[This Transcript is Unedited]
Hubert Humphrey Building
Room 305-A
200 Independence Avenue, S.W.
Washington, D.C. 20201
Welcome and Introduction - Mr. Rothstein
Discussion: Joint Hearing on Enforcement With the Subcommittee on Standards & Security Subcommittee
Possible Work - HIPAA/Gramm-Leach-Bliley - Dr. Zubeldia
Miscellaneous Issues - Mr. Rothstein
Agenda Item: Welcome and Introduction - Mr. Rothstein, Chairman
MR. ROTHSTEIN: I guess I ought to call the meeting to order now, I don’t know whether other people are coming. Simon and Kepa may well be here and probably that’s, those are, Marjorie is in Florida, so she’s not coming today. So the meeting of the Subcommittee on Privacy and Confidentiality is --
PARTICIPANT: Are we going across the internet?
MR. ROTHSTEIN: No, this is just being taped for our purposes, correct? Just taped. So I want to welcome Kathleen to her first meeting in her new capacity, only her 100th meeting in some capacity or another. I hope you all have a copy of the agenda because we’re not going to be following it. Let me suggest what the replacement agenda will be.
The first thing I want to discuss is this draft letter that John Lumpkin suggested that I prepare yesterday, so we’ll go over that. And then we’ll discuss two other items, one is a possible hearing on the enforcement rule and the other is, if Kepa’s here, another project that he suggested yesterday.
So with no objection I’d like to ask you to take a look at this letter and John. were you there when I raised this issue?
MR. HOUSTON: Yes.
MR. ROTHSTEIN: Ok, so John suggested that I prepare this, which I drafted yesterday, I’ve got three things to say before we get to the substance of this. Number one, I need to announce at the Subcommittee and I will announce again this afternoon when we take this up in the Full Committee, my conflict of interest that I have with this letter, and that is that by July 9th, sometime in the next two weeks, I will be submitting a grant application to CDC for a grant to study the effect of the HIPAA Privacy Rule on public health reporting, and that is an element of this. It’s a related topic, it doesn’t foreclose this, it’s just something that needs to be on the record, I think. And obviously I haven’t been funded or anything like that yet.
Second, in writing this I wanted to keep it short because it’s not based on any hearings or anything like that -- Simon, we were starting on this letter, and I deliberately left it vague as to who would actually be doing the study because I think that’s a department decision whether they, if they go for it whether they want to assign it to AHRQ or whether they want to assign it to some other thing.
And the third, I guess this goes to the language that Kathleen raised, in the second paragraph when I set up this burdens and benefits, I didn’t want to use costs because I didn’t want to give the impression that we were going to try to requantify how much it costs because that’s already in, the estimates are already in the rulemaking. And it is a concern about burdens, we’ve all heard I’m sure stories that either before or after the implementation date that the Privacy Rule was going to somehow interfere with research or would cause a decrease in public health reporting or make clinical care more burdensome, costly or add hassles or something, so that’s why I chose that word.
But sort of the floor is open for any comments, maybe we could start with big comments first and then we’ll get to the actual words. In other words, now that you see this in writing, is it a good idea that we send this, etc., etc. John?
MR. HOUSTON: I really think that probably the two most important things to measure, and maybe it’s really one and I think it needs to be, this really isn’t, we will talk about the verbiage later but I think we want to be very clear, that I think that it’s very important to make sure that we say we believe that there’s unintended consequences impacting both patient access and care and I think that, we talk about effects, I guess my thought is if you want to get somebody’s attention you make the words stronger, you say what you really mean, which I believe is that HIPAA has created both patient access as well as patient care issues.
MR. ROTHSTEIN: We can put that in there but I would say that there “may be” because we don’t have hard data and that’s what we’re asking them to come up with. I mean we’ve all heard the same --
MR. HOUSTON: Absolutely, and even anecdotally I can tell you that we have had patients who have decided not to avail themselves of services because after being given the notice, even almost without reading the notice, they have walked out, or they’ve been asked to sign an additional document which has offended them. Again, even without looking at the substance of the notice we’ve had patients do that.
MR. ROTHSTEIN: My view is you’re absolutely right, I agree with that, but that’s a conclusion that I don’t think we can draw yet.
MR. HOUSTON: But I think we’re trying to measure something and I think what we’re trying to do is the unintended consequences that relates to two big issues, which is access and care, I think those are the real important concepts to say we need to make sure, because those are the two important things that we’re most contributing to.
MR. ROTHSTEIN: But also research and public health, too.
DR. COHN: Actually I don’t think I’ve observed what John Paul has observed now, that may be because I’m from California and we had strong privacy enforcement prior to the rules, so it may just be an issue that’s from organization to organization. And certainly I’ve not seen any testimony before the Committee that tells me that there’s been disruption. I guess I looked at this and I sort of looked at words like burden and all this stuff and felt that they were already, that was latent, and I’d be talking more about impacts, because we really don’t know whether they are positive or negative at this point.
MS. HORLICK: I know we’re not wordsmithing but you talk about measuring and analyzing the effects and I thought ”assess the impact” or something because it is a little different than --
MS. FYFFE: You don’t know what the effects are going to be.
MR. HOUSTON: Well, maybe what we need to do is say the effects, or whatever words we want to use, and then say by example, both positive and negative, maybe sort of just list, maybe list concerns.
DR. COHN: I mean once again without wordsmithing, I just think this is a conceptual issue, it’s not just wordsmithing, and so you talk about effects of the Privacy Rule or maybe impacts of the Privacy Rule on, and I think the issues that we’re talking about clinical care, public health and research are clearly the areas that we want to understand what impacts might exist.
DR. ZUBELDIA: I’m, of course, feeling why the letter at all, I mean are you telling the Secretary you’re going to do something or just do it and give him some recommendations.
MR. ROTHSTEIN: No, what we’re requesting is that the Department undertake a systematic process for trying to assess or measure the effect, impact of HIPAA, because we’re not proposing to do it --
DR. ZUBELDIA: It doesn’t come across clear as to what --
MR. ROTHSTEIN: We recommend that the Department initiate a research program to measure the effects of the Privacy Rule.
DR. ZUBELDIA: It’s buried in the text. I would just make that sentence, I mean when I read a letter like this, I’m going to read the first line of each paragraph to see if I need to read the rest of the paragraph. I don’t see that.
MR. ROTHSTEIN: Ok, we’ll come back to that point about whether it’s clear enough in a minute, but I want to, as explained are you comfortable with the concept now that we’re asking them to study the effects of the Privacy Rule?
DR. ZUBELDIA: Yes.
DR. COHN: Can I ask one other question? The question is whether or not, I mean I see you doing a research agenda, and I guess the question is is this a research agenda, which to me is Vicky and groups off getting research grants and doing a couple-year studies and publishing scientific documents, or are we talking about some sort of a more focused assessing impact of? I just sort of wonder because when I see research I think it’s Department of Research or NIH or something like that.
MR. ROTHSTEIN: My thinking was to leave this, the implementation of this up to the discretion of the Secretary, and so whether they want to have something that’s more practical and done in-house in a sense, by AHRQ or CMS or ship it to, ask NIH to do it or a funded IOM study. I think that we ought to leave that to the Secretary. John do you agree?
MR. FANNING: Yes, I would agree, there are various mechanisms, I mean we give out money for evaluation. Some of it may take the evaluation form, which would be more focused, some of it might take the broader research form.
DR. COHN: But do we want to use the word “evaluation”? I just think research to me has a particular --
MR. HOUSTON: Take out the word research program, and just say program, let them decide whether the program is appropriate.
MR. FANNING: Yes, yes, research may --
MS. HORLICK: How about evaluation --
MR. FANNING: That’s another sort of technical usage.
MR. HOUSTON: Program or evaluation, we could use the word evaluation --
MR. ROTHSTEIN: How about if we use both, evaluation or research program, something like that?
MR. FANNING: Well, but I think just the “programs to measure the effects” would work perfectly well.
DR. ZUBELDIA: And then the next sentence would be an ongoing program or attempt to refine rulemaking --
MR. ROTHSTEIN: Ok, before we get to, now we’ve got some suggestions that we need to incorporate a second paragraph, I want to take up Kepa’s point from the first paragraph, and that is to raise the issue of whether the first paragraph makes it clear enough exactly what we are proposing that the Secretary do.
DR. ZUBELDIA: I mean there’s nothing at the beginning of a sentence.
DR. HOUSTON: Can I ask a stylistic question?
MR. ROTHSTEIN: Sure.
MR. HOUSTON: Do memorandums like this or letters ever contain a subject heading? Letters often say Re: or Subject:.
MR. ROTHSTEIN: It has not been the practice of the Committee to do that, I don’t know that there’s any prohibition on it.
MR. HOUSTON: I wasn’t sure whether this is something, I mean sometimes that’s a great way to just put the marker out there saying program to evaluate effects of HIPAA and then just, everybody you know would walk into this letter then and you’ve got, you know the subject. But again, I don’t know if that’s the form that the government uses or HHS or anything else.
MR. FANNING: Well, the Committee can decide to present it in any way it sees fit, I mean the letter rather than a memo is the correct form, but that’s a choice of the Committee about how it does it. I might say that a brief letter would we hope, convey to the bureaucrats who actually have to deal with it what the subject is. On the other hand, there’s certainly no objection to putting it up front, it’s a stylistic matter, although you will get into then some discussion of how you phrase the subject.
MR. ROTHSTEIN: See as a practical matter, Secretary Thompson will not be with his letter opener ripping open at the envelope and reading this with 20 other things as you know, and so when it goes through channels to get there this will be well known to be the letter suggesting or recommending that there be some sort of evaluation measure put in place. Is that fair?
