The Subcommittee on Privacy and Confidentiality of the National Committee on Vital and Health Statistics was convened on February 2, 1999, at the Hubert H. Humphrey Building, Washington, D.C. The meeting was open to the public. Present:
The Subcommittee on Privacy and Confidentiality of the National Committee on Vital and Health Statistics was convened on February 2, 1999.
Representatives of various aspects of the pharmaceutical industry contributed to the panel discussion on the confidentiality and privacy issues in the flow of information in the industry.
Mr. Ortiz explained the path of a prescription through CVS's community retail pharmacies and discussed criticism of his company's now-suspended refill-reminder compliance and informational mailing programs. He identified privacy issues in house charge accounts for small businesses and in handling paper prescriptions and old prescription vials. He urged the Subcommittee to recommend an opt-out version for consumer information programs and urged adoption of federal preemption of state confidentiality and privacy laws.
IMS Health provides information solutions to the pharmaceutical and health care industries. Mr. Long described the path of a prescription from the time a health care provider writes it through fulfillment, including the electronic adjudication process undertaken by PBMs. He then discussed IMS Health's approach to confidentiality and privacy. The vast majority of the information IMS Health handles is anonymized; in order to track patients longitudinally, unique identifiers are assigned. An internal privacy council advises the company on procedures, and the company publishes a brochure on fair information practices. Mr. Long stated that federal legislation should help ensure universal adoption of sound practices and promote patient trust, and that his company is committed to maintaining a balance between patient privacy and the use of patient information to advance health.
The National Wholesale Druggists Association, which represents health care product manufacturers and distributors, recently conducted a study on confidentiality and privacy. Mr. Streck described findings concerning the views of two groups studied, senior information executives and consumers age 50+. He listed the reasons why most executives are trying to integrate data, including improved health outcomes, research, and cost-effectiveness; enumerated some checks and balances used by executives to ensure that security measures are working; and summarized executives' views that regulatory and legislative attempts have been unreasonable.
The study found that consumer respondents were receptive to unsolicited medication information, were educated about new therapies for their conditions, considered unsolicited information on other medications to be junk mail, and entrusted their information with their pharmacists. Most consumers stated that they would prefer to receive information than not receive it.
Overall, Mr. Streck stated, the research found that most groups echo the need to balance protection of confidentiality and security with linking personal health information in order to improve care. Information executives are confident of their technology, but are concerned about misuse of data by personnel. Older consumers' opinions of patient information programs contrast with those described in media stories, a situation that invites quantitative study.
The F. Dohman Company, a regional drug wholesaler with 600 accounts, also offers marketing programs for business information. Mr. Pike described his company's effort to collect centralized, patient-specific information connected to a switch system. He discussed patient compliance issues and linked the potential for patient reminders with bringing about improved compliance in taking medications. New edits in the switch system include requests for informed consent from patients to participate in the informational program, indicators of price discrepancies, and information on product availability and product recalls.
Mr. Zatti, appearing under the aegis of the Academy of Managed Care Pharmacy, spoke from his experience as current pharmacy director of the George Washington University Health Plan, a managed care organization. He described the features of his plan's confidentiality policy, including not releasing patient information to employers unless certain conditions apply to the employee pool. Mr. Zatti urged the Subcommittee not to mandate opt-in information programs.
Following the formal presentations, the panelists and Subcommittee members discussed law enforcement prerogatives and practices vis-a-vis pharmacy records; pros and cons for patients, pharmacies, and other allied concerns of opt-out, opt-in, and just Aopt@ programs; rights of employers to employee medical information; benefits and difficulties of onsite pharmacist counseling and alternatives to face-to-face encounters; federal preemption of state laws on confidentiality and state pharmacy laws in general; first allegiance of the pharmacist to patients; problems with technological identifiability of patient records; lack of information on the confidentiality experience of the European Union and other foreign countries; and the issues of trust and of compliance.
The Subcommittee will devote at least a day of hearings to the issues of PBMs and the use of health information by employers. Members suggested additional topics and resources. An e-mail message was to be circulated for further suggestions on topics and witnesses, and to set a date for an additional meeting on PBMs and employer use of health data.
