talking a little earlier about the hearings and I know you were saying in July possibly meeting with the early implementers.
DR. COHN: Right.
MS. GREENBERG: Now, were the discussions with Faulkner & Gray at the June meetings -- sort of related to industry readiness. I guess I am not quite sure what hearings are planned to address industry readiness. I mean, I am just trying to be concrete. It says that here. So, what would we point to?
DR. COHN: Well, I think that the -- both the early implementers and sort of the status hearings in July, I mean, to me, the issues of identifying and monitoring versus identifying --
MS. GREENBERG: Yes. I had a hard time sort of seeing these things as separate to some degree.
DR. COHN: Yes, they tend to merge. But you are right. In the sense that if you hear that an industry is 80 percent implemented, you know they are ready and then some. On the other hand, if you know they are zero implemented, I think that is a strong statement.
MR. SCANLON: Yes. Readiness is different, though, than implementation. You can be ready and still --
MR. SCANLON: Well, I guess we will have to make sure that we ask that question as begin to --
DR. COHN: Maybe we need just to reflect to make sure that that question gets asked, as well as status of implementation, like, you know, how ready are the constituencies. I think that is what you are bringing up.
MS. GREENBERG: Yes.
MR. SCANLON: Again, this is a continuum here. The second major issue here would deal with identifying and resolving implementation issues. So, in addition to the readiness idea, let me read what we have as a draft on this topic.
"Once the final administrative simplification standards have been adopted, the health care community will be encouraged to notify the Department or the NCVHS in writing or through our respective Web sites of any issues or concerns with the implementation of the new standards. In addition, the committee will conduct a number of public hearings to obtain additional input from a broad cross section of users in both the public and private sectors. Based on this input, the committee will notify HHS of any problems that are presented and will provide recommendations and how to deal with those problems."
That is all for that.
MR. BLAIR: Okay. You are not looking for wordsmithing at this point. You are just giving us a background.
MR. SCANLON: Yes. I think this is more the issues and the content.
MR. BLAIR: Right.
MR. SCANLON: The third major area here deals with monitoring implementation and this is probably -- this is one of the longer sections, but I think we -- let me read this as well.
"In addition to accessing industry readiness for implementation, the NCVHS plans to devote increasing attention in the year ahead to how it may best monitor implementation of the HIPAA data standards at baseline and subsequent to the issuance of the final standards. The committee is considering several approaches to monitoring the progress of implementation, including both quantitative and qualitative approaches, using industry sources of information, as well as public hearings.
"In this manner, the NCVHS expects to identify how well the overall effort is proceeding, identifying any problem or obstacles and recommend ways to overcome them to meet the requirements of the law."
That is the first paragraph.
The second paragraph, "The NCVHS plans to obtain information on the extent to which the adopted standards are being implemented and to solicit reports on the progress of standards implementation from the industry, as well as federal and state agencies for the health care programs under their jurisdictions. These agencies and representatives from the private sector will be asked also to provide public testimony at NCVHS hearings, where appropriate, at which they will be asked to indicate the extent of standards usage they have observed.
"The committee will also make substantial use of industry data sources to assess major trends in the application of information technology and health care. In addition, once the final standards have been issued, the health care community will be encouraged to notify HHS or the NCVHS in writing or through our Web sites of any issues or concerns with implementation. We will also ask the applicable standards development organizations to provide regular status reports on the implementation of the new standards. We would encourage them to provide advice as to how to increase the rate of compliance, if necessary."
And the final paragraph in this issue, "Since security is a primary concern to the public, the industry and the committee, we will also ask the appropriate private sector certifying bodies to monitor the status of the security measures that will be adopted and to ensure that adequate safeguards are in place to protect individually identifiable information."
So, again, we are sort of premising hearings and, well, largely hearings and expert testimony, as well as sort of quantitative -- whatever, systematic quantitative measures, more or less like the Faulkner & Gray, but possibly some other areas, as well, in terms of what the actual penetration is.
That concludes the monitoring implementation section. Any --
DR. COHN: Bill, go ahead.
DR. BRAITHWAITE: I just had one comment. There is a little bit of confusion there in the third paragraph that talks about having people notify us of issues or concerns, which is exactly what the previous section was about. It seems to me that we should monitor the implementation before we identify and recommendation resolution for the issues for the issues that we have discovered in the monitoring.
So, I would change the order of the sections a little bit and move monitoring up one and try and distinguish the three a little more carefully because they all kind of blend into one thing. We are going to ask people what is going on and then report to HHS is what it amounts to.
DR. COHN: Jeff.
MR. BLAIR: The area of readiness, is the purpose of that just so that we have an understanding of a baseline against which to measure implementation progress or was the thinking behind that section that we were going to uncover problems that the user community has, whether it is acute care, ambulatory care or health plans, where they have -- they don't have the information infrastructure in place to take the next step or what was the purpose of the information that we expect to get out of readiness?
MR. SCANLON: I will start the answer, but Kepa actually suggested this idea and I think everybody thought it was a good idea.
I think the readiness issue was the one that can be looked at this year because I think -- and I think it is -- to some extent, we will get -- to some extent, we will get a very basic kind of a baseline, but it will be fairly crude, I think. I think there was some concern, if I am reflecting Kepa's thoughts and the other committee members, that while some of the industry appears to be well -- very knowledgeable about the requirements for the standards and is moving along. There are some sectors that at least anecdotally appear to be less knowledgeable about the very requirements themselves, about the standards themselves.
I think the issue here would be to see where exactly this all stands and what exactly are those sectors and what issues -- I think the answer there, if there is one or two sectors or others of the industry that are not familiar with the requirements, not taking any steps to prepare for implementation, the issue there may be more education and information and working with the right industry groups.
In terms of penetration and monitoring implementation later, first of all, that comes later in the process in terms of when we actually have standards to adopt, but the medicine there, the remedy there may be a little different.
But, anyway, Kepa, I would defer to you. You raised the issue.
MR. ZUBELDIA: An anecdotal incident. I was on the panel on Tuesday last week, the Nashville Health Care Council. The health care council had about 200 people attending the session. These are people involved in health care at the CEO, CIO level, very high level. We asked them how many of you are actually doing something about HIPAA and less than five hands came up. Two of us -- two of the hands that came up were from my company.
MR. SCANLON: And those were fairly large organizations.
MR. ZUBELDIA: So, out of 200, five people were actually doing something about HIPAA. So, that is, I think, something to monitor.
But let me say something. One thing that I think has been extremely effective in increasing the awareness of HIPAA in the last two years was a power point presentation that was taken on the road by Leo and Gary Beatty and three or four people and basically it was the same message that was taken over and over and over everywhere. And that was extremely effective.
I would like to see what can we do to help the implementation, not just the awareness, now the implementation, to the same kind of level. I think we have a very acute problem in our hands. A couple of weeks ago, I was in the RSA security meeting, very large security meeting. Two of the prevalent themes or the two prevalent themes in the meeting were security and portable devices and health care security and HIPAA.
There were over 5,000, maybe 6,500 and the security experts in the country. So, he can say, okay, there were about 6,000, 6,500 people, security experts. If you go to an X12 meeting and you will find what, three, four hundred X12 experts. I mean, that is a big gap and if people think that security is in high demand, they haven't even looked at X12 and EDI as being in very, very high demand and there is a tremendous lack of experts.
So, as we were talking her, I have been thinking of -- monitoring the implementation. You mentioned a Web site to monitor the implementation. I am wondering if it would be effective to have some sort of discussion group or chat room, not real time chat room, but some sort of discussion group in the NCVHS or in the administration simplification Web site, to talk about the technical aspects of implementation and then would be monitored by some of the X12 and NCPDP experts.
So, they could answer questions as it goes by and there will be all kinds of people that need assistance with X12 implementation and maybe we can organize a team of volunteer experts to help implementation because if we don't proactively do that, I don't think it is going to happen very quickly.
That would also serve as the compliance window to see how the implementation is going and let us peak into what these experts are talking about. Is this going well? Or are they asking very basic questions? Is anybody asking any questions? That kind of window into the real live system.
I don't know if there are resources to do something to do something like that in our Web site or in the Department's Web site or the administrative simplification Web site, but I think it would be very useful.
I think especially it would give us a window as to what is happening out there. I think it would be useful for the participants, too.
MR. SCANLON: And actually, Kepa, it would be these kinds of suggestions, I think, that would come up at the hearings as well. You know, what could HHS, NCVHS and the industry do to promote better awareness of what the requirements may be.
I think the two year ramp up, to some extent, has people, you know, more or less, feeling more comfortable because they know whenever the final standard is issued, they will still have 24 months to comply but that may not be -- you know, there are a lot of things to do in order to be ready. But I think that 24 month sort of ramp up period to some extent has people feeling that it is still far away.
DR. COHN: I guess I should comment also. It is sort of hard to prepare for something that you don't know for sure what it is, which is the whole point of the final rules. I mean, you know, people can speculate, you know, I mean, is the security NPRM the same as the security final rule? Is it different? Are there some minor differences? Are there major differences.
It is hard -- you know, some of these things have big impacts. So, it is hard to gear up to do a major security fix at your organization when you don't know what the final rules are going to be.
Having said that, I think people are beginning to gear up right now. I actually think that the issue that Jeff brought up, though, which is an infrastructure issue, is something that we need not lose sight of because it is one thing that you have done things electronically. You have computers. You are sending things electronically and, gee, now you need to know how to deal with X12 standards.
It is a whole other thing when you discover that 80 percent of the transactions are -- and I think that is a whole other level of readiness. I think if administrative simplification is ever going to meet the vision, it has got to be persuading people that have been working the paper to move to electronic environments. That is where the value is going to be. It is not going to be moving people from their proprietary formats to more standard formats.
So, we should not lose sight of that issue.
MR. SCANLON: And that would be part of readiness. I mean, it is a little bit beyond the HIPAA mandate, per se, but the idea of --
DR. COHN: It is a monitoring of readiness issue. You are right. I don't think we have funds to persuade everybody to move from paper to electronic, but I think that -- once again, that may get into an area that we haven't really touched on, which is communication strategy and Kepa was commenting on that, just reminiscing. Once again, it is hard to do communication strategy -- a communication plan if you don't have final rules to communicate it.
MR. SCANLON: That is right.
DR. COHN: But we probably need to keep that on the -- I don't know where we put that. It is easy enough to put in the back of my mind, but it is probably something that -- I mean, you mentioned it a little bit in the implementation report, I think, some communication issues. But that probably needs to get revisited as the final rules come out.
Jeff.
MR. BLAIR: I would like to suggest that that topic of readiness be something that we do prioritize very high on our list because, at least in my mind, when I think of a baseline to measure our progress and implementation, that that baseline needs to be established very, very early. So, I tend to see it falling underneath that topic of readiness.
So, whether that is something that we do with Faulkner & Gray or by some other method, I do think that the baseline portion of the readiness is something we need to do before people start implementing this thing so we can measure progress. Does that make sense?
Simon, do you have similar feelings or --
DR. COHN: Well, I think that is what we have been talking about, the quantitative and qualitative measures ever since last September, though it is a little bit different than readiness. Status of implementation is different than readiness.
MR. BLAIR: Okay.
DR. COHN: So, I am not sure that we are going to have qualitative metrics as easily -- actually, quantitative -- well, we will have good qualitative metrics, but in terms of quantitative metrics on the concept of readiness, but I think you are saying that both need to be done as a high priority, which I think -- once again, I think that July hearing is really meant to be focused on that and I think realistically we can't get in too far to it until then only because our plate is already full with the CPR and work group recommendations.
Realistically, there is only so much that we can do. But I think that is -- and I see Judy is nodding her head on things that need to be done.
MS. BALL: One of the thoughts that comes to my mind, though, comes on the heels of the discussion this morning. If Faulkner & Gray is skimming cream and if people who come to our Web site and might be able to provide discussion and insights on our Web site are probably more cream and folks who could actually participate intelligently in a chat about security mechanisms and implementation sounds like cream to me, too.
