[This Transcript is Unedited]
Hubert H. Humphrey Building, Room 705A*
200 Independence Avenue, SW
Washington, D.C. 20201
DR. COHN: I want to welcome everyone to the meeting of the Subcommittee on Standards and Security for the National Committee on Vital and Health Statistics. Our agenda for this afternoon includes reviewing the draft letter to Secretary Shalala on computer-based patient work group activities. Then we will be talking about some other activities of the work group on computer-based patient records as well as the to schedule a set of meetings in January or early February and then we will move on to overall issues related to HIPA implementation and the work of the Subcommittee about what the HIPA implementation update, completing with the discussion of next steps of the subcommittees.
With that introduction, why don’t we just introduce everyone around the room, recognizing that we are on the Internet for this discussion today. I am the chair, Simon Cohn, a member of the committee and National Director for Data Warehousing for Kaiser Permanente. John?
MR. LUMPKIN: John Lumpkin, director of the Illinois Department of Public Health and just sitting in.
MR. SCANLON: Jim Scanlon, HHS Office of Planning and Evaluation and Executive Staff Director for the Committee.
MR. BLAIR: Jeff Blair, Medical Records Institute and a member of the committee.
DR. BRAITHWAITE: Bill Braithwaite from ASPE, staff to the Committee.
MS. TRUDEL: Karen Trudel, Health Care Financing Administration, staff to the Subcommittee.
MS. GREENBERG: Marjorie Greenberg, National Center for Health Statistics, CDC and Executive Secretary to the Committee.
MS. FYFFE: Kathleen Fyffe. I work for the Health Insurance Association of America and I am part of the Subcommittee.
MR. GELMAN: I am Bob Gelman, a privacy information policy consultant.
MR. LUBELIA: I am Keppa Lubelia. I work for Amboy(?) Corporation and am a member of the Committee.
MS. FRAWLEY: Kathleen Frawley, vice president of Legislative and Public Policy Services for the American Health Information Management Association. Member of the Committee.
DR. COHN: We want to welcome Keppa as a new member of the NCVHS and a new member of the Subcommittee. Thank you for coming.
I think the first order of business other than welcoming everyone is to take a look at the letter that we had drafted and discussed this morning to Secretary Shalala and see if we can wordsmith it into the document that we would like to have reviewed and approved tomorrow. Jeff, do you want to lead the group through that discussion?
MR. BLAIR: Actually, Simon, I really think that you are better able to do that and do you or does someone else have the electronic version so we can update it?
DR. COHN: Yes, I guess you have taken the liberty to put it on the computer.
MR. BLAIR: Thank you for giving me the opportunity. I think you are better able to do that than I am.
DR. COHN: I have the version, a version electronically that we can take and wordsmith. Now, I will apologize to everyone. We do not have it on the overheads which would make life a lot easier.
Let’s try to synthesize as well as wordsmith and I am perhaps not the world’s greatest wordsmither. Generally the letter was well accepted by everyone this morning. Really, the work that we need to do has to do with the next to last paragraph which discussed the issues of privacy and confidentiality of health care information. And I think some of the recommendations were getting read and this paragraph reads: although it is not included within the scope of this work effort, many testifiers stressed the importance of legislation to protect the privacy and confidentiality of health care information.
And the recommendations that we received from the full committee had to do with first of all getting rid of the first part of that sentence, a feeling that it really was a part of the scope of the work effort and needed to somehow be addressed as not being excluded. We also needed to reference the issues of security somehow in probably a follow on sentence to that piece. And there may have been other things that others heard but those were really the basic pieces.
Now, I have not started trying to wordsmith things, but one of the comments made which I, I love wordsmithing at committee meetings, I mean, one recommendation had to do something like obviously changing that whole sentence to read something as obviously the full potential of the standards will depend on the adequacy or privacy and confidentiality, legislation or whatever.
MR. BLAIR: Simon, we may want to try to keep it within the context of what we heard from the folks that testified. I think most everything else that we have at this stage is within that context and not to the point where the work group is about to make recommendations but if we were to wind up indicating something to the effect that it should be noted that many of the individuals that testified expressed interest and concern about the status of privacy and confidentiality of health care legislation and its effect on the acceptance of the uniform standards for patient medical record information, something like that.
DR. COHN: Help me with this one. Many testifiers stressed the importance of –
MR. BLAIR: Stressed the importance of national, of the need for national legislation to protect the privacy and confidentiality of health care information.
DR. COHN: That is all very I know. Then there was something else.
MR. BLAIR: And the importance of - I am not sure this is the right wording - and the importance of this as a foundation for the acceptance of uniform standards for patient medical record information. I ma not sure that is right but just to get us started.
MR. LUMPKIN: Maybe I could jump in here. I think if we could take kind of what you were saying which is already there which is many testifiers stressed the importance of legislation to protect the privacy and confidentiality of health care information. Period. The committee’s recommendations will address these issues as well as security concerns in respect to other recommendations or the preceding recommendations. So essentially we are going to be looking in respect to the six focus areas which are –
DR. COHN: With respect to patient medical record information.
MR. LUMPKIN: Yes, with respect to something.
DR. COHN: Okay, the committee recommendations will address these issues as well as security concerns with respect to patient medical record information.
MR. ZUBELIA: Security concerns addressed by HIPA.
MR. LUMPKIN: That would be part of the recommendation.
MR. ZUBELIA: We want to say that security has been addressed elsewhere?
MR. LUMPKIN: I am not sure we need to say that in the letter. We are just going to say that we are going to make recommendations about privacy confidentiality and security even though we didn’t hear about security necessarily in the conference and I think, or in the hearings but I think what we are saying in this letter is this is what we are going to do as our recommendations and I think we just need to say we heard concerns and we are going to make recommendations on privacy, confidentiality, and security and many of them may be references to other positions we have taken but we don’t need to say that.
DR. COHN: Okay, do you want me to read those two sentences again? That sounds pretty good, John. Many testifiers stressed the importance of legislation to protect the privacy and confidentiality of health care information. The committee’s recommendations will address these issues as well as security concerns with respect to patient medical record information. Sounds okay? Going once, going twice. I am sorry you can’t see it all but you all will have a chance to see it tomorrow.
MS. GREENBERG: Do you want to say security concerns or like security requirements?
DR. COHN: Thank you. Are we okay with that? So I think with that, I don’t see any other comments that anyone made this morning otherwise so I think we are okay with that.
MR. BLAIR: Simon, there was one other thing we wanted to check on. I don’t know if you want to do it at this time. If anybody has a copy of the HIPA law or did you have a chance to check that, Simon? The law itself, I don’t recall in the law when it wound up saying that the NCVHS will study uniform data standards for patient medical record information. In the letter here it says will study the adoption of uniform data standards. I don’t remember the word adoption being in the law. Maybe it is and I just forgot.
MS. FYFFE: Do you want me to read from the law?
MR. BLAIR: Yes, please.
MS. FYFFE: Okay, shall study the issues related to the adoption of uniform data standards for patient medical record information.
MR. BLAIR: Yes, it’s there. Thank you.
DR. COHN: Speaking of that, actually are you okay then with the letter before you more on to attachment one and attachment two. We will do a formal vote at the end of all the attachments.
Attachment one I think is relatively straightforward. I didn’t see any issues related to it at all. If any of you have any issues, this is sort of a last chance.
MR. LUMPKIN: This may be a form.
DR. COHN: Barring that, are there any more comments on attachment one? Okay, let’s move on to attachment two then which is the patient medical record information focus areas. There actually were two comments made about the medical terminology section and that area reads this area includes data element definitions, data models, code sets and the development of an overall framework into which existing and developing terminology efforts can be integrated and coordinated. It will include issues related and currently it says convergent medical terminologies, coordination and maintenance of vocabularies, coordination of drug knowledge bases and other issues related to medical terminologies.
Now, a comment that I had made was changing from convergent medical terminologies to the convergence of medical terminologies. Kathy Coltin had also made a comment that she wanted to make a reference to consistency with administrative transactions.
MR. LUMPKIN: I thought that was under number three in the first section.
DR. COHN: I made that comment. Is it further down?
MS. FRAWLEY: Yes, you see standards of data quality, accountability, and integrity, area of focus will consider standards for clinical data integrity, that is, accuracy, consistency, continuity, completeness, context and comparability.
DR. COHN: So you think under the context? I am actually thinking she was more focused on the issue of consistency with administrative transactions rather than the issues of data quality, accountability and integrity. I am not sure that anything needs to be changed here but I just didn’t want to bring up the comment from this morning.
MS. GREENBERG: You had pointed out I guess on attachment one that number three does talk about consistency and uniformity for the uses of the other HCFA standards. That may cover it.
DR. COHN: Yes, I thought that they actually did a pretty good job. I didn’t want to bring this up as an issue. Are we all okay within the attachments other than the change I mentioned?
MR. BLAIR: And what would be the change? Oh, the convergence.
DR. COHN: Yes, convergence.
MR. BLAIR: And that we would not include Kathleen’s comment about consistent within there?
DR. COHN: We were coming to the conclusion that we probably didn’t need to otherwise change that attachment. Keppa, you were –
DR. ZUBELIA: Considering the change that we made to the letter, does it make sense to make any changes here to reflect privacy and security?
