[This Transcript is Unedited]
Quality Hotel
1200 North Courthouse Road
Arlington, VA 22201
Agenda Item: Welcome and Call to Order
DR. LUMPKIN: Even though we're a little bit early, we're going to try to start. All those folks from the earlier meeting are welcome to stay. Mary Jo sends her regrets but evidently her boss has left, resigned, her direct boss.
MS. GREENBERG: Who is that?
DR. LUMPKIN: I don't know his name, and the Ash(?) is having retreat or something.
MS. GREENBERG: But the Ash didn't leave?
Agenda Item: Follow-up on July 24th Hearings - Dr. Lumpkin
DR. LUMPKIN: No, that's not her direct, the person between her, so she has been invited to represent her unit at this retreat so she will be there instead of with us. So we really have two items that we want to discuss on the agenda, follow-up to the hearings that we had on July 24th and then look towards additional hearings. So having said that, it's seems to me that one of the issues that came up at the hearing as we talked about personal health and had folks in, it seemed to pop out a lot was the issue of developing standards for the personal health record. There seemed to be a lot of resonance on that issue. Mary Jo in her note to me said that she also shared that with the Markle(?) Foundation's Connecting for Health Personal Health Workgroup of which there was lot of resonance and interest in that and they have subsequently adopted the idea as one of its core activities over the next nine months. So there should be some work coming out from that angle. And they will be having some preliminary work very soon, so this will be something that we can certainly collaborate with or point a direction, so that's one of the areas we discussed. Were there any other follow-up ideas from the hearing on the 24th we want to talk about? Everybody trying to get into the frame of mind, what did we do on the 24th of July?
DR. MCDONALD: We saw the cement pouring, I know that.
DR. LUMPKIN: If you remember, we started off with a population health issues from Baltimore, and cancer prevention, we talked about the cancer registries, and then we talked a little bit about surveillance systems. We followed up with some discussions about the use of e-mail in clinical information systems and then we proceeded to talk about the related issues of personal health records.
DR. STEINDEL: This is a general gestalt feeling that I got especially from the morning testimony and I'm sorry to say it because I'm involved in public health, is that the impression, one thing that I think we have to more directly address is the territorial issue with regard to public health. The message I got from Baltimore in their immunization registry is we're doing a real great job as long as we play in Baltimore. The cancer registries, we got the same type of impression from them, our cancer registry, and I'm using the our, is doing great. When we asked Mary about it, well what happened is the case is in Indiana, well, we're thinking about it. I think this is something with regard to the NHII if we really want a good functioning NHII I think in subsequent presentations, written presentations, I think we need to more directly address the territorial issue in public health in some way.
DR. MCDONALD: Steve, I'm not sure what you mean. You mean the fact that it's by state or the fact that --.
DR. STEINDEL: It's even worse than by state. Sometimes it's by zip code.
DR. MCDONALD: Is the problem that they reject the others only parts of them do well?
DR. STEINDEL: They don't talk to each other, they don't communication with each other. They know they need to, the example I use is what happens if you're living in Ringold, GA, which borders on Chattanooga and Alabama and you get diagnosed with a public health case because you're doctor is in Chattanooga. Where is this all reported and everything? There needs to be some established standards concerned that.
DR. LUMPKIN: And I think the issue has another implication which is if you go from state to state and each of them, those that do have cancer registries, the kind of information and what they are collecting is different. NASCR, National Association of State Cancer Registries, I know is talking about some sort of standardized form, but if we are looking at an automated environment and we're looking at objects whose job it is to scrape cancer registry data out of clinical records, it would make more sense for there to be one such object. So that following-up on Steve's issue, one of the things that we may might want to try to precipitate as a workgroup is some assessment of the standard development of registries, state-wide registries. The Department of Labor has a registry for fatal occupational illnesses. If we're going to automate that are there pieces that we want to look at for standard record, trauma registries, injury registries, there's just a whole ton of these things that if we look in a new environment might benefit from having a closer look at some additional standardization.
DR. MCDONALD: I've even actually been working with Indiana standards, not actually the Public Health Department yet, but that's our plan, there are 300 different variables. There's a challenge because there's a -- groups and another group which has some slight sub-setting differences, but it really is pretty good data and there's really practically always a subset that people are mostly collecting. The treatment data is harder to get, it's so far, and secondly there is a standard activity and we're now with a vendor which is Rocky Mountain which is about to give us an HL-7 interface delivered out of their system, I think they are doing a two-way one actually, so you can send stuff in as well. There are a lot of challenges but they've done some stuff so they are not naked in terms of standards.
DR. FRIEDMAN: I actually think in some ways this fits into the general framework, in some ways the issue is less registry specific. For example, with the cancer registries, NASCR and CDC which is, there are CDC funded registries and then there are NCI funded registries and both of them now have been sort of beaten into line, but having said that, I think the issue is more cutting across registries, which is something we all know, the cancer registry is going to be using different standards than HIV, vitals, etc., etc., and CDC is in the early stages of addressing that through NEDS(?) but in some ways it's the early stages and I think giving it a real push through NCVHS would I think probably be very helpful.