The Subcommittee edited a draft letter addressed to the National Association of Insurance Commissioners (NAIC) on NAIC's health information privacy model act, which addresses insurers, but not companies. Ms. Frawley planned to redraft the NAIC letter and provide it and a copy of the model legislation to the full Committee for further comment.
Ms. Frawley identified the open items on the work plan, including the PBM issue and the employer use of health data. The anti-fraud issue has been completed, as has the NAIC model legislation. Ms. Frawley suggested hearing from consumer advocacy and privacy advocacy organizations at the June Committee meeting. She suggested that by late summer, if Congress has not enacted legislation, the Subcommittee switch into a rulemaking mode. The Subcommittee supported Dr. Lumpkin's suggestion to hold a hearing in June or July 1999, as a prelude to issuance of Notices of Proposed Rule Making (NPRM) should Congress not act, in order to provide feedback to the department on the issues in the NPRM.
Ms. Frawley chaired the meeting. As is customary, all present were asked to introduce themselves.
Mr. Ortiz discussed challenges faced by the pharmacy industry in dispensing prescriptions. He explained recent trends in the industry, whereby the number of pharmacies has decreased dramatically, and the number of prescriptions filled has increased dramatically. He projects that the trend of this imbalance will persist, exacerbated by diminishing numbers of graduate pharmacists.
Mr. Ortiz described the path of a prescription at CVS, stating that 87 percent of prescriptions are filled for third-party insurance coverage, the majority of which are filled using online claims adjudication. The prescription data is input into a computer, judgments are made instantaneously as to eligibility of the consumer and of the medication, and then the pharmacy fills the prescription. The medication is delivered to the patient, and the records are stored both in the central data warehouse and at the store.
Mr. Ortiz discussed two compliance programs that drew attention in a Washington Post article on February 15, 1998, which prompted discontinuation of the programs. One program was a refill-reminder compliance program mainly for maintenance medicine; the other was an informational mailing for new therapies for specific conditions that might benefit patients on a different type of therapy for that condition. He refuted statements made in the article, saying that although his company contracted with manufacturers to offset the cost of the mailings, no prescription information was sold or shared with the producers, and measures to ensure confidentiality by contractor personnel were undertaken. These programs were terminated several days after the newspaper article and currently are on hold.
Mr. Ortiz explained that CVS has reviewed all its internal programs in order to identify potential problems with privacy and confidentiality. House charge accounts for small businesses were examined and terminated if the businesses would not agree to pay bills for nonitemized prescriptions purchased by the business's employees.
CVS has pharmacies in 25 states and is bound by many differing state privacy and law enforcement laws relating to pharmaceutical records, which prompted Mr. Ortiz to urge federal preemption and to encourage adoption of an opt-out version for patient information programs. He also stated that in terms of confidentiality, the company has had more trouble with paper prescription records and discarded prescription vials than with databases; to counteract the prescription problem, shredders are being installed at all 4,200 CVS pharmacies nationwide. He questioned the utility of the counseling provision of the law in those cases when the patient is not the one who is present in the pharmacy.
Mr. Long stated that IMS Health is the world's leading provider of information solutions to the pharmaceutical and health care industries. Its business niches include market research, sales management, technology-enabled selling, over-the-counter medications, and managed care. The company tracks billions of anonymized prescription records annually, a process central to the implementation of prescription drug recall programs, performance of pharmaceutical market analyses, assessment of drug utilization patterns, and comparison of drug costs.
The path of a prescription through IMS Health begins with the health care provider writing a prescription. The prescription then goes to a pharmacy, where it is screened and passes through a switch to a processor and/or pharmacy benefits manager (PBM). The prescription returns to the pharmacy and the prescription is filled for the patient. This process takes about 10 seconds. Mr. Long described the ways a prescription can move from the prescriber to a pharmacy: The patient takes the prescription form to the pharmacy; the doctor's office either telephones the pharmacy and authorizes the prescription; the doctor's office faxes the pharmacy or sends an electronic message; and the patient can call in a request for a prescription refill.
When the pharmacy receives a prescription, it records the patient, product, insurance plan, and prescriber information. This data is transmitted electronically (in a standard National Council of Prescription Drug Programs [NCPDP] format that complies with ANSI) to a processor for electronic adjudication purposes. Prescriptions may pass through multiple intermediary points, or screens/switches, before reaching the final processor. Screens, which maintain patient confidentiality between the originator and the processor, determine patient eligibility, correctness of the national drug code (NDC), whether or not the product is on the formulary, quantity range, and appropriate time for refill.