I think we are going to have to think rather creatively on how to get to the body of the health care system that doesn't know about HIPAA, doesn't know that they need to care about HIPAA and, as you said, may or may not even have computers. I don't have a solution.
MR. SCANLON: Yes. They are unlikely to be participating or respondents even in a Faulkner & Gray type of survey and, in fact, it would be hard to get them even to come as expert witnesses. But I think you could -- we could probably think of the areas where we think there are soft spots or relative lack of awareness and maybe there are representers from those groups.
I am thinking small provider offices, for example. We could actually ask the MMGA, the Medical Management Group Association, to come in and talk about what they see as -- at least in the group practices. There may be folks at AMA or other places, there are other organizations.
You probably need -- you need to get folks who at least are the gatekeepers in those areas and then come in and that would help. And, recall, just as in Y2K, there was sort of a first stage of awareness. I mean, before there were any issues -- before there were issues of actually implementation and correction and so on. I think that was the concern in the readiness that -- you know, are the necessary covered entities even aware and if it varies among sectors, what are they and what are the potential barriers there?
DR. COHN: Shall we proceed?
MR. SCANLON: Okay. The next topic -- again, this was raised by the subcommittee at the December meeting -- deals with enforcement issues and this is literally the enforcement of the standards once they are adopted and the compliance date has come. This is the exact wording.
"Because of the extensive consultation among HHS, the NCVHS and the industry that has characterized the HIPAA effort and the issuance of proposed rules, the requirements for the standards themselves are well-known." Maybe we need to think about how we say that.
"However, there are a number of issues and details relating to enforcement and compliance with the standards that remain to be specified. The NCVHS is pleased to note that HHS has established an internal working group that is focusing on enforcement issues across all of the HIPAA requirements. The NCVHS plans to devote considerable attention to this issue in the year ahead as well."
DR. COHN: Next section.
MR. SCANLON: The next section deals with learning from early implementers.
"Although HIPAA provides a 24 month implementation period for the standards after the effective date of the final standard, clearly some health organizations will begin to proceed with implementation long before that date. The NCVHS believes that feedback from these early implementers will provide an invaluable source of implementation information and potential guidance for further implementation.
"Accordingly, the NCVHS plans to focus specifically on these efforts and organizations to gain insight into national implementation."
Now, the next area deals with -- and this is the final of the new areas -- identifying the need for new and revised standards.
HIPAA requires the Secretary of HHS to review the standards and adopt modifications to those standards, including additions, as appropriate but not more frequently than once every 12 months. The NCVHS expects that monitoring and evaluation of HIPAA readiness and the progress of implementation will identify needs for additional standards or future revisions to existing ones.
"Consequently, as part of its monitoring efforts, the NCVHS will seek input to identifying any additional standards that may be appropriate, as well as the need to modify existing standards and will provide timely recommendations to the Secretary."
Those are the six areas.
Those would be -- and that is the exact wording -- those are the six areas that I think the subcommittee wanted to highlight for the report itself. Then HIPAA, you are reminding me that we would include as part of that last identifying the need for new and revised standards, we would include the paragraph that Karen provided that talks about the MOU process.
Should I read that as well? It is a short paragraph. This would be a second paragraph under "Identifying the Need for New and Revised Standards."
"The Department has been negotiating with several organizations for them to serve as the focal point for requests for revisions to the standards and for additional standards. These groups have agreed in principle to work together to review these requests and suggest revisions to the standards. The groups are the following: X12, HL7, NUBC, NUCC, NCPDP and the ADA.
"Any person or organization will be able to request the revision or a new standard through a single entry point, via the Internet or on paper. Each of these organizations will consider the request and a consensus recommendation will be made. On a to-be-determined cycle, revisions will be presented to the NCVHS for consideration and then on to the Secretary for issuance."
So, this is the --
DR. COHN: Where did you think that should be?
MR. SCANLON: I think this was suggested --
DR. COHN: I don't think it is after --
MR. SCANLON: That is where it was suggested. But we could find any other place.
MR. ZUBELDIA: I would make a separate entry for coordination of standards or revision or standards maintenance, rather than new standards.
DR. COHN: I think this has -- I mean, this probably is a different section rather than --
MR. SCANLON: This could go back into the --
DR. COHN: Now, let's sort of finish up with this. Actually, I have some comments about the final section here.
MR. SCANLON: The final section -- and, again, the committee may not want to include it this year. This was included last year as sort of a section where there were some other issues that could be raised that didn't fit neatly into the HIPAA standards progress report. To some extent it continues the issues that were raised last year and it may be that the subcommittee doesn't want to raise these same issues this year.
But it basically states that the committee has identified a number of special privacy and security concerns that it wishes to highlight for the Congress and the public. That was the way it was stated last year.
The first of these is comprehensive federal health privacy legislation. Here, I can read this, but the basic
-- the basic point here is that even with privacy regulations that HHS is developing, there is still a need for national legislation that provides comprehensive systematic and balanced health information privacy. Again, I think that the subcommittee probably wouldn't want to make that point.
It concludes with, again, the NCVHS again urges the Congress to enact a comprehensive federal health information privacy law this year.
Second, again, was the point that was made last year and you may or may not want to continue this point but it was the idea that in addition to the need for privacy and confidentiality protections, there was still need for antidiscrimination measures, based on health status. The language here is comparable to last year's.
Again, I think the full committee is making this point in its privacy comments, comments on the NPRM for privacy. The subcommittee may want to make these points as well. Again, this goes beyond the HIPAA, but it is sort of another point that, you know, the need is not diminished for actual antidiscrimination legislation.
A third point deals with security -- I am sorry?
DR. COHN: Let's go through all four.
MR. SCANLON: The third section deals with security and I think here the point was to emphasize the need for -- it was to add emphasis to the idea of the need to have a comprehensive security framework as well as the standards and privacy.
I don't think -- let me see what we -- here, I think, the committee -- we say that the committee believes that the proposed rule for security standards that HHS has published for public comment provides the basic framework to ensure that all health care entities safeguard the integrity, confidentiality and availability of their electronic information.
But, again, we close here with the idea that the committee plans to monitor industry compliance with and the development and maturation of security technology and standards. So, it is simply another push.
The final point, again -- and the committee may not want to include this year, this is the idea of the need to consider the linkage of the individual health identifier to privacy protection. This was the point you remember that was made last year. We may or may not want to continue with this.
DR. COHN: Let me just make a summary comment here and get input and then we can talk about individual sections.
I mean, first of all, I am not sure that we even need this?
MR. SCANLON: I was thinking the same thing.
DR. COHN: If we do, it probably should at least to my view, I would include the comprehensive federal privacy legislation and the antidiscrimination measures. I think the security comments are redundant with the earlier section, the securities and NPRM. I sure don't think that we need to end this report on a linkage of the individual identifier to privacy protection and especially with the final sentence, which is inaccurate, which is the NCDHS agrees with the conclusion of both Congress and the Executive Branch that work on the adoption of a unique health identifier for individuals be related to health information, privacy protections are assured, which is actually false.
So, I think that it is -- you know, it is once again a wholly inaccurate statement. I don't think we would get anywhere considering we have identified individual identifiers separately. Now, the question I have for the committee is do you sort of agree with the way I am going? Does it even make sense to have this section here? If it does, should we be asking the privacy and confidentiality work group to provide any other areas?
I mean, I think, for example, after the hearings on the 25th, that that whole Internet issue may turn out to be a big issue because I think we are all beginning to identify alarming gaps with -- in health care privacy around Internet and, then, once again, not covered by the HIPAA legislation, but which needs to be beyond that and it may provide an opportunity to highlight that, but whether -- does it even fit here?
Comments, questions, statements? Kepa, do you want to start out and then, Judy, you can go after.
MR. ZUBELDIA: I agree with you the security part, I think, should be part of the security section that is up here. And the individual identifier issues being made part of the privacy section that is up here. There are privacy protection standards that has already two paragraphs. Maybe you could have a small third paragraph that talks about patient identifiers.
DR. COHN: There already is, I think --
DR. FITZMAURICE: I generally agree with your observations.
DR. COHN: Okay. Judy, do you have a comment?
MS. BALL: Yes. A couple of things.
One is I agree with your comment on security but I think security needs to be identified specifically back in the section about industry readiness, that it is not just the standards, but it is also the kind of level of security that is already in place for health care information. I think that is one of the ideas that came out of your hearings earlier.
The second comment I had is the 5(a) and 5(b) on federal privacy legislation antidiscrimination measures, I think it -- this would be strengthened by tieing it back to the privacy NPRM, that the -- you can state factually that these issues were addressed in the NPRM and there was agreement that these areas cannot be addressed simply by regulation and that these things are still needed. Anyway, tie this conversation back to what the Department has come out and commented on.
DR. COHN: I guess the question is -- I think we are all in agreement that this section is if it even exists, it should be modified significantly. I am hearing -- the security part, you are right, needs to be reincorporated in the -- as some comments about the security readiness and security monitoring and thanks for reminding us that there is a whole different set of issues around security, which I think we have mentioned before but had somehow neglected in this discussion.
MR. ZUBELDIA: There is a hole.
DR. COHN: There is a hole? In relationship to security?
MR. ZUBELDIA: In relation to security. It is not just a whole set of issues. There is a hole.
DR. COHN: Thank you. I think that is an important issue that we especially need to focus on with readiness.
Jeff.
MR. BLAIR: Jim, in the past these types of reports, do they generate action?
MR. SCANLON: Not necessarily. I think the action would be in what the -- first of all, I should say you will never make -- you will never earn a fortune trying to protect what Congress will do in any given year. I don't think the report itself or many annual reports to Congress will necessarily do anything per se in terms of Congress enacting a new law or anything like that.
Clearly, the advice of the committee will be pulled to reinforce probably any new development, but I don't think this necessarily will change anything. It is a report on implementation. I think the whole idea here is to provide a vehicle for monitoring and, hopefully, the committee would either, you know, ask the Secretary if that were the appropriate place or work with the industry or work through some specific means.
The committee could ask the Secretary to propose legislation, for example, which you may very well do in terms of the clinical data standards.
MR. BLAIR: So, this is really not a vehicle for us to propose that Congress do something as much as it is a report to Congress on here is what we have been doing. Is that correct?
MR. SCANLON: And what you will do, what you propose to do in the year ahead.
MR. BLAIR: But you are giving -- you can use the vehicle of such a report -- if we are going to ask Congress to do something in this report, it needs to be probably pretty targeted and be like in the summary or be right up front. Somehow it needs to stand out. Is that correct?
MR. SCANLON: Yes, I would think so. For example, apprehensive privacy legislation, if the committee wanted to go on record -- and I suspect the full committee will -- you know, of the need for federal privacy legislation -- that it has not diminished and continues, I think, you know, you would want to say that. So, again, I think -- the section here was included last year because I think the full committee wanted to emphasize certain things, given the state of play and this year the subcommittee and the full committee may not want to --
MR. BLAIR: Well, then let me refine my questions here a little bit.
DR. COHN: Jeff, I am not sure. What are you thinking?
MR. BLAIR: Well, I am thinking that maybe if there is a portion of this, which is an opportunity for us to send a message to Congress that we want them to act on something, that either that be in the summary or a list of concerns, where it is clearly identified. These are concerns where we would like Congress to either look further or help -- you know, or pass legislation or whatever and I just don't know whether or not as a subcommittee, you know, that is what we want to do with this report or not.
DR. COHN: Yes. I think the question gets to be a question of almost vehicle also. I mean the committee has gone on record more times almost than I can count at identifying the need for comprehensive federal health privacy legislation.
This is not the first time the Congress has seen our support of this topic. So, I mean, we just need to be aware of that. That is not to say that we shouldn't do it again, but it isn't as though that is new.
Now, yes, we could open this up to -- I mean, the question is is whether we end at what we are going to be doing and sort of leave it at that, implementation, and have that be sort of the last thing that they remember or do we want to add some other stuff at the end and what can we say there that is important enough that would cause them to actually look at that section and do we want it so important that they forget everything else?
MR. SCANLON: We don't put it at the end if you are -- you are right.
