Washington, D.C.
The Subcommittee on Standards and Security of the National Committee on Vital and Health Statistics held hearings on December 13 and 14, 2001, at the Hubert H. Humphrey Building in Washington, D.C.
The Subcommittee on Standards and Security held hearings December 13 and 14, 2001 in an ongoing process focused on HIPAA administrative simplification. During the two days, the Subcommittee heard ten presentations and talked with two panels representing the four patient medical record information (PMRI) message format Standards Development Organizations (SDOs) and the healthcare industry to learn about HIPAA readiness, industry surveys and observations, and identify next steps related to PMRI standards and successful implementation by October of 2003.
Mr. Rishel said the framework the Subcommittee described for dividing versions of HL7 (scheduled for phase-out, current and emerging standards) was simple and direct. He noted versions 2 and 3 had built-in extensibility mechanisms and healthcare organizations (HCOs) ran a mixture, adding new interfaces at the highest level while running existing interfaces on older versions. HL7 plans to release a version 2.5 in parallel with version 3.0 to meet urgent needs driven by regulatory decisions through version 2's automatic extensibility mechanisms, without conversion to version 3. HL7 proposed that the Committee include language in the recommendation supporting adoption of additional version 2 standards certified by the American National Standards Institute (ANSI). A joint effort was underway with NCPDP to identify detailed interoperability issues with NCPDP SCRIPT. Work was also underway to support an interchange for DICOM imaging and other clinical systems that use HL7 as the primary standard. HL7 expects version 3 to be fully implementable in 2003-2005.
NCPDP estimated 90 percent of pharmacy and physician-interface software vendors, and value-added networks/switches had or were adopting the standard. Ms. Gilbertson suggested the Committee recommend both current version 1.5 and version 4.2 (completing NCPDP balloting and ANSI accreditation) for PMRI for the SCRIPT environment. The SCRIPT implementation guide covered much of the business functionality; it detailed each field, segment and message, explaining both the technical and business sides. SCRIPT standard handled both text and codes to identify drugs or products. NCPDP had given HL7 an overview of SCRIPT for pharmacy /prescriber transactions for retail environments and HL7 provided an update on medical orders and transmission of lab and other data in inpatient institutions. The two SDOs were discussing collaboration on code sets and identifiers. Understanding nomenclature was their immediate goal; they were exploring common XML syntax and mapping interoperability long-term.
Mr. Cooper said IEEE 1073 was still an emerging standard, but he outlined data points indicating market support. Prototyping/demonstration projects implementing each device specialization result in specification documents and sample software. A number of companies expressed interest in providing conformance-testing services. The IEEE 1073 committee worked with HL7 LAPOCT SIG, to define messaging scenarios that require interoperability. IEEE plans to create one or more Internetworking standards (1073.5x) for HL7 gateways. Registration of the IEEE 1073 nomenclature with HL7 should conclude in January. A detailed comparison of IEEE P1073.1.2.1 Domain Information Model and HL7 RIM and LOINC nomenclature recently completed within CEN/TC251 indicated that each set of protocols appropriately addressed unique issues in their problem spaces and didn't overlap. Mr. Cooper said IEEE and HL7 LAPOCT SIG could identify and generate mappings at the model and nomenclature levels for specific communication scenarios where messages had to be translated and conveyed.
Mr. Clunie explained DICOM was an international organization (with an ANSI-accredited primary secretariat) working to become an ISO standard. There was only one version of DICOM. The DICOM and HL7 joint working group strove to harmonize their information models. Their focus was to ensure RIM and explicit information 2.X versions of HL7 conveyed were consistent with DICOM's methodology. Another major focus was achieving consistency in how both SDOs dealt with reporting. Capabilities DICOM expected to be mature by the end of 2002 or 2003 include network configuration services, MR and CT information objects that address new technology, and computer-assisted detection and diagnosis objects. DICOM was adding the ability to replace and encrypt original attributes in an object in DICOM and harmonizing its audit trail strategy with other SDOs. DICOM's proprietary query retrieve mechanism was based on the DICOM protocol; there were no plans to add a SQL mechanism. DICOM's success was predicated on interoperability derived from conformance based on accepting the whole path through the layers of the iso-communication model: the information model and the data structure were inseparable.
Dr. Yasnoff presented the national agenda for public health informatics (PHI), summarizing recommendations reflecting the views of the 500 representatives from public health and informatics at the American Medical Informatics Association's May meeting. He noted two themes. One: the need for coherent governance of PHI activities: including all stakeholders, standards established and consistently used, confidentiality policy developed and monitored, best practices identified and disseminated, and improvement promoted through research. And two: basic skills for the entire public health work force and advanced skills for decision makers.
After hearing testimony, the Subcommittee amended their draft of a letter to the Secretary making recommendations for the first set of PMRI standards. Members noted they didn't have enough information about vendor acceptance and usage of IEEE 1073; Mr. Blair will e-mail Mr. Cooper requesting explicit information. Members discussed conveying generically the need for additional harmonization data elements and definitions and encouraging negotiations between DICOM, IEEE, HL7 and X12 to harmonize data elements within their existing systems. They noted apprehension that using RIM as a converging point might force some SDOs to redesign all their transactions, and they expressed concern at not being able to engage X12 in this dialogue. Dr. Cohn noted unresolved items, major improvements made, and that the draft needed formatting. Ms. Burke-Bebee will help reformat and Mr. Blair will distribute the revised draft to members, SDOs and other interested parties for additional comment. Members and staff were asked for names.
Ms. Humphreys led the discussion about the February hearings focused on local codes, DSMO update processes, and developments and perceived needs for modification/additions to HIPAA code sets for procedures. Members decided they'd have one day in February for starting on procedures and another in April to talk about diagnosis codes, probably continuing throughout the year with issues related to both. They also noted there were immediate issues with non-medical code sets to look at in February and that unintended consequences of the one-year delay might have to be dealt with quickly.
Dr. Loonsk said the Centers for Disease Control and Prevention (CDC) viewed PMRI standards as a substantial movement toward timely access to the well-structured data from the clinical care environment that public health needs. He talked about CDC activities and views on the framework developed in yesterday's session for PMRI standards; referenced ongoing CDC and public health activities relevant to the Committee's work; discussed the National Electronic Disease Surveillance System (NEDSS) initiative, its use of standards, and how that relates to the work of the Committee; and related these issues directly to the activities of October 4, subsequent bioterrorism (BT) attacks, and public health's pressing needs related to these activities. Dr. Loonsk noted ongoing issues with vocabulary, needs for meta data to enable descriptive presentation of data for efficient retrieval and analysis, and that many implementations weren't broadly applicable/exchangeable. He said CDC hoped the Committee would give priority to vocabularies and code.
Dr. Trapp noted WEDI/SNIP studies indicated healthcare practitioners alone could realize $30 billion in savings each year by moving to a completely electronic insurance processing system. He said HIPAA's final rule on transactions and code sets was a move toward administrative simplification, and that adoption of a single, neutral national identifier had merit. Dr. Trapp noted dental offices couldn't be ready for HIPAA until they knew what actions to take to be in compliance with the privacy and security provisions, but he said, given sufficient lead-time, dentists would be ready to comply with HIPAA requirements.
Mr. Klein summarized results of the fourth iteration of Gartner's survey assessing how the healthcare industry was responding to current and impending regulations for compliance with HIPPA. Some 78 percent of payers and 68 percent of providers had begun assessment, however payers only completed 42 percent of the tasks--providers, only 21 percent. Only 26 percent of providers completed a gap analysis or risk assessment on the transaction and code set regulation. More than a third of payers (who carry the bulk of the workload with the mandates) hadn't finished. Mr. Klein cautioned that providers had to understand and plan for the significant amount of work ahead. Only 15 months away from mandatory compliance, 89 percent of providers hadn't completed a privacy risk assessment. And no provider panelists completed a HIPAA cost benefit analysis. Mr. Klein affirmed that a one-year extension recognized reality relative to the transaction and code sets. Virtually no HCO had completed any of the implementation and testing milestones of levels IV and V. He cautioned that unless provider organizations stuck in level I and II tasks dedicated tremendous internal energy and resources, or immediately sought third-party assistance, they might not make October 2003.
Healthcare Information and Management Systems Society (HIMSS) acted as neutral third-party data collector and analyzer in a survey of the status of 28 leading healthcare IT vendors' software products' compatibility with mandates for the Transactions and Code Sets rule. Ms. Sensmeier said vendor companies appeared to have made significant gains toward meeting the compliance deadlines of the HIPAA Transactions Code Sets rule. A majority of the reported products would support electronic transactions in the X12 format 4010 version; a lesser number would support HIPAA data content. A third-party certifier had tested about two-thirds of the electronic transfers that would be supported: all products were reported to be available as HIPAA compliant by October 2002. Most vendors were providing free upgrades and were ready to assist in installing modified software. Ms. Sensmeier said HIMSS, as a member of the Coalition of the Health Information Policy (CHIP), had expressed opposition to legislative proposals that would delay the October 2002 compliance deadline.
Ms. Yeager described a survey focused on identifying key issues and challenges related to HIPAA implementation of transactions code sets and privacy. She discussed successes and challenges encountered in the implementation process and needs identified, focusing her comments on health plans and hospitals. Some 41 percent of respondents said gaining executive buy-in was their greatest success; 35 percent said, for them, success was getting started. Respondents had considerably less success coordinating testing with trading partners. Ms. Yeager noted a higher percentage of hospitals considered executive buy-in a success, while health plan respondents tended to interpret the regulations a success. Some 30 percent of both experienced the most difficulty with technical issues and interpreting regulations. Proportionally more health plans had difficulty gaining executive buy-in, while more hospital respondents had difficulty finding credible sources and coordinating with trading partners.
Mr. Fusile summarized key concepts of HIPAA Myths, Practical Realities and Opportunities: The Work Providers Need to Perform for Standard Transactions and Code Sets, a document PricewaterhouseCoopers prepared to aid clients in the provider community dispel myths that fostered inactivity.
Ms. Trudel outlined the role House Rule 3323 defines for the Committee in the review of model compliance forms. Members discussed how to develop the form and questions for industry. In February, the Subcommittee will get industry input, see concepts and model forms, and consider how to proceed, given another year, and what HHS, NCVHS, and the private sector can do to make this successful. Members agreed that the process needed to be simple and, above all, helpful to the industry and the patient.
Mr. Scanlon discussed the Committee's obligation to report annually to Congress on the implementation of HIPAA. The 2001 HIPAA annual report was submitted in March. Noting that was a year of transition, Dr. Cohn asked members to review last year's executive summary focused on the status of implementation, industry response and major barriers to implementation. He visualized two broad themes: (1) moving toward implementation, the June letters, recognition that the industry required a delay, a comment to Congress on the Committee's actions based on the law passed, and how to ensure this process moved forward; and (2) a parallel piece assembled by the Privacy and Confidentiality Subcommittee. Members noted this was becoming an integrated suite of issues with both Privacy and Population Subcommittee concerns. Mr. Scanlon suggested the Subcommittee begin with the letters, proposed and final rules, the delay and anything else that changed the factual situation. Members set a goal of having a draft report for the February Subcommittee meeting and a final report for the full Committee to approve during those sessions, subject to changes. Ms. Greenberg suggested notifying the entire Committee of the time frame, pointing them to the HIPAA report on the Web site, and inviting suggestions for additional topics.
Dr. Cohn welcomed everyone to the first of two days of hearings of the Subcommittee on Standards and Security of the National Committee on Vital and Health Statistics (NCVHS), noting this is the main public advisory committee to the U.S. Department of Health and Human Services (HHS) on health and national health information policy. He explained that the focus of these hearings was to identify next steps related to PMRI standards. After hearing testimony, the Subcommittee hoped to conclude a draft of a letter to the Secretary making recommendations for the first set of PMRI standards. The next day would focus on the status of implementation of HIPAA administrative simplification and on preparing NCVHS's annual report on that topic.
Mr. Blair noted a 60-page report conveying the framework for PMRI standards and a set of guiding principles was delivered to the Secretary in August 2001. The first step in selecting PMRI standards based on that framework was looking at PMRI message format standards, and the Subcommittee set a self-imposed target of February 2002 to make recommendations. The group fine-tuned the guiding principles so they were appropriate for message format standards and reviewed them with the PMRI SDOs. The SDOs responded to subsequent questions and in October members heard testimony from vendors and users of PMRI standards and began drafting recommendations to the Secretary. In the draft, the Subcommittee considered identifying HL7 as the core PMRI message format standard, with DICOM, IEEE and NCPDP providing support in specific market segment areas. That afternoon, members would update the letter based on the morning's follow-up testimony concerning issues the four SDOs had and other data or definitions related to the HL7 RIM.
Mr. Rishel said the framework the Subcommittee described for dividing versions of HL7 (scheduled for phase-out, current and emerging standards) was simple and direct. Responding to industry guidance drafted for the current standard, Mr. Rishel noted key points about HL7's version 2 series and standards adoption: (1) changes in vendor products had a one-to-three-year implementation cycle and (2) HCOs had limited budgets and staff resources, prioritized, and saw no business benefit in changing interface solely to comply with the current standard. New capabilities in subsequent versions drove interface or standards adoption. Mr. Rishel noted nearly every good idea for version 3.0 had been put into version 2, diluting some of version 3.0's business benefits (e.g., a transliteration of the old syntax to XML that began with version 2.3.)
Noting versions 2 and 3 had built-in extensibility mechanisms, Mr. Rishel said current practice among HCOs was to run a mixture of HL7 versions, adding new interfaces at the highest level available, while running existing interfaces on older versions. Systems using different versions of 2.X should be able to accept and process each other's messages, though older versions couldn't utilize newer exclusive features. Mr. Rishel said this enabled institutions to adopt subsequent versions when: (1) they contained features responding to regulatory imperatives (e.g., ambulatory payment classifications) or (2) to avoid a forced ripple effect when implementing upgraded versions. Mr. Rishel clarified that establishing RIM necessitated HL7 breaking, then reinstating, extensibility as it sequences through version 3. Going from HL7 version 2 to 3.0 involves extensive use of software mapping, integration, and broker tools, but Mr. Rishel reported HL7 demonstrated at the Health Information Management Systems Society show that version 3.0 lab orders translated in an integration broker could be sent to a version 2 system.
Mr. Rishel said HL7 would release a version 2.5 in parallel with version 3.0., so users with urgent needs driven by regulatory decisions could move new information content through version 2's automatic extensibility mechanisms, without the "fairly revolutionary" conversion to version 3. He said the committee that works on demographic and administrative data was looking at the HIPAA transaction standards and requirements for a clinical system (e.g., a laboratory system) to collect that data at point of service and transfer it to the billing system (historically done using HL7). HL7 worked with other SDOs to ensure compatibility and would modify subsequent versions 2 and 3 to achieve tighter integration with other PMRI standards. HL7 acknowledged the potential for confusion between new versions of the two series--but he said, absent regulation stronger than anticipated in the Subcommittee's letter, HL7 could only let market forces drive version 3.0. Mr. Rishel predicted version 3.0's advantages (e.g., the information model and superior utilization of XML) would trigger adoption as sizeable institutions successfully interfaced. HL7 expects version 3 to be fully implementable between 2003 and 2005, depending on whether or not recommendations in the letter for support of early adoption programs are implemented in 2002.