MR. BLAIR: My only concern here was that this is right out of the work plan. I feel as if in the letter we added the issues of progress and security but we had deleted that as a focus area that we would be spending time gathering information on here and so for us to at this point put that back in as a focus area when we have not pursued that in our workplan, is kind of awkward.
MS. GREENBERG: Maybe this is too indirect but it seems to me it would be captured under, I mean it could certainly fall under standards necessary to support the NCVHS’s vision of the National Health Information infrastructure. Isn’t it the National Health Information infrastructure, not health care?
MR. BLAIR: It should be, yes, that is another correction.
DR. COHN: Okay.
MR. LUMPKIN: I think the point is that, and here is one of the awkward, part of the awkwardness of this process and that is that it is within a focus area within the committee although it may not be a focus area within the work group and so that in the process of taking the work group’s product and moving it up through the subcommittee to the full committee, there is an expectation that privacy and confidentiality will be addressed but because of the fact that I believe that most of the issues if not all the issues have already been addressed, it will then just take some work by the subcommittee or the work group to graft that piece on so yes, it is not a focus of the work group but it is a focus area for the committee.
MR. BLAIR: Actually, the phrase that we had in there that was deleted was that this work group, this was an additional focus area, that this work group would coordinate with the data security efforts that were going on within the subcommittee.
MR. LUMPKIN: So I think that adding an additional focus area on attachment two would be apropos because this is a committee document, not a work group document. Even though the committee itself doesn’t have that as a focus group, I think we have done a fair bit of information gathering on this issue. We know what the issues are.
DR. COHN: So should that additional focus area be the security of patient medical record information?
MR. LUMPKIN: I think it is security confidentiality and privacy. Or protection, well, it is protection of privacy and confidentiality and the security.
DR. COHN: The security of –
MR. LUMPKIN: Of electronic patient medical records.
MR. BLAIR: Actually, the target of this was uniform standards for patient medical record information. And the electronic transmission of it. Maybe it is okay if we stick electronic in.
DR. COHN: Okay, so I have written as the final focus area and as I think I commented this morning, I think we can appropriately review this as we begin to do our report based on whatever the final regulation that comes out regarding security. I noted Kathleen Frawley had spoken against this, doing anything until we knew for sure what the regulations were going to be and hopefully we will be seeing those in the next several months. So it is appropriate for us to review those in the context of the work that we have and maybe by that time we will also have maybe an NPRM or a final reg on privacy or a Congressional, either Congressional legislation.
So I guess the question is, does there need to be more writing or do we just leave it as protection of privacy and confidentiality and the security of electronic patient medical record information.
MR. LUMPKIN: I think we could just say that the prior work of the committee will be reviewed within the context of this new committee recommendations.
MR. BLAIR: And do you want to say something about as well as documents released by the department or something?
DR. COHN: We have written here is protection of privacy and confidentiality and the security of electronic patient medical information. The prior reports of the committee and documents released by the department will be reviewed in the context of the new committee recommendations.
MS. GREENBERG: Of what?
DR. COHN: Where it says of the new committee recommendations. Maybe it is of the committee recommendations. Are we okay? What we can do it try to print this out by the end of this session. We will, I am sure, take a break during these four hours and see if we can get these things printed out so you can all look at it and the hard copy and do any further wordsmithing. Is everyone agreeable with that and then we can hopefully at that point vote on it as a later action.
Anything else in relationship to this letter which is, if you think this is hard, just wait until we get the final report.
MR. BLAIR: There was one other thing. There was a statement in there, and Simon, maybe you can help with this because I don’t remember exactly where it was. I think it was the sixth or seventh paragraph where we ended up saying that the work group is currently making recommendations. Can you find where that is?
DR. COHN: Is that in the letter?
MR. BLAIR: I’m sorry, it’s in the letter.
DR. COHN: Currently is developing recommendations on how best to proceed.
MR. BLAIR: Is currently developing recommendations and actually our process of developing the recommendations will pretty much begin in December. Could we wind up not saying is currently but maybe saying or is preparing to develop the recommendations or will shortly be developing the recommendations or something like that?
DR. COHN: Is developing. Let’s go with currently. The committee is developing recommendations on how best to proceed.
MR. BLAIR: You feel like that covers the fact that we will not be actually discussing, working on those until December?
MR. LUMPKIN: Well, we have been developing them as we have been doing the ground work.
MR. BLAIR: Okay, so you feel like the information gathering part is sufficient to say that we are developing it?
MR. LUMPKIN: Yes.
DR. COHN: We will make a copy of this and give everybody a final look at it before we give our approval to it and send it off to the full committee for tomorrow morning.
Now, the next item on the agenda is review of next steps for the work group. Jeff, I think I will let you talk a little bit about getting from where we are today to the final recommendations. Maybe you just want to start off by talking about the steps from your view of what we need to do in terms of the time frame and we can even circle back and talk about the various hearings and what may need to occur in terms of additional hearing dates scheduled.
MR. BLAIR: Yes. I think everybody should have a handout which lays out activities and dates and the focus of each of those activities. You all need to find that. I think it is about three or four pages. It is in the table. Clearly, we have to be ready by August with our recommendations to the Secretary and we have to prepare those recommendations within a few limitations. Among the recommendations are there will only be two additional opportunities for our work group to carry forward the recommendations to the full NCVHS committee for feedback and critique and then final approval.
The full committee meets at the end of February and then again in June. Given those two dates, we have crafted a time frame to pull together the additional information that we will be gathering in the October hearings. And with the additional help of Margaret Amatiakin(?), we are going to attempt to pull together a document with all of the issues by the end of October which gives us, like, two weeks after the end of our last information gathering hearings in October. We hope to have at least the first draft of the issues by the end of October which we would have to distribute electronically to the rest of the work group and the subcommittee which is pretty much the same folks. And with feedback and critiques on that, what we would like to do is by the end of November have a first cut at what the recommendations are to address those issues.
We sort of feel like we need to, if we are going to wind up being productive and efficient in the way we develop those recommendations, we feel like we at least have to have a framework of what the issues are that those recommendations are addressing so that is why we are doing it in two steps.
We have a meeting in December, and I think that I put down the wrong dates in December. Simon just pointed out to me that on his calendar he has December 9 and 10. That should be a Thursday and Friday, if anybody has a calendar to double check that. So that should be December 9 and 10 when we have the meeting to try to come to at least an initial consensus on a first draft of those recommendations.
We will probably continue to discuss and debate those recommendations through December electronically and January and then the work group would meet again either the end of January or first part of February and we are going to be discussing just exactly what that date would be in a moment so that we could be prepared to review, in a sense, the first draft of a consensus document from the work group with the full committee at the end of February. Now, the reason that we want to review it with the full committee is to get critiques, to get changes, to get modifications, to see if we are on track with those recommendations.
And then in the March-April, in the March time frame, we would probably update and change it based on the feedback from the full committee. By the way, that is the only date we would really be getting the major critiques from the full committee and then we would proceed in the April-May time frame to have the recommendations reviewed by interested parties within the Department of Health and Human Services and maybe, possibly some other entities but we figured there is many interested parties within the Department of Health and Human Services that would probably want to have input on this before it goes up to the Secretary.
We could pull those together into an additional revision, bring it back to the full committee in June which again is the only date when the full committee meets for final approval and then based on, I would hope at that point we would only have minor wordsmithing changes that the full committee might have and we could make those changes in July and get it to the Secretary by August.
So that is our outline of how to proceed and in order to do this we do need that meeting in late January, early February. Jackie, do you have the feedback from everyone on that?
DR. COHN: Jeff, before we schedule I am just curious on the overall process we are describing. Do other committee members, subcommittee members, have comment? Does this seem like a realistic time frame instead of activities to get us to what we need to be done? Certainly, I would jump on this one. My view is that we need to have this in a pretty advanced form by February for the NCVHS meeting. I think based on our experience recently with any sort of complex report, it is unrealistic to expect that you could go through the NCVHS and on the first go-around it would be approved. So I think based on that, we need to have it by that time but does anyone have any comments about, I mean, are what we are describing in terms of time frames and activities? Suggestions for improvement? I don’t see a lot of discussion. Jim?
MR. SCANLON: Sounds like the process does include the feature of presenting draft recommendations after they have come through the full NCVHS to the HHS whether the data council or draft report has the recommendations. It does include that feature and that feedback.
DR. COHN: Exactly.
MR. BLAIR: That is exactly correct. We specifically figured the data council; however, it may be broader than the data council. Matter of fact, in late February when we review it with the full committee, there may be other interested parties that people identify that we would want to get feedback from.
MR. SCANLON: Other federal agencies as well.
MR. BLAIR: Exactly. And I just don’t know which ones they are at this point.
DR. COHN: I guess that leads us back to our discussion then that we do need to schedule a time at the end of January, early February. I see Jackie is now moving around with everybody’s availability.
MS. ADLER: I don’t have everybody’s but I have some of them. I assume all of those dates were good with Jeff and I don’t know about you. I heard from Clem. These are the only dates he is available.
DR. COHN: Dr. McDonald is only available on the 31st of January, the 1st of February and the 2nd of February. And actually that is, I think that is available for Jeff and I am available then and I see Kathleen Frawley is available then. I don’t see Kathleen Fyffe having identified her availability. I guess we should get them to cut to the chase here. Is the, sometimes during the 31st, February 1st or February 2nd, are those possibilities for you?
MS. FYFFE: Monday, Tuesday, Wednesday, right?
