[This Transcript Is Unedited]
National Center for Health Statistics
3322 Toledo Road
Hyattsville , Maryland
TABLE OF CONTENTS
DR. COHN: Good morning. I want to call this meeting to order. This is the third day of hearings of the Ad Hoc Work Group on Secondary Uses of Health Information of the National Committee on Vital and Health Statistics. The National Committee is a statutory public advisory committee to the U.S. Department of Health and Human Services on national health information policy. I am Simon Cohn. I am the Associate Executive Director for Kaiser Permanente and chair of the committee.
I want to welcome committee members, HHS staff and others here in person, and want to welcome those listening in on the Internet. I also want to remind everyone, as we always do, to speak clearly and into the microphone so those on the Internet can benefit from our deliberations and dissemination. I also want to thank the National Center for Health Statistics for hosting us for this meeting.
Let's now have an introduction around the table and around the room. For those on the National Committee, I would ask if you have any conflicts of interest related to any of the issues coming before us today, would you so publicly indicate for your introduction. I want to begin by observing I have no conflicts of interest.
MR. REYNOLDS: Harry Reynolds, Blue Cross Blue Shield of North Carolina, member of the committee and no conflicts.
DR. CARR: Justine Carr, Beth Israel Deaconess Medical Center, member of the committee and no conflicts.
MS. AMATAYAKUL: Margaret Amatayakul, contractor to the work group.
MR. FITZMAURICE: Michael Fitzmaurice, Agency for Health Care Research and Quality, liaison to the committee.
DR. DEERING: Mary Jo Deering, National Cancer Institute, staff to the NHII work group.
DR. WHITE: John White from the Agency for Health Care Research and Quality and testifier today.
MS. SPRENGER: Sharon Sprenger from the Joint Commission. I am a testifier.
MR. VIGILANTE: Kevin Vigilante, member of the committee, Booz Allen Hamilton, no conflicts.
DR. SCANLON: Bill Scanlon, Health Policy R&D, member of the committee, no conflicts.
MR. STEINDEL: Steve Steindel, Centers for Disease Control and Prevention, staff to the ad hoc work group and liaison to the full committee.
MR. ROTHSTEIN: Mark Rothstein, University of Louisville School of Medicine, member of the committee, no conflicts.
MS. JACKSON: Debbie Jackson, National Center for Health Statistics, CDC, committee staff.
MS. HAYES: Rebecca Hayes, America's Health Insurance Plans.
MS. YOUNG: Alison Young, American Health Information Management Association.
DR. COHN: I want to welcome everyone. I will be very brief in terms of my introductory comments. We have a lot to do between our start this morning and our 12 noon adjournment for this set of hearings. I do want to remind everyone that we do have hearings coming up during the first three days of August, and then we will have additional sessions late in August 23 and 24. This is meant to be a fast-paced effort.
As I have indicated before, I want to thank members of the committee for serving on this ad hoc work group and for donating their summer to this project and effort.
Just to remind everyone, and also for information and context setting for our initial presenters, we have been asked by the U.S. Department of Health and Human Services and the Office of the National Coordinator to delve into the issues of the secondary uses of data, especially in the context of this evolving and development Nationwide Health Information Network. We have been asked to develop an overall conceptual and policy framework that addresses secondary uses of data, including taxonomy and as we saw yesterday, a very significant need for definition of some terms, just because there is a lot of terms out there that are maybe overloaded or as was described yesterday, everybody uses the term to mean something different by them.
We have also been asked to develop recommendations to HHS on needs for additional policy, guidance, regulation and/or public education related to expanded uses of health data as you move into the Nationwide Health Information Network. We are looking widely at this, but we also will be emphasizing the issues relating to data for quality measurement, reporting, and I do want to mention specifically improvement. Sometimes we get so involved with measurement and reporting that we forget that the reason for all of this is to improve the quality of care in the health care system, and we want to make sure that we are supporting that at every juncture.
Finally, I would comment that in all of this work, we are looking for frameworks, but we are also looking for approaches, tools and technologies that may help minimize risk as we move forward. So that is also part of the conversation. It isn't just high level frameworks, not just policy, but other practical things that can we recommended that might help minimize the risk as we move into this new environment that may be mostly covered or completely covered by HIPAA, but was probably not completely contemplated when HIPAA was developed.
I want to thank Harry Reynolds and Justine Carr for being the co-vice chairs of this activity. I will be turning it over to them to chair and facilitate the rest of the sessions. But I do want to observe that we have two main sessions this morning, one talking about work from the AQA and John White, thank you for coming in and helping brief us on that, as well as the Hospital Quality Alliance, and Sharon Sprenger, thank you for joining us for that conversation. We also have somebody from Centers for Medicare and Medicaid Services, Mike Rapp, who will join us in person or in the phone.
After our morning break, we will move into discussions around health record banking. One of the questions we have is, what part, and is there even a part for that activity in relationship to the work that we are discussing, where does it fit in. I think it will be an interesting conversation. I am hoping at the end, as we have been doing on a regular basis to spend some time talking about learning issues, open issues and next steps. We are asking Margaret A. to help us work through those discussions, recognizing that that serves to inform the questions for future hearings as well as in some ways testifiers. So that will be the morning, and we will adjourn at 12 noon.
Harry Reynolds, let me turn it to you.
MR. REYNOLDS: We will go in the order on the agenda if that is okay with you. John.
Agenda Item: Organizations Directing and Supporting Quality Improvement Activities
DR. WHITE: Thank you very much. Hello, everybody. Thank you for having me here again. It is always a pleasure to be back.
Since we are in Washington, political speeches are common here. There are four parts to any good political speech: Bond with the audience, raise the alarm, point with pride and with hope. I don't know if you have ever heard that before, but in the interest of bonding with the audience, I have been paying attention to the testimony over the past few days and as always, you all are doing a fabulous job of addressing a very complex subject. It had nothing to do with my involvement in taking a look at who was going to be testifying beforehand. I am really pleased at the hard work that you all are doing, and mean that honestly, joking aside.
My day job as you all know is Health IT Director at AHRQ. I am here today to talk to you about an occupational pastime of mine, something that has been a fairly serious endeavor over the past two and a half, coming up on three years here, which is the AQA. It has been a significant force in the world of quality and quality measurement, and has many activities underway that are fairly directly relevant to the things that you all have been talking about for the past few days. So I am really pleased to be here on behalf of the AQA to tell you about what has been happening there.
To start at the beginning, in September of 2004, the four groups that you see listed here, the American Academy of Family Physician, the American College of Physicians, America's Health Insurance Plan and the Agency for Health Care Research and Quality, joined together to lead an effort for determining under the most expedient time frame how to most effectively and efficiently improve performance measurement data aggregation and public reporting in the ambulatory care setting.
This initiative was initially known as the Ambulatory Care Quality Alliance, but the coalition is now known as the AQA Alliance, because its mission has broadened to incorporate all areas of physician practice. So an important distinction if you were paying attention at the beginning, but have shifted focus since then, and this is focused on all areas of physician practice.
It has become a broad-based collaborative of physicians, consumers, purchasers, health insurance plans and others, and we will talk a little bit about who is involved later.
The mission of the AQA is to improve health care quality and patient safety through a collaborative process in which key stakeholders agree on strategy for measuring performance at the physician or group level, so strategy. The second point is collecting and aggregating data in the least burdensome way. The third point is to report meaningful information to consumers, physicians and other stakeholders to inform choices and improve outcomes. So a lofty mission with equally lofty goals.
Goals are to reach consensus as soon as possible on a set of measures for physician performance that stakeholders can use in private health insurance plan contracts and with government purchasers, a multi-year strategy to draw additional measurement sets and implement measures into the marketplace, a model including framework and governing structure for aggregating, sharing and stewarding data and finally, critical steps needed for reporting useful information to providers, consumers and purchasers. You will see those different goals embodied in the work groups that have constituted the AQA up to this point.
There will be a test later on the participants in the AQA. I put this list up here not to overwhelm you unnecessarily, but more to impress upon you the point that from its rather humble beginnings, it has grown to encompass a lot of different organizations and a lot of national organizations. Although at times the discussion has been contentious when you start getting close to what people care about, it truly has been a broad and collaborative process. The numbers of folks that are involved are broad. The A's take up the entire first column, and as you can see, it is most of the academies, the American Colleges of, the American Boards of, American Societies of. You can see there is fairly broad representation there.
Those are the participants. There is a smaller steering group that meets in between the large AQA meetings and guides the discussion as it moves ahead. AARP, AHRQ, the AAFP, American Academy of Family Physician, American College of Surgeons notably involved, American Medical Association, AOA, Osteopathic Association, America's Health Insurance Plans, National Partnership for Women and Families, Pacific Business Group on Health and the Society of Thoracic Surgeons. A number of organizations support the AQA and have publicly committed to supporting the processes that go on there, including the AFL-CIO, the Association of American Medical Colleges, American Academy of Pediatrics, Centers for Medicare and Medicaid Services, Medical Group Management Association, National Committee for Quality Assurance and the National Quality Forum.
So you can see here that there is not just broad participation in the collaborative, but significant participation in the collaborative. These are some significant players in what we loosely term the quality enterprise.
From the outset, the AQA had three work groups that moved the discussion forward and advanced the activities. There is the performance measurement work group, the data sharing and aggregation work group and the reporting work group.
I am going to touch on these a little bit out of order. My involvement from the start has been with the data sharing and aggregation work group, and that is probably most relevant. The others aren't irrelevant, but it is probably the most relevant, so I am going to address that last, but we will touch on the other two work groups first.
The performance measurement work group has undertaken the process of trying to pick what we measure when we are talking about measuring physician performance and measuring quality. I have a typo up here, I apologize. I said April 2006. That should actually be April 2005. Starting in April 2005, the performance measurement group set out a starter set of 26 measures for ambulatory care that were broadly agreed upon as things that were ripe and things that should be focused on.
I have the list of them here. I'm not going to go into all of them, but these are things like the percentage of women who had a mammogram during the measurement year or year prior to the measurement year, or colorectal cancer screening or cervical cancer screening, influenza vaccination. For heart disease, things like drug therapy for lowering LDL, cholesterol and beta blocker treatment after a heart attack. Other topics that are touched on include heart failure, diabetes, asthma, depression, prenatal care.
Additionally, there are two quality measures that we included that addressed overuse or misuse of care, which included appropriate treatment of children with upper respiratory infection and appropriate testing for children with pharyngitis.
Now, were these necessarily the most earth shattering, biggest movers in quality? Some of them are very significant; I can't say all of them were. But the point was, it was a starter set. It was a set of measures that were broadly agreed upon by providers, by plans, by national associations and by accreditors as saying yes, these are things we can all get behind, this is where we can start our work. It was never intended to be the sine qua non, but it was a great place to start, and has been broadly taken up and discussed throughout the health care community, especially those that focus on quality.
In addition to the starter set, there have been sub work groups that have focused on acute and chronic care, surgery and procedures and cost of care. As you all can imagine, the discussions are very interesting. There is a number of documents that support these work groups and describe the work that they have undertaken that are all available on the AQA website, so I am not going to get too much into them here. But just know that this is going on.
In addition, this work group has set out parameters for selecting measures for physician performance. This is guidance to try to help people understand what principles underlie this process and how folks get there.
I've got them here. I'm not going to read them to you verbatim, but I'll just pick a few for you. Measures should be reliable and valid based on sound scientific evidence, mom and apple pie, but when you actually start looking at the measures and saying what backs it up, that is something that you have got to be able to stick to.
Measures should reflect processes of care that physicians can influence or impact. Outcome measures should be appropriately risk adjusted and stratified. The measures should include but not be limited to measures that are aligned with IOM's priority areas. Again, I'm not going to read it all to you today, but there are some good sound measures here. They are publicly, broadly discussed, widely vetted, and I think are fairly sound when you look at principles for selecting these things.
As I mentioned, we started with a starter set. The group has expanded to consider all areas of physician performance and have adopted a number of measures. As a result, currently there is over 120 approved measures. These are all available on the AQA website. These do start to expand to include things like surgical procedures. Things are not necessarily just ambulatory care, which is where it started.
So it has been a very exciting process to watch. It has been really exciting to see the engagement by all the different stakeholders as they have gone forward with this. As you all can probably well imagine, it can be a fairly contentious issue when you start out.
In addition to the performance measurement work group there is a reporting work group. It would be unfair to say that this has been a less active work group. This has certainly been moving ahead, but I think the ferocity of intensity of work has probably happened in the performance measurement and the data aggregation work groups.
Nonetheless, this work group has put forward two fairly significant documents, principles for public reports on health care and principles for reporting to clinicians and hospitals. This is where you have to start this conversation. You need to say what do we hold ourselves to when we start going out and putting out reports.
Again, I won't necessarily get into the depths of these, but the principles for public reports include things like, the reports should focus on areas that have the greatest opportunities of making care safe, timely, effective, efficient, equitable and patient centered. Those of you who have somehow interacted with the IOM in the past may have heard those words before. Also focused on the general areas of portrayal of performance differences. Reports should use fair and equitable methods to display performance differences that enable users to make decisions based with meaningful, reliable information.
Transparent methods; that has been key. That has been a point that has been brought up over and over again. As you go about reporting or measuring or deciding what to measure, you can't do this behind closed doors. This cannot be a black box. This has to be publicly and richly discussed.
Report design and testing for usability as well as timely results. The same thing is reflected in the principles document on reporting to clinicians and hospitals.
I do want to call out that there is a difference that has been recognized between what do you report out to the public and what do you report out to providers. You need to report the same information, but you might be representing it in different ways. For me as a doctor, I know things that I would want to know that make a difference in how my office runs or how my group runs. It is going to be very different from what I want to know as husband and father of three children when I go to make decisions for care based on that information.
So that is the reporting work group. Finally we get to the data sharing and aggregation work group. This is how you make the sausage, if you think about it. This is, once you have agreed on what you are going to measure, where do you go for it.
The discussions at the outset, given the folks who are around the table, focused around the use of claims data, of what is called administrative data but largely is data that is generated for the purpose of billing and claims. Why? Because that is what we have electronically. You can go to chart review, and frequently you do have to go to chart review, but we all know that is a fairly labor intensive process, can be challenging to go through. Of course, my charts are all perfectly organized and everything is in the right place at the right time, but otherwise if you want to bring together large sets of data, electronic is the way you go.
One of the interesting things about the AQA is that when you talk about claims data, there is a significant player in this country who has a fair share of claims data sitting two seats to my left. That organization is the Centers for Medicare and Medicaid Services.
America's Health Insurance Plans represents a number of health plans around the country, and each one of those individually has made efforts to measure quality based on the information that they have had. This effort came out of the interest of trying to look across all payors and individual physicians' or groups' performance.
You can imagine that the validity level goes up when you are talking not just about the Aetnas or Uniteds or Kaisers, but when you start looking at Dr. White's performance on how he took care of diabetic patients, not just on my Aetna patients or my United patients, but based on all the patients that I see, or at least all the ones that have health information and have claims data submitted for them. So that becomes significantly more powerful.
The discussion in the data sharing and aggregation work group has centered around two streams. The first stream has been, how do we do this. The second stream has been, what are the issues that get raised by doing this that we need to consider and that we need to be deliberate about.
The how we do this has manifested itself in the establishment of what was originally called the AQA pilots but subsequently has become the better quality information initiative through CMS.
The concept was that we are not just going to talk about this, we are actually going to do this. Starting in late 2005, so about a year after this process got underway, the work group talked about standing up pilots that would bring together all payor data for the purposes of quality measurement around measures that had been agreed upon by the performance measurement work group.
There were certain principles and characteristics and key elements of these pilots that were said at the beginning to be important. They are listed here. The key elements would be that these pilots assess clinical quality, cost of care and patient experience, that the folks who did these pilots would demonstration understanding of structural capacity as a covariate to assess physician performance, in other words, where does the data come from, what does it look like when you get it, how does the data flow from place to place. The pilot would collect and aggregate Medicare claims and private sector data from multiple sources and where possible Medicaid data. The pilot would explore both existing and new methods for collecting, submitting and sharing data from physicians' medical practices. These pilots would leverage the experience of existing aggregation efforts, and they would subsequently disseminate measurement information.
