[This Transcript is Unedited]
Hotel Monaco
501 Geary Street
San Francisco, CA
Agenda Item: Introductions and Opening Remarks - Mr. Rothstein
MR. ROTHSTEIN: Good morning, welcome to day two of round four of the hearings on the National Health Information Network of the Subcommittee on Privacy and Confidentiality of the National Committee on Vital and Health Statistics, my name is Mark Rothstein, I'm director of the Institute for Bioethics, Health Policy and Law at the University of Louisville School of Medicine and chair of the subcommittee. And just for the record the NCVHS is a federal advisory committee consisting of private citizens that makes recommendations to the Secretary of Health and Human Services on matters of health information policy. We'll begin with introductions of the subcommittee members, staff, witnesses and guests, as always subcommittee members are invited to disclose any actual potential or implied conflicts of interest and others need not do so. I'll begin by noting that I do not believe I have any conflicts. Paul?
DR. TANG: Paul Tang, Health Medical Foundation, member of the subcommittee, no conflicts.
DR. HARDING: Richard Harding, University of South Carolina, member of the subcommittee and committee with no conflicts.
MR. REYNOLDS: Harry Reynolds, Blue Cross and Blue Shield of North Carolina, member of the committee and no conflicts.
MR. HOUSTON: John Houston, University of Pittsburgh Medical Center, member of the committee and subcommittee and no conflicts.
MR. GREELY: Hank Greely, professor of law, Stanford University, no conflicts that I know of.
DR. LO: Bernie Lo, professor of medicine, University of California, San Francisco, I'm a recent victim of credit card fraud so I can say I have a personal interest in this topic.
MR. ROTHSTEIN: As am I actually.
MS. GREENBERG: I'm Marjorie Greenberg from the National Center for Health Statistics, CDC, and executive secretary to the committee.
MS. PEEPLES: I'm Beverly Peeples, CDC Privacy Officer, and staff to the committee.
MS. BERNSTEIN: I'm Maya Bernstein, I'm the privacy advocate of the department and I work in the Office of the Assistant Secretary for Planning and Evaluation, I'm the lead staff to this subcommittee.
MS. JACKSON: Debbie Jackson, National Center for Health Statistics, CDC, committee staff.
PARTICIPANT: [Comment off microphone.]
MR. HINKLEY: Gary Hinkley, I'm a lawyer with Davis Wright and I'm here on behalf of Connecting for Health.
DR. DEERING: Mary Jo Deering, National Cancer Institute, lead staff to the NCVHS Workgroup on National Health Information Infrastructure.
MR. RODE: Dan Rode, American Health Information Management Association.
MS. SQUIRE: Marietta Squire, I'm with CDC's National Center for Health Statistics and I'm staff to the subcommittee.
MS. CHRISTIANI(?): Ginny Christiani, meeting logistics contractor for the subcommittee.
MR. ROTHSTEIN: Welcome everyone. Invited witnesses have been asked to limit their initial remarks to 20 minutes and after both of you have had your 20 we will have ample time for questions and discussion and as in the past it's really the give and take is most valuable to the subcommittee. You may submit additional written testimony to Marietta Squire within two weeks of the hearing and if anyone here has a cell phone I would ask that you put it on mute or buzzer or something, vibrate, so that it won't interfere with the hearing. Unlike most of our hearings, and indeed all of our other hearings, we are not being broadcast live on the internet, we are however being recorded and there's a phone in line for people to call, I don't know if anyone has called in, there are some people, good morning, could we ask the people on the telephone to introduce themselves?
MS. HORLICK: Hi, this is Gail Horlick from CDC in Atlanta, staff to the subcommittee.
MR. ROTHSTEIN: Good morning, Gail, good to hear from you.
MS. MCANDREW: This is Sue McAndrew from the Office for Civil Rights, privacy liaison to the committee.
MR. ROTHSTEIN: Sue, good morning as well. Anyone else? So for the benefit of those listening on the telephone I would ask everyone to speak clearly.
As I mentioned at the outset this is our fourth round of hearings on the NHIN and beginning after lunch today we will start to try to piece things together with the goal toward getting a recommendation through the full committee and to the secretary this fall. At our first round of hearings in Washington in February we heard from experts on privacy and confidentiality as well as representatives of consumer organizations. At our second round of hearings in Chicago in March we heard from a range of health care providers and health organizations. At the third round of hearings in Washington in June we heard from representatives of and experts on integrated health systems, health plans, RHIOs, and health systems in other countries. And so this brings us sort of full circle to try to see the big picture and to give us an idea of where we might want to go in terms of our recommendations.
As you know in advance of the hearings and to focus our discussion the subcommittee distributed to the witnesses a list of six questions, some or all of which we hope and expect that the witnesses will address. Very quickly for the benefit of those who have not memorized the questions yet I'll go through them, they are as follows.
Number one, with respect to the design of an NHIN do you prefer a model based on a RHIO, a model where individuals carry their own personal health information on a device, trustee model or something else? Why and what are the implications of this model for privacy and confidentiality?
Two, what are the implications of permitting individuals to control whether their records are part of the NHIN? If permitting this option is appropriate what mechanism should be used to obtain individual consent or authorization?
Three, what information if any should individuals be able to exclude from their EHR or the NHIN? What if any limits should apply to these exclusions?
Fourth, what limitations if any beyond those of the HIPAA privacy rule should be placed on access to personal health information in the NHIN? How should such limitations be developed and applied?
Five, should individuals have the option of having their health records maintained only in paper form?
And six, what other measures are needed to protect the privacy and confidentiality of personal health information and to build public trust in the NHIN?
So we look to you to help us, if not immediately resolve those questions, get us started on the right track. And we will go in the following order with our witnesses this morning beginning with Dr. Lo and then to Professor Greely. Bernie?
Agenda Item: Panel III - Dr. Lo
DR. LO: Thanks, it's a pleasure to be here again with you and welcome to San Francisco, I'm sorry the weather wasn't better. I'm going to wear my physician hat today and I'd like to start with giving you a couple of brief anecdotes of recent examples from my own clinical practice where a National Health Information Network might have been very useful.
The first example is a patient under my care but who's also being cared for by another physician, and in fact this is a patient getting antibiotics at home and I need to get some lab tests to follow up some things and the lab that does the lab tests is different then the lab from the home care service, different then the lab that ordinarily does my testing and to which I have immediate electronic access. So trying to get that person's lab results which were needed for care was a huge problem and took me and my staff a lot of time to do that and caused actually a somewhat dangerous delay in changing care for a patient. There are similar issues that come up any time you refer to a specialist who's not in the same integrated health network which does happen.
And then secondly a patient who was recently hospitalized and the outpatient records were not available to the inpatient physicians. Now increasingly I think as many of you know there's a separation in continuity of care between your primary care outpatient doctor and the so-called hospitalist who's the inpatient specialist, it's sort of a British model, so there's a real concern about important information not being available for the doctors taking care of you while you're sick. And the two pieces of information that were not available were first, previous electrocardiograms to try and see if a change on the admission cardiogram was new or old, if it was new it meant a whole lot of additional cardiology tests, if it was old it meant that probably it was not an active problem.
And secondly the question of what medications had been previous tried for this patient's condition because what happened in the case I'm thinking of is the doctor sort of picked a medication for congestive heart failure which is the right thing to do according to guidelines. What they didn't know is this patient had been on the medicine about a year ago and had really serious side effects. And of course they sent him out and five days later he had the side effects. So all these sort of examples which I think any of you in practice I think are aware of happen all the time if you're not in an integrated, solely within an integrated system.
Now I wanted to also tell you about a story, an anecdote on the other side, Dr. Harding may be able to comment on this. I recently saw a new patient and it turned out her major problem was depression and this was the most serious of a number of episodes. She was reluctant to start medications for depression although she met the clinical criteria for that and as we talked it turned out she had been tried on medications in the past, had had adverse effects that she considered intolerable relative to the benefit. But she couldn't remember the drugs, she couldn't remember the dosage she'd been on, and she couldn't remember sort of how the dose escalation took place. This is unfortunately a common problem in the lack of quality of care for depression and so we were really stymied, there was no way for me to get these records, they were in New York and she didn't quite remember the name of the doctor who had been taking care of her. It made it very difficult for us to address her current problem.
So I think what I'd like to first underline is that a NHIN could have enormous benefits for patients when they're patients, when they're sick and seeking care, and I would argue to you that these clinical benefits are greater, would be greater, the greater the scope of the NHIN. So the more information that's included, the more timely access is by providers actually taking care of the patient for a current problem, the more providers and institutions who participate, and the more patients who participate the more likely it strikes me the benefit is if you look at things from a population basis. If these records are adopted only sporadically by a few doctors, a few hospitals, and a lot of information that potentially is clinically relevant is left out you're not going to get the clinical benefit.
I just wanted to make a comment on a question, one of the six questions that you all raised in terms of should patients be allowed to have paper records. I think there's an increasing trend within at least larger medical practices and health systems to have electronic records be the default so I can't keep paper records at UCSF. I can sort of keep them, no one is going to be able to find them, they're stored someplace nowhere near the hospital or clinics, and they're totally useless. Increasingly we're trying to put everything online for all the reasons that you've already discussed but I think it may not be realistic for many patients going to many providers to ask that records not be kept electronically.
Now I want to now shift to sort of the concerns about privacy and confidentiality which after all is the theme of your subcommittee and just to sort of make the point which I'm sure is obvious to you that the risks to privacy and confidentiality will also be greater the more information that's included, the more timely access is by a larger number of providers, the more providers who participate, and the more patients who participate. So it seems to me what makes this difficult is the very qualities that make this electronic record network useful to a clinician and patient facing an actual clinical problem are exactly the conditions that raise concerns about privacy and confidentiality, that's the dilemma I think that your committee and the larger committee is struggling with.
On the second page of the handout I tried to reproduce a couple of newspaper headlines from the past year to sort of illustrate the kinds of concerns that are in the press about privacy and confidentiality, these are electronic medical records, not necessarily a National Health Information Network. The first is from the Boston Globe, a headline saying Harvard Fixing Data Security Breaches Loophole Allowed Viewing Student Prescription Orders. Well, a very bright sort of computer savvy Harvard student with too much time on his or her hands found out that he could actually hack in to the medical record system at student health services and actually download lists of medications that students were prescribed including sensitive information about prescriptions for things like mental illness, HIV and the like. And this is just one of many examples of these kinds of break-ins, there's one about a year ago at the University of Washington in Seattle, so these are institutions that have security officers and good security programs but are not inviolate.
Second instance is, I guess there's no one here from Kaiser today, he's here, a disclaimer here, so California regulators fine a prominent health care system in California $200,000 dollars, the state imposes a penalty for breaching patient confidentiality and exposing health records on the web. And this is not the only example where that a patient's medical record by name appeared on the internet and usually these are some sort of computer glitches in the security system, things get posted where they shouldn't get posted, but obviously for the patients this is sort of your worst nightmare come true.
The third headline is actually a UCSF problem from the San Francisco Chronicle, our local paper, Special Report, Looking Offshore, Outsourced UCSF Medical Notes Highlight Privacy Risk, How One Offshore Worker Sent Tremor Through the Medical System. Well, in our institutions drive to become more efficient they figured out that when people like me dictate a patient note on a hospitalized patient to cut down on the lag between the time that actually appears in the paper hospital chart they send the transcription offshore to India or Bangladesh where you take advantage of the time zone difference and the note gets transcribed and sent back before the doctors come in the next morning.
Well a problem was that some of these people doing the transcription had not been paid by the sub-subcontractor who had hired them and they said if you don't pay us we're going to put this stuff on the internet and just to prove we can do it they sent this to the CO of my hospital, here's somebody's patient note from yesterday and sure enough they had the name, medical record number, birth date and the like. Now obviously there are concerns about business partners and sort of follow through but again, this is not, UCSF is not a fly by night organization, someone should have been thinking, there are people who think a lot about privacy but this is something that slipped through the cracks.
And the final headline is from the San Diego Union Tribune from last fall, Albertsons, which is a supermarket chain that runs the pharmacies in their supermarkets, is sued over prescription practices. The allegation was that firms paid Albertsons for data on its customers for marketing purposes.
You see headlines like this and I think people, a lot of people see in the news or hear about concerns about security, privacy, confidentiality breaches and the reason I put these in front of you, I mean you're familiar with these, is you don't see headlines the other way, say patients spared dangerous operation because doctors tracked down old records and found surgery unnecessary. Or serious complication of a drug avoided because doctors realized that the drug had already been tried.
So my concern is that as the public as individual patients think about how they want to make this balance between access to information versus privacy and security, what's most salient to them in their minds in sort of the public media are the risks. And I think one of the things I would like to see more as a physician because when I actually sit down and explain to patients why this is important they say oh my gosh, of course I would want you to know about this and about that. Now I'm their doctor, they're seeing me for a medical problem, and that to me is different then when they're putting, sort of putting on their patient hat, and that's different I think then when they're putting on their consumer hat when they're healthy, they're thinking sort of in a more abstract way about how they want their medical information to be handled.
So I want to now try and address some of Mark's questions, just I'm going to toss out some ideas and hopefully we'll have some time to talk about it. So limits on access to personal health information in a NHIN, it strikes me there are two general approaches that one might take. One is to limit what gets put in the electronic national record and the other is to limit who has access to it.
My main concern about limiting what is placed in the NHIN is that if you have a simple check-off where I go in to see a new doctor and they say if you don't want certain information to be put in the medical record check the boxes and sign here, I will check the boxes, I'll say I don't want this, I don't want that, without someone sitting down and saying well but do you know that if you check that off if this situation comes up there might be information that the doctors would want. So my concern is that we would like these decisions to be informed decisions, it strikes me the decision to exclude something should be a thoughtful decision that takes into account the potential benefits of inclusion versus the potential risks. Informed consent as you know is difficult under any circumstances, I think it's going to be very difficult here.
I'm particularly concerned that once you make the decision to just leave out all my psychiatric information, and I focus on psychiatry because under HIPAA at least psychotherapy notes are given sort of special protection in terms of privacy and confidentiality and certainly something many people are very concerned about is not wanting that disseminated. But in terms of diagnosis, medications tried and side effects I would argue that if that information isn't put in an electronic record a doctor in the future who needs to know that to help the patient make a decision about a new medication is going to be operating without crucial information. So you can't, the problem is if you exclude it in the first place you can't then add it, or it seems to me it would be very difficult, could be very difficult to add it.
Now maybe some of you have some technical solutions to that in terms of giving some information to the patient who has it on one of these memory sticks and can say oh Dr. Lo if you really, thank you for explaining why you need it, plug this into your computer and only you can look at it. Maybe that's a solution.
The other solution that strikes me is limit access, by limiting who has access to certain parts of the record and already those of you who are involved with designing systems this is already part of the design, people in the billing office don't have access to the same information that the treating doctor or nurse has and it strikes me that you may be able to refine that further. I like that because you can change the access, I mean I have patients who may not want me to know about things that happened in their remote past but if it suddenly becomes potentially relevant to a current problem, if it's in the record but blocked, if they can remove the block the doctors can say okay I'll look at it now because we've talked about how this might be useful. I would favor that kind of limits on access provided that we allow the patient a surrogate, if the patient is too sick in an emergency or because of a medical condition to make those decisions for himself or herself.
So let me just quickly finish and give Hank Greely to address you. I'm going to make a couple of, three recommendations. The first is that I think we need to provide more incentives for security, that I think, I know your committee is focused primarily on privacy and confidentiality but a lot of the breaches in confidentiality are security violations and I'm not sure our current technology, at least if you read the papers, is up to the task. And I'm particularly concerned about subcontractors and as I say I'm sensitive because I got clawed in this UCSF fiasco.
The second issue I'd like to highlight for you is the use of NHIN for marketing. I'm very concerned about how the current HIPAA regulations, because of the exclusions in the definition of marketing, allow a lot of uses of personal information for ways that I think are very hard for some patients to understand the benefits to them. And right now under HIPAA you can't even opt out of being on a marketing list, opt out of having your PHI used for marketing purposes by your provider. So I would say that at the very least we need to be able to allow people to opt out of that and I would actually flavor flipping the presumption the other way and saying you need to actively opt in to allow your PHI to be used for marketing and informational purposes.
And my third recommendation is that, I'm actually, I actually am a strong advocate of electronic records because paper things get lost. And I think that when I sit down and explain to my patients the benefits of an electronic record they understand it and they're willing to trade-off and accept certain limited risks to their privacy and confidentiality. But I think the focus should be first on the treatment benefits, I think that if we start to say the benefits of this are going to be for business operations or for other sorts of things the public is going to be less enthusiastic then if you say the true benefit is to you that if you become a patient and are sick and the doctor and the hospital need information this is a way of getting information that will improve your care. And it strikes that should be the first thrust of showing that this NHIN is beneficial, at the same time I think we also have to show it's safe in the sense that there are no real problems with privacy, confidentiality, or security.
So let me stop there and I hope we'll have a chance to talk --
MR. HOUSTON: What's your practice, what's your specialty?
DR. LO: Internal medicine, and I do both inpatient and outpatient.
MR. ROTHSTEIN: Thank you very much, some very interesting things for us to talk about. Hank?
Agenda Item: Panel III - Mr. Greely
MR. GREELY: Well thank you, Mark, it's a pleasure and an honor to have a chance to share some thoughts with you on this topic. I have given some written comments, some written testimony that you have, written late last night so forgive any typos, spell check, as a teacher I know that spell check is by no means perfect at ferreting out typos.
I don't want to just read my written comments so I'll use them as a base for what I have to talk about but I want to talk more broadly about what I think are the most important issues from my perspective and I want at the end to actually address the six questions which I don't specifically address in the written testimony.
I am not a privacy expert, I'm not a law professor who has worked on or written specifically very much, a little bit, but specifically very much about privacy. I worked on health law and policy and on biomedical research law in the biosciences, in those two areas I run up against privacy issues constantly. I have some thoughts on them which I'm happy to share but I do offer those thoughts with some uncharacteristic for me humility although it may not sound that way.
I find this a really hard topic, I do not envy you people your task at all. As I say in the written commentary I think there are different ways in which problems are hard and this one is hard in the worst way. I don't think there is a good solution to this problem, there are least bad solutions, there are adequate solutions, but we've got real conflicts here between deeply held social views and forces of efficiency, both economic and medical, and there's no way that you or anyone else is going to come up with a solution that leads everyone to ooh and aah and shower you with the gratitude of a happy nation, it's just not going to happen --
MR. ROTHSTEIN: They might shower us with something but it probably won't be gratitude.
MR. GREELY: I think that's probably right and I think, I hope you realized when you signed up for this that anything you were going to do was going to lead to significant unhappiness, because it's a hard problem but it's a problem we've got to deal with. I notice that the National Committee on Vital and Health Statistics actually goes back to 1950, which is just about the same time that the first computers were being invented, the INIAC(?), and I suspect back in 1950 somebody was saying within a couple of years we'll be put health records in computers. For most of my lifetime the electronic medical record has been a year or two away, it sort of reminds me of the great Reggie Jackson, the baseball player, near the end of his career he was dogged by rumors that he was about to retire and after it had made the front page of the New York papers one day he called the reporters in and said well boys, I have no interest in retiring yet, don't worry I'll let you know when I do but you guys keep writing those stories, you write them long enough one of these days you're going to be right.
Electronic health records one of these days are going to get here and that day is coming very, very soon. My wife is a practicing physician, a pulmonologist with the Permanente Medical Group, and I was talking with her about the subject of this testimony, she's about 65 to 70 percent converted, her facility, to electronic health records, she loves them, she sees the advantages of them, it annoys her when she can't get something electronically. She's full of stories like the first half of Bernie's talk about the great advantages to her patients of electronic health records and she hopes that within a year or two it will be 100 percent then. It's a problem that can't be avoided any longer because it really is getting close.
I'm torn on this issue. In general I am a strong advocate of the rights of patients and of research subjects, I think they are too often underestimated and not, that their concerns are not given sufficient weight. But on this issue on privacy I worry that our society has almost a cult of privacy, I think privacy is important, I guard my own privacy, but privacy is not the only value in the world, it's one that needs to be traded off against other important values, it can be and must be traded off and I worry very much that the cult of privacy leads to a situation where people say if it can't be perfect, if you can't promise me that there's no way this will ever leak then you shouldn't do it. If that's the test we have an irreconcilable conflict ahead of us.
So I think part of what we as a society have to do I'm afraid is to refocus our thinking about privacy from the almost sacred status of complete and absolute privacy to a more realistic notion. I don't agree, I do not endorse Scott McNeely(?), the head of Sun Microsystems, very pithy comment a few years ago, privacy is dead, get over it, but there is some truth to that.
Even more importantly I think the general public has a false vision of how private health information is today. They don't understand how many times doctors not only are not required to keep things secret but are in fact affirmatively required to report things, to public health officials, to civil authorities, to the criminal justice system. Nor do they realize how many eyes can have access at various areas to paper records, or how amenable health records are to subpoena in various pieces of litigation where you're involved as a litigant or where you're just a hapless bystander whose medical records happen to be relevant to an action against a physician, say a licensure action against a physician, where your records are evidence in that case. So people I think have an exaggerated view of how protected they are today and an exaggerated view of how protected they should be in the future.
Having said that I don't want to give the impression that privacy breaches are unimportant, privacy breaches can be very important, I would hope though that we would focus on concrete harms that follow from breaches of privacy more then we focus on the offense against the idea that the doctor/patient relationship is somehow peculiarly sacredly private. So three suggestions of pathways to proceed, none of which will be easy or uncontroversial, none of which will be anywhere close to a perfect solution.
The first is focus on controls, which I'm sure you've been doing, focus on, and I thought Dr. Lo made an excellent point about stressing if you're going to limit something limit access, don't limit what goes into the record for all the reasons that he said but focus on limiting access to those records. But realize that, and tell everyone in the world that none of those controls can be perfect, anything humans do humans mess up.
I think this is probably the first most important deepest rule of public policy, humans mess up from time to time in anything they do, no system of privacy protection can be perfect, and the harder you try to make it perfect the harder you make it for legitimate users sometimes in desperate circumstances, the auto accident out on the highway and the emergency room far from the patient's home. The harder, the stronger the controls the harder you make it for important uses, there is an unavoidable tradeoff there. So focus on controls but remember that those controls come at a cost, not most importantly a financial cost though there is a financial cost, but a cost in the valuable uses, the personal and public health uses of that information.
I like in terms of control two other strategies as adjuncts to a direct limitation on access. One is an audit trail, so make sure that you can tell exactly who accessed every piece of information, when, where, through what IP address, etc. Now good hackers may be able to hack around that as well but if you make them hack both around getting access into it and then hack around the audit trail you've increased their burden and you've allowed breaches of security potentially to be followed, either directly to the person who committed the breach or at least to the institution whose systems allowed the breach to happen. So focus as much attention I think on audit trail, on the transparency and the recording of who gets access to what, when, and how as you do on protecting access.
And the other thing I'd stress is liability, make people who disclose inappropriately, illegally disclose personal health information liable, make them liable for damages to the extent there are actual damages, make them liable for nominal or statutory damages if the actual damages are not big enough. And make them, require them to disclose to the people whose privacy has been breaches that the breach has occurred. We may not think of that directly as liability but no institution wants to have to tell its customers that they've done this, it's a strong disincentive.
California has such a law with respect to financial records which is why many of these recent breaches of security with financial records have reached the public because California law requires that the customers whose confidentiality has been breached be informed about it. So control both directly and indirectly I think is important, look at some of the less direct ways of exercising that control, think about even limiting the media and making the media liable for unauthorized disclosures, there may be some first amendment problems lurking there but there's a lot of space short of a prior restraint in which even the press can be subject to the law and can be held accountable for publishing things that should not be published.
Second strategy, think about structural changes in society and this is asking a lot for your subcommittee, I understand, but you know there are really two different problems with privacy violations, one is the sort of intangible, the personal sense of violation, of having this sacred relationship opened up to the public. I was a victim of a burglary 30 years ago and I remember they took two stereo speakers, it was trivial, but it really changed my feeling every time I walked into that house until a year later when I moved because it felt different. That one you can't do very much about by structural changes except maybe by trying to change people's, the culture's sense of the importance of privacy.
But there are more concrete consequential damages from loss of privacy, things like worries about employment discrimination, health insurance discrimination, life insurance discrimination and so on. One can take the direct approach of trying to ban that discrimination rather then trying to keep information from which discriminatory actions can be taken away from the people who might want to discriminate, ban the discrimination in a straightforward way, make it illegal for an insurer, an employer, etc., to take actions adverse to an employer or a customer based on inappropriately obtained health information.
Now of course that won't be perfect, it would require the person who's discriminated against to know he's been discriminated against, to know that his information leaked. A lot of times that won't happen, sometimes it will. Title XII has not eliminated discrimination on the basis of race or sex but I think it has limited it, both the over discrimination which is almost completely eliminated and the covert discrimination as well, and this could be a useful step I think to limit the damage that could have been done, that could be done, by leaks. There is an issue of the extent to which this is redundant, the Americans with Disabilities Act, the non-retaliation section of ERISA provides some protection, but it's not protection focused on leak of confidential medical information and I think there would be advantages to having a specific statute focusing on making illegal the negative use of inappropriately obtained, leaked, stolen, personal health information for these purposes.
As somebody who is occasionally referred to as an ethicist or a bioethicist I can't let this subject pass without bringing up what I think is the biggest ethical flaw of our entire health care system, in terms of health insurance we could resolve lots of these concerns about health insurance discrimination if we joined every other rich country on the planet and guaranteed health coverage to all of our residents. Many problems become much smaller if people no longer have to worry about losing their health insurance.
Third area, we've talked about controls, structural changes, the third area is more a one of renegotiating the boundaries of privacy. And again, I set you no easy task, I think it would be important, I think it would be useful and will be important for us to try to move the cultural perception of the importance of health privacy to a more realistic view, to one that is both more realistic in terms of how private those records are today, much less private then people believe, and realistic in terms of how private they can be if we are going to as we necessarily will try to obtain the health and financial advantages of moving to a more electronic system.
So talking about the limitations that exist today, making it clear to people that we don't live in a golden age of perfect privacy today, so that the tradeoff is not as stark as they think, and pointing out to people that depending on your circumstances your health records may not be of all that much concern to you. I would much rather let you see my health records then let you see my credit card records, or even my tax return. You'll see my health records, you'll see my doctor has told me to lose weight, over and over again, this will probably not come as a surprise to you. You'll see that I'm on statins, this may not come as a surprise to you either. Now there are some things that would be mildly embarrassing and I know that there are many people who whom there are things that are more then mildly embarrassing that can lead to stigma and negative consequences, protection of privacy is important, but health privacy is not uniquely and always specially sacred.
I also think that we need to negotiate out at the highest level with the greatest possible legitimacy exceptions to privacy, both those dealing with marketing that Bernie talked about, and those dealing I think, the area I'm most interested in, those dealing with biomedical research. Right now post HIPAA we have a situation where clarity is not the prime result in terms of what can and can't be done with these records and neither is legitimacy. HIPAA was adopted under the Administrative Procedures Act and yet it's adopted by an agency that most Americans could not name with tens of thousands of pages of comments, I hate to recommend this, I've been around politics in Washington too long to do this lightly, I think we need legislation.
Legislation can do many bad things, it takes forever, you never know whether it will go through and you never know what it's ultimately going to look like when it gets through the legislative process, you can end up in a worse shape then you were when you started. But one thing legislation can do that regulatory actions really can't do is confer a sense of legitimacy and social consensus. And what HHS does in HIPAA regulation does not have that same force of society's agreement behind it that what something passed by both Houses of Congress and signed by the President has. I'm not talking about, I'm not saying it's illegitimate, I'm not talking about any legal qualms about the regulatory process, I'm talking about the public perception, the sense that this is a social norm which can come to some extent at least from legislation, much more then it can come from administrative regulation.
So those are some broad thoughts, let me mention, let me end by looking at your six questions, the design of the National Health Information Network, I don't have strong views other then that there is a tradeoff, centralization gives you more efficiency, gives you more control, it also means that if there is a leak there's a bigger leak. My bias is towards a more centralized system, I do think that individuals carrying around their own information is a recipe for disaster. I know how often I lose things and misplace and I think I'm no worse, not much worse anyway then average at that. We can do much better control of centralized professional controllers but how centralized to go and exactly what mode I don't have strong views on.
Second, implications of permitting patients to control whether their records are part of the NHIN, I wouldn't allow it, I wouldn't allow them to opt out. I think that the advantages are so great and I also think that allowing opt out plays into the cult of privacy. I think we need to take the position and make it true that there's a social decision that broad access to this information is in everybody's benefit and allowing opt out not only complicates greatly the day to day lives of the people trying to work with this information and biases any work that one tried to do with it but it also sends the message well, it's okay to opt out, that there are really strong things, this is a little dangerous, it's a reasonable thing to do to opt out. I think we should set up the system as carefully as possible to make it that it's not a reasonable thing to do to opt out, that opting out is not a reasonable option and I think shouldn't be allowed, which runs strongly counter to my general view of most aspects of the doctor/patient relationship.