MS. GREENBERG: I would just say that this is an area that the Public Health Data Standards Consortium is certainly very interested in and has done some preliminary looking at and would be more than happy to partner with the committee in addressing this.
DR. LUMPKIN: Do we know anybody involved with that organization?
MS. GREENBERG: We could find someone.
DR. MCDONALD: I'd just like to reinforce the cross-registry, in fact that particular one has particular wealth in it because of the probable excess cancer mortality -- patients and getting across that is a rich area of research, in fact I know someone who is doing some of it, but it's a challenge because of the lack of standards.
DR. LUMPKIN: So, in some ways we're sort of delving into an interesting approach because we're now looking at those areas that have traditionally been within the purview of individual states as being where there may be some inconsistency in the, while the federal dataset may be standardized, what the states actually do in generating them subsequently and passing on to federal dataset can be widely different.
DR. FRIEDMAN: I think the federal datasets are standardized within the dataset but I think CDC, well you know as well if not better than I do John, but there's still a long way to go even within CDC. It's shocking isn't it Steve to standardize across those datasets. Although, Lord knows they've made, there's a lot of progress being made and one has to give them a lot of credit.
DR. LUMPKIN: Ok, other ideas from our?
DR. STEINDEL: In the same vein I was very encouraged by what I heard on the personal health dimension. There was a lack of standards and Mary Jo was quite correct we probably need standards on a personal health record and everything but I was really was encouraged on hearing was the acceptance of the personal health record outside of the commercial area. We heard about the failure of commercial personal health records but when we heard from the insurance companies or the communities when they were making personal health records available that people were using, there was a growing acceptance of them. I thought that was encouraging and it's something we could build on.
MR. BLAIR: Steve do you know if ASTM developed a standard or standard guideline for personal health records?
DR. STEINDEL: Well, when that actually was mentioned a few minutes ago I was racking my brain because I think there is an initiative within ASTM to develop a standard for a personal health record but I can't speak from fact on it.
MS. GREENBERG: Well if there is they should really coordinate with this Markle Foundation.
DR. ZUBELDIA: As I understand it this new bill that is going through the House and Congress on outpatient safety has some component where the providers are required to give the patients access to certain information electronically through the internet. At least plain history and some other stuff, specifically through the internet. With a web browser, that's how it's described.
[Laughter.]
DR. LUMPKIN: OK, do we want to and again, looking as we're kind of developing agendas for hearings down the road, do we want to delve more into this area? Interestingly enough, one of the groups that really became very much enamored of our report was the Foundation for Accountability and for those of you who may not be familiar with that organization, they've done a lot of work on the consumer, the health care consumer side of development measurement sets and ways of displaying quality data for use by consumers so they're very interested in our approach towards the personal health dimension.
DR. MCDONALD: My only worry is that, not worry, I want to be careful that we build, as the report says, a framework where these different views are views rather totally isolated standard trunks. I guess we just gotta, the report says that all, so I guess, there's a tendency to fit the cubby to a stovepipe.
DR. LUMPKIN: And I think to the extent that we look at the personal health record and the issue is, is how does that interface so that in fact it can be constructed in an automated fashion for an individual based upon interactions with their --?
DR. MCDONALD: Well, the things I work on, immunization is a good one, because what would likely happen if I'm thinking of the consumers, yes, no, I've got my immunization shot, yes, no, where is --, there is no place to put in the lot number and everything else that would have come across if they got it from their provider who has to record all that stuff. There may be impedance mismatches if they think about it coming from another source versus someone just typing it in.
DR. LUMPKIN: And that raises an issue that we're actually in the point of discussing in Illinois, where we have a state-wide immunization registry and what the registry does is for the individual clinician, it keeps track of lot numbers, and the question that we're struggling with is not in the immediate future, but down the road, do we make that accessible to the parent? Similar to our reports that the parents can pull up their child's immunization record and they'll know we're missing a couple of shots. We need to take some action on that but obviously the security issues are ones that we're not quite ready to address. That's the kind of thing where the patients, the persons' health record may be populated by events that occur in the clinical side. But the conversion or the knowledge that's added to that process may be a state in the population domain, it's says ok, this is what you have, this is what your child needs, so it helps them in their decision making.
DR. STEINDEL: You mentioned the word security, and this is what I found another thing interesting from the testimony on the personal side was that according to at least Serner(?) and I also believe the gentleman from Seattle, that to a certain extent, people were willing to trade off security for accessibility. I think we need to investigate what they trade-off this.
DR. ZUBELDIA: I think what I remember hearing is that the use of certificates which is really the ultimate security is down hill and people go back to perhaps the less secure password because it's easier to use.