So a process was undertaken to say who is out there that can do this, and requests for information was put out to organizations to see who could potentially be involved, and responses received back.
The individual sites that came in and were agreed upon were the six that you see listed here, the California Cooperative Health Care Reporting Initiative, the Indiana Health Information Exchange, the Massachusetts Health Quality Partners, the Minnesota Community Measurement Initiative, the Phoenix Regional Health Care Value Measurement Initiative, and the Wisconsin Collaborative for Health Care Quality.
These were designated as AQA pilots in early 2006, and subsequent to that have transformed through initially a small amount of AHRQ funding but subsequently a significant amount of CMS funding, into the BQI initiative, Better Quality Information initiative.
Now, before I start going too far down this, Mike, are you going to talk a little bit about this? I'm very grateful for that, because I don't know as much about that as I'm sure Mike does at this point. I did call and chastise Marc Overhage in the cab on the way home yesterday. I was really hoping he would be here to be able to participate in the discussion, so he is appropriately sorry that he couldn't be here. But these are really interesting, and I will leave it to Mike to talk more about them.
As I said, the one stream of discussion in this work group has been how do we do this, and the second stream has been what are the principles around it. One of the issues that came up early is this issue of, you are getting information and you are using it for purposes other than which it was originally intended, which gets at why you have me here today.
This is the secondary use of health data. In this case, we are not necessarily talking about clinical data, like a temperature or a culture. You are talking about claims data. From fairly early on it was recognized that this was something that was going to need to be thought about, and thought about carefully.
This started out as a discussion on data ownership, who owns the data. As time went by, there was a recognition that once data is digital, once it is electronic, as you have heard already from Charlie Saffron yesterday and from others, if you have a copy of the data you own the data. So that principle of ownership gets fuzzy. The principle of ownership is fuzzy to begin with; something that is in the doctor's chart, is that my data as a patient or is that the doctor's data because they generate it.
So we put aside the issue of data ownership and started talking about the issue of data stewardship. You talked about overloaded terms earlier; it absolutely can be overloaded. I am, as Winnie the Pooh said, a bear with very little brain, and so I like to try to keep things simple. So when I say stewardship, there is a very nice definition on Wikipedia that says, stewardship is taking care of something that is not one's own. Stewardship is taking care of something that is not your own.
So putting aside the fuzzy issues of ownership, when you talk about health data stewardship, you are talking about taking care of that data. That should apply whether you own it or not, but when we say taking care of it, that is different than waxing my car. This is making sure that you are doing things with that data and you are keeping that data secure in such a way that you are not betraying trust. Trust is a big issue here.
We have had very robust discussions about that over the past two and a half years, and the work group has enumerated a number of data sharing aggregation principles. I don't want to go too much longer, but I do think it is worth culling out a few of these.
The principles that we agreed on were transparency with respect to framework process and rules, measurement of performance derived from standardized metrics and data collection protocols that can be compared against national and regional suitable benchmarks, useful data for physicians to improve the quality and cost of care, public reporting to consumers of user friendly actionable information, collection of data so a physician's performance can be assessed as comprehensively as possible, standardized and uniform rules associated with measurement and data collection. Those submitting data should be accountable for the accuracy and completeness of their data. Compliance with privacy, confidentiality and other applicable rules while insuring that providers, plans and other data contributors have necessary and appropriate access to useful information, so there is balance there on that one, and systems or process to share, collect, aggregate and report quality, cost of care and patient experiences that should be designed to minimize cost and burden, which is again why you get to the principle of doing this electronically, because it significantly reduces your cost and burdens associated with this.
So out of this discussion sprang the concept of a national health data stewardship entity. Originally it applied to the concept of an entity, or a group that would be responsible for insuring these principles and characteristics were there. The characteristics of it were discussed.
Understand that the word entity came up in association with the AQA and the processes of the AQA. So it was not necessarily meant to be an entity that would cover the entire country. A lot of folks have heard this and said, so you are setting up a database in the sky, one giant database to do all this. No, that is not exactly what we are talking about when we talk about this.
As the discussion for the group progressed forward, we put these principles out for the entire AQA to talk about. There is a characteristics document of things we thought would be useful for that particular entity. It became clear that number one, this concept applied to things other than what the AQA was going and number two, that although we had several thoughtful folks around the table that we might not be getting everything that we needed to have it be a very solid concept or an organization with a solid foundation.
So to that end, the group agreed to issue a request for information, as opposed to a request for a proposal that was originally thought of. I said, do you have money for that? They said no, and I said, then it is a request for information. So a request for information was published in the Federal Register under AHRQ's name, and it has been out there since early June, and responses are due back in eight days on July 27.
We had a fair amount of interest. A number of organizations large and small have said that they are going to be responding to it, some of whom have already testified to you over the past couple of days.
Again, without getting too further into it, it discusses this concept as it came up at the AQA. It lists about 25 different subject areas for comments. So it is fairly comprehensive. It is a public request for comment. So we don't know what will come back, but we thought it was very important to have a publicly available venue for comments, and comments that would be on the record.
The other thing that I would indicate to you about the RFI is, number one, we have agreed that all responses are going to be made public. We plan on scanning the responses and putting them up on the AHRQ website. Number two, that we will put together a qualitative summary of the comments in case you don't want to read all the responses. I choose those words carefully. I don't want to say, four people said this and three people said that, so that is right. This is not an election, this is a request for information, so it is going to be qualitative, not quantitative, and it is going to be a summarization.
It will not provide further analysis at this point. It will not provide recommendations for next steps. That was not necessary for the purpose of the RFI. The purpose of the RFI is meant to enrich and inform the discussion as it moves forward. So that is the purpose behind that.
So in summary, all talks should tell you what they are going to tell you and then tell you what I told you. The AQA is a broad-based collaborative and it is focused on physician performance measurement. The work groups involved have been data sharing and aggregation, public and provider reporting in a measure selection process. Mike is going to tell you about the projects. Out there now is this data stewardship, RFI, that we are looking forward to having a robust response to.
Thank you very much for your time.
MR. REYNOLDS: Thank you, John. I'd like to welcome a few other people. Mike Rapp, thank you for joining us, and Kelly Cronin and Christine Anderson have both joined us. Glad to have you with us today. Sharon, if you will please proceed.
Agenda Item: Hospital Quality Alliance
MS. SPRENGER: Thank you very much. It is a pleasure to be here. I am checking with my colleagues, because we overlap in things that we do, so neither of us wants to step on the other's foot in terms of what we are going to present.
My name is Sharon Sprenger. I work with the Joint Commission. But both the Joint Commission and the Hospital Quality Alliance were asked to speak to you today. I was lucky enough to win. I am here to speak on behalf of both organizations. I will speak on behalf of both the Hospital Quality Alliance and the Joint Commission.
Specifically we were asked to focus on sections five and six, so as I go through my presentation, I will try to address some of the questions that you asked us to address.
I think the first thing that is important to note here -- this is a slide that was prepared by the American Hospital Association -- is that there are a multitude of activities confronting hospitals. When you look at the activities confronting them for national quality and patient safety efforts, most of these collect data which result in the secondary use of the data. So this certainly has been an important topic that we are pleased to be here to address today.
First of all, with respect to the Hospital Quality Alliance, the Hospital Quality Alliance was created in December of 2002. It was led by the American Hospital Association, the Federation of American Hospitals and the Association of American Medical Colleges. It is a public-private partnership to improve the quality of care provided by the nation's hospitals by measuring and public reporting on that care.
There are a number of partners that work with the Hospital Quality Alliance. You can see on this list that it includes partners both from the hospital arena, employers, consumers, purchasers, other providers such as the American Medical Association, the government such as CMS and AHRQ, as well as different quality groups.
The Hospital Quality Alliance identifies robust sets of standardized measures that are easy to understand. They are all related to the hospital. They are used by all stakeholders to improve the quality of care, and they are used by consumers to make informed choices. The data on these measures is posted on Hospital Compare, which was a website tool developed to publicly report credible and user friendly information. This website debuted on April 1, 2005. I included the link to the website. I should note that thanks to CMS it is their website that they offered to the HQA to use.
Currently on this website there are 22 process measures that are being reported. These are measures that are common to the Joint Commission and CMS. In June there are now two outcome measures that are being reported in Hospital Compare. These two measures would be unique to CMS as they included mortality measures that were reported on Medicare patients only.
To give you an idea, because this is a voluntary initiative, hospitals voluntarily submit their quality information to be reported on Hospital Compare. This gives you an idea right now of the number of hospitals. I think it is quite impressive that as of January there were 4,215 hospitals that are voluntarily reporting their data on Hospital Compare.
Now, in terms of some of the other work that HQA is doing, I think one of the most important things is that the HQA has brought transparency to hospitals and the reporting of their data. But they are working to consolidate the data stream to reduce burden, to expand the capacity for measurement. They are beginning to do some work in looking at the analysis of costs they might be reporting, working on the identification of priorities for measurement and the ongoing identification of additional measures that will be reported over time on Hospital Compare.
The HQA also works closely with the AQA. In fact, there is a steering committee between the two organizations, and we have a number of work groups working on efficiency, harmonization of measures, pricing, transparency and working on the BQI pilots, et cetera. The HQA has designed an infrastructure for sustainability.
What I wanted to show today was that -- as we talk about the secondary uses of data, to think about the continuum of uses for performance measurement data and how that has changed over time, going back to 1985, where we started using data for internal quality improvement. We have moved to accountability, we have moved to public reporting. We have moved to payment for hospitals. We are now using performance measurement data for maintenance of physician certification, and we are also moving to use data for payment to physicians. So I think over time, the uses of performance measurement data have certainly morphed, and they continue to grow in how this type of data is being used.
I am going to switch my hat for a moment and talk a little bit more about the Joint Commission. The Joint Commission is the nation's predominant standard setting and accrediting body in health care. I have included our mission here because I think it is important to note that our mission is to continuously improve the safety and quality of care provided to the public through the provision of health care accreditation and related services that support performance improvement in health care organizations.
One of the questions that we were asked to address today is, right now what are the sources of the data that we are using for quality performance measurement. Right now we have two primary sources that we are using. One is the medical records. The majority of the data is being done through a paper medical record. We have some hospitals that utilize a electronic health record, but that number is very small. Probably as most of you are seeing, there is more movement in the electronic health record in the ambulatory setting, just starting to happen in the inpatient setting. But this is something that we will be exploring, is the use of the electronic health record and how that would influence our data.
The other primary source is the use of administrative claims data, or using the UB-92 or UB-04 for many of our data elements.
In terms of the data collection challenges that face us, one is the data collection effort using a paper medical record. There are some limitations with the use of ICD-9CM codes, which drive all of our process measures. That is, how the population is identified is through the use of ICD-9CM codes. There is some limitation in using this data from administrative claims data. In the past there has been a limitation in the number of diagnoses and procedure codes that can be submitted.
There is also a challenge with having staff that is well trained to collect this data and to have the clinical knowledge to collect the data on these measures. Then there is also use and claims data. There are limitations with the clinical richness of administrative data.
You also asked us to address where we see in the future some of our primary data sources may be. These are a few that I just wanted to address.
At the moment at the Joint Commission we are involved in testing a set of NQS nursing sensitive peer measures. They use data from human resources and payroll records. I think this is an interesting data source that we are looking at. We will see more use of administrative data, but by that I mean patient data. In this country there is a real desire for measures related to infection care, and many of those measures use aggregate denominators based on patient days.
Also, the movement toward surveys both at the employee and the patient level as a data source, more movement toward electronic registries, for example, cardiac and cancer, and obviously the use of electronic health records. The Joint Commission is hoping this fall that we will have a roundtable to start looking at the electronic record with vendors, et cetera, to identify how that would change our processes in terms of our current measures that we are collecting, the data sources, et cetera, and how all of that will work.
You also asked that we address a little bit about what do we do in terms of data quality, and what do we think data quality is. Broadly, we believe that data quality can be defined as the accuracy and completeness of the data.
Currently, the Joint Commission in collecting the data that we use uses an intermediary which we call the performance measurement system or the vendor. We have about 53 vendors that culled data from 2,300 hospitals that report to us each quarter. One of the links between us and HQA in Hospital Compare is that approximately 90 percent of the data that is posed on Hospital Compare comes through our vendors and is posted on that site.
The other thing I want to mention too is in terms of how is this data protected under privacy. When a patient goes to a hospital they would sign a consent form under HIPAA. If that patient was to opt out of that consent form, we would not receive the data on that patient for our measures. In turn, the Joint Commission has a business associate agreement that we sign with each hospital that covers us in terms of receiving the performance measurement and accreditation data that we receive.
In the past, the Joint Commission in terms of the data we receive, we received aggregate data, basically numerator and denominator. But this year we will start receiving anonymous patient level data, but again, I emphasize, anonymous patient level data.
In terms of some of the things that we do for data quality, first of all we have a contract with all of our vendors. We do a lot of data quality education. We do vendor education manuals. We obviously have a specifications manual with all the details. We also have a manual for all of our vendors related to data quality and what our expectations are.
Annually we do a conference with our vendors that CMS participates with us in, in terms of what our expectations are in terms of their collecting this data, et cetera. We also have a number of mechanisms in place to monitor the data that we receive. We have a number of qualitative evaluations that we run on the data that we receive. So for example, because hospitals have selected the measures that they report based on the services, one of the evaluations that we would run is that there are absolutely no cases reported. But we are also looking at our statistical outliers, sudden changes in what is being reported, et cetera.
The other thing that we do is, we audit our vendors. This year we are stepping up our efforts in this area, and are recording through these evaluations that we are doing in other tests. We will be assigning points to our vendors, and based on the number of points that you will have, you will either receive an e-mail from us, a conference call, a desk audit, or we will come visit you so we can identify what the issue is either at the vendor level, or if you are having some particular issues with the hospital that is submitting their data.
You also asked us to tell you how were we using our data. The Joint Commission in terms of the performance measurement data that we receive currently has four major use of the data. One is using this data in our priority focus process for accreditation, using it in performance measurement reports, quality checks and an annual report we have. I will just quickly show you what each of these is.
The priority focus process is how we identify when we make our accreditation visits where we should focus. For a hospital we have a number of internal and external data sources that we use to aggregate all the information we have to determine when we got to a hospital where should we focus.
A couple of years ago, the Joint Commission introduced a new process called the chaser methodology, where we identified some patients based on the data we have that we are going to trace through the organization. The reason I share this with you is that for the hospitals that we survey, approximately 40 to 50 percent of the data that is driving the PFP process comes from our core measure data that we are receiving, in terms of the patients that we identify for the tracer methodology.
We also create what we call an Oryx performance measure report. This is a report that is available to our accredited organizations. It is posted four times a year because we receive our data quarterly. It is posted on a secure Externet site that the hospital has access to, and they will get a complete summary of the measures that they are reporting on. Currently we have a requirement that the hospitals have to collect three measures out of the five that we have available. It has detail available for every single measure they are collecting. Also if they are missing data, any data quality issues that we have identified, et cetera.
How the hospitals see their data on this report is through the use of a control chart that is posted for each measure that we receive data on over time, and also they can have information on a comparison chart that shows how they are doing in comparison to other hospitals unless it would be a risk adjusted measure. Then it would show the hospital how they were doing based on their risk adjusted rate.
We also post for our accredited hospitals data on a report that we call quality check, that would give you the ability to look at the data overall first, and then to drill down to each individual measure and to see how that hospital is doing in comparison to the nation and the state that the hospital resides in.
Then just this past March for the first time, the Joint Commission issued what will now become an annual report called Improving America's Hospitals, A Report for Quality Safety. This report incudes information on the performance measure data that we have as well as on national patient safety goals.