What information if any should individuals be able to exclude? I agree with Bernie that it would be a mistake to allow them to exclude it, one may want to allow some sorts of information, particularly mental health information, information related to sexual activity, either reproductive or sexually transmitted disease, addiction information. You may want to have special protections for that, I wouldn't allow it to be excluded, I would leave open the possibility that we put it under some sort of special controls, higher in a double passwords and both people have to turn the key at the same time kind of protections. But I would not allow that, I would not encourage you to do that at an individual basis but have that part of the socially negotiated decision making about what deserves special protection and what doesn't, preferably through Congressional action.
What limitations should be placed beyond those of HIPAA on personal health information? I think there are a lot of potential reasonable answers to that question, I'm more interested in the process and again although I shudder to even say this, I think legislation is probably the best way to develop a sense of legitimacy and social agreement to what limitations should be allowed. I personally am particularly interested in making sure or in trying to assure that as much useful research can be done with this information as possible because I think the long term payoff in human health and happiness is enormous there but let that go through the political process and have the chips fall wherever we as a society think they may.
Should individuals have the option of having their health records maintained only in paper form? I would not allow that, I think for all the reasons that I wouldn't allow them to opt out of NHIN.
What other measures are needed to protect the privacy and confidentiality of personal health information and build public trust in the NHIN? I pointed out some measures that I think can help protect privacy and confidentiality and even more importantly help protect people from the negative effects of the inevitable occasional breaches in confidentiality and privacy. I would come back though to what I think is the very difficult but important task of desacralizing(?) health privacy, it's an important interest, it's not a sacred interest, it's not the most important interest, the only interest, and I stress that in conclusion because as I observe this area from medium distance I worry that this is a prime example of an area where we run the risk of letting the perfect be the enemy of the good. That we run the risk because of the high stress on privacy, of demanding perfect guarantees, perfect safety, absolute certainty, which cannot be done.
We cannot let the perfect be the enemy of the good because this is here, these records are available now, becoming increasingly available, we need as a society to do something about it. We need to do something that's at least adequate and hopefully good but we cannot set ourselves the standard of requiring perfect or we'll end up in a worse situation then we are now.
Thank you.
MR. ROTHSTEIN: Thank you, Hank, you've given us just one or two things to mull over, and we'll have some questions for your, begin with John Houston and then we'll go counter clockwise around the table.
MR. HOUSTON: I really enjoyed the testimony, thank you very much. I did have a couple questions especially for Mr. Greely. One of the I guess interesting questions I have is you really didn't talk much about genetics but yet I noticed on your written testimony you indicated that you're a professor by courtesy of genetics at Stanford --
MR. GREELY: It's a very courteous department.
MR. HOUSTON: I just, I wonder what, whether you believe your answers change at all based upon sort of I think in ten years what will be the reality which is genetic information will be a major part of medical care and delivery of medical care, but yet will have a profound impact on the way people view privacy and issues over secondary issues and use for insurance purposes --
MR. GREELY: I'll be happy to talk about that, if Mark had told me I had an hour and 20 minutes I would have talked about it to begin with but I'll try to talk about it in much less then an hour --
MR. HOUSTON: Given the context of your recommendations does it change any of them?
MR. GREELY: This is also perhaps a counterintuitive response, for me I think our biggest problem with genetics is not that genetic information is peculiarly special but that we tend to treat it as being peculiarly special. Genetic information is useful and important to the extent it provides health information and health predictions. You can tell me that I have a cholesterol problem because I carry a mutated version of a gene that leads to familial hypercholesterolemia, you can also do a cholesterol test and tell me that I've got a cholesterol level of 862 which is not genetic directly, and it's not genetic information directly although it is in that sense indirect genetic information, but both of them have the same kinds of consequences.
I think that within the ELSI world that Mark and Bernie and I inhabit more or less, the ethical, legal and social implications of genetics world, there's been a lot of discussion about genetic exceptionalism, treating genetics as different, as special, as again sacred, I keep coming back to that term today, and what a mistake it is. So I actually would not put genetic information in a special category, I think that by doing so we tend to only reinforce a false idea in the public that genes are magic, special, all powerful, genes sometimes are. If you have the gene, the allele, the version of a gene that causes Huntington's Disease, as far as we know the only way you're not going to die of Huntington's Disease is if you die first from something else.
But most of the genetic connections as far as we can tell particularly to things that are not rare turn out to be more subtle, more effected by environment, for effected by other genes, more effected by chance. Your risk of having colon cancer or type II diabetes may vary 50 percent based on your genetic background from eight percent lifetime incidence to 12 percent, or to four percent, but that's not that big a deal and it's not inevitable, it's effected by your environment.
So for me it's a great question, I think people tend to think of genetics as being special information, particularly powerful information, I think it's a mistake when they believe that and I think it's a mistake for public policy to reinforce that idea.
MR. HOUSTON: Just to sort of follow up on that for a second, I guess maybe in terms of health care I would agree with you. You talked about discrimination and issues related to discrimination and clearly if you're an insurer or somebody who's providing life insurance, when you're looking at statistically at whether you're a good risk or a bad risk to die early or live a nice long life, if you had certain genetic markers that would say you're more likely or less likely to have cancer or a certain type of cancer, clearly I think they would be interested in that and I think the flip side of that too is that if I recognize I have a certain marker for cancer I'm more likely, or I may be more likely to get higher levels of insurance coverage, whether it be life insurance, I would make sure that I had, I would choose certain health plans to cover my health insurance for fear that I come down with one of these, with any of these different illnesses and maybe based upon the insurance that I have chosen it would be a lot more or less expensive for me.
I mean I would think that there's an impact in that way and so I think you can, I guess you could argue that the patient as well as industry could sort of gain the use of genetic information for their advantage in some way --
MR. GREELY: This has been talked about for a long time in the genetics world and it's this concern about what the insurance industry calls adverse selection. It's I think a realistic concern, it's often an exaggerated concern, particularly since so few Americans get health insurance in a way that is medically underwritten. We almost all get health insurance through an employer or our own or our partners, or through the government, and those 250 million people, 240 million people who get their coverage that way don't face medical underwriting, the insurer doesn't have a choice except for the very smallest employers, the insurer doesn't have a choice of saying you're risky, I'm not going to cover you, you're not risky I'll take you.
More fundamentally though yes that information could be significant in discrimination but there's nothing special I think about genetic information there. A life insurance company will take a look at me and be worried about risks from my weight without caring about my genes. A life insurance company may know that someone has had breast cancer in the past, that's an important marker about risk, more important statistically then whether you carry the BRCA-1 or BRCA-2 mutations in your genes. So yes, genetic information can be used this way, so can other health information and I don't think there's anything peculiarly powerful or special about genetic information there despite the fact that culturally we have tended to, for a variety of interesting reasons, to take the position that genes are magic and are uniquely powerful.
Let me note though there is one area where I think this issue of adverse selection is particularly interesting that I think would be interesting to watch. There are some genetic markers that show risk for Alzheimer's disease, the area of long term care insurance is a new insurance field, the issues of adverse selection there with respect to people who are at high risk for Alzheimer's disease are I think quite real. And that may be an area where it might make sense to allow insurers to use that information because otherwise the market may collapse. Specific circumstances can lead to different specific answers but in general I think it's a mistake for us to try to treat genetic information differently from other health information.
MR. HOUSTON: Thank you.
MR. ROTHSTEIN: Bernie, do you want to comment?
DR. LO: No.
MR. ROTHSTEIN: Harry.
MR. REYNOLDS: Thanks to both you, excellent testimony. When we went through HIPAA privacy, no matter what anybody tried to communicate it was poorly executed, poorly understood, and has created somewhat of a furor in people's minds as to what it was or wasn't. As you look at the NHIN and the electronic medical record and everything it goes to the next level of scary, but Dr. Lo some of your comments were, your examples were good. So in a society of 24 hour news where it's not as exciting, the bad is far more exciting then the good, and each of you have talked about it, how do you, how do we really change the culture, how do we really as you mentioned communicate differently and how would we recommend that in a different way?
DR. LO: I think that's a terrific question, let me offer two different approaches. One I think is you have to use the media, I mean as you suggested, the media can have a large impact, I think there needs to be a public health campaign, I mean the CDC and other organizations have thought a lot about how you try and communicate difficult complicated messages to the public using the media and I think we haven't seen those kinds of resources and expertise applied to this issue.
The second thing I think is that there's a level in which the individual doctor and patient need to be able to sort through these issues. I remember when HIPAA, well we all remember when HIPAA first came in, you checked in five minutes late to your doctor's appointment because the parking was terrible and they sort of said we've got to give you this pamphlet, please sign here so we can document, what is this. So that I think was well intentioned, trying to get people informed, but that wasn't the right, the most effective way of actually getting people to understand. I think it was useful in terms of documenting that providers did what they were supposed to do.
I'm old fashioned, I sort of have this sense that when the doctor and patient go into the examining room and close the door the kinds of conversations you have there which are focused on the individual patient mean a lot. So I'm not quite sure how to do that but I think you need to get physicians more involved talking to their patients about the potential benefits of privacy. And again, there are ways of doing that that don't depend on my having a 15 minute conversations with every patient but just to make some incentives for doctors and patients to have these decisions, or at least to let patients know that the doctor is someone you should talk to if you're concerned about is this going to help me in my future care. There may be other, I don't know what trusted organizations now there are that people will believe but certainly to have a website that really goes into the benefits of having this National Health Information Network, that needs to be part of the discussion.
MR. GREELY: I agree with Bernie, I think it's very important to make sure that patients hear about the advantages to them of electronic health records and of a National Health Information Network with concrete examples to the extent you can find situations of people whose health was, whose lives were saved because a doctor in Connecticut was able to get quick access to information from California, or maybe within the Kaiser system a doctor in Southern California was able to get access to information from Sacramento very quickly.
Make sure in your report that people know that those health benefits are realistic and are important, try the idea of a public health campaign sort of treating electronic health records like vaccination, something that never occurred to me but I think it's right, it saves lives, it helps people's health, it saves money and saving money in the health care system is not just an issue of dollars, saving money for one thing allows that money to be used for other valuable health purposes instead of being used to pay, as I think happened to the tune of tens of billions of dollars with HIPAA implementation, to pay consultants and lawyers to help people learn how to do HIPAA implementation.
So you've got a limited ability to do this but you do have a report, use your report that way and use your report to encourage others to get, to try to change the public view of this from scary unknown risk to something that has clear benefits, to the extent you can encourage doctors to have those conversations with your patients, their patients, I think that's another excellent idea.
The one thing I would really strive to avoid is what I view somewhat cynically is the HIPAA strategy to this, beloved of lawyers, we get people to sign a form saying that they understand something and everything's okay. But we know that that's a fiction, it's a fiction lawyers are peculiarly enamored of, but it doesn't really do any good, it doesn't truly mean that people understand what's going on or that they've agreed to it, or that they're happy when something happens that runs counter to their expectations regardless of whether it runs along the lines of the form that they didn't read when they signed. So avoid that but a public health, a broad educational campaign focusing on concrete health benefits would I think be a very important step.
DR. HARDING: Just two quick questions, one, Dr. Lo, do you have any cure for the offshore issue that you were talking about, that UCSF has come up with and so forth? And then the other question would be more to Professor Greely about, you talked about liability of disclosure being an important thing, is intent involved in that or is it disclosure no matter what the intent?
DR. LO: Well, as far a the offshore issue, I think the policy question is do you hold medical institutions who set up these electronic records responsible for subcontractors they deal with and the sort of policy set by HIPAA is that there are limits on what you expect people to do with regard to subcontractors and I think we need to re-look at that or at least provide more incentives for institutions that do rely on subcontractors for work that they may not be able to do in-house --
DR. HARDING: Does UCSF still contract with Pakistan to do that?
DR. LO: No, but that's kind of too late, right, once you see where the hole is, even though there's no damage done here the publicity was enough to scare people away. But I think that you want to provide more positive incentives.
MR. GREELY: I'd just note on that issue the offshore in part makes it harder to control what the subcontractors do but it's not unique to Bangladesh, same thing could have happened in South Dakota, same thing could have happened anyplace in the country or the world. For a lot of political reasons it's easy to beat up on offshoring of information or offshoring of work. I don't think the key issue here is offshoring, the key issue is control and liability of the entities that subcontract out for the misdeeds of their subcontractors, whether those are in the United States, in Bangladesh, or on Mars.
In terms of the liability issue, whether there should be an intent rule or a strict liability or something somewhere in between is something that if this got far enough to be legislation would undoubtedly be pounded out in the lobbying world, in the legislative world, and I'm not crazy enough to think I could predict how it would come out.
I would opt though, I would recommend a fairly strong liability standard, you're not liable merely if you knew that it was inappropriately obtained information, I would rather have strict liability with a safe harbor defense, if you took appropriate measures, if based on appropriate investigation you concluded that it was legitimate information, that it was appropriate information indeed and released by the person in question or otherwise was in the public domain then you were safe even if you turned out to be wrong. But really have almost strict liability for, in order to truly encourage people to be very careful about what kind of health information they release and where it comes from. Make them investigate where it comes from so that their liability may change based on how good an investigation they did.
DR. TANG: I want to thank you for this testimony because I think it really crystallized a lot of things that we heard yesterday and today. Some of the answers don't prohibit the collection of information that can be potentially valuable and useful in saving lives and caring for the patient, focus on the regulations and punishment for violating illegitimate access, i.e., controlling access. I like the idea of legislation as a tool for creating social norms and creating the process by which you get some kind of census(?) as it were in legislation, as far as you can go, and the call to privacy I think is a very real kind of animal, beast that we have to deal with, and we need to demystify that and talk about the education part. And it's true also, your comment about there's more actually private information in your credit card receipts then in your health record, I mean it sounds like a flippant remark but it's actually very true, just as you said, really your genetics, there's so much more I can tell, I mean the fact that you're female, a whole lot of things that you're subject to that the male isn't, your race, your weight, I mean there's so many things that are just so plain obvious that we've picked in a cult way, the base pairs(?) to pick on just because it's part of the cult.
Now the one thing we've all been talking about is this education and been down that road before and thought about even the Ad Council because they were so incredibly effective with seatbelts, the whole dummy thing, crashing into the windshield, or Smoky the Bear, and we now, I'm talking about an organization I belong to, the American Medical Informatics Association, started a campaign called Got EHR? Like the Got Milk? Thinking that we would use the consumer/patient to push the health care industry in that way. Well we got an education from those experienced in this kind of PSA, public service announcement. Now what if you were wildly successful and they went knocking on the doors? If you don't have the solution ready to market, bring to market or to deploy, you've created a frustration that actually may set you back.
One of their examples is they were very successful in booster seats, in the campaign to raise the use of booster seats. It so happens that there's no way the market could meet the need for booster seats and that's one of their lessons. So coming back here the quandary now is are we ready to do this enormous campaign, can we deliver, or will the frustration and the mismatch actually set us back? So this is, I don't know whether you have any comments on that --
MR. GREELY: I was very canny in how I set up the testimony because I started by saying these are really hard problems and that's one of the ways in which it's a really hard problem. I don't know whether you're ready for a public information campaign yet but part of the report should be when you are ready, taking into account the counterproductive nature of a premature campaign, when you are ready one should follow and maybe some thoughts about who should organize it and who should make the decision about whether you're ready or not. That's not much of an answer but it's the best I can do to a hard problem.
DR. LO: I think there are people who are expert on these kinds of issues and I would try and ask them and take into account their advice.
MR. ROTHSTEIN: I want to thank you of course again for wonderful testimony and having a hard time figuring out which of the 50 questions I want to ask you. But I want to focus on one where I'm not sure, I mean I agree with most of what you said but there's one area that concerns me and that is I'm concerned about the effect on individual health of adopting a strict rule that you both seem to be suggesting of no patient based carve out, I mean that's, I mean if you think, that's the basis of the Hippocratic principle of confidentiality and when we teach medical ethics to second year medical students one of the problems that we talk about is what do you do when the patient comes in to see you, doc I'd like to tell you something but only if it can be off the record and not included in my chart. Do you say at that point no, everything you say has got to be in the chart? Do you say well in the future I could put it in the chart but block it somehow? Or do you say tell me what the problem is?
And I'm concerned that if the strategy changes where everything is in then that people will not go to the docs when they've got certain problems, some mental health problems, some you know the kinds of concerns we're talking. That's the first half of the question, see I'll work in the second half as well.
Hank, I couldn't agree more with your comment that we need to work on sort of the end users of the information but the likelihood that we're going to change the law regarding what employers have access to and what insurers have access to and so forth on the basis of in essence compelled authorization, sort of releases, is very slim. And the privacy issue that I see is, that's sort of exacerbated by electronic health records, is now when you apply for a job and sign a release disclosing all of your medical records in non-California or Minnesota states they get basically your current health records from your primary care doc but in the future they'd get everything from everybody and so these third party users who can compel these authorizations, the amount of information that they're going to get, irrespective of whether they can legally use it, is just going to increase exponentially.
So tying that together to a single question, are you concerned about the health consequences of individuals not getting prompt treatment if it's going to be part of their longitudinal record?
DR. LO: Let me answer the first part, the clinical question, Mark, which I think is a really tough question. I would try and break it down and first of all say that there are ways for patients to avoid having stuff get in the medical record. Some of those are not very useful for their health, I mean don't come to a doctor, come to a doctor and don't talk about that problem, talk about something else, but the doctor always has an option of what they put in the medical record and all the time people who come in say exactly what you said, I want to talk, this is really off the record, or they say a friend of mine had this problem.
And that's okay, I think it is important but this is a progressive thing and if I'm just talking and the patient really needs that reassurance that it will never leave the room then I think it's important. If it gets to the point where I can see some advantage to having this part of their record because I'm not going to be their doctor forever then I can come back and have the conversation and say you know, we've tried a couple of medications here, you've had some really bad side effects, if this ever happens again and this is a chronic condition and if you move or if I retire or something, or you change doctors, it would be really important for your next doctor to know that we tried these other medicines which are the first line drugs and they didn't work or you couldn't tolerate them. Do you now, now that we've worked through this and you see the benefits, do you now want me to make some additional notes to my record?
So I'm very comfortable doing that, I think patients have to understand not everything they tell the doctor gets transcribed verbatim, there's always a filtering process and this is no different. Psychiatrists negotiate these, early in the AIDS epidemic when there was no treatment, many AIDS patients said they don't want this in the record and then I said well if you show up in the emergency room comatose knowing that you're HIV positive is going to make a real difference in terms of what we do. And then there was a negotiation. So I think that's one solution, and sort of what the formal rule is there's always ways around that that a good doctor can help a patient in an individual case but the default is that you should document what would be useful in terms of the record.
Another thing I think is to come back to this issue of how can patients have some control if it gets into this electronic national information network and I like the idea of saying there are going to be parts of this that will be included there but it's going to be really hard for people to get at. And you or your proxy, your surrogate, will have to actively consent to someone looking at it, I'm thinking this is, you don't need anybody to see this but if something happens in the future where the doctor thinks this information may be relevant they can sort of talk to you or your surrogate and say now can I have permission, using a double password, a PIN number or something, it strikes me that's a lot of security there. It's not foolproof but it seems it's pretty secure.
So I would say that you have a rule, there's always kind of ways around it and I think we should recognize that we don't want to say that there aren't ways for doctors and patients to talk about things that won't show up in the record.
MR. ROTHSTEIN: I just wanted clarification on that
MR. GREELY: On the first half it's attention to the extent that you promise less then complete confidentiality, you worry about driving people away, we worry or should worry I think about mandatory disclosure of suspected child abuse because arguably that means parents who are worried that their pediatrician will worry that these bruises were inflicted by them rather then the normal toddlers falling down off the jungle gym won't bring the toddler in. It's not a new problem, it actually would be really, I don't know if there's been any good research on the extent to which it actually empirically happens, that would be an interesting area to look at --
DR. LO: Kaiser has done a survey, in a survey 20 percent of respondents say that there has been a time where they didn't tell a doctor something because they're afraid of its being in the record. What the question didn't ask was how salient was the information to their current problem, I mean if it's a standard routine physical and they're asking about past history I can leave a lot of stuff out that's not going to effect my care at the time.
MR. GREELY: As far as you know.
DR. LO: As far as I know.
MR. GREELY: So I don't think it's a new problem, it's yet another reason it's so hard, it's a tradeoff. What I would allow these publicly negotiated preferably Congressionally passed areas for heightened protection so that you could carve out mental health, not so much on an individual patient basis, one could make it both, there's a Congressional decision that individual patients can ask to have specific information in those areas, specific areas protected, I don't know that that's necessary and it adds some administrative complexity, but areas that are particularly sensitive I would say allow it to be under special higher protection --
MR. ROTHSTEIN: Does that mean automatically or at the option of the patient?
MR. GREELY: I'd actually, I don't have a strong view about that, I think automatically would be easier and probably more honest, I'm very skeptical about how well thought through and meaningful a patient's decision is on any of the myriad of forms that patients are often handed as they're hurrying through a health related appointed. So the individual option strikes me as not adding that much benefit though it adds a lot of administrative complexity, but I don't feel strongly about that, I just do think that it shouldn't be solely individual, I think there should be a Congressional or other social decision, yes these are important sensitive areas, for them we require security level two or some sort of heightened security.
And finally I just want to underline the importance of Dr. Lo's comments, people are professionals, we give people the status of professionals for a reason and we trust, we think that we can, we hope that we can trust their discretion and it is important for us not to try too hard to limit that discretion into a straightjacket. If that means that the law says X but we recognize that sometimes doctors in good conscious acting professionally will not do exactly X, I think we should accept that as not necessarily a bad thing, it's actually an affirmatively good thing.
Your second question, the second part of your question about employer misuse and so on and the difficulties with changing the law, I certainly appreciate the difficulties of getting any law relating to discrimination in employers through Congress, we're still waiting on the Genetic Information Non-Discrimination Act after ten years in Congress and several unanimous votes by the U.S. Senate.
But I think there's some value in trying, or in saying that it should happen, I also think there is greater possibility of activity at the state level though once again this is a tradeoff, this information has such national value logically I would prefer there to be uniform federal regulation, but if you can't get the best you deal with the second best and state regulation is I think politically more feasible, as has happened in say California and Minnesota, and can ultimately light a fire that may lead to uniform federal regulation if only because non-uniform state regulation makes the interest groups sufficiently unhappy that they're willing to get, to push for the passage of federal legislation they would otherwise oppose if only to get uniform standards.
So I don't think it's a lost cause though it may be a quixotic one, at the same time I'm not averse to as part of the Congressional or other broad social negotiations about what uses could be made. It wouldn't trouble me and I haven't thought it through fully but it might even be a good idea to just say no blanket waivers, no blanket authorizations for employers to get your health information and have that as part of the statute. You'd of course have to have a variety of provisos, exceptions, and so on but I would like to see us negotiate out and get at least public, a Congressionally or otherwise publicly expressed position around which a consensus might build to say here are things that can be done with this, here are things that can't be done with this.
My own view would be employer use, it should be minimized, research use should be maximized, the political process and the consensus building process may lead to a different result. But I certainly wouldn't exclude the possibility or even the benefits of having a complete ban on, almost complete ban on broad scale authorization for employers to get access to employee medication information.
DR. LO: Could I add one more thing to my response to the first part of your question and go back to this issue of patients asking their doctor to keep information out of this electronic record. And I want to go back to this theme that wherever you set the general rule with opt outs, with exceptions, there's also another layer of exception which is sort of how the doctor and patient kind of handle it on a very individual case by case basis. And I want to kind of, I've sort of indicated how a lot of times you can overcome patient's reluctance to include things by explaining to the patient why it's in their best clinical interest.
It also works the other way, I mean I sort of tried to make the case that in an urgent or emergency medical situation you need a lot of information quickly and the electronic record, national health information, offers a promise of getting comprehensive information quickly. Having said that I also want to say that we can still do what we do now sort of the old fashioned way which is if a patient has such concerns about medications that they don't want their psychiatric medicine or their HIV medicine to appear on their electronic record we can work around that.
First of all I think patients need to understand it may not be possible to do that, if I write a prescription in an integrated system it's going to be on the electronic record. It certainly can be on their pharmacy bill that they can get, their Safeway card. But what we do in the emergency room is we say to the family, if there is a family, can you go through the medical cabinet and just bring in all the bottles you find so we know exactly what he's taken, it's really important because we want to make sure that some of the problem isn't due to the wrong, being on a certain medication, we don't want to give them a medication that will interact with something he's taking. And at that point the concerns about privacy seem relatively small compared to the potential benefits of having your treating doctor have the information to meet an urgent medical problem.
So I would prefer to have it all electronically rather then wait an hour to try and get into the patient's apartment but that's what we now do and hopefully doctors will continue to keep doing that. It does depend however upon making sure everybody in the system knows that when a patient can't talk to their doctor the family needs to have full control and be able to make independent decisions about revealing information to the doctor that may be different then what the patient said before. I think it would be terrible if someone said well, grandma was always so concerned about people knowing what medicines she was on that I'm not sure she would want us to bring in all her medicines. Well, that was when she was relatively healthy and now that she's sick it's different.
MS. DOZIER-PEEPLES: I don't have any questions but I'd like to thank you very much for some very informative testimony, thank you.
MS. GREENBERG: The same, I was just sitting here thinking that it was definitely worth getting up this morning for this testimony, but actually I was thinking that that was kind of low praise and in some ways it was worth coming out to San Francisco for it so thank you very much.
MS. BERNSTEIN: I'm surprised that you apologized for the weather when it's 95 degrees in Washington and 105 degrees --
DR. LO: Fall here is supposed to be absolutely blue skies, about 75 degrees --
MR. GREELY: Drive 35 miles down the peninsula and we'll show you 80 degrees, sunny --
MS. BERNSTEIN: I've been sort of dying for the whole week to ask somebody and it seems like you guys are the right guys to ask this, on Monday morning on NPR there was a story that I don't know how many people heard about the possibility of having a chip implanted literally like under your skin in your arm which would have not your medical record because that changes but a number, some code that would allow the hospital to sort of scan you I guess, and I don't want to say what my personal view is but I just wanted to know, so you could go to the web and it would have the rules about if we decided to have something excised or not or whatever the management rules are for access control to that information if you're conscious and available to give your doctor information then it wouldn't be needed but if you show up unconscious in the hospital then they could get access to your data. And I just wondered if you heard that story and if you had any response to it.
MR. GREELY: I hadn't heard that story on Monday, I have heard about these identity chips and having just lost a cat I wish we'd had a microchip put in that cat. I think the world is divided into lots of different sorts of people and some people love technology and are early adopters and have never met a technology they don't like. I certainly wouldn't make it impossible for those people to get those chips in there if they wanted to but I think it would be a real mistake to try to, certainly to mandate it or even to strongly encourage it given the way it manages to combine privacy concerns both about health information and also about the sanctity of your body. So I would not prohibit it but I certainly would not strongly push it.
DR. LO: I guess I would ask other then sort of the high tech pizzazz bit what's the clinical utility. It seems to me the clinical utility is when you show up in the emergency room having been surfing in Monterey and no ID and no one around to give surrogate consent. That allows people to identify you, presumably by default get your medical records. Those situations are relatively rare and you have to decide whether by allowing better care in those situations you've created such concerns as Hank outlined that people would doubt the whole system. I think the real issue is do you have a default within a current electronic medical record system which is if you show up for care in somebody's emergency room and can't consent and it's a real serious situation is the default assumption that you would want all your medical information that's available to be made available to that treating physician without any additional authorization and I would strongly argue that should be the default and the chip only solves the problem if you don't know who a patient is.
MS. BERNSTEIN: Well it solves the problem that Professor Greely mentioned that people lose their data and so you wouldn't want somebody to have it carrying around but that's a way to carry it around without losing it because it's always on your person.
MR. ROTHSTEIN: Well, we of course had hearings on RFID devices last year and it's an issue that we're going to continue to monitor in our spare time. Again, thank you, we will take a 15 minute break, I'm sorry, Mary Jo.
DR. DEERING: I crept up to the table, Mary Jo Deering. I too very much appreciated your testimony, thank you very much, and it was more in the sense of a comment and it was first going to be regarding the issue of public education and I wanted to say it while they were here because I actually wanted to offer some encouragement in that I've actually been in the field of health communication for nigh onto 18 years and I wanted to mention is that when you think of public education you don't necessarily need to think of the end message which is this stuff is great, go get it, go ask for it.
If you approach communication from a behavioral change perspective which is the way the experts do then you can phrase your messages to an earlier stage of awareness and understanding and the class model that was way back in the 1980s was the National Heart, Lung, and Blood Institute that already had a lot of expertise about high blood pressure decided it needed to launch a cholesterol awareness campaign. Those of us with gray hair are old enough to remember that they spent one whole year simply saying, remember this line? Do you know your number? It was merely to let people know that there was a number out there whose existence they had no knowledge of or appreciation of and so they wanted to sort of lay that baseline awareness.