DR. COHN: We will only take two of those days.
MR. BLAIR: I thought there was someone who was not available that week.
DR. COHN: Well, there are some support staff that are not available.
MR. BLAIR: Which support staff are not available at that time that Clem is?
DR. COHN: We don’t know about Mike Fitzmaurice and we only know two dates that he is possibly available throughout the whole time.
MS. GREENBERG: He said the other day, he said he may have hearings.
DR. COHN: Kathleen, what is yours?
MS. FYFFE: As far as I can see, I don’t have anything scheduled for those dates and I apologize for not getting back to you on it.
DR. COHN: Okay, is that something that you can, it would be nice if I had the data by tomorrow and we can come to some resolution to this.
MR. BLAIR: I am available any time that last week in January. I am available the 31st and the 1st. Is that a Monday-Tuesday?
MS. FYFFE: Yes, the 31st is a Monday.
MR. BLAIR: So Clem is not available the week before that at all, is that right?
DR. COHN: The only dates he has yes are January 31st, February 1st and February 2nd.
MR. BLAIR: I could do it the 31st and 1st. I just thought that there were, I just don’t remember who was the staff of the committee but maybe it is more important to have a committee member.
DR. COHN: Yes, I actually agree and I think that we should put a hold on the 31st and February 1st as the two dates and we will clarify with Mike Fitzmaurice that he can make it.
MS. GREENBERG: You are not sure if Mike is available?
DR. COHN: That is the, he only put two dates down that he is available.
MS. GREENBERG: Because you are going to be agreeing on your preliminary recommendations.
MR. BLAIR: The other piece is, do we have feedback from Margaret Amatiakin? Is she available those dates?
MS. GREENBERG: That is what I was wondering also.
DR. COHN: Maybe we can, between now and the end of the session tomorrow, we can query both and now that we have sort of, I think, come down to what we think are the likely dates, let’s check both of those.
MS. GREENBERG: Mike is out of town I know.
MR. BLAIR: Mike is out of town and then Rob Colodner. He was the other person I was worried about.
DR. COHN: And here is a note from Mike that says at this time all those dates look free.
MR. BLAIR: Good, so Mike is there.
DR. COHN: However, final rules for standards and privacy standards could demand my presence.
MR. BLAIR: Jackie, I think you did get feedback from Margaret. Are you able to see whether she is free there, too?
MS. ADLER: I didn’t get anything from Margaret.
MR. BLAIR: Oh, you didn’t?
MS. ADLER: No.
MR. BLAIR: I think she is okay.
DR. COHN: We can check with Margaret. It sounds like we have come up with –
MR. BLAIR: A tentative of January 31 and the 1st of February.
DR. COHN: Exactly. We are making good progress.
MR. BLAIR: This means that Simon and I get to leave on Sunday again to come to the meetings.
DR. COHN: Now, before we move on to the other issues related to HIPA implementation, is there anything else regarding the CPR work group activities that we need to be discussing at this point? I mean, we have all, as I say, as soon as I get a disk I will make a copy of this letter and we will have a chance to finally review it before the end of the meeting but is there anything else we are somehow missing or that is not being handled? Certainly one of the critical work products of the overall subcommittee so is everyone okay with the way things are going at this point?
Jeff, just to make sure I understand about our October hearings, I think we are expecting to have considerable time on the second day for beginning some discussions on what the issue are, is that correct?
MR. BLAIR: It does look as if we will have time and that is going to be very helpful because we really need to get a lot done and that will be helpful, yes.
MS. FRAWLEY: And Margaret will be with us?
DR. COHN: Kathleen Frawley was asking whether Margaret Amatiakin will be able to be joining us?
MR. BLAIR: Margaret does expect to be joining us in October.
DR. COHN: Good. Okay. Let’s move to some of the broader issues. I think we have been so involved with the CPR activity recently that we tend to forget that we have some broader responsibilities regarding overall HIPA implementation.
MR. BLAIR: Could I just add one thing on this because Margaret she did wind up saying she was assuming that her contract would be in place. So it does it look realistic that she will be on board from a personnel standpoint by that time? By October?
MS. GREENBERG: I am not familiar. Has anyone done the scope of work or initiated the contract? I assume this is going to be done through NCHS and the NCVHS budget, but I am not aware of anyone actually having initiative it. Usually it would be the lead staff who would initiate with us a scope of work.
MR. SCANLON: Was it envisioned that we would use a task order or consulting services? Do you recall?
DR. COHN: I don’t remember how that came out. Mike was supposed to work on it.
MS. GREENBERG: We will check with Kathy Jones who is in the other subcommittee because Mike may have communicated with her. I knew this was the intent but I am not familiar with it having been initiated. Frankly, I tink part of the problem is it would almost be impossible to initiate anything right now. One could have it completely ready to put in, even thought it is not, it is know your money but I don’t think there is anyone in ut contracts who would work on anything until October 1 because right now there is this incredible crunch as you can imagine. The fiscal year ends September 30 so I think that, as I am sort of retreating here, I think that maybe it is in place to get started but it couldn’t get initiated until October 1 in any event which might make it a little close. On the other hand, we can still, we can bring her in again as we did the past meeting.
MR. BLAIR: Well, actually, and I don’t know what the procedures are for this, but we will be asking for a considerable amount of Margaret’s time beyond just October 14 and 15 because during those next couple of weeks we are really looking for her to spend a lot of time working with us to get the issues documented and that means a lot of --
MS. GREENBERG: You are talking about later in October?
MR. BLAIR: Yes.
MS. GREENBERG: When you saw a lot of the work taking place?
MR. BLAIR: Yes, so it is not just, it is more than just getting her here for two days.
MS. GREENBERG: I realize that. I wasn’t quite sure when the bulk of the work.
DR. COHN: I think we can take some of this stuff off line.
MS. GREENBERG: But in any event, we will work it through as best we can but I can’t make any guarantee for October 14.
DR. COHN: Anyway, back to, is there anything, are we okay with this? Let’s talk about the overall activities of the subcommittee, just to remind you that this was based on our discussions at our last meeting where I actually printed out on a full page in 12 point type the work plan for this next fiscal year related to the overall committee or subcommittee related to issues related to the progress of implementation, providing input to yearly modifications, to the administrative simplification of final rules and the need for probably some new administrative simplification standards based on whatever hearings we decide to hold, responding to NPRMs as they come out later on this year and into next and then other issues related to standards and security.
We are obviously going to try to deal with these in a way that fits nicely with the other activities of the subcommittee. These are obviously all activities that are in addition to the other work plan and agenda items that we have from the work group and so we probably need to begin to talk about these, we need to begin to work on them, recognizing that there are some time priorities that we will discuss over the next probably hour and a half, two hours but also that there will be a need next spring to probably begin to hold some hearings to look at where we are with HIPA implementation which will hopefully occur after we have put the recommendations on patient medical record information to death and pretty much to death anyway. So we are sensitive to everybody’s timing and the fact that people do have day jobs.
With that, Bill and Karen, do you want to talk a little about a HIPA implementation update and sort of where we are at this point?
MS. TRUDEL: I will start out then with a status on the regulations. We have made quite a bit of progress over the past few months and the proposed rule for claims attachments has actually completed the department clearance process. It is awaiting the Secretary’s signature and at that point it will go to the OMB for their review. We were hoping that we would be able to publish that in September. I would think probably October is a little bit more like it but as of this point we have gotten nothing but positive feedback on that proposed rule. There really were no big substantive issues in the departmental clearance and I think it is a really good product.
The transaction and code set rule which is our first one down the chute is at this point completed in that it is all written. It is at this point being prepared and packaged for the review process and we are expecting that it will enter the HCFA clearance late this week or sometime early next week. It is a very long document, awful lot of issues involved, a lot of substantive issues and an awful lot of people have worked very hard and helped out with that and again, we are very encouraged. We think it is a really, really good, solid document.
The identifier, wait a minute, let me back up a minute, with the timetable that we are operating under now, it is still possible that we could get that published in November, possibly December, but we are standing by to push it through the review process as quickly as we can and address issues as soon as they come up, brief everyone who needs to be briefed and see how quickly we can make that work.
The employer I.D. rule is final rule is right behind that. It is a smaller document, it had fewer issues, not too many problems involved and as soon as this first rule works its way into the clearance process, the employer identifier will be right behind it.
The security and provider identifier final rules are within a week to two weeks of being completed in terms of the drafting. Again, there were numerous issues involved. They have been handled by issue papers and discussions with the health data standards committee all the way along. The folks who will be reviewing it should not be seeing anything unexpected and there again we are hoping that we will have those published by the end of December as well.
The health plan identifier is still in proposed rule form. There were some significant issues that came up during the departmental clearance. We believe that we will have those revised, those revisions finished sometime this week and at that point that proposed rule will go back into departmental clearance as well. And Bill, do you want to update us on the privacy rule?
DR. BRAITHWAITE: Well, it is no secret to anyone that the department is feverishly working on drafting a privacy NPRM since Congress did not meet their self-imposed deadline of August 21 of this year to put out a comprehensive health information privacy law. So the Secretary is taking as the basis for her regulations the recommendations that she sent to Congress in 1997 as necessarily modified by the relatively limited authorizations that we got for that regulation under HIPA and the drafting process is well along.