On behalf of the HQA and the Joint Commission, we realize there are a number of uses of secondary use. Today we see five overarching uses of data. One is through patient and consumer choice so that a consumer can choose where to go with confidence. The data is being used for quality improvement, it is being used for accountability.
It is being used -- probably the most important -- to improve public health. I appreciated your comments at the beginning. I think sometimes we are so busy collecting data, we forgot we are collecting it for a reason, and that is to improve patient care, and it is also being used to drive market share. So if data is put out there, it can be an advantage to a provider when you see data on their patient care.
In terms of barriers and challenges to the secondary use of data, these are some that we would like to highlight. Obviously there are a number of potential privacy issues, for example, what is governed by HIPAA. There is an absence of standardization of measures and data element definitions. The issue of data quality, and also there needs to be a methodology associated with de-identification consistent with HIPAA.
So we believe that rules are needed, and because of this increasing thirst for performance measurement data, there are rules that are needed. There needs to be standard rules to de-anonymization. This is an interesting discussion, to anonymize or not to anonymize. If we totally de-anonymize data, then it will be impossible to link it to the individual patient, which could be important.
There are rules needing respecting data quality, rules needed regarding matching data sets if we want to merge databases, if we want to understand the accuracy of those matches. As I often say when I am talking to my statistician, how right do we want to be when we are doing this. We need to have rules addressing who can get information from secondary data, perhaps some potential privacy rules. We also need to have some rules with correct statistical approaches to balance and differentiate outliers.
DR. COHN: Sharon, I just want to make sure, since we are talking about overloaded and misunderstood terms, by de-anonymization, do you mean reidentification or de-identification? Or what do you mean by that?
MS. SPRENGER: It is an interesting term, isn't it? It is looking to say, because you have anonymous data, how could you de-anonymize it down to a certain level in order to do those linkages at the individual level.
DR. COHN: I want to try again here. De-identification, does this really mean standard rules for anonymization? Or is it de-identification, or are you looking for rules to relink the data with the individual?
MS. SPRENGER: I think there has to be standard rules to link the data, to have that ability. This was out of our Washington office and I have to admit, when I saw it too I said, that is a whole new term, even looking through the literature related to the secondary use. But basically the question is, how would you be able to link data from one patient to another.
So the challenges are great as are related to the secondary use of data. There certainly is a need for a public-private entity to sort through this. We are very interested in work that is going on right now with the RFI for national health data stewardship entity. Hopefully that could provide leadership in this area.
I also wanted to mention today too that we think there is another interesting issue that is emerging, too, and that is the tertiary use of data. We now have third parties creating new and different views of data such as researchers and third party payors. So an organization with secondary use has no control over the tertiary use.
So in some ways, I think the dominos continue to fall here in terms of how data is being used. We are rather concerned that there could be some real potential for unintended consequences. Part of it would be too that as we move through this into tertiary use, for many of these users HIPAA no longer applies. So I think this is the next frontier that we are going to have to take a look at once we get our arms around the secondary uses of data.
So in summary, we believe that we need the right protection on data. We have to be cognizant of unintended consequences as we use data. We have to balance patient privacy with creative, unique elucidating uses of data producing different pictures of health care and health status. The bottom line is that health care data should improve the safety and quality of care provided to the public.
Thank you very much for the opportunity to speak with you.
MR. REYNOLDS: Thank you very much.
DR. CARR: Thanks, great presentation. You mentioned in the beginning that patients can opt out of submission of their data to the Joint Commission. Did I hear you correctly?
MS. SPRENGER: Yes. Under HIPAA when a patient comes into a hospital, they would sign a consent form for the use of their data. But if a patient does not want to sign that consent, then the hospital would not send data on that patient to us as part of their performance measurement data that they send us.
DR. CARR: So do you have any sense of what percentage of your data set is missing based on patients opting out?
MS. SPRENGER: I do not have that information. From what I know, I do not believe that that happens very often that patients opt out, but I don't have any actually data to give you the number when that happens.
MR. REYNOLDS: Bill, do you have a follow up question on that? Then I want to get to Mike.
DR. SCANLON: Just a quick question. Do you know if that form that the patient signs is explicit about the Joint Commission versus other uses? Or are the patients just signing a form saying my data can be used?
MS. SPRENGER: To be honest I don't know what the actual form looks like, other than it is a pretty standard consent form that is used by most hospitals. Some of the standards are quite short, but it talks about using data in a general way, but it does meet the intention of HIPAA.
MR. REYNOLDS: Mark, you had one follow up. Paul is not here today, but you guys are getting me worried.
MR. ROTHSTEIN: I'm close to his chair. Just for the record, I wanted to clarify that patients do not sign consent forms when they enter health care institutions. They are not required to do so by HIPAA. They are given a notice of privacy practices and they are then presented with a form that is an acknowledgement that they receive the notice of privacy practices. So there is neither consent nor have they the opportunity to opt out of these disclosures.
So to answer Bill's question, they don't have probably any specific notice in even the notice that they are given. Typically what it says is that your information may be used for treatment, payment or health care operations, and health care operations improve quality improvement, more or less.
MR. REYNOLDS: Mike.
Agenda Item: Centers for Medicare and Medicaid Services
MR. RAPP: Thank you. Thank you for the invitation to speak today. The presentation I have is directed toward answering questions five and six, which I think were the primary things we were asked to address. We were also asked to talk about the better quality information for better care of beneficiaries project, the BQI project, that was previously talked about briefly by John.
The first question is what are the primary sources of data used for quality reporting and improvement. With respect to CMS, we are involved in numerous payment settings, so we in those various settings which I am going to go through use a variety of types of data. What Sharon was talking about for Hospital Compare is chart abstracted data with one exception. She mentioned the mortality measures; that is the only situation in Hospital Compare where it is based upon claims data, so it is a single place where hospitals don't have to submit anything to us, so it presents an interesting difference.
It is limited to Medicare/Medicaid beneficiaries, as she pointed out. The reason for it is because it is claims data as opposed to chart abstracted data.
Claims which I will go through is another source of data. We also have assessment instruments in the post acute setting, nursing homes, home health agencies. It is required for assessment instruments on patients to be completed, so that is a source of data. Then finally, electronic health records are a source, although a limited source at this point.
We use the data for all potential uses, quality improvement through the QIO program principally, public reporting in our numerous compare sites, and performance incentives, we don't currently have the authority to provide performance incentives based upon how you do on the measures, but we do have our demonstration authority and that allows the waiver of payment rules and therefore in those situations such as the premier hospital demo, for example, we can use the data for performance incentives.
I am going to go through several of the settings with regard to the data sets used and the current methods of data abstraction. What Sharon was talking about with Hospital Compare is the source for the most part. Chart abstraction; a validation takes place through a process where five charts per quarter are verified to make sure that the chart abstraction was accurate.
Nursing home. We have nursing home compare as our primary use there of the data for public reporting, that is used for other purposes as well for the MDS assessment, but the MDS instrument is the data source there, through validation.
What is interesting about the MDS instrument, that is considered equivalent to the medical record. I like to look at data as primary source data or secondary source data, so the medical record for all purposes is considered primary source data. So if you get it out of the medical record, there is no verification per se that one has to do. But nevertheless with regard to MDS, even though we consider it equivalent to just another part of the medical record, there was some verification done. It was basically looking at the patients, in the same way you might verify a medical record to see did this really happen with the patient. But normally once you get to the medical record, if that is what it says, then that is the best evidence of what the true situation was.
Home health, another assessment instrument, the Oasis assessment tool. We use that on home health compare. Those are outcome measures at the present time. As far as audit, there is submission algorithms which are used to verify that.
Dialysis facilities. We have dialysis facility compare. The source of that data is claims. When you are dealing with claims data, I don't know whether I would classify it as primary or secondary data source, but I kind of thing it is a secondary data source. It is not primary source in using my made-up terminology here. Claims usually have program integrity oversight if things get way out at one end or another. It is subject to review, but each and every claim is not verified against the medical record, so validation of any claims is the standard claims review process. I think it is in part what is wrong with claims data when it is used for quality, because the accuracy of it is somewhat uncertain.
Clinical performance measures nd the end stage renal disease area is another source of data. It is used for quality improvement at this point. It is not anything that is publicly reported. It comes from a chart abstraction sample. There is data entry validation edits.
Next year it is anticipated that there will be another method of submitting this data. It is called Crown Web. With that, one will have a more robust set of data available with regard to ESRD, that that doesn't just come from claims.
Physicians. We have initiated effective July 1, 2007, based upon authority given to us by Congress last December, the physician quality reporting initiative. This data source I refer to as augmented claims, because claims data is those data elements that you as a normal course of business are required to submit in order to get paid.
This however has additional data elements. We started off with G codes or temporary HCPICS codes, but the AMA has developed what they call CPT-2 codes, and those codes are specific quality codes.
So for example, if one of our measures is the percentage of patients that had a hemoglobin AIC greater than nine, in other words, bad control, the physician will as part of the normal claim submission process submit the ICD-9 code diabetes, will submit the CPT code indicating an office visit, but normally would not say anything about hemoglobin A1C. If one is trying to figure that out, one has to then go to the data source, which is the lab test that the patients receive, which may or may not be readily available.
Here, we are asking the physician to indicate to us as part of the quality reporting a CPT code which ties to each measure. So we have 74 of these measures in the physician quality reporting initiative. I'll talk a little bit more about the robustness or lack thereof of claims-based measures for physician quality measurement when I get to BQI, but this I think for the future is an important source of potential quality measurement data for physicians.
The only thing missing is that since it is claims data, it is coming from in this case Medicare claims, because Medicare is the only payor that has implemented this so far. But insofar as the measures are implemented in the future by the private payors, and private payors require physicians to report these same measures, the potential exists for a much more robust set of measures.
Actually, in the dialysis facility, we use G codes there, too. We ask the dialysis facilities to report to us the hematocrit, for example, and the effectiveness of the dialysis indicators. So it is possible to augment your claims in this case by giving physicians a one and a half percent incentive payment to do that.
The other major thing that we are doing for physicians, at least under my purview, is the better quality information to improve care for Medicare beneficiaries. This was mentioned by John. It is a QIO contract, and therefore it is necessarily directed toward Medicare beneficiaries, and providing them with more information. I'll get to that in more detail and tell you what that is about, but it is claims-based data. Medicare information is aggregated with private payor data, and the validation is standard claims review.
Then finally we have Medicare Advantage plan finder. It uses HEDIS data. This is I suppose the grandfather or quality measurement. It starts at the plan level, easier to do populations as opposed to all the individual attribution you have to do when you try to report on individual physicians. But we have that so patients can compare Medicare Advantage plans.
Reuse of data. I probably could go into more detail here, but one use is publicly reporting this information on Hospital Compare. Of course it doesn't have any patient identifiers and it is related to the hospitals.
We do have downloadable data files associated with this. Sharon was mentioning tertiary use of data. Basically it comes down to this: With the data that we post on Hospital Compare, any person in America would set up a pay for performance program for hospitals. They just say, do better than you did last year on Hospital Compare. We have got the data. CMS provides it publicly and so forth.
So there is a lot of potential there either for public reporting and analyzing. And there is quite a bit of research that is done, and they tell us what is good and bad about our quality measures frequently in the medical literature.
As far as consent and that sort of thing, the quality improvement organizations have special statutory authority to deal with individual patient data. They can't however take it outside that arena. So they can work with it inside for quality improvement and so forth, but they have very strict limitations on what the quality improvement for an organization can do.
However, once the data comes to CMS, we have the ability to make it public. That is what we do with Hospital Compare. So that information collected through the quality improvement process, once we get it, we have the authority to then make it public, which in some cases we do and some cases we don't.
Future sources of data. I think we always have to keep in mind electronic health records. As good as claims data may or may not be, it is not the best source of information since claims are for a different purpose, really. Insofar as we are looking to the future, we need to always bear in mind electronic health records, and what we can do to try to help push that process along and what we will be able to do when we have it. To the extent that we do have it, will it make some of the things that we are doing now particularly with claims data not so necessary. So I think that is always important to keep in mind.
There are such things as clinical data registries, which is another thing that I think is a really important source of data. That would be a secondary source, but for example the Society of Thoracic Surgeons has a database that for the most part cardiac surgery is reported there, and they keep track of outcomes. They do that over time.
One of the criticisms I think we frequently have of the quality measurement process is the very short period of time that we are dealing with. We don't deal with things over time, but clinical data registries have the capability that you actually learn something new with the quality measurement as presently implemented. We can say they did this or they didn't do that. They met a criterion and they didn't meet a criterion, but we don't really learn anything new.
One of the negative aspects of quality measurements is, you freeze things in time and you say this is what you should be doing. That might be that way today when we do the quality measurement, it may be different tomorrow. The more detail in quality measurements you get, the more they are subject to change.
For example, on Hospital Compare we have a choice of antibiotic for prophylaxis to prevent surgical infections. When you talk about measuring some party on the choice of antibiotics, you are going to face immediately the fact that you have antibioitics that change very frequently, and you have bacteria that don't pay too much attention to this either, and they change very frequently.
So when you have both variables moving around, then you try to lock it down for quality measurement, and especially as we move to value based purchasing, which we are going to hopefully have the authority to do, then you have to lock down things for several years, because you have to compare the one year with the previous year. Then you have to give notice of the measures of the previous year.
So if you have a measure that is subject to change, that then is going to have a limited utility, which leads me to the conclusion, valid or not, that process measures have some fundamental deficiencies. To the extent that we can move to outcome measures, we will be better off because we will be able to cover things over time, and we will be less dependent on the vagaries of different processes of care, and we will have less impact. It is always good not to die from a medical treatment, but it may not be good that you had a certain process of care.
As far as health data exchanges, we get our information directly through the methods that I mentioned. As far as using for other purposes, the quality improvement organizations have the statutory authority to collect and use patient level data for quality improvement. Then we publicly report the de-identified quality process and outcomes.
Let me get, as I promised to do, to the better quality information to improve care for Medicare beneficiaries project. This is as I mentioned a QIO contract, so the scope of work is limited to those things that will be of benefit to Medicare beneficiaries. However, we take advantage of work done in the private sector that John mentioned, in terms of looking for ways to aggregate data.
What we are doing in this project specifically is with respect to six localities. We are having the contractors take Medicare data, Parts A, B and D, and aggregate it with the private payor data that they will get in these local communities, and Medicaid claims data when it is available. Once that data is aggregated, then to calculate performance measures using a subset of the AQA starter set of measures which John was also talking about.
Once we get that, and we should get at least at the physician practice level some of those performance results soon, we will have the capability of publicly reporting that on a CMS website, which we don't intend to do with an interactive tool such as Hospital Compare, but merely to publicly publish the data. Once that is done, then it will be available to the organizations at the local level, that they could publicly display it in a web format. As I mentioned, once we publicly send it out there, it is free for the world to use, but in this case definitely available for the local organizations to do.
We are starting off with the first set of deliverables with five measures, and then next year it will be 12 of the 26 measure AQA starter set. There are a number of measures in the AQA starter set that don't relate at all to Medicare beneficiaries, such as cervical cancer screening for patients up to age 64. So it is hard to say that that is a real pertinent measure for Medicare beneficiaries. So we don't use that one, for example.
Other measures. I think this is an important thing. Getting back to claims measures in general, they present a lot of problems. In working through this, the first thing the contractors had to do was just get used to working with the data. So they had to get the Medicare data and the private data and so forth and play with that for awhile.
There are limitations related to how you can measure quality using claims data. For example, colorectal cancer screening with look-back periods of ten years, that sort of thing, bringing together the lab data, bringing together the pharmacy data, where are you going to get that, which payors have this. So the ability to get all that data together and find measures that you can actually calculate is tough in and of itself. When you are dealing at the plan level it is a lot easier.
Most of these measures in the AQA starter set are HEDIS measures, so they were originally designed for plans. They weren't originally designed for physicians. So ultimately to be able to use them for physicians, you have to be able to attribute them to physicians. So when you do that you have to make some policy decisions; which doctor of the dozen that the patient saw in the last year is responsible for her not getting a mammogram, for example. So we would know whether the patient got the mammogram or didn't get the mammogram, we know all the doctors they saw, but what are the rules that make one doctor responsible from the standpoint of pay for performance or publicly reporting and which aren't.