And I think in the field of privacy it's the same thing, I know the Markle people are looking the same way, it's just first just building appreciation of what health information is all about and how it can be used and then you can begin to work in certain privacy risks and benefits rather then jumping in toward the end.
The only thing I wanted to add now that Maya brought up the NPR thing is I feel a little guilty about that because I believe that what you heard was that former Secretary Thompson has signed up with the Verichip(?) Company and I actually was responsible in introducing him to that inadvertently and that we had a prevention oriented summit for him, he had a series of summits, and I've been in technology for a long time and we had a technology showcase that was supposed to be prevention oriented. Well, these guys weaseled their way in and the Secretary made us look towards the showcase during his prevention summit, and by golly if he didn't stop there. And actually I had had to do some damage control because I had images of oh well HHS is going to think about implanting chips in individuals and I could just imagine how that was going to look but I never realized the extent to which he personally took that, I think he signed up to work with that company now, he's on the board --
PARTICIPANT: But not to have a chip implant.
DR. DEERING: He's on the board, exactly, so anyway, things do go in strange circles.
MR. ROTHSTEIN: Thank you for that history and we will still take our 15 minute break however it will now end at 11:00 and we will begin panel number four.
[Brief break.]
MR. ROTHSTEIN: Good morning, we are back on the record with panel four of hearing four of our inquiry into the National Health Information Network and I want to thank Dr. Braithwaite and Mr. Hinkley for agreeing to testify. Bill is going to testify I assume first, is that right Bill? Second, very good, so we're just going to see if we can round up the remaining members and I want to thank you for coming Mr. Hinkley and welcome you and I know you've been sitting in on some of the earlier testimony and now you know what we're concerned about so you can clear things up for us.
Agenda Item: Panel IV - Mr. Hinkley
MR. HINKLEY: Just by way of background I am involved with Connecting for Health which has an organization that has four or five years of history funded by, principally by the Markle and the Robert Wood Johnson Foundations and for those of you who aren't familiar with it it is an extremely thoughtful well managed process around the topics that this subcommittee is addressing. My formal role is as a member of what they call the Policy Subcommittee which is the direct subgroup of Connecting for Health the collaborative itself and is a major organization within Markle. I'm also their lawyer with respect to certain of the work product that I'm going to be describing today, principally the creation of template documents and policies for regional organizations to connect sources and users of data.
Today I have the great honor of standing in for Carol Diamond, Carol is a national figure on this topic and an inspirational leader in so many ways, a wonderful convener, and I also am here really on behalf of the hundred organizations represented by the collaborative and the 45 institutions and individuals represented on the Policy Subcommittee. So as a result of that I'm going to stay pretty close to script because this is not about me, this is about the work that this very important organization is doing and how important Connecting for Health views opportunities to speak to this committee and to contribute as appropriate to its very important work.
My day job, I'm a partner with a law firm called Davis Wright, I'm based here in San Francisco, I am a native Californian, I have been practicing health care law just over 30 years and have had the pleasure of doing it in California so that I know the wacky and the wise. Anyway, I believe everybody has a copy of the text and I'm going to stick to that pretty closely as I mentioned in really deference to the entire organization.
As I mentioned Connecting for Health is a collaborative of about 100 organizations and attached to your materials is a roster of the organizations that as of July 2005 have been actively involved. Initially Connecting for Health was focused on advocating for interoperability in health information technology adoption and it was a very broadly theoretical and strategic approach. More recently over the last two years Connecting for Health has developed an approach for the National Health Information Network that envisions a decentralized and federated network of networks and has adopted the concept of sub-network organizations across the nation that are capable of exchanging information when necessary with each other by conforming to what we have termed the common framework of nationally established technology and policy standards that enable interoperability.
And just as a footnote the term the Sub-Network Organization would be inclusive of concepts such as RHIOs, which I'm sure you've heard about in the course of your testimony and your research, but also any other appropriate network of information sharing. And I think the approach here is that what is being considered and addressed by Connecting for Health is in some element of information around an index that I'll describe in a minute but is really agnostic to what the local network looks like, there's no prejudice around a regional health information organization or a university based data sharing organization or the like. And the thought is that the country is going to develop these networks as appropriate and the role of the National Health Information Network is to provide the glue to allow those networks to communicate with each other in a way that addresses both the technical and the privacy concerns that are shared at a national level.
As I mentioned earlier the only novel piece of infrastructure that is being proposed is what we've called the Record Locator Service. The Record Locator Service is the glue, it is a patient specific health index that does not itself contain health care information but contains rather demographic information that would allow someone utilizing the network to identify that this particular patient has information in the network that can be obtained through the locator service. And there are a couple of references in your materials to rather detailed explanations of how this works and I won't go any farther into now because it bears some study.
But I think one note is that the Record Locator Service supports patient by patient inquiry, it does not support as defined queries for aggregating data so that it would not be envisioned that you would query, tell me everybody with pneumonia in the last 12 months in zip code 94111 for example, you would be looking for an individual patient through that locator.
Connecting for Health is working closely with existing information networks to apply its model in a prototype, and there are three communities that were selected for this, Indiana, the state of Massachusetts, and then a network located in Mendocino County. In each case the existing local network will map its current technology to the proposed national approach and interoperability and the effort here is to work through a use case and this is, we're hoping to have completed by the end of this year where these three networks would demonstrate the ability to locate a patient's record, locate and retrieve the patient's complete medication list, and locate and retrieve the patient's lab results.
So it's a relatively circumscribed use case but really the goal of the prototype is to show that a group of institutions with no formal affiliation can securely use the internet to connect to one another and to find and exchange records as needed for patient care. And they can do this without requiring a unifying patient identifier or a central store of clinical data, that the system can allow participation even by relatively technically unsophisticated institutions, and that the accuracy, responsiveness, security, and scalability of the prototype system would merit broader deployment. So this is essentially teeing up something that we believe, if the results are as we expect, would be something to look at further.
Connecting for Health operates both a technical and a policy subcommittee to define the specifications and the policies for the prototype and the common framework. The subcommittees are charged with developing the practical tools necessary to implement a record locator service and the common framework within the prototype project. So that's, if you can understand kind of what we're doing, we're trying to actually generate some data, real live on the ground, as policies are developed how do they work and what is the reaction in the context of the prototype. And our expectation is as I mentioned that this work would be reportable at year end.
Our subcommittees are composed really of national experts and representatives of experienced implementation sites and commercial vendors and public sector representatives who are working to identify needed technical standards and to develop a consensus about the proper policies that must be in place to achieve an interoperable health information environment.
Through my testimony today I intend to share with the committee a more detailed explanation of one aspect of the work currently underway within Connecting for Health and I want to focus on the work of the Policy Subcommittee which is aimed at providing practical tools to assure privacy and security of information exchange. The stated purpose of Connecting for Health is to catalyze changes on a national basis to create an interconnected electronic health information infrastructure to support better health and health care.
Connecting for Health recognizes that maintaining privacy of personal health information is the foundation of the entire system. Privacy is not merely a worthy goal but an indispensable attribute of the system. Without public and professional trust in privacy and security of network regional and national exchanges the national context would not work in our view. People will not participate or will refuse to allow various uses if privacy and security is lacking and the potential then for legislative controls being necessary, although we've heard discussion about their efficacy, could be a potential result.
We believe that fundamental design principles of national information exchanges must reflect the importance of protecting patient privacy at the outset and in their basic design. Privacy cannot be an afterthought, it needs to be addressed through legislation, rules, sanctions, or to be waived away by requiring blanket consents, but must be built into the architecture, the technical decisions and policy agreements throughout the system. Indeed the work of Connecting for Health to define the technical architecture over the last two years was bounded by certain basic principles including the need to protect the privacy of health information. We cannot simply trade away patient privacy to get increased technical efficiency, for example, or saddle providers with mandates as a way of deploying new tools or technologies.
In the solution we propose, sharing is peer to peer among participating institutions and both the decision to participate in the system and the decision to share records are made locally where the records are created. And I want to get off script for a second here and explain what we mean here. The concept is that at a national level there need to be basic rules and policies established that those that desire to participate in the network adopt. What Connecting for Health has determined is that many, many things should appropriately be done at the local level including the decision to participate in the network and the degree to which participation in the network is appropriate. And through other testimony that I've heard in the brief time that I've been with the group the concept of kind of silo to silo federation where a very local decision is made about what data is going to be shared has been talked about and that is something that Connecting for Health definitely supports.
What the goal here of this immediate work is that our team is developing the stack of necessary technical standards and recommended uniform national policies and procedures to serve as a discussion piece for the national framework. We are in the process of developing a first draft of the common framework that will actually implement these standards and policies through the prototype that is underway and we're expecting that our initial draft of the common framework is going to be available for discussion by the end of November of this year.
At the very root of the privacy work that Connecting for Health is doing is a sense of basic privacy principles that we believe need to be imbued throughout the system and at all levels, and these are listed on page four of my outline and just to repeat them here. One is that the network needs to be open and transparent, that its purpose specified and minimized, that collection limitations be addressed, that use limitations be addressed, the concepts we've heard earlier in these hearings around confidentiality versus privacy. That there be a measure of individual participation and control, that there be data integrity and quality assured, that security be safeguarded and controlled. That there also be accountability and oversight and that there ought to be remedies or consequences when these principles and the policies that implement them are not followed.
In the view of Connecting for Health all of these principles must be addressed and balanced to create a private and secure and trusted network. Connecting for Health believes it's important that these be provided with balanced resources, that no one principle become the dominant strategy for protecting patient privacy but that the architecture and policy environment assure that all of them are addressed and complement each other. If any one principle is the dominant method of protecting privacy we believe it can diminish and undermine the others.
I want to talk a little bit about the technical design decisions that we believe have significant implications for privacy of patient information. Again, just returning to the concept of the Record Locator Service which is really key to Connecting for Health's strategy. That central to this is that the records remain with the providers of care, that indices are built within what we call the sub-network organizations, or the SNOs, that would contain only demographic data, and that retrieval of clinical data still requires some form of authorization by the patient or the provider with appropriate levels of security. Connecting for Health favors this federated form of database as contrasted to centralization of clinical data to reduce risks from hacking and privacy spills. And Connecting for Health believes that common security standards must have national adoption.
The Connecting for Health Policy Subcommittee, on which I serve and provide some staff functions, consists of 45 nationally known experts representing law, ethics, consumer advocacy, and implementation experience. The subcommittee is fortunate to be chaired by Bill Braithwaite who needs no introduction, is currently a senior official at eHealth Initiative and has been a wonderful colleague for years on the topics that we're interested in. And also Mark Frisse who is really an inspirational leader and has achieved great prominence through the work that he's done in the Vanderbilt context and I'd refer you to Appendix C where the members of the Policy Subcommittee are listed and each one of them from my own experience has taken this job very seriously and made important contributions toward the work of the subcommittee.
What we are doing in our current set of activities is to develop a product and the product is what we call the Model Multilateral Agreement and that's a document that I've spent a fair amount of time personally on developing, it has a few components I'd like to outline. One is a registration agreement, a simple what we envision online who are you and why are you qualified to participate in the network. This is envisioned to be more often at an institutional level then at an individual practitioner level and the thought is that individual practitioners would be included as authorized users on behalf of registered participants as opposed to having obligations through the registration process on an individual basis, more as a collective basis.
The next piece is the common framework which we are calling our Policies and Procedures Manual. This is the national set of basic rules and policies that would apply to all networks that elect to choose to be interoperable on a national level. We also as a subset of this are developing a number of issue papers. As this subcommittee so well knows none of these issues is easy and as Pam Dickson and I were commenting at the break in some respects it's nice to know what the opposition thinks but these issues need to be teed up and an important work of Connecting for Health is to assist in teeing up the issues and to present in a balanced way what countervailing thoughts are on the various matters particularly related to privacy and I'm going to outline a few of those topics in a minute.
And then finally something that we have just developed as a discussion draft that we're starting to issue some exposure pieces about is a model sub-network terms and conditions. One of the things we've discovered in the work that we've done is that on a regional basis everyone is starting with blank pieces of paper and it's a little bit like Mickey and Judy in the old movies where they get a barn and decide to put on a show and I think the sense of Connecting for Health is that there are common considerations that regional organizations can benefit from, not dictating form but merely teeing up issues and demonstrating thoughtful approaches and responses to a lot of the issues that these regional organizations are going to be grappling with, so to kind of assist them in getting off the ground in that way but also to raise the bar nationally.
The local organizations don't necessarily have the resources to address some of these issues with the intensity that they might merit and so kind of the luxury of Connecting for Health is kind of getting together the people that you'd really like to think about these issues and having the benefit of their thoughts and then sharing them on a regional basis. And I personally believe that this particular aspect of the work is going to prove to be extremely valuable.
An additional part of it is also for the benefit of the national structure is to propose a design and governance structure for a standards and policy entity which we envision a non-governmental entity that would have control over the national policies that bind the network. And similarly principles and guidance models, etc., for regional organization and governance to provide some basic assistance in the initial phase of getting up and running.
The last component of this is a document that we're, I apologize, it's not available today for the group but is in exposure drafts internally now called Our Policy Background which is a very, very thoughtful piece that really has served or provided an underpinning for a lot of the thoughts that have gelled at Connecting for Health around the importance of the pervasiveness of privacy throughout the national and the local network as an essential component of potential success of a national network.
Some of the issues that the subcommittee is addressing and will be the subject of our issue papers include for example which policies and standards must be nationally uniform or which can be tailored to local circumstances without lowering public confidence in the system or increasing security risks and this is one of the $20 million dollar questions. For example through the record locator there is a patient locator algorithm and although elements of that algorithm could be established nationally there will be geographic differences that need to be addressed so that the algorithm works better, particularly the example that we cite here is the prevalence of certain names ethnically based on regional dispersion.
The second one which is again an enormous question is the level of patient consent that would be appropriate to participate in the Record Locator Service. As opposed to participating in the network totally the Record Locator Service is a pointer to your information and Connecting for Health is actively addressing what the individual patient's rights ought to be with respect to even appearing in a locator service as opposed to participating in the network through access to individual silos of your information. And the balance here is that if you're not in the locator service at all there's no plug and play for any of your providers and a serious amount of debate is going on about the rights that ought to be there, should patients have to specifically consent to being in a locator service and if not then what safeguards need to be there so that the information about the patient is appropriate, is complete, is not over complete or erroneous.
Another topic that we're spending a fair amount of time is once the algorithm is run through a Record Locator Service and five people come up that respond to it what are the implications of that, does it fit within what has been termed an incidental disclosure under HIPAA that does not create damage. Connecting for Health recognizes that that issue is not a foregone issue and really the question of how much tolerance can the system stand for incidental disclosure that would lead you potentially to the information about a patient that is not the one that you're seeking information about.
The last one of the examples that we have here is the break the glass concept of when all else fails, when a patient presents in an emergency department and is unconscious or can't provide information what ability in that circumstance would an emergency room physician have to kind of jam through the Record Locator Service and adopt independent algorithms, self help if you will, to try to identify where this patient's records are. And don't misunderstand me, the fact that we have these issues on the table by no means does it mean that we're at a point to say here's the answer but the assurance that I'm giving you now is that some pretty big minds are grappling with this at Connecting for Health and want to be a resource to the committee with respect to those kinds of issues over time.
To conclude protecting privacy and confidentiality of patient data is fundamental to a successful network and the principle upon which technical and architectural decisions are guided and that is firmly believed by the collaborative at Connecting for Health. Adequate protections will require both technical, what we call architectural policies and structure as well as policies and rules that are uniformly followed at a national level. With fair information principles as a base and the nine principles that we've outlined previously we believe those principles all need to be adequately addressed and balanced and that the striking of that balance is an extremely important element in establishing a trusted national network.
Connecting for Health is moving quickly as I mentioned to develop a first generation set of standards, policies and methodologies, I think when the work plan for 2005 was established a lot of us scratched our heads and said how are we going to do this and Carolyn and the other leadership of the organization said that's not the question we have to ask, is that we have to do this, that the anecdotal swapping of privacy breaches and security issues that we seem to spend so much time talking about, we now know those are going to happen and we know that security breaches will happen in the future and that privacy principles may be abused over time but we need to get on with this very important work of attempting to achieve a national consensus about what it is going to take on a national level to establish this kind of a network.
All of our products including specifications, manuals, models, policies, and procedures are going to be publicly available. We're in the middle of an aggressive exposure draft cycle now and really are going to make the November 30th deadline that has been set for the organization which for many of us is extremely gratifying.
In closing I just want to emphasize on behalf of Connecting for Health and its leadership our desire to work with the subcommittee. You have very important work to do, you're under all the same kinds of time pressures that we all feel currently. I think as you can grasp from our comments here we're raising more questions then we're answering, we're taking confidence though that we're at least raising them and addressing them and attempting in as reasonable amount of time as possible to come up with thoughtful responses, not necessarily the one way but certainly ways that groups such as this would be able to feel have been adequately weighed.
I also want to just as a postscript honor the questions that you posed. In putting together our remarks we wanted to tell you our story and so we were selfish in that regard and I apologize, but we also believe that the questions that you're asking deserve specific answer and I just want to quickly respond to you so that in any questions you may have for me we don't have to go over that ground, you'll at least know what we're thinking.
With respect to network design your first question, as I mentioned we are wedded at this point to the Record Locator Service but we have no prejudice with respect to what the sub-networks need to look like. And as long as they can adhere the overarching principles of the network and the adoption of a demographic only Record Locator Service the position of Connecting for Health at this point is that those sub-networks and the participants in those sub-networks should have a tremendous amount of latitude with respect to what information ultimately gets shared and about whom.
Number two, what are the implications of permitting patients to control whether their records are part of the NHIN? I think what we recognize is that patients have been giving their doctors incomplete information for all time and we don't expect that that's going to change. And we think an important element of privacy is your ability to have incomplete information about yourself out there as your patient sees fit and I know that there are some of you in the room and certainly others that have spoken to you today that really are paying homage to the necessity for the absolute most complete patient record on the planet, at this point we believe that patients are not used to that and they're not expecting that and I think the standard of practice, doctors are used to not knowing the whole thing. It would be great to know more then the patient wants to tell you in some circumstances but it may not be accomplished through this.
Number three, what information should they be able to exclude? And this is kind of a subset of question number two, I think the additional point to make here is that we think it's important that providers also have the ability to decide that even though they participate in the sub-network organization that there's some information that they're just not going to make available and that's a provider decision over and above a patient decision. One example that's cited all the time are practices of organizations such as the Betty Ford Institute of what they're prepared to share consistent with their own standard of care.
You ask in number four what limitations beyond the HIPAA privacy rule would be appropriate, I think all of us, most of us at least, acknowledge that HIPAA was designed in a non-networked environment and so it doesn't answer questions that might have been answered if that had been on the table. And that's not to fault HIPAA, it's just things happen when they happen, it certainly raises the issue which we think is an important one of whether or not any kind of legislative solution, HIPAA or HIPAA plus for a national network, is going to be viewed as a floor upon which states can act or would be a ceiling and effectively preempt state activity. And I guess from a realistic standpoint we believe that it's probably unlikely for there to be very widespread support for something that absolutely preempts the field, we are a federation and to gain at option of the state level reasonable floors are going to be more palatable then absolute ceilings that bring everybody up to the same level.
You ask in number five should individuals have the option of having their health records maintained only in paper form and with all due respect to the committee we think that horse is out of the barn and really, we don't have that choice now, wondering why, I don't want people talking about that now, that's personal.
What other measures are needed to protect privacy and confidentiality of the personal health information? And I think what we think is that our paper speaks to that directly but we also want to underscore that we believe a governmental focus on this issue should not be limited to technical solutions but that really a focus on developing the basic privacy and security principles is really the central challenge now and that oftentimes the debate is how do we do this from a technical standpoint that can't overarch the why are we going to do this and how are we going to serve the interests of the individuals who ultimately are supposed to be the beneficiaries of the work that we're doing.
And with that I'm happy to answer questions after Bill has spoken.
MR. ROTHSTEIN: Great, well thank you very much and we'll hear now from Dr. Braithwaite and have questions for both. Bill, are you still with us?
DR. BRAITHWAITE: Yes, good morning everybody. Mark, can you hear me all right?
MR. ROTHSTEIN: We can hear you just great, can you hear us?
DR. BRAITHWAITE: Very good.
MR. ROTHSTEIN: Okay, take it away.
Agenda Item: Panel IV - Dr. Braithwaite
DR. BRAITHWAITE: Okay, although I am as you probably saw there listed as a co-chair of the Policy Committee for Connecting for Health my day job is the chief medical officer of the eHealth Initiative which is a Washington based non-profit organization dedicated to driving improvement in the quality, safety and efficiency of health care through information technology, that's motherhood and apple pie in other words. It's my pleasure to talk to you by phone although it's too bad I couldn't be there with you.
As many of you know I was the main author for the Administration Simplification Subtitle on HIPAA and worked at HHS for seven years helping to put out the regulations under HIPAA including for privacy and security. I also staffed the President's PITAC report from June of last year. What I'm going to talk to you about today are my private views, my views as an individual, of the privacy issues around HIT and the National Health Information Network.
While working toward driving the adoption of standards and interoperable health information systems and the connectivity to mobilize health information we at eHI are focusing on improving the customer's trust and confidence and trust in the system by bolstering the quality, privacy, and security of electronic health information. We deal with communities a lot and as communities across the country mobilize information across the organizations through multi-stakeholder collaboratives, which is the way we work, we've done pilot projects in this area and worked to develop and share and disseminate knowledge about how this is going for particular communities and how others can learn from that by exchanging information amongst communities.
When I go out to these communities and make some onsite visits the most frequent question I get, maybe it's because know that I was involved in HIPAA but the most frequent question I get is about privacy and security. They're very concerned about whether the HIPAA privacy rule allows them to share patient's information in the way they plan, they're very anxious to get HIPAA compliant model policies and procedures and agreements and so on that can be adopted to their particular circumstances and their state law. These are exactly what Gerry was talking about as the expected products of the Connecting for Health project and I'm very pleased to be part of that.
In June of this year eHI sent out an electronic survey of 100 communities, more then 100 communities, that either had implemented or are trying to implement these health information exchange projects. And one of the questions we asked was what are your most challenging, what are your most pressing challenges related to your health information exchange effort. And two thirds of those people answered that privacy and security and otherwise was either a very difficult challenge or a moderately difficult challenge. 59 percent of the respondents who in addition identified themselves as well underway with the implementation or fully operational cited that their policies that they had established regarding privacy go beyond the HIPAA requirements, some of them because the state that they're in required them to and others because they thought it was appropriate. In all cases it's clear that the communities still need guidance and technical assistance on sometimes complex privacy and security issues before they feel comfortable moving ahead.
Having said that I tend to view the principles underlying the privacy issues at a very basic level and I find the following approach to be very understandable, I use it to explain what was behind HIPAA privacy to patients, health care providers and administrators, and whether it's in the context of HIPAA or not I really believe that these principles are understandable by ordinary people and they can relate them to the environments that we're trying to set up to improve their health care.
The first notice is the existence and purpose of record keeping systems. These systems have to be known about, another way of stating it is that there shouldn't be any secret databases about people.
Choice, information must be collected only with the knowledge and permission of the subject, used only in ways relevant to the purpose for which the data was collected and about which the subject was informed, and disclosed only with permission of the subject or in accordance with overriding legal authority such as a public health law that says that disclosure when a patient has SARS to the public health department is more important to the public health then the individual's privacy.
The third one, access, is the right of a subject to see the contents of records about them and propose corrections through some due process that assures the accuracy, completeness, and timeliness of the information.
Security is reinforce privacy principles, reasonable safeguards have to be in place for the confidentiality, integrity, and availability of the information for its intended purposes.
Enforcement is yet another privacy principle, assurance have to be in place so that violations of the principles that result in reasonable penalties to deter violations and force mitigation of the effects of the inevitable, but hopefully rare, breach to privacy or security.
Don't misunderstand, despite the simple nature of these five principles that I use for teaching purposes, the explanatory purposes, applying them to the most complex human endeavor in history, as I call our health care system, is not at all simple. And many of the privacy and security questions that arise, especially when I'm not in the field, are not answered directly in either HIPAA, the privacy rule, or in the guidance available from HHS. In these situations I refer people back to these basic principles and try to make a reasonable rational judgment based on those principles about what is the right thing to do and then document how they came to that conclusion.
I think the experiences that Gerry talked about in the Connecting for Health implementation project point out how every design and implementation decision connected with health information exchange has to be examined carefully for alignment with the principles and all decisions have to be documented along with their rationale. Some of the questions that have come up in this implementation are just, you wouldn't have expected them, I can go into some detail later if you want to talk about them.
Gerry's talked about some of the practical aspects of how the privacy issues covering most of the third, the first three principles are being handled in Connecting for Health, so I want to talk in some detail about the last two principles and in essence giving you a long answer to your last number six question because you can't have privacy without the appropriate security and enforcement and infrastructure to support the kinds of protections we're trying to put on this information.
The HIPAA security rule sets very general principles in place, it wasn't as specific as the privacy rule, recognizing that the technology and the problems around security change rapidly and people need some leeway, organizations need some flexibility to implement security in different ways depending on their risks and their ability to respond to those risks. And it's true too not only in what they do to protect the information they hold but how they implement security when exchanging protected health information between organizations on the National Health Information Network. And this requires a more well defined and standard set of mechanisms then when you're sharing information among systems that are part of your organization. Obviously two organizations that are sharing information have to implement security in compatible ways otherwise you can't share the information. So the need for standards when you're sharing information across the network is much more acute then when you give each organization permission to do security on its own.
It also requires a degree of trust in the technology and in the other organizations that you're interacting with that's not there today. When we survey our communities one of the things that pops up as a major barrier is the lack of trust between competing health care plans and providers, between providers and plans who have totally different perspectives on how information should be used, and many other aspects of trust that need to be resolved usually through face to face meetings and gradually building up to an understanding and agreement on principles on which a local health information network and sharing can happen.
I really think on a national level the health information network will fail miserably if we don't solve the trust issue around internet communications. I think that the NHIN has to be built on top of the internet, it's the only technology that provides communication capabilities to virtually every health care organization in the country, even small rural locations are able to get on the internet even though it may require a little bit of extra resources for them to do that.
But there are some standard security mechanisms that have to be in place to support this trusting sharing of data between organizations. The first is authentication and maybe the most difficult one. In essence authentication requires a face to face interaction, documentation presentation with someone who can authenticate the identity of the person and to whom it's an enforceable offense to lie. At the moment the only person in our country who can do that in my understanding with any authority is a notary public, typically a clerk in a bank. Totally paper based, they write the stuff in a journal, it's difficult to verify, not capable in general of issuing verifiable electronic certificates that are required for implementation the National Health Information Infrastructure. Although in 2002 they came out with a new model notary public law, I remember each state has to pass notary public laws and most of them are different but they tend to follow this model. So the new model allows notary publics to get certified to issue electronic certificates, but, there are no standards and there are no federal requirements for those standards to be met by notary publics and until those standards are set and enforceable the authentication problem is a very, very serious one.
Authorization, sometimes confused with authentication, requires a secure digital evidence of some kind that credentials a specific entity with certain professional capabilities, essentially a role and a relationship. So a physician, a role of the physician or an employee of an organization or a physician with a particularly specialty, licensing boards on a state by state basis provide a partial solution to this if they got into doing electronic authorizations but a solution for the overall health industry is very scattered, very parochial if you will, at the moment.
The third is non-repudiation, this is a secure mechanism that identifies that an individual is the source of a communication and can't deny it. This involves electronic signatures that guarantee that a message hasn't been altered in transit and guarantees that a particular person sent it. But this requires a trusted source for the keys in the public/private key infrastructure or some other mechanism of putting out encryption and signature keys that are tied to the authentication mechanism, and some sort of standardized algorithm that everybody agrees to use. There are many different ways to get these keys and many different algorithms that you can use today but until health care decides on which one to use very few people are looking at this as a mechanism.
Auditing of course is critical, you've got to record what information about whom was sent by whom and to whom and when, this is the underpinnings of enforcement for privacy and security. And of course you can't just make an audit trail, you've got to actually analyze that audit trail using software tools and humans to detect and investigate anomalies, if you don't do that of course then there's no real enforcement capability behind the privacy and security principles. This is not required by the HIPAA security rules but in my point of view it's poorly implemented in most health care environments.
Encryption, a mechanism used to assure senders and receivers of a communication that it couldn't have been reasonably intercepted by others or altered by others. Again, a trusted source for keys and a standard algorithm is needed.