DR. STEINDEL: It's easier to use. That's what I'm saying. That's what I'm wondering, we've heard from a lot of privacy advocates that we need to lock every thing away, maybe we need to hear what type of security system should really evolve that makes this data secure and accessible. I don't like the idea of just going to passwords, personally.
MR. BLAIR: The impression that I've got is that a lot of people feel like the obvious answer is biometrics won't cause you a delay but even if it is biometrics and it becomes inexpensive enough to be available on all PC's, the next question there is how the privacy advocates feel about biometrics?
DR. MCDONALD: There are actually two threads on this. If I'm in a practice and a patient comes to me for one visit and I give him a tag or a number that they can get at that data from that visit, the risks are actually very low. But then the problem is is that they can merge it, and the merging problem is enormous no matter how we do it, biometrics, or whatever.
MR. BLAIR: I might just make a mention because the survey that we did this summer, the MRI does a survey, Fourth Annual Survey of VHR Trends and Usage and when we got to our question with respect to usage and experience with data security practices and standards and procedures a lot of progress has been made with access control usage and standards and with security within the health care environment and data security across networks. The area where the least progress was made was authentication which gets to the issues that you began to mention is that people just shied, pulled back from the idea of using certificates, they seem so cumbersome and time-consuming, and it did appear as if the thing that they are looking for with the greatest promise is biometrics, so if we are going to investigate that issues that's sort of the area I think we should focus on.
DR. MCDONALD: Could you extend that, I mean to say look at authentication because there's really smart cards and biometrics and they may interact depending on how you think about them. Biometrics is not necessarily that secure, it's convenient and smart cards are almost always very secure except, everything has a little bit of an underbelly that you can get at, but together they would probably, and they're not, the biometrics is more expensive than secure ID, you're absolutely right.
DR. LUMPKIN: I think maybe rather than trying to get into the actual technology, there may be a higher level question that needs to be resolved first, which is we can figure out how to make these systems fairly secure, you put in certificates and biometrics and all this other stuff and you can have a relatively, a fairly tight system. But what we're hearing and we need to really have a handle on is shouldn't people have a choice so that, and rather than saying one system fits all, if we envision a system where someone really wants to have all that security, they can, and those who prefer to have an ease of use understanding that there are risks association with that, can take those options. There are all sorts of ways of doing commerce on the internet that are more secure than you log onto a web-site and you enter in your credit card number. Most people choose not to use them but there are options. Much of the question is to what extent can that be part of our approach or an approach that allows the individual user to make those choices. Then if we want to get at that, who would we bring in to ask those question, because I think the privacy advocates can tell us what they would consider to be the standard for the top level of security but we need to hear from people who are very concerned about the digital divide and to what extent now are you, if you use tokens and some of these other things or even require that they have to log- on from a registered log-in at their own computer, well what if you don't have your own computer? What if you're using the one at the public library or something like that? And it's still important to you that you want to get your health information even though it's not a secure environment and people can be looking over your shoulder. But if they want to have access, shouldn't they have the right to have that access? So the question becomes is how do we get to that question? I think we need to define both ends and it may be that looking at some non-traditional groups, consumer groups, whether it be AARP, whether it be organizations that represent the homeless, those kind of groups to get them to discuss the issue.
So we've talked about wanting to delve a little bit into the issue of registries, a little bit more into public access to their own personal health information.
DR. STEINDEL: I think we've already, I don't know if we've discussed it within the workgroup or not, but we've discussed it multiple times about the idea of having some presentations with regard to what's going on now with the NEDS project and the other groups and syndromic surveillance and what is going to develop as the population health structure. So that's another area that we can have hearings on.
DR. LUMPKIN: Here is another one. Seeing as how it's after 5:00 and we're all off the clock, I guess Congress wouldn't be upset if we discussed this but, the personal identification. I think we would need to look at the restrictive language that we're dealing with. The issue becomes with the implementation of the privacy regulations, is it pertinent at some point to talk about how someone's health information can be identified with them. I want to disassociate this from a discussion about a single mandated, HIPAA mandated unique identifier because I think that was a big mistake. But for those that want to have a single number or a single identification system so that their record can travel with them electronically, how can that be done? And then to the extent that there may be multiple solutions, how do you adjudicate between different systems that may have different identifiers?
DR. ZUBELDIA: Can I just throw in a wild idea, which is not unusual? When you go, sometimes you go to the grocery store or you go to Service Merchandise, there is this thing that says take a number, and you take a number and that's your identifier for that visit to the store. There could be a national take-a-number identifier and you can take a number and use it for the rest of your life and if your concerned about your privacy about a specific episode of care, take another number for that episode of care, know that you're going to be assigned a unique number that you can throw away at the end or you can keep using the same number you've always been assigned to provide continuity. It gives both possibilities, you have continuity of care with your permanent number or you can take a temporary number for an episode of care and throw it away. The number is not intelligent, it doesn't have anything to do, all it provides is continuity. There is not even a registry as to who has taken what number. You go to a place where you're given a number and that's it, there's no identification of your name and the number.