So that is the sort of issue, and that is a primary issue that we are working through with the BQI project. I would say the output of it, we are going to have a certain number of measures available to be published for a certain number of sites, but the main thing that we are going to get out of it is a methodology. We are going to take our six pilots and beat their heads together, not literally of course, but we are going to encourage them strongly to come to an agreement on a form of methodology that we can then use in other situations, because if you don't have that, if you have every different payor using a different methodology, and every time you use claims data, for this purpose it is 30 percent of the claims for an office visit, was this doctor okay. Another methodology might be one visit. You can't have that if you are going to have some kind of uniformity.
One of the things from the federal standpoint, the Secretary of HHS frequently says that health care is local, which I am certainly not going to argue with. But from a federal standpoint, he also says that we need some kind of a system that -- our job is to try to encourage some uniform standards as to how you do things.
I think what you are working on here is standards for use of data itself, but from this standpoint we are looking from the standpoint of uniformity and measurement, at least the use of claims data here.
So those are some of the primary struggles that we are having. But as I mentioned, another fundamental struggle we have to do is to what extent can you measure quality using claims. I think we can go a lot farther than we have so far without question. There is opportunities potentially in the hospital arena to use claims data more than we have so far.
We are dealing with the chart abstracted data, but the main thing, getting back to John's presentation, that claims data doesn't provide is all payor or all patient information. Physicians will tell you, I don't want to be measured by what I did with a Blue Cross patient or an Aetna patient or a Medicare patient; I want to be measured overall, just like the hospitals are. So that means that insofar as we use claims data, we have to have a methodology like BQI is exploring for physicians of aggregating that data and getting it to the point that it will represent the overall quality of a given provider.
The way the BQI project is working, we are taking raw data, aggregating it and calculating performance results. That I think is what most people think in terms of as far as aggregating data.
Obviously that presents a lot of potential privacy and other issues if you try to take that outside the protected environment. Other options which would be potential would be getting to how you make things anonymous and still effectively use the data, would be potentially to calculate the results at the payor level and then aggregate the performance results based on numerators and denominators.
So that is another thing that we are not really exploring through this. This is using the raw data. Insofar as the different challenges that exist for aggregating Medicare and other data can be overcome, then this will provide a model for that
Thank you for the opportunity to present. I hope I addressed some of the questions that you had.
MR. REYNOLDS: Thanks to all of you, excellent.
MR. STEINDEL: Thank you very much for this interesting talk. We have heard a lot of very interesting topics. I am going to ask my questions based on talks that we heard yesterday.
The first one is addressed directly to you, Sharon. This concerns your use of the term anonymous patient data. I am particularly asking this question with respect to your introduction of the new term, de-anonymized data. What do you mean by anonymous patient data? We have been hearing that the meaning of this a lot of times is in the eye of the beholder.
MS. SPRENGER: Yes, we have a workshop on all the different terms. We have no identifiers on that patient. We have stripped off the birth dates, all those type of data elements. So we don't have anything that would identify that patient to trace them back to who they are.
MR. STEINDEL: But do you have some of the dreaded HIPAA 18 creeping in?
MS. SPRENGER: No. But we really don't know.
MR. REYNOLDS: So would you say it is de-identified plus?
MS. SPRENGER: If you like to use that word. We use the word anonymous, but we don't have any of those identifiers.
MR. STEINDEL: Well, if they don't have any of the dreaded 18, then it would be de-identified as defined by HIPAA. ow, what that means, we have been discussing.
MR. REYNOLDS: Simon.
MR. STEINDEL: I had another question, one of Mike. Mike, are you familiar with the proposed rule just released by CMS on the changes in the payment process, that seems to expand and formalize the use of data registries for quality?
MR. RAPP: You are talking about addressing clinical data registries for the BQI program?
MR. STEINDEL: Yes.
MR. RAPP: Yes, I am.
MR. STEINDEL: I just wanted to get it on the record. I just got e-mails from all the groups, and it seems to have come out this week, and comments are due on the 31st.
One thing that seems to be significant about it, it is about 100 pages shorter than the HIPAA reg, which puts it at 924 pages. But there are ten pages that discuss an expanded role for quality registries, clinical registries for quality and the PQRI process.
DR. SCANLON: Could I follow up on that though, since Steve put it on the record? Isn't it though that it is in the rule that CMS in 2008 is going to try five different approaches using the registry? And there is not a settlement in any of them in terms of what is going to be the rule of registries.
MR. STEINDEL: I just looked at it very quickly, Bill, and that is what appears to be the focus of this proposed rule. I was just pointing out that there is the start of a mechanism within CMS to formalize the clinical registries. We have had some discussion based on the testimony we heard yesterday from clinical registries about their role in the formalization.
MR. RAPP: What the tax relief and health care act of 2006 said was, it gave us authority to implement the physician quality reporting initiative that I mentioned, that is augmented claims. So there are a number of quality data registries, in particular the Society for Thoracic Surgeons, which is referenced in the statute.
The statute requires CMS to address data registries for 2008. The way we propose to address it in the rule is to test the submission of quality data from registries.
The rationale here is that under PQRI, we are asking physicians to submit some additional quality information that potentially they are also submitting to a data registry. If we were to say, that is great that you are doing that for the data registry, but to get our one and a half percent you have to also send it to us, we could potentially undercut the development of data registries such as this.
I mentioned some of the advantages of them. So I think that is the underlying rationale for why that is in the statute, and how we propose to address it is to test various mechanisms of the registry submitting data to us. We were seeking comments as to which testing we should do or not do.
DR. COHN: First of all, I want to thank our testifiers. It has been very useful. We will be following up with you.
Sharon, I especially want to thank you for adding the term tertiary uses of data to our vocabulary. We have been heretofore talking about repurposing of data as it gets into secondary sources, but I think you are helping us refine our thinking on this.
Michael, I have a question for you. Sharon, I think we will want to hear testimony on some tertiary users and repurposers of secondary data. I think it is as much a question as anything. In your BQI pilots, the question I would have is, are the contracts and rules by which they are using the data, is that publicly available? Is this stuff that we can review? And is there any sense of -- given the amount of data that they are going to have, all of which is individually identifiable as I understand it at this point, if indeed it does become de-identified, what tertiary purposes could all those data be used for? Is this being contemplated in the BQI pilot discussions?
MR. RAPP: The primary uses of the data would be for potentially -- first of all for quality improvement. So there is feedback given to the physicians as to what their rates are. Even that is somewhat complicated by the restrictions on the use of data even within the QIO program, but in addition, public reporting at the group level and individual level.
One of the cautions people have in these local collaboratives, the idea of the localities being involved in that, is to work through the sensitivities of measuring physician quality at the individual level. The one area we don't have a compare site is for physicians, so there needs to be some work done if we are to get to such a point, first of all to make sure that these methods are those that meet acceptance in the physician community.
In the hospitals, Sharon didn't mention, but there is a preview period for hospitals to review all the data. So we have to work through some of those. But definitely for quality improvement but potentially for public reporting, as to the availability of the methodologies. Yes, we are working on this with AHRQ. They have sponsored learning efforts, so this will be part of that.
Yes, there is no desire to keep this secret. It is designed to share this, and hopefully have the people interested in physician performance measurement broadly benefit from this, and ideally use it.
DR. SCANLON: I want to thank you. I think what you have done is identified one of the most important secondary uses of data, and talked about what you might characterize as the pioneering effort.
John, you started off with where are data that we can use. The polite term might be that they are highly unsatisfactory, but they are there. So that is our reality.
I think what our work group is about is where are we going to be in five years to ten years. We need to make recommendations that move us most quickly to a much better situation.
So I wanted to ask you, given all the pioneering work you have done, and you have been so preoccupied fighting all the battles to get to where you are, the question is, there is a hope for the future that the electronic health record is going to make this a whole lot easier. But the electronic health record has to be of a certain format in order to make that true.
I think Sharon, you said you were going to start some time this fall looking at that question. I am wondering if today you have anything you can help us with in terms of how we should go about thinking about what that electronic health record should be like to facilitate exactly this kind of a use. This to me is where we have the potential to break down.
Right now, in terms of these quality initiatives, in other contexts I hear people talking about, I have got electronic health records and I am having to hire abstractors in order to submit information for the hospital case, or physicians if they are in the same situation. This is not where we want to be down the road.
MS. CRONIN: Can I add a little bit of context to that question, too? There are other people exploring that particular question. I think in a lot of conversations we have had in the AHIC quality work group and elsewhere, we recognize that it is not just the electronic health record in the new electronic health care that are interconnected in our health care system. We are actually going to be over the next many years relying on electronic clinical data coming from a variety of sources, including the electronic health record.
We have some processes in place now through the standards panel and the certification commission to try to get the EHR to where it needs to be over the next five to ten years to more automatically export the very detailed amount of clinical data that is going to be required. And also considering the realities of work flow and clinical documentation and how hard it is going to be to now get to standardized detailed granular clinical data that we need over time.
Those processes are somewhat being addressed, but the concept of how do you take not only data from ambulatory care or inpatient care in an electronic health record, combine it with what you might be getting from electronic lab results from another network, medication data from another network, and in the context of having network services available that will allow for the sharing of that data and the aggregation of that data as needed. From that larger perspective, not just the EHR, but all the network services around it and the various different data sources that have been talked about probably over the last couple of days, in that context I think your question is right on; what do we need to be thinking about in terms of authorizations of procedures that need to be in place.
MR. WHITE: Just a few quick follow-ons to that. Thank you for calling all that out. That is exactly right, Kelly. Erin and Christine and I and many other people have been spending a lot of time recently thinking about just exactly that.
One of the specifics things about that is, we had a meeting convened by the National Quality Forum called the health IT expert panel. Many of your previous testifiers have been in that. Paul Tang is a part of that. That is a process that will continue to move forward to look at that issue.
We are actually getting ready to award a number of grants. Back a year and a half ago, we realized that this was going to be an important issue. We are getting ready to award a number of grants for two-year projects that look at how health IT enables quality measurement.
Not to divulge the gory details, but for example there is one project that is in a very well known, highly digitized environment, ambulatory environment, that is going to look at the 26 AQA measures, and compare data that is derived completely from the medical record, versus a hybrid claims chart review method versus a claims only method. That is one example.
In five years, my hope is that we will be a lot closer. We will have some answers from some research and other activities that have gone on and are underway. I also know that a number of the BQI projects, while they are looking at claims data, a number of them are IT enabled. Indiana is very much so, Massachusetts is very much so. I think you will get some good answers from there.
I guess the final point that I would make is just to emphasize something Kelly said. I am one of the CCHIT commissioners. On Monday we will be in Chicago. We have meetings every month, and this is something I know that group is definitely focused on that we are going to richly discuss over the coming months and years.
MR. RAPP: I just wanted to follow up. In the EHR part and the rule that has been published, for 2008 we do make reference in the registry section of potentially allowing for submission of PQI measures that overlap with the doc IT project. So it potentially may be an available avenue.
So just like with the registries, the desire would be not to undercut registries by saying even though you submit to a registry, you have to also do it by claims.
Insofar as this might be feasible and practical, it would mean that physicians who had EHRs could submit their PQI data that way. They wouldn't have to also do it by claims just to get their one and a half percent. So we are trying to allow for that flexibility and look to the future and not just be fixated on the current opportunities.
MR. REYNOLDS: Mike, last question, then we will take a break.
MR. FITZMAURICE: I too want to express my appreciation for the fine testimony. From you we hear about what are the legitimate, that is, the accepted uses of health data to improve care, and you all are doing a great job.
I have four questions for John.
MR. REYNOLDS: Did you say four questions?
MR. FITZMAURICE: One question in four parts. You have to wonder about an organization that is the ambulatory care question alliance. But I'll get over it because I got over CMS.
The first question is, the performance measurement work group, of the 120 AQA approved measures approved by AQA for use in quality measurement, quality improvement and pay for performance, or are they just approved for testing and further discussions?
MR. WHITE: They are accepted by the AQA. So as the AQA themselves go out and do quality measurement and pay for performance? No, they do not. However, their individual members and a number of other processes have looked at AQA and the AQA acceptance of these measures as a form of endorsement, not dissimilar from NQF endorsement. So to that extent, it confers some broad acceptability upon those measures.
MR. FITZMAURICE: Fair enough. The reporting work group; you talked about principles. Is there any principle in that reporting work group about physician specific reporting? The N is so small for a lot of physician measures.
MR. WHITE: It does talk about that specifically. I would share those with you. I think it would probably be worth sitting down looking at those, because there are a couple of those principles that address that issue. It should be fair and equitable.
It may not be directly addressing the issue of when the N is too small in power, but I think those ideas are incorporated in there, yes.
MR. FITZMAURICE: In one of the slides you talked about the BQI pilot and structural capacity. Does that refer to a physician who says, I would have done this, I would have ordered an MRI or would have given a flu vaccine, but we don't have an MRI in the area, or there is a vaccine shortage and I couldn't give it to the patient. So don't ding me in the numerator for the measure.
MR. WHITE: You are talking about exceptions now, which I think is probably different than structural capacity. I think you are talking about where the data comes from and how you can get it. So that is different.
MR. FITZMAURICE: So the structural capacity refers to the capacity to report?
MR. WHITE: Yes.
MR. FITZMAURICE: Finally, out of AQA, are there any suggestions coming out for priorities and adding clinical data to the claims data to improve the validity and accuracy of quality measures? You have got a whole bunch of stuff based on claims data, then they say, if you just added hemoglobin A1C to this, you would have a better quality measure, or if you just added this.
MR. WHITE: There has been some work at our agency on that recently. Specifically, Anna Licksheiser and Michael Pine and a number of other folks have recently published an article in JAMA that talked about adding small nuggets to claims data to administrative and how that gets us closer.
AQA, I'm not so sure. Yes, Mike?
MR. RAPP: Just to clarify a little bit the relationship between AQA and NQF, NQF is an endorsement body that is capable of producing voluntary consensus standards which the government is required to use in preference to government standards.
The AQA is more a selection body. It selects among NQF endorsed measures, or those that they anticipate to be NQF endorsed. It doesn't develop measures. It doesn't go through the rigorous type of technical evaluation panel that NQF does.
So as far as however many measures that you indicated they had, they started off with the 26 measure starter set of HEDIS type measures. Then basically adopted most of the measures that are in the PQRI. So as John indicates, it does represent a broad acceptability. But as far as the details that you are talking about, I think we would look for NQF to make those suggestions.
MR. FITZMAURICE: So if I'm a doc, I would say, I don't want to be bothered with this measure unless the AQA says it is acceptable. Further, I don't want to be bothered with it or judged by it unless a larger consensus body said yes, it is okay. Then CMS might grab it after that and apply it to me. I would be okay with that, roughly.
MR. RAPP: That is the process that we are using.
MR. REYNOLDS: Simon has a comment, then Kelly has a comment, then we are taking a break.
DR. COHN: I'll be very brief. For better or for worse, eight years ago, about nine years ago, I chaired a work group that established CPT category two codes. They were meant to be at that point temporary to be moved into the world of clinical terminologies and codes. They were a little less temporary than I think we had assumed.
But having said that, as you move into these category two or the G codes that Michael had described, you really begin to get into a blended clinical environment, and it is no longer a diagnosis of dialysis, it was, was the hemoglobin A1C above or below one-seven, above or below nine. It begins to make the edges a little funny about what is clinical versus what is administrative.
I just wanted to point that out. It is an interesting blend of environment we are moving into.
Kelly, I think you have the last comment.
MS. CRONIN: Yes. I was wondering, Mike, if you could comment on how CMS has looked at the use of the clinical data warehouse in Iowa in terms of receiving data under Part A for quality measurement. You articulated how it is different once CMS receives it and you can publicly report it.
