[This Transcript is Unedited]
Hilton Embassy Row Hotel
2015 Massachusetts Avenue, N.W.
Washington, D.C.
TABLE OF CONTENTS
Agenda Item: Call to Order, Welcome and Introductions
DR. COHN: Okay. Well, good morning, everyone, and happy post-Thanksgiving. Please be seated. Okay. I want to call this meeting to order. This is the first day of two days of meetings of the National Committee on Vital and Health Statistics.
The National Committee is a statutory public advisory committee to the U.S. Department of Health and Human Services on national health information policy.
I am Simon Cohn. Im Associate Executive Director for Kaiser Permanente and Chair of the Committee. I also want to welcome Committee members, HHS staff and others here in person and, of course, those calling in on the Internet.
Lets have introductions around the table and then around the room. For those on the National Committee, I would ask if you have any conflicts of interest related to any issues coming before us today, would you so please publicly indicate during your introduction. I want to begin by observing that I have no conflicts of interest. Marjorie?
(Introductions around the room)
MS. GREENBERG: Good morning. Im Marjorie Greenberg from the National Center for Health Statistics and Executive Secretary to the Committee.
DR. ROTHSTEIN: Mark Rothstein, University of Louisville School of Medicine, member of the Committee, no conflicts.
DR. WARREN: Judy Warren, University of Kansas School of Nursing, member of the Committee, no conflicts.
MR. REYNOLDS: Harry Reynolds, Blue Cross/Blue Shield, North Carolina, member of the Committee, no conflicts.
MR. HOUSTON: Good morning, John Houston, University of Pittsburgh Medical Center and a member of the Committee, and I dont have any conflicts.
DR. TANG: Paul Tang, Palo Alto Medical Foundation, member of the Committee, no conflicts.
MR. LAND: Garland Land with NAPHSIS, member of the Committee, no conflicts.
DR. WILLIAM SCANLON: Bill Scanlon, Health Policy R&D, member of the Committee, no conflicts.
DR. CARR: Justine Carr, Beth Israel Deaconess Medical Center, member of the Committee and no conflicts.
DR. FRANCIS: Leslie Francis, University of Utah, member of the Committee and no conflicts.
DR. GREEN: Larry Green, University of Colorado, no conflicts.
DR. STEUERLE: Gene Steuerle, Urban Institute, member of the Committee, no conflicts.
DR. FITZMAURICE: Michael Fitzmaurice, Agency for Health Care Research and Quality, staff of the Subcommittee on Standards and Security, liaison to the Full Committee.
MR. BLAIR: Jeff Blair, Lovelace Clinic Foundation, member of the Committee, no conflicts.
DR. STEINDEL: Steve Steindel, Centers for Disease Control and Prevention, liaison to the Full Committee.
DR. SCANLON: Jim Scanlon, HHS, Office of Clinical Evaluation, Executive Staff Director for the Full Committee.
DR. HORLICK: Gail Horlick, Center for Disease Control and Prevention, staff to the Subcommittee on Privacy and Confidentiality.
MS. KAHN: Hettie Kahn, National Center for Health Statistics, CDC, staff to the Subcommittee on Privacy and Confidentiality.
MS. JACKSON: Debbie Jackson, National Center for Health Statistics, CDC, Committee staff.
DR. HEFFERNAN: Henry Heffernan, NIH.
DR. MCANDREW: Sue McAndrew, Office for Civil Rights.
DR. FRIEDMAN: Maria Friedman, RX Hub.
DR. RAYBURN: John Rayburn, Healthcare Leadership Council.
MS. GRANT: Erin Grant, Booze Allen Hamilton.
MS. DEWIRE: Sheila Dewire, American Ophametric Association.
MS. JONES: Katherine Jones, CDC, National Center for Health Statistics.
MS. BENNING: Denise Benning, Office of eHealth Standards and Services, CMS and lead staff to the Subcommittee on Standards and Security.
DR. RODY: Dan Rody, American Health Information Management Association.
MS. AMATAYAKUL: Margret Amatayakul, Contractor to the Ad Hoc Workgroup.
DR. COHN: Okay, well, welcome, everyone. Before we move into the agenda review, I want to make a couple of opening comments.
First of all, I do want to apologize to a number of you, and I actually share, I think, in some of the angst. I know that because of the holiday weekend this past weekend, many of you received your agenda books very late or, in some cases, not at all. So we do want to apologize for that. I think the good news is that the action item for today was actually emailed out a week before. So everyone has that and obviously has had time to consider it.
I guess there are some extra agenda books if people, I know, for example, Paul Tang doesnt have one either, and surely if others dont have one, we have copies for you.
Obviously, what we will do is to redouble our efforts to make sure these things get out in time. This was actually in time. Its just that with the holiday week and offices being closed, I know that mine was sequestered somewhere in my administrative suites, but not anywhere close to me, unfortunately.
I will comment that we will also take particular care for the February meeting because I was just noting that the February meeting also occurs right after a holiday weekend. And so well just make sure to get these things out in time so that we arent at risk for not having people have it. Anyway, we will deal with that and make sure it doesnt happen again.
But beyond that, I actually do want to sort of begin by congratulating everybody on I think whats been a very productive 2007, assuming, of course, you make it through the meeting today. From my view, its certainly hard to believe that we are at the last meeting of the year. Certainly so far this year, as I look at our work, weve been advising HHS and exceptionally on I think a variety of what I would describe as important and timely health information policy issues. And we reflect on them, I think we should be proud. In terms of HIPAA and HIPAA transaction, we sent letters and held hearings and advised on both the NPI which well continue to monitor as well as the issue of moving to a more stable update process for the administrative and financial transactions, and I think you will remember the letter at the last meeting which talked about moving to a 5010 transaction. So I think, once again, moving forward and beginning to institutionalize the HIPAA update process now that we are ten years into HIPAA, five years into the actual implementation for administrative and financial transactions.