PARTICIPANT: Yeah, it will end up down in --
MR. FANNING: Listen, the relevant people already now know what it’s all about.
MR. HOUSTON: I would simply take what Kepa is saying to move the second two sentences up to the very beginning of the paragraph.
MS. HORLICK: I’m not sure we even need to say now that the compliance date has passed.
MR. ROTHSTEIN: You think they’re aware of that?
MS. HORLICK: Well, I mean if we want to get the, yeah, I do, I mean if we want to get the substance of it in there sooner --
DR. HARDING: What would be the resistance to having outcome data on HIPAA implementation? Is it that there’s the fear that it may not do what all these, all the money and energy has gone into, that we couldn’t show that it did anything? I mean that would be embarrassing. Or why would we, why would not the Department feel that it’s a pretty good idea to do outcomes studies? Or is it an expense issue?
MR. ROTHSTEIN: Well, I’m not sure that the Department wouldn’t think this is a great idea.
DR. HARDING: I would hope so but I’m not in, in a different position you have different, I mean could it be embarrassing, this kind of a thing? If the outcome says that privacy hasn’t been effective and we’ve done all this, would that hinder some future legislative, I’m just thinking out loud but it would seem to me that if it was a simple statement and with a good idea that it would go, it would be welcomed I would think.
MR. FANNING: Yes, I’m not sure what your point is, Richard, I think the Committee sort of has agreed that this is a good thing, at least generally.
DR. HARDING: If properly presented.
MR. FANNING: Well, but I think what you’ve been moving to in the discussion is that the presentation should be quite general, not get into the method of funding or the way the question would be formulated or whether money is a consideration or not, your Committee could debate all of those and might be able to make useful suggestions, but that has not occurred and in the time available perhaps the sensible thing to do is just to say to the Secretary look, we think this ought to be looked at, don’t just throw it, just don’t throw the regulation out there, follow up to see what actually happens. That’s my sense of what the Subcommittee is thinking of.
MS. HORLICK: But I think, picking up on what you were saying, maybe there is, there might be some concern about what will this show and so maybe if we take out the language about say the burdens, just saying it would be valuable to study the impact on these things, then that leaves it much more open to finding positive impact.
PARTICIPANT: Short and long-term effects.
MR. ROTHSTEIN: So, alright let me pick up on that and see if I can make a change to the second sentence in the second paragraph. So striking everything from researchers through the end of that sentence, and in the next sentence striking everything through the word burdens. So in other words it would read, “among other things it would be valuable to study the effects of the Privacy Rule in such matters as clinical care, public health reporting”, and that was a suggestion that Richard made, public health reporting, and research, and then we could also say, “it could also assess the degree to which the Privacy Rule has increased the level of privacy and confidentiality”, blah, blah, blah, something like that. Would that be agreeable?
MR. HOUSTON: Do we want to, maybe this is just the same, clinical care is, maybe you find it the same, but I just sort of always like to separate out access from care.
DR. COHN: Why?
MR. HOUSTON: Why? Because I think that there’s --
DR. COHN: In this sort of a document? I mean there is a difference but in this sort of a document?
MR. HOUSTON: Maye not.
MR. ROTHSTEIN: But just saying “care” here means access, quality, cost, availability, so I think that subsumes the thought. But there is something else that you mentioned, another concept that I think we need to work in here, and that is the idea of unintended consequences. I’m not sure, do you think we need to know that this is been redrafted --
MR. HOUSTON: But having said that, listening to the dialogue here, does that show an inappropriate bias because if we’re going to measure the effect we could find that there’s unintended consequences, there’s positive impact on people willing to --
MR. ROTHSTEIN: Right, so you’re comfortable in letting go --
MR. HOUSTON: Having thought about that, maybe what we simple need to do is make a statement as to we want to insure that we measure both the positive and the negative impacts of the Privacy Rule.
MR. ROTHSTEIN: We’re just studying the effects, we’re studying the effects on these three areas.
MS. HORLICK: I was thinking maybe if we start with the first paragraph we could try to get what we want to say right there and then maybe put some of the language, like even the last sentence of the first paragraph could maybe go into what you want to collect and why it would be good.
MR. ROTHSTEIN: Tell me what you’re thinking.
MS. HORLICK: Well, I think that, I think Kepa’s right, I think we should get to exactly what we want to say, I mean they know we’ve written letters, we always start out saying well --
MR. ROTHSTEIN: I mean this is sort of the form that we’ve written a hundred letters.
MS. HORLICK: Right, the standard way, but maybe even in the second sentence we could, so we’ve written you letters and now, if we take out “now that the compliance date has passed” we could put maybe a beginning of a sentence about why we think it’s important to assess the impact and so therefore we recommend this, and that would be the second sentence.
DR. ZUBELDIA: And make that a second paragraph?
MS. HORLICK: Well, you mean make a one sentence paragraph?
MR. ROTHSTEIN: So after the first sort of --
MS. HORLICK: Right, we always have to say, either we’re charged with this or --
MR. ROTHSTEIN: Who we are and why we’re supposed to do it.
MS. HORLICK: Then instead of that first part now the compliance date has passed --
MR. ROTHSTEIN: Ok, just drop that and next sentence we recommend?
MR. HORLICK: Right, but we could put something instead of now that the compliance date has passed, we could put something right in there in the beginning of the second sentence about what NCVHS believes is important to assess the impact of this rule, they know it’s, and then basically therefore we recommend.
MR. ROTHSTEIN: Alright, how about this, I have a suggestion. What about the first sentence in the second paragraph becoming the second sentence in the first paragraph?
DR. ZUBELDIA: What I would do is I would take the first sentence of the second paragraph, the NCVHS believes blah, blah, blah, and make that the introductory sentence for a new paragraph in between those two. And the second sentence of that new paragraph would be the ”we recommend” part.
MR. ROTHSTEIN: Ok, alright, let’s make sure everybody follows this.
MR. HOUSTON: I think you could just simply make it the first paragraph, I think --
MS. HORLICK: We always say --
PARTICIPANT: -- who we are.
MR. HOUSTON: After that --
MR. ROTHSTEIN: The first element in the letter, see if everybody’s with me and I have this right, the first element in the letter is the first sentence, which would now just be a paragraph onto itself. Then the next element would be another paragraph that begins with what is currently the first sentence of the second paragraph through the words “Privacy Rule”, and after that as part of the same second paragraph, would be a sentence that begins “we recommend that the Department”. What about the sentence after that, which now reads, would that be included in that second paragraph?
MS. HORLICK: That’s fine because it will be at the end of the second paragraph.
MR. ROTHSTEIN: Ok, Kepa, ok?
DR. HARDING: After “we recommend”, what’s after that?
MR. ROTHSTEIN: Ok, “we recommend that the Department initiate a program to measure the effects of the Privacy Rule. An ongoing program will help to refine,” etc., etc., etc. Then what about the sentence, “among other things”, is that part of the second paragraph?
DR. ZUBELDIA: I would make that a separate paragraph.
DR. HARDING: Which one is this?
MR. ROTHSTEIN: What’s now the second sentence in the second paragraph that begins “among other things”.
MS. HORLICK: Do we want to say that now about the burdens and the benefits?
MR. ROTHSTEIN: Well, we’ve already changed that, that sentence now reads, ”among other things it would be valuable to study the effects of the Privacy Rule on such crucial matters as clinical care, public health reporting, and research. It could also assess the degree to which the Privacy Rule”, etc. So do we want to, we could make that the end of the new second paragraph or we could make it a new third paragraph. Any thoughts?
DR. ZUBELDIA: My preference would be to make it a separate paragraph so you give more impact to the recommendation.
MR. ROTHSTEIN: So the sentence that begins ”Among” is now paragraph three. Ok, so, John did you?
MR. HOUSTON: Just back to the NCVHS believes that an early phase implementation, we’ve already past implementation.
MR. ROTHSTEIN: The early phase of implementation, I mean we’re in the early phase right, the first few months.
MR. HOUSTON: Well, implementation was to occur before April 2003, we’re now in the early phases of --
MR. ROTHSTEIN: Compliance?
MR. HOUSTON: Early period following --
MR. ROTHSTEIN: The early period following the compliance date?
DR. ZUBELDIA: Or the period immediately following the compliance date.
MR. HOUSTON: I’m just afraid, we are all, all covered entities are to be compliant at this point in time, they’re not --
MR. ROTHSTEIN: How about the NCVHS believes that now --
MS. HORLICK: This or now because by the time they get the letter and decide to do it --
MR. ROTHSTEIN: How about if we just take it out and say now?
MR. HOUSTON: This is an especially opportune time.
MR. ROTHSTEIN: Now is an especially opportune time?
MR. HOUSTON: Yes.
MR. ROTHSTEIN: And however you want to define “now” we’re going to agree with.
MR. FANNING: That’s left in the second paragraph.
MR. ROTHSTEIN: Ok, anybody have anything to change in what is currently the third paragraph, which will become the fourth paragraph?
DR. ZUBELDIA: Are you going to leave the words, “research and developing strategies”?
MR. ROTHSTEIN: Would be pleased to assist the Department developing strategies --
MR. FANNING: Strategies for this inquiry or whatever term you use --
MR. ROTHSTEIN: Strategies for this program? Because that’s the word we’ve used, the program. Strategies for this program --
MR. HOUSTON: Or we could say, developing strategies to measure programs --
MR. ROTHSTEIN: We could say “Very Truly Yours” instead of “Sincerely”.
PARTICIPANT: I like “Sincerely”.