By contractual agreement with insurers and self-insured employer groups, the PBM maintains the patient and product formulary eligibility files to provide contracted pharmacy benefits to members. About 70 percent of total U.S. prescriptions fall into this category. The PBM controls access to classes of drugs and specific branded products through a formulary for cost-control purposes. PBMs also determine the co-pay amounts.
Mr. Long next described how IMS Health approaches privacy and confidentiality concerns. Virtually all prescriptions come to IMS Health already anonymized, but IMS Health screens the records before acceptance to ensure their anonymity. IMS Health tracks patients longitudinally through encrypted information maintained at the pharmacy headquarters; it prohibits use of Social Security number, phone number, or a combination of name and digits as patient identifiers. Access to this information is tightly controlled, and patients' informed consent is required when IMS Health handles patient-identifiable information. The information is used only for stipulated purposes, and confidentiality agreements bind data sources, employees, and clients.
An internal privacy advisory council at IMS Health meets frequently to discuss procedures to safeguard confidentiality and privacy. The company also publishes a brochure on fair information practices, including the tenets that data suppliers know the use of their information and whether identity is disclosed, privacy of individual medical records is inviolate, research never intrudes or influences interactions between health care providers and patients, accuracy and security of information are ensured, and clients share in the responsibility for data security and appropriate usage. All employees of IMS Health must agree to abide by the company's confidentiality policies.
Four policies guide IMS Health in maintaining patient privacy: (1) Encourage use of anonymized data if possible; (2) prohibit reverse engineering to identify patients; (3) require informed patient consent for use of patient-identifiable information; and (4) harmonize state laws through federal preemption. Mr. Long explained to the Subcommittee IMS Health's basic philosophy: Ensure that all company practices are in line with patient expectations; implement a code of fair information practices; use informed consent; and enforce accountability among all the partners. Adoption of policies and procedures to ensure patient privacy should be mandatory, and implementation must include every individual in the data-collection chain. Federal legislation should help ensure universal adoption of sound practices and promote patient trust. Mr. Long concluded by stating that his company is committed to maintaining the right balance between patient privacy and the use of patient information to advance health.
Mr. Streck introduced his association, which represents 80 U.S. distributors of health care products, nearly 300 manufacturers of health care products, and international distributors. NWDA's Health Care Foundation recently conducted an in-depth study on privacy, security, and confidentiality of patient medical records that involves primary research in policy standards and market and consumer areas, including a political analysis of the players and stakeholders. Mr. Streck explained that wholesalers touch nearly every entity in health care, including automated systems to help the stakeholders manage care; therefore, the ways in which privacy, confidentiality, and security are regulated impacts the wholesaler in additive ways, both directly and indirectly, based on what wholesalers' customers must do.
Mr. Streck focused his discussion on two aspects of the NWDA study: (1) views on privacy, confidentiality, and security of medical records of senior information executives with leading companies in ten health care sectors, and (2) views of consumers age 50+ who use medications for chronic conditions.
The reason most executives gave for trying to integrate patient data was to improve patient care in a number of ways, including: (1) using data to improve health outcomes, clinical research, and cost-effectiveness; (2) standardizing effective treatment by building clinical protocols and guidelines, which would be used to support online decision making by clinicians; (3) ensuring that patients follow clinical instruction and receive the intended benefit of the prescribed therapy; (4) improving the distribution system for products; and (5) lowering costs to enable more uninsured individuals to access the health care system.
The executive group described types of checks and balances they use to ensure their security measures were working: auditing data access; using password management; making employees understand, sign, and abide by confidentiality agreements; using physical security; and levying sanctions when procedures are violated. External security measures included using direct transmission and dial-up access for moving data; using nonpatient-identifiable data; using nondisclosure agreements with trading partners; and using encryption techniques.
While the executives were highly conscious of maintaining security of data, they believed attempts to regulate and legislate went beyond reasonableness and might inhibit moves to improve care. Mr. Streck noted that Abalancing interests@ was a consistent refrain, and that the executives feared most the internal mishandling of data by employees, which can be controlled only by training and good management.