Mr. Rishel said recommendations to HHS designed to accelerate development and implementation of HL7 version 3 were useful and appropriate. Asked if he foresaw subsequent emerging 2.X standards beyond version 2.5, he reiterated the good business reasons for gravitating toward version 3.0, but said HL7 was a consensus organization and, faced with the immediacy of regulatory imperatives linked to recent events, HL7 couldn't rule out version 2.6. That was why HL7 proposed categorizing subsequent versions (with extensibility) as current standards. In recognition of the extensibility of the version 2 series, HL7 proposed that the Committee modify the recommendation to include language supporting the adoption of additional 2.X standards certified by ANSI, in order to meet regulatory standards for interoperability with other PMRI standards.
HL7 hadn't studied interoperability issues with IEEE 1073. A joint effort was underway with NCPDP to identify detailed interoperability issues with NCPDP SCRIPT. Issues primarily related to the greater complexity of the HL7 pharmacy order (designed for the inpatient environment) and including features for intravenous preparations and more elaborate administration protocols. He emphasized that interoperability had to be linked to the business case. Work was underway to support an interchange so DICOM imaging and other clinical systems using HL7 as the primary standard could work in parallel, refining the ability to exchange data about the patient with concurrent operations to retrieve, display and manipulate images.
Noting they'd neglected to include X12 in the various versions of standard coordinations, Dr. Cohn reflected that the world tended to view administrative and clinical data standards as different, but that he was struck by the overlap. Mr. Rishel said business issues drove some of that: X12 and HL7 tried over the years to jointly model data. He remarked that data modeling involved different ways of thinking and a life change within an organization. Both SDOs invested enormously in developing a methodology to get a consensus data model, each believing it knew the absolute truth. X12's efforts at data modeling appeared to Mr. Rishel more nascent. HL7 built the whole conversion around it and still couldn't drive forward. But HL7 invited participation in developing what he said had to be done anyway because of the business relationship between capturing data from various systems and transferring it to the patient. The goal was to make RIM as complete as possible.
Asked the nature of HL7's coordination with NCPDP, Mr. Rishel said standards groups worked best together with substantial diplomacy. Effective organizations addressed business issues of their constituencies--leading to different perspectives on data content, syntax, and characteristics such as real time that weren't always clear from the specifications. An interoperability approach was necessary so that the pharmacy orders' data content could be compatible, syntax translatable, and the business functions matched. If the NCPDP transaction had a business function HL7 didn't explicitly recognize, it had to be known and met either by mapping from the existing standard or modifying it to change the business function. Given the considerable time already expended by resources in HL7 sufficiently familiar with RIM to accelerate work, Mr. Rishel said funding contractors to develop proposals could facilitate discussion and accelerate the consensus process.
Mr. Rishel mentioned two areas where there was an interface between messaging standards and other areas of importance for a national health information infrastructure (NHII). HL7 had worked extensively in version 3.0 on the matching of a structure to a code system and Mr. Rishel cautioned that recognition of the use of codes for different business functions and in different domains had to be addressed carefully. He also pointed out disparities between the NHII and the technology of the Internet. Changes in general horizontal standards were creating the potential for the Internet and XML to form an information infrastructure, but he was disappointed in the lack of an interoperable standard for exchange of data that met requirements recognized implicitly in the draft HIPAA standard: confidentiality, authentication, integrity and nonrepudiation. He said the Internet Engineering Task Force proceeded at a glacial pace; even as the EDI standard came out it lagged behind the technology. Mr. Rishel encouraged the Committee to facilitate promulgation of those standards or work another group in OASIS inherited from EBXML. He noted AFFEC had a new initiative and said its study of interoperability was an important step toward NHII.
Asked whether NCVHS should consider what had to be done to oversee and encourage movement toward commonality of definitions or if SDOs could handle this by collaboration, Mr. Rishel pointed out that the issue of focus and attention to business functions came strongly into play around data definitions. Some areas in X12 and HL7 were closely matched, because in HL7 they represented a business function with a specific operational goal of gathering information for use in X12 transactions. He said crossover in membership grew as a result of HIPAA, and there would be some progress focused on the more important business functions.
Mr. Rishel said difficulties in achieving commonality were related to differences in methodology and approach (e.g., each standards group identified certain data objects categorically). They had a common element in the information model and used codes within the data, rather than different data objects. But the mapping was complex and any effort to promote interoperability, beyond what happened automatically in business functions, required fairly sophisticated methodology, which SDOs viewed as deferring resources from meeting urgent business functions. With sophisticated methodology, cooperation among organizations could be facilitated. But it wasn't easy--and was diversionary.
Dr. Fitzmaurice said he appreciated the insight into how SDOs work individually and together. He summarized that he'd heard this was a legitimate, global need, but because current business needs drove the standard developing processes, it would take an external mandate--HL7, however, would prefer external funding to achieve global support of definitions. Dr. Cohn observed that differences in style between UB92 and X12 created a major issue during the fast track process. Recalling that the Committee had to pull back when they tried to make NDC the universal code for all drugs across hospitals and outpatient, Dr. Mc Donald suggested that, as SDOs collaborated, they'd integrate elements that worked. Members observed that part of the problem was the lack of a drug code that could serve these purposes and noted FDA was funding development of better codes.
Responding to the perception that SCRIPT standard mostly was implemented and utilized by large pharmacies, Ms. Gilbertson said large and small pharmacies as well as physician interfaces adopted the standard, but larger companies had more visibility. NCPDP estimated 90 percent of pharmacy and physician interface software vendors, and value-added networks/switches had or were adopting the standard. Some 5,000 QS/1 customers and 4,000 Walgreen stores using PDX software were capable of processing e-prescriptions. Ms. Gilbertson noted there were also initiatives like SureScript System, a collaborative effort of large and community pharmacies (National Association of Chain Drug Stores and National Community Pharmacy Association) to support SCRIPT implementation. Mr. Guinan said ProxyMed had some 5,000 registered physicians on its network. He estimated between 5,000-10,000 physicians actively used SCRIPT standard to transmit prescriptions electronically. He added that the software systems used represented a much larger universe, predicting that over 150,000 physicians would eventually use the same standard. He said ProxyMed had some 20,000 pharmacies with NCPDP SCRIPT-based connectivity capability on their network. And he noted that Tech Rx, which represented another 22,000 pharmacies, had adopted SCRIPT standards. Mr. Guinan noted the prescription process received attention because it made it possible to fix medication errors and other problems, but the SCRIPT standard was composed of many transaction types.
Ms. Gilbertson suggested the Committee recommend both the current version 1.5 and version 4.2 (which was completing NCPDP balloting and ANSI accreditation) for PMRI for the SCRIPT environment. Ms. Gilbertson noted the 225-page SCRIPT implementation guide covered much of the business functionality. In addition, a SCRIPT standard outlined the message syntax. Along with new prescriptions, SCRIPT handled refill requests and responses, change requests to new fills, and compliance transactions done in an online, real time environment. The implementation guide diagramed how these conversations took place technically, including business examples with field definitions, showing how prescription information data flowed diagrammatically and syntactically, with follow-up explanations. The guide detailed each field, segment and message, explaining both the business and technical sides. External and internal code sets were referenced and there were frequently asked questions.
Ms. Gilbertson clarified that SCRIPT standard handled both text and codes to identify drugs or products. It handled the SCRIPT definition of fields for the drug, strength, and quantity as well as the code sets, NDCs, UPCs, HRIs, smart keys, GPCs, and other identifying values. The way what the doctor wrote in text was entered into the system (e.g., pull down lists based on most commonly used prescriptions) depended on the business practice and how the vendor chose to implement. Once transmitted, the pharmacy dispensed by NDC codes. Other information was captured in the pharmacy system; following up on a refill, a pharmacy could send information about what was dispensed as well as prescribed.
Mr. Guinan noted only about 25 percent of the three million online prescription transactions that run through ProxyMed's network yearly identify the drug with an NDC code. If a pharmacy sent back a refill request identified by an NDC, a physician's office that had an electronic medical record system could perform functions like drug interaction checking. The lack of a universal code set or specific ID for drugs didn't preclude the system, but it limited functionality.
Asked about the status of negotiations between NCPDP and HL7, Ms. Gilbertson emphasized collaboration. Volunteers staffed both SDOs and HIPAA and clarifications on transactions and code sets and the privacy regulations occupied much of the memberships' time. NCPDP had provided an overview of SCRIPT for pharmacy/prescriber transactions for retail environments and HL7 provided an update on medical orders and transmission of lab and other data in inpatient institutions. They were discussing collaboration on code sets and identifiers. The short-term goal was understanding the nomenclature. She reported they were closer than the public understood in terms of data and definitions, but mapping took time. She concurred with Mr. Rishel: the long-term goal was exploring a common XML syntax and mapping interoperability.
Mr. Guinan cautioned the Committee to make sure implementation didn't conflict with work DEA was doing on standards for data transmission and security of online prescriptions and with state laws governing pharmacy practice. Many statutes dictated prescription content, which persons could transmit messages and how they could be transmitted--some states didn't allow electronic transmission of prescriptions.
Ms. Gilbertson clarified that, in terms of patient safety, there wasn't a difference between versions 1.5 and 4.2. Dr. Cohn noted neither used a coded terminology that could support automatic drug-to-drug checking or had a drug terminology for prescription writing. Ms. Gilbertson explained the difference in the versions was additional codes: every time NCPDP added a value, the version release increased to indicate the dictionary used. Dr. Cohn asked if version 4.2, which was close to balloting, would be the current or an emerging standard. Noting Mr. Rishel's comments about the dynamics of adopting a new version, Mr. Guinan suggested version 1.5 be considered current and version 4.2 emerging.
Dr. Zubeldia noted some companies used XML prescriptions, while others used private standards. He asked to what extent these other standards caused a problem. Mr. Guinan said NCPDP SCRIPT was almost universally accepted. ProxyMed had adopted an XML implementation of the NCPDP SCRIPT standard and exchanged XML documents through the network and mapped the XML implementation back to an EDI implementation. The syntax of the SCRIPT standard was easily implemented in an XML document type definition and schema.
Ms. Julie Wolcott said the Institute of Medicine (IOM) had begun a study on data standards for patient safety reporting systems for adverse events. She noted medications were a big concern and asked how NCPDP SCRIPT standard played into an adverse event reporting system, particularly with regard to near misses. Ms. Gilbertson said version 4.2 included a DUE composite that conveyed reason for service, professional service codes, outcomes and interventions that allowed the transfer of documentation of adverse events to be included in the physician/pharmacy message. Mr. Peter Harrison, WebMD, said the biggest advantage of SCRIPT standard was it eliminated the handwritten prescription and illegibilities and misinterpretations. Doing the prescriptions electronically almost always meant the other system had the ability to do drug interaction, dose/age and dose/disease checks. The major safety advantage was the SCRIPT standard was simple to use.
Mr. Guinan said a transaction in the standard that allowed for transmission of a profile of all medications a patient took was under discussion. ProxyMed had implemented a profile request and response transaction set based on existing transaction types. It went outside the standard slightly, modifying the transaction type field. But the creation and adoption of a patient medication history request and response was in line with on-going work.
Dr. Mc Donald observed that the question regarding near misses involved a community pharmacy to office transmission, where the big drugs weren't used as often as inpatient. Ms. Gilbertson explained that the different vocabularies included NDC codes, UPCs, HRIs, smart keys, GPCs, and things related to generic nomenclature. Asked if a physician's office had to agree upon the same set of codes as the pharmacy, Mr. Guinan said there were cross-reference tables, but also chance for error if they were at different granule levels. Tables weren't the preferred mode of operations. Most physicians wrote prescriptions on the encounter form or chart, similar to a lab or radiology order, and staff interfaced with the system. Medical records departments prepared the majority of refill authorizations, with the physician checking off a printed chart. Mr. Guinan noted the trend changed, as physicians making the business decision became computer savvy.
Mr. Bob Becker, SureScript, commented that patients went to multiple pharmacies, paid cash or by third party--There was no way for a doctor to query about all the medications a patient took. Dr. Kolodner agreed: ensuring the information was complete was a difficult issue; the question he'd addressed was whether any transaction would allow that information to be captured, assuming it could be constructed.
Dr. Yasnoff observed that all pharmacy management systems did drug-to-drug interactions, drug-to-dosage, and drug/disease interactions. If the prescription didn't come with an NDC code, it would always be translated to an NDC code when the pharmacy put it into their system.
Dr. Cohn asked if HL7 handling interaction between the inpatient pharmacy and the pharmacy with another standard would confuse pharmacists or providers. Mr. Guinan said in the past NCPDP mapped between HL7 and NCPDP SCRIPT prescription orders. Clinicians in the inpatient setting were used to sending more information than outpatient pharmacies could handle and sometimes there was business confusion. NCPDP SCRIPT had a smaller subset; it didn't contain all the data elements necessary to create a full HL7 prescription record from HL7's viewpoint. But an outpatient prescription could be viewed as a subset of the HL7 inpatient prescription standards; all the fields necessary to create an NCPDP SCRIPT transaction were present in the HL7 standard. Mr. Guinan said a prescription from an inpatient setting to the outpatient pharmacy was a viable scenario with existing standards.
Dr. Cohn also clarified with Ms. Gilbertson that the 1.5 to 4.2 family of standards (which by the time this came into use might include a version 5.2 or 7.2) had nothing unique enough among them to be an emerging standard, but were basically interoperable with backward compatibility.
While parts of the IEEE standard existed for years, Mr. Cooper said IEEE 1073 was still an emerging standard. But he noted: (1) Viasys Healthcare, a major supplier of respiratory equipment, recently announced the next generation Avea ventilator would only support an IEEE 1073 interface; (2) major device companies (e.g., Abbott Laboratories, Baxter Healthcare, Gambro, GE Medical Systems, Phillips, Siemens, and SpaceLabs) were participating members of IEEE-ISTO MDCIG, a non-profit organization working to complete and advance IEEE standards; (3) the IEEE 1073.3.2 transport standard was incorporated into the NCCLS point-of-care test communications specification, soon to be released as a transport for the medical device link; and (4) where appropriate, industry standard off-the-shelf technologies (e.g., IdDA protocols for IEE P1073.1.3 Framework and Overview standard) had been leveraged, driving down implementation and ownership costs and gaining broad industry acceptance.
Through IEEE-ISTO MDCIG, Mr. Cooper said prototyping and demonstration projects implementing each device specialization resulted in specification documents that include complete message definitions (down to the byte and bit level) and sample software. The IEEE P1073.1.3 Framework and Overview standard also provided general guidelines for implementation of medical device specializations. Additional implementation guides would be created as needed.
Asked about conformance testing, he said each device specialization standard within the family included an Implementation Conformance Statement (ICS) or Protocol ICS (PICS) indicating mandatory and optional capabilities selected and protocol extensions (e.g., for manufacturer device specific data or services). Each implementation, which combined different 1073 standards to provide a "full stack" implementation, compiled a full set of ICS tables specifying the precise functionality of the standard. The MDCIG plans to provide a profile registration service so implementation profiles (the full ICS set) will be publicly specified and referenced. Mr. Cooper said a number of companies expressed interest in providing conformance-testing services, a major topic of discussion at January meetings in San Diego.
Mr. Cooper noted IEEE and European partners harmonized activities internationally over the last year. Much of IEEE's work was based on two standards (CEN ENB 13734 and 13735) that CEN Technical Committee Workingroup 4 was partitioning and rolling into different 1073 standards. These CEN standards had ICS tables built in for the generic components (e.g., the domain information model).