Now our Quality Workgroup has held hearings and came out with a report at the last meeting looking at the issue of quality measurement in what I would describe as a time of transition and recommending approaches that deal with both clinical and administrative data, and I think well be looking at the best way to get that out into the public hopefully over the course of the meeting today and over the next couple of weeks so that actually does get published and out.
Privacy and Confidentiality has had two letters and has been obviously monitoring HIPAA privacy and confidentiality, and well obviously be talking about the work that theyve been doing on individual control, sensitive health information, accessible by the NHIN, Paul Tangs term from the letter, which is, I think, an improvement over the previous title.
Populations and Don will actually be showing up, I think, around noon. We received an email from him that he just returned from Budapest about midnight last night. No comment.
But certainly this year they developed a letter on data linkages and federal databases and have obviously been doing more work planning for 2008, and well look forward to sort of seeing where they are on that later on at this meeting.
Now finally, and we will be discussing this at length today and potentially tomorrow, is a report that were bringing forward for action at this meeting being brought forward by the Ad Hoc Workgroup on Uses of Health Information, a report on enhanced protections for uses of health data. As I look at this altogether, it actually speaks of a fair amount of work and advising that weve been doing for the Secretary and for HHS this year, and obviously from my view we have a lot to look forward and probably we will get busier as we move into 2008.
I should comment, and this is just reflecting on previous work that weve done, and I think Karen will eventually arrive and I know shes been delayed at this point, will be, I think, also commenting on this one. CMS recently has announced that the ePrescribing standards that we were all involved with helping the Secretary and CMS identify for piloting are now at a stage where theyre moving into actual regulation, and I think that thats an exciting development. Obviously, I think that we should be pleased to have been part of the effort to identify those standards. I think we do have to step back for a moment and realize that standards are critical and necessary, but probably not necessarily fully sufficient in the sense of more needs to be done to move ePrescribing forward. But certainly I think without the standards, we run the risk of basically stovepipe implementations, lack of interoperability, and I think weve done an exceptional job of providing that foundation, and its nice to see that work beginning to come to fruition.
I should also remind you of the fact that some of our other previous work, and Im thinking of the NHIN privacy and confidentiality letter from last year as well as our work on functional requirements continues to be appreciated and used within HHS, was referenced by the Office of the National Coordinator in their recent request for proposals, and I know John Loontz will be talking about that tomorrow in terms of efforts. Jeff Blair, I know, is involved in one of those efforts in New Mexico.
But once again, these documents and, I think, our thinking is being referenced and utilized by HHS. So the hard work at the end of the day is worth it, and it is making an impact.
Today, we will be spending, as Ive commented, considerable time talking about the work of the Workgroup on Uses of Health Information that is being brought forward by consideration. This work is undertaken at the request of the Department and the Office of the National Coordinator. Specifically, the work involves developing an overall conceptual and policy framework to balance risk, benefits, obligations and protections of various uses of health data. From there, the work also develops recommendations to HHS on needs for additional policy, guidance, regulation and public education related to expanded uses of health information in the context of developing nationwide health information network.
And, of course, I think as all of you will remember, this was done in the context with particular, I guess, emphasis or attention on uses of health data for quality measurement, reporting and improvement.
We brought this up earlier in June as work to be started. I want to thank obviously all of you I mean, everyone whos been involved which has been most of the Committee in one way or another. We held eight days of hearings. I want us to take a moment and sort of signal basically both Harry and Justine as having as the co-vice chairs as being critical I think we should give them a round of applause for their efforts.
[Applause]
DR. COHN: For whats been really, I think, a Herculean effort in a very short time span. Now I think we all see this as sort of phase one of this effort, and well talk through today and tomorrow. But there will be well, there are additional issues that I think we recognize that we have not that need further investigation. Oh, yes, well, well get to Margret A in just a second. We havent even voted on this thing yet. So, well, okay, I will turn around and I think we just need to acknowledge Margret A. without whom we would not be where we are with a document at this stage. Well give her a round of applause.
[Applause]
DR. COHN: Now I have someone to thank, Paul Tang, both for his participation on the Committee as well as his most recent editing, and youll see some of the fruits of that effort as we go further today. But also Bill Scanlon, Marc Overhage wholl be calling in late on, Mark Rothstein and Kevin Vigilante. Kevin will also be calling in today, had to go out of town, I think, on some urgent business.
I obviously want to thank you all for spending a very busy and productive summer and fall. I dont think were in quite winter yet, on this activity, and I think once again weve come up with, I think, a document we can be proud of.
I also should mention our liaison representatives and support. I know Steve Steindel, Mary Jo were involved, and I guess theres a whole list actually, Mike Fitzmaurice, Debbie Jackson, people from Booz-Allen, including Erin Grant and Christine Martin Anderson who I dont think is here today, and Im sure Im missing a variety of other people here. But lets give them well reflect on them because theyre all listed in the back of the document.
But once again, I think we really want to thank everybody for I think whats been a fairly sustained and focused effort. Obviously, I mentioned this both because I think we should be proud of the effort. Hopefully, as I said, as we look at it, we will think this document is worthy of being thoughtful word and being able to accept during our session today and tomorrow.
I also mentioned to you both because as an example of flexibility of the Committee, and I think weve talked about that over the years of way that we can rapidly mobilize to do something of importance for the department, and I think this is a good example. Its also an example of ways that we can bring together, I think, a really unique competencies around population health, privacy and confidentiality standards and quality in sort of a rapid fashion to really sort of leverage all of the expertise that we have in the NCVHS.
Now with that, let me move on to the agenda review, and I think Ive got it right here. This morning, we begin with Jim Scanlon, our Executive Director, who will be talking both about department update as well as, I think, reflecting some on the transition as we move into the end of the terms for a number of the Committee members, and I think hell be talking about next steps on that.
Now Karen Trudel is next on the agenda, but I think shes been detained, and we will either squeeze her in today or tomorrow sometime as is appropriate and works for her and the schedule of the Committee.