Transport, this is the easiest to solve, actually the internet is the obvious mechanism and although everybody can get access to it the secure way to use the internet is not so obvious. You all probably experience spam and fishing on your internet email and we have to find a way to do secure electronic communications for health care that other people can't get involved in, in that way or any other way.
Getting authenticated, getting keys, getting security software and so on are relatively easy and trivial by themselves, but they can be expensive, they can come from many different sources, and they can be used in many different ways that are incompatible if specific standards are not followed and we as an industry have not set those standards. We need a single standard, single set of standards, to use in an inexpensive consistent way of getting and implementing these security elements that is trusted, technically, fiscally, and philosophically. Standardization, creation, and maintenance of this relatively complex constellation of services is critical to the future functioning of the National Health Information Infrastructure in a way that protects the privacy and security of health information and we can't do it without this infrastructure.
The last principle of privacy of course is enforcement and as I've said you can't maintain the trust level necessary to feel comfortable about exchanging a patient's information if breaches in privacy and security are not dealt with appropriately by enforcing the rules and the contracts against those who intentionally or negligently ignore them, including require actions that mitigate, as much as possible, the negative effects of breaches that will happen. It's important to plan ahead for these when they do happen and we haven't been very good at that.
HIPAA was written with significant civil fines for these breaches but with enough leeway that HHS has been able to push for voluntary mitigation of accidental breaches and for resolution of system problems to prevent them from happening again. The fines are small, the excuses are large, so in fact although HHS has responded to many thousands of complaints about privacy they have yet to undergo a civil penalty, levy a fine against someone for violations though only time will tell if these mild deterrents are sufficient for this kind of violation.
But they also instituted more severe criminal penalties to deter individuals from making knowing decisions to violate a patient's privacy for their own purposes or for their own gain, and the few that resulted from these made people pay lots of attention to the privacy rule when it came out, it had more attention to the privacy rule then any one of the other HIPAA rules. And it probably led some of the industry to take steps that are more conservative then what was intended, for example I often hear from frustrated providers who see a patient in an emergency room and ask a hospital for a copy of the records and they're told in no uncertain terms they won't get the record unless there's a signed release from the patient as required by HIPAA.
Of course HIPAA doesn't require, HIPAA makes it very clear that there shall be no restrictions on a provider's ability to share or get information for a patient for treatment purposes. So there's much education to do out there and when privacy raises its head in an inappropriate way to interfere with the quality treatment of a patient I get livid and I hope you feel the same way.
As I'm sure you're aware on June the 1st of this year the Department of Justice issued an opinion to HHS on the scope of criminal enforcement under HIPAA and this may have made the criminal penalties under HIPAA ineffective, we'll have to see what happens there, it may in fact require a new law get passed or some sort of clarification to make sure the punishment indeed does fit the crime.
In conclusion, while organizations like Connecting for Health are coming up with the technical and contractual means for implementing a reasonable model for federated health information exchange nationwide I believe the federal government and especially HHS must take action soon to support these efforts with appropriate infrastructure. Only the federal government has the breadth and authority to set national privacy and security standards for health information exchange and to either implement or cause to be implement the internet services described above in a sufficiently robust and trusted manner that they will be adopted and used by health care organizations nationwide.
I think leadership by CMS in adopting the internet, which it has refused to do for the last many, many years despite the pressures on it to do so, and this interoperable communications infrastructure over the internet for purposes of administrative and clinical data for Medicare and Medicaid claims processing, claims attachments, and in the future pay for performance programs would start the ball rolling. However, in the same way that the Department of Defense's DARPA seeded the early internet and enabled the World Wide Web to evolve by setting standards and implementing the basic services of the internet it will take a larger longer vision for the federal government to seed the necessary infrastructure, as we have discussed above, to assure the growth and prosperity of the National Health Information Network.
The Secretary has got a large role to play in getting this right. Many communities that we at eHI are talking to are going through the growing pains right now to discover and implement the sustainable business models necessary to support the regional health information exchange with the expectation of results of these efforts will be higher quality, more efficient healthcare, that results in fewer medical errors. Privacy and security concerns, however, could overwhelm totally such efforts if they're not addressed fully and it's clear that incomplete and fragmented security will not satisfy anyone with privacy concerns.
I believe the National Health Information Infrastructure that will connect these communities will amplify the value of the records but will die on the vine if not nourished by rapid and decisive action from the federal government in the near future to establish and maintain the required secure infrastructure service.
I hope I've been able to contribute constructively to the discussion and look forward to your feedback.
MR. ROTHSTEIN: Thank you, Bill, I'm sure the members of the subcommittee have questions for you and Mr. Hinkley as well so we'll start with John Houston.
MR. HOUSTON: Thank you. Again, I think this was excellent testimony, I'm glad we're hearing, I mean the last two days have been fantastic.
I know a lot of what Bill had focused on were security versus privacy but I really, one question continues to come to mind, is why the internet? I think when I look at other high performance transaction environments, I look at like such as in banking, often they're done on entirely private infrastructures that have performance and security and other attributes that maybe we can't expect from the internet and I know in my own health system which is a regional health system we understand the volume of information and the security issues related to that information is such that we've obviously put very large networks in place, private networks in place, to ensure that we have adequate transmission of data and we can keep it secure and high up time, things like that. Why are you insistent that we really do need to have a reliance on the internet?
DR. BRAITHWAITE: My position on it is that it's the solution to the end by end problem, that is because of the privacy and confidentiality concerns and because we don't at the moment at least have national standards about exactly how we interchange information any exchange of information between organizations, I don't mean within an organization, I mean between them, has to involve a negotiation between those two points. And if you've got two or ten or even 100 different organizations that want to exchange information it's feasible to have that 100 connections to you but each of the 100 has to negotiate 100 connections to you as opposed to everybody negotiating one common set of standard interactions with a common way of communicating with everybody. It just doesn't scale, there are millions of different parties to the potential future information exchange within the United States and I don't see any way to do that on a one by one point to point connection negotiation.
MR. ROTHSTEIN: Thank you. Harry?
MR. REYNOLDS: I have a question for each of you. Bill, first for you, thanks for your testimony. Your survey you did of the 93 respondents, where the 31 said it was not a challenge as far as privacy and security, did they tell you any more then that? They need to come help us because we've heard enough over the last three sets of hearings --
MR. HOUSTON: They don't understand.
MR. REYNOLDS: But I'd be interested in you giving us a little more on --
DR. BRAITHWAITE: Well, it's tough for me to give you more yet but it's certainly something we are investigating further. These are preliminary results from the survey and realize that it was just a survey, so the people who responded were the people who responded and my best guess is that it's not a problem if it's a small community, a small group of organizations, providers, plans, etc., that are already working together and are able to come up with a common mechanism of dealing with this issue.
There are probably, I don't know, in the low 20s, somewhere in the 20s anyway, an actual operational regional health information network working in this country now and they have found some way to make it work. But every one of them has found a slightly different way as far as I can tell to make it work, some of them do it under state law, some of them do it under a mechanism that says every patient who comes to the institutions who are part of our regional network are notified in their privacy notice that this is what's going on. And if you want to complain about it here's who you talk to and if you want to go somewhere else that's okay too.
So as far as I know everybody's doing it slightly differently but we don't yet have a solid understanding of what these 31 had in mind but it would be a good thing for us to go back and try and find out.
MR. REYNOLDS: Thanks. Okay, Gerry, you mentioned that the CFH is moving quickly to develop a first generation set of standards, policies, and methodologies, I picked up on standards because obviously there are a lot of standards out there in the industry right now and since CFH is not kind of recognized as a standard setting body, help me --
MR. HINKLEY: Standards from the standpoint of, not a technical standard as much as a statement of the policy around what the technical architecture needs to look at --
DR. BRAITHWAITE: I think there are two levels, Gerry is talking about the level, the standard agreement that everybody can sign. But they're also saying not that they're a standards setting body or standard creation body but they're selecting existing standards and saying we're going to use this one.
MR. REYNOLDS: That's what I assumed it meant but that's not what the testimony said so I wanted to get clarification on that. Thank you.
MR. ROTHSTEIN: Richard Harding.
DR. HARDING: I'll pass and come back to me.
DR. TANG: I appreciate both of your testimony and I agree with John, this has been really an exceptional couple days. One thing that's come up I think in every panel is the whole notion of choice and there's a couple statements that were made and I just would appreciate your opinion on it. Choice is normally said that the patient, the information is used for the purposes under which it was gathered. Another statement has been made, and most people make this, is that no problem with use of de-identified information or disclosure of de-identified information. Now when you say choice do you mean that a third party should be able to use the information for the purpose it was collected and then reuse information for other purposes to its liking so long as information is only disclosed in a de-identified fashion. How narrow do you define choice?
MR. HINKLEY: Well, I think, Bill, if you let me go first and then you'll correct me. I think what we're trying to focus on is what is the patient's expectation regarding use and so that if that kind of use is going to be contemplated it shouldn't be then someone else can say well gee, we're going to use it for this because no harm no foul, we're viewing that the individual who's making this decision needs to understand the rules that are going to apply to the use going forward --
DR. TANG: Regardless of how it's disclosed, with or without identifiers?
MR. HINKLEY: Well, I mean if that's a permissible use then that ought to be on the table at the time the choice is being made as opposed to somebody else deciding gee, let's go, we've got all this data we can mine and we aren't going to hurt anybody with it.
DR. BRAITHWAITE: My view is that the uses of identified information have to be relatively well communicated to the subject, that the uses, that de-identification can be a use on its own, that is if you inform people that one of the things you're going to do with their information is de-identify it so it can be aggregated and used in research and so on but never identified as coming from you, then the use of that information is put to is not required to be laid out in detail.
MR. HINKLEY: I think we disagree, it sounds like we disagree slightly, I mean Bill, are you essentially saying that there would be levels of de-identified usage that wouldn't have to be explained to whoever is making the choice on use?
DR. BRAITHWAITE: My position is that as long as you explain what de-identification means and that you are going to de-identify this information and use it in some aggregate way for some general purpose that you don't have to get an explicit about how that de-identified information is going to be used and you do if the information is identified.
DR. HARDING: Bill, you're going to have to talk up just a little bit.
DR. TANG: Well, I think there is a nuance and this is one we've struggled with, so for example the famous HIPAA covered entities and I know Bill that you were handed that set of players and HIPAA discusses some of the things you can and can't and how you would de-identify things. What we've heard about PHRs, there are third parties that are not covered entities and actually don't even have a business associate agreement with sources of data and one of concerns is they have no guidance and so I just want to clarify the guidance, to see if Connected for Health is sort of providing under choice and what Bill might be describing as choice and I think there is a little difference.
MR. HINKLEY: And I think just to maybe put that into context, a principle that the Connecting for Health has embraced is that the blanket consents are not necessarily consents, that if you really don't have a level of, if it's buried at the bottom of your consent to treatment or it's that five page thing that one provider I won't name hands you when you're bleeding, it's not, that consent at that point is not particularly well informed.
MR. ROTHSTEIN: Simon Cohn.
DR. COHN: Well Dr. Braithwaite, first it's good to hear your voice and I'm actually obviously sorry that you're not here to join us in person.
DR. BRAITHWAITE: Likewise, Simon, I'd like to go out to dinner with you.
DR. COHN: Exactly, maybe we'll find some time in Washington since obviously you're there a lot these days it sounds like.
Now I'm sitting here struggling, I'm not even sure that I have a question well formed, of course unlike everyone else. But certainly we've been spending this set of hearings as well as others really fundamentally talking about the trust issue and obviously as I reflect on myself I'm a clinician and care for patients but I'm also a consumer and a patient. And just as I reflect on sort of my sense of my own concerns about privacy, I have obviously very, I mean Mr. Hinkley as you commented, a lot of my data is already electronic so with my providers, within my provider environment, I mean I trust that environment, I know about it, it never would occur to me to be too concerned about those issues. I mean I know them, they may be large but I basically trust that environment. Now yesterday we talked about sort of moving beyond just your provider to your sort of circle of, what was the term you used? Circle of care, in other words maybe not part of the same organization but other providers that care for you and that there's also a level of trust there. And then from there you start going off into a RHIO where it begins to feel like well, where is it going, what is it doing, who might look at this, and then you start going cross RHIOs where you start going hmm, I mean once again I just find myself, it's once again it feels like we're stepping things up a notch each time.
Now my question I guess for both of you is that do the same, I mean maybe there's a framework that maybe applies in all cases but do we apply the framework in the same way for all of the cases that I've just described? I mean is there a requirement for more of any of this stuff as we begin to move into the sorts of larger environments or are you all proposing that what's good enough within my environment or within the circle of care is the same standard that we would use either for privacy or security or if my data was being accessed to Georgia?
MR. HINKLEY: Why don't I start? Connecting for Health believes that it is a local decision of how that information could be utilized and that the common framework allows the connection but individual providers and patients decide ultimately where that information is going to go and so that's kind of some fundamental building blocks are that the information resides with the source until retrieved and that the source of that information can make a decision that this data isn't going to get mined by somebody and that's an appropriate decision to be made and there has to be some, just because you found out where information resides doesn't automatically mean that it's accessible beyond what the local rules are with respect to that kind of accessibility. And that begs an enormous question how you structure that but assuming that we can answer that we think that that's the right place and that somehow moving to a national structure should facilitate patients and providers getting what they want with respect to the information they're holding because they believe that it can be helpful in other situations related to the care of that patient.
And so it just makes it work, it doesn't mean that it makes it dysfunctional or that you lose the local controls. And it also may mean that the people who really want, are advocating for access to large amounts of data for aggregating purposes and stuff, you know that their interests are not going to be well served by that kind of structure.
But I think what we think is that's not an ox that's going to get gored in round one, I mean at this point it's got to be the ones who currently control the information or believe they control the information now are not going to give that up in a national context and there's some wonderful benefits to be derived from interoperability, particularly for threatened populations that are probably going to be the first beneficiaries of this kind of method, people who get their care in wacky ways as opposed to when I happen to be in Wyoming on a raft trap, I'm not testifying to make that easier, there are lots of people who are going to benefit from this way more then that but so creating the network has these discernable benefits that have been identified.
But it still at least in our views needs to be driven locally and that there isn't going to be something crammed down from a higher level saying oh and by the way now that this information, we can find out where it is we also get to have it.
DR. BRAITHWAITE: I will add to that mantra of local storage and control by observing that just because you implement technology that enables the sharing of data does not give anybody a permission or requirement that they in fact share it.
MR. ROTHSTEIN: Thank you. Bill, could you repeat that last sentence? We didn't quite hear it in the room.
DR. BRAITHWAITE: Sorry, I was going to add to the mantra of local storage and control by saying that just because you implement the technology to enable the sharing of health information beyond the circle of trust that you currently have, whether that's your provider or a group of providers, your circle of care, your RHIO or whatever, does not mean that it has to be shared or that anybody has permission to share it. We believe that the decision to whether or not you share that information is local with the organization or person who has the current storage and control over that information and they should keep it.
MR. ROTHSTEIN: Thank you. I have no questions. Maya?
MS. BERNSTEIN: We've been talking about this presumption that trust is essential to the network and that basically we don't have trust now from your survey and from other testimony that we've heard and Simon echoed it in his comments about how as information is more available at each level more nationally people are, he or other people are less comfortable with it. So I'm wondering how it is we, that we can be easily, or you can be easily advocating sort of pushing quickly ahead and even asking for secretarial action to help push ahead with this kind of technology knowing that consumers and patients are not comfortable with it, how do we recommend, how do you recommend we change that public perception and my sense is that the public doesn't know anything, your average consumer doesn't know anything about security measures, about authentication or encryption or I mean whatever, they just don't trust that their information is going to be out there. So until we change that public perception is this kind of proposal pretty sure?
DR. BRAITHWAITE: I think not, the reason I think that is because the very reasons that people don't trust the current way we share information which in most people's perception is what they perceive as the internet or the web is because we don't have the security features in place that I've been talking about. If you are absolutely assured that any message you send would arrive at the location you sent it to, could not be interfered with during the process of sending it, it could only be read and understood by the person you sent it to, and the person who received it could be absolutely assured that you, and only you, could have sent this information, then we can start building from all these kinds of communication --
MS. BERNSTEIN: But my point Bill is I can be assured but I'm not going to believe it, that's the problem. You can put all that technology in place and tell me it's really great but I don't believe you.
DR. BRAITHWAITE: [Comment off microphone.]
MR. HINKLEY: What I was going to say is this is all, I mean what we're doing right now is about that, is to have this national debate about what is going to be required to create trust. I think if you kind of look at how at least medicine is appreciated in the United States and how the regard with which people hold their physicians, the medical community assuming that it adopts it more affirmatively then it may have to date is going to help go a long way with that, I mean I'm not, this is personal obviously, I'm not, I don't know whether Got Milk? is going to be the way to get this Got Trust? across but it's the people that you've always trusted with your care will be adopting something new.
When I go to my doctor and he says you know we're going to give you new hips I don't have to believe in that, I trust that, and so I think the system can, assuming that the kinds of things Bill is talking about which he understands to a much greater technical degree then I do, if those things are there and if physicians who tend to be an extremely knowledgeable group generally on all kinds of subjects, and I've learned that over many years of practice with physicians, if they start telling their patients this is how we're going to do it I think that's going to take us a long way. But I think it's kind of a dialogue generally that is going to move it along and there could be some perverse things in connection with this depending on what kinds of incentives get added to utilization of technology, they could either drive that kind of adoption of a trusted attitude or not and that's a whole other conversation.
DR. BRAITHWAITE: Building the technology to enable trust and not force trust on anybody, it's a long process.
MR. ROTHSTEIN: Beverly Peeples.
MS. DOZIER-PEEPLES: I guess this question is for both of you, I guess I'm hearing kind of contradictory statements, I think I'm hearing some kind of contradictory statements, you said that we really don't have the secure environment on the internet now to make, to do these transactions and share this electronic health data on the one hand but there's a statement in Mr. Hinkley's testimony where he says CFH favors federated databases as contrasted to centralization of clinical data to reduce the risk from hacking and privacy spills and yet you intend to securely use the internet to connect these institutions to each other in the prototype and I guess tangenally(?) related to the previous statements I guess if this prototype is able to securely use the internet to connect you will build some trust. But I'm wondering why you think this federated databases are going to be more secure then a centralized database when you're using the internet.
DR. BRAITHWAITE: I hear two questions there, let me address at least one of them. There are technologies and standards available today to make trustworthy communications across the internet between point A and point B. The problem is that you can't do that unless you know who point B is and set up that trusting relationship out of band as they call it. You have to get to know them or you've got to communicate with them in some other way then the internet to make sure that you know who they are and agree on how you're going to encrypt and sign the information you're going to exchange. The standards for doing that are available today, what I'm talking about are standards that everybody can use in the health care industry so that when you get a message from Dr. XYZ in Alaska that you've never heard of before that you can trust that it's that person because you can look it up electronically with someone in fact you trust that this person in fact is a physician that works for an emergency room in a certain place, whatever mechanisms you need, and works under the policies that you had also agreed to to share information securely across the internet using specific standards. But you have to sort of build the mechanisms to allow trust with people you haven't built that trust with before over a long period of time.
MS. DOZIER-PEEPLES: Thank you for that clarification. And I guess the other part was --
DR. BRAITHWAITE: The other part was why federated instead of centralized?
MS. DOZIER-PEEPLES: Right.
DR. BRAITHWAITE: In a sense all record databases are centralized because unless you carry around your own medical records and they're not kept anywhere else, which is one of the things you addressed I think in the first question, your record is kept with other people's records someplace, whether it's in your doctor's office or in the Kaiser system or in some national database or in some localized database, it's mixed up with other records.
The real question is if you put everybody's record in one huge database in the sky could you protect that as well as you can protect the individual sized databases that we have now and our belief is that given the current technology and the current ability to protect things that if we keep the databases relatively small and under the control of the people who interact with the patients directly that that will provide the best combination of knowledge and security and diversity of information sources to protect the information and still allow it to be shared in a standard way using controlled security.
MS. DOZIER-PEEPLES: And I guess that's consistent with some of the other testimony we heard regarding greater centralization equals greater potential risk for disclosure so I guess that's consistent with what we've heard before. Thank you.
MR. HINKLEY: And it also I think the concept of independent databases that are connected through some kind of federation, that doesn't mean that the data is commingled, it means that their systems work in parallel, and then that supports the notion that you can maintain local control rather then having attributes in a central database that say well gee this is controlled by X so we can't do something, actually having that source of data be able to control the outflow supports the local control concept. And I think as Bill described we believe that it's better to have a whole lot of smaller pots of information then one centralized pot that could be an easier single target.
MS. DOZIER-PEEPLES: Thank you.
MR. ROTHSTEIN: Thank you. I want to thank both of you, the members of the panel number four, for providing us with very valuable testimony. I want to briefly before we break for lunch go through the schedule for this afternoon so that the subcommittee members know what it is that we're going to be doing. The first item that we are going to be taking up is the draft letter report to the Secretary on personal health records, you should all have a copy of that, we have been asked by the NHII Workgroup and the Executive Subcommittee to take a look in particular at the privacy section of that which begins on page seven and in fact there's a paragraph before the privacy second on page seven that I would also call your attention to. So we're going to begin taking a look at that, on page seven, the paragraph before privacy and the entire privacy section which runs through recommendation number seven at the top of page nine, so that will be our first item of business.
After completing that then we will go to a discussion of what do we do next with regard to the NHIN and our recommendations and you might want to be thinking not so much in substantive terms but in procedural terms as to how we should proceed, and we will be having a discussion on that in terms of our timetable, our method of operation and so on and so forth, and that will precede any discussion that we have.
And our quitting time for this afternoon I'm going to keep flexible because I don't know how much the subcommittee wants to do of a substantive nature and so we'll leave it up to you how much to do on that today.
MR. HOUSTON: Can I suggest we at least try to get some general themes decides upon?
MR. ROTHSTEIN: Well you certainly may suggest that and we'll take that up right after lunch. It's now almost 12:30, how about if we take an hour and resume promptly at 1:30. Okay, thank you.
[Whereupon at 12:30 p.m. the meeting was recessed, to reconvene at 1:40 p.m., the same afternoon, August 17, 2005.]
MR. ROTHSTEIN: Well we are back with the subcommittee discussion portion of our meeting and if you can get your copies out of the --
[Briefly off the record.]
Agenda Item: Subcommittee Discussion
MR. ROTHSTEIN: Okay, if you could please turn your attention to page seven of the draft PHR letter and I want to begin with the paragraph that precedes the section on privacy that begins of note. And if it's okay we'll do it sort of this way, does anybody have any comments or suggestions for any changes in the language in that paragraph? This is page seven, the paragraph before privacy that begins of note, because it does have a privacy component even though it's not in the privacy section.
DR. TANG: I guess I question the at a time when information is viewed, why we need that.
MR. ROTHSTEIN: Who's on the phone?
MS. HORLICK: It's Gail Horlick, I'm sorry, I forgot to put it on mute.
MR. ROTHSTEIN: That's okay. Is there anyone else on the phone besides Gail?
MS. MCANDREW: Hi, this is Sue McAndrew at OCR.
MR. ROTHSTEIN: Hi, Sue.
MR. HOUSTON: I think use of the word commodity is the wrong --
DR. TANG: I found it not to contribute and also potentially to detract from, I mean I don't know that anybody has ever said personal health information is a commodity, so I mean the simplest way I would suggest was just to get rid of that sentence.
MR. HOUSTON: I think there's a value to it, in fact commodity implies that there's some --
DR. TANG: The next sentence, the rest of the sentence describes our concern so there's a second, I mean secondary use is one of our biggest concepts that we need to deal with I think, it says that in all the rest of the paragraph without that sentence, I think.
DR. COHN: Let's take a hard look at it, so basically you're just saying get rid of that whole sentence?
MR. ROTHSTEIN: Paul, I didn't write this, I don't have any pride of authorship, is it the word commodity or is it the sentence? If it were changed to at a time when information is already viewed as having economic value in other sectors personal health information is also being termed, or exploited for its economic value or something like that. Is that okay?
DR. TANG: That's setting up our argument, right, exactly right.
DR. COHN: That sounds a whole lot better.
MR. ROTHSTEIN: Mary Jo, do you --
DR. DEERING: -- also be exploited --
MR. ROTHSTEIN: For its economic value, is that okay? Or has the potential to be exploited for its economic --
MR. HOUSTON: Commodity, something has value, commodity I'm thinking of something in bulk, it's fungible, you can have this or that, pork bellies, exactly, as opposed to --
PARTICIPANT: Sort of denigrating --
MR. HOUSTON: Exactly, it makes it into this --
MR. ROTHSTEIN: Okay, I have a problem --
DR. COHN: Mary Jo, did you get it?
DR. DEERING: Let me read, at a time when information is already viewed as having economic value in other sector personal health information also has the potential to be exploited for its economic value.
MR. ROTHSTEIN: is everyone okay with that?
MS. BERNSTEIN: That removes yourself from the fact that it now has economic value in the marketplace, it sort of says potential and may have and all this, it definitely has growing value, it already has existing value, it's being done now.
DR. TANG: And actually we want to pose it as a threat not an opportunity. So what happens if we take it back out?
MR. ROTHSTEIN: Mary Jo, could you read the sentence again?
DR. DEERING: At a time when information is already viewed as having economic value in other sectors personal health information also either has the potential to be or may be or is being exploited for its economic value --
MR. ROTHSTEIN: How about is increasingly?
DR. DEERING: Is increasingly being?
MR. ROTHSTEIN: Yeah, would that get it across the --
DR. TANG: We'd have to justify it more, that's a claim.
MR. HOUSTON: This letter is supposed to set up the emerging trend of PHRs and what we need to do in order to adequately embrace them. To argue that the information already has value sort of makes the assumption that PHRs are widespread which I think, that's not the case --
MS. BERNSTEIN: We're just talking about medical information generally, not PHRs in particular --
MR. HOUSTON: The way Mary Jo modified it used the word PHR which is the only reason why --
DR. DEERING: I didn't mean to, I said personal health information, I may have misspoke and said record, I meant to say personal health information.
DR. COHN: So where, Mary Jo help me, so basically we're on, there's the first sentence, is it PHR systems or --
DR. DEERING: Health data in PHR systems, the health data contained in PHR systems, at a time when information is viewed --
MS. GREENBERG: That implies that health information, it says other sectors so it implies that health information doesn't currently have value, of course it has enormous value, so I think you're setting up a dichotomy that doesn't really exist here.
DR. TANG: Again, taking it back out --
MS. GREENBERG: I would take out that in other sectors, it's already viewed as having value, health information retained by a person --
MR. ROTHSTEIN: I think that's a very good suggestion, at a time when personal health information is already viewed as having an economic value personal health information in PHRs --
MS. GREENBERG: Or PHRs --
MR. ROTHSTEIN: Could be exploited.
MS. GREENBERG: Exploited, I mean the fact is it's not as if that's not --
DR. TANG: I wonder if instead of setting up another argument just go off of the first sentence.
DR. COHN: I'm actually sort of coming away with a second sentence seemingly to be unnecessary --
DR. TANG: Or embellish the first instead of creating a new argument, so you're saying there's an emerging tenet of secondary uses, some of these uses may not be for health related purposes, see what I'm saying?
MR. ROTHSTEIN: See we use the word trend in the first sentence and so if we took out the second sentence the third one would still make sense as it is.
DR. COHN: Could I ask an odd question?
MS. GREENBERG: Just to leave it, I thought of that also.
DR. COHN: I think that may be the simpler solution here since we're stumbling over. Now let me just ask a question and this more a question of fact, is the first sentence true as an emerging trend?
DR. TANG: Well we heard, we had entire session, half day session that described, that alluded to it and I know Jeff Blair brought up the fact that there was an impending announcement about another --
DR. COHN: But that one turned out not to, at least to my knowledge, be an example of this, so that was what I was --
DR. TANG: Our whole problem is we don't know, there's nothing that's been stated that would refute whether that was going on or not.
DR. COHN: Well, when you start talking about an emerging trend that's a very strong statement of current existence as opposed to being concerned about.
MR. ROTHSTEIN: All right, how about if we say of note, NCVHS is concerned about the secondary uses of health data contained in PHR systems.
DR. TANG: No, we heard about this concern --
MR. ROTHSTEIN: That's what I think Simon is questioning whether that in fact --
DR. COHN: No, I think we heard about the concern, I'm talking about trend --
MS. GREENBERG: I think you heard it was actually happening.
MR. ROTHSTEIN: Okay, NCVHS heard of a growing concern about creating a secondary --
DR. TANG: Okay, one of the examples was the reinsurance, request, require of the primary insurer to send information, which actually the testifier felt very uncomfortable with and almost somewhat pleaded with us to address this issue because that person was not going to find any place to buy secondary insurance unless they gave up all information about their clients. It's a compelled consent kind of a thing.