Mr. Cooper said the IEEE 1073 committee was working with HL7 LAPOCT SIG, a laboratory automation point-of-care test special interest group, to define messaging scenarios that require interoperability between systems/applications enabled for HL7 communication and others supporting IEEE 1073 formatted data. He noted other key foci were the subject of a 2002 prototyping project: a telehomehealth application where point-of-care devices (e.g., glucometer, blood gas analyzer) using the new NCCLS POCT-1 standard worked alongside typical IEEE 1073 devices (e.g., ventilator, infusion pump, pulse-oximeter) to interface with remote applications. IEEE plans on creating one or more Internetworking standards (1073.5x) for HL7 gateways, identifying information model, nomenclature, and dynamic message sequence mapping needed to support interfaces between these environments. Mr. Cooper also noted that registration of the IEEE 1073 nomenclature with HL7 should conclude at the January meeting, permitting 1073 codes to be called out in HL7 messages, a requirement for a gateway.
A detailed comparison of IEEE P1073.1.2.1 Domain Information Model and HL7 RIM and LOINC nomenclature recently completed within CEN/TC251 entitled, Strategies for Harmonization and Integration of Device-Level and Enterprise-Wide Methodologies for Communication as Applied to HL7, LOINC and ENV-13734 indicated that each set of protocols appropriately addressed unique issues presented in their problem spaces and didn't overlap. Though systematic mappings could be established, Mr. Cooper said the most productive and appropriate approach would be to identify specific communication scenarios where messages sourced from one environment had to be translated and conveyed to applications in the other. The next step was for IEEE and HL7 LAPOCT SIG to identify and generate mappings at the model and nomenclature levels.
Mr. Cooper noted some areas were more germane to the IEEE 1073 types of protocol messaging design (e.g., remote control of a ventilator as well as real time wave form data display). Other areas were more germane to exchanging information with HL7-based kinds of applications: e.g., taking hourly snapshots of a device activity and configuration and rolling them into the patient record, or retrieving prescription data and "pushing" an order or patient ID into an infusion device.
Mr. Cooper explained that, typically, people referred to the family of standards that comprise the IEEE standards for medical communications as the IEEE 1073 Standards for Point-of-Care Medical Device Communication. Specific standards were only identified when relevant (e.g., when referencing the general domain information model).
Noting Mr. Cooper's written testimony stated extensive market activity still wasn't possible for the 10-year-old 1073 transaction, Dr. Cohn asked why it was being considered. Mr. Cooper replied that, for the first five years, the medical device companies argued about minutiae, and for the next five the standards were expensive, proprietary, and didn't address the companies' needs. Then, faced with real business needs and realizing there weren't any viable alternatives, manufacturers in NCBIG decided they needed a four-layered (physical, data link, network, and transport) communications model to bring IEEE to market. Within a year, a low-cost prototype was developed using off-the-shelf components to support legacy devices. No other standards activities filled these requirements and major companies, like Viasys, were bringing products to market.
Asked if DICOM planned to apply for ANSI accreditation, Mr. Clunie explained DICOM was an international organization with multinational vendors and a majority of participants and users from different countries. NEMA, DICOM's primary secretariat, was an ANSI-accredited SDO based in Washington. In order to achieve credibility in the world of official standards, DICOM worked to achieve approval as an ISO standard, rather than seek multiple national member body accreditations.
Mr. Clunie explained there was only one version of DICOM: version 3.0, referred to simply as DICOM. Like NCPDP, DICOM continually added functionality and features in supplements folded into the text of the standard and reprinted as an annual update. The standard officially constituted the last printed edition and subsequent supplements available on the Web server.
Mr. Clunie said DICOM was an extensive standard with many applications and components that made it manageable from an implementation and performance perspective. Additional functionality didn't impair or, in most cases, replace preexisting functionality; a CT scanner made in 1993 worked with any subsequent scanner. Asked if DICOM didn't make mistakes and have to correct the printed edition, Mr. Clunie said they utilized a maintenance process and correction items. The maintenance process occasionally nailed down an area of ambiguity that broke existing implementations, but usually involved clarifications. Mr. Clunie noted DICOM stuck with design decisions unless no one used them. Once implementations were in the field, DICOM "lived with their mistakes." They added features, but Mr. Clunie emphasized DICOM's number one goal was interoperability—so transferring information operated seamlessly.
Mr. Clunie said the interoperability and data comparability issues addressed at the DICOM HL7 working group were similar to what Mr. Cooper described. They dealt with problems where the imaging and information worlds coexisted: e.g., provision of patient demographics to the scanning device or transfer of measurements made on a workstation to the information system. DICOM and HL7 worked together to harmonize their information models. Their focus was to ensure RIM and any explicit information 2.X versions of HL7 conveyed were consistent with DICOM's methodology. Mr. Clunie said people who worked on both HL7 and DICOM originally wrote DICOM so that things weren't done too differently: some imaging department issues had to be addressed and pragmatic decisions made, but basically they were similar information models.
Another major focus of the joint working group was achieving consistency in how DICOM and HL7 dealt with reporting. Image-focused DICOM and generic-document focused HL7 were trying to achieve harmonization, so there would be bi-directional interoperability in mapping the data elements and the information model. Mr. Clunie noted the joint working group also added DICOM identifiers into the next version of SECOW, in order to share context on the desktop about specific DICOM objects driven by applications working in the HL7 and SECOW world.
Mr. Clunie mentioned several new capabilities DICOM expected to be mature by the end of 2002 or 2003. Noting that as imaging and fax systems grew larger, deploying individual nodes became difficult, Mr. Clunie said DICOM was adding network configuration services, which leveraged off Internet services (e.g., DHCP, DNS) to automatically configure DICOM. An initiative was underway to develop MR and CT information objects that address new technology (e.g., profusion, diffusion imaging, and spectroscopy) and the high volume of data produced. DICOM was also encoding computer-assisted detection and diagnosis objects. The mammography CAD object was already part of the standard and implemented by several vendors; DICOM was working on a chest computer-assisted diagnosis object to encode results of automated detection of lung nodules and interstitial disease. Mr. Clunie said DICOM constantly worked on codes the imaging world received from many site-specific places. He noted there wasn't a good clinical procedure coding system that people used extensively; CPT codes were oriented toward billing and reimbursement, not ordering and performance of a clinical task. DICOM resisted developing their own codes, because they were so small and image-focused, and constantly looked for sources that didn't require royalties.
He reported DICOM was adding more security features. They already had transport layer security, using, for example, SSL as a security mechanism. Media security leveraged off the PKCS family of Internet standards. An electronic signature capability, completed in 2001, allowed digital signing of selected sets of attributes inside an image object, including applying multiple signatures, using a cryptographic mechanism and standard RSA-type technology (e.g., SHA-1). DICOM was also working on attribute-level confidentiality with a focus on the de-identification requirements of HIPAA, adding the ability to replace and encrypt the original attributes in an object in DICOM. There was also an initiative to harmonize DICOM's audit trail strategy with HL7 and other groups, use freely-available Internet technologies, and secure syslog in order to maintain a central audit trail mechanism linking disparate systems.
Mr. Clunie said DICOM had a strict conformance mechanism and its proprietary query retrieve mechanism was based on the DICOM protocol. Individual vendors might make their database interface available to the user to perform sequence query in the way one might query any database, but Mr. Clunie observed that didn't fit into the paradigm of using DICOM in a conformed environment, guaranteeing devices worked together. He said there were no plans to add a sequel mechanism.
Responding to whether NCVHS should recognize DICOM as an informational model in structure, or as a communications protocol, Mr. Clunie said DICOM's success was predicated on interoperability, which was derived from conformance that, itself, was based on accepting the whole path through the layers of the iso-communication model including: communications protocol, encoding mechanism, messaging system, as well as the data dictionary, information model, and service classes layered on top of all that. DICOM didn't have the ability to separate the information model and the data structure from the communication protocol. The one exception was the ability to encode a DICOM data set into an offline file interchanged in interchange media. Again, there were strict requirements about encoding, compression mechanism, transverse syntaxes and how they were grouped, the presence of a DICOM directory on the media, and the type of media used. All that was assembled in a media application profile and another conformance mechanism dictated how the profile was implemented and described.
Mr. Cooper observed that DICOM had evolved beyond the radiology world and expanded into all clinical specialties and biomedical imaging systems. In ophthalmology, supplements to the standard supported clinical entities, but Mr. Cooper noted that adopting these standards in clinical practice so they were pragmatically deployed and usable was a slow process and a chicken-and-egg problem. Vendors had to supply something that wasn't demanded and people had to demand something without understanding what it might be. An educational process had to occur. After three years of demonstrations, Mr. Cooper reported DICOM conformance statements were finally being adopted by a significant number of vendors and some second-generation specialty groups.
Dr. Lloyd Hildebrand, DICOM Committee Co-Chair, approved of the draft document's terminology describing DICOM as supporting a table of information for imaging devices/equipment to diagnostic and review workstations and to short and long-term storage systems. He said other features of DICOM (e.g., workflow enhancement and radiotherapy support) had too low a level of detail to be captured in so few words, but the statement deftly avoided controversial areas of turf overlap with other standards: e.g., referring to and from imaging devices without mentioning images. Mr. Cooper agreed; this generic expression was important.
Responding to testimony that vendors had imaging standards but not necessarily compatibility, Mr. Clunie asserted that DICOM had achieved tremendous interoperability. He said DICOM, realizing users didn't want to be tied to a particular vendor, defined a way of communicating that involved the messaging and transport layers and all the lower levels of the ISO pragmatically using TCPIP. With a common information model, they had to describe the patient's name, the study identifiers, and the pixel data for each slice in the same way. They also had to have modality specific characteristics (e.g., slice thickness, patient orientation and position specific to CT). One could view or do a 3-D reconstruction of an image from any vendor scanner on another vendor's CT workstation--basic functionality was essentially seamlessly interoperable.
Vendors were bypassing implementing translators by dropping proprietary protocol and building systems with native DICOM inside: their databases stored DICOM objects and their protocol used DICOM in communicating between the workstation and CT scanner. Mr. Clunie said it was getting harder to get systems that even talked to older equipment relying on a proprietary protocol, even from the same vendor. Discrepancies occurred at higher-level functionality: sophisticated, dynamic applications involved encoding in the private fields and other vendors might not be able to utilize information specific to acquisition and imaging processing techniques. As users demanded those features, vendors either exchanged private information and came to mutual understandings or they pushed the standards committee to add capability to the DICOM standard. Mr. Clunie said this was happening with diffusion, profusion imaging, real-time and cardiac techniques for MR. Vendors would always push the limit: that's where their competitive advantage came from. The standard progressed and reached a new level of interoperability. Mr. Cooper commented that in ophthalmology they were trying to leverage the clout of the professional society to help the vendors collaborate and build interoperable tools for the users to help ensure that level of interoperability was there from the beginning. Many demonstrations at the annual meeting focused on getting the vendors to work together and users to help them define this level of interoperability.
While DICOM's primary usage had been in radiology, Mr. Clunie noted it became an overnight success in cardiology. As a set of visible light applications, DICOM provided capabilities in ophthalmology to support sliding gross microscopy pathology, gastrointestinal and other forms of endoscopy, external photography, and dental applications. In radiology, DICOM was in the business of providing images to referring physicians; in other realms the images were part of a package--the pathic report was the primary focus. DICOM had become a mechanism for distributing images (information) about other specialties. Driven by the needs of referring physicians and others, DICOM tried to support any specialty that approached them.
Dr. Fitzmaurice asked if setting up the codes for a professional query and response about an image belonged more in the domain of DICOM or LOINC. Mr. Clunie explained that images in a radiology department were made by technologies, with radiologists' assistance, and then interpreted. Images were read, a report dictated (pointing to objects in more sophisticated systems) and transmitted, with the images part of the medical record. Anyone subsequently needing information looked at the report. In the electronic world, reports generated in the radiology department lived in the HIS (or the fax machine) world. In most practical HIS systems, queries were at the level of the encounter. Ad hoc queries generally weren't in the workflow. These codes became vital when (either for management, research, or teaching purposes) one queried about "all the patients with broken bones over the last three weeks." DICOM addressed that by applying codes used by the rest of the world (e.g., SNOMED, LOINC) in a structured manner. DICOM structured reporting conveyed a high degree of information acquired synchronously with the image data: text; codes; measurements, pointers, or coordinates on images; pointers to or coordinates of waveforms.
Mr. Clunie said DICOM struggled in the joint workgroups to harmonize so HL7 could code structured data to their new clinical document architecture and transmit it around their system. In the worst-case scenario, it was flattened into plain text and sent in a traditional HL7 version. Mr. Clunie said, if the ad hoc queries Dr. Fitzmaurice suggested were required, a system could be constructed and the reports encoded using that mechanism. But he added there wasn't any demand and those systems weren't built. Dr. Mc Donald noted the physician-to-physician dialogue was on pieces of paper; high technology wasn't involved. Mr. Clunie said a request for the imaging exam was implicitly a request for a report. An imaging study was done and the report came back with the imaging study: the two were linked. Within structured reporting, the object was highly flexible. External codes could be mapped into regions of interest in an image. A structure within DICOM could use a code (if available) or free text. The more codified the system, the better off they were.
Mr. Clunie noted many organizations had worked hard to define definitions for procedures, anatomical locations, and particular findings, as explicit as "left ventricular diastolic dimension" or as generic as "it's broken." How one mixed and matched became an issue. It was mandatory in DICOM to encode in band or with the code that protected meaning. DICOM and developers of external codes were discussing the code sets preferred for use with DICOM.
Dr. Mc Donald observed that, unlike other imagers, radiology almost never returned a code. He suggested using ICD-9 codes for retrieval. Mr. Clunie remarked that ICD-9 codes might be fine for that, but were inadequate to represent the different levels of pathology and imaging used in ophthalmology. He said the Convergent Medical Terminology Project developed a subset that fully modeled ophthalmic terminology into a useable set of codes. Mr. Cooper reflected on the need for a paradigm shift; he said the only reason radiologists put in any code was to be reimbursed and there were limited options for motivating them. Dr. Cohn commented on an ongoing debate in the radiology community over whether or not radiologists actually made diagnoses or described findings.
Dr. Yasnoff presented the national agenda for PHI developed at the American Medical Informatics Association May meeting, summarizing recommendations reflecting the views of the 500 representatives from public health and informatics at the Atlanta meeting. He reported on all six breakout tracks, each comprised of four one-hour sessions and plenary presentations from each track.
One: funding and governance. The recommendations in funding included: (1) information management should be part of the core public health budget; (2) fund the vision of information, not information technology (IT); (3) create diverse funding sources; (4) funding must be adequate throughout the life cycle (planning, start-up, implementation and maintenance); and (5) dedicated funding streams were necessary. In the area of governance and planning, recommendations called for: (1) leadership to create planning and management structures that include all stakeholders and assure that public health and IT were both represented in broader systems planning; (2) developing a merged superset of public health and informatics planning models. Finally, recommendations for funding and governance included establishing business cases for continuing investment in information systems and for public health information architecture.
Two: architecture and infrastructure. In the infrastructure, recommendations called for: (1) dedicated Internet access, workstations and training for all public health personnel and healthcare providers; and (2) providing public health officials with software tools, training and methods for access to data. In the area of architecture, the recommendations were: (1) to develop an implementation plan for the public health information architecture; (2) develop a public health data repository with person-based integrated data; and (3) establish a process to develop an architectural model for the repository. Recommendations for architecture policy included: (1) establishing procedures for monitoring compliance with audit and evaluation criteria in public health data systems; (2) implementing access control measures and computational disclosure control ensuring people weren't inadvertently identified; and (3) (the most controversial recommendation) to consider establishing a unique personal identifier to facilitate integration of data from multiple sources. In the last sub-area of interfacing public health and medical care, the recommendations were to: (1) provide effective communication and workflow management capability between public health and healthcare; and (2) minimize the impact of public health data collection on healthcare providers by tapping into existing data streams.