MR. ROTHSTEIN: You like sincerely, ok --
PARTICIPANT: Is sincerely what the Committee usually uses?
MR. ROTHSTEIN: Yes, I was just --
PARTICIPANT: It was a dig at me.
MR. ROTHSTEIN: No, no, it wasn’t, it was a dig at the lawyer on the Committee, that’s right.
MR. FANNING: As long as you’re in the formalistic mode, the title of the official to whom you are addressing it is Secretary of Health and Human Services, he’s not Secretary of the Department of Health and Human Services.
DR. HARDING: Explain that.
MR. FANNING: That is his title, Secretary of Health and Human Services, and there’s a meaning in that, he does not just administer a department, he has a responsibility for more broadly to the nation for those matters.
DR. HARDING: And that’s the same for each Cabinet official?
MR. FANNING: Yes.
MR. ROTHSTEIN: Ok, any other thing related to this letter? I will after this Subcommittee meeting is over I will revise this and have it ready for presentation to the Full Committee this afternoon on our regularly scheduled time.
DR. COHN: 10:30 probably.
MR. ROTHSTEIN: Ok, well, it’s not going to take long, I will make the changes on this and have it ready to go.
Ok, the second item on the mental agenda that I have is to talk about the listed agenda item, and that is what we agreed to at our last subcommittee meeting in this joint hearing and Simon maybe you want to discuss or raise the issue from our brief chat with John yesterday.
DR. COHN: John and Karen and Stephanie and Kathleen and everyone else. Well, I think we’ll start with what we know and then we’ll start with what we don’t know. I have become convinced, and I think John Paul has sort of seconded this one, that at some point in the Fall we need to have a hearing on the Security Rule and how that’s going and issues that are coming up. Now I also think been convinced that probably this needs to occur after October 15th, just because I think we’ve heard some pleas from those who are involved in the implementation of the administrative and financial transactions that we should probably not be trying to divert attention and focus from that implementation. Now of course October 15th isn’t that far from now so this I don’t think prevents us from moving forward with a hearing on that. Now given that Security, even though it’s part of the title of that other Subcommittee, to my view is really sort of a cross cutting issue and so I thought it had always been that we would do a hearing on that in terms of how implementation is going and what are the issues, what do entities need at this point, that it should probably be a joint hearing between both Subcommittees.
Now, that part I know. The part that I don’t know has to do about enforcement, and I am, there is obviously right now, I don’t know what you call it, I guess interim enforcement rule that has the peculiar properties of going into force before comments have even been completed, which is sort of interesting but not being a lawyer I can’t comment on that. But clearly there’s the expectation the way the other pieces, or maybe other big pieces will be coming out as the year progresses. This obviously I think, on one hand it’s probably a very legalistic issue, there are probably also however fundamental policy issues that sort of get connected with the legal pieces related to enforcement.
Now the part that I don’t know is really we’ve heard differences of opinion, and I’d have to have Stephanie or Kathleen or anyone else chime in on this one, about whether this is something that really is appropriate for public testimony in a public hearing as well as seemingly some, once again this is something that I sort of get help from you and get help from the staff in terms of figuring out what the major focus is of the issues that need to be addressed. It seems to me that there may be something there that would benefit from public testimony but at this point I don’t know what it is and I think we, I don’t know, Kathleen do you have a comment, Stephanie do you have a comment? I see Stephanie back there.
MR. ROTHSTEIN: She’s sitting back there to give us a graphic illustration that she’s almost out the door.
MS. FYFFE: My bias is to put as much sunshine as possible on things like this.
MR. HOUSTON: What’s that mean? I mean sunshine, what does --
MS. FYFFE: Open hearings --
MR. FYFFE: There’s no other way of having a hearing basically for this kind of thing. Was the question you were raising as to whether security vulnerabilities would be exposed or --
DR. COHN: No, no, Security we know we’re going forward with, we’re talking about enforcement and the issue was that I’m hearing from some of our staff that geez it would be a good idea probably for us to do something and hearing equally strongly from some of the other staff and from like a two minute snippet from John Lumpkin that he’s unsure whether we ought to really get into that area.
PARTICIPANT: Is that at all or the timing?
MR. ROTHSTEIN: Not to categorize John’s remarks but I’ll try so they’re not obviously binding on him, I believe he thinks that this is an inappropriate topic because it deals with the enforcement discretion of the agency or something of that sort and it’s not the kind of factually driven stuff that we usually try to express at our hearings. Is that fair?
DR. COHN: I think it’s not information policy. But having said that, of course, in the legislation we are responsible for advising the Secretary, I didn’t see parts of the HIPAA reg that were excluded from the discussion, so that’s obviously the other issue to think about. I mean I’m really open, I mean it seems to me that we could put together a hearing sometime this Fall, one day on Security the other day on enforcement, I just want to make sure everybody’s sort of --
MS. HORLICK: Shift it to compliance issues and then it will talk about how it’s an administrative burden or whether they’re losing patients or something like that.
MR. HOUSTON: When we started to talk that really was my original intent, was Privacy would be talking, allow public testimony regarding what were the unintended consequences, or what is the impact of the rule post, six months post deadline.
DR. COHN: That’s another conversation, but this may not be wrong.
MS. HORLICK: -- Part of the impact is related to compliance but it’s probably broader but I mean you could focus it without mentioning enforcement just on what’s been your experience with complying with this.
MR. ROTHSTEIN: The only thing I would say is we would have to be very careful in structuring that hearing because I can imagine some of the witnesses who are just, they want to re-litigate if you will minimum necessary and all the issues that we’ve been around and around on for the last several years and I’m not, just to raise the substantive issues that they’re unhappy with doing is really not what we have in mind.
MS. HORLICK: People might be reluctant to say they’re having difficulty complying now that the compliance date has passed, it’s a little different.
PARTICIPANT: It might not be a real popular thing to come before HHS.
MS. HORLICK: I would try to do some of these hearings --
DR. COHN: I think there’s a couple of issues and probably should actually, I can see John Paul where you were going with your comment, part of the issue gets to be the enforcement rule is intended to be one rule so on the one hand it is related to Privacy but on the other hand sort of stands separate because it’s supposed to apply to everything. And we can narrow this one down and talk about it in the context of Privacy. Of course Gail as you commented you get into trouble that, I certainly would not want to as a covered entity come in and talk about the non-compliance six months after the rule, and for the record --
MS. HORLICK: I wouldn’t want to be planning that hearing.
DR. COHN: Exactly, it might be a little tough, you might have to get anonymous people.
MR. ROTHSTEIN: If we got trade association types they wouldn’t be admitting anything, they would just say some of our members believe that they’ve had difficulty in certain areas.
MR. HOUSTON: I do believe post April 2003 that there are some issues that frankly need to be addressed, I think there are some areas where the rule is, has not operated effectively, I think there’s some areas where I think there could be some improvements. I think it’s worthwhile to engage people in dialogue, I really do.
MR. FANNING: Simon’s suggestion is for a hearing on the enforcement rule or process but I’m still not sure what people would come forth and say, possibly someone against whom a proceeding was brought would come and complain and attempt to re-litigate it in almost a literal sense, but it is a sort of a technical legal thing involving discretion, when you decide to bring a proceeding and that sort of thing, I’m not sure what you would get out of it and what the type of recommendation you would make to the Secretary based on the hearing would be.
DR. COHN: Well, John, I think you’re reflecting, I’m sorry you and Karen aren’t sitting together because you’d probably be looking at each other and nodding your head because that is I think somebody, the concern don’t want to hold a hearing if it’s, I mean first of all you’d like to have a client so that somebody would listen to the results as opposed to wishing they hadn’t heard it, and so you want to focus it appropriately. And then the question is is it anything other than sort of a nebulous spin, and I don’t know. This has been something, Mark and I have gone back and forth about this for a couple months and if I’m misdescribing this Mark, please chime in. I’m still uncertain whether there’s anything there.
DR. ZUBELDIA: The comment period has closed, right? So do you have a sense of what comments there were? Do you have an idea of what the issues were? Because it may be worth to have a hearing on whatever issues came, the top issues in the comments.
PARTICIPANT: Comments went to CMS.
MS. KAMINSKY: There were very few comments, very few. The piece that was just issued was issued as an interim final because it was merely procedural, and because it’s really just the Department’s procedures under the APA or whatever, there were a couple other laws that were construed together, it was HIPAA, it was the APA, and it was the 1128-A, which is the OIG’s enforcement --
MR. HOUSTON: It’s nothing knew.
MS. KAMINSKY: I’m sorry?
MR. HOUSTON: It really is nothing knew.
MS. KAMINSKY: Right, but they were construing all of those and there was legal authority to move forward into an interim final rule because it was merely procedural, the hearings, the subpoena’s, this, that and the other thing. The piece that is being worked on now as I explained yesterday is the substantive piece of the rule and it has substance tied to it, what’s a violation, what are mitigating and aggravating circumstances, those kinds of questions. There will be another NPRM coming out on that stuff in the Fall sometime, there will be a comment period following that NPRM where the public will be welcome to submit comments, and I supposed NCVHS would be part of that public who could be open to submitting comments. And those comments will be taken into consideration and that NPRM will be retweaked or reworked or whatever accordingly and some of the comments that we’ve received now even on the procedural piece, which are very few, will also be taken into consideration and the entire package will be reconstituted as one regulation sometime next year, final regulation.
DR. ZUBELDIA: So it’s probably not worth having a hearing on enforcement until we have that substantive piece published.
MR. ROTHSTEIN: Can we table this until our September meeting and take it up then?