Researchers conducted focus groups with consumers who had received either letters or phone calls urging them to change to another pharmaceutical product, consumers who had received information about their condition or therapy or refill reminders, and consumers who were part of a formal therapy monitoring program with their pharmacist. The researchers found that these consumers were receptive to unsolicited medication information that, for instance, educated them about new therapies for their conditions; viewed unsolicited information on changing medications as junk mail; and were comfortable sharing extensive medical information with their pharmacists. These consumers considered pharmacists to be their primary source of information about medications; the most common secondary source was their physicians. Mr. Streck concurred with Mr. Ortiz on the need to automate the system further to enable pharmacists to spend more time with consumers.
With regard to sharing medical information, investigators found this group of consumers to be skeptical of insurance firms, but would be more concerned if they suffered from Asensitive,@ rather than chronic, conditions. Retired persons generally had feelings of powerlessness in the information age, but receiving targeted mail about their conditions made some feel cared for. Most stated that they would rather receive helpful information than not receive it.
Mr. Streck offered several observations based on the research. Most groups echo the need to balance protection of confidentiality and security with the gains that can be made by connecting personal health information in order to improve care. Executives involved in integrating the data are confident about the information technology they use; their greatest concerns center on internal employee misuse of the data. The opinions of older consumers contrast with the attitudes expressed in recent media stories, a finding that invites quantitative research generalizable over populations. Research on populations is troublesome to the public, who often are not knowledgeable about how technology is being used to help them.
Mr. Pike described his company, a regional drug wholesaler with distribution centers in Milwaukee and Minneapolis that brings pharmaceuticals to 600 accounts six days a week. In addition, the company offers marketing programs, or private label programs, for business information so managers can manage their store and pharmacy better.
Mr. Pike described his company's project to create a virtual chainto collect centralized, patient-specific informationan endeavor that is not defined by established regulatory action. The company is added by contract to the switching process in order to offer the pharmacy goods and services, much like a home office in a chain. In this process, confidentiality of information is essential, and the information is not for sale.
Mr. Pike presented a graphic depiction of patient compliance for a diabetes medication that illustrated the time criticality of patients' taking their medication and refilling their prescriptions to avoid adverse consequences. The refill-reminder system can impact favorably on patients who do not routinely refill their medications, particularly when an education component is added.
For the switch process, Mr. Pike's company has developed several edits for patient care, including an informed consent edit. Pharmacists are asked online to get informed consent from appropriate patients to be sent refill and educational information. Even if informed consent is not secured, a message can be sent to the pharmacist that the patient is not as compliant with their medications as they should be, which could prompt communication between the patient and the pharmacist. The Dohmen Company plans to adhere to this opt-in policy until the area is more defined; an opt-out policy would be a more effective program.
A pricing edit has also been added to the adjudication system that alerts pharmacists to price discrepancies, and another edit has been added for product availability and product recalls based on the NDC. The links to the pharmacist are for information only, not marketing.
The mission of the Academy of Managed Care Pharmacy, Mr. Zatti stated, is to promote the development and application of managed-care pharmaceutical care to ensure appropriate health care outcomes for all individuals. The academy has more than 4,500 members nationally who are part of more than 600 health care organizations.
Mr. Zatti cited an emphasis of the George Washington University Health Plan (GW), of which he is pharmacy director, to target under-utilization as a way to achieve better clinical outcomes, and to target over-utilization as a way to identify misuse.
Mr. Zatti described the features of GW's confidentiality policy, which includes credentialing of all personnel. GW uses the Clinical Information Management System as the PBM, which facilitates analysis of the trends of patient medication usage. The pharmacy data systems are driven by NCPDP standards and data warehousing to prevent breach of security by hackers.
Mr. Zatti emphasized the dangers and inconvenience of not having personal medical information available when, for example, an individual is traveling. GW restricts sending data unless there is assurance that it will be treated responsibly. He mentioned the accreditation body NCQA, which looks at patient records and interviews patients to assure quality, and he enumerated several federal requirements for data collection and reporting that are perceived as barriers.
Mr. Zatti's health plan, in order to preserve anonymity, does not release to employers any patient information unless the employee pool is at least 100 employees and has a normal gender-age distribution. GW also informs the physician of noncompliant patients, particularly when a drug that does not appear on the formulary is prescribed due to treatment failure.