DR. COHN: Well, no, I mean, I think, for example, if we -- if there were some -- if, for example, the privacy and confidentiality group subcommittee has hearings on February 25th exploring the issue of Internet privacy and there is some major issue that comes out of that. We could choose to put it here, but it also might overwhelm the whole rest of the report. And does that help the report? Does that help the issue? Does it expose the issue?
I am actually as we are talking becoming more and more convinced that maybe we need to really end at the end of implementation. These other areas need to be somehow incorporated back into the body of the report.
MR. SCANLON: Sure. That could be done easily.
DR. COHN: And then maybe -- we were talking about privacy. We talk about once again the need for comprehensive federal health privacy legislation and we talk about the need for antidiscrimination measures and we put it in there. Given that we are already doing all these other things and we have another letter going to the Secretary February 17th saying that there needs to be federal privacy legislation and that maybe this is not --
MR. SCANLON: I think that is fine. I think we have already said in this draft earlier in this report, where the privacy proposal is discussed, that while we applaud the proposed rules on privacy, we continue to believe that, you know, they are limited in certain ways and we continue to believe that the privacy law is needed and urge Congress to act and we may just want to say it there.
These were included last year, again, because the full committee and the chair, I think, particularly -- these were points they wanted to emphasize especially or concerns and maybe that they are no longer so separate that they --
MS. GREENBERG: -- there was still hope that Congress would meet its deadline. So, the committee, I think, wanted to encourage that. The current draft letter on the privacy continues to support comprehensive legislation. I think folding these issues back into earlier in the report makes a lot of sense.
DR. COHN: I think we have reached consensus on that. Okay. Well, with that, we are actually done with this report. Is everybody comfortable with the revisions that we have talked about? I mean, we obviously will have a chance to see this again, though, as members of the NCVHS and maybe with the opportunity on -- at the end of the first day to revise this if needed or whatever. But, hopefully, I mean, I will work with Jim to make sure that the executive summary is short, to the point, reflects the things that we have identified.
And once again, if any of you can provide -- I will have the opportunity to wordsmith it whatever, but it is -- I am sort of looking towards a three page executive summary as opposed to an eight page executive summary.
MR. SCANLON: We have to be careful. Sometimes the executive summary is all that many readers will read. So, on that assumption, you make sure --
DR. COHN: But it should not be longer than the report, though.
Okay. Are we comfortable with that?
MS. TRUDEL: I just wanted to ask if you wanted to set a deadline for any editorial changes so that a final draft can be prepared and circulated to the subcommittee before the next full committee meeting?
DR. COHN: For the report?
MS. TRUDEL: Yes.
DR. COHN: Yesterday. Tomorrow. I mean, we are now at three weeks before the --
MS. GREENBERG: Our goal would be to send out the next version.
MR. SCANLON: It is really about a week or two anyway. The full committee meeting is February 23rd.
MS. GREENBERG: Right. So, we have been asking for any documents that would be included in the agenda book by like the 10th or the 11th or whatever. We will be sending out the agenda books the following week.
DR. COHN: I think the question got to be is would we have another version for the subcommittee to review and comment on prior to that going out. I think that was what I think Karen was referencing.
MR. SCANLON: That is ten days.
DR. COHN: I know.
MS. TRUDEL: That is why I asked.
MR. BLAIR: What would be the purpose actually? Do we think it would be that different from the -- aren't we allowing the full discussion at the NCVHS meeting?
DR. COHN: Let me tell you what I am going to suggest. I think this is going to have to be sort of a two page -- I think what I have heard from the committee is -- from the subcommittee is that we are comfortable basically with the report; that is, with the modifications that we have made. I think what we can do is to make those modifications, try to clean up the executive summary. What we will do is when we send it to Marjorie, we will also send electronically copies to all the members of the subcommittee and staff with the idea that additional changes can be made. What we may wind up doing is when we actually meet with the full committee, we will go through with them, we actually may have a marked up version. Once we get that version out on the 11th, any changes will be shown like we have been doing with the CPR work group as the change is actually on the copy and allows us to make improvements to it, bring them and go over it with them and the full committee and we say, gee, these are the changes we made. Here is the new version. Here is the marked up changes, expecting they have read the original version and have whatever changes we have incorporated and allows us to sort of work up until the meeting.
So, does that work for everyone in terms of modifications and otherwise? I am hoping there won't be much.
MR. BLAIR: Question. This weekend I am going to have somebody able to read it to me if I send an e-mail to you Monday, Tuesday or -- to Jim, you know, with any additional comments that I might have. Is that still in time? Would that be okay?
MR. SCANLON: This weekend, sure.
MR. BLAIR: Okay.
DR. COHN: Actually, I doubt we will get a whole new version out on that.
With that, I think this is the end of the agenda for the subcommittee. I think that we will -- I guess we reconvene as the work group on CPR to see if we can finish up the recommendations.
I actually want to thank the staff for their help on this. This has been a lot to do.
With that, why don't we break for about five minutes.
MR. BLAIR: Let me ask you this. What do you think about the possibility of -- since we are getting close to -- people might want to bring their lunches -- should they bring their lunch down?
[Brief recess.]
Agenda Item: Reviewing the Recommendations from the Work Group on Computer-Based Patient Records
MR. BLAIR: This is the second episode of our review of the first draft of the report to the Secretary on uniform data standards for patient medical record information.
For those of you who were with us yesterday, we got through a good portion of the document. We are going to continue on today.
This is Jeff Blair. I am just going to real quick, you know, go around the folks that are here to introduce everybody. I am Jeff Blair, chair of this work group.
DR. COHN: This is Simon Cohn with Kaiser Permanente, a member of the committee.
MR. ZUBELDIA: Kepa Zubeldia with ENVOY Corporation and member of the committee.
MS. BEBEE: Susie Bebee, staff, and I am with the National Center for Health Statistics.
DR. FERRANS: Dr. Richard Ferrans and I am staff with the VA and LSU Health Sciences Center.
MS. AMATAYARUL: Margaret Amatayarul, contractor.
MR. BLAIR: Do we have any guests? If so, come to the microphone and announce your presence, identify yourself.
Anybody.
MS. TRUDEL: Karen Trudel, Health Care Financing Administration.
MS. JACKSON: Debbie Jackson, National Center for Health Statistics.
MR. BLAIR: Well, we are going to turn it over to Margaret Amatayarul, who is going to lead us through the next section, which I believe is quality, accountability and integrity.
DR. YASNOFF: Jeff, do you want us on the phone to say "hello," too?
MR. BLAIR: Oh, I apologize. Yes, please, would you announce yourself as well.
DR. YASNOFF: This is Bill Yasnoff from CDC on the phone.
MR. KENT-SMITH: This is David Kent-Smith from the Government Computer-Based Patient Record Project. I am the chief clinical officer on the phone.
MR. BLAIR: Thank you, Bill and David, for joining us.
Margaret.
MS. AMATAYARUL: Okay. This is data quality, accountability and integrity. Jeff, do you want me to read the prefatory comments to the recommendations or do you want to go right to the recommendations?
MR. BLAIR: I think in the interest of time, let's go right to our recommendations.
DR. COHN: Can I make one wordsmithing comment about the data quality, accountability, integrity area? And that has to do with your comment about use of proprietary codes. You mentioned in the actual body of the discussion areas, a comment about proprietary codes. My belief is that is an inaccurate use of that term. I think what you are talking about are home grown or local codes and calling them proprietary codes specifically means owned.
MS. AMATAYARUL: Can you point me, Simon, to the paragraph?
DR. COHN: I am looking at the last -- it is on my page, I am looking at page 26, line 45, where it says "use of proprietary codes."
MR. BLAIR: Can you just read the sentence so that we have --
DR. COHN: Well, it is a bullet. It says, "Use of Proprietary Codes. Some health plans require that their providers use home-grown diagnoses or procedure codes, which hamper comparable performance measure." I just don't think that that is what proprietary codes are.
MR. BLAIR: What is a more appropriate word, do you feel, to convey that --
MR. KENT-SMITH: How about "non-standard"?
DR. COHN: Yes. That would be fine.
MR. BLAIR: Non-standard. Yes, I think that is a good suggestion.
DR. COHN: Sounds good. Thank you.
DR. FERRANS: But then the bullet after that has modification of standard codes, which would sort of imply non-standard, too. Is there --
MR. ZUBELDIA: That is even a bigger problem.
DR. FERRANS: Is there any way that we want to bracket this?
DR. COHN: Well, actually, I think they are fine being together like this. Actually, it makes them more likely -- one is non-standard codes and then one is even if you have standard codes, you are modifying them inappropriately. I think that is a -- at least from this view, it is going to be okay.
MS. AMATAYARUL: Okay. The first recommendation in this section is to promote quality, accountability and integrity of electronic PMRI. The Secretary of HHS should utilize the data quality features and characteristics referenced in the guiding principles for PMRI when selecting message format standards for adoption and in the construction of conformance tests.
MR. BLAIR: Any questions or comments?
DR. YASNOFF: I think it is fine but isn't it redundant?
MR. BLAIR: This is in quality now.
DR. YASNOFF: I mean, I don't object to it, but I mean we already asked the Secretary to use the --
MR. BLAIR: Well, I think we are heading at a little bit different tact with the data quality and integrity. So, the wording is slightly different for a purpose.
DR. YASNOFF: I understand and I don't object to it.
MR. BLAIR: Let me just explain because maybe we need to improve the sentence so it is clearer.
We are not really in this case looking for a separate data quality standard or integrity standard. We are really looking for the characteristics and features that improve quality, data integrity and security to be integrated within the message format standards and if we wind up coming up with content and structure standards, that would also, you know, apply there.
There already is a work group within HL7, for example, with that title, with that mission, but they may need a little bit of help to get this topic higher on the radar screen because business interests very often have this as a lower priority. So, that is the intent of this recommendation. Do you feel like we need to strengthen the wording to communicate that or do you feel like it does?
DR. YASNOFF: Essentially what you are saying to the Secretary is be sure to pay attention to quality issues when you do standards. Is that right?
MR. BLAIR: Well, as we go down these recommendations, I think we are going to be stronger. We are going to wind up trying to put incentives in place to encourage the SDOs to build quality features and characteristics into their standards. Okay?
DR. YASNOFF: Right. I understand that, but in this recommendation, you are essentially saying Madame Secretary, be sure to pay close attention to data quality when setting standards. That is really all you are saying, which is okay. I don't have any problem with that.
DR. COHN: Bill, you are wondering whether we just don't say that? I guess that was the question I was trying to figure out. Bill, are you there?
DR. YASNOFF: I can't hear you.
DR. COHN: Can you hear me now?
DR. YASNOFF: Yes.
DR. COHN: Okay. I was just wondering if are you wondering whether this should just be reformatted just to say that?
DR. YASNOFF: I am not quite hearing you completely. Are you asking whether we need to change the wording?
DR. COHN: Yes. Were you suggesting that or not?
DR. YASNOFF: No. All I am saying is that this may be redundant, but I think the emphasis is worthwhile. So, just -- let's go on.
DR. COHN: Okay.
MS. AMATAYARUL: 16. To accelerate the implementation of PMRI standards incorporating data quality, accountability and integrity features and characteristics, the Secretary of HHS should create incentives for improving data quality. These may include establishment of a minimal set of critical quality measures and a minimum required data set to support derivation of the measures. The data set would require adoption of (a) uniform units of measure, (b) uniform data dictionary, (c) interlocking set of structured vocabularies.
DR. COHN: Can I make a comment on this one?
MR. BLAIR: Yes.
DR. COHN: I found this one to be a very odd recommendation. I think we are somehow in the same paragraph confusing data quality with quality data. I actually think that the approach to this -- it is an approach to acceleration of I think PMRI standards and using PMRI standards to support quality data, as opposed to data quality.
We talked about this yesterday in terms of that medical terminology recommendation, that there ought to be -- let's see, I am trying to think where this was and maybe I am mistaken -- I guess this is --
MS. AMATAYARUL: It is right here.
DR. COHN: Okay. Basically the issue of providing incentives for using the standards in a way that made it not necessary -- not necessarily do you have to do chart abstraction and other things in relationship to that, which I think it makes a lot more sense than what this is talking about.