DR. COHN: I mean certainly I think what we’re talking about is moving forward planning for the Fall a two day hearing, one day on security and one day either on privacy six months after and issues or on enforcement. Now be aware it does get a little bit, in other words I’m just sort of reflecting on previous NPRM’s and the process, but generally I don’t think that we hold hearings in the middle of an open comment period on an NPRM and I have to think about this one a little bit. Now normally our role is to sort of think about things and try to provide input --
MR. ROTHSTEIN: No, I think we’ve done that.
MR. FANNING: You certainly could do that, you after all --
MR. ROTHSTEIN: That’s so we can submit our comments.
MR. FANNING: That’s right, you have a more formal commenting role than the public who writes in and it seems to me you could use any mechanism you wanted to form your view.
MS. KAMINSKY: However it would be very tricky to do the timing, because to arrange a hearing, that takes some time, you’d have to have the hearing soon into the comment period, the comment period is usually only 30 days, I don’t know if this one is going to be longer but that’s been my experience, then you have to congregate and you’d have to get your results together, so the timing piece could be very difficult for you --
MR. FANNING: Although, may I point out, I don’t think the Committee is as a legal matter bound by the 30 days. On the other hand, as a practical matter, if the final reg is already being written there’s no help to it to get your comments when it’s all over.
PARTICIPANT: I thought it was 60 days.
MS. KAMINSKY: Is it 60 on this one? The Committee’s not bound by that, it’s true, and if they came in soon after the comment period closed I’m sure they’d be certainly considered as well.
MR. FANNING: Yes, yes, soon after.
DR. ZUBELDIA: There’s another issue that I think we need to discuss and I don’t know if you’re looking for a hearing in the Fall, to talk about possibly enforcement or possibly some other issues. The other issue would be the banking industry --
MR. ROTHSTEIN: We’re going to come to that in just a second.
DR. COHN: Let’s sort of finish off the --
MR. ROTHSTEIN: We’re going to come to that issue shortly.
DR. ZUBELDIA: But if you’re looking at a topic for the hearing I think this would take a good chunk of that hearing.
MR. ROTHSTEIN: We’re going to be coming to that in just a second I promise you. I want to finish up on this issue. Simon, when you originally raised this, was it your sense that you just in general thought it would be a good idea for us to hold a hearing and hear from the public or was there some sort of substantive aspect of the enforcement rule that you thought --
DR. COHN: That I had insight into that hadn’t been written yet?
MR. ROTHSTEIN: No, that you thought needed to be explored?
DR. COHN: My perspective on this was that our, according to the HIPAA regs and the -- law in 1996 we have full responsibility to advise the Secretary on HIPAA rules. And so when I think of a new rule coming out or a new rule being in the works my mind immediately jumps to getting public comment on that, trying to provide guidance to the Department on yet another HIPAA rule. And so it had nothing to do with my gosh I’m concerned about enforcement, I’m not a lawyer thank God, but anyway. But I did not immediately go oh, there are legal issues that we need to investigate, it was really more I think as Kathleen commented about providing sunshine into the process as well as helping us develop our own views. But as much as that trying to help the Department recognizing that some of these things are benefited by these opportunities for public discussion.
MR. ROTHSTEIN: Well, ok, that’s helpful, it’s not as if there was a burning issue, substantive. So, Kathleen?
MS. FYFFE: Can we discuss this in the full Committee meeting and sort of put a stake in the ground that says the recommendation is that after the NPRM for the enforcement rule is issued the Committee or the Subcommittee having a hearing? Is that what we want to do in order to --
MR. ROTHSTEIN: That’s a possibility, do you think that would be valuable for the full Committee to advise on --
MR. HOUSTON: That should be done in a context, I think maybe done in a context of what we plan on doing in terms of public testimony and other aspects such as security and --
MS. FYFFE: And to me that by announcing that publicly it could put, could inform the public that this is coming --
MR. ROTHSTEIN: What do you mean --
MS. FYFFE: That hearings --
DR. ZUBELDIA: I wouldn’t ask for advise, I would just --
MR. ROTHSTEIN: You don’t want advise, you just want to announce --
DR. COHN: Subcommittee hearings are not a consensus issue with the full Committee generally.
MR. ROTHSTEIN: Well, maybe we ought to talk to John about that given that he’s expressed some reservations about whether we ought to be doing that.
DR. COHN: Well, you can decide to say that we are thinking about doing this.
MR. HOUSTON: Maybe the other route to pursue this is to engage briefly HHS’s council, to say would this be an appropriate matter for NCVHS to consider, because if they come back and say you know something, this is our gig, or there is some other type of objection from them maybe we at least get their opinion as to something, they could come back and say that’s a good idea because we think we have some problems how we approach, maybe I’m being --
MR. ROTHSTEIN: So you’re talking about CMS --
MR. HOUSTON: Maybe it’s OIG --
DR. COHN: You know John, actually it’s sort, I just sort of agree with your comment, which is I think that we, we’re very interested in doing this if we can be helpful, and I think there’s sort of two opportunities. One is that we somehow communicate effectively with the Office of the General Council, and once again it’s this issue of client and somebody to hear. So if there are things that would be valuable for us to get a hearing going before a NPRM is published to provide some discussion of issues that might be helpful then it would make a lot of sense to do that, otherwise we probably ought to consider doing it during an NPRM to help inform us about what we might respond.
MR. HOUSTON: I think that it also deals with John Lumpkin’s, some of his concern or issue, which is this even an area of a space for which we should be engaged in.
MR. ROTHSTEIN: Ok, so how about if I at the Executive Committee meeting this afternoon raise the issue of whether John Lumpkin should approach through whatever channels are appropriate someone at OGC and find out whether they think it would be constructive for us to hold hearings on this? Is that --
MS. HORLICK: Are you going to give your report to the full Committee? Are you going to mention --
DR. COHN: I don’t see reports on the agenda this morning.
MR. HOUSTON: Yes, reports from the Subcommittee.
DR. COHN: Oh, is it there?
MR. ROTHSTEIN: Yes, that’s when we have to go over --
DR. COHN: Ok, well I know there’s other ones going to be coming up.
MR. ROTHSTEIN: So you think I need to raise it then?
DR. COHN: I don’t think there’s any value to bringing this up for general discussion, I think it’s something --
MS. HORLICK: I didn’t mean, well I mean I guess any time you announce what you’re doing --
DR. COHN: Well, we’re not announcing what we’re doing, we’re basically going to explore --
MR. HOUSTON: -- the issue of possible future hearings.
DR. COHN: And we’re thinking about doing X as a concern of the --
MR. ROTHSTEIN: I would like to have it vetted first before we start reporting it at the meeting. Because I don’t want to have to report that OGC squelched it.
MR. FANNING: May I suggest that you not be that specific about who in the Department you’re consulting? I mean ultimately choices about what goes in the regulation are policy choices, so let the Department sort out who wants to comment to you on the desirability of having a hearing.
MR. ROTHSTEIN: Ok, so I will put that on the agenda for my report at the Executive Committee this afternoon dealing with privacy.
DR. HARDING: Before I could vote for that I’d have to know more about what information are we looking for and from whom specifically, and then who we would recommend things to specifically.
MR. ROTHSTEIN: Ok, I’ll start with the last which is the easiest, I mean we would recommend to the Secretary in our normal way, the question I think that we want resolved is whether the folks in the Department who are responsible for enforcement think it would be valuable for the Subcommittee to hold hearings and solicit public testimony and then for us to develop a letter in which recommendations --
DR. HARDING: Solicit, I mean what information are we trying to get, whether people like enforcement or not?
MR. ROTHSTEIN: No, I would think the procedures dealing with the enforcement.
DR. HARDING: The procedures of enforcement? Most people aren’t going to like them I would think.
MR. HOUSTON: No, but I think there are some issues related to everything from how do you count a violation to mitigating circumstances --
DR. HARDING: And that’s our role to determine, or to make recommendations --
MR. ROTHSTEIN: We might recommend something like we think that the Department needs to be more specific in setting out what it considers to be mitigating or aggravating circumstances and should issue guidance on that or clarification or FAQ’s or something. I think personally that’s the sort of outcome that I might see from this.
MR. FANNING: It seems to me that most of what you’d focus on would be that rather than the procedural portion of how a hearing is conducted and so on, obviously you can advise the Secretary on anything you choose but it strikes me that that would not be a particularly valuable inquiry and those rules follow ones that already exist for violations of other statutes we administer in this Department and it could provoke people who’d want to question the whole thing and so on. However, what you’ve just laid out are full of elements of the substance of the command of the regulation, these other matters.
MR. ROTHSTEIN: And I think should we, I mean this is sort of very speculative now, should we go ahead with hearings I think we would have to be incredibly detailed in our instructions to witnesses as to the scope of the hearings, because I don’t want, I mean you can imagine what sort of witnesses we might have.
MS. KAMINSKY: I’m hesitant to bring it up, I don’t know what’s listed, there is one procedural issue that really is on the table as I understand it which has to do with appeals. The way it was written folks can get a hearing, the hearing procedure that’s been set forth as I understand it, and obviously I haven’t read the procedural rule, is before an ALJ, Administrative Law Judge, the Department has a choice about whether or not there would be an appeal, appeal right or an appeal process to the DAB, Departmental Appeals Board, versus going to a court, federal district court, that in the procedural rule they chose not to have a DAB, Departmental Appeals Board level of appeal available and apparently that has been a source of some debate. So for whatever that’s worth there are some I think some procedural issues that the public may have some thoughts about as well.
MR. FANNING: That’s addressed in the covered rule and that’s the choice that’s made there.