DR. LUMPKIN: Let me see if I understand this concept. You suppose that we generate the number by using your provider's ID for that visit, the Julian date and the sequential number patient that you are on the day that takes a number. So that number has a fixed set number of digits and then when I go to my next visit after that one, I'm given the option of giving them that number, or pulling another number which again, could be constructed the same or just a random generated service that everyone would subscribe to. Now if I lose my number I know that my provider who I went to for the first visit or the second visit or third visit that I gave my number to will still have my number. So it's reproducible. But now let's suppose I have been, have had an indiscretion and I need to see my urologist and I don't want it to be part of my medical record, when I show up at that visit I could pull a separate number which I would only know about and wouldn't share with my partner or any other person like that so it would have the ability to be a unique number that you carry with you all the time and you can have other encounters that would be operated under another number. Now what happens when your insurance payer --.
MR. BLAIR: We can call it discreet number squared. It's discreet and it's discreet.
DR. ZUBELDIA: If you want to associate both numbers you could tell the specific provider these two numbers are mine.
DR. LUMPKIN: Or what you could do when you go home and create your own health record you enter that number for that encounter and it would based upon the algorithm's that are developed for creative network that then generate, add that data to your file.
DR. ZUBELDIA: I would not generate a number based on specific provider because there's some intelligence in there, you go to the AIDS clinic to get your number --.
DR. LUMPKIN: Actually you have different providers than I do.
DR. ZUBELDIA: That says something.
MS. BEREK: There's been a lot of work on the negative side of this done by law enforcement because of identity theft in billing and so if you were going to move into something like this it would have to be completely disconnected from billing which would make it very complicated. But you might want to talk to the people in the Inspector General's Office, the HHS Inspector General, and the FBI who have worked on identity theft because it's a problem in Medicare, it's a problem in Medicaid.
DR. ZUBELDIA: Here's how I would associate it for billing. When my employer offers insurance to me there will be an enrollment form in which I write my number that I want covered and I only get to write one. And if I don't like it to be covered then maybe I can get a different number or I'm not covered but I would write my number and that number has to be on all the claims for billing. -- for Medicare.
If I have multiple numbers it's a problem because I want some privacy, how would the insurer know that those multiple numbers actually correspond to one person or multiple persons?
MS. BEREK: Which is why the insurance industry, looking at Medicare as a payer, Medicaid as a payer, from CMS and having once been in charge of program integrity at CMS -- but it would be interesting to listen to the folks in law enforcement to sort of see what the other side of this problem is.
DR. MCDONALD: It could also cause some real havoc to the public health reporting in terms of getting your counts right and doing any kind of tracking. If you give the fake number just for fake purposes but you're still as a deep number connected, you haven't accomplished your goal. If there is no deep number connected you can't accomplish other goals. It's an interesting challenge.
DR. LUMPKIN: Except that public health systems are based upon name anyway, name and address.
DR. MCDONALD: Those systems where that becomes important where you're going to have to do some follow-up, infectious disease reporting, that kind of thing, but obviously we need to explore these kind of different kind of options but what's interesting about that idea again is it gives the individual a choice and I think we'd want to explore those and look at the down side and the up side. The program integrity and the fraud potentials for me to list myself, my brother and my cousin as the multiple numbers on my payer and then they just show up.
DR. LUMPKIN: On your model how would you keep the person, say they gave you the number, how do you know it's the number they really meant to, they could type it in wrong, they could remember it wrong, or they could make up a different one that's not them.
DR. ZUBELDIA: I wouldn't know. There would be no linkage between the number and the name of the person.
DR. LUMPKIN: They'd figure it out the first time they tried to use the insurance.
DR. MCDONALD: How do you keep it from being duplicated, you colliding with someone else, you're using a number to go to this fake clinic to have your tests done and the guy that does have that same number, his wife looks at his record and gets real made but he didn't do anything, it wasn't his number.
DR. ZUBELDIA: I would say there would be some sort of state level or national or something, take a number system where you go and get a number. It could be on a card or some sort of receipt or something that would prove that I have this number as my number.
DR. LUMPKIN: Rather than get too much further into this detail because obviously this is kind of an interesting subject to many of us, I think we can all agree that this is something that we probably want to spend some time on. It's one of those barriers to the NHI that we believe we need to address at some point in some way.
MR. BLAIR: May I suggest that, because from the things that I've been reading, it appears as if the use of some kind of a number plus some type of biometric identification for authentication that you are who you say you are, most of the articles that I've been reading are saying that we're probably heading towards a system that uses both.
DR. ZUBELDIA: Let me add another more to this take a number concept. In my personal health record if I have a PC at home, a computer at home that holds my list of numbers and it's the only place that my list of numbers is held in one place and it's my home PC, I can tell my home PC go to my list of providers and get a copy of my record based on this list of numbers and my PC will know what provider to go with each number, so I can get a coordinated record in my personal record and none of the providers would know the numbers that I'm using with other providers. So I've retained complete control of the consolidation of data in my PC, if I want to, and still retain complete anonymity. I don't know, it's just one thought.