Following the morning break, we will begin a discussion of the report that Ive just been discussing at length, and obviously this will be bought forward as an action item for this meeting. Now I should comment, and Ill mention this again when we get into the document, I think the ground rules for that conversation will be that we obviously gratefully accept wordsmithing, but would prefer to be done off line. However, there is obviously a line between wordsmithing and content, and what we want to do is to make sure that we are surfacing and reconciling any content issues we have with all of this. And so, as we go through it from section to section, once again, I mean, Margret, I, Justine, Harry will take wordsmithing things off line. But if you think you have an issue or concern about how this is worded that bears on content, we do really need to surface that today.
Now after lunch we will be probably continuing for a little bit on the report, and from there then moving into the discussion of the privacy and confidentiality document on individual control, sensitive health information which will be more of a discussion item being brought forward to help advise the Subcommittee in their meetings from four to six this afternoon and hopefully will come forward as an action item for our February meeting.
At three oclock, we are pleased to have a briefing on an invitational meeting sponsored by the Robert Graham Center which was on harmonizing primary care standards. This was supported by ARC. Larry Green was one of the was described as principals on this, and I think youre the one actually putting together the various discussions and producing the document. I did notice I think youre not presenting, however. You preferred not to present. But Im sure Larry will be making comments. We have Bob Phillips and Michael Klinkman presenting to give us sort of an overview of that work because I think it is germaine and relevant to the work of the Full Committee. I should also mention that Marjorie presented there, and obviously we want to thank you for presenting the National Committee at that session.
Before our break outs, we will discuss plans for Wednesday. I do, however, want to remind everybody that we are scheduled to adjourn at 2:45 tomorrow actually three, somewhere between 2:45 and 3:00 tomorrow, so just to keep that in mind as you make your travel plans and other plans for tomorrow.
Now with that, why dont I oh, actually, yes, we do have a dinner. That was actually going to be my final comment. We have a dinner tonight which is going to be about 6:30 at a place called Lauriol Plaza which I actually know where it is, although I dont exactly know how to walk from here to there. But I am told its five to six blocks away. So either its a short cab ride or a nice walk which well probably need by about six oclock this evening.
It is sort of Central American and Mexican cuisine as how best I would describe it both having looked at the menu and actually it was highly recommended by our staff, and I think theyve been very good so far, I mean, with some of the other restaurants weve gone to over the last while. Anyway, thats the plan for the evening. I think we do need a number from the Committee of those who would likely be joining us for dinner. Maybe at this point well just have you raise your hand if youre interested in coming and staff obviously also. Okay, okay, well, with all of that being handled at this point, let me turn it over to Jim Scanlon for a department update. And Jim, thank you.
Agenda Item: Department Update Data Council
DR. J. SCANLON: Thank you, Simon and good morning, everyone.
Let me say I want to update the Committee on a couple developments that have occurred since we met in September, and they deal with sort of the policy priorities, legislative developments, where we are with our budget which kind of affects all of our planning and projects, and then Ill talk a little bit about our transition in terms of new members for the next few months.
So let me start. I think Ive left out your place, and Im not going to go through these. But is this working all right? Is that better? At any rate, Ive left before you at your places and Im not going to go through this, the revised HHS priorities for these are really policy priorities. Theyre nine areas ranging from health insurance coverage, value driven healthcare information technology, personalized health care prevention and preparedness.
Again, these are the nine priorities that the leadership of the department is spending most of its time on and probably for the remainder of this term as well, these are the areas that will get most attention. And I think youll see that virtually every one of them is reliant both on data and on information technology and health information technology, and one of them involves health information technology per se, the Secretarys initiative.
Ive also left before you the update of the departments strategic plan. This was just went through all of the review process and is now on the web. So its official. Basically, four overall goals, and youll see a number of objectives. This is the strategic plan for the next five years. And, again, these are at the policy and strategic plan level. These are the activities that will be receiving the attention of agency heads and HHS leadership in the months ahead. Thats not to diminish all of the other activities that HHS carries out in terms of program operations, but in terms of new policy and new areas, these are the ones that will receive the Secretarys attention.
And, again, I think much of what the NCVHS is involved in supports these either directly in the health IT area and indirectly in terms of data and other areas. On the legislative front, there are I think everyone thought we might have some further developments. This will be a short report. There were several health IT bills, as you know, introduced and being considered in the 110th Congress. An example was the Wired for Health Care Act in the Senate which would codify the Office of the National Coordinator, the AHIC and a public/private partnership, and it would establish a number of grant and loan programs. There are a number of privacy concerns have been raised, as youre aware of. There are other bills as well. I dont think anyone expects that anything will occur between now and the end of the first session, but HIT would be expected to be a priority in the second session of the 110th Congress.
Similarly, on the budget, again we were hoping that we would have a full budget for Fiscal Year 08 and I could talk a little bit about priorities and plans and where we were with investments. But at the moment we have a continuing resolution through the middle of December. So our rules basically are that we have to spend no more than at a pro rated basis as we did last year. So we cant really start any new projects, and the picture is still somewhat murky in terms of what the actual amounts will be for health IT as well as for some of our population health data. I think were all hoping that well have a level of resources at least at the 07 level and even some breathing room for new activities. But we just wont know and possibly wont know until February as last year. So we just have to proceed week to week and month to month.
Our Data Council actually has been reviewing where we are, what will be the budget impact on our Fiscal Year 08 statistical activities and health IT activities. But again, were sort of looking at various contingencies depending on where the budget levels come out. But we, again, its a little difficult without some finality to the budget to know where were coming out. And on the 09 budget is under development, and the budget proposal for 09 is being developed now. And, again, the Data Council has taken a very active role there. It has looked at all of the proposals that the agencies are putting forward relating to health IT and statistics and the population data and actually made some recommendations to fill in gaps and keep everything on it sound and sound footing. But again, basically its a question mark until we get a budget for the remainder of the year.