MS. KAMINSKY: Yes but it’s, I mean everything is going to be reconstituted so that is a procedural issue in particular that there could be some thoughts on but again you have to consider is that something that you want to hold a hearing about.
MR. ROTHSTEIN: Right, and we would have to be very specific on those things. So Richard are you now, is your comfort level --
DR. HARDING: A little higher but I understand John’s concern.
MR. ROTHSTEIN: I agree.
MR. HOUSTON: Why don’t we take the next step to engage those individuals in the Department who might say you know, yeah, we do believe as Stephanie said that there are some areas maybe that further input would be welcome, or vice versa, they may say --
MR. ROTHSTEIN: So a vote now, basically an affirmative vote, is to direct me to report at the Executive Committee meeting this afternoon our intention of looking into this and asking John through appropriate channels to find out whether the Department thinks it’s appropriate for us to do it. Is that ok? Any objections? Ok, so that carries.
Now the next issue, how long do you have here?
DR. ZUBELDIA: I told them I would be there by now, but --
MR. ROTHSTEIN: Ok, well we’re going to put you up right now. There are other issues and one of the ones that for possible work of the Subcommittee and Kepa described sort of a gap in HIPAA/Gramm-Leach-Bliley that I think the Subcommittee might want to look at.
Agenda Item: Possible Work - HIPAA/Gramm-Leach-Bliley - Dr. Zubeldia
DR. ZUBELDIA: Yes, this has been described to me and I have not done any further research other than just taking the description from a source that is from within the banking environment, so I presume that he knows what he’s doing, now he testified before the Committee before.
Apparently Gramm-Leach-Bliley is an act that protects the banking customers from the bank disclosing their personal information, and it protects two types of entities, the bank’s customer and the bank’s prospective customers. So if you go to a bank and send your loan application and then decide to not get a loan with that bank they still can’t disclose your information even though you’re not a bank customer. Section 1179 in HIPAA excludes the banks payment activities from coverage under HIPAA and what the banks are saying that they’re also not a clearinghouse, not a covered entity, because the fact that they’re processing payments, even if it’s in the 835 and converting the 835 to CTX transaction doesn’t make them a clearinghouse.
According to the report from this individual the banks are actually considering the 835 information outside of the scope of Gramm-Leach-Bliley because the patients contained in the 835 are most likely not bank customers or bank prospective customers. The provider would be the bank customer or the payer would be the bank customer, but not the patients inside the 835. And therefore they believe that they can use the information in the 835, including procedures, dates for service, place of service, to their financial gain in direct marketing activities, not just general research but even marketing directly to an individual products that are not even banking products, and are apparently getting ready to sell this information to marketing companies for their marketing activities.
I think this is something that needs to be investigated further and I don’t know if it’s a loophole that needs to be changed in the law or in Gramm-Leach-Bliley or in some sort of business associate agreement or some restriction to the HIPAA covered entities that they cannot send this through the banking system because there is a hole, I don’t know exactly what needs to be done but I think that it needs to be investigated further.
MR. HOUSTON: A couple questions. What is the purpose of the bank getting the 835? Why do they need that information if they’re not acting as a clearinghouse?
DR. ZUBELDIA: Well, the 835 has two parts, two tables, one is the payment instructions to the banks, which is the payer instructing their bank to send instructions to the providers bank to make a money transfer into the providers bank account. And then the second part to the 835 contains the remittance advice that says what was paid, what wasn’t paid, and who’s responsible for it.
MR. HOUSTON: Ok, now I would argue that if they’re not a clearinghouse, they’re not a covered entity, then what you’re troubled with, I would suspect part of the question is based on a minimum necessary rule, whether any information other than transactional information is something that a covered entity should be disclosing then to the bank as part of this and therefore if you only are giving banking information then this information that they’re talking about using would never make their way to them. I guess that’s part of my thought processes, is what’s the propriety of the bank even getting this information based upon what role apparently they’re playing here.
DR. ZUBELDIA: And that may be the way to close the loophole, but currently there are several ways of using the 835 and one of the most common ways is to send the payment instructions and remittance advice to the bank for the bank to forward to a provider.
MR. HOUSTON: Because if you think about the process, my understanding is that transactions are intended to be passed between covered entities.
MR. ROTHSTEIN: Well, another way of looking at it is, or closing the loophole, is to consider the bank a business associate of the covered entities and therefore they would have to enact an agreement and so on. But let’s move back from the --
DR. ZUBELDIA: But the banking system has more pieces than just the two financial institutions at the end. There is all kinds of settlement --
MR. ROTHSTEIN: No, I understand that, but then if you had a business associate agreement with all the users then they couldn’t sell, that’s sort of irrelevant at this point. The question is, that Kepa raises by bringing this up, is this an appropriate area for us to look into and schedule hearings on. And if so this is a little different then some of the other hearings that we’ve done in the past, who do you see us coordinating with in terms of these hearings?
DR. ZUBELDIA: Well, I know that the American Bankers Association has some legal opinions as to whether banks are clearinghouses or not, and as to whether they have access to this data or not, and I think the American Bankers Association should be one of the entities to come. There’s some banking marketing companies that I’m sure they have some opinion as to whether, and they could come to testify, why they’re doing and why they believe that what they’re doing is correct.
DR. COHN: Well, I guess I’m struggling based on previous testimony, I mean I imagine that the American Banking Association might come to talk about their legal opinions, but I would be sort of scratching my head trying to imagine a banking, what is it, a marketing organization coming to voluntarily share with us their plans in this area.
DR. ZUBELDIA: To share with us why they believe what they’re doing is correct.
DR. COHN: But I don’t think they’re doing anything yet.
MR. HOUSTON: Who’s responsible for Gramm-Leach-Bliley for enforcement and the like?
MR. FANNING: The Financial Regulatory Institute --
PARTICIPANT: It’s one of them.
MR. FANNING: Well, there are several of them actually, anybody who regulates financial institutions, the Office of Thrift Supervision, the Fed I think, the Office of the Controller of the Currency in FTC.
DR. ZUBELDIA: And there are some states where the Department of Banking and Department of Insurance are together. I know, for instance, New Jersey has banking and insurance together, and it may be appropriate to bring some of those state regulators to ask them how they see this fitting.
MR. HOUSTON: Let me ask a question. Is this a testimony type situation or is this a situation where we call to the attention of the Department as being a potential unintended consequence that needs to be investigated for possible violation?
MR. ROTHSTEIN: Well, I think this is something where testimony would be appropriate to find out exactly what’s going on to get on the record the kinds of things that Kepa was suggesting.
MS. KAMINSKY: It wouldn’t hurt for the Department to issue some guidance about whether some of these scenarios are clearinghouses or are not clearinghouses, that wouldn’t hurt --
PARTICIPANT: Or a business associate, or --
PARTICIPANT: If I may be so bold, that decision is being made probably in the next few days by Karen Trudel and Jared Adair, the banking community sent a letter to them asking for clarification on just these issues.
DR. HARDING: My one concern is that it’s now six months if we do a hearing before we would have anything to say, probably or more, and is it there something that we could say about, as Stephanie was saying, something that should be looked into, is this something that shouldn’t. This is a flag here, let’s do something now as opposed to waiting six months. And maybe we can do both.
MR. HOUSTON: Right now if this stuff hits the street, let’s just say we play Kepa’s scenario out and in a month or two we end up with these communities using these materials for marketing, that is absolutely, I mean that’s something that could have very dire consequences because then if OCR comes back and says you know something, they should have a business associate agreement, they’re covered under HIPAA, then all of a sudden not only do you have a guidance document with regards to just the business associates but you also have a whole pile of information, potentially millions of disclosures that have occurred by these organizations are starting to use this for marketing.
DR. COHN: But let’s get it straight for just a second here. First of all before HIPAA there was no regs on all of this stuff, people were doing electronic transactions, just because it’s probably a major issue if not resolved by October 15th when we expect to have things in, but it’s not an issue that has been caused because of the privacy regs.
MR. ROTHSTEIN: Well, the other thing is I don’t know that we need an emergency letter to the Secretary if the Department is already on notice that there’s a problem.
PARTICIPANT: They don’t know the situation that Kepa just brought up, so whether or not Gramm-Leach-Bliley covers the patient information is being shared through the banks and that is definitely something that --
MR. FANNING: But what was this reference to a letter about to go to Karen Trudel and Jared Adair?
PARTICIPANT: It’s on Karen’s desk, excuse me it’s on Jared’s desk now.
MR. FANNING: Ok, but it does not identify this issue explicitly?
PARTICIPANT: It identifies the bank’s --
MS. FYFFE: Did this letter go to the Secretary?
PARTICIPANT: No, it went to Jared Adair, but there have been other approaches by the same parties to other people in the Department and the issue is are we a clearinghouse or not, are we a clearinghouse only if we change formats or reenter the data from standard to non-standard. If we do that you’re a clearinghouse, but if you’re not a clearinghouse and you’re using the data then a business associate applies. And even if the business associate particulars they may not offer the protections to the patient data that’s transferred back and forth between the banks.
DR. COHN: Without trying to solve this problem at the moment it seems to me that what really sort of needs to happen is since Jared and CMS have a letter on their desk probably somebody needs to say to, I mean that way we’d all have this information, but they need to be informed or reminded to share the information with OCR so that a not just a standards perspective can be brought to bear but also the privacy perspective, and there may be an issue that they need to consider around the interface with the Gramm-Leach-Bliley, which we know is a very complex area anyway. I mean any organization that’s dealt with this knows that, they’re sort of trying to deal with both and trying to figure out what’s what, and inevitably there are going to be holes. I would think only if they can’t get this resolved or it seems to be unsatisfactorily resolved with guidance then we need to get into hearings on this.