As I said, people are working very hard on this and we hope to get it out through a clearance process in a much more rapid time frame that what we have been used to under the other regulations because the Secretary has said that she is going to get that published as an NPRM this fall and according to my watch, this fall has already started so that is going to have to go out very quickly. Also it has to go out quickly because we have to give a 60-day public comment period and then we need at least a couple of months to sort of get our act together to put out a final rule and the final rule is demanded by the legislation by February of 2000 so the time frame is very tight and we are attempting to meet that time frame.
MR. LUMPKIN: Would it be a reasonable interpretation that under the requirement to publish a rule that the issue of ability to override state law is moot?
DR. BRAITHWAITE: Yes, it is a moot point. First of all, the Secretary’s recommendations were that we not, that the privacy law not override state law. It set a floor and state law was more strict than that would continue to have effect as well as federal law that was more stringent.
It is a moot point because the authority we were given under HIPA does not allow us to preempt less stringent state law so that is obviously the way the regulations will come out.
MR. LUMPKIN: Again, not being a lawyer, and I have to say that up front, I am sure all of you knew that anyway, if there is a federal law that sets a standard for privacy and confidentiality and has penalties, then it really is not an issue whether or not the, it preempts state law. Anyone who violates that would then be subject to the penalties. So if state law says I can take your medical record out into the street and pass it out to passer-bys if I am so inclined and the federal rule says you cannot do that, you may not violate state law but you certainly would violate federal law.
DR. BRAITHWAITE: Well, it gets to the issue of when does preemption happen. As I read it, it says, the law says that the federal regulation can preempt state law that has less, contrary state law that is less stringent.
MR. LUMPKIN: Yes, it is not actually a preemption, it is just a penalty.
DR. BRAITHWAITE: Right. So it is only when the state law and federal law come into conflict. That is when there is a decision that has to be made and the most stringent one from a privacy perspective is the one that will preempt the other.
MR. GELMAN: It depends on lots of factors that are not on the table here. It is not at all clear what the difficulty is.
MR. LUMPKIN: Well, we understand that and we understand that there are issues related to that. But for instance, if I go out and commit a serious crime against a civil rights worker in the 1960s, including murder, it may not be deemed to have violated state law, yet it may violate the federal civil rights act. I mean, is that the kind of relationship we are looking for, these rules as being the implementing process for HIPA or are we just going to have to see what the court said.
MR. GELMAN: There are all different flavors of preemption. It may depend on how they write the rule, depends on what the statute says contrary. The law has to be contrary. No one knows what that means I suspect. You don’t have to answer that, but I don’t know what it means. It has to be contrary and then it has to be less stringent. Those are two different standards. Even with all that, you could have a state law that protects you from the force of the federal law. It just depends on you are going to have dozens of state laws here. They are all going to have to be measured on this standard. It is not going to be an easy task. And you are not going to know until somebody tells you and even then you may not know.
MR. BLAIR: What was the purpose of your question, John? Were you just looking for clarification or was there an issue involved in this that it was behind your question?
MR. LUMPKIN: Well, maybe it gets to what does this mean if the rule gets published because without the authority to preempt state law, do we now see a layering which is what my conceptual model would be is the layering of federal law on top of state law so you could be not violate state law and violate federal or you could violate state and not be in violation of federal which is kind of our statement.
DR. BRAITHWAITE: Let me must say, John, that when the draft comes out for public comment, you should look very closely for the definitions of contrary and for less stringent than before you decide whether your state laws will be preempted or not. And comment accordingly.
DR. COHN: I think what you may be telling us is that at some point coming up this fall we may be commenting on an NPRM. We had claims attachments and the privacy and actually the health plan ID which was an NPRM also. So we will have our work cut out for us.
MR. SCANLON: Simon, John Fanning will be briefing the full committee and the privacy subcommittee tomorrow morning on what Bill is describing as well as the timetable. So the committee may want to think of when they might want to schedule a subcommittee meeting to coincide with having comments on the proposed rule. But John will be briefing the committee tomorrow as well.
DR. COHN: Yes, I think it also just points out the need for a process in place to handle responses to NPRMs in between committee meetings. Are there other questions or comments regarding the overall HIPA implementation?
MS. FYFFE: Yes. I am sorry I stepped out of the room at such an important time. Almost missed my window.
The proposed regulations for the implementation of the administrative simplification transactions referred to an eventual adoption by the Secretary of the ICD-10 code sets. Do we have any more of an idea of when that might happen because I think the background discussion of the proposed regs said sometime but didn’t really get any more specific than that.
MS. TRUDEL: The proposed rule I believe talked about in fairly general terms the fact that there was a need for an assessment of a more universal diagnostic and procedure coding mechanism than the code sets that we were recommending be adopted as the first implementation of HIPA. I know we did mention ICD-10 as a possible example of a code set that might fit that bill.
There is nothing, I guess I can say there is nothing in the final rule that specifies a timetable or talks specifically about adopting ICD-10.
DR. COHN: I was actually going to just follow along with that. I think the understanding that I am, I mean, I guess what I am beginning to understand in terms of the process here is the HIPA final rules put into place a process. I think they state the initial requirements but what will be happening is on a year by year basis there will be an opportunity to update, reconsider all of the standards, update them, modify them, whatever, and that includes both the administrative transactions, includes the code sets, probably includes other aspects of other new standards that may be recommended. And so this will be an ongoing process.
I think it is also, at least my perception at this point, that part of that process will be our yearly hearings. We will ask for public comment on what ought to be new and what ought to be changed.
MS. FYFFE: Okay. That brings up a discussion point then. In recent industry meetings, including the work group for electronic data interchange there has been some concern expressed about the level of effort to implement ICD-10 codes and, in fact, one organization had some very rough estimates that sound something like this, that the level of effort to modify their software systems for ICD-10 was about two-thirds the level of effort to modify their software systems for Y2K. For example, one organization came up with an estimate of 90,000 hours for systems analysis and programming for Y2K and then came up with an estimate of about 60,000 hours for ICD-10 so I think that we are going to be hearing more about this issue and as Simon has mentioned, it might be worthy of consideration to have some information input or some hearings on that.
I have heard some very technical comments about how ICD-10 would be implemented and the folks that have been bringing this up, I have encouraged them to try to put something down on paper and write letters to the appropriate organizations but there is really some very serious concern and I cannot articulate what the exact nature of it is.
MR. ZUBIELA: So if I am hearing this correctly, the proposed implementation of ICD-10 in the year 2000 is not a problem. It won’t happen.
MS. FYFFE: Yes, that was what was in the discussion.
MR. ZUBIELA: The discussion was that ICD-9s would be migrated to ICD-10 starting in the year 2000.
MS. GREENBERG: I don’t think it ever said that. It said 2001.
MR. ZUBIELA: That is the discussion that has been going on through the industry that migration would start in the year 2000. I don’t know exactly where it is coming from but it will happen.
MS. GREENBERG: That was never in any of the HIPA documents. There may be some confusion because in fact ICD-10 has already been implemented for mortality data starting with data year 1999 so I assume what we are talking about here is the clinical modification of ICD-10 but that never was any, well, years ago they may have talked about implementing it in 2000 but not recently.
DR. COHN: I think just to clarify, I think that you may be referencing actually one of our NCVHS recommendations from a couple of years ago. What we talked about the need to move to other coding systems early in the 21st century and I think we actually may have thrown out dates. I don’t think any of them as early as the year 2000.
MS. GREENBERG: It said 2001.
DR. COHN: I think it was 2001, 2002, 2003, somewhere in that time frame but it was more on the level of recommendation in what seems like an impossibly long time ago. It wasn’t so many years ago.
MR. ZUBIELA: I have another question. On the implementation of the NPI, the calendar that we passed around with the proposed effective date of July of the year 2000, could you explain how the NPS is going to fit in there and what efforts HCFA is making to have the NPS in place if you are free to discuss that?
MS. TRUDEL: I don’t have a lot of detail on that. I know there is a work group that is made up of the various aspects of HCFA that have interest in the NPI. We agreed first of all to get the final rule out and published as quickly as we could to give the industry time to see what it looked like and to begin to plan and that probably is the rule that has the most significant changes that were based on the public comments that we received. In light of the fact that we also have to build a system and that we can’t start too much before the final rules are published, we also said that we would not make that final rule effective prior to June of 2000 which means that the implementation clock would start then and would not be completed until July of 2002.
They are working right now on a work plan to develop system and to try to figure out where we need to go from here and how quickly we need to do it. I haven’t seen it yet so I really can’t comment on the specifics.
DR. COHN: Other questions regarding this first part of HIPA discussions? Okay, why don’t we talk about the memorandum of understanding between the data content committees?
MS. TRUDEL: The issue of maintaining standards after they are implemented is a rather thorny one. At this time there are a number of groups within the industry who have some piece of that function. Many of them were named in the legislation as organizations that the Secretary should consult and others of them are standards development organizations whom we obviously relied on greatly in recommending standards to begin with. All of those processes, however, have been going on up until now in a stovepipe format and the groups who are involved and there are six of them, they are X-12-N, health level seven, the National Council for Prescription Drug Programs, National Uniform Billing Committee, the National Uniform Claim Committee and the American Dental Association began to look at their current processes and to look at how they might continue to participate in the standards maintenance process in a HIPA environment when we were talking about requirements as opposed to voluntary standards and a process that needs to be accessible and easy to understand for everyone in the industry.