DR. LUMPKIN: So we may want to evaluate the state of the art or something at that point. Any other issues? So I'm obviously, we're looking at quite an agenda of activities. One of the areas that we have talked about that Steve raised which was the NEDS, bio-terrorism syndromic surveillance, and that probably would be one full day of hearings. Registries we probably could do that my guess would be in half a day.
MS. GREENBERG: It depends on how many different registries you were interested in looking at. If you expanded registries to include things like emergency department datasets, hospital discharge, you could spend a day on it probably.
DR. MCDONALD: Well, do You want to pick a set? You've got renal disease, I'd leave out the emergency only because it's been discussed and because it's actually not a flat file, it's kind of everything that happens in the emergency visit. But you've got a handful that look an awful lot alike. HIV, there's a cardiac surgery one, renal dialysis.
MS. GREENBERG: Brain injury, a lot of injury ones, there's cancer.
DR. MCDONALD: There's trauma registries.
DR. LUMPKIN: I think that there are, there basically would be two groups of registries. There are those registries that are fairly robust, like a cancer registry, and then there are those registries that tend to be less robust, like an HIV, generally it's a case report, some minimal information, not much more than that. So I think that to that regard we may just pick two or three representatives, a couple of representative samples in each group and use those as our focus.
DR. MCDONALD: It would be very interesting to hear five or six or seven, ones you don't know much about and what's in them and how they work.
MS. GREENBERG: From states that have all of them, some of them, the extent to which they are or not integrated or what it would take to get more integration, state across state.
DR. LUMPKIN: I think we would want to get a feel for the gambit because some of these registries, what's in them are established by rule, some are established by law, so there's a certain amount of inflexibility built in some of them.
DR. MCDONALD: And they're not all public health. I don't think the by-pass ones I think are, people keep them because that's how HICPA requires it. The renal dialysis one I think is required by HICPA, everyone's got their computer systems, I don't think they send them to anybody.
DR. ZUBELDIA: I'd like to also hear those registries that have tried to coordinate among different states what problems they found. Like South Carolina, Georgia, Tennessee, I think North Carolina, have been trying to coordinate their immunization registries, and what were the results of that, what happened?
DR. LUMPKIN: Ok, so that sounds like a day, a long day. Continued work on the personal health domain including what would be the minimum dataset as well as the issue of public access to individual health records, an individual's own health record. And then the fourth one would be the issue of identification.
MS. GREENBERG: Which we will hold in an undisclosed location.
DR. LUMPKIN: On authentication.
DR. MCDONALD: What about doctor ID's? Is that worthy of this?
DR. LUMPKIN: Of what?
DR. MCDONALD: Provider identifiers.
MS. GREENBERG: We should have that in there.
DR. MCDONALD: We should have that what?
MS. GREENBERG: When we get the final rule.
DR. MCDONALD: Maybe we should investigate why we don't have it.
DR. LUMPKIN: Because it costs too much to do the enumeration. Yes, that's the reason, they have to budget.
MS. GREENBERG: I think that potentially has been resolved.
DR. ZUBELDIA: It's for next year's budget, right?
DR. STEINDEL: The budget won't pass until May.
DR. LUMPKIN: And if you think that enumeration for providers is a problem and we talk about enumeration for people, I remember when we were doing the unique identifiers for individuals, we were talking about a ten billion dollar cost to do enumeration even if we were to use Social Security numbers because it would have to be a re-enumeration process and they were looking at I think six to ten billion dollars to re-do all of the Social Security numbers so it's just huge.
DR. ZUBELDIA: When we talk about unique identifiers or unique enumerators for individuals, I think we need to somehow separate that from authentication.
DR. LUMKPIN: We're looking for a term because we are not going to be talking about unique identifiers for individuals.
DR. ZUBELDIA: It can be a horizontal linkage element, whatever, if you mix the authentication element into that, that's when it becomes very complex and very expensive. That's why this take a number approach is very attractive, it's because there is no authentication.
DR. STEINDEL: I think that's the very attractive part of it because now it becomes a self-selected, by choice.
DR. ZUBELDIA: Absolutely no authentication.
DR. LUMPKIN: We are looking for a, we're trying to identify methods of linkage for an individuals record.
DR. YASNOFF: Even in your take a number proposal, you still have to have authentication because otherwise I could just go to the machine and type in some random number and then I get someone else's record, I don't know whose it is. So when a number is typed in there also has to be authentication that I'm the person who owns that number -- even if I have a thousand numbers.
DR. ZUBELDIA: But that's different, you're talking about maybe a PIN associated with the number. A secret code associated with the number without saying this is Bill Yasnoff.
DR. YASNOFF: But you're talking about, a PIN would be a method of authentication, all I'm saying is you have to deal with the issue of authentication. There's no system that allows you to finesse that and forget about it.