Three: standards. Under development and implementation, recommendations were to: (1) increase awareness of, and participation in, current standards development activities within all levels of the public health work force, building on the work of the Public Health Data Standards Consortium; (2) develop and maintain a Web-accessible list of existing standards, SDOs and activities relative to public health (Dr. Yasnoff noted many attendees understood the importance of standards, but few were familiar with existing activities or knew where to find standards they had to adhere to); (3) identify gaps in existing standards and communicate these needs to SDOs; and (4) promote consistent use of standards by the U.S. Government, including all of HHS and EPA. Recommendations for standards development and enhancement included: (1) increased use of CDC's Public Health Conceptual Data Model (PHCDM), modifying and expanding it based on user feedback; (2) additional standard messages for public health reporting; (3) establishing a mechanism for ongoing maintenance and expansion of the "Dwyer" tables, which use standardized codes to define tests and specific results that trigger electronic laboratory reporting (ELR) to public health agencies; (4) model state regulations to promote more consistent reportable disease requirements across the U.S. (5) specific implementation guidelines for creating and transmitting ELR messages using standards and explore mechanisms for promoting and enforcing their use; (6) continue work to harmonize guideline formats within HL7 and assess their ability to represent population and preventive health guidelines; and (7) fully-specified database versions of ICD-9-CM and ICD-10-CM to facilitate development of accurate automated mapping from detailed clinical terminologies to ICD-CM codes for statistical reporting and billing.
Four: public health research, evaluation and best practices. Recommendations for best practices identified a need for: (1) a process for developing and disseminating best practices; (2) standards for performance at all levels; (3) a Web-based repository of best practices with mechanisms for discussion, identification of consensus, and endorsement; (4) a program to fund demonstration projects showing best practices in privacy protection. Under evaluation, recommendations were to: (1) explicitly tie evaluation to Healthy People 2010; (2) standardize outcome measures; (3) include data quality, economics, transferability, and individual measures; and (4) evaluate existing programs first. Recommendations for research focused on: (1) a research agenda for PHI; (2) using existing informatics knowledge, techniques and methods; (3) involving multidisciplinary teams; (4) including an informatics component in every research project proposal and report; (5) providing additional, not reallocated, research funds for PHI; and (6) establishing and funding a lead research agency for privacy, confidentiality and security.
Five: privacy, confidentiality and security. In the area of privacy and confidentiality monitoring, the recommendations were to: (1) create a national forum on privacy policy (e.g., National Privacy Advisory Commission analogous to National Bioethics Advisory Commission); (2) establish community level advisory boards for private policy; and (3) consider creation of pilot public health ethics committees to address situations involving health data and privacy: and (4) include "front-line public health workers" in all public health privacy groups. Recommendations for privacy and security policy focused on: (1) model wording for public health privacy legislation at all levels; (2) developing regulations and policies based on risk but adaptable to changing conditions; (3) policies for cross-jurisdictional exchange of data; (4) requiring all public health data systems to have a stated purpose, privacy board, and confidentiality agreements; and (5) model security policies. In the area of security, it was recommended that: (1) HIPAA security requirements be adopted; (2) security preparedness at all levels of the public health system should be reviewed, specifically addressing denial of service attacks; and (3) indirect funding options be considered for security, as these investments represent infrastructure benefiting all programs.
And finally, six: training and work force. Recommendations for educational programs called for: (1) establishing new and strengthening existing academic programs in PHI; and (2) developing a national competency-based continuing education program; and (3) enhancing the CDC PHI Fellowship program. In the area of curriculum, the recommendations included: (1) instructional design guidelines for PHI curriculum for both the current work force and in accredited schools and programs in public health (2) a comprehensive, consistent curriculum about data security, privacy and confidentiality; (3) consideration of an ethical/legal/social issues program analogous to recent genetics activities; (4) involve appropriate groups when developing academic and continuing education curricula; and (5) a career track within informatics for PHI. Recommendations for meetings and organizations included: (1) expanding opportunities for public health and informatics gatherings; (2) strengthening AMIA's Prevention and Public Health Special Interest Group; and (3) the National Network of Libraries of Medicine, in partnership with AMIA and CDC, should utilize a regional medical library network to sponsor meetings for public health and informatics outreach throughout the U.S. Finally, recommendations concerning competencies called for: (1) defining PHI; (2) CDC's continued support of other efforts to develop core competencies in PHI; (3) examining informatics competencies in other health-related fields; and (4) adopting informatics objectives of the American Association of Medical Colleges to PHI.
Dr. Yasnoff noted two overall themes. First: the need for coherent governance of PHI activities, including all stakeholders. Standards had to be established and consistently used. Confidentiality policy needed to be developed and monitored. Best practices had to be identified and disseminated. And improvement had to be promoted through research--Dr. Yasnoff emphasized this would be difficult: no existing entity had responsibility for governance of PHI activities. The second major theme related to PHI training: basic skills were needed for the entire public health work force and advanced skills were needed for decision makers.
In light of climactic events of the year and the letter the Subcommittee was drafting to the Secretary, Dr. Cohn asked for CDC's overview of the new urgencies around public health. Dr. Yasnoff said the draft circulated at CDC, but he hadn't received substantive comments and didn't know what his colleague would present the next day. Folks at CDC were somewhat preoccupied, but the PMRI report had been widely circulated and commented upon. CDC, as a whole, was familiar with and supportive of the Subcommittee's work, which was important to CDC's objectives. He said areas where help was needed (governance functions, how to build a coordinated NHII, and where coordination could come from) related more to the NHII workgroup.
Mr. Blair said Dr. Lumpkin felt comfortable with the latest draft: his thoughts paralleled Dr. Mc Donald's observations that the Committee felt moved more toward guidance than a mandate. The draft to be edited began: Dear Secretary Thompson: As part of its responsibilities under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), the National Committee on Vital and Health Statistics (NCVHS) was called upon to "study the issues related to the adoption of uniform data standards for patient medical record information and the electronic exchange of such information". The NCVHS presented this report to the HHS Data Council on August 9th, 2000. This report provided a framework to accelerate the development of PMRI standards and a set of guiding principles for the selection of specific PMRI standards. The report also recommended that the NCVHS use the guiding principles for selecting PMRI standards and send the first set of PMRI standards recommendations to the Secretary of HHS by February 2002. This letter sets forth recommendations for the first set of PMRI standards, which are generally referred to as PMRI message format standards.
Standards for PMRI are important because they are essential for the creation of a National Health Information Infrastructure (NHII), which promises to facilitate significant improvements in the quality of patient care, control rising healthcare costs, enhance the productivity of clinical research, improve patient safety and strengthen the nation's ability to identify and respond to national healthcare emergencies.
Changes included linking "improving patient safety" with "quality of patient care." Noting PMRI standards were important for reasons besides being essential for NHII, members rewrote: "Standards for PMRI are important because they will facilitate improvements in the quality of patient care, improve patient safety....They are also a key element in the creation of a NHII."
The NCVHS used the following process for the selection of PMRI message format standards to obtain industry input from standards development organizations, the healthcare information system vendors and the institutional users of these standards. First, the committee modified the PMRI guiding principles to make them more appropriate for the selection of message format standards. Next, the committee incorporated the revised guiding principles into a questionnaire, which was designed to help evaluate the PMRI standards candidates in a more objective manner. Finally, the committee compiled, analyzed, and reviewed the SDOs responses to the PMRI questionnaire. Additional information and perspective about the candidate PMRI standards was obtained via direct testimony from healthcare information system vendors and other users of these standards. This process continued from December 2000 through February 2002.
Members changed "modified" to "adapted," noting the guiding principles were simply reworded to be more applicable. "Institutional users" was broadened to "healthcare information system vendors, HCOs and professional societies."
The NCVHS recommendations for PMRI standards are selected from the six SDOs that responded to the PMRI questionnaire: ASTM, DICOM, HL7, IEEE, NCPDP and OMG/CORBAMED. The committee emphasized the following four criteria derived from the PMRI guiding principles: the degree of market acceptance of the standard; the extent to which the standard enables interoperability between information systems; the ability of the standard to facilitate the comparability of data; and the aspects of the standard that support data quality, data accountability and data integrity. The criteria of market acceptance was very helpful because it identifies those PMRI message format standards that are implementable, cost justified and flexible enough to meet the needs of most of the relevant marketplace.
The NCVHS recommends that HHS recognize the important role played by the current (de facto) standards. Recognizing that it takes years to develop standards with broad market acceptance, many of these standards lack the degree of interoperability and data comparability that the NCVHS PMRI report identified as necessary to support significant improvements in healthcare cost, quality and productivity. To address these requirements the NCVHS recommends that HHS provide several incentives to accelerate the development and early adoption of more advanced PMRI standards. These incentives complement recommendations 3 and 4 as described in the PMRI Report to the Secretary presented to the HHS Data Council on August 9, 2000.
Members deleted "de facto." Although most vendors and users used the supportive phrase and the Subcommittee hadn't ascertained market acceptance, members noted some were ANSI standards. Rather than just refer to recommendations that complemented the incentives, members decided to provide the full PMRI report as an attachment. The Subcommittee defined their key message to the Secretary as the need to recognize current standards, because they had market acceptance--though not other characteristics needed for future interoperability (the reason for recommending incentives to accelerate emerging standards).
The NCVHS Recommendations for PMRI message format standards advise that HHS set forth guidance for industry use and migration to new versions, rather than the creation of NPRMs and federal regulations. NCVHS also recommends that the secretary direct government health care institutions to follow this guidance by becoming early adopters of emerging PMRI standards, thereby serving as an example and as an incentive to the industry.
NCVHS recommends that HL7 be recognized as the core PMRI standard and that NCPDP SCRIPT, IEEE 1073 and DICOM be recognized as standards for specific PMRI market segments. The recommendations for the core PMRI standards are set forth in a framework identifying which version of the standard should be considered as: retired, current, or emerging.
Members weren't sure IEEE 1073, which IEEE qualified an emerging standard, was ready for adoption. They also noted the paragraph referred only to HL7 and considered a revision.
The NCVHS recommends that HHS recognize the following PMRI message format standard as retired.
Industry Guidance - No new products using this version of the HL7 standard should be purchased or developed. Vendors and users should plan to upgrade any system using HL7 2.1 to a current version of HL7.
Noting Dr. Beeler's testimony about compatibility, longevity of versions, and version 3.0 not being backwards compatible, members concurred not to designate a timeframe.
The NCVHS recommends that HHS recognize the following HL7 versions and transaction sets as the current PMRI message format standard.
This includes standards for the following transaction sets:
Industry Guidance - HHS recognition of HL7 version 2.2, 2.3, and 2.4 as current standards means that vendors and users of these versions will not be asked to migrate to newer versions until the more advanced version is fully implementable with the supporting implementation guides and conformance tests.
Members amended the guidance in light of HL7's request that additional versions of 2.X be considered current standards so long as extensibility remained in place.
The NCVHS recommends that HHS recognize the following PMRI message format standard as an emerging standard based on its potential to provide superior levels of interoperability and data comparability.
This includes standards for the following transaction sets:
Recommendation to HHS - NCVHS recommends that HHS provide incentives to accelerate the development and early adoption of the HL7 version 3 standards. These incentives include the funding of version 3 implementation guides and conformance tests and the early adoption of version 3 standards by departments and agencies within HHS.
Industry Guidance - Once HL7 version 3 is considered to be fully implementable additional HHS guidance to the industry is expected.
Members noted a ballot was issued and two more were expected. HL7 had scheduled demonstrations for February and May. Some testifiers reported including version 3.0 in pending products, but the consensus was it wouldn't be implementable before the second quarter of 2002. Dr. Mc Donald remarked that a rule was that nothing ever became an Internet standard until two versions were implemented and in use. The recommendation was amended: These incentives include the early adoption of version 3.0 standards by departments and agencies within HHS, the funding of the publication of version 3.0 implementation guides, and development of conformance tests.
The NCVHS recommends that HHS recognize the following as PMRI market segment message format standards based on their ability to address specific market segment needs, cost effectiveness and the fact that they are implementable. Noting the Subcommittee's experience with earlier standard development and NDC language, members amended the recommendation to conclude on "the fact that they are currently adopted by the corresponding industry segment."
Members noted they hadn't enough information to know if IEEE 1073 was even an emerging market segment standard. Viasys Healthcare's next generation ventilator would only support 1073 interfaces, but Mr. Cooper's written testimony classified IEEE 1073 as emerging, acknowledging that extensive marketing activity still wasn't possible. There didn't appear to be an alternative for message format standards for the medical devices, and Mr. Blair recalled that in October vendors and users asked the Committee to act as a catalyst. Dr. Mc Donald reiterated that NCVHS's role wasn't to push the market toward something it didn't want. Mr. Blair will e-mail Mr. Cooper requesting explicit information about vendor acceptance and usage. If the Subcommittee received a response in January, they could make a decision by the February meeting and incorporate that in the letter. If not, they could send the Secretary another letter later adding IEEE to the emerging category.
Ms. Gilbertson clarified that NCPDP's recommendations (versions 1.5 to 4.2) were the same syntax and messages transferred. The most current version available was 4.0, but NCPDP urged the Committee to select 4.2. She explained there was a new release whenever a new qualifier was added; by the time HHS acted, NCPDP might be at version 6.3. Dr. Zubeldia cautioned that the Committee already stumbled over a version the pharmacy industry questioned because they had issues with privacy.
Recommendation to HHS - NCVHS recommends that HHS recognize these three standards as PMRI market segment standards for the communication domains that they serve.
Industry Guidance - NCVHS encourages these three SDOs to harmonize their data elements and their data definitions for future versions so that they are consistent with the HL7 Reference Information Model (RIM). Additionally, NCVHS encourages NCPDP and HL7 to continue their negotiations to reduce or eliminate duplicate or inconsistent data elements especially those for patient information. NCVHS also encourages the ongoing negotiations among DICOM, IEEE and HL7 to harmonize the data elements within the existing versions of their standards.
Ms. Gilbertson suggested the word collaborations rather than negotiations. The group discussed that under NCPDP SCRIPT "providers to/from retail pharmacies" precluded inhalation, long-term care, specialty, and hospital pharmacies (that performed outpatient services) from using SCRIPT. Dr. Mc Donald said the intent was to encourage one area, not stop anyone from working into other areas. The industry guidance was edited to recommend that: "New users should adopt the latest version of these market segment standards whenever possible."
Dr. Cohn suggested that, if the Subcommittee identified only two market segments, they drop the specific segments section and single out DICOM and IEEE along with industry guidance. Mr. Blair said he personally would feel saddened if they went forward without a recommendation for a standard that covered medical devices, but he suggested the letter could have a section called On the Horizon.
Dr. Cohn said RIM was both a major issue and opportunity. Noting work already underway in HL7 related to administrative and financial activities, he suggested emphasizing the need for current HIPAA X12 transactions to input and harmonize with RIM. Dr. Mc Donald questioned whether that would be more acceptable to the community. Members discussed conveying generically the need for additional harmonization data elements and definitions and encouraging negotiations between DICOM, IEEE, HL7 and X12 to harmonize data elements within their existing systems. Dr. Zubeldia said using RIM as a converging point was positive, but would create a problem for X12, which would have to redesign all its transactions. Dr. Mc Donald noted ongoing discussion between the other two groups.