They have been, in talking over how they might do this since last winter, and had made varying degrees of progress until earlier this month when they decided to get together for a face-to-face session and Bill and I attended and helped to facilitate that. At the end of a very long and very grueling day, we, I think, were happy to see that they essentially came to a conclusion that I think addresses the traditional roles and constituencies that each of these groups has that addresses their areas of interest and their overlapping areas of interest that addresses their differing procedures. X-12 is open, anyone can walk in and make a proposal. The traditional content committees are balanced and have limited membership. There are contributions that all of those groups can make and in recognition of that fact and in something that was probably akin to the great compromise, they did come up with a process that would have a single point of contact. It would be highly electronic. It would probably have a web based system enabling it and all of these different groups would be involved.
The requests for maintenance would go to all of the groups who would then have a period of time to determine whether they were interested in participating in the assessment, that there would be a means of discussing and resolving differences of opinion and that the ultimately the standards developing organizations who were responsible for the particular transactions do have to weigh in at the end and figure out actually how to make this happen in the context of the specific syntaxes.
There would be a process for resolving issues and they are developing at this point a single memorandum of understanding to which they would all be participants and would then present that to the Secretary for her review and approval. The time table for that I think would be in the next month or two. I believe we would have it before the final rule is published.
I can’t think of anything to add, but I think it is a very important step forward and obviously there will be some wrinkles in the process to be ironed out. One of the big concerns is timeliness. If we have new legislation passed, for instance, for Medicare and there is a need to do a data maintenance on one of the standards and we don’t have time, what do we do in the meantime? How do we address business needs that crop up overnight and really have to be addressed very quickly?
Obviously, those things will have to be monitored and we will participate in the process as sort of an ex officio member I think. Are there any questions about that?
DR. COHN: I think the only question about the MOU is, is it going to be publicly available for review or how will the details of how this process is going to work be communicated to the public?
MS. TRUDEL: The MOU itself, as I understand it, will be more of a high level description of how this is going to work. It will be available for public review. I think we will also probably have some more detailed operating instructions, guides, what kind of information do you need to request a maintenance action. Who can you send it to? What does the website look like? And what they are trying to do is to come up with something that is fairly simple for people to understand where people don’t have to think through which transaction am I talking about because if it is this one I have to send it here and if it is another one it goes someplace else so that people can see what requests are on the table and then how they are responded to. So I think that sort of detail will be in accompanying documentation.
MR. ZUBIELA: Will this information be available in the final rule?
MS. TRUDEL: There are several very high level statements that we are making in the final rule about the philosophy behind the process and we will be discussing which groups will be involved but there will not be a level of detail in the final rule.
MR. ZUBIELA: Or the website, if it is facilitated through the web, will the web URL address be put in the final rule?
MS. TRUDEL: I don’t know that it will be there in time.
DR. COHN: Other questions?
DR. BRAITHWAITE: We will certainly make that available on the administrative simplification website as well as the text of the MOU and everything else so it will be very openly available.
DR. COHN: Let’s move on to the next agenda item which is the security summit and a briefing on it.
MS. TRUDEL: On October 11 through the 13th there is going to be a meeting in Baltimore that is being called the Security Summit. It had its origins in discussions between John Hopkins and SMS who saw the need to develop implementation guidelines and tools for use in implementing the HIPA security standards. In essence, the transactions have implementation guides that are prepared by the SDOs themselves. They are very detailed. They tell you exactly how to implement and build a transaction and the industry saw a need to have something similar for security. Of course, it is much more complicated to do it for security because it needs to be scalable and it needs to be something that can be put into place in a number of different business environments.
And of course, there is no one industry group that anyone felt was in a position to develop that. So a group in addition to Johns Hopkins and SMS, there are a number of other organizations that are involved in this. The work group for electronic data interchange is handling the administrative arrangements. Some of the other groups involved are Kaiser, Mayo, HCFA, of course, will be participating, AFECT and ENAC and a number of others.
The purpose is to develop, as I said, an implementation guide or best processes, best practices. They will not be official. They will not be sanctioned by the department. However, they will obviously be a very valuable source of information for providers and plans that are seeking to implement the standards and as such we would certainly make sure that they are mentioned on the website and I know HCFA is looking forward to participating in this process to try to get some guidance for our own implementation.
It is a working session. The 11th is actually a prep day for anyone who is attending who is not familiar with the security proposed rule. There is a recognition that obviously the final rules have not been published. They will be working with the proposed rules and possibly will have to make modifications.
The 12th and 13th they will be breaking into smaller groups and developing this set of implementation guides and tools. They are targeting delivery fairly soon after the publication of the final rules so they are thinking that late December or early January this would actually be available to people to begin their implementation planning.
DR. COHN: That shows you the commitment of the government to this process. Questions, comments?
Maybe I just didn’t understand. What do you see the, I mean, there is going to be some outcome of this summit. What do you see the role of this best practices document or whatever it is that comes out of it to be in the overall implementation scheme.
MS. TRUDEL: Well, it will be an aid to plans and providers as they go into the process of trying to plan how to implement the security rules. I expect it will lead them through how to do a risk analysis in the various aspects of security implementation and I think that is probably the main use for it. Also, ENAK and JCAHO will be participating so it may be that those groups will incorporate these guides into their own certification processes.
DR. COHN: Are many things in the rules we have been publishing under administrative simplification which rely on the voluntary efforts of the industry and this is just another one of those. They are coming together voluntarily and providing resources that the whole industry can use to meet the requirements we are putting forward.
MR. ZUBELIA: Probably will have some sample policies that can be used to comply with the HIPA security requirements and some sample procedures that can be followed and some examples of technical implementations of different security mechanisms that would be in compliance.
DR. COHN: Other comments or questions? We will be looking forward to hopefully a very successful conference and some good work products. I mean, certainly the big issue everyone has with the security NPRMs is the fact that they are high level and didn’t really tell you exactly what you needed to do and as such I think everybody has been intending to hire security consultants and that industry is not large enough to accommodate the overall needs of the health care industry so this may be a helpful tool so thank you.
I guess our last item in this section is an update on the Internet interoperability pilot.
MS. TRUDEL: Right, and I had asked Keppa if he would do that since he is much more up to date than I am.
MR. ZUBELIA: AFEK and WITI(?) Have the interoperability pilot going. We have had two face-to-face meetings and in the second face-to-face meeting there was a decision to create a couple more work groups. Right now there is six work groups. The focus of the pilot is to secure health care data over the Internet so it is not a general security focus but it is only Internet security.
The work groups are for batch file transfers such as the standard HIPA transactions, for real time transactions, web transactions, e-mail, certification authorities and authentication and the two new groups are for virtual private networks, VPNs and to prepare the final report, the outcome of the pilot.
The progress of the security interoperability tasks so far in a lot of areas are rather discouraging. We are finding that a lot of the security mechanisms have interoperability problems, specifically in the area of virtual private networks. It is very difficult to find two products that will work with each other if they are not from the same manufacturer and even then it probably has to be the same version number.
In the area of S-MIME for e-mail security we are also finding interoperability problems. There has been very significant progress from the certification authorities. There is four certification authorities participating and they have agreed to issue certificates under the same certificate policies, the same parameters to request the certificate. They have also agree to interconnect their repositories to provide fully redundant repositories.
In the meeting last week, had something unexpected happen. There were a lot of WITI participants that expressed very strong interest in linking the efforts of the certification authorities and authentication with the NPI and the payer ID systems. They were saying that if a provider has to go to a certification authority to prove their identify and eventually to prove the fact that they are a physician, that should also be part of the obtaining an NPI process, whatever that be, that both of those processes probably should be confluent at some point and that once the certificate is issued, the publication of the certificate probably should be part of the NPS and not have to go to a certification authority directly when you go to the NPS to get a certificate.
MR. BLAIR: NPS?
MR. ZUBELIA: National Provider System or National Provider File would have the fields to hold the certificate.
It makes sense except that potentially there would be a lot more certificates than providers. There could be certificates for non-providers that would have, would still be published by the certification authorities so it is something that at some point should be coordinated with HCFA, probably independent of the final rule but probably in conjunction with the deployment of the NPS. And somehow coordinated the process if it is effective.
The WITI group last week recommended that the interoperability pilot produce a report at the end of December or sometime in December and have a final report probably sometime in March but have a preliminary report in December that can be used in conjunction with the publication of the security final rules to see where we are on using the Internet.
MR. BLAIR: I gulped. And I guess we don’t even know how severe the ramifications of this might be but let me just ask a couple of questions because I guessed that I had made an assumption, I guess a bad assumption that SMIME and PKI would give significant interoperability. Could you elaborate just a little bit? What kind of interoperability problems are we having with SMIME? And help me understand the PKI interoperability problems a little more.
MR. ZUBELIA: With SMIME a lot of the work has been done by another group which is a cryptography experts’ group and they found that SMIME messages going through gateways get distorted sometimes to a point that they cannot be recovered at the other end of the gateway and they are finding that even within SMIME sometimes the signature or the encapsulation with encryption of the data is not compatible between both ends.
Another of the things we found within the pilot itself is that there are a lot of SMIME, well, a few SMIME implementations that work fine under Windows 98 but very few or practically no implementations that work on servers. So for EDI, not for e-mail between two humans but for EDI transfer of SMIME we are finding that the server implementation that is going to receive the SMIME file and process us an EDI message, has to be written from scratch and that is creating a problem right now.