There are some specific activities I wanted to bring to the Committees attention. The Data Council in December will be looking at several assessments on follow up on Hurricane Katrina evacuees. We have a study that HHS has supported at Harvard Medical School thats following this is Ron Kesslers study. Theyre following up a sample of Katrina evacuees over a long period of time. Ron will be briefing the Data Council on where things stand there with that group. We have some other studies that our agencies have done and others have done looking at where are we almost two years later. And similarly, the Data Council had a previous meeting in November, looked at and is continuing to look at what are the capabilities of our agencies for state and local data. This comes up particularly in the context of state health reform, you know, a number of states are coming forward with their own health reform programs. Many of them have approached HHS for data and assistance. So were looking at what capabilities we have and, again, were looking at gaps and where we might put some resources when they become available hopefully this year.
And a couple other things I wanted to follow up on. Youll remember that we had a workshop at the National Center for Health Statistics earlier this year, and we were looking at what is the potential of electronic health records for in this case it was public health statistics. And, again, this falls into the secondary uses category broadly. But here, we were looking specifically at what is the current penetration and capability of electronic health records in health care settings that might provide a basis for at least partially supporting the national statistics and state and local statistics.
And I think we found that the penetration at the moment at any rate was too low and not systematic enough in terms of EHR adoption to support national sampling. On the other hand, there were clearly instances of deep and rich electronic health record information. So the question came up, well, how can we move forward in this area. I think the thinking was, and several of you were there obviously, we might proceed with some pilots where such systems did exist and sort of model through how would we use that kind of information, what would be the options when the adoption is on a broader scale.
So were thinking of what exactly could we look at in 08. The National Library of Medicine has offered some of its grantees as a possibility. Obviously, around the table several of your organizations have well established electronic health record systems that could help here as well. But were open to some ideas as a follow up.
I think I mentioned at the last meeting some of the projects we just started at the end of the last fiscal year. A survey of preparedness in emergency departments. Were doing this through the National Center for Health Statistics Emergency Department Survey. I think I mentioned that we had just begun just really at the end of September an evaluation or assessment of electronic personal health records in Medicare pilots both on the fee for service side and in a project with ARC on the health plan side. So these are just getting started. It took a while to get things going. So well probably be asking the Committee for some advice as we move along. But, again, these are Medicare pilots, and were trying to do a good evaluation.
We also initiated an assessment of the health IT capabilities and information exchange in the health safety net, particularly the Community Health Centers and primary care, and thats now got started as well. We are thinking of some new possibilities. Agencies have approached us. Others have approached us both on the population side and the health IT side. Ill mention these only with the caveat that obviously the resources would have to be available for us to undertake any of these.
But one request we received is that we look at the capability available to HHS for modeling health and human services modeling. As you know, we support several models at HHS where we contract for models. There are not many of them, but I think we the issues come up, and we thought we might, if possible resources available, wed look at whats the current capabilities state of the art, and where would we want to go.
Secondly, this is very interesting. You recall that the Secretary announced within the month a planned demonstration program of electronic health records in an ambulatory setting, and this is projected. It would be a five-year demo. I think the Secretary announced it at the AHIC and other places as well. Weve been asked, my office particularly, has been asked to assist with an evaluation of sort of the valuation site of that demo. So were working with CMS and others now in terms of what the possibilities might be.
Were also thinking of revisiting the state of the art in how you measure the health and economic impact of illness. Youre all familiar with all of the studies that have been done. Folks take one diagnosis whether its heart disease or cancer and then try to look at what the economic and the health impact on society and the economy is. They often tend to amount to so much that they almost approach the gross national product each one of them. So thats obviously not when you look across those, and I think our interest is not on individual disorders. Its looking at across whats the total burden and impact on society and the economy. I think were going to try to look at whats the current state of the art, and is there a way of looking across these in an integrative way and trying to get it within some control measures in terms of national health accounts and other areas so we really understand in a more realistic way what the burden might be.
We have another interesting project that we were approached by the VA and the VA has asked if we could help with a pilot and evaluation that would involve information exchange between the VA and veterans who are transitioning to outside the military system and the VA system and who might be going to private sector sources for health care, and could we there are some demos already between the DOD and the VA and the Indian Health Service who are looking at transitions to the private sector as well for health information exchange.
And then finally in a way related to that, we were looking at the issues come up several times now. Is it possible to look at some of the electronic health record systems and repositories that people believe are available in the private sector, and is it possible to be able to use some of those for certain public health activities including drug safety monitoring.
This was actually in the FDA Reauthorization Act, but in other areas as well. So this would involve, if we could again resources to begin looking in this direction, not just the public reporting systems, but in terms of the health plan and health system repositories and data resources. Is there a possible way to look at data. Folks use the term data mining. Actually, its somewhat different than that. But what potential do they have to provide systematic information after the drug is approved, for example, on drug safety, on some other public health issues as well.
So thats kind of where we are. Its an ambitious plate of planning. But, again, none of this will happen until we are clear about the budget. Questions on that, and then well talk a little bit about transition to new members.
DR. GREEN: Jim, could you say a little more about this five-year EHR demonstration in ambulatory settings?
DR. SCANLON: Well, I can say, Larry, only what the Secretarys already announced. But this would be, and I should probably get you a good summary in the press release. But just earlier this month, Karen, you probably know more than I do. But this would be a, I think, 1200 ambulatory care practice, small and mid-size ambulatory care practices would be part of a fairly structured pilot and evaluation. There would be a comparison group. Now again, its not clear what capabilities the ambulatory care office would have to have. Obviously, some sort of EHR capability. But the look would be what are the can you compare ambulatory care offices with EHRs to a comparison group. Can you measure improvements in quality and outcomes and probably efficiencies as well. I think its envisioned as a five-year pilot, fairly large as pilots go, and there is some an evaluation site at any rate. There would be some fairly structured evaluation so that we knew what measures we were trying to look at, what measures we were trying to influence, and have sufficient size so that we could detect differences.