Has HHS interpreted the use of the data in the clinical data warehouse to be under the QIO authorities explicitly? Or has anyone interpreted it to be clearly allowable as part of health care operations under HIPAA?
MR. RAPP: I think we looked at that as part of the QOI program at this point.
MS. CRONIN: And has OGC ever looked at it under HIPAA?
MR. RAPP: I'm not sure.
MS. CRONIN: You're not sure, okay. It might be something that we might want to look at at some point in time, about is there any precedence for what is considered health care operations.
MR. REYNOLDS: We had a lot of discussion on that yesterday.
MS. CRONIN: I just wanted to make note of the fact, and hopefully we can talk about it later, that Senator Kennedy introduced a bill that has a lot of provisions related to what we are all interested in around disclosures and authorizations.
I can review a high level summary of what I just read about this morning. I think this just happened in the last day or so. But it is very interesting, and some of the specific provisions probably pertain to much of what we are going to be interested in in the next couple of months.
MR. STEINDEL: I just wanted to mention in my quick read of the reg, it does make a reference to the CMS data warehouse as a repository for information from the registries. So there seems to be a lot of thought going on in this area, and we should consider exploring it.
MR. REYNOLDS: We will be back at 10:35. So you've got eight minutes.
(Brief recess.)
Agenda Item: Health Record Banking
MR. REYNOLDS: We are going to talk about health record banking. We have Bill Yasnoff and Jonathan Gold. Jonathan, are you going first? For this panel we have a hard stop at 11:45, so they have agreed to hold it to 20 minutes apiece, and then we are going to have some time for questions. Jonathan, please proceed.
DR. GOLD: I am Jonathan Gold. In my background I am a pediatrician. I have worked in the hospital for about 15 years. I also in a previous life was a medical quality assurance director for a region of a rather large HMO.
About three years ago, I was a postdoctoral fellow at Johns Hopkins University in medical informatics. What I will be presenting today comes out of the research that I was doing there specifically about the health banking system.
Presently I am employed by McKesson. I do want to give a disclaimer. This is my research, and this is my opinion. I don't have any financial interest in what is going on with the banking system.
What I would like to do is, I would like to go through three sections. One would be an overview of what the health record banking system is about. Secondly I will talk a little bit about the research that was done, specifically parts that are related to the secondary use of health data, and then just to summarize the presentation, I will talk about a few questions which I think this work group needs to consider, analogies and resources, if you have not considered them yet.
So health banking 101. In your handouts I have skipped a number of slides. I felt like I was rushing through an open door. I don't need to convince you that there are reasons for having secondary use. One thing that I did put in the handouts though is, I did a quick and dirty study of the New England Journal of Medicine to find out in the year 2006 how many research articles they had and what were the study populations for those. You can see that it comes out to about 326. Of those, two-thirds had study populations of fewer than 150 and four-fifths had study populations of fewer than 500. I think if we are looking for reasons for investigating secondary use of health data, that is a very important number to keep in mind, where we are today.
If we talk about what we have today, what is our information flow, this would be how we go about doing things. You can use the term patient or consumer. I tend to use the term consumer. I go to doctor A, within the upper left-hand screen, and I will tell this doctor about my medical needs, and this doctor will typically -- if they are one of the 75 to 80 percent of doctors who don't have an electronic medical record, they will simply scribble something down, put it away. If they do have something, they will typically put it in their computer on board in their office.
Then if I go to the next doctor, the same thing will happen. There is no connection really between these two doctors except the scribble, or through the consumer who tends to be the person who caries the information.
If I remember, I feel fairly well versed as a physician in my medical history. Yet, I know that I will forget something. I will be asked, what were the surgeries you have had, and I have not had many surgeries, and I'm sure I will forget some important detail that maybe later I will recall. If I were 20 years older and had substantially greater amount of information, I may very well forget that little green pill that I am taking that is keeping me alive.
There are other entities, hospitals, labs, et cetera. This slide is simply to say that the linchpin here is the consumer, and the consumer may or may not remember all that is going on with them.
We were trying to think of an analogy. I worked with Marian Bell on this, and we were trying to think of an analogy between what we want with medical records and what happens in the real world. We said, let's look at banking.
Now, in banking you have got all sorts of different account holders. You have all sorts of different ways of handling accounts, so in the banking world you might have a small accounts holder, a medium sized holder like a small business, or a large enterprise like corporations. What would the analogy be in the health record banking system?
A small account holder would be like an individual or a joint family personal health record. I would be able to talk about my children. We would share a record. When I go to doctor A or doctor B, the child doesn't have to present that. Or with my elderly mother, I would also be able to access or help her in presenting her record.
If you talk about medium sized accounts, you might talk about something like a solo physician practice or a group practice or pharmacies. These would be the different types of bank accounts available of account holders, and large enterprises would be HMOs and hospitals.
I am using this as background material, because when I go in to show you the actual setup, you will understand why you need this background.
If we talked about types of accounts right now, if you go to the bank you may have a savings account, a checking account or whatever. There are different bank types and different sources of revenue. In medical records, there are really two different types of records. We are talking about electronic records. It is either text or it is an imaging file. Even things like monitoring are ultimately imaging tied into a temporal aspect, but are two basically different types of files. But for quality's sake, you might have a text health record, which is what the doctor scribbles. You may have imaging, which is your radiology images. You may have your lab data which also is text, and you may have genomic data, which I imagine in the next ten or 20 years we will all have that in our files.
There are different types of banks we have. We store things at the savings or the credit union. Here, there might be different types of health record banks. There might be a full service bank that deals both with the physician's records and the patient's records, or it might be a specialty bank like the genomics specialty bank for storing that type of information. There might be physician's services banks, et cetera.
I think probably one of the important parts about the banking model is, when we talk about RIOs, or we talk about other things that we are becoming familiar with, at a certain point those entities need to become independent. They need to become financially independent and if they are not, they will fail. This is how this country works. We need to take into account that the federal budget will not always be there to prop up things that we think are important, including the health records.
So the health record bank would have a means of being self sufficient, if not immediately, over time. That might include member services. I may pay a fee to put my records in. I may put my records in and receive a dividend as a consumer, like when I go to a savings account and I put my $200, I receive one dollar a year in return as interest, or maybe I can lease out de-identified data. It is not de-anonymized data, but my de-identified data, and receive an interest that organizations would go and ask to review data which has been stored without knowing who it is. When you have studies that appear in New England Journal of Medicine, four-fifths of them wouldn't have only 500 people that they had researched. You would be able to grow over time and have tens of thousands if not hundreds of thousands of people as you develop, and have banks that have tens of millions of people.
Other things would be selling disaster recovery plans to hospitals and HMOs. It could be a personal disaster recovery plan. Health record curation is, as we go from the paper record to the digital record, we will need probably an intermediary who will help guide organizations and individuals through those steps; what are those immediate records that need to be digitized, what are those secondary records and how do we link things. So that would be a service that would probably be a source of revenue.
Let me get back to -- I showed you an as-is slide. Let me get back to more explicit slides of what the health record banking system would be.
Rather than having the consumer as someone who may come and give information or may not but would serve as a courier, here we have the consumer who is controlling who has access to his or her record. Basically, I would go to a physician, I will say, you are my physician, here is my code, you have access to all of my records or these parts of my records for a certain time period. You can use this PIN to get into it.
The moment that I decide that I have moved from Milwaukee to New Orleans, I can turn that code off. That means that the physician will have had the ability to enter stuff up until the moment I turned it off. I will show you in the next slide, the physician will retain the right to always review those things that the physician has written or received related to that patient, which they have authored or they have received.
Here I am just working in general. Allied health care professionals; it could be the nurse who comes and does hospice care. Medical services, there would be different types of relationships. One might have a read-only ability, one might have a write-only ability such as my heart monitor only needs to write, it doesn't need to access my records for more information. Public agencies may be able to look at certain parts of the data. There might be personal actions. It might include the acupuncturist who would not be part of my HMO but who I would go to, who might have information that would be important to enter into my record. There might be additional information sources.
If I look at my role as a provider, what am I doing? I receive a key from the consumer to open up that record. I know that this is the record. I will of course ask many questions, but I know that I have access to everything that has been digitized and put there so that I can review it. But it allows me not to hear four different versions and get different names for what that green pill is that my mother is taking. I will know that this is what is called the legal complete record of that patient.
I open the file, I examine the patient, and then I will send back an exact copy of what I am taking as my notes to that patient's file. Anything that has that patient's name or information on it goes back to the consumer.
In addition, I will keep a copy of this for myself. I can either do it through a different health record bank account. Remember, I said the solo physician or the physician practice might have it. Or I can store it locally. To me, storing it locally is like putting my money under the bed and the house burns down and I have lost the money. I think it makes a lot more sense to have a bank account that I know is constantly followed up and backed up. We each manage our records our own way.
Incidentally, if I haven't pointed out, the name of the article -- this has been published, this was in the IBM Systems Journal at the beginning of this year, so you will be able to read it a little bit more if you are interested, with a bit more coherence. You will see the references.
What happens with that data? I've got it in the account. Here, the health record then has to somehow store it. If I wish to have it without my data, it has to somehow de-identify a component of that record, and then it needs to go to some sort of data exchange.
This is like once upon a time when I was living in Baltimore, and I went to the local Wachovia Bank in Baltimore, and they would take my money and they would of course deal with the main Wachovia Bank in Maryland and throughout the United States, and they would be able to leverage the money that they have to lend it back to me or to larger institutions.
So we would have a number of small health record banks that would be part -- if you look at the left-hand screen, you can't read it, but it says health record banks, and they are part of a larger banking association.
What is this good for? Well, third parties are very interested in this type of data if it is de-identified and if it is controlled by the consumer. So the consumer can say, I do not want to sell any of my data, or I am willing to sell all data not related to my psychiatric history, or I am willing to sell absolutely everything as long as it is de-identified. Then other entities might be interested. Pharmaceutical R&D might be interested, medical supplies. The moment I have got a query, that I can say, show me how many people in your database smoke, drink alcohol, take Lipitor and show me what their blood cholesterols are, I suddenly have -- out of the ten million, I will come up with a million hits. What I do with that is something else, and who has access to request that secondary use of data needs to be discussed, and I will talk about that shortly. But there are many groups that would be interested, including the academicians and the government.
Now I would like to turn to a second part. I wrote a white paper as of December 2005. I distributed it in January 2006, and I sent it out to a number of people, actually a few people who sit on this committee. Marc Overhage, I spoke with Paul Tang, and I also spoke with Charlie Saffron specifically about this, Bill Yasnoff, who is not a member of this committee, and I have spoken about this as well. I sent the white paper and I interviewed them about a number of critical issues that are raised in the paper that you can see from the Systems Journal.
Four of the issues which I want to discuss are information security, patient identification, legal, ethical implications, and I will show you the fourth in a second.
Information security. We need to realize that in a system like this, confidentiality and security are paramount. There is nothing that will sink the system faster than if we cannot insure the stakeholders that what they are putting in is going to stay in and will not be misused.
Here we have a different question. Is this a covered entity under HIPAA? Right now banks are non-covered entities. We need to figure out how HIPAA will latch onto this and will be associated with this. We need to talk about how HIPAA can enforce what goes on.
Secondly, I'd like to talk about what are security limits. We need to have it secure enough that stakeholders can use, but we need to also understand it comes with a price tag. In fact, one of the people with whom I spoke said that between 20 and 40 percent of the developing costs for a health record bank would be spent specifically on security, and that is what you will have to realize, that this would not be an inexpensive undertaking.
As far as patient identification and de-identified, I'm not going to do any of this anonymization stuff, de-identified records and record matching, what is the definition of de-identified information? If it is completely de-identified it is completely useless. I don't need to know the name and I don't need to know the social security number, but if I have no idea what the age or the sex or the background of that person is, or if I have no idea of the temporal aspects, did they receive drug A and five days later reaction B occurred, that means something. If I say drug A and reaction B on the same patient, that is of much less value.
If I am splitting up records, and once again this is a security issue, we need to know how we can link file A and file B, how can I link my text file with my radiology file, how can I link my record to my children's records, and how do we prevent fractionated accounts.
There are many people who might go to two different doctors. How do I insure that my record is not split up? Part of that actually has to do with people who don't want their records to be known to all of the entities who might have access to this. I don't necessarily want my employer or my insurance company to have access to my record, but what can I block from that record, or what if I don't want someone to see my psychiatric or gynecological history, how do I block it or control that?
So the patient may grant limited or full permission or just opt out of this whole idea, but also opt out of parts of sharing with their doctor. Then what does this do with what the physician will know? How do we identify the consumer, the provider or the institution? What IDs do we give to them that we can de-identify them and then re-identify if we need to?
Do we sell answers to queries? In other words, I've got this pool in the record banks, and I will allow you to query how many people take insulin, have cough and have had a certain reaction? Or do I actually give them access to de-identified data? It is a real question, because on the one hand it is much easier to have secure files. On the other hand, the data is much richer and I might be able to do data mining and receive a lot more information than I even thought I would receive at the very beginning.
MR. REYNOLDS: You're down to five minutes.
DR. GOLD: Okay, I will go through this very quickly. One thing I did want -- I wanted to address one question that you asked. When we are talking about the electronic health record, it might very well make sense on a health record to have a keyword index, so any time a doctor has ever entered the term myocardial infarction, that will appear at the top of the record. If it is mentioned 15 times, it doesn't have to say it 15 times, but it might be something that we can scan through and just hit those records that have those bits of information there.
I am going to go through these a little bit faster obviously, with five minutes. What are the legal and ethical implications? Right now patients are not granted free access to all of their information, even if they request it from their physician, they will receive a summary of certain parts of that record. They will not receive everything.
Who owns or controls access to our records and who should own and control access? The consumer should be empowered. On the other hand, the physician continues to need access to those parts that the physician has authored or received information
about.
We do need national registration. It is imperative to resolve a lot of the legal issues, not only a national registration; it needs to be in contact with the state registration so they do not provide.
Stakeholder acceptance is really imperative here. Stakeholder includes not only the consumer, but also the physician and the HMO and the hospital. We need to engage in public dialogue. I am going to skip through this because I think that I want to get to the questions and analogies and resources that I have for the committee. I think these are three important slides.
The definition of secondary use of health data. Primary use is obviously for patient care. Secondary use has multiple identifications. When I was involved in QA, I would say that I was using data to gather information about the diabetic patients in my HMO. I was aggregating them to know how in general were we doing, how were the individual physicians doing, and then I would feed it back to the physicians and I would say, these people have hemoglobin 1AC over eight.
Is that secondary use? Yes, the first part definitely is, but there is also a primary use component to that.
What are acceptable secondary uses for health data? I have fewer problems sharing data with CDC. I have much greater problems leasing out data to the tobacco industry. If they go to the health record banks and they say, lease us this data, who controls that?
In my opinion, it is the consumer who controls it and says I am willing to opt in or opt out at this level. You may share or not share with government agencies, you may share or not share with research institutes, you may share or not share with private corporations.
What are the acceptable means for sharing? What are the incentives that the consumers are going to receive, or the stakeholders, which might be a physician or a pharmacy, to share their data? What are the guarantees that we have for confidentiality and security? I know that you discussed this the first couple of days as well. And how can we engage the public in discussion.
The analogies. I want you to quickly remember, ATMs took ten years before there was buy-in. What do you mean, take a card and you will give me money out of a wall? I don't trust it. You are going to eat up my card and destroy my bank account. Online banking, where I can move much larger sums of money and there is a virtual bank, I don't even know where that is. How long did it take for the adoption, and do we trust virtual banks? Today, I have to say that is how we bank in our home.
The Internet also. You start at point A, you don't know where point B or point X will end up. We will start with the health record bank when this is up and running. I'm not sure that any of us here in this room understand the ramifications of that, the complete ramifications, and for better or for worse we need to consider many aspects of that.
The Human Genome Project, I only mention it here because they very well understand about engaging the public. Five percent of -- I forgot which part of their budget, is spent on the ethical, legal and legislative part, which is involved with getting stakeholders on board.