MS. AMATAYARUL: This is not intended to do that. This is --
DR. COHN: Well, but that is what this says.
MS. AMATAYARUL: Okay. Well --
DR. COHN: This says improving data quality and the next sentence is "These may include establishment of a minimal set of critical quality measures."
MS. AMATAYARUL: Yes. The intent of this recommendation came from several testifier, who talked about the fact that one way to incent use of terminologies to achieve data quality was, in fact, to set up quality of care measures.
DR. COHN: Well, I think we are talking about the same thing exactly then. You are talking about data quality and then talking about quality data. And I am saying that what you want to do is to deal with quality measures, which you are just talking about. Then the way you incent that is you don't go around asking the government to establish additional -- ala addition, the HEDUS additional to QUISMC and other groups, other additional quality measures, just to tweak people.
What you do is you figure out ways to allow those things to happen in a more cost efficient and effective way by utilizing these standards to communicate this information in a way that doesn't require chart abstraction, which is typically the HEDUS issue and every other quality organization's issue right now.
So, I think that there might actually be a business case to be made of, gee, if you could transport -- let's talk about HEDUS, for example. You could transport blood pressures or you could transfer other measures electronically in a way that didn't require chart abstraction, there actually might be dollar savings that could be used as part of the incentives.
But this seems to be just sort of an arrow out to the right.
MS. AMATAYARUL: Yes. And, Simon, I am only trying to report what the testifiers said, that they weren't looking -- my understanding was that, yes, there was ORICS(?) and there is HEDUS and OASIS and so forth, but they wanted more than that. They didn't want to just look at those and strengthen those. They actually wanted more.
That is what I was trying to convey here. Now, that is, I think a decision your work group has got to make is do you want to focus on what existing data sets there are and improve the data quality therein, which is different than what this is because this really did mean go outside of those.
DR. FERRANS: We are confusing quality of care measures with data quality.
MR. BLAIR: Actually, can I suggest here that it is important for us to make that distinction. In this case what I think it is trying to say is that in order to improve data quality, if you put incentives in place for quality of care, that will drive improved standards for data quality.
[Multiple discussions.]
-- double linkage. That is two linkages there.
DR. FERRANS: Simon, here is what I would recommend. I think that a reasonable recommendation from the work group would be that when the Secretary has any future, you know, reporting requirements placed, that they look to the standards established to make sure that we are using, you know, the appropriate terminologies, message formats to ensure data quality.
DR. COHN: Yes. And I think beyond that I would say that there would be the issue of potentially providing incentives or additional reimbursement if these data sets -- if these required data can be produced using information systems as opposed to having to use chart abstraction.
MR. BLAIR: Could I get back to what Margaret was pointing out, though, because I think if I recall during the testimony when people were saying we needed to have incentives for quality of care on the part of HCFA and on the part of other payers, so that the incentives in place were not just reimbursement. Are you winding up saying you don't want to convey that message here or are you saying that we just didn't convey it correctly or what?
DR. COHN: Well, I think that this actually, by my memory, is a combination of two different testifiers. One is the concept of paying on the margin, as I -- well, that is what it looks like to me. We were going to be incenting and paying on the margin for people to adopt and use terminologies and then the other piece had to do with quality measures and somehow these things got connected.
I was at the hearings. I don't quite remember recommendations that called for people to -- I am just trying to -- I guess I don't remember anybody calling on the Secretary of HHS to establish additional clinical -- critical quality measures in addition to what already exists for health care.
MS. AMATAYARUL: I think it was Blackford Middleton that made the largest case for it.
DR. COHN: Additional quality measures? Additional to what already exist. Okay. There was a consensus there?
MS. AMATAYARUL: Well, I am not saying one person is a consensus. That person stuck out in my mind. I wouldn't want to say that there were or were not others.
MR. BLAIR: I think Al Buck from JCAHO was also struggling and the JCQA -- let me just finish this one thought here -- part of it was that the HEDUS measures and the JCAHO accreditation process, they were struggling -- and part of their testimony even indicated that they couldn't measure quality very well because the data wasn't there for them to measure anything that was clinically meaningful or clinically specific. It was too general.
So, they were looking for incentives on the quality to -- for quality of care to drive down to try to put pressure on the standards groups to have more clinically specific information to support those measurements.
Okay. Bill or --
DR. YASNOFF: Jeff, aren't we really wanting to say that the quality of care measures should use PMRI standards or should be required to use PMRI standards that would minimize the need for chart reviews and so on and would improve the quality of data.
MR. BLAIR: That is, I think, implied or assumed but I think that the additional point that the testifiers were making that Margaret is referring to is they were winding up asking the Department of Health and Human Services to place more incentives on measuring quality of care to try to press the issue.
DR. FERRANS: Actually, let me support what Bill just suggested and the reason is if the first step is to require that those reporting measures are using PMRI standards, then once that happens, that incentivizes people to have systems that, you know, collect and store the data that way because then they can essentially do EDI to those groups.
So, from the standpoint of what our goal is, that would certainly make sense. I am not -- I am still sort of struggling a little bit with the quality issue and I think if we are talking about data quality, we need to make more specific mention of it in the data quality part on page 24, where -- I mean, we are talking about chart abstraction being inefficient and at times inaccurate and that is a data quality issue. So, automation of that would make sense.
We don't state that explicitly here. So, I think we should.
MR. ZUBELDIA: This has two separate issues in it. One is to use PMRI to gather data that has good quality, that will not require -- that will therefore improve the reporting because it is good quality data.
The other issue is to refine the gathering of quality data, data that measures quality of care and to refine the gathering of that kind of data. They are two separate issues.
MR. BLAIR: Both of those issues are true, but I think there is a third issue, which is, I think, what this point was trying to make, is that in addition to those two, this is also saying that we need something that will provide incentives by the payers, like HCFA, for measuring quality of care in order to push forward the development of those standards so that you could measure quality better.
DR. COHN: Well, Jeff, and I think that was the point that I was trying to make because I think there are different ways of doing that. I mean, I think, one way to incentivize what you just were describing is to incent by, you know, having these things which are supported by PMRI standards be sent electronically and you can actually pay more for that if these things are developed electronically and sent electronically.
We should be talking about that proposal. We should not be talking about a proposal that includes establishing data quality measures, data sets, data dictionaries, et cetera, et cetera. Because as I said, I think -- you know, once again, it may be that Blackford Middleton made this comment. I don't know of any organization that I can think of that is actively advocating for the Secretary to be developing additional quality standards that need to be implemented on a nationwide basis at this point.
I think most people think that they have enough quality measures as it is. They are struggling to meet those quality measures, wishing that they didn't have to do expensive chart abstraction and would really look towards this leadership in a way to get them out of that --
MR. BLAIR: Let me try to refine this because I think we heard -- maybe we heard something different. Okay? If it is just what you are saying, then it is winding up saying use the standards that are out there to ensure quality and the messages that I heard, especially when Al Buck was testifying and when NCQA was testifying, both of them wound up saying they have reduced dramatically their requests for quality information because the data isn't there.
So, they were winding up saying -- if we wind up simply saying we are going to ask for what is there today, but not put an incentive in place for an improvement, then, yes, what we will do is we will automate what is there today and we will not have a higher standard of quality --
DR. COHN: Can I comment in response to that because I have gotten pretty familiar with, for example, the HEDUS measures. Now, some HEDUS measures are based on administrative data and those are really the ones that HEDUS is having trouble because there is only so much administrative data. There are a whole bunch of other sets of measures that are based on either manual abstraction or survey results, both of which are very expensive to do.
For example, the blood pressure measure really is based on manual extraction of the chart. So, they are proceeding into the areas where they don't have automated systems to do it, but it would be wonderful if we could support them in that as opposed to saying, well, gee, no, what you are doing really isn't enough. We need to have the Secretary do something else.
I think the strategy is to try to support those efforts, make them easier to occur and then allow them naturally through their consensus process in the same way that standards developers develop standards through consensus processes to expand the processes, while at the same time paying on the margin or providing the incentives for them to computerize these things, which is I think what we have -- at least what I have been talking about -- I am not sure I need to argue this with you but I guess we need to figure out what the work group wants to do in terms of recommendation and
what --
DR. YASNOFF: Jeff, could I suggest some language?
DR. COHN: Bill Yasnoff has some language.
MR. BLAIR: Yes, Bill.
DR. YASNOFF: What do you think about this for language? "The Secretary should establish incentives for reporting quality of care measures that use PMRI standard and ensure comparability of this data by establishing requirements, including the A, B, C we have listed."
MR. BLAIR: That is probably pretty good. Read me the A, B, C.
DR. YASNOFF: Uniform units of measure, uniform data dictionary, interlocking set of structured vocabulary.
MS. AMATAYARUL: Bill, could you read the first part again?
DR. YASNOFF: Yes. I knew you were going to ask me. So, I wrote it down.
MS. AMATAYARUL: Hold on one second. Let me scroll up. Okay.
DR. YASNOFF: Okay. So, we say, "The Secretary of HHS should establish incentives for reporting quality of care measures that use PMRI standards and ensure comparability of this data by establishing requirements, including..." And then list A, B and C.
MR. BLAIR: I feel comfortable with that one. How about the rest of the committee.
DR. FERRANS: Can you scroll back down so I can see it again?
DR. YASNOFF: Simon, does that align better with your thinking?
MR. BLAIR: I think it is a good compromise wording.
DR. YASNOFF: Do you need me to read this again?
DR. COHN: No. We actually want to see it on the screen.
MR. BLAIR: Simon and I are locked in an arm wrestling here.
DR. COHN: No, no. I think the -- this is actually getting a lot better. I am still wondering what we get --
DR. FERRANS: Existing in future or are we just talking about future ones or are we talking about new ones? Could somebody just be a little more specific?
DR. COHN: Well, you see, I think the existing ones could benefit from this as well as future ones. At least that is my view. And that is an easy win.
MS. AMATAYARUL: Could I -- I have been trying to capture what your thoughts were as you were talking and I think maybe I could even include what Bill had just proposed as well. "To promote enhanced data quality through adoption of PMRI standard medical terminologies in the private sector, prior to their being regulated, the Secretary of HHS should require quality of care measures to use PMRI standards that would minimize chart reviews and enhance data quality, (b) support refinement of the gathering of data that measures quality of care and (c) consider providing incentives, such as paying the marginal cost for reporting specific data."
DR. YASNOFF: That sounds pretty good to me.
DR. FITZMAURICE: I have a question about the Secretary requiring quality care measures to use PMRI standards. There might first want to be an investigation of do we already use PMRI standards. I suspect that many of the quality measures aren't associated with information systems. Somebody going through chart review is going through a lot of torture and to require them to use PMRI standards, maybe message transmission standards, they don't have that capability.
So, then it falls down to the content and use the same definitions. That would be good, but I am questioning our recommendation for the Secretary to require this without the Secretary having some background in what is actually going on out there. Do they currently use PMRI standards that exist? Are they compatible, at least, with them even if they don't come from information systems and what can the Secretary do to promote the use of information system reporting of quality of care measures, which is not just PMRI standards, but also how do you collect the numerator, how do you collect the denominator? It is a set of rules as well as the PMRI standards.
MR. BLAIR: There are four or five thoughts there. Could we sort of take them one at a time? I think the first comment that you made was concern about --
DR. FITZMAURICE: That the Secretary require --
MR. BLAIR: Now, I was okay with either Bill's statement or Margaret's statement. Margaret's statement that she has up there, I think, says require these things, I think, prior to adoption of PMRIs. Is that right, Margaret? That is what you added?
MS. AMATAYARUL: Well, initially -- the lead is was to promote enhanced data quality through adoption of PMRI standard medical terminologies in the private section prior to their being regulated, the Secretary -- but then it says the Secretary of HHS should require quality of care measures to use PMRI standards.
DR. FITZMAURICE: I don't know that the quality of care measures are going to be regulated by the Secretary. So, I wouldn't want to make that assumption.
DR. COHN: That is why I have been reacting the way I have been.