MR. HOUSTON: I’m going to go back to Kepa’s original statement which is, to paraphrase hopefully closely, is they’re about ready to use this data, maybe I misunderstood what you said.
DR. ZUBELDIA: My understanding is they’re using it now, it’s not about ready to.
MR. HOUSTON: So therefore I believe there is some immediacy if in fact what’s happening is they’re using data which covered entities are compelled under the Privacy Rule to keep confidential, because whether it’s a standard or a non-standard transaction, what they’re doing is taking data that they have available for one purpose and using it for another purpose, which in theory we shouldn’t be permitting them to do. So I think there is some immediacy to what Kepa said.
DR. COHN: Well, I’m not arguing with that, it just sounds to me that there’s a process to deal with that, I mean we’re not the enforcers of the Privacy Rule.
MR. HOUSTON: Well, no, no, no, but we are enforcers of business associates.
DR. COHN: We are advisors to enforcers of --
MR. ROTHSTEIN: We also could do hearings on what the obligations of covered entities are, it seems to me that the covered entity who knows this is going to happen has at a minimum a requirement to notify the patients.
DR. ZUBELDIA: Well, I think there has been some conflicting either guidance or interpretations of all of this because the position from the bank is that they’re not converting formats, they’re wrapping the 835 in a banking envelope so it would flow through the banking system, and therefore there is no possible way for them to be a clearinghouse, all they’re doing is wrapping it. But of course they can peek inside it. Also, the idea that the bank is a business associate, the banks have fought that and apparently successfully where they said they’re not business associates of the providers in that the providers bank is not acting on behalf of the payer and the payer’s bank is not acting on behalf of the provider so the business associate relationship extends only to the immediate contact and there is this chain that including the clearinghouse association and all of this financial institutions that information flows through --
PARTICIPANT: It’s a very porous pipe --
DR. ZUBELDIA: A very porous pipe, a very long porous pipe.
MR. ROTHSTEIN: Well, it seems to me that there are three entities involved in each of these transactions and arguably all of them are in violation of HIPAA. We’ve talked about the banks, we haven’t talked about expressly the obligations of the payers not to disclose that information, the payers are covered entities and on what basis are they disclosing without any authorization --
DR. ZUBELDIA: On the basis of 1179.
DR. COHN: There’s actually something in the law that talks about banks being--
MR. ROTHSTEIN: But it doesn’t say they have the right to send PHI --
MR. HOUSTON: They need to go back to this law and the minimum necessary, say do they need this to, does somebody, does a current entity need to disclose this information for this associate.
PARTICIPANT: The answer to your question, anything that’s in a standard transaction is considered minimum necessary.
MR. HOUSTON: But, but, only for the intended purposes of that transaction with the other parties to the transaction, the other covered entities. But the point is the payer now is --
PARTICIPANT: The payer is sending a transaction out the door as a standard transaction. What’s in that transaction --
MR. HOUSTON: But that doesn’t mean that covered entity can go send private citizen or Wal-Mart an 837 then and say I don’t have any liability because it was an 837 with minimum necessary but --
DR. ZUBELDIA: The 835 transaction is intended for payment and remittance advice, and it includes all of this remittance advice information as part of the transaction.
MR. HOUSTON: I understand that --
MR. ROTHSTEIN: Ok, we’re not going to solve the substance now, the question is what should the Subcommittee do. What is your recommendation, Kepa, that we hold hearings?
DR. ZUBELDIA: That we investigate this further, I think that the first thing to do is have some of the staff look at it more and maybe let us know what they find, because I think it needs to be investigated further before we have hearings or a conference call or something.
MR. ROTHSTEIN: Ok, so the recommendation is that we direct Kathleen to look into the issue and see the degree to which it is being considered at both OCR and CMS and then report back to us about what steps if any are being taken and we’ll decide whether we need to hold hearings. Is that a fair --
DR. ZUBELDIA: I’ll give you the information that I have.
MR. ROTHSTEIN: Is that agreeable to the rest of the Subcommittee?
DR. HARDING: Kathleen will ask who?
MR. ROTHSTEIN: Kathleen will ask I would assume Rick and Jared.
DR. HARDING: And see if they are doing anything?
MR. ROTHSTEIN: Correct.
MS. HORLICK: See what, like what this gentlemen said, what exactly, they have a letter but what are they going to do with that letter, what are they going to recommend.
MR. ROTHSTEIN: What’s their understanding of this problem.
MR. HOUSTON: The letter may be so limited in what it says they may not even understand the totality of the issue.
MS. HORLICK: If it’s on a transaction basis then there’s a gap.
MR. ROTHSTEIN: Kathleen will explain the problem as Kepa described it and see whether that is something that they are currently looking into based on this letter.
Agenda Item: Miscellaneous Issues - Mr. Rothstein
MR. ROTHSTEIN: Ok, we have a few minutes left and I would like to raise a couple other issues, I know some of you have another meeting. Now that we have sort of turfed one issue, table another issue, I’d like to raise the question of we could go in our inquiries in our hearings in a couple different directions now on other issues. One is we could take a look at the privacy rule and to see which provisions are not working and why they’re not working, and with all due respect to our esteemed colleagues from OCR, perhaps some mistakes that were made in either the Privacy Rule itself or the guidance that has been issued, and I would argue there’s some ill-advised things in the guidance. I mean that’s one thing. On the other hand we might decide that for political practical reasons we don’t want to do that because we don’t think that the problems are that bad or there’s a high degree of likelihood that they’re going to do anything about it, or whatever may be a focus on other things.
The other thing I want to put on the table is a concern that I have and that is a professional misunderstanding of the Privacy Rule and that the Privacy Rule was intended to be a floor of rights that individuals have with respect to their health care and not to be coextensive with the ethical obligations of health care professionals. So let me just give you one example, and I could give you many, in which if you follow what the Privacy Rule says it would result in a lower level of privacy for individuals then they’re currently used to.
So for example, I go to doctor A and doctor A treats me and says that I need to, I’ll just call doctor A an internist, an internist says well I think you need to see a specialist, we need to send you to a gastroenterologist, so they schedule an appointment, I go to the gastroenterologist who now wants my medical records. Under the Privacy Rule, because it’s treatment, there’s no need for any sort of authorization or anything it just goes automatically to the second doctor or third doctor or fourth doctor, anyone who’s involved in my treatment, when now I think in many instances it’s customary for the second or third or fourth doctor to ask me to sign a release authorizing my internist to send my medical records. Now the question is whether that is the kind of thing that ought to be followed.
Another thing in the treatment area is you can use treatment information for one relative in treating another relative without any authorization or consent. And if you think of many of the same kinds of treatments that individuals would go to a physician for, think of a medical geneticist or an ob-gyn or whatever, there’s all sorts of things that you might not want, that one family member, think of psychiatry, perfect example, there’s no restriction on using one patients information for treatment decisions of another. And you can probably think of at least two or three dozen illustrations of areas in which the Privacy Rule, I mean it was not designed to supplant, so this is not a criticism of the rule, it was not designed to replace medical ethics and professional judgment across the board. And to the extent that in practice it is doing that, I think that is troublesome to me and that would be another issue that we can look into, we can get people from the AMA for some of the specialty colleges or ethics people and so on.
So those are a couple ideas that I have for things to look into and I would solicit you to try --
DR. COHN: Well, first of all we have I think, I don’t think a security hearing is being shelved.
MR. ROTHSTEIN: No, it’s been tabled.
DR. COHN: No, it has not been tabled, the question is the timing.
MR. ROTHSTEIN: Ok, right.
DR. COHN: Security I think is going forward, hopefully we’re cosponsoring it obviously with Standards and Security, so I want to make sure that that’s, that’s one day of a two day hearing and we were arguing about what the second day would be and whether it would be enforcement or I think some of the stuff that John Paul was describing earlier which sounded like I think your first issue though I would reframe it about, used an e word that sort of gives me a headache, especially if it’s being taped, but I think we were talking about --
MR. ROTHSTEIN: I’ll repeat it, errors.
DR. COHN: Well, actually I don’t think there were errors, I think there are ways to improve the rule potentially, I mean you may want to look at that, and I think if we’re going to do a hearing we might want to focus in six months after how well things are going, issues that people are having, how we can improve with the advice and subsequent rules, I think that would make a lot of sense.
The second issue I’m fascinated by, though, I think that there’s this issue of I think some local variation in how things happen and I think that probably your view of the distinctions between medical ethics and laws and all of that, they sort of blend together the way, how things work because a lot of this stuff is state based and, for example, California will think differently than New Jersey and probably somewhat different from --
MR. ROTHSTEIN: Plus some of it is based in state laws where there are strong state laws like California, so it’s institutional based, some of it’s custom based, some of it’s related to whatever specialty group we’re talking about. But I think the overarching question is whether there are some instances where physicians are in fact using HIPAA as a replacement for ethical restrictions that formerly were applied to disclosure of patient information.
MR. HOUSTON: First of all I think Simon just said HIPAA was never intended to displace more stringent state law, and often we get into this debate well, doesn’t HIPAA want me to do that, and I do field these questions all day long, yes, but we need to still go back and look at state law because state law precluded it prior to HIPAA, therefore you don’t get to trump in reverse. So I probably said, if I said it five times I’ve said it 100 times to people, so I think there, that this is maybe a misconception that needs to be remedied somewhat but I believe that’s been very solid, that’s been advice that I’ve given time and time again in my organization with regard to this specific issue.