DR. DEERING: I think part of, if I can also hark back to some other concerns was that in fact, and we touch on this in the privacy section that follows, that where we say that some business models of some PHR systems may be predicated on the secondary use of data. That's in the privacy section and I think the reason we used market language here is that both this administration and many testifiers do talk about the PHR market, we want the marketplace to drive this, we want this to be consumer drive, it was a lot of market language, market oriented language when people talk about PHRs. And so we wanted to sort of pick up on that language and reflect what we had heard and observed in the context of that heavy market orientation and be really responsive to those people in this particular section since this is on value and we're talking about the market. So we wanted whatever this paragraph says or these sentences say to be very specific to people who think market and we want the consumer market to drive this.
MR. ROTHSTEIN: So where are we?
DR. DEERING: I agree with Simon that we didn't really hear an emerging trend of creating the market, that was added in one of the final revisions by someone who was just trying to be helpful, I think we originally started almost at that sentence about the potential of it to, of personal health information acquiring a value in the marketplace.
DR. COHN: Let me make a comment about how this paragraph has evolved and I'm actually wondering, as I'm looking at this real hard I'm actually finding myself having a number of questions about the whole paragraph. And number one is I want to remind everyone that, once again and there may have been things that I just didn't hear or passed over me, my short and long term memories don't seem to work quite as well as they used to. But what I thought I was hearing was a lot of concern about new offerings potentially doing these sorts of things and it turned out that the new offering that everybody was being concerned about, at least as I reviewed their privacy policies on the web, I can't cite this as an example concern here. So the question is is this would obviously have to be along the lines of not confirming a trend but just more concern something like this might happen. Now the other piece is that this paragraph was originally around more general marketplace issues, not around privacy issues, this was more like somebody going bankrupt and therefore the data, I mean some sort of a marketplace failure and it has sort of now --
DR. TANG: But those examples do exist --
DR. COHN: Oh, do they? Okay.
DR. TANG: Yes, an example of EHRs and PHR companies going bankrupt and the assets being sold, given away to the purchaser or to employees who for further interests, that's a known as an example. The fact that some groups, it could be an employer that sponsor PHRs, use the information for other purposes other then for you to make sure that you're getting your hemoglobin A1C, and that goes back to the choice thing, and then the whole reinsurance, the purchase of your lab test results from the lab vendor instead of from the patient, going directly to Quest and basically getting all of your lab test results. Those are things we heard about.
DR. COHN: Yeah, but that's not a privacy or marketplace issue.
DR. TANG: The first one, the bankruptcy is marketplace, the marketplace issue is there was a transaction, a financial transaction, from people acquiring data from the source, that's market driven, there was obviously a financial reason for doing that. And those are, maybe the trend was, we heard of this more and more with every panel and the trend was our awareness trend --
MR. ROTHSTEIN: Paul, let me ask members of the subcommittee to take a look at the very last line on the page that begins, because this issue is addressed again, it begins several PHR vendors testified that their companies have no access to any patient data --
DR. COHN: Where is this now?
MR. ROTHSTEIN: The very last line on the page, last sentence, several PHR vendors testified their company has no access, however the committee is concerned that some business models involving third party data warehouses could be predicated on the secondary use, including sale of the consumer's data, blah, blah. So it is restated on the conference call, there was a thought that it needed to be also mentioned in the marketing, commercial area. One option is to just delete the entire paragraph that begins of note and let the other statement that I just alluded to be the total discussion.
DR. TANG: In some sense that's what I think Mary Jo did because she referred to, said this is going to be discussed later on under privacy, but I assume she raised in under marketing because there are, because there is a market benefit for getting access to and using in other then health care, for other then health care purposes, this information.
DR. DEERING: Well I think it was also for health care purposes but it was this notion that again market driven third party offerings, one of which we did not hear about but which was I think alluded to but we didn't hear direct testimony on it, I mean specifically says this information is of value to pharmaceutical companies and others doing population health surveys and we are going to put the ownership of that data in the patient's control so they're the ones who can be paid, who can agree up front and be paid to consent to the use of their information. So that was just one more point where it's proper with consent supposedly but where it's this emphasis on the value, the economic value and the exchange propositions. And again in the context that so many people see PHRs as being market driven and there's so much of this rhetoric out there, well let's let the market drive them, let's not do anything that's going to effect the market. I think Simon's concern about bankruptcy as well as secondary uses, we were trying to not focus exclusively on privacy but allude to if you just allow the market to determine where these go there could be unacceptable consequences.
DR. COHN: It just doesn't exactly say all that, I mean and I'm just not, the problem I'm having as I read it, I mean I know all the things that you're saying and I sort of share the concerns, I'm just not sure, I mean we're not doing a very good job of describing that since Paul thought it was primarily around sort of secondary resale of data and I guess I'm not sure that, I guess part of the question I have is do we really want to bark into this area or are we better just taking the paragraph out?
DR. DEERING: Could I suggest one possible approach? And I don't mind taking it all out, let's take out the first two sentences and maybe even modify the third which implies that all we're talking here about is secondary uses of data, and let's allude to the paragraph above, and the two paragraphs above that talk about market drivers and perhaps we allude only to NCVHS, we try and move more directly down into the second half of that last paragraph that says NCVHS is concerned that an over emphasis on market drivers to determine the future of and just set aside any of the other specifics and just tack it directly onto those two paragraphs that emphasize the market.
DR. COHN: Well, that's not what we were saying either though --
DR. TANG: A big crux of our argument is for informed, truly informed consent, awareness and consent to let things happen with your data, so one, we want to push, make a big educational push to help people understand the personal health benefits of sharing your health information in a responsible way. One of the things some people including myself and other consumers did not know is what happens with some of these secondary uses. So just like we're trying to promote the health benefits to the individual and populations I think one of our goals is to help people understand the risks that they may not be aware of and secondary uses is not even on the radar of anybody.
DR. COHN: But Paul I would agree with you except I think that's covered in privacy.
DR. DEERING: That's covered in the next paragraph, that's where we really get into that in depth in the next paragraph.
DR. COHN: I think we say well here, I guess I'm finding less and less reason for this first paragraph, we can go back and look at it after we go through privacy if you want to --
DR. TANG: I think your main criticism isn't what our concerns are from the market driven, from the response to the market, the market's response to this opportunity were not well described, that's probably the biggest thing.
DR. COHN: You see the reason I proposed this originally had to do with more marketplace failures, bankruptcies, these whatevers and all of that stuff, this doesn't in any way, as I look at this part now we've modified this so much that it no longer sort of represents that and I don't know that there's a value added of what we're saying here.
MS. BERNSTEIN: I sort of think there is a value and because this section has to do with market value, I mean what's happening, this whole section aside from this little paragraph has to do with the value to different role players in the market of data. And I think the market failure that you're talking about is not just when a bankruptcy occurs or something like that, that's actually not really a market failure, that's a business failure in which we have a way to deal with it in the market, the market failure is that consumers don't own their data and therefore are not playing in the market. The data is bought and sold without the consumers being able to negotiate about that. And the failure is that they don't get to play and so their interests aren't taken into account.
But there is a significant market for businesses and I think it's important to sort of talk in this section about the economic value of the information and then to follow-on by talking in the privacy section about the more consumer oriented parts of that. But in the value part, I mean to whom is the value, the value is really to various types of commercial entities and then the question in the privacy section is how are we going to balance the problem of consumers not having really a role in that market with privacy rules. At least that's the way I see it.
DR. TANG: So in fact in this table key benefits or beneficiaries we have omitted some other ways of using data and deriving benefit including financial benefit and so we're sort of making up for that by this paragraph, we didn't do a good job of it, that's the main --
DR. COHN: And I guess that was really the frustration I was having. John Paul?
MR. HOUSTON: I listened to what Maya said, I have to agree that it does act almost as a good transitional paragraph between the two sections --
[Multiple speakers.]
MR. HOUSTON: I would argue that if you look at the sentence structure maybe what you want to say is of note, NCVHS emerged an emerging trend of creating a market for secondary uses of health data, period, or there is a market for health data, and then use that sort of as the transition of saying that we suspect that's going to occur with PHRs, we hadn't really heard the testimony but that does raise issues of privacy which we are going to explore below.
DR. TANG: So maybe the second sentence after you said there's maybe some other value to this health data is that that may create tension between the health care uses of that data and other ways of deriving financial, I'm not saying that correctly --
MR. HOUSTON: I think if we simply use it a segue into privacy I think that's, I'd argue that's sort of --
MR. ROTHSTEIN: Okay, keep in mind this is a section that does not have its own recommendations and it is just a mention of our concerns, there are recommendations of course that flow in the privacy section. And not to shortcut this discussion but it's going to be discussed again at the full committee meeting in September and we also have this other matter of the NHIN on our agenda for this afternoon.
DR. COHN: Okay, well I guess what I'd say is, I mean Maya, and Mary Jo, if you want to just try reworking this somehow we can talking about it at the NHII conference call, I think we're all sort of saying as it is it's not right, it either needs to be deleted or simply approved. John Paul, I sort of liked where you were going in many ways and maybe being a little softer but providing it as an introduction to the privacy issue.
MR. HOUSTON: Again, I think we have evidence of the secondary uses of PHI, not necessary in PHR systems, so we can say that's the case and I think it's reasonable to argue that this does raise privacy concerns as well as concerns over people's willingness to engage, be involved in PHRs, and that we will discuss it more fully below. And just leave it at that because I don't think, I think the rest of it, we talk about it in privacy.
MR. ROTHSTEIN: Harry, I'm sorry?
MR. REYNOLDS: Something like testimony illuminated that marketing and resale of data are continuing problems in the U.S. PHRs contain health information that will be profitable when used in secondary ways. The privacy section below begins to recommend a structure for protection against such practices.
DR. DEERING: The only thing I want to say back to Simon is that now we have gotten, if that's the direction we go we have gotten 100 percent away from his original concern which was not to limit it only to privacy and not to use it exclusively to set up privacy concerns and to try and say if you're going to view this as a market effort then you need to be mindful of things in addition to privacy where government oversight might be needed as with any other market. And so we've now totally lost that --
MR. REYNOLDS: That's the reason I wrote that last sentence like I did is it doesn't lose it, my last sentence says the privacy section, I talk about marketing and resale as big issues and the PHR has health information which is still under marketing and resale in my sentence, and then it says the privacy section below begins to recommend structure for protections against such practices. It doesn't say privacy, protection against the marketing and resale which is the section you were in, that's why I tried to write it that way.
DR. DEERING: I'll take it.
MR. REYNOLDS: I'm not trying to use my words, because then it does still leave it, it's marketing and resale are the issues up here but we use privacy, the recommendations in privacy relate to how to fix that and so that's why I tried to write the last sentence like I did.
MS. BERNSTEIN: I wrote another couple. They're similar to these but I sort of tried to tweak this, NCVHS observed an emerging concern about the potential market for individually identifiable health information. As with other economic sectors personal health information is a commodity acquiring value in the marketplace, and then it goes on, or we can pull together what Harry was just talking about.
[Multiple speakers.]
MR. ROTHSTEIN: We've talked about virtually every word in this paragraph except the part that I'm concerned about and that is the last sentence, the otherwise sentence, the way it reads now our only concern is that it's going to undermine the NHIN and I think we need to express concern about the breach of confidentiality. So I would propose changing the last sentence to read as follows, otherwise besides breaching confidentiality the likely loss of confidence in PHRs and PHR systems could effect consumer's trust, blah, blah, blah, I mean you can smooth out the language but I need, I would like to see us emphasize that we're concerned about two things, if that happens there's going to be a breach and second people are going to lose trust.
MS. DOZIER-PEEPLES: The impact on the individuals and the impact on --
MR. HOUSTON: One point though is that on line 24 we don't limit consumer trust just in PHRs, we're really talking primarily about the consumer trust, the resulting consumer trust or lack thereof in electronic health records in NHIN, so we're really starting, we're framing the issue and saying we have concerns about, if this happens with PHRs the impact will be on EHRs and NHIN --
MR. ROTHSTEIN: Well I understand, but that's one concern, and the other concern is we would be upset if confidentiality were breached in any way, that's all I want to say.
MR. HOUSTON: I think it's implied but I understand your point --
MS. BERNSTEIN: I have to say I was moved by the testimony today in which they were talking about the import of a breach of confidentiality is not the breach itself but the harm that comes from the breach, which this doesn't say yet, that one of the harms is to the system itself --
MR. HOUSTON: Consumer trust --
MS. BERNSTEIN: Right, to the system, but to the consumer, him or herself, I mean the breach itself is not the harm, the breach is, I mean the harm to the consumer is potential discrimination, loss of reputation, those kinds of things that result from the breach itself. Because if somebody finds out that I'm in lipitor or whatever, who cares unless they can harm me with it.
MR. HOUSTON: No, but I think the point being though is that in the aggregate what you end up with is a lack of trust by consumers in EHRs and in NHIN which is --
MR. ROTHSTEIN: That is one thing but I also think that we need to express concern about the fact that this would, that would be a breach of confidentiality and one of the consequences of that is to undermine the trust in the whole system. I don't doubt that but I just want to add a little thing at the start. Mary Jo?
DR. DEERING: Here's a way to also capture what Maya was saying and it could still be somewhat further tweaked, otherwise besides breaching confidentiality and potentially harming the consumer him or herself such a breach of confidence could --
MS. BERNSTEIN: Effect trust in the whole system.
MR. ROTHSTEIN: I'm fine, good, I'm happy, everybody happy? Okay, so we've got six votes for that.
MS. GREENBERG: I hate to jump in here but we have said that, I mean I guess the problem is what is this tacked on to because it's one thing to say that personal health information has a value in the marketplace, now we jump to the assumption that we have breached confidentiality. Now it may be that the rules for this particular personal health, or these personal health records allow for this and that's the problem, so you haven't actually breached confidentiality, confidentiality is only breached when you do something --
MR. ROTHSTEIN: If this were an unauthorized disclosure --
MS. GREENBERG: Unauthorized would breach confidentiality --
MS. BERNSTEIN: Actually what we're concerned about is an authorized disclosure, an unanticipated by the consumer but perfectly legal secondary use of the information, that's what this letter is about.
MS. GREENBERG: But then it's not a breach of confidentiality.
MS. BERNSTEIN: Right, but what's still a problem --
MR. HOUSTON: It's akin to the compel to disclosure issue where if you want to participate in a PHR you're almost forced to accept the secondary uses which you as a consumer may not like but because you recognize the value of the PHR, or you don't recognize the fact that these other secondary uses are going to occur --
MS. BERNSTEIN: But you may not even know about it.
MR. HOUSTON: That's what I'm saying, that's what I just said, they may not even understand that, that you've agreed to it, and all of a sudden you find you're getting --
MS. GREENBERG: I understand all that but that isn't the breach of confidentiality.
MR. HOUSTON: That's not a breach, you're saying it's not a breach and I agree, you are correct, what it is is some type of --
MS. BERNSTEIN: But I think Mark's concern is still the same, that is the consumer is harmed by a disclosure that they didn't anticipate or understand was going to happen to them and that will undermine the trust in the system.
MR. ROTHSTEIN: Exactly.
MS. BERNSTEIN: But I think Marjorie is right, we can't call it a breach because it implies that it's somehow not legit --
MR. ROTHSTEIN: Okay, Mary Jo?
DR. COHN: We're quickly losing this paragraph I've got to say.
MS. GREENBERG: I'm really thinking this paragraph needs to go --
DR. COHN: If it's taken us 45 minutes and it's still --
MS. GREENBERG: -- because you really deal with these issues under privacy, so I haven't caught the value of keeping this paragraph --
MR. ROTHSTEIN: Because the concern is a privacy concern, right, it is a privacy concern --
MS. GREENBERG: It is a privacy concern and I think it's addressed here, it's a legitimate concern. But I think when you have this much trouble with a paragraph it needs to go.
MS. BERNSTEIN: This is not an easy problem, if you want to solve it easily it's not going to happen, that's what I was trying to say in my email the other day.
DR. DEERING: Why don't we move on to the privacy section and see how far we get to addressing some of these concerns --
MS. GREENBERG: Maybe I'm being a little flip because what is the benefit of having this paragraph when you already have the stuff that comes below it?
MR. HOUSTON: I will tell you what's the benefit, because there was at least bringing up the fact that secondary use, there is a secondary use value to some groups, organizations, of this data. This paragraph discussed value and all we were trying to say whether we agree with the value proposition or not the secondary use created value for somebody --
MS. GREENBERG: And that's not said anywhere else?
MR. HOUSTON: I don't believe that it is, that's why that paragraph made its way in there.
DR. COHN: I mean I think A, I'm not sure that the confidentiality last sentence needs to be there, we can try it with all of this stuff up to that because we obviously got ourselves into a complete knot in these conversations about is it confidentiality, is it whatever.
MR. ROTHSTEIN: Mary Jo, are you confident that you might be able to save the last sentence?
DR. DEERING: not necessarily but I'm willing to try.
MS. GREENBERG: How about just one sentence that says something like --
MS. BERNSTEIN: I'll work on it.
DR. TANG: I'll work with Maya.
MR. ROTHSTEIN: Okay, sounds great. All right, let's move on to the first paragraph under privacy. Anyone have any issues with that?
MS. DOZIER-PEEPLES: Taking into consideration Nicholas Terry's testimony and his definition of privacy versus confidentiality and control on the front end or the back end I'm wondering if we might want to add confidentiality to the privacy and kind of make a distinguishing comment about that in this section because I don't see it right up front.
MR. HOUSTON: I don't like his definition --
MS. BERNSTEIN: I don't either and the privacy people won't agree with it generally.
MR. ROTHSTEIN: But not withstanding his definition I think you make a good point about calling this section privacy and confidentiality --
DR. TANG: And we'd have to be consistent.
MR. ROTHSTEIN: I understand, the first sentence says that privacy issues, so we'd have to say the issues of privacy and confidentiality.
DR. TANG: No I mean we'd actually have to separate privacy and confidentiality and then use it appropriately, that's the only danger.
MR. HOUSTON: See I think privacy is something, a moniker that we've, with HIPAA and everything else I think people have gotten used to that as being the heading for --
DR. COHN: So we may be okay --
MR. HOUSTON: I think we are, I think --
MS. BERNSTEIN: I think confidentiality is one facet of privacy which has a wider range of things then he was defining.
MR. ROTHSTEIN: Okay, but it's a comment that certainly resonates with me and that I want to deal with in our NHIN letter.
MR. HOUSTON: I agree with that.
MS. GREENBERG: I don't know about his distinction exactly but it is a legitimate --
MR. ROTHSTEIN: Absolutely.
MS. DOZIER-PEEPLES: Then at the very least I would suggest the first sentence be modified as to state that the privacy issues are complex, not that privacy issue is not one issue.
MR. ROTHSTEIN: I think that's fine. Okay, any other concerns or comments on the first part?
DR. COHN: Actually I like the first paragraph --
MR. ROTHSTEIN: Okay, good --
DR. COHN: I was just going to comment to Mary Jo that we've gone through a lot about control and ownership and whatever and I think that their place here is pretty good.
MR. ROTHSTEIN: Second paragraph, it's a long one --
MS. DOZIER-PEEPLES: I'm sorry, I had one question about the last sentence and I wasn't part of the drafting so I don't know, why are we listing in the last sentence on line 41 the difference between consumers and patients? Because of insurance? I didn't get the --
DR. COHN: That goes throughout the document.
MS. BERNSTEIN: The distinction for me as a consumer is someone who's healthy and who's out there looking to consider options, a patient is someone who is needing treatment --
MR. ROTHSTEIN: Not only that, there's a distinction that we made I believe in the NHIN draft is that there are many individuals who have relationships with health care providers that's not a patient/physician, so you're dealing with your pharmacist.
MR. REYNOLDS: One other comment, I think consumer is going to be key going forward in general is I disagree a little bit with the testimony earlier, more and more people are buying their own insurance, that's the fastest growing segment of the population with groups getting out of it so consumers are going to be buying more things and so I think I buy it as a consumer then I use it as a patient. I think that's a key distinction --
MS. GREENBERG: Lawyers shouldn't try to be economists right.
MR. ROTHSTEIN: Okay, are we okay with the first paragraph? Sold. Second paragraph.
MR. HOUSTON: Can I make a suggestion on the second paragraph?
MR. ROTHSTEIN: Sure.
MR. HOUSTON: Paul, I defer to your learned judgment. I believe that we should split this into two paragraphs and I would say the point where we split is on page eight, line eight, at also, I think there's a point, there's a natural break there where we start to, where we start to talk about providers that are not covered entities, so I think there is a break point there.
MR. ROTHSTEIN: Without objection? So disaggregated.
DR. TANG: May I comment on Part A? The old first top half of it, and this is just more a little bit flow so before the while there may be benefit to secondary uses, stick line seven, consumers using PHR systems may have low control over secondary uses, while there are many legitimate beneficial secondary uses such as with marketing surveillance, etc., the consumer/patient should have the right to make an informed choice when signing up for one of these PHRs.
MS. DOZIER-PEEPLES: What does that mean? Does that mean, I mean what does that mean? Does it make a chance to opt out of these legitimate uses? I mean what are you saying?
DR. TANG: Right now at this point we're just saying they need to understanding what's happening to their data, we have introduced the concept and also be able to make an informed choice.
MS. DOZIER-PEEPLES: Well what is the choice? To be in or be out? Not to include or exclude data?
DR. TANG: No, at this point to be in or out.
DR. DEERING: So it would read, starting from the top the sentence would be however it's concerned, predicated on the secondary use of the sale of customer's data, period, consumers using PHR systems may have little control over secondary uses, while there may be --
DR. TANG: While there are many legitimate, I mean because we're listing a lot of the legitimate uses.
DR. DEERING: We're moving it from line seven, the phrase that says, we delete the words in addition, capital C and it just gets teed up in there.
DR. COHN: Could I ask a question here about a sentence which I should understand --
MR. ROTHSTEIN: Excuse me, Simon, are we satisfied with that?
MS. GREENBERG: I'd rather it said while there may be, I mean the thing is with electronic health records there definitely are but I don't think, it concerns me that the committee is suggesting that secondary uses of personal health records, I'd just keep it maybe.
DR. COHN: Can I ask a question? It's a sentence here and maybe some of you guys can explain to me exactly what it means, page seven line 46 it says several PHR vendors testified their companies have no access to any patient data. And I'm trying to think what does that --
MR. HOUSTON: Maybe what we really need to say is that they do not have, they do not make use of --
DR. COHN: Make secondary uses --
DR. TANG: To be a little bit more clear, first of all it's not several that made this claim, most people will say they do not sell their data and it does not preclude using the data for their own purposes or the purposes of their affiliate and it does not preclude essentially bartering, in other words with another entity, instead of exchanging money, i.e., selling, they exchange data, because that stuff --
MR. ROTHSTEIN: Are you saying that's common?
DR. TANG: That was the crux of the dot.com era. If you're surprised you will hear people say we do not say your data, if you read your privacy notices from all these banks they do not sell their data, they have lots of subsidiaries that have access to the data and they do have third parties, a marketing that will market their other appliances let's say and they can exchange data which includes capital financing groups on life insurance.
MR. ROTHSTEIN: So in PHRs?
DR. TANG: The statement has only been that they do not sell.
MR. HOUSTON: I think it's fair to say in this sentence that several PHR vendors testified that their companies do not sell patient data and actually --
MS. GREENBERG: They didn't testify that they didn't have access.
MR. HOUSTON: Right --
DR. DEERING: No, I think there was at least one that testified literally it was more like an RLS, like a Record Locator System, that they literally did not maintain, we have the opening sentence here on line 44 and actually the word is on line 45, that warehouse and provide pose unique privacy issues, so this was stuck in to say there were some who said that we don't actually access that data at all, we're just handlers and welters and matchers of --
MR. HOUSTON: Could I suggest that we, Mary Jo, if you could remember who that was maybe we can go look at the transcribed testimony to see if we can see that what was said.
MR. ROTHSTEIN: Well, I'm less concerned about what the one person said that we don't do it then what Paul said about what other people might be doing and I haven't seen that in here at all and that statement is giving me heartburn --
[Multiple speakers.]
DR. COHN: Paul is reflecting on his vast experience being a dot.commer.
MR. HOUSTON: The very next sentence though says the committee is concerned that some business models may involve third party data warehouses that could be predicated on secondary uses including sale of consumer data. That goes straight to what Paul was talking about, all of these different secondary uses, so we do get to that issue right away.
MR. ROTHSTEIN: The word secondary uses sort of flew by me without the sort of color that Paul added to it and I would think the document would be much more strengthened and our recommendations much more likely to be followed if we spelled out some of the things that he said.
MR. HOUSTON: Then we should put in the next sentence --
MS. GREENBERG: I don't think Paul was saying he heard that anyone did that but this was a practice that goes on --
DR. TANG: No, that was common practice in the dot.com era and one of the examples and I won't place the name is that a holder of EHR and PHR information, i.e., patient visits the doc, did have a marketing relationship with an ISP and in the contract the ISP got to have access to personal data unbeknownst to either the doc or the patient, and yet that person did not sell the data.
MR. ROTHSTEIN: Right.
MR. HOUSTON: Can I recommend to rectify this pretty easily I think is on line two, the next page, where it says including sale, in parens, that we expand that and I would maybe call to Paul to put the words in to describe what he --
DR. TANG: People were concerned about is secondary uses of the data where the consumer, and it doesn't just mean sale --
MR. ROTHSTEIN: Could you see in this paragraph --
MR. HOUSTON: Look at line two on page eight.
MR. ROTHSTEIN: Including sale but we include sale, barter, some sort of affiliation --
MR. HOUSTON: To keep us moving I'm just saying that Paul, if you could describe those and give them to Mary Jo in terms of some list.
MS. GREENBERG: Do you want that sentence about several testified they had no access?
DR. TANG: I don't think that's precisely true, in other words it's not numerous, there may be one --
DR. DEERING: Well, I think then it, let's go back here, I think that we do a disservice to have a purely alarmist tone here is all I want to say and I think that we need to be careful not to say that based on what we hear we're scared silly, this is a whole mess out there, these people are egregiously at fault, there are huge, there are practices, there are de facto practices going on that we are so scared we're standing up here and we're waving the red flags, that's not, I don't think that that's an honest contribution either.
DR. COHN: Thank you, because I mean we're really not, you should be appropriately alarmist, maybe we say while several PHR vendors testified their companies have no access to any patient data the committee is concerned that some business models --
MR. ROTHSTEIN: How about if we say at the bottom of seven several PHR vendors testified that they do not sell any patient data and at least one testified that their company had no access.
DR. TANG: But are we worried about the number or are we worried just about making sure that people understand how their data is being used, or on the flip side, recommendation side, that people disclose what they do with it --
DR. COHN: Well, before we move on into all of that in the next couple --
MR. ROTHSTEIN: I was just trying to support Mary Jo's point that we need to sort of set what the industry norm is and the industry norm is not that, necessarily as far as we know, that everything is loosy goosy and that there are several models in which the information is respected, but we are nevertheless concerned that --
DR. DEERING: And I think actually to be more accurate about what we heard over and over again, and again it's all on the fine print of their privacy policies, but I think what we did hear from most vendors of the stand alone PHRs is that their users have total control, their users, they implied it's an opt in to all uses of their data --
MS. GREENBERG: They don't make unauthorized uses.
DR. DEERING: They don't make unauthorized uses, now again, that may pose us greater challenges but I think that that's what most of them said as opposed to sale specifically or anything like that --
MR. HOUSTON: -- authorization it's no longer an authorized use, so they could still be using it for a variety of --
DR. TANG: Correct, so again, they're correct, nothing they do is not voluntarily done by the patient and what you did is you agreed to all the things with the I agree that we don't read, just like all the statements you get from a financial, and I thought one of our purposes again is the awareness thing, that's the education piece, and the balance.
MR. ROTHSTEIN: Okay, so can you tweak that sentence that begins several PHR vendors to make the points that we're talking about because I think sort of on the good side of the practices because we're beefing up now all the bad things that can happen, the bartering, the trading and so forth.
Okay, anybody have any comments on the second half of that paragraph that we split beginning with the word also?
DR. TANG: The only comment I have is in some cases when we refer to address to these services, we really mean, line ten, sorry, address these services, just make sure we're careful to reference these, in this case it's a third party services, so the HIPAA covered entities do have laws and regulations, it's the third party that --
MS. BERNSTEIN: It's PHR services as a whole are not covered, some of them might be covered entities but that address that service in particular.
DR. TANG: So you're saying a covered entity that offers a PHR is not covered? I mean is not --
MS. BERNSTEIN: It might be or might not be.
MR. HOUSTON: What we discussed was you can carve out the covered entity function and make the PHR part of a separate entity which is not considered to cover, so you can do the hybrid entity stuff and end up carving it out I guess is my point.
MR. ROTHSTEIN: How about if we change that sentence to NCVHS is not aware of any privacy laws or regulations that specifically address PHR services? Isn't that what we're trying to say? There are no PHR specific privacy laws?
DR. COHN: That's good.