Resources for consideration. We need representatives of those who might be harmed by the secondary use of data, by sharing health data. I think that it is clear you need to speak with groups like AARP or support organizations for syndromes and for diseases, like the American Diabetes Association and the CF Foundation, citizens' rights advocacy groups and minority groups and the uninsurable; how will these people deal with this type of bank.
Secondly, we need to engage those agencies with experience with medical ethical issues and citizens' rights organizations. Third, who is likely to benefit from them. We need to engage them and ask them, how would you be using this, what would be the limitations, how would you control that.
Fourth, once again, John White was asking at what point is this -- who owns this data, and John stated the person who has it on their computer or has the file. I'm not sure I agree with that, but we do have experience in certain industries with copyrighting such as the publishing and media, how did they find what goes out on You-Tube.
With that, I'll wrap up.
MR. REYNOLDS: Thank you, excellent. Bill.
DR. YASNOFF: Thank you. It is a pleasure to be here again. Many of you on the work group know me. For those of you who don't, very briefly, I am a physician. My PhD is in computer science. I was elected as a Fellow of the College of Medical Informatics in 1989. I built the immunization registry in the state of Oregon in the '90s, spent five years at CDC developing the field of public health informatics, including co-editing the textbook in the field, and subsequently and most recently spent three years at HHS initiating and developing the National Health Information Infrastructure project in response to the 2001 report from the NCVHS work group that led to the creation of the Office of the National Coordinator. In 2005 I left and formed my own consulting firm that primarily works on helping communities to implement successful health information infrastructure.
I want to spend just a few minutes with you today talking about how health record banks can enable secondary data use with privacy protection. I am speaking on behalf of the Health Record Banking Alliance, which is an organization which I founded last year, first met in September of last year. The purpose of that group is to promote the concept of health record banks which are as Jonathan has described in detail consumer controlled, independent repositories of health records.
The Health Record Banking Alliance has brought participation, but as of yet no formal membership. HIT vendors, health record bank organizations, consultants of various types, privacy advocates are all participating. We have over 100 people on the mailing list. We meet monthly. We have put together a set of draft principles for health record banks which have been posted on our website, and I would be happy to provide those to the work group if you are interested.
I want to address the first four questions that you had asked. First of all, policies needed to achieve the effective secondary data use. I wanted to reinforce that there is very strong public support of secondary data use in a 2005 survey; 81 percent of those asked supported use of electronic health records for research.
But the public also wants to control their information. In a 2006 survey, 64 percent of adults said they would like to have an electronic medical record, but 62 percent agree with the statement that, quote, electronic medical record use makes it more difficult to insure patient privacy. So the public understands that as we make records more available for good and laudable purposes, both direct patient care and secondary use, that privacy protections have to be increased.
The policies that I believe are needed are, first, we need to put into statute the individual right to medical privacy. We have to make it clear that an individual may own and control a complete copy of all their medical records. By this, I do not mean that consumers should be able to control the medical records of providers. That is not what we are talking about. What we are talking about is, the consumer should have the right to assemble a complete copy of their own records and control that copy.
In that sense, the individual should be able to control all use of their medical information, and consent should be required for whatever use that information is put to. That consent may be provided in advance, may be granted for a person, an organization, a specific study, and it should be for a specific purpose only.
The second question that was addressed was the adequacy of privacy protection under current law. HIPAA regulations in this regard are completely inadequate.
This is a somewhat confusing issue. The treatment, payment and operations exceptions in HIPAA that allow data to be exchanged without consent seem completely reasonable. I don't think in principle anybody objects to health care information being used for treatment, payment and operations. The key I believe to understanding this is, who decides what is treatment, payment and operations, who decides, and who monitors the decisions.
Today, it is the organization that has the data that decides, and there is no oversight or monitoring in any meaningful way. So if I am a health care organization and I have data and I use it for a specific purpose and I determine that it is health care operations, I am fine. I don't have to report that to anybody, nobody asks me, and there is essentially no one to challenge that decision. The people who are the subjects of the data have no way of finding out what I am doing with that information.
This is completely inconsistent with fair information practices which were defined in an HHS study in 1973 and codified in the Federal Privacy Act of 1974. Unfortunately, the Federal Privacy Act only covers data held by the federal government.
One of the reasons that is always given for this need to move information around without consent is that it is too difficult to get consent. It is too time consuming and it is an administrative burden. That is no longer the case. We have the technical means to get consent, to record it.
Again, I am not suggesting that every time every piece of information about a patient is used we have to go back to the patient and get consent. But the patient can consent to broad uses. For example, the patient can consent to full complete access any time to all their data by their providers. So there is no need then to ask the patient another question every time there is a visit.
The third question was, what are the uses of health data with insufficient protection. Based on what I just said, it won't surprise you that I am going to assert that all uses of health data today have insufficient protection, because HIPAA is basically about disclosure, it is not about privacy protection. There is no disclosure of specific uses. Individuals cannot opt out. Individuals cannot find out what their information is being used for, and individuals perhaps most importantly cannot prevent their own information from being used against themselves.
De-identification which has been discussed is virtually never absolute, hence the term re-identification. Typically any data that is de-identified can be re-identified, and therefore the idea that everything is protected if you de-identify is not technically correct. There has been wonderful research in the computer science community about this. You can actually calculate quantitatively the probability of re-identification of data. I would refer you to Latania Sweeney if you would like to get some testimony on that. I suspect she would be willing to do that.
This whole scheme really violates the Hippocratic Oath. The Hippocratic Oath essentially says that the physician shall keep confidences secret. The reason for the Hippocratic Oath, which is thousands of years old, is that if the patient is not confident that their physician is going to maintain the secrecy of the confidences shared, the patient will not share the information and therefore you cannot provide care.
So I submit to you there is not a choice here between whether we are going to have complete information shared without consent or whether we are going to have complete information shared with consent. The choice is, if we share information without consent, people are not going to provide the information. We know from consumer surveys. There have been two recent surveys, one said 13 percent, the other said 17 percent of consumers admit to information hiding behavior, going to another physician so that their regular physician doesn't know about it, not getting a test. I suggest that if that many people admit to it, probably twice that number are actually doing it.
So the fact is that if we do not provide privacy, we will not get the information that we need. So the choice is to have incomplete information for care because we are not protecting privacy, or to protect privacy, do everything with consent and have the maximum information for the maximum benefit.
I want to spend just a few minutes talking about this fourth item, other NHIN related health information use issues. I am going to talk about the requirements for community health information infrastructure, a little bit about the health record banking model, and some secondary use implications, and summarize my policy recommendations.
If you think about a community health information infrastructure, I believe you need four things to make it successful. First, we need the complete electronic patient information. This is the pot of gold at the end of the rainbow. But in order to have that, you need three things to support it. First, you need stakeholder cooperation. All the stakeholders have to play. Second, you need financial sustainability, because without that you may build a system and it will then go away. Third and perhaps most importantly, you need public trust. The public is not going to allow these systems to be built and to be operated if they do not trust that the information is being used properly, and in particular is not being used against them.
So let me talk about these things one at a time. First, the compete electronic patient information. The good news here is, most of the information is already electronic, labs, medications, images, many hospital records. The big problem we have are the outpatient records. A very small percentage of physicians have adopted electronic records. The reason is that the business case for outpatient EHRs is weak.
Now, there is policy argument about benefit. Some studies have shown an above zero net present value to EHRs in a physician's office. I would argue, that doesn't matter. Physicians do not believe that there is a business case. They do not believe that if they invest money in an EHR that it will pay for itself or better. As long as they do not believe that, they are not going to invest the money. I think the fact is that the adoption rate remains slow, although thankfully it seems to be increasing.
So I would argue that in order to make all the information electronic, and there is a simple premise here, it is very difficult to exchange electronically information that is not electronic; pretty basic. In order to make the information electronic, we need financial incentives to insure the docs get EHRs. So that is your first requirement. You have to have financial incentives.
Second, we have to have a single electronic access point where you can get information. You have two choices. There are two ends of the spectrum. One is to leave the data where it is and gather it up where it is needed, what I call the scattered model. The advantages of this are, the data stays in the current location and there is no duplication of storage.
But there are some very serious disadvantages. This means that every system, every electronic system that has records in the world, certainly in the community and the country, has to be available for query 24/7/365. The query responses have to be in real time.
This means that each system incurs additional cost. You have to have additional cost for hardware, for software and for telecommunications constantly, particularly in physicians' offices where you already have a problem with the business case, having these extra costs added on is not going to be helpful.
The response time is going to be slow, because you can easily be querying for dozens if not hundreds of systems to gather up one patient's record, and of course your response time is going to be dependent on the slowest system. You cannot search in a system like this. Why not? If I have a model like this and I want to find all the people who have cholesterols over 300, I don't have anyplace to look. I have to basically say, gather up all the information for patient number one and then look through it and see if anybody's cholesterol is over 300. Gather up all the information for the second patient and look and see if anybody's cholesterol is over 300. That is a sequential search.
In computer science, we do not do sequential searches, because we like our searches to finish before we die. Any search you do with any application is always going to be indexed. Think of it this way. If you wanted to find a word in a book, you can go to the index and look for the word and then go to the page, which is what you would do, or you could start on page one and look at every word and so on. Even though computers are fast, they do not start on page one and look through the book. They go to the index that is previously created and they go to the page and find the information. So you cannot search.
This model does not support effective secondary use of data. You have a huge interoperability challenge because everybody has got to be interoperable in real time. Furthermore, if any of the systems where a patient's information is located happened to be down at the time you do the query, the record is going to be incomplete.
So your other option is a health record bank, a central repository. You take all the information for a given patient, put it in one place. You have fast response time. You don't have to interoperate between communities because for a given patient, you go to one health record bank and get the complete record. So there is none of this connection between communities. You can search easily. The reliability depends on a single system. You can control security in one location.
You may want to get testimony from folks in DoD that set up secure systems. There is a set of guidelines called the DoD Orange Book. Guideline number one is, when you set up a classified system, all the data has to sit in one place, first thing. The completeness of the record can be assured, and it is very inexpensive.
The problems with this, and the reason this was rejected by HHS by me actually when I was there is because who do you trust in the community, who do you trust in Washington, D.C. to electronically hold every person's complete medical record? Who would you trust?
So this is a problem which I will address. Also, you have to duplicate storage, but it turns out that is really not much of an issue. But I am going to leave this as a requirement, and I'll explain public trust in a minute.
Stakeholder cooperation. If you think the stakeholders are going to come together and cooperate voluntarily, see me afterwards, there is this land in Florida I'd like to show you. It is a little bit moist. You might be interested in buying it.
You can of course pay the stakeholders to cooperate, but where are you going to find the money for that? So I would argue that you have to mandate stakeholder cooperation. There are two ways to do that. One, you can go up to Capitol Hill or you can go to your state legislature and try to get a new mandate for cooperation on health IT. Good luck. That is a long and difficult process.
But there is an existing mandate. This is where HIPAA helps us, because HIPAA requires that when patients request information it has to be provided. It is true, they can charge for it, it can be on paper and so on, but that is enough of a lever to get the stakeholders to realize they are all going to have to cooperate in a community, and this actually works. But you have to have a system where the patients request their own information.
Financial sustainability. This is a really difficult problem. Your funding options start with the government. I don't think I have to explain to you that the federal government is not going to pay for this. No one in the Administration feels that this is a federal responsibility. No one in Congress feels this is a federal responsibility. So unless you think the Supreme Court is going to order it, it is not going to happen.
The states for similar reasons are not going to pay for it, although there will be startup funds. There are federal startup funds, there are state startup funds, which are helpful.
The health care stakeholders in many communities actually are paying for this, typically the hospitals. But in general, the health care stakeholders are paying for giving care, and this coordination is not really part of their mission. It is kind of like going to McDonald's and saying, I'd like a hamburger and they say that will be a dollar, and you say no, I am hungry and I just need a hamburger. They say no, unless you pay the dollar. We are not here to solve world hunger, we are here to provide food in exchange for money.
The payors and the purchasers, the insurers and employers, ought to pay for this. They are the ones that primarily benefit, but they are very skeptical, rightly so, about the benefits. Also, there are these free rider and first mover effects that they are concerned about. They don't want to pay for someone else's benefit.
So that leaves you with the consumer. Interestingly, 72 percent of consumers support electronic records. In two separate national surveys, a slim majority of consumers have indicated their willingness to pay. One survey specifically mentioned five dollars a month. So my suggested requirement is that the solution has to appeal to consumers so they will pay.
Now let me talk about public trust, and then I'll conclude. The key to public trust in my view is that the patients have to control the information. Essentially what you have to have is an electronic safe deposit box for the records for consumers.
Just like a physical safe deposit box, when you go to a bank and you rent a safe deposit box, the bank is providing you with an infrastructure to protect your papers or jewels or whatever that you put in the safe deposit box. But the bank does not have an ownership right to what is in the safe deposit box. So for example, if the bank goes out of business, they can't just pop open all the safe deposit boxes and auction all the stuff off to pay their bills. So you maintain the ownership, they provide the infrastructure. That is what we really need.
First, the patients have to control all access. Second, you have to have a trusted institution. You think of trusted institutions, the first thing you think of are banks. Why do we trust banks? It is not because they often have Trust in their name. We trust banks because they are regulated by the state and federal government, and the federal government in its wisdom provides all of us with a no cost, no copay, no deductible insurance policy on all our deposits up to an amount more than most people can deposit. So sure, we trust banks.
I used to say it was impractical to have health record banks regulated, and now I have question marks by that because as I am sure you know, in the last Congress legislation was introduced to create a regulatory framework for health record banks. The House has introduced a bill just last week, I believe, with 30-plus bipartisan cosponsors. There will soon be an accompanying Senate bill. So it is conceivable that there could be a regulatory framework which would help with trust.
Today there is no regulation. Today the way I believe you can do this is, you have it regulated via a community owned nonprofit that has all the stakeholders in the community and provides independent privacy oversight, and essentially supervises the contract, the operation of the health record bank. So via those contract provisions, you can insure that the contractor is following the right practices in terms of the use of that information.
Finally, my favorite topic which I will spend virtually no time on is, you need a trustworthy technical architecture. There are many ways to do this. You have to prevent large scale information loss and you have to prevent inappropriate access to individual records. I suggest the two server solution. You have one server that you use for searchers that you lock up and you have no phone lines or Internet connectivity, and you put it in a vault and you lock information in and out.
The system that provides access to individual records is an especially constructed secure server. I call it a cubbyhole server, where each person gets a block on the disk for their records, and the system is constructed in such a way that no user of the system can see more than one block.
So the health record banking model, as Jonathan has described, all the information for a patient is stored in one account. The patient controls all access. The way I see it, each health record bank would have three interfaces at least, a withdrawal window, a deposit window and a search window.
Whenever new care is received, wherever you receive new care in the world, the records of that care are sent to your health record bank for deposit, and therefore your records are always complete and available. Everyone has to contribute because of HIPAA.
So how does this work? You have a health record bank with secure files, and at a clinical encounter the clinician would inquire, and the patient has to give permission. If the patient does not give permission, no data is sent. Then you are going to have a very interesting conversation with the patient, but I'll leave that. Most patients overwhelmingly want their clinicians to have their data, and hopefully the data would be recorded in an EHR and then all that data would be added to the health record bank, and optionally the health record bank since it is very inexpensive to operate, you can set up a business model that will provide payments to the docs for those deposits from their electronic health record and those will pay for the record.
I have two minutes. The secondary use implications. Privacy is protected through consumer control. Each consumer customizes their own privacy policy. I submit to you the only way we are all going to agree on how to handle the privacy is if everybody gets to set their own privacy policy. I don't think we are ever going to come to consensus.
Health record banks facilitate secondary use because you can search easily over populations. It is not necessary to release the data. You can provide counts of matches with demographics rather than releasing data, and that eliminates the issue of de-identification if you ever release any data. You can combine searches over multiple banks through as Jonathan mentioned a health banking association.