But I think that that might be the purview of the larger discussion, some of the issues with regards to privacy that we need to put on the table for a hearing, it’s one of, preemption is actually on my list of five or six key areas of HIPAA that I think warrant some further discussions. You can go back to the original arguments pre-April 2003 where people said really there should be no state preemption, you should have a federal, some people were arguing there should be a federal privacy rule and then should completely preempt state law. Now I don’t know if we want to open Pandora’s box up on that regard, I would prefer not to at this point in time, but again I think that is one of the unsolved areas that I’ve heard and I think there’s four or five other ones.
MR. ROTHSTEIN: Well, I would agree that part of it is preemption but I think part of it is also a matter of medical ethics because the issue is not resolved in many states, it’s not subject to any particular state case law or statute and it’s just based on custom. And now suddenly oh, we can do that --
MR. HOUSTON: Sounds like more of a realization than anything if there was no state law --
MR. ROTHSTEIN: Right, and I think a joint publication by, I mean this is jumping ahead six jumps, by the Department and various medical groups would go a long way in clarifying what this does and what it doesn’t do.
MR. FANNING: One thing you might explore in such a hearing is the nature of professional education with respect to this sort of thing, does it get to the underlying reality of what your ethical obligations are or is it focused on bare minimum compliance begrudgingly simply to avoid sanction.
MR. ROTHSTEIN: Right, I think that’s an excellent point and one that we’ve been --
MS. HORLICK: I was going to say in the first scenario that you mentioned with your internist and the gastroenterologist I wasn’t really clear who you were saying was disclosing to this third and fourth doctor.
MR. ROTHSTEIN: No, no, no, what I’m saying is that if I go to a new gastroenterologist who wants to see what my internist found it’s customary as far I know to sign a release and they’ll send that to my internist and send the record. Now under HIPAA that’s not required.
PARTICIPANT: Unless there’s a prior state law.
MS. HORLICK: Right, but you can still get that and presumably you would know that it was being sent to that doctor. But I wasn’t talking about that, I was talking about you mentioned a third and a fourth disclosure and I wasn’t sure --
MR. ROTHSTEIN: What I meant was other specialists.
MS. HORLICK: Right, and I guess what I’m saying is I maybe don’t see it, maybe see it from a different perspective, but if it were me going from the internist to the gastroenterologist presumably I’d know that my records were being sent even if I didn’t sign it or that he would send me to somebody else, so I didn’t see that but I may be missing the issue.
MR. ROTHSTEIN: But I’m saying you would either acknowledge, expect it, be told that we’re getting the records, and that goes beyond any HIPAA requirement.
MS. HORLICK: Right, and what I guess I’m wondering is are you seeing this as problematic, that now doctors are using this as an opportunity to not --
MR. ROTHSTEIN: Yes, yes.
MR. HOUSTON: I’m going to stay, that we just fall back to state law and I would suspect many are that way but I understand that not all states have medical privacy laws, so in theory it was an open, it was something they could have done before pre-HIPAA because there was nothing that precluded them from doing such and I agree there’s a point where ethics have to fill in the void.
MR. ROTHSTEIN: If Richard is treating two members of a family I think he might have a problem in using information that was told to him by one member of the family in treating another member of the family whether that was disclosed or not as an ethical matter, and HIPAA does not --
MS. HORLICK: Those are two separate issues, I see that one as really to me, I don’t know, maybe I --
DR. STEINDEL: I agree with Gail, the first case that you’re talking about, even if they go and ask for a release we heard yesterday about perfunctory signing of releases and I think in most cases today when you go to one doctor to another and they hand you something it’s a perfunctory signing of a release. And the fact that it now could be transferred without signing of the release practically is not going to make that much difference. And I agree with Gail that in most cases people who go from one doctor to another expect the information to be transferred.
Now the other situation like with Richard or with genetic information, that is very concerning, and I think that that’s a point that really should be --
MR. ROTHSTEIN: I think you make a good point but it’s a substantive one on the first one. You’re saying that people shouldn’t mind that HIPAA is now replacing what was commonly done in the past because it didn’t afford very much protection. That may be true but the question is whether as sort of an overarching principle we want people to rely on HIPAA as a basis for doing that. I think what they should rely on is the fact that maybe the --
DR. STEINDEL: If you’re looking at information flow downhill, you’re going from your internist to your specialist, and that information is flowing, or if you’re going from your internist to your psychiatrist and the information about your medical history is going to your psychiatrist, I think that there’s probably not that much of a medical concern or an ethical concern there. Now the information flow in the other direction may be of concern --
MR. ROTHSTEIN: From the specialist to the internist.
DR. STEINDEL: Yes, and that flows freely, and that is an area where I do have some concern.
MR. ROTHSTEIN: Sure, so I want to see a psychiatrist and I don’t necessarily think my internist needs to know what I said.
MR. HOUSTON: I think what this really speaks to I’d say is still going back to state laws, there’s an inconsistent of application of HIPAA based upon what other laws are existent in the localities for medical, where this is occurring. Again, I always, often go back to state law, even post-HIPAA, in giving advice because many of these types of things you’re speaking to are things that are still governed by state law and I’m getting head shakes no but I think --
DR. STEINDEL: I think a lot of states don’t have good specific laws.
MR. HOUSTON: Then my point is is that this is not a HIPAA issue because the state did not have laws pre-HIPAA and in theory there was the right to have done these things all along --
MR. ROTHSTEIN: Except the restrictions that were placed on the practice by ethical standards of the profession.
MS. HORLICK: Well, I mean it would be interesting to see, I don’t know, Richard, from your perspective, I mean just using the psychiatrist as an example, do you think now that psychiatry is being inclined to disclose information back to referring specialists because HIPAA doesn’t, I mean it doesn’t seem to me that that would be an issue, but I might be wrong, I really think the other issue, and I just wanted to comment that to me it wasn’t so much the signing or the not signing the consent or the authorization, it’s the knowledge base, do I know that that’s going to my gastroenterologist and I think that shouldn’t change but I’m not sure that it has changed, and so that is whether the consent is meaningful. I think, I’m not sure that HIPAA has changed that, if I’m going to a specialist one way or another I think I’m going to assume my records are going to go. But that’s only based on just --
MR. HOUSTON: What HIPAA may have done, though, and again back to my point, was that often people say well HIPAA says I can do this and you say no, you have to stop people because they read HIPAA and they read the summary of HIPAA and they forget the fact that there’s this preemption that sits there also and that’s a separate issue but one that I confront all the time.
MR. FANNING: I just want to say that I think this would be a worthwhile inquiry because even if state law doesn’t govern it these ethical questions and professional relationship questions are still very real ones and the danger of a law, state, HIPAA, whatever, is that it becomes the only standard instead of being a bare minimum. Anything of this sort has to be written very generally to accommodate a great range of situations that can’t be dealt with in advance, so what fills in the rest is professional judgment and the like and it becomes more important to look into that and emphasize it once you have a law because everyone is looking at the law and may not look at the rest. So I think it’s a good idea, but I am a staff member and not a member of your Committee.
MR. ROTHSTEIN: We are running out of time, let me just give you a chance to comment in a second, I just want to sort of frame where we are. We have directed Kathleen to inquire on the Gramm-Leach-Bliley issue. We have a joint hearing with Standards and Security, one day of which will be security and the other day is not clear yet, and we’re going to be inquiring, or I’m going to be inquiring at the Executive Committee this afternoon. So now the issue is do we want to put on the table and try to schedule Subcommittee work on either of these two issues or some combination or what. John?
MR. HOUSTON: I believe that there are some very practical issues with regards to privacy that are very unsolved at this point in time, and I think they warrant discussion above and beyond these ethical issues that I think we can talk about medical ethics for years, they are in my mind, there are still in my mind serious potential issues with regards to accounting disclosures. I don’t think there is clarity right now, and it’s a latent issue that this doesn’t seem to be too difficult now but as we move forward it’s going to become more difficult because the volume of accountings will just simply accelerate and it will go up. I think it’s a latent issue that’s going to come back and hit people. I still think that there are issues with regards to fundraising that are still, we’re only now starting to understand some of the limitations and some of what an impact it is on organizations that depend on fundraising. Preemption we talked about, I think is important to discuss. Physician compliance, small provider compliance, I think is still minimal at best --
MR. ROTHSTEIN: So, not to cut you short, but you would prefer a more broader more substantive hearing in which we could delve into all of these issues. Is that what you’re saying?
MR. HOUSTON: Yes, I think we need to, I think very clearly we need to.
MS. WILLIAMSON: During the NHII Workgroup meeting yesterday we talked just briefly, and we’ve talked in the past about some of the issues that are coming up related to privacy as we move towards an NHII, and so this is something that I wanted to at least put on the table, I know Steve got some feedback from a presentation that he did.
DR. STEINDEL: I’m hoping that some of this may come out in the breakout sessions John has next week on privacy, I gave a couple of NHII talks to small groups and they happened to be right after the privacy reg went into effect so this was hot on people’s minds, and one of the basic impressions people get from the NHII is we’re now going to create this free flow of patient information all over the place, that is a presumption, and I heard, I actually heard this, it was in a side conversation, but two people were commenting you know we just spent N hours or days learning about how to protect patient information under HIPAA Privacy and now here’s this guy standing up and telling us we’re going to create this environment where there’s this free flow. And actually if you take a look at what as you said is a minimal standard in the Privacy reg what we want to do under the NHII is probably going to be allowed under the HIPAA Privacy reg, and I think the question needs to be asked, what should be allowed and what constraints should be put on this free flow of information, whether they be regulatory or ethical. I think right now there’s probably going to be some ethical constraints, I hope there’s some ethical constraints.