MS. GREENBERG: I don't know if you're removing anything there or that was an addition but PHR is different then personally, what is it, personal health information, it's different because it's something specific. And I think saying privacy measures similar to those in HIPAA is kind of misleading because HIPAA allows for a lot of disclosures without authorization because of societal needs, etc., treatment and public health and all that, but the personal health record is different, I don't think, I mean that's something that could be owned or controlled completely by the patient, I don't see public health pulling data out of the personal health record necessarily or --
DR. TANG: If the PHR is a view of an EHR then you have more of a problem.
MR. ROTHSTEIN: Marjorie were you on any specific line?
MS. GREENBERG: Yes, where it says NCVHS believes that privacy measures similar, excuse me, 16, similar to those in HIPAA should apply to all PHR systems. I think it's a different animal and I'm not sure that HIPAA is the right model there.
DR. COHN: Well, I think we all need to talk about it because this gets into the recommendations too.
MS. GREENBERG: But you think it is?
MR. ROTHSTEIN: We could just say NCVHS believes that privacy measures should apply to all PHR systems.
MS. GREENBERG: I agree with that but I just think bringing HIPAA in is really a different animal.
MR. ROTHSTEIN: Is that okay?
MS. DOZIER-PEEPLES: Wasn't the point that they're not covered entities? PHRs are not covered entities and therefore it doesn't apply and therefore there are no laws, that's the point.
MR. HOUSTON: But I think Marjorie's point also, if I could speak for you for a second, is that there are a lot of things that HIPAA provides because of the fact, because of the EHR or the patient data that's part of a covered entity, but as a patient providing data him or herself to a PHR a lot of those permitted uses that don't require an authorization frankly may not apply. So if we apply the HIPAA rule it might provide data use that was really not, that a patient would not intend.
MR. ROTHSTEIN: So are we in agreement, line 16, NCVHS believes that privacy measures should apply to all PHR systems whether or not they are covered entities.
DR. DEERING: Strike similar to those in HIPAA.
MR. ROTHSTEIN: Correct. Okay, anything else in that paragraph?
DR. HARDING: Isn't one of the recommendations that anything that touches PHI should be covered?
MR. ROTHSTEIN: Well, we are coming down to that.
DR. HARDING: It's kind of the same --
DR. TANG: In some sense we do have two big concepts, one is non-covered entities, third parties who operate stand alones, and the other is what Richard is talked about and I think we sort of mushed them a little together and maybe this paragraph should be more reserved for the notion that there are, that when you have a PHR that's maintained by third party that's the concept in this paragraph.
MR. ROTHSTEIN: I understand what you're saying, I think there are three parties that you're concerned about, there are three parties you're concerned about there, HIPAA covered entities that have PHRs, there are non-covered entities that have PHRs, and then there are secondary users who may get access to the PHR information from either source that are not covered entities because they're marketers or other vendors, so there are these three categories.
MS. BERNSTEIN: In the third category there are sort of two sub-categories, if they have a relationship with a HIPAA covered entity they might be a business associate and if they have a relationship with a non-covered entity they're just out there floating around, they're also non-covered entities and nothing applies to them.
DR. TANG: I like what Mark said and I wonder if that's what we do with this whole top half of page eight, reconfigure it, and I'm also willing to work on it, to distinguish those three and then what are the privacy implications of those and then go into recommendations.
MS. BERNSTEIN: When you use the term third party I didn't know which of any of those you were referring to so I just want to be more precise in our terminology so that we all are on the same page, that's all.
DR. TANG: There's two kinds of people who store, maintain, and all have access to PHI, people who are strictly covered entities and people who are not. There also is another group that can make use of information and as Mark said glean from one of these two other sources and we need to sort of address all three of those parts. Does that make sense?
MS. BERNSTEIN: Yeah, I just --
MR. ROTHSTEIN: And what do you think needs to be done to that paragraph to make that, and everyone thinks it's not clear now? That we want to --
DR. TANG: I think we have to go and actually divide them into those three groups you said and that actually may help some of the rest of our --
MR. ROTHSTEIN: Mary Jo are you --
DR. DEERING: I'm happy for Paul to try and take a first stab at it like he promised, to divide the world into three, with the privacy implications, if you can type out a few sentences, I mean I can certainly, I don't mind giving it a try. And for no particular reason except just as a matter of process I want to be sure that, if my literary history is correct and the phrase a Manichean view of the world which is black and white, you've got covered entity or not covered entity and I was absolutely sure that that is the starting block for a useful discussion here even by the time we've added the third. So those three, starting from, first of all you've got HIPAA/non-HIPAA, and then moving on from there doesn't inadvertently get you down a path that's less helpful.
DR. TANG: It's not HIPAA/non-HIPAA, it's covered entity/non-covered entity, so if this associate is a non-covered entity, so that's how I made that black and white because that's one of the biggest --
MR. ROTHSTEIN: Yeah but in theory HIPAA still applies to the business associate.
DR. TANG: But it's just so --
DR. COHN: But I don't think we want to get into that level --
MS. BERNSTEIN: I wasn't trying to say that we should make those distinctions clear in this letter, I just wanted to make those distinctions clear in our policy discussions so I understood what you guys were trying to get at as we try to craft the language. I'm not sure that we should necessarily divide the world out that way, it presumes HIPAA is the be all end all and we're always going to have to live with it, I mean this committee, the subcommittee is free to propose any scheme that it thinks is worthwhile in the world including things that are not currently inconsistent with HIPAA if it thinks that HIPAA is not the right way to go. You're free to do that, you're not confined in your developing policy by what exists in the rule, it's a first shot by the department as to what the rule is and we've only had two years of experience with it and probably there are problems, we didn't get it perfect and we'll have to change, and I think the expertise of this subcommittee can be applied to that and you should feel free to say how the world should be and not confine yourselves to how the world happens to be at the moment.
DR. TANG: That's an interesting though and one of the things we could do is take it, Greely, the circle of care business, the whole provider, I'm doing this for your care and all others --
DR. COHN: Let's not get too exotic here, I mean we're a little late in the process here to start making --
DR. DEERING: The only other thing that I was thinking that we could, I appreciate very much Maya's statement and I'm wondering if you could have almost a short stand alone paragraph that perhaps says the limitations of HIPAA here and the fact that HIPAA may not in fact be the appropriate framework within which these decisions need to be made, without necessarily saying that it is or is not, but to just observe that we are --
MS. GREENBERG: Kind of apples and oranges, and it really isn't true to say that if these groups have contractual ties with a HIPAA covered entity, it's untrue to say NCVHS is not aware of any privacy laws or regulations that address this --
MR. ROTHSTEIN: We changed that to NCVHS is not aware of any privacy laws or regulations that specifically address PHR services.
MS. GREENBERG: Oh, okay, fine, but I'm sort of with Mary Jo, that I'm not sure HIPAA is the right, HIPAA privacy is the right model.
MR. REYNOLDS: HIPAA started based on some administrative transactions that were a clear structured set of transactions mainly between providers, payers, and others. NHIN, PHR, EMR, any of this stuff doesn't start in the same place, doesn't really deal with --
MS. DOZIER-PEEPLES: This can still apply to a lot of that.
MR. REYNOLDS: It can but not, a covered entity as we've seen in e-prescribing and everybody has seen, covered entity blows up immediately, instantly, in any discussion that you have whether it's a PHR or whether it's e-prescribing or it goes through six switches and none of them are mentioned anywhere, so I think that's a key issue.
MR. ROTHSTEIN: Harry, how about if we add between the break that John suggested before the also new paragraph, maybe we can add a sentence or two that says basically HIPAA was not designed to address issues such as PHR although in the absence of any other legislation its provisions would apply to covered entity, HIPAA covered entities engaged in PHR services. And then we can discuss as to those, blah, blah, blah --
MR. HOUSTON: My concern is that the covered entity could again create itself as a hybrid and carve out those functions.
MS. BERNSTEIN: But that piece wouldn't be a covered entity unless they do that. Presumably every business would do that --
DR. COHN: I think if you're talking about covered entity, a covered entity by definition is covered, that's why it says covered, and so you can be a hybrid and if there's a part that is not a covered entity, so if you're a HIPAA covered entity by definition you're covered.
MS. BERNSTEIN: If we just said that, the beginning part that Mark said, that HIPAA was not designed to address issues such as a PHR and therefore --
MR. ROTHSTEIN: It may not be the proper regulatory framework.
MS. BERNSTEIN: Right, some privacy scheme should be, we should consider some other, some privacy scheme to cover them, whether it's different then HIPAA or the same, but it's sort of like we punted over here earlier where it sort of says that privacy rules should apply, we just sort of --
MR. ROTHSTEIN: We could finesse the issue without sort of bad mouthing HIPAA by saying that HIPAA was not designed to cover PHRs and therefore a more comprehensive system needs to be developed to regulate PHRs.
MS. BERNSTEIN: I would just say then more comprehensive another scheme, whether it's more comprehensive or less comprehensive or --
MR. ROTHSTEIN: Because we haven't made out the case that not everybody is covered by HIPAA.
MS. DOZIER-PEEPLES: I'm not sure we can actually say that it wasn't designed to address PHR when we had the unimplemented portions of HIPAA concerning individual patient identifiers and that whole concept in the original statute that was designed to allow this electronic transmission of health information with the individual patient identifier which hasn't been implemented so I'm not sure we can actually say that wasn't contemplated.
MS. BERNSTEIN: But for EHRs, not for PHRs.
MS. GREENBERG: Well, is it the case though that if a covered entity is also operating a PHR, the PHR by definition has personally identifiable information, so then I would say HIPAA does apply.
MR. ROTHSTEIN: Yeah, but it still may not be good enough from what we've sort of, Harry was waiting --
MS. GREENBERG: You're not using that data to collect, conduct transactions, so you're saying HIPAA doesn't apply.
PARTICIPANT: That's correct.
MR. REYNOLDS: At some point, I guess Simon this is to you as the chair of the full committee, at some point we keep tripping over this non-covered entities in lots of places, we did it in Standards and Security, we're doing it in Privacy, and now we're reading an NHII letter that's doing the same thing. And I think at some point we need to put something in somewhere that says the idea of business associates was a good idea however as you get more and more chains of events and more and more new players in this business as things like PHRs and other things arise, it doesn't look like the breadth of that is appropriate, or everything gets covered up under some segment of this thing and we keep tripping, I'll even say it this way, we keep tripping over it and e-prescribing you remember, we really had a lot of discussions about it because you got it being passed off and people switching, translating the data and doing everything else and we really didn't feel comfortable with what we had a hold of. So I think at some point maybe, as a group of subcommittees we're running into the same issue and I don't know whether that's a, it goes in just this one, it's not just a privacy matter, I think it's a matter in everything we're doing.
DR. COHN: I think you bring up a good point which is the issue of trying to cover PHI by entity versus PHI because it's PHI, different nations have different approaches. Now that all well said and good I would open it up that that's, I would ask the Privacy Subcommittee to consider whether it wants to get into that in a separate communication to I think begin to get into that, hold hearings and come to some resolution.
Now I'm obviously concerned that we're losing bounds here in terms of some of our conversation in all of this stuff, this is a first letter, I feel sort of strongly that we don't start going, brainstorming great solutions, as we sort of go along that have nothing to do with testimony, nothing to do with anything that we have sort of vetted in public or otherwise. And obviously at the same time I would like to be able to come up with a letter in September. So I'm sort of saying, the house is blue today and we'll change it to pink tomorrow.
Now I guess from my own view and I guess the problem that I thought we were talking about here, and maybe I'm wrong about this one and I would I guess ask people like John Paul and others is that we have covered entities that are covered by HIPAA, now it may not be perfect but we darn well know what they're covered by, and it may not be all that bad, I mean it may be like a half size off but it isn't like I'm wearing a flat and a high heel on the other shoe. But we have other entities that there's no coverage whatsoever, there's no law, there's no whatever and so we're sitting here chewing about well is HIPAA perfect or is it only 89.5 percent perfect or whatever, where what we've got is like sort of a zero on the other side, or maybe it's the FTC coverage or whatever. And I think that that was the problem that we were trying to focus on here as opposed to trying to make everything perfect. So I just want to frame that.
MR. ROTHSTEIN: Well, let me extend on your remarks, Simon, if I may and that is as a matter of courtesy the NHII Working Group and the Executive Committee asked the Subcommittee on Privacy and Confidentiality to take a look at this draft, which has been through innumerable revisions and iterations, to comment specifically on whether we have any problems, concerns, suggestions, on the privacy issues of this letter. So I would suggest that the big picture kinds of things that we are kind of getting bogged down in are perhaps not appropriate for our discussion given the fact that this will be taken up again by the full committee in a few weeks and that we've got our own agenda, we just need to be I think comfortable that the privacy issues are addressed to our acceptance level. We don't have to be happy about it, we didn't draft this as a subcommittee --
DR. COHN: I'd like you to be happy about it --
MR. HOUSTON: It seems disingenuous that we have this NHIN Working Group which has a bunch of people on the Privacy Committee drafting a letter that then the Privacy Committee as you sort of indicated isn't necessarily happy with. We've have too much overlap here at the end of the day be somewhat at odds --
MR. ROTHSTEIN: Well, maybe happy is the wrong word, I mean acceptance on this, and I think most people around the table are, it's just that if we, I don't think we're doing a service to the full committee by reinventing the wheel at this stage and in this form, that's all I'm saying.
MR. HOUSTON: But in our last NHII conference call, maybe it was our meeting, I remember I said we needed to give it to this committee because this committee has to be satisfied with the work product or else, we can't push this letter forward unless there is consensus and I think NHII should never talk about privacy unless, in a vacuum of the Privacy Subcommittee and it can't do it, I mean if we're --
MR. ROTHSTEIN: I agree --
MS. BERNSTEIN: This is a letter of the committee, not the subcommittee, so the whole committee has to be satisfied, you're all members of that committee --
MS. GREENBERG: It's better to hash this out here, we don't want to hash it out in September. I really do think that this paragraph is salvageable, I think this paragraph starting with also is salvageable, I think there are a few points you want to make, that HIPAA, exactly how I'm not sure, but there are protections for personal identified information in HIPAA but they only apply to covered entities. There are vendors, PHR, I think PHR vendors are not covered entities, so those protections don't apply at all. Those are factual statements I think because I do think if you are a covered entity some of HIPAA would apply, I'm not exactly sure if it's quite the right fit for PHRs but I think it's actually wrong to say that it wouldn't apply at all because I think they do. And then you can say consumers and these other groups don't necessarily provide notice of their policies and procedures, or they're necessarily required to provide this information and that the national committee believes that it's absolutely vital for PHR system vendors to provide clearly stated easily understood up front notices to consumers of their privacy policies and practices and to me that's what you're trying to say.
MR. HOUSTON: I think it's there, the first sentence on there that differentiated between covered and non-covered entities, I agree.
MR. ROTHSTEIN: I think that's fine, I just would make some revisions to the consequently sentence --
MS. GREENBERG: I didn't mention the consequently.
MR. ROTHSTEIN: Yeah, I don't like the consequently.
MS. GREENBERG: I don't either.
MR. ROTHSTEIN: So if we take the consequently sentence out my concerns disappear.
MS. GREENBERG: And then everyone basically agrees with what, I mean on that --
DR. DEERING: I think I've got it so let me give it a try.
MR. REYNOLDS: I think that helps, I think it helps the Standards and Security Subcommittee because that's been an issue for us in e-prescribing, so as a member of the full committee I could also be comfortable because we're running into the same problem and I think one other thing, I think your words are good, HIPAA did not assume that consumers would contract directly in many cases with people that were non-covered entities, HIPAA did not take that into consideration and that's what PHR starts to get into.
MS. GREENBERG: You don't have to mention that.
MR. REYNOLDS: No, but I'm saying, that's why this is such an issue for us, so that's great, I thank you.
MR. ROTHSTEIN: So anything before we get to the recommendations?
MS. BERNSTEIN: The last sentence is now reading like a recommendation itself, maybe it's the specifics are in the recommendations.
MR. ROTHSTEIN: Okay, recommendation three, comments.
[Multiple speakers.]
DR. COHN: I'm going to ask Mark to help us in terms of reviewing that.
DR. DEERING: I will do that whole new bifurcated paragraph and I almost thought of bifurcating it in three.
MR. ROTHSTEIN: Recommendation three, comments?
DR. HARDING: In the final sentence do we want to tell the public that there are "25 undesirable secondary uses"? Do we want to include the desirable and undesirable in a statement to the public or do we want to do something to get rid of the undesirable?
DR. TANG: How about desirable and unanticipated?
MR. ROTHSTEIN: Desirable and unanticipated.
DR. TANG: Richard's comment whether we actually want to use the word undesirable and I saw the same thing and so I was trying to substitute unanticipated. Does that help?
MR. ROTHSTEIN: So your suggestion would be to make it including the potential for desirable and unanticipated secondary uses. How about if we just made it including the potential for unanticipated without desirable and undesirable?
[Multiple speakers.]
MS. DOZIER-PEEPLES: Not even potential but all secondary uses --
MS. GREENBERG: Some people may think because it's a personal health record there are no secondary uses and disclosures.
MR. ROTHSTEIN: Including secondary uses and disclosures, all secondary uses and disclosures.
MS. GREENBERG: Well, you don't need the word all, including the potential for secondary uses and disclosures.
MS. BERNSTEIN: You may end up with internal business, secondary uses, you don't want to cover that necessarily --
MR. ROTHSTEIN: So want do you want to make it? Including the potential for unanticipated? Secondary uses, okay, good. Anything else in three? Four? Okay, recommendation four.
MS. DOZIER-PEEPLES: I think one four developing resources should say authoritative resource because when HIPAA came out there were all kinds of resources and some were better then others --
MR. HOUSTON: But HHS, when we recommended HHS develop resources I think there's some --
MS. DOZIER-PEEPLES: A premise that it will be all authoritative, okay.
MR. ROTHSTEIN: Anything else on four? Okay, five.
DR. COHN: I think five looks good.
MR. ROTHSTEIN: Is everyone okay with five? Do we need to say subject individual? How about the individual? The last line.
MS. BERNSTEIN: 38 and 39? If you say that all secondary uses and disclosures can't happen without the consent of the subject individual you've got the examples that are evident from the model we have from HIPAA that there are lots, it's sort of a non-starter because there are lots of legitimate uses that should be made without that consent.
MR. ROTHSTEIN: Of PHRs?
MS. BERNSTEIN: Maybe, maybe, talk to your local law enforcement guys --
MR. ROTHSTEIN: Well why wouldn't they want the EHR?
MS. BERNSTEIN: They might or might not be able to get it as easily as PHR.
DR. COHN: Maya, what are you suggesting here? Is there something, accept as expressly permitted by law, is that what you want to say here?
MS. BERNSTEIN: No, because right now everything is permitted by law. This is the problem --
DR. COHN: As expressly required by law. No?
MS. BERNSTEIN: Nothing applies to this --
DR. COHN: Well Maya, it doesn't sound like you have a suggestion here. You have a complaint but not a suggestion.
MS. BERNSTEIN: Well but my complaint is that that if you try to say anything about this without actually exploring the problem further you're going to get into problems no matter what you say. And I just want people to understand that what you're recommending is sort of, either you adopt HIPAA or you adopt this or you adopt required or you adopt permitted but none of them are good choices. And I want you to understand what it is you're saying when you adopt any one of those because it's very complex, there's a lot of nuances to it and you're trying to sort of --
MR. ROTHSTEIN: Okay, the saving grace of recommendation five is that it only applies to pilot projects and it's not a statement of the way the law ought to be forever and ever. So it could be, I mean we could make and do, have this broad statement that for the pilot projects if they're dealing with a vendor that's not a covered entity, I mean we take a very strong position that there should not be any secondary uses without express consent. Is that okay?
MS. BERNSTEIN: If you intend for it to be limited that way --
MR. ROTHSTEIN: I think that's --
DR. COHN: That puts five here so we can talk about six as a separate item. Are we okay for pilots?
MR. ROTHSTEIN: And can we take out the word subject, that makes me happy --
MS. DOZIER-PEEPLES: It has issues with like law enforcement issues that Maya raised, who is the individual and the personal representative of the individual and what about abandoned DNA on other individuals --
MR. ROTHSTEIN: For PHR?
MS. BERNSTEIN: Whoever is the legal, I put the word subject in there so my point is that if the individual was just a reference that didn't refer to anything specifically and I want it to be clear that it's the record, the person whose record it is is the one who gets to make the decision and presumably any legal representative of that person is also included, I just presumed that. If you have next of, next of kin is the wrong word but your legal representative whoever that is.
DR. DEERING: I think that's presumed though when you say the consent of the individual given all that we've talked about in the prior sentences.
MS. GREENBERG: It might be if there were really a regulation --
MR. ROTHSTEIN: It would say an individual or someone legally authorized to give consent on behalf of the individual or whatever. Number six.
DR. TANG: On line 44 the sentence that begins with, these privacy policies, just that introductory phrase could be eliminated and start with that in on line 45, so in those situations where HIPAA does not apply etc. But we may want to look at this whole HIPAA thing in light of our earlier conversation.
MR. ROTHSTEIN: So Paul suggests striking out the end of line 44 starting with the word these and capitalizing in on line 45.
DR. TANG: And the other thing is in those situations. And that's probably all editorial.
MR. ROTHSTEIN: All right, let me read that, I might have a concern there.
DR. DEERING: So in both recommendations we would substitute the word situations for instances.
MR. HOUSTON: I don't think it needs to be in there because this recommendations talks all about privacy, about the adoption of privacy policies --
MR. ROTHSTEIN: Now this raises Maya's concern, okay.
MS. BERNSTEIN: I already said it, you know what I think.
MR. ROTHSTEIN: Well, I don't know what you, I've saved us in five, now you save us in six.
MS. BERNSTEIN: My point was I can't save you on this and that there are four, and Simon is going to have my head if I say it again but if you're talking about any out there private sector vendor currently an unregulated entity with respect to this product or service that they're doing, no secondary use of information without expressed consent is extremely burdensome on that business, right, expressed consent also is, I don't know if you mean written, oral, does there have to be a record, how do they prove legally, you mean implied consent?
MR. ROTHSTEIN: No, we mean consent, so I would strike the word expressed.
MS. BERNSTEIN: But you don't know whether you mean implied or explicit yet, that's okay because it leaves it open.
DR. COHN: Does that help a little bit?
MS. BERNSTEIN: A little but that solves that little problem but it's very burdensome, there are probably lots of times where we could think of where somebody might want to get access to that record legitimately --
MR. ROTHSTEIN: Without consent?
MS. BERNSTEIN: Without consent.
MR. HOUSTON: We're talking about a PHR which I think, where there's a much greater expectation of privacy with regards to it, I believe that the expectation of the consumer is, and that's part of the problem here is that there is a miss set expectation that there's additional privacy associated with the PHR --
MR. ROTHSTEIN: This is something voluntarily, they don't have to do it, they want to do it --
MR. HOUSTON: Exactly, and these are the things we are by the way going to use your record for, you can say yes or no I agree or maybe check off you do or don't agree with them, it ain't going to get used for it.
MS. BERNSTEIN: I would make the exact opposite presumption, where I have a record that's being used for my medical care that has clear physical, mental, and other kinds of implications for me, that I have more expectation of privacy in that record then I do in some private sector thing that I can contract with them and I can theoretically negotiate with them about any rules that I want --
MR. HOUSTON: I disagree --
DR. DEERING: -- you can negotiate --
MS. BERNSTEIN: Yes, but in fact what, you can't negotiate, I mean in fact the consumer has no standing, nothing to trade theoretically, they can withhold their business or not --
MR. HOUSTON: They can withhold their use of it, if enough consumers say you know something, I am offended by their secondary uses, that enough consumers decide not to use it, then it fails.
MS. BERNSTEIN: I completely agree with that but what you're also saying is that there's no expectation, the expectation is that you will barter or you will negotiate over it, you will negotiate. So there's no expectation, the expectation is whatever you can put in your contract and whatever you can negotiate you can get.
MR. HOUSTON: I disagree.
MR. ROTHSTEIN: I have a possible saving solution for number six. Number six if you read it, this is a recommendation to private sector vendors that does not have the force of law or anything else --
MS. GREENBERG: Well, none of your recommendations do I'm sorry.
MR. ROTHSTEIN: Well, I mean but the Secretary does, yeah, well --
MS. BERNSTEIN: Assuming adopted still doesn't put the force --
MR. ROTHSTEIN: So this is what we are sort of suggesting to the private sector, they can take it or leave it, but our view is that to protect privacy and confidentiality there should not be secondary use without consent.
MS. BERNSTEIN: Could I just briefly, what this used to say, there's four sort of choices that we had for what this said at one time or another. One is that uses should be whatever is permitted by law, that's a non-starter because everything is permitted by law at the moment, that's the problem. Whatever is required by law, nothing is particularly required by law, it's almost the same because they're just not contemplated by law at the moment. We should do whatever is in HIPAA, which imposes a very complex scheme on these things which are currently not covered by that scheme. Or this, which is everything should be by consent. And those are the four choices that we've talked about --
MR. ROTHSTEIN: And you think there should be like a fifth choice --
MS. BERNSTEIN: None of which are very satisfactory, that's all I'm saying.
MS. GREENBERG: But consent can be two things and I'm not sure what you mean here, it could mean that you've consented to a range of uses and then anything outside of that would need separate consent, or are you saying that every single use needs individual consent, because that's what so impractical. I mean you could say, you could agree to, I'm going to record all my blood sugars in here and my blood pressures and all of that and all of that kind of information you can send that to my physician, you've agreed to that but you don't have to consent on sending each time you send a blood sugar or a blood pressure. But then if they have some other use that isn't included in what you've agreed to then you need a separate consent and I don't see why that's so burdensome to these people because they shouldn't be making other uses anyway without your consent.
MS. BERNSTEIN: But you're talking about businesses which have as we discussed before as their model, they're going into this business because they think they can make money with the data.
MR. ROTHSTEIN: Well they need to go out of business.
MS. BERNSTEIN: That's not an acceptable answer to us.
MR. HOUSTON: Well, when I go to look, let's just say I have diabetes and let's just say there are five diabetes websites out there that will give me a PHR provided by a third party. I can go down and if there are clear plain language notices of what the secondary uses are going to use my data for and some maybe have very little secondary uses, some have many, I can read through them and say you know something this is a nice site but it requires me to allow them to give data to such and such, or use it for such, I don't like that. I'm not going to subscribe to this site, I'm going to go look at this site. And I look at that site, I finally find a site that has the functionality that I want and has terms that are acceptable to me. I may find that none of them have acceptable terms to me or I may find two or three, but the point being is if I don't find any with acceptable terms I may say you know something the privacy of my information is of such importance to me that I don't believe that I want to participate in such a site. And that is then my ultimate decision and if enough people in my position say I don't want to participate in this site it is not going to be commercially viable and either they're going to change their model of their consents and things like that and their secondary uses, or they're going to go out of business.
MR. ROTHSTEIN: Right, they're going to charge people ten bucks a month to subscribe to the site instead of making it free and figuring they can sell this stuff for $120 bucks a year. Harry?
MR. REYNOLDS: One's a type of question, does vendors, is that broad enough? Most people read vendors to be the people that created a system, or sold it to someone --
DR. COHN: Maybe it's just PHR systems should voluntarily adopt --
MR. REYNOLDS: We have people that create things and we tend to call them vendors and then we have people that package them and sell them as something else, we don't tend to call, I'll let somebody else figure it, back to the earlier comment, we are saying that these people should be held to a higher standard then covered entities, I don't agree, I think that they should fit into what covered entities do and covered entities have the right to do different things but they got to do an authorized disclosure and they've got to do other things --
MR. HOUSTON: I disagree.
MR. REYNOLDS: No, that's fine.
MR. HOUSTON: Well, let me tell you why. A covered entity has certain rights to use data for health care operations and the like without patient authorization and I think --
MR. ROTHSTEIN: If they want to set up a separate PHR they shouldn't be, they can use the EHR stuff but why should they be able to use the PHR stuff?
MR. HOUSTON: But going to Harry's point, that's my point, I agree with you, but Harry's point was is that the PHR should simply be governed by HIPAA and I say no that's not good enough and I think that's what you were saying earlier which is hey, yes, data in EHRs is considered confidential and I have privacy rights, but when I start to add my own personal information to it it actually goes up a couple notches in terms of my expectation of privacy, my privacy actually goes up as soon as I put information into a PHR.
MR. ROTHSTEIN: I would say in regards to Harry's comment what would make me happy is the sentence that begins currently on page 44 that Paul altered, line 44, I would say regardless of whether the PHR sponsor is a covered entity under HIPAA there should be no secondary use of the information without consent of the individual.
MR. HOUSTON: Right.