Its only in the planning stages as I recall. It probably wouldnt get started and there wouldnt be much more detail til the spring. And, again, obviously this is a budget issue as well. But it would be within the context of the Medicare demo program, and I can provide the Committee with a little with as much as we have on it so far.
DR. FRANCIS: I had a question about state initiatives. As I understand it, there are a number of states on Massachusetts, Maine, I think, is the leader in this, that have been trying to get cost data actual cost data so people can compare in state level reforms, and they havent been able to get CMS data. I may be wrong about that. But they can only get private care data.
DR. SCANLON: Well, I think that the issue may be physician specific data, and thats still, as you know, in the courts. Some states require in their states that individual physician specific information be available and posted. That was challenged in the courts. And now Im not a lawyer, but as I understand it now, it is still in the courts and under appeal whether or not that information could be made available.
CMS was approached to make that data available, but again it was challenged in the courts. And I just dont have we dont have any way of predicting how that will come out. But obviously that would be a critical part. I mean obviously institutional care, you know, quality measures and cost measures for institutional care are important. Thats where most of the money goes. But this would be the ambulatory side. And if this information and this is part of the Secretarys value driven health initiative as well, you know, the assumption that if folks, decision makers knew what the quality and cost options and outcomes were, they could make more informed decisions. But were in the courts at the moment. Marjorie.
MS. GREENBERG: Thank you, Jim. So many interesting things that we could have a second advisory committee of things and work on some of them, not that Im volunteering you all. But particularly since Don is not here yet, I can certainly volunteer him.
I was really interested in the study you mentioned on the economic impact of illness, and I assume disability as well. Would that be included for CDC and NHS in particular have done quite a bit of work related to burden of disease and summary measures and all of that. And I think that I assume you are going to have a population focus on that.
DR. SCANLON: Exactly.
MS. GREENBERG: So that would, I think, really I know the Population Subcommittee has a list of things that its looking at for the future. But I would really encourage you to involve them and discuss it with them.
DR. SCANLON: Oh, absolutely. And I think were trying to well start out as we normally do with kind of whats literature review and state of the art and what are people doing now. But from what I gather, and Im not an expert here, the cost of illness and burden of illness state of the art have gotten to a point where it was largely disease specific, and everyone approached it in a certain way, and it was actually the way that Dorothy Rice sort of got started in the 70s. So were a little and were looking more at a comparative approach as well and how does it fit into at least in the cost side of how does it fit into a national health account, or when you control for what you think the total expenditures are, how does it all come out.
And wed actually like I think wed actually like to look at what are we getting out of the inputs as well, but that may be the next step.
DR. STEUERLE: Just to add on to Marjories comment, it seems to me that the Population Subcommittee is very interested, as you know, in integrated data sets and the accommodation of social security record which would give you earnings background of the person combined with Medicare records combined with DI records would be a tremendous source of information for examining not only sort of in the broad sense whats going on. But to the extent you could do it and you could follow what I consider one of the really big issues which is sort of these Im sure its disease specific, but its almost like issue specific movements. Like all of a sudden, you see huge amounts of money moving into some particular type of health care. You know, whos actually getting it. You know, I think an integrated data set could give you tremendous leverage in answering those questions.
DR. SCANLON: And there is other work and, again, we just dont know. Theres been talk about this for quite a while now. But the department, HHS mostly, has asked the National Academy of Sciences to put together a panel to look at youve heard this before, national health accounts. And what this tries to do in economic terms, Gene, this is familiar to you, and other sectors do this.
You can literally try to analyze the sectors so that you can see what the inputs to that activity are, and what the outputs are, and now again its often reduced to dollar terms, but it doesnt have to be, and then actually look at sort of whats going in and what inputs connected with that output. Tremendous data needs, as you can imagine, in this area, but there is at least a group looking at that now, and well see how far they get.
Then again Im going to focus on process. Obviously, were not discussing individual members or cases or anything like this. But as you all know, as of December we have my count was about, we will have six members, and I might even be short there, whose terms will expire of the Full Committee. Now we will ask you all, and there is within the department the process has been underway for a little while now to find new members, and a package will be making its way to the Secretary seven. So we will and process wise we will be asking all of you to we have the authority to extend to all of you whose terms expiring for six months which would take us through June, I believe. So I think we will be asking all of you if youre willing to beginning of June - to see what the exact date was to stay with the Committee until then probably another couple months during the transition.
Weve gotten some good nominations for new members. But again its hard to predict what the outcome will be. Sometimes in the process of proposing members, other names come up. In general, the Secretary has followed our recommendations. But weve certainly had other names introduced.
The department always looks at geographic diversity and other diversity. So its a little hard to predict what the outcome will be. But we do have some good nominees. It just takes a while to get this through the process. So I think, number one, well hope youll be willing to stay on beyond that term for probably until June, it would be. And if individuals have any questions, please see Marjorie or me as well.
In terms of reappointments, the department generally doesnt make routine reappointments. I think we found that out the last couple times, though just as a rule they want to give most folks the chance to serve. So we always provide the full slate of current members when we submit the package to the Secretary, but probably cant routinely make reappointments. It just generally doesnt happen.
So process wise, I think thats kind of where we stand. Marjorie, want to add anything more?
MS. GREENBERG: Well, just that, you know, first of all, if youre not willing to serve through June 1st let us know. I think we probably already submitted yes, we have. But you know, youre not required to. In summary, unfortunately we cannot extend you beyond six months. This is new in the last year or two. It used to be we could extend people until they were replaced. So that means we really need to get going on the nomination packages so that we wont have a period in which we dont have any members, you know, or dont have half of our members which because we wont be meeting in June until after all these positions, these terms expire.
As you also probably realize, we will be needing to look for a new chair as well. So wed welcome we attempted a lifetime appointment for Simon. Hes as close as weve ever come. But even that wont fly. So wed welcome, you know, your suggestions of either current or other members or others who might be able to step into those big shoes. And if you are really interested in serving another term, even though as Jim said we cant guarantee it and we know we couldnt reappoint everybody, you should let one of us know.