MR. BLAIR: Do you have any thoughts or guidance that can help the committee understand the implications of this with respect to the security regulations that will issue in a few months?
MR. ZUBELIA: We are finding some things that work. I don’t want this to sound all negative. We are finding things that work well. For instance, using web browsers with SSL to securely access a web site works well. Using PTP to encrypt batch files works well so there are some progress items, things that have been identified that work well. And maybe the recommendation will be to start adopting those that we have identified that work and wait on the ones that stimulate some development.
On the digital certificate issue, we are finding the portability of certificates to be the major problem where in other industries people are working at their work station all day and they can have the certificate stored on their disk. In health care, most work stations are shared during the day. The nurses’ station is shared by all the nurses in the station and they may be sharing two or three computers that are at the nurses’ station but they are floating between one computer and another. Digital certificates in that environment pretty much require the use of a Smartcard or some other token and the deployment of that is problematic to it.
So there are some things where we are finding the technology deployment is not up to speed with the capabilities of the technology and in those cases probably the recommendation would be to wait for things to catch up but those that are up to date will be adopted immediately.
DR. COHN: I think you are really bringing up the reason why the security NPRMs and probably the final rules stay a level above the technical implementation because it is such a fast moving area and probably as the systems understand what the requirements are, they move quickly to address some of these issues. One would hope anyway.
MR. ZUBELIA: We are seeing that already. Some of the security vendors are tracking the pilot very closely and modifying their products so they will work according to the recommendations of the pilot. We have already seen that.
DR. COHN: Sounds like we need some standards. Are there any other questions on the Internet interoperability pilot?
MR. BLAIR: Very valuable information.
DR. COHN: Yes, and hopefully we can stay updated on that as the program moves on. Jeff, do you have any questions? Yo know, would the subcommittee like to take a short break at this point? I want to reassure everyone that we are doing very well and we will be, I think, well ahead of schedule. I know how unusual that is.
MR. BLAIR: Could I mention one thing before the break if I may? In our meeting of our work group on the 16th and 17th, I handed out a document of general interest. The Medical Records Institute that I work for conducted a comprehensive survey of electronic health record trends in usage, over 640 respondents responded to this. It is on the website but for convenience I brought copies and we handed it out in our last meeting but I think there may be other individuals that just have a general interest so I brought an additional 10 copies for those folks that have an interest in the results of the survey. So just let me know and I will give it to those who have an interest.
DR. COHN: Fifteen minute break.
(Brief recess.)
DR. COHN: Okay, we will go over the revisions to this document and then approve it and then we will get back to our agenda.
What we had identified is that there is a need to put the, I mean, I guess the, Kathleen commented on attachment two that there should be protection of privacy and confidentiality and the security of electronic patient medical record information.
MS. GREENBERG: I don’t know if you need all those words.
DR. COHN: Which one would you like us to remove?
MS. GREENBERG: It is just that all of them refer to patient medical record information in that list.
DR. COHN: So it should be privacy, confidentiality and security?
MS. GREENBERG: In fact, I didn’t think –
DR. COHN: We are up for a final wordsmithing here before this is complete.
MS. GREENBERG: This is minor but I think on attachment two where you list each of the old attachment two had bullets and then the topic was underlined. I think that made it more readable.
DR. COHN: Yes, something happened with the format changing. This has to do with the fact that I am, this is the switch from Microsoft Word which tests format to WordPerfect is I think what happened here so the font and the format changed a bit. I think you guys can change that.
MS. FYFFE: Good thing it’s not encrypted.
DR. COHN: Do we need some standards here? Anybody have any further comments or is that it?
MS. FRAWLEY: Those were the only changes I saw.
DR. COHN: Okay. We actually wear everybody down enough and it finally becomes a document. I think it is a fine document at this point. We will make those changes and we will give this to Jackie.
With that, let’s get back to the main part of our agenda. We are actually at the 3:45 time slot which is the process for evaluating implementation, obtaining baseline data. Karen or Bill, would you like to lead off on this discussion?
MS. TRUDEL: I will at least get started. At the last subcommittee meeting we had some discussions about preparing the annual report on implementation and the kinds of baseline and ongoing data we would need to do that and I had volunteered at that time to talk to the board of directors of WEDI to find out what kind of assistance perhaps they could give us or any thoughts about how to facilitate that process and I did that last week at the board of directors meeting and they were very interested in participating in the process of helping to give the committee an idea of how the implementation is going, what kinds of successes, what kinds of problems, what kinds of barriers there might be, perhaps giving us some sense of what the critical success factors might be that we would want to be measuring on and the board voted to establish a policy advisory group on HIPA implementation.
So that will be an ongoing group at WEDI that will field this kind of issue and provide their input to the committee.
At this point, all they have done is to approve the creation of a committee. They are looking for some co-chairs within the group and I wanted to get a sense of to what extent we might be interested in working with them and what timetables you might want me to convey back to them, how everyone would work together and so forth.
DR. COHN: I would ask the subcommittee also to respond. We certainly would like as much help as we can get and as much advice and guidance and I certainly think if they are willing to assist they can play a very valuable role in helping us identify what would be the initial implementation, sort of baseline guides I would imagine. Unfortunately my belief on this is that we need to have these in place when the implementation begins which should be somewhere I would imagine around February or March of this coming year. So time is not completely of the essence yet. I mean, to an emergency physician, this seems like plenty of time to me.
But also having had some experience in administration, I know that this is not such a long time frame we are describing. And actually, Karen or Bill, I would have you comment. Do you think I am off in terms of my timeline or expectations of when we need to have the metrics pretty much in place?
MS. TRUDEL: No, I think that is about right.
MR. ZUBELIA: Falkner(?) and Gray just came out with their 2000 report a couple of weeks ago and it has a survey of pay houses and payers that have implemented transactions and what transactions they have implemented but it doesn’t actually talk about volumes. All it says is they have implemented A-37. Whether they get 0.001 percent of the transactions in A-37 or it is 98 percent in A-37, it doesn’t say anything about that. Are there any sources or is there any way to get that kind of information not only from the payers but also from providers?
DR. BRAITHWAITE: Well, Judy Ball had drafted a letter to Falkner and Gray asking if we couldn’t talk to them about tacking on to that very survey to use that as a baseline and follow-up information.
MS. TRUDEL: The letter went out.
DR. BRAITHWAITE: The letter went out. As far as I know, we haven’t gotten any response yet.
MR. ZUBELIA: I have seen the forms that Falkner and Gray sends us to collect information from us and there is another place to reflect that kind of volume of the transactions in those forums. So I know Falkner and Gray doesn’t have the information right now.
DR. BRAITHWAITE: I know, and we are suggesting to them that we work with them on adding those things to their survey for the next year so that in fact it did contain the data we needed to do this kind of evaluation. So hopefully by the next round, when they do their 2001 report it will include the kind of information we need.
MR. ZUBELIA: How about vendors and providers? Will we wait to get that information?
DR. BRAITHWAITE: They also survey those folks but I don’t know if they use the same instrument or not.
MR. ZUBELIA: I don’t remember it reflected in their survey of vendors.
DR. COHN: Are you talking about volumes at this point?
MR. ZUBELIA: Yes, I am talking about volumes. In order to measure implementation, I think we need to see at least percentages if not volumes, percentages of claims and using the HIPA implementation as opposed to just plain implementations.
MR. BLAIR: If you are referring to the same survey that I saw in Health Care Informatics in their pulse survey, is that the same one we are talking about?
MR. ZUBELIA: No, this is Falkner and Gray, what is the name of it? Health Data Report or something like that. It is a book about an inch thick, inch and a half thick.
MR. BLAIR: So they went to targeted individuals that might have that type of information is what you are saying.
MR. ZUBELIA: Yes, they sent to, I know they sent to all the clearinghouses a survey form typically around January or February every year. It is self-reporting of what you can do and right now I think it is the only report of the industry as to who has implemented X-12. The question is, have you implemented X-12? What transaction sets have you implemented? But it doesn’t specify volumes or percentage of transactions coming in that transaction set.
DR. BRAITHWAITE: I think we have time to negotiate with them and perhaps getting that information into their next survey for early next year and that would be a perfect time to start the baseline measurements.
DR. COHN: Now, of course, recognizing that there are a couple of baseline evaluations we need to do, we need to do baseline for the transactions, and I am trying to remind myself, we need to do baseline for security and I don’t have the legislation but the identifiers, do we need that?
MS. FYFFE: Employer and provider I.D.s.
DR. COHN: That is right. I mean, I think we need to be sort of thinking about baseline evaluations for all of those and some of them probably already used our employer identifier because we have picked the standard that is in common use but the others are going to be brand new ones. We know the volumes of those at this point. Zero.
MS. GREENBERG: It would be, I guess, when they are available they would be required in the appropriate transactions. You couldn’t really, I mean, once they are available to use, you couldn’t really implement the transaction without them, I guess.
MS. TRUDEL: Yes, actually you can.
MS. GREENBERG: I mean, you can until they are ready to be used but I would assume --
DR. BRAITHWAITE: There is a two-year period over which they can implement.
MS. TRUDEL: During that two-year period it is possible to use either the standard identifier or other existing identifiers that are already identified in the X-12 transactions and I think the way the conditions are written is that it is okay, for instance, to use a PIN or Social Security number until such time as the provider identifier is implemented.