MR. BLAIR: What was the general feeling on what Bill Yasnoff recommended?
DR. COHN: Where is he talking about that one? I mean, it actually makes more sense than -- the question here is, I think, I am supportive of the first part of the sentence, where it says the Secretary should establish incentives for reporting quality of care measures that use PMRI standards.
I am just not sure about the second part of the thought there, where it says "and ensure comparability of data by establishing requirements, including uniform units of measure, uniform data dictionary, interlocking set of structured vocabulary.
I am trying to figure out what the value added of the rest of that thought is.
DR. FITZMAURICE: Simon, suppose we replaced "ensure" by "promote" comparability by publishing not requirements but by publishing guidance of some sort. Now, it waters it down, but it also doesn't have the committee saying we want you to regulate this.
DR. COHN: Well, I guess, I am just -- once again, you have to help me with how quality measures occur out in the real world, at least the real world as I know it. I don't know how the --
DR. FITZMAURICE: -- real world better than I do, Simon.
DR. COHN: -- is is that typically there is a sort of a negotiated activity that occurs, for example, around HEDUS, where, you know, it is a public private interaction that produces these measures. So, it isn't the Secretary necessarily publishing guidelines on all these things, to my knowledge. Maybe she does. The Secretary said she also wants to have that measured for Medicare, but typically most of these measures that are out there in the community are sort of self-developed, self-generated --
DR. FITZMAURICE: And licensed and copyrighted.
DR. COHN: That is right. And they actually include uniform units of measure. They include data dictionaries, at least to some extent. They probably don't include interlocking sets of structured vocabularies. So, that actually is part of the process of developing these quality of care measures. So, I am trying to think of the value added or what we are describing there as opposed to the issue of incentives of having the quality people develop these things using these PMRIs and people reporting them that way in a way that would provide some sort of incentive in the marketplace for that to happen.
MS. AMATAYARUL: Simon, you know, I agree that HEDUS and those other groups provide definitions of terms that they want you to collect, except nobody conforms to those definitions of terms and there is no way to ensure that they are using those definitions. I can provide you with specific examples from specific institutions where they actually subscribe to two or three different data collection places each with different definitions of terms and they aren't complying with one or two or three of them.
So, they are there, but they are not being used.
DR. COHN: Well, but that is the whole point of the data dictionaries. It is there but you choose whether to use it or not. So, is that what you are --
MS. AMATAYARUL: No, I think what we are trying to do is say, hey, where are the data dictionaries that are out there and comply with them.
DR. COHN: No, actually, I thought what we were trying to do was we were trying to encourage the adoption and use of PMRI standards for collecting quality data.
[Multiple discussions.]
MR. BLAIR: But there is a different piece because in many cases, the quality features and characteristics are not in existing PMRI standards. We need to have some incentives to develop those characteristics and features and get them part of the existing standards in order for the data to improve.
Maybe I ought to give an example so you will understand that this is different than the other things we have talked about so far.
For example, a data integrity issue is that right now if you take an HL7 message, the whole concept of that message is that it is point-to-point. There is no recognition in the fact that in an integrated delivery network, it may go through three or four or five different servers and there are no audit trails that you have lost information or that the translation between one thing and another was done accurately. Those are the kinds of data quality and data integrity things that we need to encourage.
I may be out of sequence here because maybe that is on another one of these recommendations here, but at least that is part of what was in the back of my mind as I was thinking of this.
DR. FERRANS: What I really hear is that we are again sort of mixing up data quality and quality of care measures. I do think that the issue of quality of care, we have talked in the report about being able to measure outcomes and measure the quality of care and, in fact, the
-- we tied in so closely in the beginning of the report about how we said that there was a strong linkage between quality and -- I am trying to think back to -- but in any case, we might want to separate out and have the section dealing with quality of care and then look at it from the perspective of in order to measure quality of care, you know, sort of taking a different spin on it, here are some issues about message format standards. Here are some issues about this.
Here are some issues about information systems that don't necessarily have to do with the standards themselves, but have to do more with the systems.
DR. COHN: I have a slightly different suggestion, though. I do agree with you that we have had just a terrible time walking the rope between data quality and quality data. I wonder if we may just want to just retitle the section to include -- I mean, as opposed to trying to continue to make the differentiation, maybe there should be data accountability, integrity and quality data. That maybe should be the title of this section since we seem to want so badly to put them altogether.
DR. FITZMAURICE: Could I suggest that we really want quality of data and that using for quality of measures is an example, but an example of promoting good quality data -- economy or for the nation is quality measures. We would encourage the Secretary to develop this guidance. We might secondly encourage the Secretary to obtain these measures working in conjunction with the Office of Personnel Management from the health plans that service the federal employees.
In other words, what is it that is under her control or that she can do in partnership with a federal agency to serve as guidance, to serve as a leader and to find out how much does it really cost to do this.
MR. ZUBELDIA: And in doing so, I think that the first sentence that says establish incentives, that probably needs to be separated from the rest.
MR. BLAIR: I really agree with what Kepa is saying and what Richard has said. I think -- and Simon is saying the same thing in a different way. I think we have to separate out the recommendations for incentives to improve -- incentives to improve quality of care, which in turn would drive improved data quality from the other recommendations of how we would do that.
DR. COHN: That is cleaner.
MR. BLAIR: Okay. What if we had one --
MR. ZUBELDIA: Or just PMRI standards period.
MR. BLAIR: Could I suggest one recommendation where we will separate out the incentives to improve the quality of care? I will probably wind up --
MR. ZUBELDIA: I am sorry. Let me have -- where I think it should be cut. After the PMRI standards, right here, put a period and that is the sentence.
MR. BLAIR: How does that read?
DR. COHN: Yes, I think the only change I would use, rather than use PMRIs is say utilizing PMRI standards, only because people may have a choice for awhile about whether they are using PMRI standards or not and we want incent people to be utilizing it when they have another option.
MR. BLAIR: Could you read me the sentence?
MS. AMATAYARUL: The Secretary should establish incentives for reporting quality of care measures for utilizing PMRI standards.
DR. COHN: No, not for. Just utilizing.
MR. BLAIR: Now, the only thing in there is it doesn't say anything about those incentives for developing better data quality of PMRI standards.
MR. ZUBELDIA: And that is a different topic.
MR. BLAIR: That is a different topic?
MR. ZUBELDIA: And the Secretary should also provide incentives for developing quality of care standards, quality of care data standards.
MR. BLAIR: To improve the ability of PMRI standards to measure quality of care. Is that what you are saying?
MR. ZUBELDIA: Sure.
MR. BLAIR: So, that is a different -- maybe you want to tell Margaret how that would be phrased?
MR. ZUBELDIA: There are incentives for reporting using PMRI and then there are incentives for improving the ability of gathering the data using PMRI.
MR. BLAIR: Excellent, excellent.
DR. COHN: Okay. But that is not what is up there now.
DR. FERRANS: It says for quality of care data standards -- it is incentives for standards. That is the problem.
MR. BLAIR: So, it has to be incentives for reporting with or utilizing or --
DR. COHN: Wasn't this one the one that had to do with developing quality of care measures, utilizing PMRI standards?
MR. BLAIR: That is the second one you are suggesting?
MR. ZUBELDIA: That is developing the standards for quality of care data.
DR. COHN: So, it isn't reporting. So, it is actually developing the standards or developing quality of care measures or refining or improving them, whatever.
MR. BLAIR: Let me ask you if this wording would be okay. I am working on the word "developing" and instead -- so that they don't think we are suggesting that they develop totally new standards. What if we had the phrase for incorporating data quality characteristics and features into PMRI standards to improve their ability to measure quality.
DR. COHN: I actually think that they are probably fine right now. I don't know if that is the problem.
Mike has his hand up. I have probably spoken too much.
DR. FITZMAURICE: A suggestion about the first one. It currently reads, "The Secretary should establish incentives for reporting quality of care measures utilizing the patient medical record information standards." I would suggest the Secretary should establish incentives for using patient medical record information standards for reporting health care measures, including quality of care measures. Our focus is on PMRI standards. Our focus is on whenever health care measures are reported and particularly important in our economy is quality of care.
MR. BLAIR: Does everybody feel comfortable with Michael's addition? Good.
MS. AMATAYARUL: Let me make sure I have it then. The Secretary should establish incentives for using PMRI standards for reporting health care measures, including quality of care standards.
MR. BLAIR: Including quality of care measures.
DR. COHN: There probably needs to be some where a statement in all of this that this is actually -- at least the idea would be is that this would actually save the industry money in the long run by reducing redundancy and producing data flows from computerized systems as opposed to manual chart abstraction.
I don't know if we say that anywhere here but we probably need to put that rationale somewhere.
DR. FERRANS: Let me just ask this question as long as we are on the subject and this is not somewhere that we have really discussed, but when we talk about incentivizing people to automate collection of clinical data, not just to buy information systems but we have talked about paying on the margin. Are there any other mechanisms that people are aware of that -- other incentives, that could -- other mechanisms for incentives better, you know, because I would be just interested in discussing that if anyone has --
DR. FITZMAURICE: One example would be when the Health Care Financing Administration through the Medicare program collects data for the PROs. It has, I think, four contractors. You might collect more detailed information and require that or encourage that to be in -- using PMRI standards, by making an extra payment if it is in PMRI standards to the CDACS(?), they are called.
MR. BLAIR: The other piece that -- at least this is my understanding, so if I am not precise on this, then, you know, correct me. I have the impression that JCAHO has tried for a long time to put in place continuous quality improvement measures and without the data to be able to show continuous quality improvement in outcomes, they have tended to fall back to continuous quality improvement in terms of simply what is implemented in an institution because they don't have the data to really do the continuous quality improvement for outcomes.
So, that, I think, is a second area where if we have incentives for continuous quality improvement of clinical outcomes, that is going to be hard. But that is where we want to drive these standards to be able to support that. Yes? No?
DR. FITZMAURICE: Well, let me try the standards and we also want to drive systems and part of this has to be, you know, an evaluation of the benefits compared with the costs of putting things into PMRI standards. So, some of these are -- we are talking as though they are foregone conclusions, but they are not, rather than direct, let's say, have the Secretary direct HCFA to collect all this data in PMRI, direct her to investigate the benefits and the costs. The benefits may be being able to say more about the quality of a particular population of patients. The cost may be very expensive if the hospitals don't already record things, using PMRI standards.
DR. FERRANS: I will be -- I guess I will come out with one other suggestion and it is not -- is that the only other way, since they provide funds, reimbursement through Medicare, the only other way to get hospitals, acute care settings and others to invest in information systems would be to provide some kind of tax break or something like that and that would fall under legislative proposal. I don't know whether we would want to recommend that they would make that legislative proposal, but it is within, you know, the scope to recommend legislative proposals.
MR. BLAIR: Richard, with your question, I have the impression that you are trying to take the first recommendation that we have there and say what those incentives might include, such as paying on the margin, such as incentives for continuous quality improvement or clinical outcomes and you have other things as possible tax incentives or financial incentives. Is that right?
DR. FERRANS: Yes. And I guess it is just as I have been thinking about this, the issues of data quality don't necessarily
-- don't exclusively have to do with the standards. It also has to do with just the automation of clinical data collection, which is difficult to do at the point of care in a timely manner.
MR. BLAIR: So, these three items would be subsets underneath the first recommendations. Correct?
DR. FERRANS: Yes. I think having a statement of incentives may include we will just show the Secretary here are a few ways you might think about doing it.
MR. BLAIR: Richard do you want to let Margaret know how that would --
DR. FERRANS: I think she has got it.
MR. BLAIR: You have got it.
MS. AMATAYARUL: Mike -- can I get back to Mike's comment on the Secretary should investigate the benefits and costs of using PMRI standards? Is this where we want that or this another general recommendation? And doesn't that apply to everything?
DR. FITZMAURICE: It does sound a little more general.
DR. FERRANS: That sort of brings up a question. If we go through this process and the Secretary gives the authority to or says go ahead and start recommending standards or putting them in, do we fall into that situation where there needs to be a cost benefit analysis done.