An unidentified member of the audience said she had been working toward collaboration in The United States Health Information Knowledge Base (USHIK) and asked which direction the Committee recommended. Dr. Fitzmaurice pointed out that USHIK wasn't an information model, but a repository of data elements and a dictionary with definitions for given variables across different users/definers. She could also be part of an information model--Then the data elements would refer to the same concepts, whether or not she was part of RIM. Dr. Cohn said they needed to encourage all SDOs to participate and use USHIK and to talk with HL7 about the applicability, appropriateness, and value of participating in further development of RIM. Dr. Mc Donald suggested they'd soften that statement if they wanted everyone happy.
Mr. Blair said no one would be forced to change anything if the SDOs shared their data elements and definitions in the meta data registry (i.e., USHIK). He suggested recommending, as a first step, actively contributing information and working in a collaborative stage with the meta data registry. A separate recommendation could encourage, on a longer-term basis, convergence with the HL7 RIM. He asked if these stages might make it more palatable to X12. Dr. Zubeldia reiterated that X12 couldn't change its models to converge with RIM, without redoing all its transactions. Members discussed including X12 in the letter by inference: All standards should move toward presenting their data in a meta data registry and all SDOs should converge toward a RIM.
Dr. Cohn reflected that this whole topic had to do with data modeling and working to increase interoperability. He asked NCPDP's response to a recommendation that they harmonize their data elements and definitions with the RIM. Ms. Gilbertson said she had no working knowledge of RIM, but NCPDP was willing to investigate.
Dr. Mc Donald suggested leaving out X12, not because he was negative about the SDO, but because that was "how it worked out in an institutional environment." SCRIPT and HL7 did similar things and collaborated. DICOM sent out HL7 orders. SCRIPT wasn't coming together much--but should if they wanted discharge drugs to go directly to the pharmacy. HL7 said they weren't on this kind of standard. Dr. Zubeldia cautioned that this could end up reflected in a regulation that required NCPDP to change their transaction modeling to use RIM. Mr. Blair said they'd be sending another draft out to the SDOs and other interested parties for comments. Dr. Yasnoff emphasized that this was guidance; they weren't recommending any single regulation for anyone. Dr. Zubeldia reiterated X12's fear that something would be imposed on them. Ms. Gilbertson asked if the Subcommittee was assuming HL7 wanted to harmonize with all the other standards to the RIM. Mr. Blair stated for the record that he wasn't aware that HL7 had put pressure on anyone, but they tried to point out the value of RIM and encourage others to take advantage of the value of a single RIM.
Dr. Mc Donald noted DICOM had been active, interested, and flexible. He said the paragraph was a bold, though gentle step saying something could happen so that they could all be talking to each other in three-to-five years--Anything short of that would be business as usual and divergent evolution. Dr. Zubeldia agreed; he expressed appreciation that NCPDP was there. Ms. Gilbertson said she'd thought they were going to mention X12. Mr. Blair said they would if they could, but they might have to leave them out. Dr. Cohn suggested they might send another letter to the SDOs. Members expressed concern about the inability of their letters to engage X12 in this dialogue.
Dr. Cohn pointed out that they were talking about interoperability and comparability, but only addressing pharmacy and clinical care--He asked about interoperability in relationship to cost and billing of care, membership and enrollment. Dr. Mc Donald said the question was what could be realized in the next three-to-six months. He cautioned about being bland and not getting anywhere in this domain. They had to make this digestible enough that people didn't have to be dragged in. It was political rather than technical. Dr. Zubeldia suggested a generic statement encouraging all SDOs to harmonize their data elements. Ms. Burke-Bebee noted that still wouldn't include X12. She said the Subcommittee assumed X12 bought into harmonization with clinical standards--something that, after attending both meetings, she didn't know. She agreed, though, that this needed to be done and that the letter wasn't the time. Dr. Mc Donald advised that trying to get too many people to agree only reduced their chances. He remarked that it was fairly easy to link up with registration data; the codes were dominant in the problems. Mr. Blair proposed encouraging participation in USHIK and adding, where they talk about the future in the final paragraph, looking at harmonization with financial and administrative data.
NCVHS encourages the SDOs to harmonize their data elements and data definitions for existing and future versions, so they are consistent with the HL7 reference information model. Additionally, NCVHS encourages the SDOs to continue their collaboration to reduce or eliminate duplicate or inconsistent data elements, especially those for patient information.
Dr. Mc Donald remarked that it would be difficult to politically accept existing versions. Mr. Blair suggested participation in USHIK (which didn't require changes) for current collaboration, and encouraging coordination with RIM in the future. The full paragraph was edited to read:
NCVHS encourages the SDOs to share their data elements and data definitions with the U.S. Health Information Knowledgebase (meta data registry). Additionally, NCVHS encourages the SDOs to continue their collaboration to reduce or eliminate duplicate or inconsistent data elements, especially those for patient information. Furthermore, NCVHS encourages the SDOs to share their data elements and data definitions with the U.S. Health Information Knowledgebase (meta data registry) to harmonize their data elements and data definitions for future version so they are consistent with the HL7 reference information model. NCVHS recommends HHS provide funding for PMRI SDOs' collaborative efforts to promotes harmonization.
The NCVHS has limited this first set of PMRI recommendations to message format standards. The committee plans to begin investigating medical terminologies and code sets during the first half of 2002. The committee will also consider PMRI standards for clinical documents and the content and structure of patient records in the future.
The NCVHS wishes to thank the Secretary of HHS for the opportunity to submit these recommendations within the framework of the Administrative Simplification Provisions of HIPAA.
Members questioned whether they would forward recommendations on medical terminologies and code sets and if they wanted to include a reference to examining harmonization between PMRI standards and the administrative transactions, considering X12's apprehensions. Given the next day's conversation, Dr. Cohn suggested reflecting on this as they talked about plans for 2002. The section was edited: The NCVHS has limited these PMRI-specific recommendations to message format standards. The committee plans to further investigate medical terminologies and code sets in 2002, and will be forwarding recommendations to the Secretary. The committee will also consider PMRI standards for clinical documents and the content and structure of patient records.
To reflect recent observations, the section Recognition of Current Standards and Incentives for Emerging Standards was amended to read: The NCVHS has recognized the important role played by the PMRI standards currently used by the healthcare industry. Since it has taken years for today's standards to achieve broad market acceptance, they are based on older conceptual models. These models do not uniformly provide the high degree of interoperability and data comparability that is necessary to improve healthcare costs, quality and productivity. To promote more rapid realization of these benefits in accordance with the prior recommendations in the PMRI report, NCVHS is recommending that HHS both recognize current standards and provide specific incentives to accelerate the development and early adoption of emerging PMRI standards.
Dr. Zubeldia and Ms. Burke-Bebee pointed out that the document still lacked structure: there was no consistency in presentation, it needed headings, and recommendations were lost in the text. Dr. Cohn agreed that the draft needed formatting: they were still getting basic information. Hopefully, Ms. Burke-Bebee would help with that. Dr. Cohn noted unresolved items remained around IEEE and that they needed to mull over the model issue more, but they'd made major improvements. He said this was expensive wordsmithing, yet the documents produced were excellent and sometimes changed government policy--or at least approaches. Their June letter had informed House Resolution 3323, passed by the Senate the day before, calling for a delay for administrative and financial transactions. He alerted members to read it that evening: the Subcommittee would have major responsibility for many new activities designated to NCVHS. They'd discuss them the next day. Members will receive a revised version of the letter. Next week, Dr. Fitzmaurice and Mr. Blair will e-mail Todd Cooper for additional information. Mr. Blair will distribute the draft to the SDOs and other interested parties for additional comment; members and staff were asked for names.
Ms. Humphreys noted the preamble to the Transactions Standards Rule summarized a number of codes and classifications issues raised in comments received in response to the Transactions NPRM. Beyond questions about the legality/desirability of designating code sets with private copyright holders as national standards, the concerns were: (1) feasibility of using NDCs for other than retail pharmacy transactions; (2) feasibility of eliminating the use of local codes in conjunction with HCPCS (e.g., what would the process be for replacing them and ensuring rapid assignment of new interim national codes?); (3) gaps in coverage of the standard code sets and the need for additional code sets (i.e., home infusion, alternative therapies, and mental health services and conditions); (4) openness and fairness of update processes to be followed by code set producers, especially HCPCS, CPT and the dental codes; and (5) proposed immediate or future replacements for some of the standard code sets (i.e., UPNs, ICD-10-CM, and ICD-10-PCS).
In responding to these concerns in the preamble, Ms. Humphreys said HHS indicated: (1) CMS (then HCFA) was establishing a process to address concerns about local codes, (2) all designated standards maintenance organizations (DSMOs) would be required to have open update processes that ensured a hearing for all stakeholders, (3) one strategy for addressing gaps in coverage would be through updates to the code sets already designated as standards, (4) NCVHS would monitor the situation to ensure the processes addressed legitimate concerns. HHS indicated that it was premature to adopt UPNs, ICD-10-CM, and ICD-10-PCS as standards, given the requirement to select standards already widely used in the community and the need for more testing.
The rule spelled out that the Secretary would consider recommendations for modifications or new standards developed through an open public process that allows for: coordination with other DSMOs, an appeals process for the requester and relevant DSMOs expedited in consideration of content needs identified within the industry, and the submission of the recommendation through the NCVHS.
Ms. Humphreys said in October 2000 NCVHS recommended changes to the Secretary in the process for updating HCPCS. Last summer NCVHS went on record supporting the DSMO's position that interested requesters work with the maintainers of currently designated code sets to address gaps in coverage before new code sets were considered. Ms. Humphreys noted NCVHS would hold hearings February 6-7 and April 9-10 to obtain information about progress on eliminating local codes and the extent to which the process addressed stakeholders' concerns. The Subcommittee will review the DSMO's current processes for handling requests for updates to code sets, the extent to which the processes address stakeholders' concerns, if they are workable for both requesters and the DSMOs, and how they address gaps in HIPAA code set coverage. They will also look at the desirability and feasibility of any modifications or additions to the list of HIPAA standard code sets and appropriate timing for any such changes.
She said the February hearings will focus on local codes, DSMO update processes, and developments and perceived needs for modification/additions to HIPAA code sets for procedures. Ms. Humphreys noted there were a number of issues related to procedure codes and that it might not be possible to cover them all in two days. The April hearings were scheduled to address disease and impairment code sets, but Ms. Humphreys said some procedure issues might carry over.
Ms. Humphreys said the team proposed an update on the local codes process and work CMS was doing dealing with the concerns of a group of state agencies eliminating local state codes. Ms. Trudel had suggested Diane Davidson from the State of Kansas might present a status report. Kaye Riley or a colleague from CMS could respond to questions. She noted there might also be a status report from WEDI/SNIP on the DSMO update processes and the time needed for updates for each code set.
Noting the UPNs were a big issue in the comments, Ms. Humphreys said CMS was giving a waiver to California to experiment with UPNs in the Medicare or Medicaid reporting, but California decided not to do the project. She said she hoped to get a summary of their rationale and suggested they could invite comments from testifiers. Noting that the UPN, like the NDC code identifies down at the individual product level, she suggested that issues associated with implementing NDC codes beyond retail pharmacy might apply to product codes. Dr. Cohn noted medical device codes were an issue from previous hearings. Ms. Humphreys agreed, but questioned that they could fit them into this hearing. She reported that FDA was coming out with the first final version of the global medical device nomenclature system. Developed with input from the FDA and the European Union, it borrowed from the ECRI universal medical device nomenclature system and had good definitions and nomenclature.
Dr. Zubeldia pointed out an issue with vision codes and Ms. Humphreys said anyone concerned should be invited to testify. She noted the Subcommittee needed to hear about ICD-10-PCS. At a meeting in May, AMA had been opposed to them; AHA, HEMA and the rest were in favor, although there were timing issues. The issue of simultaneously implementing it and ICD-10-CM also came up in the hearings' comments. Ms. Humphreys said she understand from Pat Brooks that device manufacturers continued to pressure CMS to move ahead. She suggested coverage in hearings and some reinforcement for CMS's view that it wasn't in a position to unilaterally implement ICD-10-PCS would be helpful. The core of the hearings would be stakeholders' comments about local code elimination process, the DSMO's update processes, and the basic question of the need for modifications or additions to the list of HIPAA standard code sets. Input would be invited from previous testifiers and those involved now. There would also be a public announcement. She said probably more organizations had an interest than could give oral testimony, but they could always offer written comments.
Dr. Zubeldia said he wanted to make sure they got feedback on the maintenance of other code sets (e.g., claim status codes and some of the payment codes) maintained by the six code set maintenance organizations designated by the Secretary in the notice that went with the final transaction rule. Ms. Trudel suggested looking at how the non-clinical code set maintenance process was progressing. Ms. Humphreys agreed. Dr. Zubeldia noted an issue with external code sets that were part of the X12 NCPDP but were maintained by somebody else and randomly updated and published on a Web site without a standard-defined version control program. He especially worried about code sets maintained by standard setting organizations that were external to X12 though still part of HIPAA, because they were named in the implementation laws. Associations and ad hoc groups within X12 that were not code set maintainers per se maintained them.
Ms. Humphreys observed that there were the HIPAA code sets and the medical code sets designated in HIPAA. Other non-medical code sets also were considered part of the standard. Even if the DSMO responsible for that standard didn't produce those non-medical code sets, it needed to be concerned about the quality of the code sets and procedures. Dr. Zubeldia replied it was "tricky": X12 would say they were named in the external implementation acts and were external. Ms. Greenberg said it sounded like an issue the Committee needed to look into and asked whether it should be combined with the hearing on procedure or clinical code sets. Dr. Cohn said this was an ongoing set of discussions; they'd make sure they understood all the issues, then determine what went in February, April, May, and October. Ms. Humphreys noted the Subcommittee's interest in the current update processes of the designated medical HIPAA code set maintainers, but she said they probably wouldn't focus on it in February.
Members noted one or more developers of alternative or complementary medicine codes would be on the agenda. Ms. Humphreys focused on identifying the groups and different kinds of code sets. In talking about current update processes for the medical procedure code sets they'd look at those designated under the current HIPAA rule: ICD-9-CM, HCPCS, CPT and the dental codes. They'd hear from the code set maintainer organizations and anyone else with a comment on how the process was working. HCPCS, AMA, ADA, and CMS would respond in terms of ICD-9-CM procedures. They'd invite comments on the elimination of local codes and the medical code set maintainers' update processes. They'd ask about the desirability of modifications or additions to the list of HIPAA standard code sets, and the timetable for any changes. And they might ask about the non-medical code sets related to the issues Dr. Zubeldia brought up. She suggested they elicit information from the transaction DSMOs and the medical procedure code set maintainers. Even if the hearing wasn't focused on the non-medical code sets, they'd invite comments from the DSMOs: presumably they had input on who sought additional code sets that ought to be allowable in this standard. One thing to think about as they listened to testimony was if they'd devised a catch-22 where people went from place to place and ended up with no where else to go. Donna Pickett had pulled all the grids and comments about code set issues made in response to the original NPRM.