DR. COHN: Hang on for a second. If we knew what a PHR was we might be able to say that, but the first part of the thing says there's a wide variety, a lot of it looks just like an EHR, we don't know the exactly line back and forth, I mean if we knew and could say exactly what it was I'm not sure I would argue with you but that's not where the rest of the stuff is going. What I think we need to say somehow is that the privacy policies either need to be like what we're describing here which is more exhaustive then HIPAA or at least as strong, and I don't know, the term strong is obviously a different term then exactly the same or equivalent, because we don't want things to be any weaker then HIPAA --
MR. HOUSTON: My concern is that what is considered acceptable under treatment, payment or health care operations or health care operations specifically I would consider in some cases to be a secondary use for PHR --
MS. GREENBERG: Because the principle use is for the patient.
DR. DEERING: Could we do without all reference to HIPAA and put back in the phrase that Paul took out and just say these privacy policies, now this is going to set the higher bar but this is what John is saying, and what I thought we were basically saying is that we didn't want to insist that HIPAA was necessarily your starter block. So if we just took out the middle part of the phrase then it would read these privacy policies and practices should include the provision that there is no secondary use of data without --
DR. COHN: Well, but we don't know, I mean now we're talking about people that may be covered entities or not and since we don't know what this is what are you telling them to do? This is one of those things where we were making a differentiation here by saying --
MS. GREENBERG: Are private sector vendors covered entities? Could there be private sector vendors that were covered entities? I guess if they were a clearinghouse --
DR. COHN: Are we saying here private sector vendors of PHR systems who are not covered entities should voluntarily, is that what we're really saying here? Well in that case why don't we say at the beginning private sector vendors who are not covered entities should da, da, da, da --
MS. GREENBERG: Yeah, I think those are the people you're talking about.
DR. COHN: If we say that then we're fine, I mean I'm just sort of a little concerned here since we don't know exactly what this thing is --
MR. ROTHSTEIN: Okay, we agree on the end product, the end result, right, they should be treated the same, but your hang up is on the beginning because you say we don't know exactly what a PHR is. Is there any way that we can tailor the language of that, the beginning of it, depending on the nature or PHRs in a certain form or whatever, to satisfy your concern about the varied forms of PHRs and then get everyone to sort of agree to end of that tacked onto it?
DR. COHN: Well, we could say something where we say PHR systems, owners, hosters, whatever, who are not covered entities should voluntarily adopt --
MR. ROTHSTEIN: But we want, we've also I think agreed that the same higher standard should apply to covered entities as well.
MS. GREENBERG: Not necessarily because there is a model that isn't the kind of PHR that John and I used to think PHR was which was just really, it's the patients thing, I mean we own it, we control it, we can do whatever we want with it. There is this other model that is called a PHR which is more a kind of partnership it sounds like between like the provider and the patient.
MR. HOUSTON: Even at that that's why there should be privacy policies that describe how would information be used and absent the patient's agreement as to those policies, if the patient says no, either they can opt out or maybe the policy will allow you to selectively decide how your information can be used --
DR. COHN: John Paul let me just ask, I mean you have system and you create a patient portal and you have communications where the patient is sending emails to their doctor. Now is that a PHR and that therefore you can't disclose is to the doctor under these roles?
MR. HOUSTON: I would actually consider that --
DR. COHN: That's what I'm sort of saying, where you're saying there that's not a PHR.
MR. HOUSTON: That is absolutely not a PHR.
DR. COHN: Well, that's interesting because we say that those sorts of functionalities could very well be PHR functionalities.
MR. ROTHSTEIN: Do we define those in this document, can a PHR stand alone --
DR. COHN: We talk about dimensions of functionality and function, we don't say a single thing --
DR. TANG: I think we included that as a PHR.
DR. DEERING: Is the statement from Simon, and I want to put it very bluntly, from the provider's perspective, because Kaiser and Paul both offer views into their EHR --
DR. COHN: So does John Paul.
DR. DEERING: And so does John Paul, okay. But I'm hearing that Simon believes that those, because here's what it boils down to, Kaiser should not have to offer a higher level of privacy protections for the information that is generated from this view then it offers within its EHR, that you believe that Kaiser should just adhere to one standard and that's HIPAA for all, for everything that it does with its View, like Maya you've Epic, I think they call it My Chart or something like that. So everything that's in My Chart you believe should only be subject to HIPAA.
DR. COHN: Well, the truth is I don't know, but since I don't know what is and what isn't a PHR --
DR. DEERING: I'm not asking about your right now --
DR. COHN: No, what I'm saying is I don't know only because I don't know what, I mean with lack of knowing what is not an EHR and already covered by HIPAA in this space it makes it an impossible conversation, a question to answer.
DR. DEERING: I guess I don't understand that because I was asking specifically about My Chart, you have right now, would you be comfortable or not saying that that, Mary Jo Deering's Kaiser Permanente My Chart View should have protections that are only those of HIPAA or that it should have an additional level of protections.
DR. TANG: Listening to the discussion I'm getting more and more swayed by Maya's suggestion that we actually not be only tethered to HIPAA and that we just talk about privacy practices surrounding PHR information, and we can refer to HIPAA and mention that the information in PHRs protected by HIPAA and sort of just talk about the myths associated with that with regard to covered entity and not covered entity but actually are the thrust of our major recommendations don't get tethered to HIPAA because I think --
MR. ROTHSTEIN: Okay, but the question that we seem to be hung up on, Paul, is whether people are uncomfortable with saying that for all PHRs there should be no secondary use without consent. And I think that levels the playing field but the concern that Marjorie and Simon raised is that that sweeps too broadly because there are these PHRs that I don't exactly understand that shouldn't be subject to that because they're really closer to EHRs or something.
MR. HOUSTON: Let me say this, I think again, these aren't done in a vacuum, when I enroll to a tethered PHR for lack of a better term it says that this will be used for communications with my physician or other caregivers, that this information will be included in my electronic health record and as such will be subject to the provisions of HIPAA including the permitted uses thereof which may include --
MR. ROTHSTEIN: Then under that arrangement that would satisfy recommendation six.
MR. HOUSTON: And that's what I've been saying all along, that yes --
DR. TANG: And I would agree, in other words I don't feel that you're making it onerous on us, so we still, we the provider still have access to the things that are in our electronic health record on that patient and can do the things that are reasonable in care and that are specified in HIPAA. Let me give you an example of something that we do not have ownership over, so there is a section of our PHR, John's and Kaiser's, where the patient has entered in a private space that only the patient has access to. Now that's hands off to the provider and all the things that a provider is allowed to do under HIPAA. In theory we could get access to it because we still have access to it in the database but that's the distinction we would make between what is submitted with the understanding that it's private and personal and updated by them versus what is in our electronic health record system for which we have purposes that are led by HIPAA.
MR. ROTHSTEIN: So let me go back to my original suggestion and we can think about this again. I originally proposed saying something like regardless of whether they are considered covered entities under HIPAA PHR systems should not permit any secondary uses of information without the consent of the individual.
DR. COHN: Let's try that on and see how it plays.
DR. DEERING: Just once more with feeling --
MR. ROTHSTEIN: Regardless of whether they are covered entities under HIPAA PHR systems should not permit any secondary use of patient/consumer PHR information without the consent of the individual.
DR. TANG: That is maintaining this whole anchor to HIPAA though and do we want --
MR. ROTHSTEIN: Well, the only reason I'm saying that is because people are confused and we could take out the regardless language but I think it might be less clear if we do that.
DR. TANG: That's why I would suggest if we do go the route of just talking about PHRs policy we would have a separate section that describes how this relates to HIPAA and try to be clear about it in that section.
MR. ROTHSTEIN: Right. Mary Jo is trying on a revision of the split off also paragraph to try to make more clear the HIPAA versus non-HIPAA along the lines of Marjorie's suggestion. Harry?
MR. REYNOLDS: I have not seen a PHR yet that does not include claims data or doctor visits or lab results or other things that most covered entities have, will use, and have to use in treatment, payment, and health care operations, whether it be Kaiser or any of the people that have spoken so far, forget payers for a minute --
MS. GREENBERG: But they didn't get it from the PHR.
MR. REYNOLDS: No, but we're not making a distinction here. PHR is made up of personal things that the person puts in and stuff that is usually downloaded or gathered from the EHR. But now we are saying, we are making it all the PHR and saying that whether it's Simon or Paul or John's hospital now cannot use, how do you differentiate what's part of the EHR and what's PHR if part of the EHR is in the PHR?
MR. ROTHSTEIN: The same material, I understand what you're saying, it's the same information but they are getting it from a different source, right?
MR. REYNOLDS: Absolutely not.
MS. GREENBERG: Maybe it isn't pushed from the record, they're just getting that view into the record --
MR. REYNOLDS: Here's how a lot of PHRs get handled, you let somebody sign onto your website, you let them put in stuff they would want to put it, so you mentioned a protected area, and then you may get an icon like let's say we put one up and it said list my last ten doctor visits that you have from your claims or list the lab results or list these results, those are coming straight from databases that are used by covered entities --
MR. HOUSTON: That's a tethered database.
MR. REYNOLDS: Well fine, but the point is if we just say PHR you just took all that stuff that was already usable and you just nuked it.
MR. ROTHSTEIN: I have a suggestion, Harry, how about if we add, Harry, how about if we added a last sentence, now keep in mind this is a recommendation to PHR systems, so could we add a last sentence to that recommendation six that says this recommendation is not intended to prohibit and then the uses that you're describing, would that make you satisfied?
MR. HOUSTON: Getting back to my point before which is as long as the patient understands those linkages that exist over to the claims system or an EHR and it's described very clearly in the notices that are provided to the patient when they enroll, I don't understand what --
MR. ROTHSTEIN: Because that's not good enough, we say they have to consent and they don't have to consent when they get an NPP from a covered entity.
MR. HOUSTON: But we're not talking about the Notice of Privacy Practice in a covered entity, I'm talking about as a patient/consumer, or a patient, to decide that I want to avail myself of Harry's PHR, there's a separate acceptance that you have to agree online or otherwise that yes, I agree to the terms, which would describe exactly what the linkages are to those other systems. But see again, that assumes that it's tethered to another system, there are PHRs out there that are tethered to nothing.
MR. REYNOLDS: But I think Simon said it very succinctly, PHR is not a term of art yet, it is not defined, you can't find a definition of it anywhere and you can't really --
MS. GREENBERG: You can find definitions but they don't necessarily sort of apply to all of the products.
MR. ROTHSTEIN: Harry, isn't it a fact and maybe people can correct me if I'm wrong, isn't it a fact that you cannot have a PHR of any color or stripe that the individual does not agree to be a participant in?
MR. HOUSTON: Yes.
MR. ROTHSTEIN: So regardless of the shape of the PHR, whether it's a look in, a tethered, untethered, they're going to have to agree to sign on to that. And at that point they're going to have to consent to the arrangements, right?
MS. GREENBERG: I think your suggestion was a good one, that you could have what we've talked about and then a last sentence that says this is not intended to apply to information from the provider's system that's already covered by HIPAA or something like that.
MR. HOUSTON: But see I would disagree, I would think, going back to what Mark just said it's really just simply describe what information is going to be in that PHR as part of this authorization or whatever you do, when you enroll.
MR. ROTHSTEIN: But we might be able to combine those and say this would not prohibit providers blah, blah, blah, blah, blah because when the PHR is set up the individual would already have to have consented.
MR. HOUSTON: Agreed, now let me say this --
MS. GREENBERG: I'm hearing this very interesting model or whatever, that I think I'm hearing from Harry, that it's not, I had had pictured like data from the provider's system, whether it be lab data or whatever in the electronic health record, the transaction information, being kind of push into the PHR. But he's saying that isn't necessarily what might happen, it just might be a feature of the PHR is to have a view into that information and then you could interpret that that information is now part of the PHR and it's not available for these other uses which it should be available for --
MR. REYNOLDS: It has to be.
MS. GREENBERG: You've got to make clear that's not what you're saying.
MR. HOUSTON: But two things here, first of all I think again you would cover that up front when the patient enrolls as to what all the features and functions and things are. But I also think Harry your earlier point though is at the beginning of the document we tried to describe this evolving concept of a PHR and what it may be in terms of all of its permutations and I think that's also part of this. I really think though that what we're trying to recommend here is informed consumer consent about all of this.
MS. GREENBERG: I'm taking a five minute break.
DR. COHN: I need to leave also, I guess we need to see what we have here.
DR. TANG: I have a comment on Harry's dilemma in terms of is the new privacy recommendation that applies to PHR, does that tether the provider with this EHR? And my answer would be no so just because I downloaded stuff from our EHR into your PHR doesn't mean I can't use information solely in my EHR to do PPO. Does that help, Harry?
MR. REYNOLDS: I don't know, I don't think that's what we said, we said no secondary use without approval by the patient and if I was a patient and I saw something in my PHR and I found out you used it for something else then my first question would be wait a minute, I signed up that you couldn't.
MR. HOUSTON: Well, if that was what the terms said, I think this is what this recommendation is all about is giving the person an informed understanding of what the recommendation will or will not be used for so that if in fact there is a linkage to claims data or there is a linkage to an EHR, that it would have to be clear to the patient that hey, if I am including my insulin levels and my blood pressure or whatever the information is, that this information will in fact then be included in my EHR and that will be available and that HIPAA will apply to it both in terms of the potential other uses that HIPAA permits and otherwise. My point is is that you look at specifically, all we're saying in this recommendation is we've got to be clear in terms of the uses of the data and --
MR. REYNOLDS: I agree but it says right now no secondary uses without --
MR. HOUSTON: -- authorization, but when you sign up, let me say when you sign up and you say I accept you're authorizing, if it's some global scheme of use, it's like you're entering your blood pressure and your physician is going to see in, you put in this type of data --
DR. COHN: I think that rather then trying to argue this one I'm hearing that we may have to look at it written down. Luckily the good news is is that we can take this and all talk about it a week from Friday, and we may have one or two versions that we can look at because I think this one should be, we should take a look at this one. I thought Mark may actually have a good idea, John Paul --
MR. ROTHSTEIN: You mean adding another sentence?
DR. COHN: Well, we may need to look at this and see and then see whether we need an additional sentence or not. To me there's what we have originally, there's what we have in this new versions sort of saying that everybody has the standard, of course I'm not sure how the standard is different then really what HIPAA does though maybe I'm confused --
MR. HOUSTON: I think the issue of HIPAA is to the extent that there are other uses under HIPAA and the as required by law, there's other provisions related to --
DR. COHN: Let me just ask here, if basically your consent would have to say anything that you put in here, since we don't know what's PHR versus what is an EHR, would have to be basically open for HIPAA rules because if you receive something and you have this all together you would likely to have to disclose it under HIPAA rules.
MR. HOUSTON: And my point being is is if that is clearly disclosed as part of your enrollment in it I think that's reasonable.
MR. ROTHSTEIN: How should we wrap this up because we're not going to resolve this and then re-do it in three weeks or whenever it is we meet next month?
DR. DEERING: I don't feel I have enough to craft a recommendation on this, I've heard too many different things.
MR. ROTHSTEIN: Can we agree that we'll put in the regardless stuff --
DR. DEERING: That I captured.
MR. ROTHSTEIN: Okay, and then make a mental note that that doesn't satisfy Harry's concerns and we may need to add another sentence, but we haven't decided on what that is, sort of a savings clause for that recommendation.
DR. DEERING: And if anyone can suggest it to me and send it along I can always put it in so that that's what you see the next time around.
MR. ROTHSTEIN: Harry, is that okay with you?
MR. REYNOLDS: That's great, yeah.
MS. BERNSTEIN: Do we need to satisfy what I heard Simon was concerned about which is that an entity like Kaiser should not have to be subject to two different schemes? I mean I thought it was similar but not exactly the same as Harry's concern.
DR. COHN: Well, I think it is, I think if John Paul is comfortable with being --
MS. BERNSTEIN: But John Paul has a different, my understanding, what I heard the three of you were saying is that John expects more privacy then HIPAA, which means that he's comfortable with the recommendation language as it is.
MR. ROTHSTEIN: Because they have to sign a consent that they have their PHR.
MR. HOUSTON: By default without any further --
DR. HARDING: But the public is going to be confused, uniformity is, just for the public's sake they're going to say you can for this and not for that, it just becomes another educational nightmare.
MR. HOUSTON: This is such a complex, I don't think there's any way, I don't believe there's any way absent having something online that the user would have to really understand and accept which would describe other uses and the functioning of the PHR, I don't think that there is a way to have uniformity because of the fact that there are so many different types of PHRs for so many different purposes and different motives, I mean some people are going to have profit motives, other people are going to have --
MR. ROTHSTEIN: Richard, you make a good case for legislation to deal with PHRs separately but in the absence of that HIPAA covers some, other people are not covered at all, and we're saying in recommendation six that all PHR sponsors should do this.
MS. BERNSTEIN: Actually with respect to your point on uniformity what the current language suggests that all disclosures should happen by consent is simple and straightforward from the consumer's point of view, what's complex is HIPAA, right, so they don't understand that now, they're not going to understand it much better likely even unless we have a lot of education, but the uniformity issue for the service, I don't want to use the word provider, but the PHR service is an issue I think that Simon was raising which is that an entity like Kaiser has a non-uniform practice which make it difficult for it as a regulated entity, if I heard that correctly --
DR. COHN: Has had a problem with what now?
MS. BERNSTEIN: Well, that Kaiser as a covered entity has a certain, has to be covered by HIPAA and understands, to the extent that it understands how it's covered by that has rules about it, and then if Kaiser goes into the business of being a PHR service will have a different set of rules either stronger or less strong, whatever, which are non-uniform for Kaiser and as a regulated entity makes it difficult for Kaiser. I heard you saying that it's hard if I'm that kind of an entity to have two different schemes that apply to me --
DR. COHN: Well, I think it's actually not just Kaiser, it's hard for every provider.
MS. BERNSTEIN: Right, any entity that would be covered by two different schemes that would provide the service, it's difficult for them.
And I think what I also heard was Harry saying that having more protections then HIPAA, more stringent protections then HIPAA, is not fair, is sort of the opposite of what John was saying, that HIPAA is plenty complicated and plenty strong and we don't have, we have more expectation of privacy but it's not fair to have, for these companies to have, to be required to have more stringent protections then HIPAA. Did I accurately reflect that?
MR. ROTHSTEIN: Okay, Harry and John and I are going to work on a sentence to deal with recommendation six. Anybody have any problems with recommendation seven? I want to have a break after seven.
MS. GREENBERG: That is just beautiful.
MR. HOUSTON: I agree.
MR. ROTHSTEIN: No problems? Okay, seven is fine. We're going to take a five minute break for everyone and we'll resume at 3:45.
[Brief break.]
Agenda Item: Subcommittee Discussion Continued
MR. ROTHSTEIN: All right, now we go on to the difficult issue and that is what do we do next with the NHIN. I suppose that the first issue that we need to address is whether we have heard enough. I'm serious, is there anything that anybody would need to know to come up with our recommendations? Paul?
DR. TANG: Here for another two minutes.
MR. ROTHSTEIN: Okay, you have anything to say say it now.
DR. TANG: The only other, the thing that we are so unclear about is what really is going on in secondary uses --
MR. HOUSTON: We're off of that already, we're onto our letter --
MS. GREENBERG: Well secondary uses are relevant to your letter aren't they?
MR. HOUSTON: He's still talking about the PHRs.
MR. ROTHSTEIN: Are you still talking about PHRs?
DR. TANG: Yeah, I thought you said is there anything more we need to hear.
MR. ROTHSTEIN: No, is there anything more on the NHIN that we need to hear, do we need more hearings before we start thinking about recommendations on NHIN?
DR. TANG: Isn't secondary use still just a whole what is it used for, it's still a question on NHIN?
MR. HOUSTON: It's interesting because we asked everybody to answer six questions and I think people sort of, and in many cases sort of begrudgingly answered the six questions and still went off and gave their view on things and it didn't, this testimony was very, very interesting this time and I thought it was very informative, it did tend to bring things together. I think what we were really trying to do with the six questions was focus us on getting to some conclusions and I think that if we try to hold more testimony I think we're still, I don't think we're going, we're just going to get more information. I think this set of testimony was probably the best that we've had but I don't think it's going to move us, I don't think any more is going to move us any closer.
MR. ROTHSTEIN: I agree.
MR. REYNOLDS: I agree.
DR. TANG: I agree.
MR. ROTHSTEIN: Marjorie?
MS. GREENBERG: I also agree but I'm wondering if, I mean these issues are so complex and as Professor Greely said there are no good, in a sense almost no good solutions, it's very difficult because there aren't good solutions. And I think of HIPAA and the people who worked on that and they really, really worked hard on it and they really, really tried to balance things and all of that and everyone just keeps blasting it, you kind of whether is it possible to get this right. But I'm wondering if your letter doesn't need to almost be like an NPRM, I mean I'm wondering if you don't need to develop your letter, get the input of the committee on your letter as well, and then expose it to comment. Now that doesn't mean you have to accept all the comments or anything --
MR. ROTHSTEIN: Is there any precedent?
MS. GREENBERG: Yes. I did that several, I was involved in that process several times with when I developed, when I was involved with the committee developing uniform datasets or revisions to the Uniform Hospital Discharge Dataset, the Uniform Ambulatory Care Dataset, and the core health data elements, I have a long history of working in that area, but it was all work with the committee. And each time we held testimony, we collected information, etc., and then we developed recommendations and we sent them out to everybody who had testified and maybe others as well, but at a minimum everybody who had testified and maybe everybody who'd attended the hearings, whatever, and we got their comments and we evaluated them and them we finalized the recommendations. I'm just suggesting that that's one possibility.
MR. ROTHSTEIN: I think in the abstract I think it's a great idea but I have two practical questions or concerns. Number one is that we would have to make the draft more widely available then to the people who testified --
MS. GREENBERG: You would, but it would be by definition because --
MR. ROTHSTEIN: I don't know whether publication in the Federal Register or whatever, or on our website --
MS. GREENBERG: You might put it on the website or something.
MR. ROTHSTEIN: And it may be that, I mean this is such an important issue, we might get 500 comments, and I don't know that we've got the staff to evaluate that, so that's the first one.
MS. GREENBERG: Well, you could just send it to the people who testified, others might send you comments but you could, no I realize that, I'm not saying do this, I'm just putting it out there --
MR. ROTHSTEIN: I think it's a very interesting idea and I've often thought this is, even if we thought it was the final version other people will view it as sort of an NPRM or a request for something or other.
And the second one is the timing issue, so Dr. Brailer expects that we're going to have something by our November meeting, if we sent it out for more comments I think we're talking about the spring.
MS. GREENBERG: Or the February meeting. He seemed to indicate, he assumed he didn't need it any sooner then November but I don't know.
MS. BERNSTEIN: Is anyone here aware of whether the responses to the original RFI, which are similar issues, are available yet? I don't think that they are.
MS. GREENBERG: You mean the actual individual responses?
MS. BERNSTEIN: The actual individual responses, as opposed to the summary document --
MS. GREENBERG: Some of them I think will never be available, I thought some of them were --
MR. ROTHSTEIN: But didn't they have to release them to be --
MS. BERNSTEIN: They are the subject of a Freedom of Information Act request at the moment and they are, and he said that they would release them with redactions appropriate for, but there's no whole document that will be not available, I can't imagine any whole document, the existence of all of the documents will be available under Freedom of Information Act when they get around to it and my guess is if you did that, if you went out for comment you would get very similar responses but if those comments were available to you they might be helpful to you.
MR. ROTHSTEIN: On the other hand they don't know exactly what we're going to do.
MS. GREENBERG: No, I'm not saying just go out for comment, I'm saying put a position or a letter with recommendations for comment. I don't know, I guess it depends on just how much agreement you can get, if you can get a very high level of agreement in the entire committee then maybe you have enough information --
MR. ROTHSTEIN: Well, it's not the information, what I was going to say is that it may be that because this issue is so contentious that we're not going to be able to go into the depth and specificity on for example the 20 proposed recommendations that I have in here, in the first draft, it may be that we only agree on five general things and if we're only sending five general things we don't need to send that out to the public.
MS. GREENBERG: That's true.
MR. ROTHSTEIN: Harry?
MR. REYNOLDS: There are so many things, and you mentioned whether there's 20 findings or whatever it is, and we may be able to close some of them out, we may recommend further hearings on some of them, but at least it puts a structure out for David Brailer or anybody else because I guess I feel uncomfortable as chair of the, co-chair of the Standards and Security, when we were doing e-prescribing and we had 50, 60 people in the audience on a consistent basis continually plan and I guess what's been surprising to me as we've done this privacy is the numbers, even though Dan has represented those other 50 and 60 well, the numbers of seats filled on probably a dramatically more contentious subject then some of the other stuff, makes me a little nervous that we go do our thing and we write a letter and then it blows up. So I like this idea maybe of, if we put a letter, if we list the things and you said 20 or whatever it is, 15, 10, 20, whatever it is, and we know that there some of them that we are comfortable with what we heard and we don't feel any different, or we send out a draft, or I mean something, because I feel, I guess having gone through the same process on something far less contentious in my opinion --
MS. GREENBERG: Except they knew that was going to end up being a regulations.
MR. REYNOLDS: Well, that's true, but it's still, I mean this is, as we get closer it just seems, I just feel a little --
MR. ROTHSTEIN: Well there's another component to this and that is the relationship between what we do and what AHIC(?) does and it's quite possible that when they get up and running they will want to get more information on some of the stuff that we identified as issues but couldn't come to closure on and then we'll in effect sort of kill two birds with one stone. John?
MR. HOUSTON: It's interesting that when Hank Greely spoke and sort of summarized I think some of the things that he thought should be recommendations, as soon as he started to describe his thoughts everything sort of gelled to me and I really went from I think not really feeling what are we going to do here to sort of getting a sense from his, just what he discussed that he sort of did have a bridge straw man and a place to start on trying to put something together. I really believe that he sort of did distill down I think a lot of what needs to be in the substance of a letter --
MS. GREENBERG: Actually we were saying that at lunch time.
MS. BERNSTEIN: Over lunch we were saying, Marjorie and I, that Dr. Lo and Professor Greely sort of said things that I wrote down that could go right into a letter.
MR. HOUSTON: Not that Dan didn't have good testimony, but he really distilled for me, as soon as he started speaking, especially some of his recommendations, I said you know I think that's really, I sort of got the sense that that's the tone of what I would feel comfortable writing and I'd want to go back through and read, sort of read the transcripts again --
MR. ROTHSTEIN: Well, he's got written testimony.
MR. HOUSTON: No, but I think the transcripts were much more even more focused then his written testimony was and taking the transcripts maybe and rereading those I think, unless I reread them and say no, I thought I heard something else, I really feel like that the basis, I really think it's the basis for trying to put the letter and I think it was real good stuff --
MS. BERNSTEIN: Pieces of it, yeah.
MR. HOUSTON: I mean there's more to it, I thought there was still a structure there and again, he would go in terms of yeah, so for what it's worth my preference would be, maybe we sort of shove what Marjorie said simply to say let's get some pen to paper and maybe after we get done we say okay maybe do need to clear up --
MS. GREENBERG: Keep that in your back pocket as a possibility.
MR. ROTHSTEIN: I think it's a very interesting option that we may need to look at --
MR. HOUSTON: Don't foreclose it, let's get something together recognizing that it might be something we decide to put out for comment. I would really take, let's say we get this transcribed, his testimony early specifically so that maybe we can start to look at it --
I'm not saying the other stuff wasn't important but boy he distilled a lot of what other people were saying I thought.
MS. GREENBERG: Not only that, I mean yesterday afternoon although I thought the testimony was very good I was feeling sort of hopeless, but then he made me feel hopeful, that may be dangerous but he did.
MR. ROTHSTEIN: Okay, there are many other issues we need to consider. The one is the timetable, if we are going to have a recommendation by November we are not scheduled to meet except at the September meeting for a couple of hours. So the question is knowing the complexity of all these issues do you think we can do things by email with a series of conference calls, maybe an in-person meeting in October or something, what's your sense of how we ought to handle this? John?
MR. HOUSTON: Can we try to plan, since we know we don't have a work product for September is it possible to try to work in two separate sessions during the full committee meeting? One on each day? That would be my proposal, maybe try to get some extra time.
MS. GREENBERG: The agenda is up in my room, Debbie might have it. But let me ask something, Simon has asked you to kind of preview your letter in September --
MR. ROTHSTEIN: In September I'm not going to preview the letter, what I'm going to do is describe our procedure, the various hearings, and some of the issues that we're working on --
MS. GREENBERG: You're not in a position I would say to preview certainly any of your recommendations, correct?
MR. ROTHSTEIN: Correct.
MS. GREENBERG: Well he needs to know that.
MR. HOUSTON: Can I ask a question?
MR. ROTHSTEIN: Does he really thing I'm going to --
MS. GREENBERG: Well, I think at --
PARTICIPANT: I think he knows know.
MS. GREENBERG: He probably realizes it.
MR. HOUSTON: I'm looking at the schedule right now, who is on Standards and Security or on Populations?