MR. ZUBELIA: In fact, it is okay to use both in the same transaction so you can send the NPI and the proprietary provider ID in the same transaction. That is going to make it difficult to see the real implementation because none of the providers would be using both and the payer would be taking one or the other and we would never know which one they are taking.
DR. BRAITHWAITE: We will have to ask them. It sounds like with WIDIs, PEG and if we can get Falkner and Gray to increment their survey to our needs, plus some hearings we will schedule, that we have got a pretty good handle on this issue for next year.
DR. COHN: Yes, I was going to ask, does the WIDI PEG also intend to be dealing with the security issue or just with the actual implementation of the administrative transactions?
MS. TRUDEL: We didn’t discuss it specifically but I know they are interested in all the different aspects of HIPA so I would say at a guess although I could be wrong that they would be interested in security as well.
DR. BRAITHWAITE: I am sure they mean to do security as well. That is a great concern of theirs.
DR. COHN: I am trying to think of timelines and what we need to have in place by when. We will not really have much by November. The subcommittee and work group will be meeting in mid-December and there probably would be some time we could devote on the agenda not for hearings but for a discussion of where we are in the overall metrics and matrix to handle things. The next full opportunity we really have as a subcommittee will likely be as part of the late February meeting of the NCVHS because I think that is unrealistic to expect that in our late January, early February meeting of the work group that there will be any time other than the work group deliverables.
What do you think, I mean, it seems to me that some of these we are a little too late in February to be finalizing the metrics since likely that will be just about the date for actual formal implementation. As I am thinking about this when it seems like it is probably something that we need to be making some significant progress on between now and the end of the first week of December. Is that a reasonable timeline?
MS. TRUDEL: Would it be possible for Bill and I to draft up perhaps a straw man set of questions that we can assume that should be covered in this report? What kinds of questions would the subcommittee feel that they would be called upon to be asking and answering? And then from those questions we could sort of intuit what data we would need and if we could go through a couple of iterations of that over the next few weeks, then we would have something that we could both discuss with Falkner and Gray and also with WIDI.
DR. COHN: That would be great. And we would have something we could send around by e-mail to provide comment to you for the full subcommittee.
MR. ZUBELIA: Could you also work on security questions in order to evaluate the implementation of securities since I co-chair the WIDI security policy advisory group, that would be a great help.
DR. COHN: We might also ask for some help from the WIDI security policy advisory committee, too, on that.
MR. ZUBELIA: But something strikes me in the difficulty in making the survey of security implementations, there is no way he is going to admit that they are unhappy with their security. It reminds me of the question that you are asked when you want to get permanent resident status in this country. They ask you, are you a Communist? Nobody is going to say yes. Right? In security in health care, are going to run into the same problem. Nobody will admit that they don’t have adequate security. It is going to be very difficulty.
MR. BLAIR: Do we have an option of asking a little bit more pointed question like have you tested the interoperability of your security and which other vendors does it work with? Something like that where you get to the next level. Is that realistic or is that beyond what we really can do?
MR. ZUBELIA: I think that would be very scary and people will not answer the survey. Maybe we need to identify a mechanism for semi-anonymous answers more like the census where people will not be seeing their name on the front page of the Wall Street report saying that such and such clinic admits to not having adequate security for their records.
DR. COHN: I was going to comment that this is actually I think an area, without trying to come up with the answer during the meeting and I think we are just beginning to recognize that we need to get the questions, we need to come to some agreement that they are a good first cut but groups such as the WIDI policy advisory groups and others that are willing to provide advice in a relatively short time frame, this could be a very valuable, collaborative effort where we sort of start out and then we begin to ask them for their input and advice, recognizing that we don’t have years to develop the first version. We can obviously improve things after February but effectively we need to, in some way prior to implementation, evaluate the baseline status and we need to do it in a way where you are, one, when we evaluate again, we are not coming up with completely different metrics to evaluate it at the end of the first year. I mean, it is doable. We just have a relatively tight time frame.
MR. ZUBELIA: Effect trying to do something like that and we have the security checklist for voluntary self-reporting of where you are that were distributed maybe two years ago. We gave several hundred copies to people at a meeting, a face-to-face meeting with the request to return those copies before you leave the room and only four people returned the copies. Then I got one or two more in the mail and that was it. It is very difficult for people to admit they don’t have good security.
DR. COHN: Which may be a metric on its own.
MS. GREENBERG: One issue that I know is, we started to address and that is the infrastructure team, this whole issue of enforcement. This is really connected. If you can’t survey or find out, I mean, how are you going to, I mean, it is the same issue in a sense although that is another aspect of enforcement of what do you do once you find out obviously because the first part of just trying to determine the level of compliance is similar. I don’t know exactly what that thinking is. I know the focus now is getting out the rules but I mean, it is something we can’t duck totally.
DR. COHN: I am sorry, I laughed at the last bit of your comment.
MS. GREENBERG: I was saying it is the whole issue of how the department or who will and how enforce it.
DR. COHN: Yes, and actually I think we put down on the work plan for this coming year to do some hearings on enforcement and I think that is certainly a, going to be an important issue and there is going to be a number of issues. We were going to be busy this coming year unlike, of course, this past year, I mean, we will be busy on the first year of HIPA implementation. And certainly you are right though even without enforcement we still need to come up with the baseline metrics to understand where we are and certainly I think Keppa is making a very good point that it is going to be easier getting metrics for the administrative transactions versus security and we may have to be, come up with some good ideas about how to do it or at least be able to make some observations of the scene and Bill, for example, you were commenting on the fact that nobody is willing to say maybe in and of itself a piece of the metrics and we will just have to think about it in terms of enforcement is going to get very interesting when we talk about security. It should be an interesting session. We will get Bob Moore now that he will be done with Y2K to come in and talk about enforcement.
So I think for next steps for the baseline data will be some e-mails to further refine the questions after we have said yes, they are a good draft, trying to get whatever input we can from groups such as WIDI and others that are willing to provide us input, have hopefully more, a more complete draft by the December meeting at which point we can spend a little while talking about them and hopefully at that point approve them for at least on the draft basis for work to be done on the baseline. Is that what I am hearing from everybody? I am making up the work plan as I am going.
MS. FRAWLEY: I just want to make sure I understand the timeline. I understand between now and December that there is some question about signing off on them, any commitments from organizations that are going to be helpful to us but are we going to wait until after the final rules are published to start soliciting, you know, –
DR. COHN: To get the data?
MS. FRAWLEY: Yes. I mean, I think the biggest problem we have is that until the final rules are out, everyone is kind of sitting there waiting so it would be kind of hard to capture any baseline data on HIPA implementation without the final rules. So are we tying it to the final rules?
DR. COHN: Yes, and the reason I am mentioning February is it is my understanding, I don’t know when the final rules are going to be published but assuming they are sometime between now and the end of the year, there is usually a 60-day period upon which they are sort of preliminary and then become final and so we wanted to have something in place and ready to go in time for that final yes, this is the start of implementation with the idea that we could actually have some baseline measures that fit right in that period which I think is why I am thinking about December having the questions pretty much together so that as the stuff came out we would be able to right then start doing the baseline. Does that timing, I mean, we are making this up as we go but it seems like the right timing for the development of the baseline metrics and their application.
So, anyway, that will be a December item that we will discuss. Beyond that we are talking about the next steps for the subcommittee. Marjorie, did you have a comment or question?
MS. GREENBERG: Don’t believe so.
DR. COHN: You have a look on your face like you might have been intending to ask something. I just want to take a couple of minutes just to talk about the next steps for the subcommittee and rating some of our other tasks. We are already describing this issue of needing to come up with baseline metrics and be able to advise on that. There are going to be a number of NPRMs coming out. Obviously the claims attachments and then the payer ID and we will need based on whenever those come out to be able to mobilize to obviously have a draft letter written but beyond that critique it and make comments and get it up to the full committee for approval in the appropriate time frame. I mean, my hope is December will be a time frame at least for the claims attachments. It may come sooner than that but I had hoped that would be within the period of comment and we will have to see whether the payer ID is the same thing so I think the intent would be at the same time as we are talking about baseline, talking about those issues, hopefully getting the letter approved that then we can send up to the full committee. And then we have to use whatever process we agree upon tomorrow to get that approved by the full committee in the appropriate timeline.
MS. GREENBERG: It is possible that these connections will be discussed at the December CPR meeting.
DR. COHN: Yes, actually there is going to be a session during that time for the subcommittee and that was the intent but that is still the subcommittee discussion and the next full committee meeting is late February which will be much too late.
MS. GREENBERG: But the full committee approval would obviously have to be through whatever procedure is agreed to but the subcommittee one could probably be at a regular meeting.
DR. COHN: Exactly. I think that would be the hope. So that will be an item that hopefully will be geared up and ready to discuss in December also. So I mean, hopefully this will be the focus of whatever we do as a subcommittee in December, leaving the vast majority of time to try to wrestle with the document for CPR, the CPR document.