Mr. Zatti urged the Subcommittee not to mandate opt-in programs.
Following the formal presentations, the panelists and Subcommittee members engaged in discussions on a number of issues. To a question concerning law enforcement power to view pharmacy records, Mr. Ortiz responded that the regulations vary by state, but that the Drug Enforcement Administration has the power to investigate pharmacy records. Mr. Zatti described his experience of trying to narrow local jurisdictional inquiries as much as possible and to keep them as confidential as possible, including assigning professional staff members to accompany investigators as they search records.
Mr. Gellman asked the panelists a series of questions about practices related to law enforcement. Mr. Zatti stated that company policy is to notify the regional office of a store under investigation. Mr. Ortiz stated that law enforcement officers must leave a receipt for any records taken; these receipts are usually stored in the prescription files.
In a dialogue with the panelists, Mr. Gellman pointed to the limitations of claiming not to sell names and addresses, since the claim does not cover renting them. Mr. Ortiz explained the system by which the mail fulfillment house maintained CVS's confidentiality. He asserted that although the manufacturers covered the costs of the CVS mailing, they did not use the information; CVS alone used the information to communicate with its patients, and CVS benefitted by increases in prescriptions filled. Mr. Gellman and Mr. Ortiz discussed the perception of patients that their confidentiality had been broken, although Mr. Ortiz explained that was not the reality. Nevertheless, that perception is why CVS has put its marketing programs on hold. Mr. Streck pointed out the benefit of the programs in that patients were reminded that they were not complying with the drugs prescribed for them. Mr. Ortiz stated that an opt-out program offers the best chance for patients to benefit, but that no program is in place at present. Mr. Zatti spoke about the potential life-saving benefits of the currently moribund reminder programs. Mr. Gellman pointed out that patients do not like even the appearance of a breach of confidentiality, and that the cost/benefit to CVS, for example, does not support the humanitarian benefits of one-on-one consultations in the pharmacy for the programs that CVS has discontinued. Mr. Gellman stated that he has no disagreement with the reminder programsit is just that many people do not want them. Mr. Ortiz stated that CVS's customer relations department had received no complaints from customers who had received the mailings, only from people who, as a result of the bad press, perceived that there was a problem.
Dr. Harding asked the panelists to comment on providing patient information to employers. Mr. Ortiz described again CVS's action to close out house charges for those small employers for which privacy and confidentiality issues appeared to be of concern. He also stated that CVS does not know what information its PBM, PharmaCare, shares with its clients. Mr. Zatti stated that in his experience, PBMs were contractually bound not to disseminate information other than to the source of the information. Mr. Streck stated that although, as an employer, he has no right to know about his employees' medical conditions, he believes that in the future, employers will gain the right to ensure that their employees either are compliant with their respective therapies or pay a surcharge. To a question from Dr. Harding about whether a company president should have a right to medical facts about his employees, Mr. Zatti responded by asking whether employees or stockholders should have the right to know about the state of their company president's health.
Mr. Gellman and Mr. Bussewitz discussed opt-in requirements for patient-notice programs for commercial advantage. Mr. Bussewitz stated that he would like to suggest language to support informed consent and a single authorization that would cover treatment of the patient and payment for that treatment, plus a third category, disease management compliance programsprograms that would improve the quality of care and/or reduce health care costs. From a technical perspective, he added, the distinction between opt-in and opt-out programs is not great. He also stated that patients who participate in such programs appreciate their value, but it is difficult for the pharmacist to describe them in the few moments he or she spends with the patient. Mr. Streck drew the parallel of the postcard system used by both dentists and doctors to remind their patients to set up an appointment for a check-up.
Mr. Streck stated that private medical information can be used inappropriately, such as an AIDS patient receiving a catalog of other services.
Mr. Zatti described the bottlenecks at certain busy times that mitigate against pharmacies engaging its customers in dialogue. As an alternative, toll-free phone numbers have been established, answered by individuals who have signed confidentiality agreements, to answer questions about medications of various types.
Mr. Bussewitz pointed out that community retail pharmacies are going to do what the patient wants because it's good for business. Mr. Pike added that although there have been opportunities for his company to do switch programs, they have not done so in order to avoid harm to the physician/pharmacist relationship.