And then if you think of people who are know of people who you think would be good members, I think youre probably the best judge of that, having seen what it was like to serve. And just one other thing. As youre all meeting as subcommittees and workgroups over the next two days, particularly as you identify your work plans for the next few years, if you see certain areas of expertise just even coming out of what weve talked about this morning but really you see that youre lacking or will lack when somebody goes off the Committee, let us know that, too.
DR. COHN: And I guess I should sort of jump in on this one. Obviously, I asked Jim and Marjorie to talk about this a little bit just because I was getting a lot of questions like what happens. So at least now you know what youre going to be doing for the next six or eight months.
I will be mobilizing the Executive Subcommittee to begin to sort of have conversations around what are described as transition planning, and obviously the intent here is to make sure that as we move into new members and the transition that the Committee remains vital, strong and active and the traditions continue. So well be asking for their assistance and help on that as well as if all of you have ideas about how we can best ensure that since theres going to be, as I said, a thoroughly yeah, theres going to be a lot of members sort of transitioning over a relatively short period of time.
I would also, I think, ask the Subcommittee and workgroups, and well talk about it as you meet in your workgroups and subcommittees, as you begin to look at your work plans over the next while to sort of judge what you think you can get done over the next February and maybe a little beyond with the idea being that it probably isnt a very nice thing to do to be in the middle of a project, bring a finished report to a group that hasnt been part of the report generation.
And so everyone just needs to be mindful of that sort of process step as we go forward. Now John Paul, I see you have a question.
MR. HOUSTON: I do have a question. When, in June is the timing for reappointment.
MS. GREENBERG: Well, right now I think all these appointments end on December 1st. So we can, you know, a few days from now. So thats why weve already processed the extensions. But that means we can only extend people who havent been reappointed for a maximum of 180 days, I believe.
MR. HOUSTON: The reason why I bring that up is that we have future meetings on February 21 and then June 17 and 18 which means they fall outside of
MS. GREENBERG: June 17 and 18 is already past that time. Now is it possible that we could get an exception for just that meeting, or we could certainly bring chairs maybe back, you know, in their private capacity. Weve done that before if a report or something is going to be presented. So we have ways to bring people in. But I think they probably would not be voting members unless we were actually able to extend peoples date of that meeting. I mean, we could think of moving that meeting to the end of May, I guess.
MR. HOUSTON: Im just practically speaking, I think theres a number of things that need to get wrapped up. I know there are privacy letter and things like that. I mean, I assume were going to get that done in February, but
MS. GREENBERG: Well, Februarys not a problem.
MR. HOUSTON: I understand that. But Im just thinking
MS. GREENBERG: You all are going to be extended. Thats
MR. HOUSTON: Im verbalizing it past February because, you know, if it doesnt get done in February, thats really the last meeting where theres going to be a group of people here who are coming off the committee, and Im just
MS. GREENBERG: Let us look into this issue of June 1st versus June 17th because we have always traditionally met in June, and this is a little unusual that these appointments were December 1st. Usually, theyre like June to June or something. I dont exactly know how that is. It just happened.
MR. HOUSTON: They were just assigned, I think, on those dates.
MS. GREENBERG: It was after the November meeting, obviously. But so well look into that. I mean, one possibility is to try to move this meeting to the end of May, the June meeting, or see if we can at least extend people through the June 17th meeting. Well look into that.
MR. HOUSTON: Yes, I think the other thing, too, I know we want to try to finish things up. But I think probably get some collective wisdom from the people who are leaving on what the future agenda needs to be. I know in privacy, were sort of cleaning up some stuff. But, you know, if Marcs not going to be here past June, I think theres a lot of things that
MS. GREENBERG: And hes served two terms. So thats a reasonable assumption, yeah. Okay, well, its good. I mean theres nothing like a deadline, you know, to spur you on.
MR. HOUSTON: It makes voting quicker.
MS. GREENBERG: I understood it
DR. COHN: Of course, some people may decide to filibuster, though, too.
MS. GREENBERG: I will only tell you just, you know, this is the mother in me. But having now worked with this Committee, I guess, since 1982, its always painful when people go off the Committee and particularly the Chairs of either the Full Committee or the Subcommittees. But we have been now in existence almost 60 years, and weve survived. So its what I think keeps the Committee vital.
But the other good news is that since we will be observing our 60th anniversary in 2009, we will certainly bring you all back for that, and we should really start thinking about I know its hard for those of you who are going off the Committee to think about helping us plan this celebration. But Id say if you can pull off the Ad Hoc reports you have, this celebration will be a piece of cake.
But we really should plan something for the 60th, and I think we should start talking about that. And, of course, we will invite all of you back.
I just want to say one other thing on the previous subject, and that is that I meant to mention that I think the Board of Scientific Counselors of NCHS would be very interested in that, you know, cost and burden and all that study as well, and particularly its now chaired by an economist who was liaison to this Committee. Shes a demographer? Okay, actually the previous youre right. The previous liaison was an economist. But in any event, I think they would be interested as we look at joint projects. Youre right about that. But I think they may have at least one economist on their board, more than one.
DR. TANG: Just a follow up to Marjories mention about deadlines that we should heed our own advice like the NPI.
MS. GREENBERG: Is this physician heal thyself?
DR. COHN: Okay. Well, with that, as I said, there will be additional conversations, both formal as well as informal about the transition. But I wanted to make sure that everybody, as I said, had a view of all this as well as to mark your calendars as we move into next year and obviously dont assume that youre, as I said, transitioning off starting in four days or some such
Now, with that actually, Karen Trudel, welcome, pleased to have you join us. And obviously, I know you have an update from CMS, and happy post-Thanksgiving.
MS. TRUDEL: Thank you. Im going to start by talking about the NPI I mean, not the NPI, the ePrescribing because theres a lot going on there, and then Ill move to the NPI and some less interesting things.