DR. FITZMAURICE: At some point when you -- if we were to recommendation, for example, standards and the Secretary would say, all right, I am going to adopt these under HIPAA or under some new legislative process, if the impact is more than a hundred million dollars, you must do an impact analysis and publish it in the Federal Register. And it is probably wise to do it even if it is less than a hundred million dollars because it is something that is new and will impact some people. It will probably will have more than a hundred million dollars worth of impact.
DR. COHN: I was just going to comment about the underlined section here where the Secretary should investigate the benefits and costs of using PMRI standards. I think that is what she was asking us to do. So, probably an early recommendation -- it is probably not the wisest recommendation to say, well, we spent three years studying and we think you ought to investigate benefits and costs of doing what we are recommending here.
So, just a thought on that one. Probably there is a way to put it that is not quite the way you have just described that might make a little more sense.
But I think that -- or do you mean using it for quality measures specifically or --
DR. FITZMAURICE: No. I am looking at -- let's suppose you tell hospitals if you put your clinical data into a PMRI standard format then we will give you the payment that we would have paid the data collectors to put it into PMRI format. So, you buy the products that the systems produce to give them the incentive to have systems that will produce that.
DR. COHN: I guess I -- unless we can somehow change this one around a little bit, it sounds to me like what the first 25 pages are really all about, not the costs but certainly the benefits.
DR. FITZMAURICE: This is more certain information than we have. That is what I am saying.
DR. COHN: Well, before you decide that, I think you need to figure out it gets modified so --
DR. FITZMAURICE: We can call it research and benefits and the resources --
DR. COHN: Further research.
DR. FERRANS: When we have looked at specific standards, like HL7 or SNOMED, to name a few, there has never been any testimony about what would be the cost of implementing that standard nationally. I doubt that there is any data on there and any study of that would be of the sort of here is a list of here is a list of assumption types, such as the one that was done to support what would be the cost of doing the privacy regulations. That was part of the --
DR. COHN: Okay. I know it has been a long time, but just the observation that this sounds an awful lot like what the legislation required us to do.
DR. FERRANS: I agree with you. I don't think that we should phrase it that way and perhaps --
MR. BLAIR: Could I echo that I also think that we probably don't want to go down that path because when we did the inventory of standards, the questionnaire wound up having a section on implementation cost, maintenance costs, ongoing costs and license costs and that was the area that had the least meaningful feedback and I don't think it was because people were trying to avoid the answers as much as they really -- nobody has ever really measured that and even the SDOs don't really know because it differs for every organization and it differs by what they are actually implementing and how they implement it.
So, it is really a murky area to start to get into.
DR. FITZMAURICE: Let me sound as someone who is going along with the general trend of let's get rid of that sentence. The difficulty I see with that as the way that I stated it is that it is easier to measure the costs, particularly the capital costs of putting it in. It is difficult to measure the benefits when you can't envision what might be done with the information within a known organization, how it might be combined and the new services and products you might produce and then estimate the impact on attracting more patients to your particular organization.
You have to see into the future more for the benefits than you do for the costs and probably that uncertainty alone accounts for a good part of a reluctance to invest in information systems.
MR. BLAIR: That is a very good point.
DR. COHN: I just need to do a little time check here and just talk to people for just a second. And, Jeff, I apologize if I am taking your territory here but it is 1 o'clock. I think this is an area where we ought to hold it and discuss it. I mean, we can reflect on it as we get into our meeting in March, but I don't think it should be showing up on our March discussion with the NCDHS particularly -- February discussion.
I guess the question that I have, though, is that we have obviously, I think, done some good work here. Admittedly, there probably is more left to do. Is our strategy for the next 45 minutes -- because I think we are going to break in 45 minutes -- to do it the way we have been or are we going to try to go over the remaining recommendations. We have got a couple more recommendations -- a number of more recommendations to see if they are good enough to at least show to the NCVHS in February, recognizing that they are not complete.
I guess I would suggest that we go to a slightly lighter touch for the remaining recommendations if we can.
DR. FITZMAURICE: That sounds like a good idea because we need to get through them and then Margaret and Jeff and others can work their will and if it is close to what we were talking about, we are better off than if we haven't gotten through them.
DR. COHN: Okay. Shall we move on then to --
MR. BLAIR: Our next recommendation.
MS. AMATAYARUL: The next set of recommendations is under "Diverse State Laws and Regulations" and the first one, No. 17, is "To ensure acceptance of digital signatures as the means to authenticate electronic PMRI in a consistent manner among all states, the Secretary of HHS should propose that Congress enact legislation requiring digital signature authentication of electronic PMRI."
DR. COHN: Could I ask an odd question on that one? Because I know that the regular HIPAA regs have an electronic signature feature to them. How is that different than this?
MS. AMATAYARUL: They are not required at the present time.
DR. COHN: Well, once the HIPAA comes out, will they be required?
MS. AMATAYARUL: Not -- I thought I heard this morning that that was going to be one delay because it was not -- because at the present time it wasn't required in any of the transactions.
DR. COHN: Well, no, but what I am wondering is has Congress already enacted legislation regarding digital signature that --
DR. FITZMAURICE: No. That got stalled. The House passed a bill yesterday that supports digital signatures.
DR. COHN: Okay. Well, how is electronic -- okay. I guess, is electronic signature different than digital signature?
DR. FITZMAURICE: It could be, but I would prefer digital to electronic. Electronic could be a picture of a signature.
DR. COHN: I guess the question I have is isn't this already in the HIPAA legislation is really what I am trying to ask and that is a question just because under "Security," there was security and electronic signature for a final rule.
DR. FERRANS: Under "Electronic Signatures," my understanding is that there were standards set for electronic signatures, but that there was not --
DR. COHN: There are laws and regulations. We are asking for a law here to enable the development of a regulation. My question is we know there is not a regulation for electronic signature. We are all in agreement on that. The question is is does the regular HIPAA legislation, which my understanding it does, already include the authorization for the Secretary to develop a regulation regarding electronic signature. At least, as I read it, it did. So, that was really my question.
If I am wrong about that, I apologize.
Yes, Karen.
MS. TRUDEL: My reading of the standing, it authorizes the Secretary to adopt standards -- a standard for electronic signature. It doesn't say digital signature. Digital signature was what we initially proposed, but it is strictly in the context of the transactions, as opposed to a broad standard that could apply to PMRI or anything else. So, it is strictly in the context of the HIPAA transactions and at this point the transaction standards that we are adopting don't require any digital signature.
DR. COHN: Well, I know that, but it seemed that at some point there might be one that does.
MS. TRUDEL: Yes. Absolutely.
DR. COHN: I guess I was just trying to figure out whether this was redundant with what was already going on, though it sounds to me like if we are going to recommend something, we ought to recommend digital signature authentication period and not just for PMRI but for everything.
MR. ZUBELDIA: The security NPRM says two things, that the standard for electronic signature will be that of a digital signature. It establishes that. Then it establishes that if a digital or electronic signature is used, it has to be used according to the standard.
What it does not establish is that a digital signature will be the means to authenticate electronic PMRI.
MR. BLAIR: There you go. That is the statement --
MR. ZUBELDIA: That is what this says is that the digital signature will be the means to authenticate electronic PMRI in a consistent manner.
MR. BLAIR: Then it gets back to Simon's question of do we have the ability to say that that should be a regulation or do we have to go back to Congress for that authority?
MR. ZUBELDIA: There are two different issues here. One is that the digital signature is the means to authenticate the PMRI and that is one issue.
The second issue is that it should be consistent among all states.
MR. BLAIR: Yes. Two separate issues.
MR. ZUBELDIA: That issue of consistency among all states is what is being debated now in Congress, isn't it?
MR. BLAIR: Yes.
MR. ZUBELDIA: But it also is implied in HIPAA because the HIPAA says -- the law actually says that the digital -- or the electronic signature adopted a standard, will be deemed to be in acceptance with all the states or something. There is specific wording that says that whatever is chosen as a standard for HIPAA will automatically be acceptable by all states.
MS. AMATAYARUL: Preempt.
MR. ZUBELDIA: No, they don't use the word "preempt."
PARTICIPANT: Will be deemed acceptable.
MR. ZUBELDIA: Will be deemed acceptable.
So, there are two different issues here. One is that the digital signatures will be the means to authenticate electronic PMRI and the other that may be redundant is the consistency in all states because that may be redundant because it is already expressed in the law, in the HIPAA law.
MS. AMATAYARUL: So, Kepa, are you suggesting that we separate these two points?
MR. ZUBELDIA: Possibly or that we forget about the second point of consistency among all states. It is already implied in the law. At least we need to assert that the electronic or digital signature is a means to authenticate the electronic PMRI. I would leave it at electronic signature because then the standard as is defines the electronic signature as a digital signature.
If you make this digital, it probably will end up having to be digital anyway, but if you make this digital here and then the technology changes in a few years, then you are stuck. Right?
MR. BLAIR: So, are we modifying then the recommendations there?
MS. AMATAYARUL: So, I have, "To ensure acceptance of electronic signatures as the means to authenticate PMRI, the Secretary of HHS should propose that Congress enact legislation requiring electronic signature authentication of PMRI."
MR. BLAIR: Okay. Do we have to go to Congress for that or can the Secretary -- well, I don't know.
DR. YASNOFF: Jeff, can I suggest that we not spend time debating how the Secretary has to do this and just say the Secretary should take steps to ensure that electronic digital signatures are acceptable for authentication, are allowable and acceptable for authentication in all 50 states and let the Secretary figure out what to do?
DR. FITZMAURICE: I like that better than requiring. Much better, Bill.
MR. BLAIR: Do we need to repeat that?
DR. YASNOFF: I can't repeat that. So, I hope you got it, except that I said "allowable" and "acceptable."
MR. ZUBELDIA: Yes, and still play the after PMRI.
DR. YASNOFF: I have the same comment about the next recommendation, that we should say the Secretary of HHS should take steps to ensure that and let the Secretary figure out what needs to be done.
DR. FERRANS: Right. And, for example, a minimal standard for retention is -- I think is not the good wording because right there you are recommending a federal floor versus a federal ceiling versus a uniform standard and those kinds of details becomes very important as was learned in the privacy debate. It is states rights issues.
MR. BLAIR: The problem here, the reason that it was specified as a minimum standard for retention is that as we start to head towards longitudinal lifetime health records and as we have more communications between states with health care information, some states have very short retention requirements and others are longer. The ones that are longer are not the problem. The problem is with the fact that there are short ones.
DR. FERRANS: It is probably what we are -- are we saying we want a uniform standard? Everyone with the same -- because if that is what we are saying, we should use the word "uniform." If we raise the floor by having a minimum, we will still have variability. If we want to eliminate variability, we should say "uniform."
MR. ZUBELDIA: We want a national standard.
MR. BLAIR: A national --
DR. FERRANS: Uniform national.
MR. BLAIR: Uniform national standard for retention.
MR. ZUBELDIA: And if there is a way to put the word "preemption" in big capitals, bold face, I would do it. That will attract attention.
MR. BLAIR: Okay. Next one.
MS. AMATAYARUL: Okay. The next recommendation is "To ensure that acceptance of electronic PMRI as a legal record of business is consistent among all states. The Secretary of HHS should propose that Congress enact legislation that recognizes the legality of PMRI in electronic form."
DR. FERRANS: My sort of gut reaction to that is that I understand the intent. I think the intent is good. Somehow there has to be some mention again of some sort of uniform standard because here we get into the data integrity issue and we are not -- I don't think we want to say that all PMRI should be recognized as a legal document. I mean, it has to have that certain quality.
DR. COHN: Look at what she has done over there. I think it actually looks pretty good.
MS. AMATAYARUL: "The Secretary of HHS should take steps to ensure that acceptance of electronic PMRI as a legal record of business is consistent among all states."
MR. BLAIR: That is pretty good. Okay.
MS. AMATAYARUL: Our next section is business case and there are two recommendations. The first one is "To encourage diversity of expert representation of PMRI standards development and to explore methods for reducing barriers to participation. The Secretary should (a) fund demonstration projects to explore outreach; (b) seek comments on development of implementation guides through the Internet and (c) make teleconferencing facilities available for participation in standards development."