Banks could also notify individuals without the knowledge of the people searching. So for example if you are recruiting for a clinical trial you say, I am looking for people with these characteristics, send them this message. Then you report back, we found 3,483 people who matched, we sent them all the message, and maybe you will hear from them. So therefore, the person recruiting does the recruiting and the people receiving the information are anonymous until they decide to contact the researcher. The banks can collect fees for these searching services, and they can share those fees with consumers.
Policy recommendations. The consumer has complete legal ownership and control of their health record bank information. No exceptions are needed because this is just a copy, so if anybody wants this for subpoena, for law enforcement, they can go elsewhere.
The information needs to be protected from change in ownership, failure of customer payment, bankruptcy. Consent is always for a single purpose access, and there should be no coerced consent. The consumer should not be forced to consent. All holders of electronic medical information should be required to provide it to the bank within 24 hours of creation at no charge, assuming the patient requests that.
Health record banks should be covered entities under HIPAA, although of course what I am recommending goes far beyond HIPAA. And independent privacy and confidentiality audits should be required, and of course you have to have security procedures sufficient to enforce whatever privacy and confidentiality policies.
Thanks very much.
MR. REYNOLDS: I would really like to thank both the gentlemen. You covered a lot of data in the right amount of time, and we appreciate that very much. I would like to open it for questioning. I know Justine wants to ask a question.
DR. CARR: Thanks, great presentations and very intriguing ideas. A question I have just in terms of the logistics. We heard yesterday from Northern New England Cardiovascular Registry for cardiac surgery. How would data that goes there or to SCS or to any of these registries, how would because data delivery interface with the data bank?
DR. YASNOFF: I would argue that if you have health record banks you do not need to have registries, that the health record bank is the universal registry and has all the information. I have had experience in the cardiovascular data area, looking at outcomes and so on. The reason you have that data is so you can query it. So you could do those queries through the health record bank and you would not have to actually have the data.
Now, I will say that one of the additional aspects of this that is important to recognize is that the surgical data includes outcomes. If you have a surgical procedure and your outcome is very good, the record of that good outcome is not likely to get into your medical record, either your paper record or your electronic record, because few people will make an appointment with their surgeon five years later just to have them put in the record that they are doing fine.
So you have to engage an additional activity in order to collect outcomes, and when you do that, you would want to then deposit that data into the health record bank and then use that for ongoing queries.
Now, lest I be quoted tomorrow as saying I advocate the destruction of all registries immediately, I want to clarify that obviously there is a transition process. Until the health record banks can provide the capabilities that will substitute for registries, which obviously will take some time, we are going to continue to need registries, in which case during the transition patients can give their permission for the data to be sent to registries for a specific purpose, provided it is not for the release.
Did that address your question?
DR. CARR: Thank you.
DR. COHN: First of all, I wanted to thank both of you for coming to testify. What I am observing, and I think Bill knows when I talked to him about this awhile ago, the question was, what part does this play into our conversations. The question I have for both of you is, and maybe it is an observation as much as a question, it appears to me that a lot of models seem to be merging. We are getting health information exchanges that are becoming holders of data. We are getting health databanks that appear to be offering ASP services, which is what I was beginning to read between the lines. We are getting ASP services beginning to offer personal health record applications. Is what we are beginning to see is that a lot of models are beginning to converge together?
DR. GOLD: I think what you are saying is absolutely true. I think we are all searching for what answer we can use to serve the consumer, to empower the consumer, and we are becoming aware that we have a lot of information out there that has to be stored somehow. So I think it is true.
Bill and I spoke two years ago about the different models. There is another gentleman in Israel by the name of Amon Schvoh who feels that this should be a federal entity, the health record bank. I have seen over the past couple of years that Bill and I are beginning to sound more and more alike, even though we don't work together at all, in our thinking of how do we deal with using this data for good purposes, which would be the secondary use of data, and how do you make this a financially stable institution.
DR. YASNOFF: I think there is some degree of convergence. I think it is interesting to note that every single community that has some kind of operational health information infrastructure today, and there are about half a dozen, all have central repositories. No one has succeeded in operationalizing a scattered model. So I think just that fact alone tells you that the technical and political operational difficulties of setting up a scattered model are not easily dealt with.
In Santa Barbara, they were able to actually build the technical capability for sharing, but they weren't able to get people to agree to share. One of the big advantages of this approach is that because it is the patient requesting the data, everybody has to provide it, so no one has the option not to share. That is a very important component.
As you know very well, this issue of building a health information infrastructure in communities requires you to solve all the problems that I mentioned all at the same time. You can't neglect one.
So I think more and more folks are recognizing that the health record bank approach makes sense. The state of Washington has come out with a report supporting health record bank, and they have some funding to pursue pilots now from the legislature. Louisville, Kentucky is on the path to health record banking, and recently the state of Texas in the governor's office decided that that was the approach that they wanted to take, because they see that this approach can solve the difficult problems and allow us to have both the patient care benefits of having complete information and the secondary use benefits while having financial sustainability and protecting privacy.
MR. REYNOLDS: We have a question from the floor. Sir, if you would introduce yourself and then ask your question, please.
MR. CRONER: My name is Chuck Croner. I work with Geographic Information Systems here at CDC. I would like to take the conversation into that dimension if I could, Bill. I can see a tremendous benefit. We all know the importance of place and location on health, and especially I can envision down the road where the understanding of chronic disease especially, where we can track exposures from place to place and from location to location and get a tremendous insight into the etiology of cancers and a variety of types of chronic diseases. But also many other benefits in terms of relation of the outcomes to SES characteristics of place, et cetera, as Nancy Krieger of Harvard University has very strongly argued.
So if you would entertain that subject, as to how we capture that kind of identification to bring a more robust record to the health care system.
DR. YASNOFF: As you might expect, having spent as much time as I did at CDC, I am very sympathetic to the public health needs and public health uses of this data. I think that having location coordinates for each patient will be very helpful in terms of generating important results for queries.
I think that more research needs to be done in terms of how to do queries of large location enabled systems and produce results that do not inadvertently identify people. So that is a challenge. But I think that certainly these health record banks ought to be GIS enabled.
I also would say that I put the public health uses of health record banks into two categories. One is querying the system, either to follow chronic disease, to do research or in a public health emergency to find things that you need to know right away. But the other is that if you have health record banks, it provides you with a single point in the community where you can generate public health reporting.
So if every piece of health information, medical care information, is deposited in a health record bank, at the deposit window you can screen it to see if it is public health reportable and immediately send a copy to public health. That is required of the providers by law. The way I envision is, the provider would delegate that task to the health record bank. The health record bank would provide it as a service, and then public health in each locality would have -- depending on how many health record banks there were, just a few feeds that would provide real time information about all reportable diseases.
So I think that potentially the health record bank not only can provide the kinds of insights that you mentioned with respect to chronic disease and location and so on, but also can provide wonderful improvements in terms of completeness and timeliness of public health reporting.
DR. GOLD: I'd just like to add to that. I am going rather than refer to GIS right now, what you are saying raises certain questions about the anonymity or the de-identification process. It is important to have that information.
If you think about phenotypic data, where we are suddenly looking at the genomic information, would we be able to de-identify that in the same way that we can de-identify the locale of the person. I think that needs to be considered as well.
So even though the question is specifically about GIS, I think that we need to also consider those other aspects and how we might re-identify and how we keep that information secure.
MR. REYNOLDS: Kevin, you have the last question. We need a hard stop at 12:45.
MR. VIGILANTE: Thanks for great presentations. We were bemoaning a little bit before that a lot of people were agreeing with each other about their lack of problems with secondary data in some ways or that could be handled by HIPAA. So it is always refreshing to get a contrarian point of view. That is very helpful.
Just so I can get my head around this a little bit, is there a case in which somebody can be in both systems simultaneously, and does that present a problem? In other words, could you go to one provider who is paper based and apply a HIPAA notice of privacy which would give that provider -- say they abstracted their records manually -- the ability to use that data for quality assurance and then potentially sell it? Then also, another provider with an electronic health record goes in the bank and then your data could end up in the same person buying or not buying the data from different sources.
DR. GOLD: That transition phase will be a very difficult phase. I think that we are very aware that there will be a transition phase. This won't be a panacea, but will solve things within the next five years. But as the record bank comes in, I think it has a lot of chance of bringing people in. At a certain point people will say it doesn't make sense for my stuff to be filed in someone's cabinet elsewhere.
So I do think that people will shift, and I think that physicians are shifting now, as Bill stated before.
DR. YASNOFF: I think that I agree that there has to be a transition. I think what I suggest with respect to health record banks is that the issue of patient ownership and control of their data is initially only for the data in the health record bank and that we just leave the rest of the system alone. The health care system is difficult enough as it is, and the idea is, you create these health record banks that provide patients for the first time with a place they can have their complete records under their control.
I think that over time, we will see that having records under patient control satisfies every use case, every primary use case and every secondary use case. As that becomes clear and as more and more data is there, then I think it will be time to change the HIPAA regulation back to what it was when it was originally proposed, which was all uses require consent. Then once you have all uses require consent, then the health record banks will help manage that consent and make sure the information is available.
Let me again be clear though, the records that are generated by a provider belong to the provider.
MR. VIGILANTE: Even the banking system?
DR. YASNOFF: Right. The records that are generated by the provider belong to the provider for the purpose for which the patient has consented, which is for their care.
In my personal view, whether it is legal under HIPAA or not, it is wrong for providers to use that information for other purposes without patient consent and notification. That is not what the patients agreed to.
I certainly am not interested in trying to take away the provider's records that they generate. They have to have those records - that is part of their business. Also, if you are seeing a patient, any records that you see from the health record bank, you have to be able to have those too and hold them or at least have a permanent reference to them, because you have to be able to justify your decision making.
That is not what we are talking about here. What we are saying is that patients should be allowed to control where their information goes, what it should be used for, and they should know about it. We have the technology to do this.
MR. VIGILANTE: With the exception of required public health reportable events, right?
DR. YASNOFF: The way I look at public health, I put that into the category of patient consent in the following sense. There is individual consent, where I go to you as the physician and you treat me and I give you consent.
I put public health in what I call community consent, where the community as a whole has said in order to protect the community this is what we have to do. Obviously that has to continue. In a health record banking system, it may be prudent to increase the number of reportable diseases because the marginal costs would be low and it might have public health benefits and so on.
MR. REYNOLDS: Kelly, I know you have a question, but it is their hard stop so if they get up and leave, I wouldn't take it personally.
MS. CRONIN: I just want to make a really brief comment first, and then I have a question.
I think none of us have a crystal ball to know what it is going to look like in five to ten years in terms of combination of the hybrid approach. Many people would agree peer to peer or your scattered approach is going to be very technically challenging, for all the reasons you described, but the hybrid approach and the many health information exchanges or the several that are operational may be trying to reach that. So they are not going to have completely a model to the extent that you are describing that would be either in consumer trust or the health record bank.
I think we also need to keep in mind that we know so little at this point in terms of what really will lead to a viable business model. Clearly if consumers -- hopefully if some of that survey data plays out, if they are willing to play it will happen in either the state of Washington or Kentucky, and we will have some real empirical evidence to work from, but we don't now. So I will just caveat that.
The other thing that was really intriguing about what you said is that it caused them to customize privacy policies. If you have any thoughts about how that might be operationalized through automated consent processes for different types of uses or whatever you contemplated, it would be helpful to understand.
DR. YASNOFF: Let me respond very briefly. Thank you for bringing up your first point about the hybrid models. I am not a purist about this. I do not think there is value in putting peoples' complete hospital record in a health record bank. I think discharge summaries are plenty. Once you are discharged, nobody cares what the nurses wrote at four in the morning on your third day of hospitalization. It is just not relevant.
Second, I don't think there is any reason to put digital images into a health record bank. First of all, the reason for putting the information in one place is so you can search it, and we can't really search on images. Second, images are large and take up a lot of space and third, you can through a pointer system or a peer to peer system hook up to all the imaging centers in a community, and there are usually not very many, and then you can count of them to be available 24/7.
So I'm not a purist about this. I am trying to describe this at a high level.
With respect to consent management, I would suggest looking at the system developed by Richard Dick at You Take Control. I don't know if you are familiar with that system. I'm sure Richard would be willing to testify. They have a consent management system developed. It is an independent third party consent management system that allows consents down to the data item level to be maintained by an outside organization and managed very efficiently. I'm sure he would be happy to describe that to you in detail, either in hearings or privately.
DR. GOLD: Just two words to add to that. Before when I was referring to the terms used at the top of a patient's electronic health record are the keywords that a system could access. If you look at the article in the IBM Systems Journal, it talks about categories of the EHR, and there is a section within that which would include permissions, automatic permissions and non-automatic permissions, as well as legal counsel and things like that.
I use the analogy of, if you can imagine a letter being sent to you, you have got an envelope and you have got a letter itself. The envelope would include certain types of consistent information, family members, demographics, et cetera, that would also have a stamp as it were of keywords and consent and other things. The inside information would be the actual medical record. MR. REYNOLDS: Thank you. We really appreciate an excellent job. We started out very compellingly. We have had great testimony on this one at that level again. Thank you very much.
DR. GOLD: Thank you.
Agenda Item: Work Group Discussion
DR. COHN: Now we are going to do about 45 minutes of work in the next nine and a half minutes here.
I think the priority for the moment is to give people at opportunity to debrief. The reality is that our next full set of hearings is in ten days, so if there is time you can comment on what you are seeing on that agenda, but I think that we are not going to want to -- given how far we are on that, it is really not terribly useful for us to be taking extensive time reviewing at a detailed level that information. Though I would say, if you look at it and see there are things that were missing that you want to see discussed, e-mails to Margaret, e-mails to me, e-mails to Harry and Justine would be very much appreciated.
Now, having said that, let's open it up for a little bit of debriefing, thoughts, epiphanies that may have occurred today as well as next steps.
Kevin, I think I will start with you and go around.
MR. VIGILANTE: Some random thoughts, I guess. I think this notion of tertiary uses of data is an interesting thing to keep in mind. I think when we think about the HIPAA notice of privacy that enables health care organizations and covered entities to use data collected in the care of the patient in secondary
ways seems like something we have already addressed at some level.
Where it gets sort of sticky is, once you have that data as a covered entity or a non-covered entity in some cases, it is the tertiary uses or the quaternary uses. As you release it to somebody else either for sale or for other purposes, that really starts to get sticky and concerning, if you were to try to present that to a patient up front and feel confident that the patient would say yes, that is fine with me, even if you say it is going to be de-identified. So it is those tertiary-quaternary levels that I think are the more vexing ones. So that is item number one.
Number two, I think the issue of stewardship and ownership clearly very important, but who is the steward you trust. It is interesting that in the health record bank model that stewardship and ownership are convergent. It is the same entity, the individual, and it addresses that in an intriguing way.
Thirdly, I think the issue of trust that we have talked about, and we talked about some models of trust, but I think that trust is important. We talked about uncertainty yesterday, what is going to happen with my data later, in the future, with unknown people. I think trust becomes increasingly important as uncertainty increases.
If I have greater trust around -- understanding and transparency and hence trust in how it is going to be used and who is going to use it, then I am more likely to -- uncertainty is addressed at a certain level and I am more likely to consent to it.
I'll just stop there.
DR. COHN: Very well done.
DR. SCANLON: I am in a very similar situation to where I was last night, and I recapped last night, so there is not much to add.
Today's two presentations for me were -- not two presentations, but two sessions, two panels, were very interesting in some respects, in contrasting where we are versus something about where we might want to be. I think the whole issue of secondary uses is kind of a no-brainer. There are so many good secondary uses that the question is how do we maximize what we can do.
But we are operating now in a very suboptimal world, and for me in my earlier question, I wanted to know how I can most quickly get to a better world. Our last panel was playing out something that was intriguing in terms of one model of a better world, a very difficult one though to think about in terms of what the pathway is going to be.