Dr. Zubeldia noted there were a number of proprietary code sets used for vision, lenses, treatment, and surface finishes: each payer had their own code sets. Ms. Guilfoy suggested that when the Subcommittee looked at timing issues they also bring up the non-medical code sets issue Dr. Zubeldia mentioned: non-medical code sets were subject to interpretation and how information was accepted and interpreted was a clear implementation issue for providers, plans and clearinghouses. Providers even had a term for it: payer variability. She asked that the non-medical code sets be put on the agenda soon, because they had to be addressed for implementation.
Dr. Mc Donald noted an activity nascent with vision in LOINC regarding glasses and prescriptions and how that coalesced. He asked to have copies of these standards e-mailed to members prior to the hearing. Ms. Humphreys said PCS was available on HCFA's Web site. Although the clinical pharmacy codes weren't an immediate issue, Dr. Mc Donald said there was a big problem not having it. Ms. Humphreys remarked that the clinical drug issue, like medical devices, was another area for testimony and presentation. Dr. Mc Donald agreed that testimony might lead to ways to solve problems rather than try to force solutions. Another area he mentioned was billing codes (ICD-10, PCS and CPD) and the subtle issue that they were also a way to distribute funds. Medicare budgets were based on these codes and adding new ones might imply payments in many contexts; he said they should discuss how to keep this from becoming a "big food fight.' Dr. Cohn questioned if vision codes or expanding the way to code and bill for alternative codes had implications. He said they might need an early briefing from CMS about real world dollars and how they relate to code sets. Noting people complained about costs with CPT, Dr. Mc Donald suggested getting them on the table.
Ms. Gilbertson asked to add NCPDP to the DSMO's list. There was discussion about UPC, HRI and NDCs in the current name standards and how they were used for reporting. NCPDP was developing a procedural document for the change requests for code sets. A draft should be ready by the February meeting.
Dr. Cohn said, hopefully, they'd talk about ICD-10-CM in April. They'd set an expansive code set agenda for 2002; the question was how to slot this in. Ms. Humphreys suggested having mental health status, conditions and services on the agenda when they dealt with issues related to ICD-9 and ICD-10-CM; that way they could also discuss principal disease conditions.
Dr. Yasnoff suggested not setting a deadline for their recommendation to the Secretary until the Subcommittee understood the area and could project a timeline. Noting they'd essentially combined all their current recommendations on the message format standards into one letter; he said it might be prudent to prioritize with the code sets and generate more than one letter, leading off with high-priority items.
Dr. Zubeldia proposed first addressing some of the code sets in the transaction and code set rule. The way he read H.R. 3323, there was no delay for the standards and the code sets--even if there was, the local codes existed outside the transactions. It could complicate things if a set of local codes, which had a life of their own on paper claims and on NSF, couldn't be used in those other transactions. Members concurred that a problem had been created that was probably an issue for the first set of hearings. Dr. Zubeldia said another issue to use as a screen on this dealt with usability of the standards: were any groups that used to do electronic transactions disenfranchised because they no longer had code sets they could use? He noted Home Infusion EDI Coalition couldn't use their code set unless they were selected as a standard. The implementation guides were written so that, in such cases, non-standard code sets could be used as long as there was a qualifying guide--But DSMOs took out the qualifier. Ms. Humphreys said they probably needed to hear from the coalition and AMA and try to determine if the end result solved the problem. Dr. Fitzmaurice recalled that Congressman Stark asked CMS to approach AMA about revenues and costs of producing CPT; that information might be available for the hearings. Dr. Zubeldia said he'd just looked up the rule: code sets were extended.
Dr. Cohn said he'd heard they probably had one day in February for starting on procedures. In April they might take a day to talk about diagnosis codes. They'd probably continue throughout the year with issues related to both. Ms. Humphreys said she was persuaded there were immediate issues with non-medical code sets they had to look at in February. Dr. Cohn concurred. Even though a one-year delay would bring benefits, Mr. Blair noted unintended consequences might have to be dealt with quickly. He suggested an additional day in February to address them. Dr. Cohn said he wasn't convinced there'd be significant unintended consequences--but he might be persuaded by the end of the day. He observed they were moving in the right direction: they all knew code sets were a big area and were likely to take more than two hearings. Ms. Humphreys reiterated they didn't want to spend more time than that on code sets--whether they needed to or not.
Dr. Loonsk said CDC viewed PMRI standards as a substantial movement toward timely access to the well-structured data from the clinical care environment that public health needs. National Center for Health Statistics (NCHS) and other CDC entities made considerable use of these data when available, and Dr. Loonsk said CDC's mission to protect the public in the area of infectious and chronic diseases, injuries and other events would benefit from the interoperable clinical and public health systems and more comparable data.
CDC used clinical data, particularly in the disease surveillance area, expressing content through ELR using HL7-2.3 public health message, with LOINC and SNOMED vocabularies when possible. Other surveillance activities used HMO data extractions and public health data exchange with hospitals to access data from the clinical setting. Dr. Loonsk said substantially less provider burden inputting information to public health, broader coverage of and more data about reportable cases, and more timely delivery had been substantiated. However, he noted ongoing issues with vocabulary, implementations that weren't broadly applicable/exchangeable, and needs for meta data to allow for descriptive presentation of data for efficient retrieval and analysis.
Prior to the first anthrax attack, CDC was in the process of redeveloping national surveillance infrastructure through the NEDSS initiative. Dr. Loonsk described NEDSS as a vision and process to: integrate diverse stovepipe surveillance systems in public health, use and promote national standards for data and systems, improve these systems interactions with clinical information systems, and leverage benefits to disease surveillance in this setting. Like PMRI, NEDSS identified standards specific to the need, sometimes working internally to develop implementations appropriate to public health. NEDSS was manifest through a systems architecture which described a way public health information systems, particularly surveillance systems, could be developed to be more interoperable, utilize commercial off-the-shelf software, and enable better linkage of these data using national data standards. NEDSS funded all 50 states, six cities, one territory, and participation of CDC's partner public health organizations in the standards development process.
NEDSS worked with HL7 and influenced work in the RIM to better represent population information to meet the needs of public health. NEDSS use of existing data standards include 2.3 Public Health Lab Messages used for electronic laboratory reporting, and pointed to the use of the HL7 RIM through PHCDM's supplement, to identify coordinated ways of doing data storage and messaging. Tangible products of these activities include a logical data model for integrated surveillance systems: person-based rather than disease-based systems, compatible with the HL7 RIM, and forthcoming implementation guides for version 3 compatible Public Health Notification Messages. Initially used for case reporting within public health, CDC intends to promulgate these messages into clinical systems to allow for public health receipt of data from clinical systems. Dr. Loonsk urged all PMRI developers to include these messages in systems they develop.
Noting the types of data public health needs to fulfill its surveillance mission and achieve public health goals, Dr. Loonsk said CDC hoped the Committee would give priority to vocabularies and code. Vocabularies NEDSS used and promulgated for use in the NEDSS architecture include LOINC, SNOMED and ICD, but Dr. Loonsk noted their data needs weren't limited to these clinically oriented vocabularies. CDC commonly used such diverse concepts as occupation, industry, country of origin and language, and looked toward code sets such as the North American Industry Classification System (NAICS), the Bureau of Labor Statistics Standard Occupational Class (SOC) codes, and various ISO code sets.
The NEDSS system architecture was focused on interoperability between clinical systems. It was designed to take advantage of existing message interchange technologies: both clinically oriented interface engine technology and the burgeoning XML technologies in the business-to-business area. The architecture also advocated Web-based systems where manual data entry was appropriate, apt security methodologies, and using and sharing directory information about public health participants. Dr. Loonsk said this information increasingly was about communicating with clinical providers in emerging situations (i.e., alerting and communicating clinically relevant information about possible BT and other public health events) and applying the data for authentication and authorization to access information securely. The heightened surveillance for possible BT events emphasized since October 4 had been somewhat effective in the context of major political and sporting events or terrorist attacks where the clinical infrastructure could be energized to do manual activity for a limited period of time. The time-limited needs of BT surveillance heightened focus on the use of syndromic data available as early as possible in the encounter, so public health actions could be initiated and pursued. The context for syndromic data was in comparison with background data levels, with public health follow up on suspect cases. Dr. Loonsk remarked this wasn't an established methodology with the reliability needed for a completely automated process. He said multi-data source surveillance, which could include several types of clinical data, had also been investigated. While focused on being sensitive to a possible event and moving toward follow up, multi-data source surveillance was specific to a particular clinical information system's infrastructure, yet at times also involved: over-the-counter drug information, absenteeism, 911 calls, and other not classically clinical data sources.
Dr. Loonsk observed that CDC had advocated for some time that the BT infrastructure not be separate from the rest of the surveillance infrastructure: deploying a relatively unused infrastructure in response to a BT event wasn't a tenable pursuit--much that needed to be implemented was person-oriented and embedded in networks related to these systems.
Dr. Loonsk remarked that one could question whether any existing approaches to BT detection would have caught these attacks. A disseminated distribution of a pathogen in some public setting was anticipated, not a focal distribution or a vector of the U.S. mail. He noted it wasn't syndromic surveillance or any electronic system, but an astute physician who couldn't rule out anthrax on a graham stain who detected what led to a major response by CDC and its public health partners. Dr. Loonsk said this emphasized intermediate data needs between detection and response: the lab result and contact information that had to be managed and interchanged among a network of diverse organizations and other activities (e.g., tracking adverse events from prophylaxis, developing mail handling protocols) not previously anticipated.
After October 4th, Dr. Loonsk said BT detection was still investigational, but the need for management and communication of case data was certain--There was an increased priority and opportunity to use clinical data for BT detection and attack management. The clinical community and its information systems vendors were interested in helping, and were looking at ways to participate. The kinds of data of interest for BT detection spanned the broad spectrum of data available in the clinical setting. Some of the data was demographic in a classic epidemiological sense. He said it was difficult to conceive of other data needs (syndromically related that usually presented earliest in electronic form in an encounter: e.g., a complaint in an emergency department) being coded in the near term. Lab results were an important data source, and Dr. Loonsk said laboratory and other orders were viewed as early indicators of a possible attack. Admission and discharge data had value later in the encounter. Utilization data was important in doing aggregate data analysis of the possibilities of a disseminated attack, and how it might manifest in the clinical infrastructure. Analysis and pattern recognition systems could help prevent being over-whelmed by routine data, allowing everyone to react to the truly adverse event.
Dr. Loonsk discussed CDC's efforts to work toward substantive implementation of a secure standards-based data interchange network that could move data between clinical providers, public health departments at various levels, federal agencies, and participating labs. Noting it would take time for the version 3 Public Health Notification Messages CDC was developing to be used in clinical settings, Dr. Loonsk said they had to work with HL7-2.X messages where they could. CDC was looking at needs that traverse from data standards through transport and security: an ebXML wrapper offered across Simple Object Access Protocol and Web services that provided that infrastructure, so partners could exchange data more readily, using public key infrastructure-based encryption and the Internet. Dr. Loonsk noted there were secure ways of doing this now, but standards that could be advocated in a way that achieved true interoperability were still under development. He reiterated that there were needs for provider (as well as patient) information to be used and exchanged between public health agencies for communication and security purposes.
Dr. Loonsk said NEDSS incorporated a directory of public health workers based on the Lightweight Directory Access Protocol (LDAP) and using the LDAP Data Exchange Format. Aside from demographics, the directory will contain contact and security information. Dr. Loonsk noted that while HIPPA calls for development of a practitioner identification number, it stops short of requiring the authenticated electronic directory system CDC believes is required for a PMRI system to inter-connect.
Dr. Fitzmaurice thanked Dr. Loonsk for showing the relationship between existing informatics and CDC's needs. He asked if development of any code set that didn't yet exist (or expansion of one that did) would enhance CDC's ability to monitor and respond to these threats. Emphasizing that public health was a complex network of agencies, Dr. Loonsk said much of the complexity came from the need to exchange data between various public health agencies. The more specifically they could identify the data, the better. He noted he'd referenced some code sets CDC found important and some that extended beyond what was traditionally considered clinical code sets' turf (e.g., occupation). Dr. Loonsk said his broad sense was the principal obstacle to practical outcomes wasn't a lack of code sets, but lack of compliance and standardization.
Recalling that Dr. Loonsk referenced the Subcommittee's involvement in selecting specific PMRI standards, Mr. Blair asked if Dr. Yasnoff had worked with him on the Subcommittee's draft letter. Dr. Loonsk acknowledged that lately he'd been involved in other activities, but he'd had a chance to look at the recent draft and in general was supportive of these activities. CDC was very interested in vocabularies and codes and appreciated the specificity and vocabulary conformance achievable in version 3.0 messages--CDC targeted them and implementation guides as an outcome of immediate activities and was in sync with the Committee in promulgating the standards for public health notification messages. But he cautioned the Subcommittee to be realistic about when to expect them from the clinical care setting. First they had to be "out there" and advocated --and there had to be flexibility in terms of the data and how it was accepted.
Noting everything done by CDC in response to the anthrax attacks and Dr. Loonsk's comments about the need for case data management, exchange and getting the information out, Dr. Cohn asked if CDC thought the national provider ID would help leverage or maintain a national file? Dr. Loonsk said the need for provider identification related to a broad spectrum of data about providers (how to reach them by fax, pager, e-mail address) and the ability to readily interchange that data with appropriate public health agencies. He said CDC was very supportive of that endeavor and pursuing parallel concepts of public health interchange of provider information. Activities include: the Health Alert Network, FEX, and funding systems at state and local health departments assistive in communicating key information to public health and clinical providers. Dr. Loonsk said the huge data need apparent in the anthrax activities related to case management; linking of lab results and potential cases; surveilling for additional cases; and accumulating, managing, and exchanging descriptive information about facilities, syndromic and other data between appropriate agencies.
Ms. Greenberg asked if, in their most recent response to BT, CDC looked at the potential of gathering information from the administrative and financial data streams and issues related to having dual message standards: X12 for administrative and financial and HL7 for clinical. Dr. Loonsk said this was a big, ongoing issue: e.g., utilizing ELR when the lab result came from one provider and important demographic information was resident in another system or transaction. Recent activities accentuated the issue. CDC was very desirous of gaining greater compatibility and conformance between these transactions and worked at the ANSI and other levels to encourage reconciliation. Dr. Fitzmaurice acknowledged the public comments of Claire Broome and hard work of Susan Abernathy and their colleagues, and he complimented CDC on being a national leader in the use of national standards and utilizing all available resources to efficiently do the job.
Some 87 percent of Dr. Trapp's patients were covered by insurance, and he said moving from a paper-based to a completely electronic insurance processing system would save his practice over $20,000 annually. WEDI/SNIP studies indicated that healthcare practitioners alone could realize $30 billion in savings each year. The 1993 WEDI report projected payers and large institutional providers would save even more.
Dr. Trapp observed that the dental profession moved slower than hospital and physician colleagues toward electronic transactions. There wasn't a major nationwide payer exerting influence and dentistry hadn't been swept up in healthcare's move toward standard transactions. ADA's dental claim form was a recognized standard within dentistry, but there was no equivalent to the electronic transaction standard. Only 25 percent of dental claims were submitted electronically. The one consistency was widespread use of the Code on Dental Procedures and Nomenclature in both electronic and paper claim submissions. Dr. Trapp said most dentists wanted to minimize disparity in forms and administrative processes and reduce both time staff spent on these processes and the cost of providing dental care.