MR. BLAIR: Normally I really wouldn't care about wordsmithing but given the level of sensitivity of three years ago when it got down to some of the issues we were discussing, even if some of this showed up on an agenda that might be sent on e-mail, I think we have to be sensitive to it, so I'd like to make a couple of small suggestions. That we don't use the phrase of access to personal health records by public health institutions because I don't think we would access them without the permission of the individual or by law, maybe if we wound up saying methods or procedures for sharing information because that gets into implying that the individual is authorizing that data.
DR. LUMPKIN: Actually I think we're actually looking at a smaller subset than that. Because the issue isn't how, and this is where we ran into problems, it's not how the clinician builds the patient records, it's not how the public health agencies build their databases. This is how I, John Q. Public, collect my personal record from multiple providers. It is the tool by which if I choose to do so I can do it.
DR. YASNOFF: I think what we're really talking about is methods for ensuring authorized access only and preventing unauthorized access, and I don't see how that in an agenda would offend anyone.
MR. BLAIR: Right, that will be fine.
DR. LUMPKIN: Richard, your our guy here to keep us out of trouble.
MS. GREENBERG: Without electronic clinical records it seemed to be able to access your information from provider to provider, most providers wouldn't, I'm not going to be in a position to provide it. Is that kind of a future topic?
DR. LUMPKIN: Yes, I think we have some time to get to this point, but to the extent that, as we see, and I think there's some gaining momentum in developing automation and clinical records in clinical settings so to the extent that that's beginning to develop as people develop systems, that we want them to think about not only how you share it with other clinicians but how you share it with the patients themselves. The method of being able to associate records from different providers to the same person is really something that is crucial for us.
[Laughter.]
DR. LUMPKIN: Ok, now having listed four major areas, what do we want to do first?
DR. SHORTLIFFE: Are you interested in a fifth first?
DR. LUMPKIN: Sure, because it could be first.
DR. SHORTLIFFE: It won't be first I don't think, so maybe you'd rather talk about --.
DR. LUMPKIN: No, go ahead, throw it on the table.
DR. SHORTLIFFE: Something I haven't heard
discussed here and yet in other forums I have and it seems to be NHII related. It has to do with the observation that the community that worries about the NII, the National Information Infrastructure, the impression they have that we are not involved in what they do, we meaning those thinking about the use of the information infrastructure and supported health and health care, and that so many of the decisions, I'm talking about the next generation internet activities, Internet II, and the kind of evolution of the technology if you will.
Many of the problems that we have here, arguably, might have been addressed long ago from a technical perspective if the health care community had been actively involved in the way in which the internet evolved and some of the standards and security, for example, took shape over time. We found ourselves trying to piggyback on what e-commerce uses for credit card protection, in part because they sort of dominated in the thinking in the way in which those kinds of capabilities of the internet evolved.
It's not out of animosity to the health care needs but really sort of a lack of representation of health care needs in the thinking of those people who were actually building the infrastructure. Although this is a little bit different from the kinds of topics that we sometimes discuss here, I wonder if NCVHS and our workgroup in particular might not benefit from talking to some of the kinds of folks, not who do health care but who do internet infrastructure development to get a sense of how the interface between the health community and the evolution of the health information infrastructure and the activities that are going into what is a rapidly set of changing technologies as we move toward gigabyte networking and higher speeds in the future, new quality of service concerns that are arising and availability, reliability issues, these are technical research question and they could be better informed by us and what we need to the extent that what we need is sometimes stressing the kind of boundaries of the internet in ways that other segments of society don't. We really do have some major heavy demands that we place on it. There has been some look at this but I'm not sure it's come to the attention in an open way of this workgroup.
DR. LUMPKIN: So it would be a -- you would see these as maybe a series of hearings on state of the art --.
DR. SHORTLIFFE: The fundamental question we'd like to answer, or maybe even be able to make recommendations about is how can the health care and the public health community better influence and be a party to the evolution of technical infrastructure because we're really not that well represented or engaged right now in what's happened. And it could be to the benefit of health care for us to be a little bit more front and center.
DR. LUMPKIN: It would seem to me that there would be two pieces to coming to a recommendation. Where's the action at? And then bringing in people from the health care arena, the SDO's, the vendors, and saying how come you're not at the table?
DR. SHORTLIFFE: You could point at them and ask them why they're not at the table, they may not have even thought of it, much less if they're being invited.
MR. BLAIR: Can I jump in on this just slightly? There are individuals in health care who have been attending those meetings but there's just very few, just like we have limited representation representing U.S. interests in health care information internationally. The same situation is if you have a few major organizations, a few major groups and they are very dominant and our health care activities, it's hard to spread them thin to get into other areas. It might be helpful if some, I don't know, this might be putting more of a burden on the agencies within HHS, but they might be able to encourage greater representation either by having individuals from some of the agencies from within HHS or DOD or VA representing health care to those groups or enabling or facilitating and encouraging people from the private sector.