MR. BLAIR: Comments?
DR. YASNOFF: Jeff, Bill Yasnoff here. I have two comments.
On (c), make teleconferencing facilities available, I assume what we mean is make existing government teleconferencing facilities available. I assume you we are not asking the Secretary to build specific new teleconferencing facilities for standards.
Then on the --
MR. BLAIR: Let me check that everybody else feels okay with that addition.
DR. COHN: Yes, we are fine, yes.
MR. BLAIR: Okay.
DR. YASNOFF: On (a), fund demonstration projects to explore outreach, can we say outreach to whom, like outreach to whoever it is we want outreach to, underrepresented groups, people who find it difficult to travel. Whatever it is we are saying, let's say it.
MR. BLAIR: Good. Excellent.
How about the rest of the committee? Feel okay with that change?
DR. FITZMAURICE: I don't know what letter (a) means. Fund demonstration projects to explore outreach. Does it mean to explore paying travel of private sector experts to get to meetings and see if that speeds up standards development?
MR. ZUBELDIA: I would change it to fund outreach projects, demonstration projects to explore --
MR. BLAIR: Outreach projects instead of demonstration projects.
DR. FITZMAURICE: I am going to give you my guess as to what I thought outreach was, but I am not sure that is it. I am not sure that anybody reading it will know what outreach projects are. Reaching out to somebody.
MS. AMATAYARUL: Fund outreach projects to underrepresented groups.
DR. FITZMAURICE: For participation in standards development process in PMRI standards development. I can tell you a recent private initiative that had some federal involvement we certainly helped defray travel for people who were -- who otherwise would not have been able to.
MR. BLAIR: I think the key word is "participation" because we are not saying that it should be funded for everybody to attend, but there may be a variety of ways to encourage participation without always having attendance.
DR. FITZMAURICE: Fund demonstration projects to explore methods for improving participation.
MR. BLAIR: Did you intend to go back to the word "demonstration projects"?
DR. FITZMAURICE: Yes.
DR. COHN: Why?
DR. FITZMAURICE: Because it sounds like a demonstration, to demonstrate that funding projects to get people to participate may be worth the cost. It may not be worth the cost. It is demonstrating the value of it or the lack of value of doing this.
DR. COHN: Maybe it is fund outreach and demonstration projects?
MR. BLAIR: Or fund outreach projects to demonstrate maybe. No?
DR. FITZMAURICE: I don't know what outreach is.
DR. COHN: Why don't we hold that question for next time?
MR. BLAIR: We have gotten far enough on this and, you know, we are close enough and we will wordsmith it some more at the next meeting.
MS. AMATAYARUL: 22 is "To promote the retention of open markets for U.S. health care information system vendors internationally. The U.S. must make sure that international standards for PMRI do not discriminate against U.S. interests. To do so, the Secretary of HHS should support U.S. participation in international standards development organizations and explore incentives or subsidies to U.S. organizations that serve as secretariat/provide technical assistance and the Secretary of the Department of Commerce should monitor the activity of U.S. health care information systems vendors abroad and take appropriate steps to correct issues."
MR. BLAIR: Correct issues?
MS. AMATAYARUL: That is what we said.
DR. YASNOFF: Jeff, you picked up on my comment. What issues do we want corrected? We have to be a little more specific than that. I think we -- we know what we want but it doesn't say it here.
MS. AMATAYARUL: Imbalances?
MR. ZUBELDIA: I would say to correct anticompetitive activities or something like that.
DR. FERRANS: Could someone give me a little background on what we are -- maybe I missed that testimony.
MR. BLAIR: Could I volunteer the background?
One of the things -- and I am going to try to choose my words carefully here -- there are many countries in the world that have looked at health care information systems as an opportunity for a new industry. A number of those countries have felt as if the U.S. dominance with health care information systems is a threat to a growing industry that they have.
While they have had difficulty competing directly with some of the U.S. vendors, among the things that they feel that they could use is if they have local or regional standards that meet their needs in their part of the world. If that could be, without making it an illegal barrier, it serves as a de facto to U.S. companies.
So, if we are not actively present with experts in those international standards meetings, there is a concern that those meetings would pass standards that are detrimental to U.S. interests.
DR. FERRANS: Okay. My other question was the language at the top about we must make sure that standards do not discriminate against U.S. interests, do we need language that is that strong or do we want to say something like so it is compatible with or in sync with, however we would say it?
DR. FITZMAURICE: I would go with "compatible." That is just what I have written down, rather than to make sure that they don't discriminate against us. Does anyone have any thoughts on that?
I think it reads a little publicly better as compatible, even if we know that the interest is, that we don't --
MR. BLAIR: What is the general feeling of the group?
DR. COHN: That is fine. It is cosmetic.
MS. AMATAYARUL: Next section is relationship to NHII and here we have -- the first one is "To ensure consistency with the recommendations made to the Secretary of HHS by the NHII subcommittee within NCVHS. This work group supports those recommendations."
DR. COHN: Is that a placeholder?
MS. AMATAYARUL: Well, I had a question about this because I thought this report was ultimately coming from NCVHS. Do we need to say this?
DR. COHN: No. I mean, unless there is some -- I mean, if there are particular recommendations that are appropriate, we could include it in here.
MS. AMATAYARUL: Well, there are some later that we
can --
DR. COHN: That is right, but I haven't seen any -- I mean, if there are -- there is something from the NHII subcommittee or work group actually, then we can include them as a recommendation. I just don't think they -- they haven't started making recommendations yet, I don't believe.
MR. BLAIR: Well, I think that by the time this report hits the Secretary, there will be the proposal for the concept of an NHII. As a matter of fact, I believe John Lumpkin is really targeting that by June we have a proposal to submit. This was intended to indicate our support for that.
DR. COHN: Well, Jeff, I guess I will have to make a comment. If the recommendation that the NHII subcommittee has is for a concept, I mean, that is fine. That is not an actionable item. If there are actions, then we can put things in here, but for the moment, it doesn't sound like there needs to be anything in here on this.
MR. BLAIR: Let me say one other piece and then if you feel like this still doesn't make the case, then that is fine.
The other piece is that the concept of the National Health Information Infrastructure with those three dimensions, the caregiver dimension is -- well, actually, the caregiver and the personal dimension are heavily focused on patient medical record information. There is a great degree of overlap and expansion and reinforcement there.
So, that was the only reason why we thought that we should indicate that we feel like those recommendations are in sync with everything that our work group is proposing. That is all -- do you still feel like it shouldn't be in there?
DR. COHN: I just have not seen anything yet that the work group is proposing that is in any way actionable.
MS. AMATAYARUL: I think we have another recommendation here that addresses those issues that Jeff talked about. So, if we delete that, I think the one that we have got would stand on its own.
DR. FITZMAURICE: Could I suggest that on one of these, letter C, that we might consider putting that under the business case issues that the Secretary should monitor international PMRI initiatives for their application to the U.S. health system and the health of its population. In other words, be aware of what is going on outside your own building.
DR. COHN: Good point.
MS. AMATAYARUL: Mike, will you repeat that for me. I was trying to move it.
DR. FITZMAURICE: The Secretary should monitor international PMRI initiatives for their application to the U.S. health system and to the health of its population.
MR. BLAIR: I heard kudos around the room, so, that is good.
MS. AMATAYARUL: Do you want me to read the rest of these?
DR. COHN: Yes.
MS. AMATAYARUL: To promote the development of a National Health Information Infrastructure, the Secretary should support basic health informatics research on data representation, data mining methods, work flow, change management and human computer interface, including for consumer interaction with their health records.
(b) Provide incentives for the use of health care information systems so that the cost of these systems is shared by all who benefit. All parties, including the government, should pay market rates for transactions. And (c) provide incentives to accelerate the development and implementation of U.S. NHII, including demonstration projects, test beds and/or networks.
MR. BLAIR: Comments.
DR. COHN: Actually, I have a comment only because I am not sure -- I am sure this is something that I have to look at Kepa to see how this sentence got in there. It says, "All parties, including the government, should pay market rates for transactions." I just wasn't sure what that -- I am just not sure what the issue is.
DR. FITZMAURICE: I don't know how we would define "market rates" exactly. Is it the lowest rate for a drug, the highest rate for a drug or the average rate for a drug?
DR. COHN: I am just not sure what the -- these are separate issues actually.
DR. FERRANS: Are we recommending transactional models for information systems?
DR. COHN: I think we are -- provide incentives for the use of health care information systems so that the cost of these systems is shared by all who benefit. I think that is fine. The second sentence, I am just not sure -- it seems that there is a hidden agenda there that I just don't know what it is.
DR. FITZMAURICE: It is not clear to me either.
MR. ZUBELDIA: I am not sure why it got included into this point.
MR. BLAIR: Margaret, can you --
MR. ZUBELDIA: When we talked about it was the fact that in today's environment, HCFA or Medicare is basically the only one that doesn't pay for claims transactions or for eligibility transactions. They are not paying for the cost of the data processing and communications. They are paying for the attended lines, but they are not paying for the cost of data processing. Everybody else is paying for it. So, there is actually a cost shifting with clearinghouses and vendors. In the EDI world, to file a claim to a commercial insurance company costs zero to the doctor, but if the doctor wants to file a claim to Medicare through a claim house or through another network or through a vendor, they have to pay. That is creating an imbalance.
MS. AMATAYARUL: I think that was the issue that was trying to be addressed here. Can you propose a recommendation to bring that into balance?
MR. ZUBELDIA: We have talked about paying the marginal cost in other places and I think that in those points where the incentive is for the Secretary to pay the marginal cost, I think that would cover this need.
MS. AMATAYARUL: All parties, including the government, should pay the marginal cost for transactions, that --
DR. COHN: What do you mean by "marginal cost for a transaction"?
MR. ZUBELDIA: Well, the cost of a transaction -- and we have talked about paying for the cost of reporting, paying for -- I don't know if we need something this specific in this section. I think that it has been already captured in the rest --
DR. FITZMAURICE: I think I would argue for deleting that sentence.
MR. BLAIR: It sounds like everybody is inclined to delete it. How about Bill and David, do you feel okay deleting it?
DR. COHN: I have a comment about C also.
DR. YASNOFF: I am okay with deleting that.
DR. COHN: I actually like C but it needs some additional wording that relates it to the other recommendations, I think.
MR. BLAIR: What does C say?
DR. COHN: Development of a National Health Information Infrastructure. This has provided incentives to accelerate the development and implementation -- I guess if you look at C and the topic, it gets a little redundant.
DR. FITZMAURICE: It is actually D isn't it, Simon?
DR. COHN: Oh, it is D, I guess. It is actually C up there. It just -- there somehow needs to be a little more linkage between the National Health Information Infrastructure and PMRI and all of this somehow is woven in here. It just seems like it is a gratuitous recommendation.
MS. AMATAYARUL: Why don't we take that back and work on it some more.
DR. COHN: Great. I am fine with that.
MS. AMATAYARUL: The next section is on confidentiality.
DR. FERRANS: May I make -- before I get to that one, may I make a recommendation. I know this is sort of the 11th hour, but, you know, in the discussions with Rob Kolodner about how to appropriately reference the GCPR, given the progress that has been made, it is important in this. I am wondering whether or not we can have a very brief section on relationship to GCPR, since it has been discussed. I believe it -- at least to perhaps three hearings, we have received testimony and just a statement of support of some sort, so that there is a clear understanding that here is a project involving the lead agencies involved in providing health care for the Federal Government that is trying to utilize PMRI standards. In fact, they are trying to lead the way and that the Secretary should support this.
DR. FITZMAURICE: How about something like this, we recommend the Secretary should monitor and/or participate in the work of the GCPR and --
DR. COHN: I was actually going to make a slightly more global statement where the Secretary is encouraging activities that help promote the infrastructure and somehow linking the fact that GCPR is a lead example of one of those. But there probably are others also. I guess that was sort of how I was thinking that it ought to use GCPR as an example of something which -- I think really is helping to create the infrastructure.