DR. COHN: Getting back focused again, I think the first step for the NHII, and I sit now on the Workgroup, is for them to figure out what it is. And once we figure out what it is then we can look at the privacy pieces, I think that that certainly is an issue but I think it’s probably a longer term agenda that they really need to be looking at. I guess the question I would ask for you Mark is what sort of agenda we’re developing, I think it may make sense for us to look at creating the years’ agenda in which case things like NHII and your second issue around provider responsibilities in the electronic age or whatever, whatever it is that you’re describing, may make sense. I think in terms of a more immediate task if we’re talking about something this fall, knowing the limited range of this Subcommittee, we’re probably talking about a security Monday, and I guess at this point I’m sort of more excited about the Privacy Rule six months after and sort of seeing where we are and how to improve it only because it seems something that we could actually do something with as opposed to a longer expiration, the other things may be better later on.
MR. ROTHSTEIN: The only thing about this more general Privacy Rule six months after is it would be very long and very involved because people would want to come back and talk about all the issues that we spent time on.
MS. HORLICK: Well what about focused hearings where you could have four panels, you could have one --
MR. ROTHSTEIN: I mean there are research issues, there are public health issues, there are issues about accounting for disclosures that I think need to be looked at, so I mean --
MR. HOUSTON: Just because there’s issues doesn’t mean we should shy away from them.
MR. ROTHSTEIN: No, all I’m saying is we need to commit the time and the resources to do that if that’s what we want to do.
MS. HORLICK: But instead of saying here’s your docs or here’s your consumers, you could have here’s your topic and look at it from different perspectives --
DR. COHN: I was going to say, I think that that actually might be fine, I don’t think we need to do it in six weeks, a whole review like we did last time in trying to get recommendations, I think this is something we can give a little more look at this topic, look at that topic, and sort of try to space and plan some hearings into probably the middle of next year that would allow us to do this and maybe put other issues in as they come up. We are sort of a Subcommittee that doesn’t have any hearings planned.
MR. ROTHSTEIN: Correct.
DR. HARDING: Could we ask OCR what the dilemmas are that they face and try to help in some way with hearings that would address those things?
PARTICIPANT: You’re assuming that OCR has dilemmas?
MR. HOUSTON: Or isn’t trying to better understand themselves some of the issues.
DR. HARDING: No, John, I’m saying can we be a help to them.
DR. COHN: Well, I think there’s two issues, one is guidance, and then there’s the other issue which is that, and maybe that, all these rules are supposed to evolve and obviously OCR can’t, it sort of lives up in the rule of what exists generally as opposed to the rule of what could be, and I think maybe we, our role is to sort of look at the rule of how the rule needs to evolve and get shaped I would think.
MR. ROTHSTEIN: Right, and OCR may be more wed to the current version of the rule than we are, for example, talking about accounting for disclosures you could make a very good argument that the current rule is backwards in terms of what is accounted for, that you should have to account for disclosures pursuant to an authorization and not have to disclose for legally compelled disclosures that are required under state law.
DR. COHN: Disclosures are a confusing area.
MR. ROTHSTEIN: But what I’m saying is that may not be something that OCR would put on the list but that we might put on the list.
MR. HOUSTON: I absolutely believe there’s some problematic issues that really do need to be explored, they’re operational often, we’ve heard also research, public health, some of this is misconception probably as much as it is the fact the rule doesn’t necessarily operate the way it was intended, but I think we need to work on these things.
MR. ROTHSTEIN: I am prepared to move ahead with hearings in the Fall on this, I would not like to see it move to 2004. The fact that we are having this joint hearing, frankly I think your Subcommittee is going to be taking the lead on that --
DR. COHN: See I thought John Paul was going to take the lead actually on Security.
MR. ROTHSTEIN: Well, whomever, the Security Rule is not the sort of major area of expertise or interest of this Subcommittee even though it is obviously an issue, and I don’t see anything that would prevent us from moving ahead and scheduling something some time in the Fall that didn’t --
MR. HOUSTON: Are we precluded from having more than a two day hearing?
MS. HORLICK: We’ve had two and a half days because we’ve had like the next morning to discuss and synthesize.
MR. ROTHSTEIN: We’ve had three day hearings, HIPAA version. I would not like to see a piggyback onto that, I think we’re talking about a separate two day hearing.
MS. HORLICK: You’re talking about a separate then the second day of the security hearing?
MR. ROTHSTEIN: Yes.
MS. HORLICK: So then what would the second day of the security hearing be?
DR. COHN: See I actually thought we could do the second day of the security hearing is getting into this, but are you thinking, unless we do a --
MR. ROTHSTEIN: The problem is in ten minutes we could probably come up with 15 topics and you can’t have a witness on each one because you need a range of views, so suddenly you have a penal on each one and that takes a couple of hours, and then you’ve got public testimony and so on and there are practical limits on the number of issues that you can really get done in a day and I would say that maybe three or four at the most.
MR. HOUSTON: Are we allowed to elicit input as to what people would, topics for the testimony? Are we supposed to provide those ourselves?
MR. ROTHSTEIN: We normally derive those ourselves, we have in the past relied on OCR to suggest areas in which the public has expressed concerns --
MR. HOUSTON: We have thousands of hits to the FAQ’s and questions to OCR, I guess that might be a good source of --
MR. ROTHSTEIN: We could rely on that or we could just, as well as generate topics internally and to --
MS. HORLICK: Are you suggesting that we not use the day after, let’s say the day after the security hearing for a privacy hearing?
MR. ROTHSTEIN: That would be my inclination because I think we need two days, if we’re going to take up the issue of, let’s suppose we don’t do anything on the enforcement rule and we have a second day, I think the second day could easily or more easily be devoted to the other topic, the topic of the relationship of the Privacy Rule and professional responsibilities and state privacy laws, I think that could be done in a day. I don’t think the issue of possible amendments to the Privacy Rule can be done in a day.
DR. COHN: I don’t think anybody thinks that the Privacy Rule can be done in a day, I think we all think we might be able to start it, we think it’s probably going to be two or three hearings all told, I don’t even think you can do that in two and a half days, because I think there’s a whole bunch of topics, many of which we went through last time which we have to go back and take a look at.
MR. HOUSTON: I almost think that, my personal opinion is this issue of medical ethics versus HIPAA privacy is something that maybe can be done some other time, I think there’s --
MR. ROTHSTEIN: So you would prefer that we have, use the second day if we don’t do it on the enforcement rule as sort of part one of a look into possible revisions and then if that’s the will of the Subcommittee then what we can do is sort of solicit internally some topics and distribute them by email and then we’ll refine it over the course of the next several weeks and we can plan that hearing. Our next full Committee meeting is September, is that enough time for us to plan a hearing in late October?
DR. COHN: Between now and then you mean?
MR. ROTHSTEIN: No, in September, let’s suppose we, so we need more time then that.
DR. COHN: Well, we don’t need Committee face to face time, we’re sort of saying go forward --
MS. HORLICK: You’re talking about doing a hearing in when, October, isn’t that when it’s scheduled, the security, is it scheduled for September?
DR. COHN: I don’t know whether it’s scheduled really or not.
MR. ROTHSTEIN: Alright, you can do it by conference call, I will arrange a conference call depending on what happens with the enforcement rule. In advance of that we’ll ask for people to send in suggestions of topic areas that they want to do some work.
MS. HORLICK: I would just say that anything you can do to avoid trying to get in touch with people in August would be good because everybody is on vacation so if you can --
MR. ROTHSTEIN: I understand, so what I would like to do is have a conference call next month to line up the topics and then we can line up the speakers in September.
MS. HORLICK: Or we could start at the end of July but that’s when I mean, that was my experience when we did those August hearings.
DR. COHN: I would actually just suggest almost in terms of jump starting and not that I don’t love conference calls but anytime during the summer is a bad time for a conference call. Yet email is a practical value you have, I mean Kathleen obviously is our staff, I would think a, we need to, what it is we need to do is look at a date and begin to get some dates, dates tied down and I know Kathleen can help us with all that. I think that probably we ought to sort of start emailing around and I know John Paul has a list of items that I know he’s been hungering to get on the agenda so we should ask him to sort of send us an email with his issues and then we can maybe via email start saying yeah this is an important one --
MR. ROTHSTEIN: Alright, then how about if we use the conference call as a back-up if we can’t resolve --
MR. HOUSTON: I don’t think it’s something we’ll need to convene in that type of a setting.
PARTICIPANT: Is there anything in your statutory language that can or cannot be interpreted as Congressional intent that HIPAA replace or supercede or supplant medical ethics or better fine tune state laws?
MR. ROTHSTEIN: No, no. Well, they address the issue of state laws and then they specifically said that HIPAA does not preempt stronger state laws, but the issue of its relationship to medical ethics was not addressed either in the legislation or in the legislative history.
PARTICIPANT: Because often the attitude on the Hill was if they don’t get it right now they’ll go back and fix it later and see how current events with Kennedy and the drug brokers in Medicare you’d say well let’s pass something now and we’ll fix it later. The value of your hearings could be, the hearing might be if you need something, need something fixed, looked at, and the dichotomy between what the law actually is supposed to be and the way it’s being applied, hearings could be very, could correct things in the future.
MR. ROTHSTEIN: Well, that’s what we hope to align and hope that that would be the case as well.
MS. HORLICK: I would just say if you think that you want to have another hearing before the end of the calendar year, while you’re polling people I would go ahead and reserve that date because --
MR. ROTHSTEIN: Yes, we probably ought to reserve two dates.
MS. HORLICK: And they could always cancel it.
MR. ROTHSTEIN: We haven’t had a hearing since --
[Whereupon the meeting was adjourned.]