DR. SHORTLIFFE: I think just to follow-up on Jeff's point, he may well be anticipating the kind of recommendations that we might in fact make after we've better examined the nature of the problem. You could argue that maybe a problem is that in general the agencies don't have people, the health care agencies, don't have people with the kind of expertise that's necessary to be effective representatives in those kind of activities, and that the real recommendation is that we need to bring more of the knowledge of the technical infrastructure of the internet etc., and some of these software development issues into the key agencies so that they actually see the real needs that are going on in those agencies and then think about the technical implications of those and then go to those meetings and be better representatives. I personally believe that there's a big piece of that kind of problem here.
In the past, there's something called the Federal Networking Council, which is the group that brings together the various agencies that all have been involved in the internet and its evolution over the last 15 years. Typically if there is any HHS representation at that, it's one or two people, usually one person from the NLM and when there have been people from the Department itself they have tended to be privacy experts rather than technical experts. That's an important issue from the health care community to represent in the Federal Networking Council but there are so many others and the people have tended not to be technically knowledgeable about networking and the like. Therefore it's hard for them to represent a HHS perspective on technical issues in the development of the internet when they are coming in because they know a bit about health care data standards and privacy concerns.
DR. LUMPKIN: So, the first section as I talked about which is trying to figure what's going on and what kind of expertise needs to be there, then the second section would be are what are the activities of both the public and the private sector in health care in the broader sector of health are interfacing with them, why they are not, identifying if in fact we've determined the kind of expertise that's needed, do they have that --.
DR. SHORTLIFFE: Public and private.
DR. LUMPKIN: Yes, public and private, ok, I think that's -- Steve?
DR. STEINDEL: I just had a, Mary Jo's recent call to a meeting had ripples and one of those ripples was I had to disappear in the middle of the day to go down to the Dirksen Senate Office Building to give the talk that she was giving and it was on the NHII and I was approached at the end of the talk by a gentleman from NIST(?) Advanced Technology Program, who basically said they've memorized our report and would like to talk with us, so I think this is very very appropriate.
MR. BLAIR: So that's a big positive. In what form would they like the conversations to --?
DR. STEINDEL: We agreed to make contact. Just in the sense of this is two people bumping in a meeting room and exchanging e-mail addresses.
DR. SHORTLIFFE: Actually, for what it's worth, the NIST ATP program has made overtures under the old HPCC umbrella to actually do health care things. But it's a little bit more along the applied end and more in the area of commerce and commerce development so I think what I'm really talking about is a little bit more, what about the guys from DOD, NASA and DOE who in fact are conceiving the next generation internet and funding the research in the computer science community that is the next generation of networking. Are they hearing in the context of technical discussions the problems that the health care community is encountering and making that part of kind of their mindset as they think about what the next set of grants should be to University researchers who are doing the implementing quality of service research. I don't think, that's where the big gap probably is is most in need of filling.
DR. YASNOFF: I think the answer is no, they are not hearing it. I gave a talk at the Computing Research Association which is the bi-annual of all of the computer science chairs, academic computer science chairs, and the heads of computer science research in the private sector and in the government labs, and they are not at all cognizant of health issues, but they are very interested in them and I think they would be responsive if and when those issues were brought to their attention.
DR. LUMPKIN: And to the extent that we can precipitate that. Given that, we've got five subjects --.
MR. BLAIR: Maybe we can legalize cloning and clone of all our experts.
[Laughter.]
DR. LUMPKIN: I can see it now, we'd put unique identifier for individuals and cloning on the agenda and when we start getting pressure we cancel the part on the cloning because we're responding to the pressure of the powers that be.
Future directions of the NHII and integration into the NII, registries, public access to personal health information, NEDS, bio-terrorism and syndromic surveillance and methodologies for accumulating an individuals health record. One topic is, we can probably put those titles together, so we're down to four. We've got four, let me describe them. The NII health piece, registries, NETS, BT, and syndromic surveillance, and the fourth one which is the other two which are public access to personal health information and the method of which that record can be accumulated by pulling disparate pieces of health information together that belong to one individual.
MS. GREENBERG: That's the identification issue, you're putting it with that? There's an advantage of them being together even if --.
DR. YASNOFF: It's the same issue. It's the same issue which is how do you make everyone's personal health record accessible to them and the second part is how do you make it inaccessible to everyone else?
MR. BLAIR: And I think we need to explicitly state just what you said. I think we have to be careful in this area. We've just been burned once before, it's a sensitive area.
DR. LUMPKIN: Well, but I think that by combining them into one which the goal of it is to make it accessible to me but not accessible to anybody I don't want to have access to.
MR. BLAIR: There's other people that could read the statement the way you had it there, public access to health, and you could have people who see those words and go ballistic.
DR. SHORTLIFFE: I don't think you mean public access anyway, you mean private access.
DR. LUMPKIN: In other words, people's individuals access --.
MS. GREENBERG: What about the issue of sharing information and master patient indexes and all that, is that an issue that's not a problem?