Dr. Trapp said HIPAA's final rule on transactions and code sets was a move toward administrative simplification: (1) implementation of transaction and code standards by October 16, 2002 set a clear target for a common, standard dental electronic claims transactions format that could stimulate dentistry's migration to electronic claim submission, (2) provider migration wasn't mandatory by that date and didn't burden dentists who continued to use paper claims, (3) extension of the implementation period beyond that date would impact negatively on dentistry, extending the lack of a single standard and attendant burden of different administrative practices added to overhead costs, and (4) the Code on Dental Procedures and Nomenclature was already widely adopted within the third-party payer community and used by the majority of high-profile commercial payers in the Blue Cross and Blue Shield plan.
Dr. Trapp said the final rule on privacy was, in many ways, consistent with the ADA's guiding principles on the privacy and confidentiality of patient information that most colleagues' would implement well before April 2003. However, Dr. Trapp noted ADA had concerns (already conveyed to the Secretary and HHS staff) about the final privacy rule's requirements concerning oral communications, written consent for routine disclosures, and existing civil and criminal penalties. He said the extensive list of security requirements in the proposed rule would overwhelm most dental offices that had single, stand-alone computers, which only a few employees could access. He suggested the concept of scalability, as addressed in the proposed rule, would enable timely identification and adoption of appropriate actions to implement the security regulation in a dental office.
He said adoption of a single, neutral national identifier had merit, especially in contrast to the inappropriate use of other existing enumerators (e.g., the provider's DEA number). And the eventual adoption of identifiers for health plans and payers would deliver the administrative simplicity anticipated by the underlying legislation and simplify the normal course of business within a dental office.
Dr. Trapp noted dental offices couldn't be ready for HIPAA until they knew what actions to take to be in compliance with the privacy and security provisions, but he said, given sufficient lead-time, dentists would be ready to comply with HIPAA requirements. ADA would begin offering seminars to state dental associations next summer, and would make available privacy checklists and kits to assist dental offices in complying with the privacy rule.
Mr. Klein, focusing on the transaction and code sets, summarized results of the fourth iteration of Gartner's HIPAA panel survey, completed in November, that assessed how the healthcare industry was responding to current and impending regulations for compliance with HIPPA. Some 190 participants were selected for this iteration using a stratified sample of 102 providers (comprising 24 integrated delivery organizations, 44 stand-alone hospitals with at least 250 beds and 34 physician groups of at least 30 physicians) and 88 payers (comprising HMOs with more than 10,000 members, large national preferred provider organizations and private health insurers). Participants' progress was measured against Gartner's HIPAA compliance-progress-and-readiness scale. There were five steps: (1) education/awareness, (2) risk assessment/gap analysis, (3) cost/benefit analysis, strategy complete and tools selected, (4) policies/procedures complete and tools installed, (5) testing/audits complete and third-party compliance verified.
Despite statistically significant progress since the last survey iteration in July 2001, payers completed an average of 57 percent of level I milestones; providers completed 50 percent. While 90 percent of payers and 82 percent of providers had finally appointed HIPAA officers, 25-30 percent still didn't have compliance committees. Over 40 percent hadn't finished delivering preliminary education on HIPAA's impact to their senior executives. Mr. Klein said the single most reason compliance lagged was that senior-level executives weren't aware of its importance or impeding deadlines. Drill down research indicated a primary reason was media coverage emphasizing possibilities of delay. Given other pressing issues (including pressure IOM's study put on the bottom line) healthcare executives chose to believe in delays. Mr. Klein said it had been obvious for 6-to-12 months that compliance with transactions and code sets wasn't about to happen. Progressive HCOs told Gartner that level I tasks took three-to-four months to complete, once the right personnel assembled.
Mr. Klein reviewed industry progress, noting differences were most dramatic with assessment (level II) milestones where primary assessment occurred. Some 78 percent of payers had started assessment tasks; 68 percent of providers had begun. However, payers only completed 42 percent of these tasks; providers, 21 percent. Anecdotal evidence indicated that, if the survey had included individual physicians, small group practices, or hospitals with under 250 beds, providers' results would be much lower. Mr. Klein said the most troubling result was that only 26 percent of providers completed a gap analysis or risk assessment on the transaction and code set regulation; most of these only finished in October. Although payers seemed to carry the bulk of the workload with the mandates, more than a third had yet to finish an assessment. Those that had, especially large payers with many provider networks, reported implementation and testing work plans took 12-to-18-months.
Evidence suggested many providers naively continue to anticipate that their software vendors would "delivery compliance" via upgrade patches and weren't even aggressively managing them to commit to delivery dates. Mr. Klein cautioned that providers had to understand and plan for the significant amount of work that remained, even if vendors successfully delivery on internal integration and testing, as well as certification with business partners. Mr. Klein noted Gartner had published research on the ripple effect for providers.
A final level II concern was that, only 15 months away from mandatory compliance, 89 percent of providers (who carry the largest burden in compliance with the privacy regulations) had yet to complete a privacy risk assessment. He suggested that the most disappointing finding was that no provider panelists completed a HIPAA cost benefit analysis (although 18 percent reported they'd begun). He emphasized that the message that HIPAA's administrative simplification could result in tremendous cost savings wasn't being heard or was largely ignored. HIPAA was still viewed as another conformance nuisance, similar to Y2K; avoidance of damages remained the primary objective.
Mr. Klein said a one-year extension recognized reality relative to the transaction and code sets. Virtually no HCO had completed any of the implementation and testing milestones of levels IV and V. And unless provider organizations stuck in level I and II tasks dedicated tremendous internal energy and resources to a compliance program, or immediately sought third-party assistance, they might not make October 2003. Mr. Klein said provisions in the recently passed legislation making the filing of reporting mandatory would help galvanize senior executives.
HIMSS's 12,000 individual members are healthcare professionals ranging from senior staff to chief information and executive officers in HCOs throughout the world. HIMSS also serves corporate members, including suppliers and consultants. HIMSS acted as neutral third-party data collector and analyzer in a survey of the status of 28 leading healthcare IT vendors' software products' compatibility with mandates for the Transactions and Code Sets rule. Responses were collected in December for 25 products representing some 4,700 installations in the healthcare IT marketplace. Products had a wide range of installation bases (6 to over 1,500) and industry segments represented included ambulatory care, hospital, professional practice settings, payer organizations and sub-acute care facility markets.
Vendors reported the electronic transactions most widely supported in the X12 format 4010 version were X12 837 P (Healthcare Claims-Professional, X12 270 271 (Eligibility Benefit Inquiry and Response), and X12 835 (Payment and Remittance Advice). Each transaction was supported by 24 of the 25 products. X12 837 I (Healthcare Claims-Institutional) transactions were supported by 92 percent of the products. X12 837 D (Healthcare Claims-Dental) transactions were supported by only four products: three in payer organizations with 60-150 installations and a hospital-based product. Two products were reported to support all nine transactions in the X12 format 4010 version. Both marketed to payer organizations; together they had 150 installations.
The Eligibility Benefit Inquiry and Response transaction, supported by 22 of the 25 reporting products, was the most widely supported HIPAA data content. 20 products supported payment and Remittance Advice and Healthcare Claims-Professional. Only one product, which served the hospital marketplace, supported HIPAA data content for Healthcare Claims-Dental.
All electronic transactions for which vendors reported all products would fully support HIPAA data content were also reported to fully support the X12 format 4010 version. However, only 85 percent of the electronic transactions that support the X12 format 4010 version were scheduled to support HIPAA data content. Four products, serving the ambulatory or payer markets, reported supporting the X12 format, but not HIPAA data. (Healthcare claims dental was not a component of all the products in the study.)
Seventeen products were reported to have a third-party certifier (CLAREDI) for testing compatibility of electronic transfers with the new HIPAA mandates. On average, each of the nine electronic transfers was tested for 60-68 percent of the products. Healthcare Claims-Dental was the only exception. All products reporting third-party certification testing for a transaction (except for one in the ambulatory market) also said they would support both the X12 format 4010 version and HIPAA data content.
Only two products (both in the hospital marketplace) were reported to be HIPAA compliant with the new transaction and code sets rule without a product upgrade. Free upgrades will be available for 83 percent of the remaining 23 products. Vendors anticipate users requiring an update will need implementation assistance; all vendors said assistance will be provided. Upgrades for six products are currently available or scheduled for release next month; remaining upgrades are scheduled before the October 2002 deadline.
Ms. Sensmeier summarized that vendor companies reported in the study appeared to have made significant gains toward meeting the compliance deadlines of the HIPAA Transactions Code Sets rule. A majority of the reported products would support electronic transactions in the X12 format 4010 version; a lesser number would support HIPAA data content. A third-party certifier had tested about two-thirds of the electronic transfers that would be supported. All products were reported to be available as HIPAA compliant by October 2002. Most vendors were providing free upgrades and were prepared to assist in installing modified software. Ms. Sensmeier said HIMSS, as a member of the Coalition of the Health Information Policy (CHIP), had expressed opposition to legislative proposals that would delay the October 2002 compliance deadline.
In 2000, Workgroup for Electronic Data Interchange (WEDI) spun off the HIPAA implementation task group called Strategic National Implementation Project (SNIP) to: (1) identify barriers, inconsistencies and ambiguities in the regulations and identify best practices resolving these issues and (2) bring about national coordination necessary for successful compliance. Three workgroups (Implementation and Awareness, Security and Privacy, Transactions and Code Sets) performed an information gap analysis identifying initial issues and crafted white papers further clarifying and defining best practices and recommendations for implementation. More than 3,000 participants monitor WEDI/SNIP work and list serves and (in addition to workgroup-driven efforts) identify overall challenges and successes related to industry-wide implementation. WEDI/SNIP pursues outreach to employer groups as well as regional SNIP affiliates, which are regional HIPAA implementation organizations. Membership includes providers, hospitals, clearinghouses, vendors, attorneys and consulting companies.
Ms. Yeager described a survey focused on identifying key issues and challenges related to HIPAA implementation of transactions code sets and privacy. Steering Committee volunteers drafted the survey, which was reviewed and then hosted via their Web site with links distributed through WEDI and WEDI/SNIP e-mail list serves. A significant number of the 214 responses were from covered entities. She discussed successes and challenges encountered in the implementation process and needs identified, focusing her comments on health plans and hospitals. Some 41 percent of respondents said gaining executive buy-in was their greatest success in implementing HIPAA transactions and code sets. Getting started was the great achievement for another 35 percent. Others mentioned obtaining internal resources and finding credible sources of information. Respondents had considerably less success coordinating testing with trading partners. WEDI/SNIP believes its process contributed to a number of these successes, and that its resources and work products (e.g., credible sources of information provided through list serves, papers outlining best practices, conferences) helped lower barriers to implementation.
Ms. Yeager noted hospitals and plans rated implementation successes fairly consistently, but a higher percentage of hospitals considered executive buy-in a success while health plan respondents tended to interpret the regulations a success. Some 30 percent of both experienced the most difficulty with technical issues and interpreting regulations. Other major difficulties were obtaining internal resources, finding credible sources of information, and coordinating with trading partners. About 19 percent had difficulty finding cost-effective ways to do gap analysis and get started. Sixteen percent had difficulty gaining buy-in. Thirteen percent had difficulty testing. Observing that a significant number of respondents attributed their greatest success to overcoming their greatest difficulty, Ms. Yeager noted the WEDI/SNIP process was designed to identify and address barriers to implementation.
While hospitals and plans rated implementation challenges fairly consistently, Ms. Yeager said proportionally more health plans had difficulty gaining executive buy-in while more hospital respondents had difficulty finding credible sources and coordinating with trading partners.
Noting the findings uncovered important needs and validated WEDI/SNIP's work, Ms. Yeager made three recommendations to NCVHS: (1) additional resources to disseminate WEDI/SNIP work products to a wider audience, (2) the Department's ongoing support in extending programs throughout the industry, and (3) that the Department streamline a process for handling questions and leverage communication channels on the HHS administrative simplification Web site to distribute information and recommendations addressing the industry's common challenges.
Mr. Fusile summarized key concepts of HIPAA Myths, Practical Realities and Opportunities: The Work Providers Need to Perform for Standard Transactions and Code Sets, a document PricewaterhouseCoopers prepared to aid clients in the provider community dispel myths that fostered inactivity. The first myth addressed was: My clearinghouse will do all this for me; I don't have to participate. Mr. Fusile said that, while clearinghouses had a big part in this process, they weren't a panacea or silver bullets. Few providers understood the considerable operational changes necessary to identify, collect and populate the required data elements so they could be reorganized and reformatted or the incremental data transacted along with a claim or eligibility, which was unique to a specific situation and allowed a transaction to effectively accomplish multiple goals. With standardization, either both parties had to agree necessary data existed within the current transaction, or they required another mechanism to communicate it (e.g., DSM-4 codes). Discussing potential for using the claims attachment transaction to envelope some of that functionality, as opposed to creating separate channels and work arounds, Mr. Fusile noted there were over 900 possible fields in a hospital claim (837-I transaction). Only 126 fields were always required; the actual number depended on the situation and conditions. Point-of-entry processes had to be in place to ferret out appropriate fields and codes.
Two: Vendors can deliver HIPAA compliance to providers via software. Noting most organizations reported they thought they'd be ready to submit an 837 transaction, Mr. Fusile said little had been communicated about what actually would be required from providers to get incrementally what they were with the current version. Fortunately they had a reprieve and could build in some of this. Some vendors claimed they'd release upgrades second quarter, giving everyone three months to build operational processes in place, test transactional capability, and have things up and running by October. Mr. Fusile cautioned that a train wreck was coming.
Three: Many providers are already HIPAA compliant. Mr. Fusile said many people didn't understand differences in the X12 environments and nuances to moving between version 3051 and 4010 formats. People using a 3051 transaction today used different versions, depending on their carrier or intermediaries. People also didn't understand coding issues around the clinical code sets or that, as long as they continued to use a variety of local codes, they weren't HIPAA compliant. He noted they'd heard that morning about the impact unwinding these codes would have on reimbursement. Providers, focusing on the claim and remit, overlooked the other transactions that didn't occur today in Medicare but would enable a provider who already had 80 percent electronic enrollment or claims transactions to build one operational process accumulating all the data and communicating with everyone.
Four: They had ten years to get this done. Mr. Fusile pointed out that healthcare had many priorities, changes, allocation and budgetary pressures that contributed to delay. Changes (e.g., moving from NDC codes to J codes) reinforced the belief that it was prudent to wait. PricewaterhouseCoopers hoped a line would be drawn in the sand so people would move forward.
Five: Medicare already does it; so it should be easy for everybody else. For Medicare, Mr. Fusile said this was a matter of remediating only two Part A adjudication systems: the APAS system in Arkansas and the FIS system in Florida. He emphasized that each provider/payer relationship was unique. Some payer systems had ten components to remediate and didn't have standard code sets or standardization across the board.
Six: HIPAA compliance would be much simpler for small providers. Mr. Fusile pointed out that the market wasn't focused and centered on small providers. With the deadline looming and lack of vendors ready to support this market, small providers faced significant challenges. Noting CMS offered to put out a software package that a physician or small practice could key into and submit claims electronically, he cautioned that the duplication and inconsistencies that process would require actually might make one less efficient while becoming compliant.
Seven: State governments only need to worry about Medicaid and their state employee group health plan. Mr. Fusile emphasized that many other organizations within the state relied on this data obtained from providers and would be significantly impacted as the mechanisms and communication systems in place changed. PricewaterhouseCoopers' biggest concern, from the provider's perspective, was that, in addition to everything they needed to do to become compliant, they would be barraged with requests from the state to set up other mechanisms to continue these processes--e.g., a process to map and translate the codes for EPST reporting in Medicaid.