I would like us to always keep the future focus in our discussion, and identify the elements that are key to that future focus in terms of the facilitators and the barriers. The future focus may not have a particular model in mind. I think we have to leave open the option that the model has yet to be specified, but it has got to have -- there are certain barriers and certain facilitators we can maybe identify that are going to have more universal applicability or more widespread applicability to facilitate improving on the current situation.
DR. CARR: It really has been very educational as we have progressed through this. I think there are a couple of areas that I feel that there is a lot of confusion about, starting with HIPAA. I think we have heard it at the JHCO level, in terms of understanding, are people being notified or are people giving consent. We have heard it at the clinician level in terms of when consent might be needed. We have also heard an enormous amount of work, ongoing work, being done about further understanding HIPAA or the common rule and refining the details. So I am struck by this disconnect that there is so much work on it, and yet in the playing out of it at a high administrative level as well as a local implementation level, we don't all see it the same way.
Then within that, one of the things that has come up is when does quality become -- when is it TPO and when does it become research, and do we have definition around that.
Then the other is the whole concept of identifiable is a challenge with quality, because we will not be able to do a lot of the great work that we heard if we draw the lines tightly and require de-identification and anonymization so that you can't figure out who is who.
Then finally, the issue about tertiary and quaternary. I think that is a helpful concept to think about. I think that is where we are getting stuck, and so how we understand the management of those tertiary uses I think is important.
What struck me today as we have all been struggling with all these decision points and where these definitions are and who owns them and who implements them and who does them, the parsimony of what we heard today was very appealing.
I'll stop there.
DR. COHN: I know we started asking members to debrief first, but we will also ask the key staff. Harry, I want to thank you again for facilitating the session.
MR. REYNOLDS: You're welcome. We started our discussion with testifiers that said HIPAA was fine. Then we went all the way to databanks today.
I heard consistently ambiguity. I don't care whether it is how people understand HIPAA or how people identify the data, TPO, which is in the eye of the beholder and some of these other things. I also would like to play off of Bill's statement how we get from where we are to a future state which have had both exciting and upsides and downsides, as we have heard it today.
But one of our focuses is quality. So I think if we can clear up some of the ambiguity, help the transition by structuring it a little bit like we have done with the NHIN requirements, a little bit like we did with e-prescribing, a little bit like we do with our other things, but at the same time, regardless of how other things have or haven't occurred or will or won't occur as we go through this transition and get better technologically and other ways, to allow things like quality and other things to continue under something that makes some sense, that is the picture that I am starting to draw as far as how we can do it.
We can't fix it all and we can't go to the databank if we wanted to tomorrow morning. People right now don't understand HIPAA, that is clear. We have heard that over and over again.
So I am pretty energized about the fact that we may be able to help this, and especially as we look at it longitudinally, but then we drop down to quality, I think we may be able to come out with something that is going to make a difference, with the help of the other testifiers and the people we still need to hear from, and everybody around the table.
But from HIPAA to the databank, how we get the ambiguity cleaned up on the way, if we can help the ambiguity we might help people move faster.
DR. COHN: Harry, that is very well said. I think we are certainly hearing a lot of people agreeing at the high level with the principles. It is the specifics that either are tripping people up or they are being confused about, or that were just not contemplated.
MR. STEINDEL: Thank you, Simon. It has been a fascinating three days of testimony, I have to say that, in an area that I thought I knew a lot about. I found out I didn't.
But there were a couple of things that I think a lot of people have touched on. A theme that ran through on the successful uses of secondary use of data, one thing that we did hear a lot of, is that regardless of what the perceived or known or whatever environment that exists under HIPAA, people are doing secondary use, correctly, incorrectly, properly or improperly. I think we have to look at that more carefully. But it is being done, it is being done well, and it is being done we have heard for a lot of good things.
We have heard a lot about successful stories of where the is has been implemented in relatively clear fashion, but they seem to have common themes. They seem to have a theme of trust. That trust theme seems to revolve around the issue of transparency of the use of the data through all the parties, down to the patient level and the final people that are using it. I think that transparency theme is very important.
Sometimes that transparency theme involves consent and sometimes it doesn't involve consent. I think this is an issue that we have to touch. We haven't actually heard testifiers on this. I think we are going to hear some in the near future, but people have touched on it, and this is concerning the sale of data and how this impacts on secondary use. I think we have to explore that further.
I think one thing that we have heard is, people have very clear stories which indicates to me they have a very good idea of why they are collecting the data and what they are going to use it for, and how they are going to tell people how they are using it. They were a lot more successful from the testifying point of view in getting the message across to us than people who have had more disconnected stories.
I was fascinated by today. I thought there was a little bit of a yin and yang in today's presentation. In the morning presentation we heard these very good ideas coming forward of how we are going to use this proposed present EHR system and moving it into data registries and this sort of thing that a lot of us conceive of the data flow, and how that is going to go forward and do good things. Then we heard this interesting future presentation of a new way to handle data from the health databank point of view. So that was an interesting contrast that we have to think of and figure out how we are going to handle it.
Simon, from a quick point of view, that is really --
DR. COHN: Very good, thank you.
MS. JACKSON: Going back to Dr. Cubby's beginning with the end in mind, keeping us focused on what we are trying to get out of it. There is so much information that was covered in terms of a time span from where we are now to where we are going. My whole thing is just making sure we drill down to what we can cover based on what was presented before. The background documents in the committee just continue to come up, the NHIN, privacy and of course understanding the concepts, the lack of clarity. So wherever the committee can drill into making that point would be great.
MR. FITZMAURICE: I learned a lot more than I thought I was going to learn, even though I missed the first day of hearings.
Maybe my most important thing that I synthesized out of it was that the risk assessment framework is needed to guide people in uses of health data, particularly for revenue generating uses. It might include things like learning what is public opinion regarding the secondary uses of data and generating revenue, where does it seem to be acceptable and not seem to be acceptable in the United States.
Then a little bit on what are the legal barriers and what are the data quality barriers. In other words, this use might be acceptable but not being used because the data is not useful for the purpose. So the marginal improvement of the data quality could make a marginal improvement in revenue generation, which can translate into benefit or value to society.
Also, what is needed to implement good acceptable patient authorization to these uses. Do you announce it in the newspaper and nobody complains, so you use it? Do you have each individual patient sign off on each individual use? I don't know if it is acceptable yet for these uses, but it runs the gamut of these secondary uses.
The second point would be on quality measures. How good is the science, how good are the data for quality measurement, how effective are the applications of quality measurement and improving patient outcomes. That is probably the most important secondary use that we heard testimony this time, yet for many of those questions we don't have the answers in front of us.
A third thing would be, even today, and I agree with Harry strongly, the application of the HIPAA privacy rule is not well understood. In the discussion of tertiary uses of protected health information by non-covered entities about patient authorization, how did they get that data in the first place? It is hard to get it out of public entities and into these uses without violating the HIPAA privacy rule. That wasn't addressed, and maybe it points up -- Mark might say we need more investigation. If the public isn't complaining about it, there has got to be a balance somewhere.
Then finally, the New England's use of registry data to test the Apache system. Their accountability was, we told ourselves. It seemed to work. I wouldn't object to that use, but what the heck, is that good enough? It is for that purpose. Maybe for other purposes it is not good enough. Maybe that is still another point.
I would seriously consider that we use the AMIA taxonomy rather than trying to invent one of our own, and we look through the AMIA stuff to see whatever else we can endorse rather than invent.
DR. COHN: I think for the next hearing we will be digging into the tertiary issues more.
DR. DEERING: I suspect that I began these three days with much more humility than perhaps anybody else in the room. To quote Don Rumsfeld, I knew what I didn't know, and I knew that what I didn't know I didn't know was rather large. Also, not surprisingly, I think I will make my comments more in the consumer than communications point of view.
Having agreed with almost everything that has been said there, I'll pick up on this thread of evolution toward the future state and being mindful that what we do enables the future state and doesn't preclude it.
One aspect of that transition that I want to speak to is the potential evolution from what is today still a provider centric disease centric state to a clearly person centered, health centered state. While that is seen most clearly in the juxtaposition toward perhaps health record banks, I think it follows many other ways.
Just as one small point, I think that the more I heard, the more I would cast my vote against in the future the use of primary and secondary. By definition the word primary conveys a provider centric view. That data exists primarily for the doctor to use. That is the definition. I do think that the future state may not necessarily be quite so limited.
Our first morning pointed to this and to the ways in which all of this information needs to flow together to improve the system broadly and also the individual's ability to manage also.
I would just hope that as we write what we write and point to this future state, that we are conscious of whether or not we are merely trying to strengthen the health care system or whether we are trying to strengthen health.
MS. CRONIN: I don't have the benefit of having heard everything over the last three days, although John Loonsk tells me you had two really good first days, and from all the other comments it sounds like it was time worthwhile, and all the efforts that went into organizing the three day period were appreciated and well worth it.
But I think a couple of things I have been contemplating just this morning are building off of what Harry already mentioned. I think it would be very helpful if we could just come up with a consistent interpretation of current law, not just federal law, but state law.
You all heard from RTI and Steve Posnack about some of the preliminary findings coming from the states from the HISPC project. But I think we could probably dig a little deeper there, because there are more than a half a dozen states that are taking on a uniform consent process. I think that we could be looking at some of those individual reports, or perhaps getting more testimony from states that have thought through how they might implement that, and try to be aware of what is happening at a state legislation level, because they are quite active right now. There are over 140 bills that have been either introduced or passed across states.
So we may want to think about getting a better handle on that as we move forward, so that we know what is being enabled or perhaps what barriers are being introduced. I think New Hampshire and perhaps some other states are even contemplating putting a halt to secondary uses.
So just having a consistent interpretation, and getting to those issues of the boundaries of research versus operations and how might that be defined with some additional inputs so we have it right, I think that could be extremely helpful.
I think we will also be learning a lot more over the next couple of months around what are the parameters and scope of stewardship, whether it is a federally authorized data steward that would have a national level of responsibility for overseeing how health information would be used for the purposes of quality measurement. That is clearly what AQA was calling for close to two years ago. I think the RFI is meant to inform what exactly is an appropriate scope there. And for somebody federally authorized it would take legislation. But I think there is real keen interest in that, to make sure that there is clear authority for such an entity.
So I think that that will evolve over time, but that is not the only kind of data stewardship we are talking about. As recommendations are developed or contemplated for the use of health information for quality measurement and reporting, that is directly relevant. But we have mentioned before that there is probably a lot of other levels of data stewardship, whether it is at the level of a health record bank or it is a health information exchange or it is governance of the NHIN, which could be done subsequently through a successor to the American health information community, which would be a whole series of activities and responsibilities that are yet to be defined, but we are trying to define them now, or we will be over the next few months.
I think we need to keep all that in mind, the larger context or the larger conceptual framework that you want to also be trying to develop, and building off of what AMIA has already done.
So there are several layers of data stewardship, I think is my message. I think that when it comes to quality there is a whole host of challenges. The way that we use the data to have a reliable numerator and denominator for measures in particular is very important. We heard this morning about challenges around getting data quality consistent enough to make sure that whether it is Indiana or Boston or any of the BQI projects that are actually using electronic clinical data. There is a lot of mapping that needs to happen. There is a lot of complexity to make sure that if you are taking data from these disparate data sources that you can actually make sense of it and use it together.
So there is a lot of technical and statistical challenges to getting precision in your measurements. I think data stewardship could perhaps encompass even those kinds of rules, whereas data stewardship over the NHIN or governance over the NHIN is likely going to be at a different level and may have more to do with exactly how data is being shared across networks, but not necessarily used for very specific purposes such as quality measurement and reporting.
I guess my basic point there is that there will be more to learn about in the next couple of months pertaining to governance at a national level for both health information exchange globally and for use when it comes to quality measurement.
DR. COHN: You're right, much more to be done. We may ask you for your help in terms of the state pieces. I didn't think the presentations were quite as targeted as you may think that they were from previous days, so that we may come up with the right questions.
MS. CRONIN: In fact, I have just been seeing more and more things coming in this week on that. On the 31st of July we will be hearing from four different states, some of them pertaining to this concept of consent.
DR. COHN: I do apologize. We are going to speed up here a little bit. I think we can finish up in the next four minutes or so. Erin, would you like to comment?
MS. GRANT: I was kind of over the last three days listening with two different hats on. One is, what other speakers do we need to identify and how to get them.
To Harry's point, looking at the ambiguity issue in terms of the future state and where we want to be, I drew a little diagram here in terms of looking at the different types of data, whether it be anonymized or de-identified, pseudo anonymized, identified, and what are all the uses for that type of data and what are the risks and benefits to having that type of data, and are there regulations that govern each use.
I think if we did that analysis it would help us figure out where do we want to go, what other testimonies do we need, what regulations may we need, in terms of mapping out some of the future sets. I think we need to pull it all together and understand where things lay. It also helped me figure out who we may want to think about having in the next two weeks and also at the end of August.
DR. COHN: I think I would also describe some of those -- when you talk about tools and approaches, these are some of them that we reference.
MS. ANDERSON: I just have a short comment, although one that is really perplexing. Even though we have agreement in any group that we want to move from the focus on medical care to the focus on health, and we want to move from a provider centric individual site of care view to a person centric longitudinal view, there is a fundamental business case problem here which is the reason why we are struck with this issue around monetization of the data, because it is considered to be one of the ways to fund some of the other public good movements.
So I think it is going to be hard to deal with this issue of commercialization independent of the individual axes of data use without thinking about why is that business model emerging, why does it show up in the NHIN, why does it show up in these quality groups, why do organizations that aggregate data for quality, and then there is a demand on the pharmaceutical side to mine that data.
Part of the way they are able to have affordable products is because they have some ability to monetize some of their costs. So it will be hard to separate out commercial and look at quality and look at research all independently and try to come up with an end point.
DR. COHN: I'm glad that you are joining us on this journey, because I think that is an important perspective. Margaret A, you have been taking notes diligently. We have got a lot of next steps.
MS. AMATAYAKUL: I certainly don't want to reiterate what everybody has said. The one theme, and it is interesting that Christine mentioned it, is that it seems to me that if we are focused to the narrow piece of this in addition to the broader, that allowable uses for quality, if we are looking at a fee for data environment, still seems to be focusing the fees on the provider or the patient as opposed to other beneficiaries. It strikes me that for the last many years, we have talked about who should pay for all this, and if often isn't those who benefit most.
But anyway, my viewpoint is mostly the task at hand. So I guess thanks to the challenges, I took this on because I do get tired of doing the same old thing. So it is definitely a challenge.
It seems to me that we have identified the need for a taxonomy of terms. We are accumulating a set of terms. We are getting good resources for what these terms mean, or at least the variation in them that we could point out.
It seems to me that we are understanding data flows better, and it seems to me that some of the issues and potential solutions are emerging even if we don't know what we might recommend specifically.
I guess where I am still a little bit concerned, is there truly an overarching framework of what do we need to include in that framework. So while all the other things are probably more important than the framework itself, I still think there still needs to be an overarching framework to guide future action just beyond quality or other uses.
DR. COHN: Based on that comment, I'm glad this isn't our last set of hearings and it is just our first.
I do realize we are running late, and I am not going to engage any conversation around all this stuff. Our next hearings start August 1. We are going to be implementing about an hour and a half each day for discussion. Trying to do it in the 15 minutes of the day, trying to squeeze into the last 20 minutes of the session on the last day isn't going to get us where we need to go.
I know Margaret and Justine and Harry and I and Karen and Erin and Christine and on and on are going to be working on fine tuning the agenda for the next session. Those of you who I have not mentioned, please take a hard look at it and see what you think needs to be added. For myself, I am trying to make sure that we do balance this issue of tools, approaches, technologies, just so that as we talk about the issues we begin to learn more about approaches that may help minimize risk in all of this. So we hope that we have things that we can recommend that have substance and reality to them.
I do want to thank everyone. A variety of you helped make this session a success. I think it has been very interesting, I think we have learned a lot, and it just reminds us of how much we have to go.
Thank you very much, and the meeting is adjourned.
(Whereupon, the meeting was adjourned at 12:22 p.m.)