DR. SHORTLIFFE: No, individual access to such data requires mechanisms for them to pull their own data from disparate sources and to be able to allocate access to it to individuals they want to be able to look at it so there's the sharing issue, there's the common identifier issue and there's the dedication of protection issue, all sort of wrapped together and I think it's a reasonably coherent single --.
DR. LUMPKIN: And it includes within that, probably as a first step, includes the minimum dataset, yes, that's right. So if we are talking about perhaps two days of hearings, which two do we want to start off with, assuming each of those will take a day.
DR. STEINDEL: John before you take a date, the net what we're trying to achieve is a yearly report on the status of the NHII, is that? We have to have a goal to have the hearings unless we're going to have them in Tahiti or some place like that.
DR. LUMPKIN: Well I think the goal is --.
DR. STEINDEL: We thought that when we thought about continuing the workgroup the goal was continuing status reports on the NHII.
DR. LUMPKIN: I think that may be something that we would to do a separate hearing on but the issue for us I think in following after our meeting, the executive subcommittee retreat, the issue's that we’re dealing with are issues that don't fall very well into any of the other subcommittees.
DR. SHORTLIFFE: We could argue that we could issue reports in each of these four areas. That might be want we should do as we gather information.
MR. BLAIR: I may have missed this, forgive me if I did, but is the first one of the four objectives that we have the status of support of coordination within HHS for the NHII? In other words like our original recommendation or is that, we've not touched on that?
DR. LUMPKIN: I don't think we've talked about how we're going to do that and my concern is is if that becomes one of the work products, is an annual report, and it says well they haven't implemented our first recommendation yet, and then next yet we'll say they haven't implemented our first recommendation yet, that's going to get old pretty quick. My suggestion is we may want to as we think about that and put it in our annual report or something along those lines because tracking of those issues may be less rewarding than actually delving into areas that we have identified based upon our own discussion and some of the hearings that we believe are crucial lynchpins in implementing the NHII vision. And trying to, for instance, the personal health record itself would be something that we would ultimately have devolved very quickly to the standards subcommittee if they had room on their agenda. But the way that we have now evolved it it is much more complex issue and one that would not naturally fall on that area. So again, we're trying to pick those things that are kind of cross cutting.
DR. YASNOFF: In terms of priorities, I would argue for the NII as actually an early priority for two reasons. One is that I think it's clear that health is underrepresented in these areas and the planning and development of future networking is going to continue whether we pay attention to it or not and the earlier we can improve that situation the more likely it is that health is going to have impact on where these things are going. Also I think it's possible to envision as I think Ted mentioned a recommendation about increasing the number of technical informatics folks in HHS as part of that and if that is in fact a recommendation that has kind of a long time-line and the earlier that gets started the better it will be. So that would be my suggestion.
DR. LUMPKIN: I would agree, I'm kind of intrigued by that issue and I think it's one where we can actually make a significant contribution.
DR. SHORTLIFFE: I also think it's one that hasn't really been looked at from the health side at all and so we could maybe plow some new soil here.
DR. YASNOFF: There had been a few discussions and Steve you may know more about this with respect to health information infrastructure in terms of being part of the so-called critical infrastructure. But that's been kind of as far as I know a hit or miss thing that the folks who are doing critical infrastructure which is obviously a very very important issue are thinking about things other than health. And so I think that's another process that could be influenced by recommendations from this group.
DR. LUMPKIN: I would like to toss in the bucket the NEDS, bio-terrorism, syndromics surveillance discussion. I think that's very topical and it's something we ought to take a look at following up our other work.
MS. GREENBERG: One day on the NII and the second day on that? That was kind of carried over, it was something we decided not to deal with in August, or July, so it's --.
[Laughter.]
DR. YASNOFF: Just this week there was a national conference on syndromic surveillance in New York cosponsored by CDC and Newark Academy of Medicine and funded in part by the Sloan Foundation and so there's now, and they are going to put out proceedings and I think there's now actually a lot of information from that conference about what's going across the country in syndromic surveillance and so I think there actually could be some very interesting testimony on that issue.
MS. GREENBERG: You are talking about having the two hearings, we don’t have date, I think we need to query people and what kind of dates were you thinking of.
DR. LUMPKIN: Two days, back to back, roughly maybe January. I think after the first, it's getting kind of late to try to do anything before then.
DR. ZUBELDIA: Either Tahiti or Salt Lake?
DR. LUMPKIN: How about Champaign, Illinois, the national center for super computer?
MS. GREENBERG: How about Atlanta? Your talking about one whole day is NEDS, bio-terrorism, and syndromic surveillance, you might consider having it in Atlanta.
DR. LUMPKIN: Actually I like the idea of Atlanta because I think some of the messages that we want to send and receive -- it would be some advantage of having that in Atlanta.
Okay, we've got a place, we've got a month or so that we're on. And I think we're done.
[Whereupon, at 5:58 p.m., the meeting was adjourned.]