Dr. Braithwaite asked the panelists to comment, vis-a-vis the movement of patient information, where the information crosses the boundary from treatment and payment into Ahealth care operations.@ Mr. Bussewitz reiterated his statement about a third category, separate from treatment and payment, that would include programs to improve quality of care and reduce health care costs and that would preclude arguments about boundary-crossing. In response to Mr. Gellman's question about NACDS support for signing an authorization for treatment, payment, and health care operations, as stated in the Jeffords Bill of the previous Congress, Mr. Bussewitz declined to comment pending a closer reading of the language.
Mr. Blair asked the panel for definitions of opt-in and opt-out. Mr. Ortiz suggested that informed consent is a better term, especially since opt-in and opt-out are marketing rather than legal terms. He stated that opt-out programs permit a patient to withdraw from a program; in an opt-in program, authorization must take place before any information is sent to a patient. Mr. Long viewed opt-in as active enrollment and opt-out as active disenrollment. Mr. Gellman stated that in some cases, there is no choice; information is used in the health care system without patient consent or knowledge, particularly regarding reportable diseases. He also noted the possibility of an Aopt@ system, much on like the Internet, whereby a patient must make a choice before going on to the next interaction. Mr. Bussewitz asserted that making opt-out too difficult would hurt the interests of patients. Dr. Detmer pointed to a Minnesota provision that permitted good faith efforts to secure approval to be considered the same as approval.
Mr. Gellman stated that the panelists had made a good case for federal preemption and asked whether they favored preemption of all state pharmacy regulations or just confidentiality and privacy rules. Mr. Ortiz stated that although the pharmacy industry would like to see consistency in state rules, the federal government does not regulate pharmacy, and he would not like to see the federal government preempt all state pharmacy laws. If the federal government were mounting the same sort of activity with regard to the Pharmacy Practice Act as it is with confidentiality and privacy concerns, he would support federal preemption in the Pharmacy Practice Act.
Mr. Long discussed the anonymity of the data his company uses. Although 99.9 percent of the data is anonymized, the company operates one opt-in refill reminder program with the American Pharmacy Alliance.
Dr. Harding questioned the allegiance of the pharmacistto the patient, the physician, or the employer. The panelists were unanimous in their view that their first allegiance is to the customer/patient.
Mr. Pike pointed to the dichotomy between the typical lack of privacy of the counseling session at the pharmacy counter and the prohibition on sending by mail information to the customer's home; an appropriate default is more information for the patient. Mr. Ortiz explained that consultation logs record patients' refusal of counseling on the medications they purchase, as required by most state laws. Most people opt out of counseling. Mr. Streck responded to Ms. Fyffe's question about counseling for mail-order prescriptions that counseling can be by mail or by phone. Mr. Zatti noted that most mail-order prescriptions are maintenance medications assumed to be efficacious for the patient. Mr. Ortiz stated that pharmacies with predominantly mail-order business must offer a toll-free phone number for counseling. None of the panelists was familiar with Department of Defense regulations for counseling regarding medications.
Mr. Long responded to Dr. Braithwaite's question that concerns about technology and identifiability of patient records must be viewed in terms of both practicality and ethics, and that reverse engineering to patient-identifiable records would not generate much interest. Among techniques to avoid abuse are unique identifier numbers that permit longitudinal tracking without violating patients' privacy, databases edited to remove patient-identifiable information, and education of suppliers about encryption and security of original data. Mr. Long stressed the fact that safeguards and procedures must be in place to assure data is handled with confidentiality and privacy, but the public health must be balanced against those concerns.
Mr. Long stated that his company complies with confidentiality laws in the 90 countries in which IMS Health operates and that Europeans are stricter about individual confidentiality than the U.S. system. He offered to follow up with more specific information. Mr. Scanlon queried the panel on the European Union's new privacy directive. Mr. Long responded that the European health care model is a national system, unlike the free enterprise system in the U.S.
Mr. Zatti explained that Work Group 11on patient confidentiality and security of information, and the communication between pharmacy and patienthas addressed a number of changes to protect confidentiality. Mr. Bussewitz added that virtually all pharmacy transactions are transmitted over closed networks, rather than on the Internet.
Dr. Cohn asked the panelists about their concerns over the information flow in general, in addition to Mr. Ortiz's example of mom-and-pop pharmacies in small towns. Mr. Pike suggested that attention be paid to switches, which can retain long strings of information. Several definitions of a switch were offered: Apostal service,@ wholesaler, and clearinghouse.