MR. REYNOLDS: Simon and I are on Standards and Security.
MR. HOUSTON: What's Paul on? Is he on Populations?
MS. GREENBERG: No.
PARTICIPANT: NHII.
MR. HOUSTON: Okay, because absent Simon and Harry, because 3:15 through 4:45 is Standards and Security as well as Populations, and my point being is is I'm willing if we can get the other committee members on this maybe sit down and spend some time on it with as long as Harry and Simon are comfortable coming in the next day and maybe doing more work on the letter.
MR. ROTHSTEIN: So in other words to have two sessions, one in the afternoon of the first day and the second the morning of the second day.
MS. GREENBERG: We just have to know to get a room.
MR. REYNOLDS: Well and the other thing is I would --
MR. ROTHSTEIN: Well, we would just the slot of Standards and Security, is that what you're saying?
MR. REYNOLDS: No, no, we'll still have that session.
MR. HOUSTON: They can still have it --
MR. REYNOLDS: You will have another session also.
MR. ROTHSTEIN: Oh, I see.
MR. REYNOLDS: And what we might be able to have happen since we just went through a planning session last time with Simon as you know, we put out that chart of what are the things we've got to work on, we kind of got ourselves, it may be good for Simon to join this, Jeff and I can run Standards and Security, so we'll see.
MR. HOUSTON: We've got Mark, myself, Richard and Paul, even if you and Simon both go to Security and do --
MR. REYNOLDS: But look at the next day and make sure Simon is not on NHII --
MR. HOUSTON: No, NHII is after, Standards and Security goes to 4:45 and Privacy goes from 4:45 to 6:00 --
MS. GREENBERG: No, you mean NHII goes --
MR. HOUSTON: I'm sorry, NHII goes 4:45 to 6:00.
MS. GREENBERG: And what's the next morning?
MR. HOUSTON: The next morning is Privacy and Confidentiality and Workgroup on Quality, those are 8:00 to 9:50.
MS. GREENBERG: The only thing I'm thinking is do you want to kind of work on writing or --
MR. HOUSTON: I think we're going to gnash teeth again --
MR. ROTHSTEIN: I think we're so far from writing, what we need to agree on is sort of philosophy and structure and recommendations, I mean we're way far from --
MS. GREENBERG: I'm just wondering then if it's a session in which, that first one, I mean the second one because it's part of the official agenda we will have a transcript, we will have, it'd be like a regular meeting, you wouldn't have minutes because you're not having testimony or anything but is this rump meeting that you want to have, not rump, additional one, is that also one in which we should have it transcribed and --
MR. ROTHSTEIN: I think we'd better because it's the equivalent of the same --
MS. GREENBERG: It's just so we know to make the arrangements.
MS. BERNSTEIN: What time, that's September 8th, what time do you have there --
MR. ROTHSTEIN: As well as notice to the public --
MS. GREENBERG: We'd have to change the agenda to indicate that you are also meeting --
MS. JACKSON: If it's an official meeting generally we don't have the meeting where members are conflicted, you're comfortable with having several members who --
MR. REYNOLDS: Since we have a subsequent meeting the next day --
MS. GREENBERG: He's okay with it.
MR. REYNOLDS: I mean we have people working on drafts at different times where we're not all sitting there at their desks with them so it's no different to me.
MS. GREENBERG: It's just that Harry and Simon are coming, do represent I think a somewhat different constituency or perspective and that doesn't mean you can't all agree on a number of things but so having these down there may reduce the productivity of your discussion.
MR. HOUSTON: But I also think, and maybe Mark and Richard and (?) have time off, but I've got an hour and a half gap or so which I could easily, we could again as a group could sit down and start to work through some of the preliminary stuff so that the next day's meeting, again we can recap for Simon and for Harry and --
MS. GREENBERG: We should put it on the agenda, we'll get a separate room, have it transcribed, the whole bit.
MR. HOUSTON: I just think it's going to be more productive, I don't mind doing conference calls but it's just additional face time where we can start to go through --
MS. BERNSTEIN: Does this need to be separately noticed in the Federal Register?
MS. GREENBERG: No, it's just part of the overall agenda.
MR. HOUSTON: We don't do that for conference calls do we?
MS. BERNSTEIN: No, we're not required in fact for our meetings to do any --
MS. GREENBERG: People know that they need to check the agendas periodically to see if they're going to change. It's just one more working session of a subcommittee.
MS. JACKSON: And we always have a disclaimer, subjects and topics and speakers subject to change, so people know that there's flexibility --
MS. GREENBERG: But we will, if you want to definitely do that as soon as we get back we'll make sure we can get you all a room --
MS. JACKSON: I'll call in to, I don't know who can work on it while we're out but --
PARTICIPANT: We can use the same room as the plenary session --
MS. GREENBERG: But that's probably where Standards is, but it's only a few people so I'm sure we can find a place, except some people may want to sit in, others may want to sit in.
MR. ROTHSTEIN: Okay now the next question is how can we use our time most productively? That is our face to face meetings, Maya?
MS. BERNSTEIN: I'm sorry, I just wanted to finish off John was suggesting that we have more then one meeting and we've, did you mean the two on that? Because that's very early on, that's two weeks from now, did you mean another meeting between September and November?
MR. HOUSTON: When's the September meeting?
MR. ROTHSTEIN: The 8th.
MS. BERNSTEIN: It's in two weeks, it's on the 8th and the 9th, a Thursday and Friday.
MR. HOUSTON: No, I think two meetings is enough.
MR. ROTHSTEIN: So the question is whether, the meeting that we're going to have around the regular NCVHS meeting is still going to be in a very preliminary stage and then there's going to be a lot of this sort of stuff like that we had like today around the PHR letter when we finally get something written. Do you think we need to try to schedule an in person meeting or can we do that by conference call or by email? Should we schedule a meeting in November, mid-November with a prospect that we're hoping we cancel it because --
MS. GREENBERG: You mean October.
MR. ROTHSTEIN: October, I'm sorry --
MS. BERNSTEIN: Is there another meeting in October of any of the subcommittees?
MS. JACKSON: There are no meetings in October.
MS. BERNSTEIN: There are no meetings in October.
MS. GREENBERG: There aren't any set up right now in October?
MS. BERNSTEIN: Are there any other meetings between the two full committee meetings?
MS. GREENBERG: Well, there's a meeting the end of September of Standards --
MS. BERNSTEIN: So the question is since some of you will be here anyway, in D.C. anyway at that meeting --
MR. ROTHSTEIN: When is it?
MS. BERNSTEIN: The end of --
MS. GREENBERG: That may not be, that might be too soon.
MR. HOUSTON: I wouldn't be adverse to getting together in October for a day.
MS. GREENBERG: Well October might be a good idea, I probably wouldn't be around but that's okay.
MR. ROTHSTEIN: Well it could be maybe the Halloween, the 31st and Monday the 1st, I mean that Monday and Tuesday, those are really the only two days in a row that I'm not out of town. Or October 10th and 11th, those are --
MR. Reynolds: I'm unavailable all week that week.
MS. GREENBERG: The 10th is Columbus Day --
MR. ROTHSTEIN: When is our meeting? Oh, it's the 15th and 16th, we could --
MR. HOUSTON: Could we do a one day meeting?
MS. GREENBERG: When is your November meeting? The November meeting is after Veteran's Day, the 16th and the 17th.
MR. ROTHSTEIN: I'm available the 11th, this is October, the 18th is a wonderful day for me, October, wonderful day because I have to travel to Washington anyhow for a meeting on the 19th. I love that 18th --
[Multiple speakers.]
MR. HOUSTON: I was going to say, I have them in my calendar but I don't know how to pronounce them --
MR. ROTHSTEIN: What about Friday the 21st?
MR. HOUSTON: I don't have any problem with the other ones, it's just the Jewish holidays depending on --
MR. ROTHSTEIN: What about Friday the 21st?
MS. GREENBERG: I have Yom Kippur but I don't have --
MR. ROTHSTEIN: That's the week before.
[Multiple speakers.]
MR. ROTHSTEIN: So could we do it on Friday, the 21st?
MS. BERNSTEIN: That Friday is fine.
MS. GREENBERG: No, Tuesday the 24th I guess, or 25th.
MR. ROTHSTEIN: Another day I could it would be the 24th --
MR. REYNOLDS: Did we disagree on the 21st?
MR. ROTHSTEIN: I'm good for the 21st.
MR. REYNOLDS: I'm okay for the 21st.
MR. HOUSTON: I'm okay for the 21st?
MR. ROTHSTEIN: Richard? Okay, done, so can we try to schedule that? Friday, October 21st, I love that too because I can just stay another day.
MS. BERNSTEIN: Friday, October 21st, what did we say about the 18th?
MR. ROTHSTEIN: Nothing, the 18th went by the board because you can't make it. I have, I'll just blow off the bioethics conference, it's in Washington.
MS. BERNSTEIN: Tell me what day of the week that is --
MR. ROTHSTEIN: Friday.
MS. BERNSTEIN: Friday the 21st --
MR. ROTHSTEIN: Correct, Friday the 21st. And in theory we should be pretty far along by then and we will also, I don't know whether now is a good time or not to set up conference calls, maybe we ought to do that, because after we leave the 9th maybe starting the week of, how about at the end of September we arrange a conference call, let me give you a couple of possibilities. The 28th, September 28th, not good --
MR. HOUSTON: I'm not available, that whole week I'm out.
MR. ROTHSTEIN: That whole week, okay, what about October 3rd, that's a Monday?
MR. HOUSTON: I'm fine.
MR. ROTHSTEIN: Are you coming to work on October 3rd?
MS. BERNSTEIN: Yeah, I'll probably leave at 3-ish.
MR. ROTHSTEIN: Let's see, we'd have to make 12:00 right, that's the earliest, 12:00 eastern time, so can we schedule a two hour conference call, 12:00 to 2:00, on October 3rd?
MR. HOUSTON: Sure.
MR. ROTHSTEIN: Okay. 12:00 to 2:00 eastern time, eastern whatever time it is, standard, daylight, 12:00 to 2:00 on October 3rd and then we're going to be meeting in person 18 days later and maybe we can do by email anything else.
Okay, now the next question is how can we work most productively and effectively and one possibility is if I get a hold of, I have some notes from, if everyone likes Hank Greely's framework, in other words at least the three part, the way he divided things up, I could do a draft before the September 8th meeting in which I revised this, not that you've agreed to it but just so we can hold something in our hand, in which I try to plug this into the Greely structure and also incorporate some of the other suggestions that we heard, like I really liked, and I think many people did, Lesley Francis' suggestion of, no, the first five years of the NHIN, health care only and --
MS. GREENBERG: Do you really think a lot of people liked that?
MR. ROTHSTEIN: Oh, I think it's, in terms of building public trust? I think it's a terrific idea.
MS. GREENBERG: I think it's a complete non-starter.
MR. HOUSTON: I think it's a little naïve, it's a good concept at a high level but I think when you start asking questions you start to recognize that there's a lot of --
MS. GREENBERG: I think it's a complete non-starter, I'm not saying I couldn't embrace it philosophically but --
MR. ROTHSTEIN: She is a philosopher --
That raises a question and we're going to have to come back to this issue repeatedly, but what should be the role of our letter and I think we have to walk a fine line and that is as follows. I don't want to put in the letter anything that we would consider politically naïve or pie in the sky or just totally out to lunch. On the other hand it's not our job to weigh the politics, I think we can --
MS. GREENBERG: I don't really think politically, maybe small political --
MR. ROTHSTEIN: I'm not talking about this particular issue, I was talking about overall. I don't think it's our job to weigh the politics, I feel very confident that the people in the Humphrey Building will do that. I think that we have to make, and I'm speaking for myself now, I would like to see us make the strongest credible case on behalf of privacy and confidentiality because if we don't make it it's not going to be made. And if they want to cut back on it because they don't, they think it's too expensive, it's infeasible, it's politically not viable, fine, that's their job. But personally I feel that we should put out the product that we think best assures privacy and confidentiality.
MR. HOUSTON: Should we at least when we talk about that, the circle of care, is that what she called it?
MR. ROTHSTEIN: That's what Nick called it.
MR. HOUSTON: Should we at least say it's a circle of TPO or circle of --
MR. ROTHSTEIN: I wasn't going to even use that.
MS. GREENBERG: It wasn't completely clear what she was recommending first of all, she might have only been talking about the entire electronic health record. I mean can you imagine that NHIN, and in fact they didn't agree with that anyway, that for the first five years no electronic health record data could go to public health.
MR. ROTHSTEIN: No, no, I don't think that's what, I don't interpret that --
MS. GREENBERG: They're not within the circle of care.
MR. HOUSTON: They were pretty adamant about those other uses that they felt was outside the scope.
MR. ROTHSTEIN: Well what I'm talking about is I mean the NHIN has been touted as a great way of quality assurance and all sorts of measures like that, that ultimately may in fact bear out. But unless the public is convinced that the primary purpose of this is to improve their care, assure the continuity of care, assure that there are no mistakes made in terms of medication errors and the like, they're going to say, and several people said, I think Maya said this, what's in this for me and I don't like it and I'm getting out and whatever, if they can get out.
MS. GREENBERG: If they want care they're not going to be able to get out.
MS. BERNSTEIN: You're getting into the substance, you were trying to focus on how to best use your time.
MR. ROTHSTEIN: Thank you very much. Harry?
MR. REYNOLDS: I was going to say the same thing because I think it's key, I mean I too liked what Hank had to say but we've heard a lot so whether or not everything we've heard and I don't, the circle of care is an interesting thought, whether she described it right or not it's an interesting thought, it's at least a premise to look at. So I guess I'm comfortable having you put it together using whatever model you want to use but I want to make sure we sweep all this up because we've heard a lot of people say a lot of good things and some of them have said the words better and different then somebody else --
MR. ROTHSTEIN: I'm going to go back and review --
MR. HOUSTON: And I agree with you, I just think when I heard Hank speak, some of his conclusions, it did seem to pull together conceptually a lot of what people were trying to express. That's the only reason, I don't think he's the end all be all, I just think his conclusions expressed a lot --
MR. REYNOLDS: I'm not disagreeing with that, I'm making sure that we're not prescribing exactly what we're going to say.
MS. GREENBERG: I remember in Chicago you had completely diametric things being said, one panel versus the other, they were like the mirror opposites.
MR. ROTHSTEIN: Right. And his three part strategy I would say addresses only a quarter of the issues.
MS. GREENBERG: Yes, it doesn't address --
MS. BERNSTEIN: Could I make a little suggestion? One of the things that I've been frustrated about is not being able to provide the subcommittee with, because of other things that are going on, the PHR letter or whatever, with a time when you can just really sit down and amongst yourselves hash out what you've heard. And we haven't really had time for that, certainly not in the last two hearings when a lot of stuff came out. The first hearing was my second day of work and the second one I can barely remember. But it seems to me that you're sort of chomping at the bit for some time for that, just as this conversation points out, and maybe you should try to reserve some of that time to do that kind of thing --
MR. ROTHSTEIN: I agree but I think it would be helpful if we have a paper in front of us.
MS. BERNSTEIN: Yes, I agree, but I think you need to have some time to do that.
MR. ROTHSTEIN: And I would strongly recommend to the three other members present and maybe we could let Paul and Simon know as well that I think it would be valuable if you all went back through the testimony, through your notes, and came up with a list of things, recommendations that you heard that you like or things that you wanted to make sure were in the letter, and so that we can consider all that stuff. And with any luck there will be some overlap between what people considered important to be included.
MS. GREENBERG: Marietta, am I correct that up until this hearing, and of course you have everything from this hearing, everything should be, almost everything should be posted on the web?
MS. SQUIRE: You mean minutes and transcripts? Yeah.
MS. GREENBERG: Well the transcripts and the presentations from the three previous hearings.
MS. SQUIRE: Yes.
MS. GREENBERG: I mean if you don't it in your files or whatever --
MS. BERNSTEIN: Are there also minutes for the small meetings? Okay.
MS. GREENBERG: I'm wondering if this, well if there's some value of you working with Maya on this, either her going to you or you coming up to Washington or something --
MR. ROTHSTEIN: Well, I'm in Washington a lot, we can possibly work out of some sort of trip but I think it has to be after September 8th and 9th when we'll have a better idea of how much agreement we have on general principles and that's one of the things --
MS. GREENBERG: I thought you said you were going to write something for September 8th --
MR. ROTHSTEIN: I am, I am, but only as sort of a straw man, a starting point, because it will at least get out the issues, people may disagree as to how I resolve them but at least it will have the issues and that's what I tried to do in this first document but we've heard more stuff and I need to go back and revisit it. This document was written around the questions and --
MS. GREENBERG: Yes, and I don't think those are all the questions.
MR. ROTHSTEIN: Well, they aren't all the questions, they are some of the questions, so I don't think that's a structure for the --
MS. BERNSTEIN: We did whittle them down --
MR. HOUSTON: The questions were intended for our, weren't intended though to be the structure for any type of recommendations either, really just for our edification and try to get people focused.
MR. ROTHSTEIN: And it was interesting to me just to make a sort of side remark that many of the witnesses, virtually all the witnesses to address the issue, took a shot at the question on should patients be allowed to keep paper records --
MS. BERNSTEIN: They all had the same answer.
MR. ROTHSTEIN: Yeah, they all had the same answer, which is fine, which is the conclusion that's already in here, but I included that question so that we would have a record to back up our recommendation. But people were saying like the train has already left the station --
MS. GREENBERG: I was the one I think who recommended that that not be the first question because I was concerned that people might really think the subcommittee was proposing that --
MS. BERNSTEIN: I didn't want to jump off on that foot so I tried to go from the general to the specific with the caveat at the end but then, Dan's nodding his head over there because he didn't understand why I started cracking up during his testimony because we had this conversation already.
MR. ROTHSTEIN: Well Dan correctly saw the logic and put it first.
[Multiple speakers.]
MS. GREENBERG: -- my concern was that people would think that you really were proposing --
MR. ROTHSTEIN: Well, that was probably a good thing --
DR. HARDING: Mark, what's the title and subtitle of our letter?
MR. ROTHSTEIN: We don't have one yet, do you have any ideas?
DR. HARDING: But what's the, I mean --
MR. ROTHSTEIN: Well, they're the Privacy and Confidentiality recommendations for the National Health Information Network, unless, well, I mean that's --
MR. HOUSTON: That's what the testimony has been about.
MR. ROTHSTEIN: Tell me what you're thinking.
DR. HARDING: I'm just trying to, when you write a letter like we're writing it has a title, but really what are we saying?
MR. ROTHSTEIN: My guess is, and of course we have nothing written, that this will be in the format of a cover letter and then an attached report but the report I don't think should be more then ten pages long, rather then a giant ten page letter. So that's what I had in mind as the framework and then the title on the report can be anything you want.
MS. GREENBERG: It's the Privacy and Confidentiality implications of the NHIN and related, and then recommendations, isn't that what it is?
MR. ROTHSTEIN: Exactly.
MS. BERNSTEIN: I think you'll find it ambitious to get it down to ten pages but I urge you to try, it's hard, I mean it's complex, that's all.
MR. ROTHSTEIN: Keep in mind that we can only include those things on which we agree and so even though it may deserve 50 pages --
MR. REYNOLDS: Well the last five pages will be things we need to have other hearings about.
MS. BERNSTEIN: But actually I'm not sure I agree with that, that is you could identify the issues on which, you could identify either other issues on which we have yet to come to agreement and where perhaps further developments in the market or committee or whatever --
MS. GREENBERG: Or research, I mean there were so many recommendations --
MS. BERNSTEIN: You might want to have a discussion even though you don't have recommendations --
MR. ROTHSTEIN: And in fact even in some of the recommendations of the 20 in here they're not really spelled out in any sense, number 20, HHS should support ongoing research to assess the effectiveness of NHIN including privacy and confidentiality --
MS. BERNSTEIN: Right, it's the discussion that comes before that that outlines where it is you need to have research or why and so forth that might take you some time to describe. But you should feel free to do that.
DR. HARDING: It says so many things and it's such an important letter that we ought to, there must be some way to kind of make it like these are the things that are really important, here are some things that would really be nice, and here are some things we don't have the faintest idea --
MR. ROTHSTEIN: That's one of doing it, sort of most important to least important, another way of doing it is these are the things you need to do right away and these are the things that you sort of can phase in later.
MR. REYNOLDS: We've kind of put that approach on e-prescribing with Standards and Security, we said these are the base things we all agree on and the industry appears to agree on, these are the things that we need to have a little more about and these are the things are a little longer term questions --
MS. BERNSTEIN: Well, it's a matter of low hanging fruit, right, if you can agree and industry agrees, certainly pluck those off first and fastest.
MR. REYNOLDS: But your list is clear, the list, and back to your point Richard, the list of issues is clear, it's just what is the timeframe and what is the process to get to some kind of resolution on them.
DR. HARDING: I don't think general agreement necessarily means it's the one we should put up as the ones --
MR. HOUSTON: If we throw them all on the table and we come to agreement on some and some we don't, we can decide on the order, I mean I think it's premature to say what the rule is going to be --
MS. GREENBERG: And whether it's one letter, I mean this is as I see a 14 page, well, maybe is it double spaced --
MR. ROTHSTEIN: No.
MS. GREENBERG: No it isn't, this is like a 14 page letter, I have a bit of a problem with a 14 page letter too but I mean one way to address what Richard is saying if you took your approach, and I think it will just depend on what we end up with, but is in the letter to highlight just what you feel, if someone is only reading two pages it's almost like the letter is an executive summary --
MR. ROTHSTEIN: Well, we may want to have a one page executive summary of the report --
MS. GREENBERG: And then have more --
MR. ROTHSTEIN: Well, do you remember, let's see, Richard is the only one who would remember this, when we did our big letter on the privacy rule, sort of the last one where we set out everything, we had a long discussion of whether we should put them in the order in which we thought they ought to be and the committee, the big committee, was of the opinion that if we did that nobody would even look at the stuff that was not bolded, that was the discussing --
MS. GREENBERG: I remember the bolding, in Salt Lake City.
MR. ROTHSTEIN: So the decision was put them all up there and sort of emphasize the ones in text or summary that we thought was more important.
MS. GREENBERG: But I think we'll get to that.
MR. HOUSTON: I think it's premature to even worry about that.
MS. BERNSTEIN: I think if the committee does what you suggested, to go through, look through their own notes, look through the testimony, whatever is available to us on the web, and come up with a list of those things that resonated with each of them and just look for where you have matching lists, then that will be a good start and plenty of work already for you to do at the beginning --
MR. ROTHSTEIN: And when you get my document see how many of those I've addressed and whether I've done justice to what you wanted said, or where you would plug in the things that I missed, is it the beginning or the middle or whatever. So that's why this is valuable, not because I expect you to sign off on it but still we can hold something in our hands.
MS. GREENBERG: Well and I might recommend in your document but where there just is really divergent viewpoints kind of giving maybe the most, giving alternatives --
MR. ROTHSTEIN: You mean for the subcommittee --
MS. GREENBERG: Yes, rather then concluding where you would come out.
MR. ROTHSTEIN: Well actually in some areas --
MS. GREENBERG: Where it seems like there's consensus --
MR. ROTHSTEIN: Well here I talked about the issue of although we recommend that a health care provider should be permitted to require an individual's agreement to use an electronic health record as a condition of treatment establishing a system of longitudinal blah, blah, blah, blah, accordingly we recommend that EHRs of individuals should not be a part of the NHIN without the individual's permission. We did not resolve the issue of whether an opt in or opt out approach should be used to obtain blah, blah, blah, and then talk about the benefits of one and the benefits of another. So I support that view and certainly at this early stage we ought to do that.
MS. BERNSTEIN: Are you suggesting that instead of what Mark just outlined we would have option A, EHRs should be all in the NHIN, or option B, whatever, and option C, and here the advantages and disadvantages of each of those?
MS. GREENBERG: Yeah.
MS. BERNSTEIN: That's a good OMB career letter looking thing, that's what I did for nine years is make memos like that --
MS. GREENBERG: That will stimulate a discussion on it rather then people like agreeing with you or disagreeing with you. I don't want to make more work for you but --
MR. ROTHSTEIN: Well, I was thinking that, but it will have the arguments too.
MS. BERNSTEIN: It will have the arguments, that's right.
MR. ROTHSTEIN: Are there any other matters we need to discuss before I run up and start working on this?
MR. HOUSTON: I don't like your tie, just kidding.
MS. GREENBERG: I can only say that these three days the committee did not refute its longstanding reputation for being one of the hardest working committees in the government.
MS. BERNSTEIN: Do you care to say anything just among this subcommittee about the discussion about Brailer's workgroups and AHIC and so forth?
MS. GREENBERG: Did anyone brief either of you? Did you get a review about the earlier discussions?
MS. BERNSTEIN: You're going to get a call from Simon.
MR. ROTHSTEIN: Well, Dr. Brailer was here on, geez, what day was that, on Monday, and he said that they're going to establish at least five working groups under the AHIC umbrella in various areas and one of them was "security and privacy" --
MS. GREENBERG: Privacy and security, he said privacy first --
MR. ROTHSTEIN: Privacy and security, and we agreed as an executive committee that we would communicate to him our interest in taking on those responsibilities --
MS. GREENBERG: Well he also said that he, he invited the national committee to serve as those working groups for all five topics although it was not clear what was meant by that and whether others would have to be added, all of that, but he did offer that.
MR. ROTHSTEIN: Okay, so what we don't know, the AHIC has not been officially appointed, they have not had their first meeting which will take place next month, we don't know exactly what that entails for us. The easy version of it would be that we are to sort of oversee the contractors who are hired pursuant to the RFPs that went out, so the privacy RFP asked for people to do a 50 state survey of state privacy laws, state health privacy laws, and that would be relatively easy for us to do. But it could be all sorts of other things as well, many of which we've been talking about in terms of the NHIN. And the bigger version might well entail another round of hearings on all sorts of potential topics going into more detail then we have on these issues and so we're kind of in limbo as to what we're going to do. We're most likely going to have a role with AHIC. Now what complicates that is that the working groups might have numerous other members appointed to them because there were hundreds of people who applied to be appointed to the AHIC and there are only eight private sector members appointed, and so we can't have all these disappointed people running around so we've got to appoint them to the working groups, and there may be 100 people who want to be on the Privacy and Confidentiality Workgroup --
MR. HOUSTON: -- enough for five or six --
MR. ROTHSTEIN: Exactly. So who knows what the future is going to hold on that.
MR. HOUSTON: I think it's great to hear that that's where Brailer's thoughts are vis-à-vis NCVHS, so I think any opportunity we have to support all of this I think we should really try to jump at it. Again, I think what I think I said before in prior meetings was is that I think the way that NCVHS continues to stay relevant is to stay on top of the things that are relevant to the administration and to HHS and this is clearly on the top of the heap --
MS. GREENBERG: We basically came out with that, it was, we obviously can't do it without resources, we need to understand better what it is and all of that.
MS. BERNSTEIN: And there were some concerns about whether this would overtake the rest of our agenda, on the other hand if we don't take up the gauntlet, gauntlet maybe isn't the right word, to take up the invitation that's been laid out then we sort of become irrelevant because that's what they're interested in. But also we are a ready group with particular expertise that can hit the ground running for them so they kind of need us, because otherwise Brailer is going to have to create this group himself.
MR. HOUSTON: And recognizing it also validates, I mean NCVHS really does have some name recognition, at least within the circles here we're talking about so having NCVHS intimately involved in it I think simply helps the cause I think from his perspective.
MR. ROTHSTEIN: Absolutely, I mean when we come to town we draw a big audience --
[Laughter.]
MR. HOUSTON: Maybe we ought to bring the audience with us.
MS. BERNSTEIN: It's also somewhat temporary, I mean on the one hand I don't think all that he said, sort of he doesn't expect these workgroups to gel until the spring essentially --
MS. GREENBERG: He didn't exactly say that, he said the ONCHIT process would not really gel until March, but I don't know about the workgroups.
MS. BERNSTEIN: Right, we don't really know, but also there's a sort of political reality which is their timeframe is about a year and a half, so it might take over a lot of our work for that time and then --
MR. HOUSTON: I don't think it's necessarily bad though, I mean I don't know.
MS. GREENBERG: Also there is a, we are planning to have a conference call of the full committee on this topic on --
MR. ROTHSTEIN: Friday the 26th of August.
MS. GREENBERG: No, no, that's just the Executive Subcommittee I think.
MR. ROTHSTEIN: Oh, the PHR was first --
MS. GREENBERG: I think the following Monday, the 29th --
DR. HARDING: The whole NCVHS?
[Multiple speakers.]
MR. ROTHSTEIN: Okay, is there anything else? People asked whether we would be finished by 5:00 and I said of course and well before 5:00, and I want to thank you all, and I certainly want to thank Marietta and Jeannine, and our staff, so thank you all and we are adjourned.
[Whereupon at 4:55 p.m. the meeting was adjourned.]