Eight: HIPAA compliance equals administrative simplification. Mr. Fusile pointed out that one could become HIPAA compliant--and be more complex, less simple and less efficient--if one sought compliance at the lowest possible cost. He encouraged looking at the value of what one spent versus what one got: when a vendor said it would be ready to submit an 837 claim, ask if you would be ready to do the check status of that claim on line. Ask if it would pre-populate eligibility information into claims to avoid keying areas. And ask if you could push a button and check eligibility for individuals scheduled to appear tomorrow. Being compliant with communications was one thing; integrating and building efficiencies was another.
Noting respondents almost uniformly reported being in an early stage of implementation, Dr. Cohn said he was thankful Congress gave everyone a bit more time. Asked about the chances of Mr. Fusile's train crashing a year later, Mr. Klein said payers reported they'd use the time to take a more strategic approach to compliance and gain economic benefit in business process reengineering. He noted providers had less to do: the federal government mandated a major portion of their business and they dealt with the ripple effect while benefiting from electronic claims and supporting only one format. He reiterated that having to file reasons why one couldn't be compliant along with a high-level plan signed by an officer of the company might prevent an extended "break."
Ms. Sensmeier considered the delay issue resolved: a bill was moving forward that required specific conditions--This wasn't an open-ended delay. She said vendors realized they had to be ready first. Ms. Yeager reported WEDI/SNIP already held a conference call to discuss the impact of the timing on their transaction-sequencing white paper and would rework others in light of this impact. WEDI/SNIP saw their role as leveraging this opportunity to broaden and deepen education, ensuring the industry had best practices and resources to guide them through the process. Noting a potential for this to end up on the back burner, Mr. Fusile urged everyone to push forward. He remarked that people talked about sending paper when "worst came to worst," but legislation took that contingency away and now there was "a bit of a stick." But testing requirements shrunk the extension to six months and many sat on the fence through November and December--so effectively there were only four extra months. As a provider, Dr. Trapp said he found delay unacceptable. Every patient in the country spent $1,000 a year to hand paper to the insurance companies; administrative costs took 25 percent of the total healthcare dollar. He said perhaps there could be some latitude about enforcement, but they shouldn't delay--a year from now the same people would only ask for another. Agreeing there would still be a tendency to relax, Mr. Klein said the administration and Congress needed to make it absolutely clear that they were committed and would prevent further foot dragging.
Ms. Yeager clarified that additional resources WEDI sought to help disseminate work products could come in terms of funding or people to assist in disseminating products and sharing information through list serves, Web casts and conferences. WEDI didn't have a definitive list, but wanted to open a dialogue and see what resources might fuel the process.
Asked about learning best practices from early compliers, Mr. Klein said a number of significant players (e.g., some state Medicaid agencies) could go forward. But he pointed out it wasn't simply a question of internal readiness; a significant number of trading partners also had to be ready to test. Mr. Fusile concurred. Those furthest along would be able to test, send and receive transactions, but might not be able to access enough permutations of data to know how their systems actually performed. Many clients told PricewaterhouseCoopers they were ready and then failed at the initial testing level. Dr. Trapp commented that, as a beta tester, it took two weeks to convert, pull and run the data for a practice management system that had been "gobbling up" other systems; one thing learned from the analysis was that their electronic claim format had to be changed in order to become HIPAA compliant.
Mr. Blair queried whether (even if almost everyone worked with Gartner and Coopers and followed WEDI/SNIP guidance) there wasn't a need for national coordination for the testing between providers, payers and clearinghouses. Ms. Yeager said WEDI/SNIP strongly encouraged and supported national coordination through and across the implementation process. Healthcare was a cottage industry, locally and regionally based. She emphasized the growing reliance on regional efforts (e.g., identifying state Medicaid local issues and specifying and developing educational strategies to help providers through the process). Mr. Schuping noted WEDI/SNIP intended to document successful relationships between trading partners, creating prototypes others could use. They sought funding to conduct case studies.
Mr. Blair expressed concern that payers would be overwhelmed trying to coordinate tests with providers, because there wasn't an orderly national process. Mr. Schuping said a priority at WEDI/SNIP was bringing key stakeholders together to outline a full national implementation blueprint. They were struggling with what that blueprint looked like, how to pull it together, and key players and resources (personnel and financial). Creating details on how to test would be a challenge, Mr. Fusile said, because that would vary for so many participants, but the format of the plan for extension could tie some things together. An enforcement document could focus on the level of due diligence, forcing some understanding of accountability.
Dr. Zubeldia observed that WEDI/SNIP recommendations call for beta testing (the date pilot testing with trading partners begins) for 837 and 835 primary transactions on October 1, 2001. Systems readiness (when transactions actually were taken into production) was scheduled February 1, 2002. And readiness was May of 2002. Noting he still saw that train wreck coming, Dr. Zubeldia asked if the schedule was going to be revised. Ms. Yeager said the paper was being revisited to assess, not only the impact of the new time frame, but to peel back the layers and view the time frames as context.
Dr. Fitzmaurice reflected on the scope of HHS's outreach: presentations by Department representatives, availability to answer questions, the Web site with questions and answers, electronic copies of notices of proposed rule making and final rules, a schedule for when it was hoped the rules would come out, meeting announcements, NCVHS reports, and letters to the Secretary. Mr. Klein noted a big problem was getting executive buy-ins. Ms. Yeager suggested that had been one of the Committee's accomplishments: 41 percent of respondents considered buy-ins their biggest success. Dr. Fitzmaurice asked what else HHS could do to foster awareness, get budget allocated and implementation teams in place. Ms. Yeager said she firmly believed buy-in started with, and was driven by, education and awareness: getting executives to understand, not only what HIPAA was, but the impact to their organizations and their obligation to comply. Executives wanted a strategic perspective. Ms. Sensmeier said part of the problem was the executive level was so far from details of the transaction. Part of this process was getting privacy officers and HIPAA teams in place. The process had to be broken into logical components: what had to be in place for each part of the rule and who had to meet each one.
Noting they'd heard the need for case studies, Dr. Trapp urged the Subcommittee to do a retrospective review that demonstrated the cost savings of implemention. Mr. Klein agreed, and acknowledged the service WEDI/SNIP had done. He said organizations that released people to participate and anything government did to assist would be enormously helpful. They'd all missed the boat, not reminding people why they'd gone down this path and that the pay-off for society was enormous and began inside each organization. Case studies could show community hospitals a world with a higher rate of auto-adjudication, where information systems put out only one format as provider, and claims came back easier. Mr. Klein acknowledged this wasn't a perfect standard and wouldn't eliminate every problem, but he said it would dramatically cut back the amount of individual manual information providers and payers had to process. Visionaries and leaders needed to rally everybody about why this made sense.
Ms. Yeager said WEDI/SNIP contemplated publishing a study of cost savings and benefits: the business case for EDI. Hospital CIOs wanted to see the numbers. Mr. Fusile concurred. Executives needed something to bench mark against; milestones would go a long ways. Everyone still looked at HIPAA as an ultimate goal and not the first step in a longer-term process that facilitated the quality of care. Buy-in began when an executive made that connection. One competed on quality of care, and this was the first step.
Ms. Gilbertson said she believed the pharmacy industry was ready to proceed toward October 16, 2002. The pharmacies faced a change of business practices with significant impact on billing of supplies, professional services, and code sets. And statements in the privacy regulations affected named transactions. Individual businesses were focusing on plans and moving forward, but NCPDP was spending its time discussing supplies, professional services and the privacy regulation's impact. Dr. Cohn noted a difference between the bill and appropriation of funds, but he said there was money to provide better outreach and, hopefully, answers to questions.
Discussion of NCVHS Activities Specified in HR 3323
Ms. Trudel outlined the specific role House Rule 3323 defines for the Committee in the review of model compliance forms. The Secretary is charged with promulgating a model compliance form usable in drafting a plan. Each plan is to include an analysis of why the person won't be compliant, budget schedule, work plan, implementation strategy, whether the person plans to or might use a contractor or other vendor, and a time frame for testing beginning no later than April 16, 2003. Plans may be submitted electronically. In its advisory capacity, the Committee is to help determine the plan's content. It also has a role in analysis. The Secretary is to furnish the Committee with a sample of plans submitted, redacted to remove any trade-secret information. The Committee shall regularly publish and disseminate to the public reports containing effective solutions to compliance problems identified in the plans, written to assist the maximum number of people meet compliance by addressing common problems. The Committee is also required to consult with the four organizations specified in the Social Security Act as advisors to the Secretary as well as DSMOs specified in the final rule.
Commenting that, read strictly, this seemed to envision a different role for the Committee, Ms. Trudel expressed the Department staff's belief that Congress didn't intend for them to necessarily find solutions, but to use the plans to trigger questions that point toward significant issues. The Committee always had the ability to hold hearings, consult and take written and oral testimony, and make recommendations to the Secretary.
Noting the staff was discussing this process with internal lawyers, Dr. Cohn suggested the first step was developing the form and questions for the industry. Assuming timelines were compatible with meeting dates, they might take testimony and get input on form design and useful information. They'd heard suggestions about how to identify issues, develop solutions, and move forward. They needed to get wider views from the DSMOs, consulting organizations and the industry about areas of maximum benefit. He questioned whether it was the Subcommittee's role to write white papers on solutions, but he said there might be ways to authorize development of papers that benefited the industry and they could recommend that HHS provide limited funding.
Given all they'd heard and the anxiety Dr. Zubeldia's expressed that, without milestones and marching orders, the deadline could come quicker than realized, Ms. Greenberg emphasized that the model plans had to get commitments at organizations' highest level. Noting the Senate expressed concern that, in releasing people from the 2002 date, they not be straddled with unduly burdensome requirements, she said the essential thing was to identify critical milestones or commitments and focus on them in the compliance plan. She agreed with Dr. Cohn that it wasn't an advisory committee's role to come up with effective solutions to compliance problems, but she suggested there were creative ways to achieve this. She expressed concern, given the propensity toward delay and "pointing the finger," that the Subcommittee had to come up with specific ways to be responsive so, later, people didn't say they couldn't comply because NCVHS hadn't regularly published and widely disseminated reports.
Ms. Trudel noted WEDI/SNIP and others were looking at these issues. She said NCVHS could take on the role Ms. Yeager suggested: disseminating information about solutions to significant problems. Mr. Scanlon remarked that the statute gave minimum guidance about what to include in the model compliance acceptance plan. The lawyers would decide boundaries and scope; generally one was advised to follow the statute and not much more. The issue of facilitating compliance rather than creating a burden was a careful balance for everyone. He cautioned that the Committee didn't have a regulatory capacity and couldn't perform an operational governmental function. He suggested what was envisioned was that the Committee play to its strength: look at a summarization of the plans, what people explicitly or indirectly indicated were real problems and obstacles in compliance, focusing on guidance and advice, not specific solutions to compliance that might not have legal status outside the regulatory framework. The committee could always do what it did well: identify issues and shine light on possibilities.
Dr. Fitzmaurice said the four organizations advising the Secretary and the DSMOs the Committee had been told to talk to could assist in developing and analyzing the plan. Noting the volume of letters already received, he suggested if they made known the need for case studies, they'd receive scenarios as issues came up that could be published on the Web site. They'd also get case studies from hearings and by looking for scenarios that matched issues in emerging plans.
Ms. Burke-Bebee questioned if communications could be missed and the process slowed down by the Committee and industry looking to each other for the compliance solution. Mr. Scanlon suggested thinking in dual terms that ultimately came together. He separated the model for the compliance acceptance plan, which needed to be filed at HHS prior to the October date, from the analysis of those plans and identification of directions for compliance. The Subcommittee had a general structure for what that compliance exception plan should be and address. He doubted a company would provide many confidential and trade secret details in something likely to be FOY-able--specific compliance solutions would come after hearings and analysis. Although they referred to a plan, Dr. Zubeldia noted the Committee or HHS only had to develop a form for reporting the plans. The plan for compliance would be developed and filed by the covered entity.
Dr. Zubeldia suggested publishing some fields on the Web site. As Dr. Fitzmaurice pointed out, people had to know which of their trading partners had filed and their compliance dates. Predicting many plans would be filed by people who were otherwise compliant, but their trading partners weren't ready, Dr. Zubeldia said it would be a waste of time and resources to sample them. Dr. Cohn summarized: they needed to provide input to HHS to help them develop a form, industry had to come back with their responses and a compliance plan, and the Subcommittee had to develop a plan to meet the requirements of this new law.
Ms. Greenberg remarked that the more this form was standardized and the easier it was to fill out, the more it would reduce the burden on those who submitted or analyzed it. The basic model should be electronic, relatively easy to complete and analyze. Dr. Zubeldia noted the Gartner Group estimated 1.2 million forms would be filed. Mr. Scanlon remarked that government agencies did this all the time with forms standardized in terms of a simple structure and questions. Members noted that an exception for PRA was being queried at this point. Dr. Fitzmaurice suggested CMS might report on their model work at the February hearings. He also said they should consider having people file on the Web site, making filing electronic, readable and--if structured as Ms. Greenberg proposed--easy to triage and conduct a sample. Mr. Scanlon noted there could be confidential, trade secret and proprietary information in those plans. Ron Tennant, WEDI/SNIP Co-Chair, reported that the WEDI board approved a plan to issue recommendations on the model. He noted the legislation said HHS was to develop a template, but everyone didn't have to use it.
Dr. Cohn said a number of industry segments wanted to provide input and he hoped in February to get industry input beyond WEDI and to see concepts and model forms and get everybody's best ideas about how to proceed, given another year, and what HHS, NCVHS, and the private sector could do to make it as successful as possible. One thing they'd heard that would enliven these dates dealt with the enforcement and compliance final rule, which had to take into account the testing deadline. A number of people called for statements from HHS and others emphasizing the seriousness of these dates and the timeline. Dr. Cohn noted the Subcommittee already had two full days in February: one day on code sets and another on these issues. Hopefully Ms. Humphreys and Ms. Trudel would identify the issues and people and at least talk about the model and model forms. He agreed with Ms. Greenberg: this process needed to be simple and, above all, helpful to the industry and the patient.
Mr. Scanlon discussed the Committee's obligation to report annually to Congress on the implementation of HIPAA. The 2001 HIPAA annual report was submitted in March. Noting that was a year of transition, Dr. Cohn asked members to review last year's executive summary that focused on the status of implementation, industry response and major barriers to implementation. He visualized two broad themes: (1) moving toward implementation, the June letters, recognition that the industry required a delay, a comment to Congress on the Committee's actions based on the law passed, and how to ensure the process moves forward; and (2) a parallel piece assembled by the Privacy and Confidentiality Subcommittee. Members noted that this was becoming an integrated suite of issues with both Privacy and Population Subcommittee concerns. Mr. Scanlon suggested the Subcommittee start with the letters, proposed and final rules, the delay and anything else that changed the factual situation. Members plan to have a draft report for the February Subcommittee meeting and a final report for the full Committee to approve during those sessions, subject to changes. Ms. Greenberg suggested notifying the entire Committee of the time frame, pointing them to the HIPAA report on the Web site, and inviting suggestions for additional topics. Dr. Cohn thanked everyone for two productive days and the meeting adjourned at 1:07 p.m.
I hereby certify that, to the best of my knowledge, the foregoing summary of minutes is accurate and complete.
/s/ 12/28/2002
_________________________________________________
Chair Date