Dr. Harding asked the panelists to advise the Subcommittee on the issue of trust. Mr. Ortiz asserted that it is difficult to get people to do what they don't want to do, but if you can get buy-in, compliance follows. The role of education has been great in creating good compliance with, for example, alternative medicine. Mr. Long questioned whether alternative health compliance is as good as people think, because there is no monitoring. Mr. Zatti pointed out that the co-pay infringes upon expendable income. Mr. Streck suggested that the most important job of the allied professions is to earn the trust of patients.
Mr. Bussewitz noted that pharmacists might want to know more about the alternative medications their patients are taking, in order to optimize their health care, because some interact unfavorably with the prescription medications. He also pointed out that for the tenth year in a row, the pharmacist has been ranked the most trusted professional.
Mr. Pike explained the data on timing of prescription refills, saying that patient-identifiable information is separated in the data system from the operational information. As an HMO, Mr. Zatti explained, GW takes the data sort from the PBM and provides feedback to the physician. The physician can then follow up with the patient, if warranted. Mr. Zatti stated that GW is examining this procedure in terms of, for example, days of hospitalization and presenting in emergency rooms with asthma, to determine if following up on compliance correlates with better health indicators.
Dr. Detmer acknowledged the trust the public has in the pharmacist. Ms. Frawley referred to several publications on PBMs. It was noted that several PBMs were contacted, but all declined to join the panel. A representative from PharmaCare stated to staff that they would be willing to provide information to the Subcommittee.
Members of the Subcommittee expressed interest in inviting representatives of PBMs to address them in the future. Another issue about which it would be helpful to learn more would be the use of health information by employers; among the possible relevant groups are the Self-Insurance Institute of America, the Association of Private Pension and Welfare Plans, and ERIC, which represents the ERISA groups. The Subcommittee agreed to devote a day to a presentation on these topics. Dr. Cohn suggested that a meeting longer than a day might be appropriate to address the concerns of insurers and other health care providers. Mr. Blair suggested calling IBM as a witness to describe its strong privacy protection regime.
Ms. Frawley stated that an e-mail message would be circulated for further suggestions for topics and witnesses, and to set a date for an additional meeting on PBMs and employer use of health data.
Mr. Gellman suggested that worker's compensation might be another useful area to review, which could be accomplished by inviting insurance, labor, business, and occupational physicians to testify; AFL-CIO is working on a model bill. Dr. Lumpkin suggested that analysis be conducted on the European Union experience. Ms. Fyffe volunteered to track down the International Association of Industrial Accident Boards and Commissions for inclusion on a panel.
The Subcommittee edited a draft letter addressed to the National Association of Insurance Commissioners (NAIC) on NAIC's health information privacy model act (see the Website <add address> for the full text of the draft letter and Subcommittee comments). The limitation of the model act is that it addresses insurers, but not companies. Ms. Frawley planned to redraft the NAIC letter and provide it and a copy of the model legislation to the full Committee for further comment.
Ms. Frawley identified the open items on the work plan, including the PBM issue and employer use of health data. The anti-fraud issue has been completed, as has the NAIC model legislation. Ms. Frawley suggested hearing from consumer advocacy and privacy advocacy organizations at the June Committee meeting, and also noted that the time line for the Subcommittee's work is growing shorter. She suggested that by late summer, if Congress has not enacted legislation, the Subcommittee switch into a rule-making mode. Having completed most activities proposed six months ago, a limited time window exists for accomplishing more. Mr. Blair suggested holding a forum to educate the public on the issues, but a lack of departmental resources would not permit it.
Dr. Lumpkin suggested holding a hearing in June or July 1999, perhaps as a prelude to issuance of the Notices of Proposed Rule Making (NPRM) should Congress not act, to provide feedback to the department on the issues in the NPRM. Members of the Subcommittee expressed agreement, but noted that Congress will also be conducting hearings around the same time.
Dr. Detmer and Ms. Frawley acknowledged the efforts of Ms. Horlick in organizing the panel discussion, and Ms. Frawley adjourned the meeting.
I hereby certify that, to the best of my knowledge, the foregoing summary of minutes is accurate and complete.
______________________________________
Chair Date