DR. FERRANS: I think the other reason is that there has been interest and a lot of things about whether HCFA and other agencies in HHS would formally join the GCPR project and to the degree, I think, that the committee thinks that this is a useful project that is helping to accelerate PMRI standards or certainly is trying to work on a lot of those issues to have interoperable data between two very large health care systems, I think it is appropriate that we should it in.
MS. AMATAYARUL: Would this be separate --
DR. COHN: I am sort of looking and smiling at Richard only because if this were not a government activity, he would be under the -- what is it -- not the antitrust, the conflict of interest act and you would have to be eschewing from these discussions or making this point, but since it is the government, it is okay to discuss.
Anyway, go ahead.
MS. AMATAYARUL: Privacy. To ensure -- okay, this is another one of these recommendations that maybe we don't need -- to ensure consistency, this work group supports the recommendations of the other group. Take it out?
DR. COHN: Take it out.
MS. AMATAYARUL: Good.
To ensure that standards for privacy and security of PMRI are not violated in domestic or foreign business processes, the public and private sectors should incorporate strict provisions to protect confidentiality and data integrity in their business partner agreements.
MR. BLAIR: Comments?
DR. FITZMAURICE: I think this is being debated over at Department of Commerce in dealing with the European directive. I am not sure what we have to say about this.
MS. AMATAYARUL: There is also -- the next one is to ensure consistency with the European directive for data security initiative, work with Congress and the HHS to promote adoption of policies, practices and standards for health care that are consistent with that directive.
MR. ZUBELDIA: On the previous one, I think it is already part of the privacy NPRM.
DR. FERRANS: You know, I have been thinking about this and my sense is even though it is being dealt with elsewhere, if we don't mention it in the report, it will look as if we are not cognizant of the tremendous issues of security and privacy surrounding PMRI. I would recommend that we are mentioning it even though it is redundant with the work of other groups within the committee. It is a report going to the Secretary. We should make sure that the Secretary understands that we recognize the issues.
DR. COHN: I also think that this is an area where we may want to have the Subcommittee on Privacy and Confidentiality specifically review this section to see what else they think is appropriate for adding and the March meeting is the perfect frame to make that point. Because I agree with you. We can't -- it is a critical part of the discussion.
MR. ZUBELDIA: I think if we are going to do that, when this is sent to the entire NCVHS as a draft, at that point it needs to go with some sort of cover letter saying that this section is left for the privacy subcommittee to fill in. Otherwise, we are going to get slammed by not having addressed privacy.
DR. COHN: Well, I think we have it filled in. I think what we are asking is a secondary review from them and I think we can do it at the March meeting at the full committee meeting. I think there is time for that.
DR. FITZMAURICE: I think my concern with No. 26 is that here we have the national committee telling the public and private sector what they should do with regard to confidentiality and integrity and that may be addressed in federal legislation. It may be addressed in the privacy regulation. It is the strict provisions. I mean, the regulation will do that. We might recognize that it is important and encourage the Secretary to keep on safeguarding the confidentiality of patient medical record information that is individually identifiable.
DR. FERRANS: How about the Secretary should encourage both the public and private sector to incorporate, I mean, something -- because --
DR. FITZMAURICE: But she already did that with a report back in September of 1997.
DR. COHN: I guess I am confused. What is your issue with that one? It seems to be pretty straightforward. It may be redundant with all the things that are going on, but what is -- do you have an issue --
DR. FITZMAURICE: What is the action for the Secretary?
MS. AMATAYARUL: Yes. This is addressed to the public as opposed to the --
DR. FITZMAURICE: How is the Secretary going to enforce or encourage strict provisions, other than what she has done? Put out a report. Put out regulations.
MR. BLAIR: Could you read the sentence for me, please?
MS. AMATAYARUL: To ensure that standards for privacy and security of PMRI are not violated in domestic or foreign business processes, the public and private sector should incorporate strict provisions to protect confidentiality and data integrity in their business partner agreement. This is the one relating to the issue of offshore transcription, stuff like that.
MR. ZUBELDIA: How about the Secretary should require the public sector -- the public and private sector to incorporate strict provisions?
MR. BLAIR: Is that satisfactory with everyone?
DR. YASNOFF: Take steps to ensure.
MR. BLAIR: Take steps to ensure.
DR. FITZMAURICE: But does that mean that the current privacy regulation is deficient and this should be a comment on the current privacy regulation?
DR. COHN: We don't have a current privacy regulation.
DR. FITZMAURICE: But there is a draft --
DR. COHN: We have a notice of a proposed rule.
DR. FITZMAURICE: So, should there be a comment on this point in the NCVHS comments on that privacy regulation, draft privacy regulation? I mean, is that the place --
DR. COHN: Probably.
MR. BLAIR: Is this our last recommendation?
DR. COHN: There is one final one here that I am --
MR. BLAIR: I am sorry. I didn't mean to cut this off. Was there any other comments on this one before we go on to the next one?
DR. FITZMAURICE: Nothing really. I have expressed what I think about it.
MS. AMATAYARUL: We will work on it.
DR. COHN: We will work on it. It is not done yet.
MS. AMATAYARUL: The last one is to monitor violations of privacy legislation/regulation. The Secretary of HHS should establish a center for health care privacy reporting.
DR. COHN: Yes. That one, I actually was trying to figure out where that one came from.
DR. FITZMAURICE: Does this overlap with the enforcement -- if there is an enforcement branch or an enforcement part of the inspector general's office or office of civil rights, would this be -- do we recommend that this is in a different place than where enforcement takes place for privacy? Is it a research function?
DR. YASNOFF: I think we need to be -- if we want to recommend this, we need to be specific as to what this center should do. I mean, it is implicit that it has to do with health care privacy reporting, but do we want this to be a place where information is collected and reported to the public or, as Mike has mentioned, do we want this to have to do with enforcement?
What is it that we want this to do? It is not clear to me.
MR. BLAIR: You know, maybe what we could do with this is -- Bill Braithwaite indicated that they were probably going to set up I think within the Civil Rights Department of the Justice Department the enforcement procedures. Maybe we could see if we could link and reinforce that type of plan with this recommendation so that it would be either a function that can collect the instances of violations to be passed on to the Civil Rights Department or within the Civil Rights Department. Maybe we could do a little bit more homework to flesh this out.
DR. FITZMAURICE: Are we asking for policemen or are we asking for public disclosure of violations?
DR. FERRANS: It could be something as simple as a site where people could report.
MS. AMATAYARUL: Like CERT(?).
DR. FITZMAURICE: But they are likely to have that anyway as part of enforcement. If I think there is a violation, then I am going to call the privacy police, not the research center.
MS. AMATAYARUL: Could I just make one other comment?
DR. COHN: I have got one other thing for the appendix, but go ahead.
MS. AMATAYARUL: I revised the message format in medical terminology and that was passed out to you. You have got a copy of that.
MR. BLAIR: I don't think I did, though.
MS. AMATAYARUL: It is to your left, Jeff.
MR. BLAIR: Thank you.
DR. COHN: I actually had one comment about appendix item, "Guiding Principles for Promoting Guiding Principles." There is something wrong with 11 and I think that it -- the second sentence is a problem, but if we are -- somehow a guiding principle at this level of specificity is almost more confusing. It says here, are consistent with the characteristics and attributes for clinically specific PMRI terminologies and then says these characteristics and attributes have been recognized within, I presume -- I don't know what scholarly in the industry, but --
MS. AMATAYARUL: Scholarly work.
DR. COHN: Scholarly works in the industry. Now, neither of those attributes -- and this is probably a place to either list those attributes and characteristics or footnote specifically which documents you are referencing or something because this one just sort of leaves you like --
DR. FITZMAURICE: It is not likely that they would be supported by a standard developing organization or even become a standard if they didn't meet those characteristics and attributes and if they didn't, the standard developing organization probably has some good reason for it and it is probably something that should be debated at that level.
MR. BLAIR: I don't quite understand what you are saying. Say that again, please.
DR. FITZMAURICE: It says are consistent with the characteristics and attributes for clinically specified specific PMRI terminologies. We don't know what they are at this point, but we can certainly believe that the standard developing organizations would have to consider them as they take a PMRI proposed standard and make it a standard.
DR. COHN: Well, actually, I think we know what they are. It is just that there is a whole bunch of things that we have identified and we either need to come up with a --
DR. FITZMAURICE: A desiderata?
DR. COHN: A desiderata or a -- list them or something because it is a little too high level to be -- I don't think it is a big deal.
MR. BLAIR: We can do that.
Is that our last recommendation? Then let me just discuss with you a little bit about, you know, our next steps here.
By the way, thank you, gosh, everybody. We worked until 7:30 last night. Folks hung in with us through all of this stuff and, as you could tell, we really thrashed out a lot of things, even though we have more to do. I have heard from so many people that they really are pleased with the document, even though the process is arduous.
Margaret, thank you especially for the way you have gone ahead and facilitated and enabled all this stuff.
MS. AMATAYARUL: You are welcome.
MR. BLAIR: I believe that -- was it Jackie or Margaret that asked for us to get the version that is going to be distributed at our full committee meeting to them by this next Friday. Is that correct?
MS. AMATAYARUL: Marjorie had said -- Marjorie Greenberg had said that things needed to be into her by February 11.
MR. BLAIR: February 11.
MS. AMATAYARUL: At least that is what I heard her say.
MR. BLAIR: Margaret and I will make sure that -- we have already touched base on our calendars. So, we should be able to get the updates in place for the next version so it will be out and distributed.
Marjorie, are you here?
DR. COHN: No.
MR. BLAIR: She is not. I am assuming that if she gets it by the 11th, that she will have it distributed probably a week before the full committee meeting.
DR. COHN: Send this to Jackie.
MR. BLAIR: Yes. Okay. Are there any other issues or concerns or processes with respect to the report to the Secretary that --
DR. COHN: I guess the only question -- the only thing that I have to just wonder about and that is the question of how we are going to deal with the two and a half hours at the NCVHS meeting. Are we going to have Margaret walk everyone through the recommendations?
Just an interesting thing to think about.
DR. FERRANS: Background and recommendations. There should be a high level review of the background and then a step by step of the crucial observations and recommendations, not necessarily all the observations, but observations and recommendations and then there should be a -- are there any red flags that members of the committee are worried about or is it more wordsmithing and sort of take a temperature after that.
DR. COHN: I think we should probably try to keep away from wordsmithing since this is not the final report, but it is more conceptual issues, things that we are missing, things that are too far off that we are misperceiving, et cetera, et cetera.
DR. FERRANS: I think, I mean, it would just be my perspective, is that if we walk them through all the observations and recommendations, they got through that and they are okay, then that certainly would be the kind of consensus that would allow us to go forward and just, you know, edit the report leaving things intact but wordsmithing at --
MR. BLAIR: I think that that is probably the most efficient way really for us to do it in two and a half hours. I think we need to probably give a little bit more thought to it in terms of how it is presented and what we focus on. They are going to get the information beforehand, but many of them may be overwhelmed by this document in the same way that I tend to be overwhelmed by some of the population and others from other groups.
So, maybe we could have a conference call during this next week or two between Margaret and you and me and we could try to think of the way to help the group digest that information so that they can make constructive comments.
Is that okay?
DR. COHN: Yes. I think that sounds great. I was just bringing the issue up because that is really the next big issue.
MR. BLAIR: Yes. No, good idea.
DR. FERRANS: My only last question was were we okay with this whole data quality, quality of care?
DR. COHN: Probably not, but we have chances to go through it again.
MR. BLAIR: Actually, I don't think we were okay with a bunch of the things. There is still -- that one happens to be probably be more muddy than the others.
DR. COHN: The good news is that we are not done yet. This is still in process. But it is clearly time to get the input from the full committee. I think if we went to them in June, having worked on it as hard as we are working on it, I expect them to pass it the first time. Chances are zero.
MR. BLAIR: My last comment is to thank Simon for making the extra available to us today and for, you know, helping us at every step of the way.
We are adjourned.
[Whereupon, at 1:55 p.m., the meeting was concluded.]