The other piece I just wanted to bring up and I wanted to think about it for a minute or two, is this issue of the implementation actually begins to occur. We have responsibilities to help advise about whatever changes should occur for the next year as well as get public input about how well the implementation is going. I tend to think of this, these issues as falling into the administrative transaction standards, code sets, security and identifiers. I suspect especially for the first year there may be a significant amount of comment. I think we observed that when we were talking about this, our last meeting of the subcommittee. I mean, my thought is to observe probably at a minimum, two two-day hearings to go over those issues and elicit whatever public comment may need to occur as well as hearing from the SDOs about whatever changes they may want to have to the transaction standards or new transaction standards and hearing also from me data content committees, the same sort of issues and comments.
Am I under, is two two-day sessions in late spring the appropriate amount? Am I under-estimating what we need to have? I mean, the next time, we will be talking a little bit in December so maybe we don’t have to decide fully but April and May are not that far away and if we are going to start doing this, we need to begin to also schedule some times. Bill, are you going to make a comment?
MS. GREENBERG: You said two two-day hearings.
DR. COHN: Yes. Is that, Jeff do you have a comment?
MR. BLAIR: You are talking about two-day hearings in March and April?
DR. COHN: Actually I am thinking April and May realistically.
MS. FRAWLEY: Again, that would be contingent upon the final rules being published.
DR. COHN: Yes. We wouldn’t do this unless and until the final rules are published. Now, what we have heard is we think that likely these rules will be published sometime before year-end.
MR. BLAIR: For those on the Internet, I was shaking my head yes.
MS. TRUDEL: We are kind of thinking that that might be a little early. That even if the regulations are published when we think they are, that that really won’t give people all that much time to get into the details that will begin to bubble up some of the problems.
MR. BLAIR: We are thinking that the early planning period where some of the initial problems might surface will provide the opportunity for a little bit of feedback but the vast majority of comments are going to come when those implementation plans start to be actually start grinding away at the details. You know, the devil really is in the details. And when they get to those details, we are likely to get a whole flurry of feedback and I suspect it is going to be late summer before we start hearing about those so maybe we should distribute these things, give people an opportunity in the April-May time frame for like one hearing and then have another one late summer or something like that, expecting that we would get more detailed feedback about problems that might be coming up.
DR. COHN: Well, I guess the other question also is the HHS schedule for any new or changed transactions. That, I think, does fit into the April-May time frame, at least as I count.
DR. BRAITHWAITE: It does, and there might be other forces afoot to have a one-year revised regulation come out but I think that we are just going to have to continue to crank them out as we find the need to do that and we have that emergency clause in the law that says we can crank it out before one year is up if, in fact, it is required to enable them a good implementation so we don’t have to stick to the one year time frame mentally. It can be less than that or more than that, depending on what kind of feedback we get.
DR. COHN: Hopefully there will be no emergencies.
MR. ZUBIELA: We will probably get feedback on the dental codes that are implemented in January. We will get feedback on time for that first hearing and how that implementation went. If nothing else, just to know positive or negative how that implementation went. Because that is independent of the transactions and practically independent of the NPRMs also, the American Dental Association has a new set of codes that go into effect in January.
DR. COHN: Other comments about claims? I know spring seems a long time away but it really isn’t. Do people have other comments about hearings, frequency, need. I mean, clearly there is a need but is it a two-day hearing or two two-day hearings?
MR. ZUBIELA: I would say a two-day hearing in the spring. I am sorry, a one-day hearing in the spring and another day or two-day hearing in the fall would be best. We probably won’t see much in the spring. People have been working on Y2K and very few people are working on this.
DR. COHN: I think the only question will be is whether any of these standards or organizations are going to bring forward additional changes or visions, expansions, whatever, to their planners. Yes, Marjorie.
MS. GREENBERG: I was just thinking that the executive subcommittee is meeting I believe it is December 7 to do some, so it is actually before this, yes, it is the afternoon of December 7, earlier in the week that the CPR meeting is going to be held. We are going, I probably should have called peoples’ attention to this, maybe I will have to run down and tell the other group, too, but a major focus of that executive subcommittee meeting is going to be long range planning and budgeting so the more thoughts that the individual subcommittees and their work groups have about what types of hearing schedules are going to be required in the next year, particularly if they feel there should be any hearings outside of Washington which is more, consumes more resources, et cetera. Again, like the clause in HIPA, we can always put something in as emergencies arise but we are going to make a stab at planning this, having a little forward planning, also from the point of view of contacts that we need, et cetera. I don’t know, if you feel you have enough information now. You obviously will be participating in this. And just realize that actually will be a few days before the meeting, the CPR subcommittee meeting.
DR. COHN: Sure. Jeff, did you?
MR. BLAIR: Maybe the hearings that we do in the spring, we could get those folks that probably would be further along than others like the vendors would probably have already done at least design if not recoding by that time, they could give us some good feedback and critiques and then in the fall get the early providers or early users. Does that fit in or make sense? I am asking both Kappa and Simon.
DR. COHN: Actually, I think that probably makes sense.
MR. ZUBIELA: I think it makes sense. A lot of the vendors are either coding or complete with some of the HIPA transactions already. It is not until they actually start to flow in volume that you start seeing more problems but I think it would be good for the vendors to have an opportunity to report their problems or successes and I think there will be some successes to report at that time.
DR. COHN: Keppa, you are involved with the X-12 group as I understand. Do you sense that there is going to be many requests coming in for changes or additional standards?
MR. ZUBIELA: X-12 is already working on version 4030, implementation guides for version 4030 to support some of the additional requirements that are not supported by 4010. Some decodes that is, and so on, they are not supported by 4010 and also X-12 just sent a project proposal through the other process to implement the prescription, electronic prescription in edifax syntax. Currently NCPDP is using a standard code scrip which is very similar to edifax syntax and they want to take advantage of the international standard and maybe have a prescription in that format so there are some things already going on with X-12 that could be reported here.
DR. COHN: And obviously we want to accommodate X-12 NCPDPH, all seven and others that they want to be suggesting changes, updates and others. Okay, I think what I am hearing that at a minimum we are going to have a two day hearing on these issues in the spring and depending on what things seem to be developing and especially this unknown of how much changes are going to be promoted, pursued and how much discussion there may be around them, we may go beyond that but we should at least try for a two-day session. And it sounds like another two-day session in the fall. We will sort of see how that goes.
Are there other items we need to discuss?
MR. ZUBIELA: I would like to bring up something that I have heard from the dental community. They are clamoring for some attachment transaction standard to send dental x-rays and at some point the attachment work group will have to address that because that is, according to the dental vendors, that is the single most important delaying factor for the penetration of dental transactions. The latest report I think they say that dental claims are from 17 percent electronic compared to 84 percent on other claims and the dental vendors are saying it is because of the dental x-rays that have to be sent as a separate attachment and therefore you might as well send the claim as a paper claim so if that could be addressed by the attachment subcommittee it would be to great benefit to the dental committee.
MS. TRUDEL: I believe the X-12 attachment group at one point did consider having the dental x-ray as one of the original attachments that they were going to propose and there had been some very preliminary discussions with I think Dicom on the actual structure of the x-ray image standard and as I understand it that didn’t get too far. Perhaps we need to resurrect that discussion.
DR. COHN: It would certainly seem to be, the appropriate process would be to take it to the work group, the HL-7-X-12 combined, the X-12 work group at this point to sort of see if they can make it happen. Certainly I think once something is ready to be proposed I think we need to be hearing about it but we are probably not the group to be able to make attachments happen out of thin air.
Other comments, questions? I have an announcement or two to make here.
First of all, I think we are getting a pretty good idea of what the subcommittee needs to be doing over the next 12 months or whatever and we will be calling you individually to see what your availability is in the April and May time frame. Based on further discussions we will ask you to either have you hold one date for certain, another date probably as a hold date, just so that we have it reserved at this point.
Now, I have a note here, and this is from the work group on quality. They are actually going to have a meeting on November 4 in the evening after the one-day NCVHS meeting.
MS. GREENBERG: It is November 3.
DR. COHN: Is it November 3? Maybe I am confused. Is November 3 the day of the meeting?
MS. GREENBERG: The full day meeting is the third. And then late afternoon, early evening the quality work group will have a meeting.
DR. COHN: November 3. Thank you for clarifying that. Anyway, members from the subcommittee are invited. Kathy Coltin did ask me to see if I could get a count of who is likely to attend. Apparently space is an issue. Are any of you interested in going to the, apparently the meeting of the subcommittee on quality will involve the subcommittee on quality and the representatives from the CPM subcommittee of NCQA. That would be of interest potentially to members of the committee and the CPR work group and that would go from about 6:00 to about 8:30. So it dos make for a long day.
MS. GREENBERG: We are going to arrange for dinner of some type. We think, the full committee meeting is not going to be held in the Humphrey Building because a room was not available. As you know, the Commitete on National Statistics meeting is the following two days, the 4th and the 5th. You people have already been queried about that but that meeting is going to be at the Holiday Inn in Georgetown so I think the full committee meeting will be there as well but the meeting with this quality group is likely to be at a different hotel where the people that they are convening with are meeting. So it is a little bit of logistics here but nothing insurmountable in Washington, D.C.
DR. COHN: Okay. Well, I actually do need to know from any of you who are interested so I can alert Kathy Coltin. At this point I see Jeff Blair is interested in attending. Okay. So Jeff and I, I think I also will be attending that session. With that, is there any other business, any comments any of you would like to make? Any questions either from the subcommittee or those attending? Well, with that we will adjourn the meeting then. Thank you very much.
(Whereupon, the meeting was adjourned at 4:20 P.M.)