I believe there was some mention made about the proposed rule for the additionally prescribing standards having been published on November 16th. The comment period will end then on January 15th, and were proposing a one-year implementation period. The publication for the final rule is, again, to be determined after we see the nature of the comments that we have to deal with and how long it will take to process a final rule through.
Anyone who looked at the report to Congress will not be surprised at what were proposing. Were proposing the adoption of standards for the formulary and benefits and medication history standards which the pilots indicated were definitely ready for implementation, and the formulary which actually carries information from the plan to the prescriber so that they can see whats on formulary.
It is intended to help make economic decisions at the point of prescribing from the research that weve seen will hopefully increase generic uptake and, as a result, both save money and improve patient compliance.
The medication history information which goes, again, from the plan to the prescriber will give the prescriber information about what other medications have been prescribed for that patient which obviously is, we feel, is going to make a huge difference in terms of adverse drug events.
Were requesting comments on the RX Fill standard which actually would send a message from the pharmacy back to the physician indicating that the prescription had been picked up. The pilot showed that the standard itself worked, and that it carried the information very well.
There seemed to be some question about whether there was a business case for it, whether physicians actually wanted the information, what they would do with it if they had it, and whether indeed they would wind up being inundated with messages and not be able to actually sift through them and figure out what to do with them. So were soliciting comment on that. Were not proposing it as a standard.
Were also proposing retiring the first version of the script standard that we adopted in 2005 which is version 5.0, and we would move forward to use version 8.1 as the sole standard. At this point, 8.1 is available for voluntary use. We would make it mandatory, and were again soliciting comment on that.
Were also proposing the use of the NPI to identify providers in ePrescribing transactions that arent HIPAA transactions. They already need to use the NPI in HIPAA transactions, but we would move this over so that the providers identification in, for instance, the script standard would also be required to be the NPI.
Some additional ePrescribing activities that are going on, the issues related to ePrescribing for controlled substances which this Committee is well aware of are beginning to gain some interest. The Senate Committee on Judiciary is going to hold a hearing next week called Electronic Prescribing of Controlled Substances addressing health care and law enforcement priorities, and this is a result of some interest in particular by Senator Whitehouse and others on the Committee. CMS will be testifying. DEA will be testifying, and some industry groups will also testify about the need to address the concerns of the DEA in terms of diversion and the requirements of health care in terms of moving ePrescribing forward and the barriers that not being able to ePrescribe controlled substances could potentially raise so that that will occur next week.
Also, at the AHIC meeting earlier this month, there was a great deal of interest in ePrescribing, and Scott Serota of Blue Cross/Blue Shield Association moved to have the Committee make a recommendation to the Secretary that ePrescribing should be made mandatory under Medicare.
The workgroup on electronic health records is at this time developing a proposed recommendation letter. The AHIC will meet in public conference call tomorrow to discuss the letter and to presumably vote whether to move it forward or not, and they would be making mandatory, ePrescribing mandatory as a condition of participating for physicians, participating in the Medicare program.
It also contains some other recommendations, and the letter has undergone a number of iterations as you can imagine. And so at this point I think its still in a state of flux, and well see what it actually looks like when it hits the air waves tomorrow.
But there has been discussion about issues relating to the DEA. There have been discussions related to the fact that making ePrescribing mandatory for physicians can create unintended consequences if the pharmacies are not all able to conduct ePrescribing as well. And so those are some of the things that the members have been discussing. So stay tuned. That will be tomorrow.
Some other ePrescribing miscellaneous issues. Much as we love to publish regulations and recommend standards, we realize that thats only a part of what our job is in trying to move ePrescribing along. And we have at CMS developed a roadmap where weve identified some of the key drivers. Were looking at defining the value proposition for ePrescribing, addressing interoperability and work flow issues, defining and reaching what people call the tipping point, and talks about how CMS is going to support these key drivers by data gathering, research, provider education, standards and certification and leveraging industry partnerships.
So weve got our roadmap, and were beginning to move down that road looking for partnerships, those within the department and outside, looking to pilots and new standards, ways to educate providers about ePrescribing, looking at our own program authorities and what we can do within Medicare Part D. So that is a larger part of our strategy which sometimes we tend to think is only publishing proposals for new standards.
Let me move on to the NPI. As you know, the Mary 23rd, 2008 deadline for implementation of the NPI is quickly approaching, and for Medicare at least were seeing a steady increase in compliance. Were seeing many more claims with NPIs on them. Were seeing that we can match those NPIs to our legacy files and process the claims.
And in an effort to continue to move in that direction, we will begin on January 1st to reject institutional claims, Medicare Part A claims that do not have an NPI on them. And then on March 1st, we will begin to reject professional claims, Part B claims, with no NPIs. And weve been very closely week by week actually looking at our statistics at the number of claims that have NPIs, at our match rates, at the problems weve been trying to address some of the confusion that providers have had where theyve been matching the wrong NPI to the wrong person, and we believe were making really good progress. These are activities that will take us one step closer to full compliance in May.
And then Id like to talk about HIPAA security for a moment. We have begun to be more proactive in our enforcement approach, and we have recently contracted with PriceWaterhouseCoopers to help us do security on its end reviews. We will be doing those this year, and we will be targeting covered entities where a complaint exists. So we wont be just doing random audit. Well be going out to covered entities where there is a complaint, and in some cases we will be reviewing their corrective action plan to make sure that its really doing what it needs to do. In other cases where there are complaints that havent been resolved yet, we will go out and do fact finding to actually assist us in assessing and resolving the complaint and determining what corrective action will be needed.
We also hope to use these audits, and we will be working very closely with our colleagues in OCR. Well be working also to come up with some lessons learned from these processes that we can actually put out on our website which is something that OCR is already doing with their actions that will help us educate covered entities by saying this is a problem, this is what someone did to fix the problem to provide vignettes, if you will, of compliant situations. And this is something that weve been hearing from our industry contacts is very much needed and will be very, very helpful.
Thats all I have. Id be glad to take questions.
DR. COHN: Jeff and then John Paul.
MR. BLAIR: Thank you, Karen, and actually ePrescribing has really moved pretty quickly in spite of the fact that most of us who were in it always felt like it wasnt moving quickly enough. The area theres one piece in what you briefed us on that I dont quite understand, and maybe you could help us understand that a little better.
I had understood that one of the reasons that the Justice Department did not - was wary of ePrescribing was because it needed data for its court cases, and if it didnt have nonrepudiation in there, that would be an area where it was concerned. Fill status notification, however, I had understood that a number of people in the Justice Department felt like, gee, with the fill status notification in there, they can prove that the prescription was actually dispensed. It was filled, and that would give them their legal justification.
I noticed that on the tests, it passed all of the pilot tests. So to wind up saying that now were going to check it for business justification and notification, that confuses me because the justification as I saw it never was business. It was to provide the legal annotation for the Justice Department. So from the fact that that is not in there seems, at least on the surface, contradictory to our efforts to try to get controlled substances, including ePrescribing, and satisfy the Justice Department. So Im confused that the criteria will be a business justification rather than a legal one.
MS. TRUDEL: Actually, its interesting that you made that point, Jeff, because there had been some discussions with the DEA about whether the fill status transaction could provide some additional audit capability because it does prove that the prescription has been picked up. But what it does not do is prove that the physician who allegedly wrote the prescription actually did write it. The fill status is its not a totally mitigating factor. It simply proves that someone picked it up.
So I think, and I dont want to speak for the DEA, but I do know that they do have concerns about not being able to have an actual signature to rely on particularly when theyre prosecuting cases of diversion and trying to prove who did or who did not actually sign the prescription in the first place.
When we talked to industry about the fill status, what we heard was that it has a lot of potential, that pharmacies would perhaps have to do some restructuring of their business flows because theres a question of when do you count something as picked up or not picked up. Do you send a message that something was picked up, or do you send a message when it wasnt picked up. Is it an opt in or an opt out kind of thing.
MR. BLAIR: Okay, okay.
MS. TRUDEL: And what we heard from some practitioners is that if you send me a response every time my patient picks up a prescription, its like alert overload, and I dont know how to make useful information of that. I cant turn it into usable knowledge. So there is some question again about, and were hoping that we hear this in the comments, perhaps the intended recipients will say its useful to me but only when something isnt picked up, or its useful to me to know that it has been picked up. We may get some comments from law enforcement saying, yes, we think its a good tool. And so were looking into all of those things. But we really didnt want to jump into proposing the standard when we werent sure how it was supposed to work. So essentially thats the rationale.
MR. BLAIR: Thank you for the clarification.
DR. COHN: John Paul.
MR. HOUSTON: As a being responsible for information security for an extremely large health system, Im very interested in your comment about PriceWaterhouse being engaged to do audits. No, no, we dont. But and were already required to go through a lot of different audits frankly, whether it be on the financial side or because were SOX compliant, things like.
And the reason why Im couching these terms, is there an audit plan being established as part of this audit process, and will it be made available because Ill sort of play my hand out here and say that most of us covered entities would love to see an audit plan so we understand the type of information that might be asked as well as what the standards are because that level of transparency probably makes it easier on you, and it also makes it easier on covered entities that really in good faith want to comply to have all our ducks in a row.
Now I understand the security rules are supposed to provide all of us all that guidance. But the reality is, it doesnt.
MS. TRUDEL: Excellent point. Ill take that back. One of the things that were working on and were in the middle of developing the security plan, audit plan at this point is how tailored each one might be to the specifics of the organization that were going in to audit, and were still having discussions about that.
But to the extent that we have something that we can publish and share, your points well taken, and Im mindful of the fact that the 32 or 42 criteria that the OAG was looking at in the Piedmont audit have been disseminated widely and appear to be useful to people.
MR. HOUSTON: And I would think that, you know, obviously these audits are going to be based on specific issues, compliance issues related to the security rule. And so even if PWC went in or you went in and said were going to look at this particular area, I think that could all roll up into an overall audit plan that you might choose to only execute pieces of it in an individual covered entity, but would be a great roadmap for covered entities to take on the whole and say, okay, where are gaps overall because when the Piedmont audit, you know, information about the Piedmont audit came out, one of the things I had my organization do was to look at the payment information being asked of and I said do we have any gaps based on what was going on at Piedmont just because we thought thats a good barometer.
And you know, that served us well, and I think a lot of covered entities that want to in good faith comply and say the more information we have, the more transparent it is, the more structured it is, the easier it will be for us to ensure that we do comply. And then when you walk in the door, it can as much be we can provide you the information that weve already compiled because we want to have that information gathered anyways.
MS. TRUDEL: Okay. You make a good point. Thank you.
DR. COHN: Okay, Gene?
DR. STEUERLE: Karen, I was also very interested in this real approach to ePrescribing. Way back when I was asked to join this Committee, I was asked to think about incentives and might try to jump start, at least move along this whole area.
And Ive often thought that financial incentives should be considered, and Im just curious whether this group has considered financial versus regulatory approaches such as deciding that where theres ePrescribing that meets certain minimum standards that Medicare would pay something more than it would where there was not such ePrescribing as opposed to just sort of a blanket regulatory approach.
And the related question to this is my guess is that no matter how you set up whatever rules or regulations on this right now, a year or two from now theres going to be some new, improved set you would like to implement. But now youre going to have to deal with whether people have set up systems according to your old rules and regulations, and whether they will then fight against the add-ons and how one thinks about those future transactions and how to deal with them because Im not sure theyre going to be coming along.
MS. TRUDEL: I know the workgroup has discussed the issue of financial incentives, and in at least one iteration of the letter that I have seen, that is a corollary regulation for consideration. In every version Ive seen, the main recommendation is to move forward to request legislative authority to make ePrescribing mandatory in Medicare. But this was one of the corollary discussions thats very definitely in the workgroups mind.
As far as incorporating later advancements, were already coordinating with the CCHIT to move any subsequent Part D standards into the ambulatory EHR criteria for the next CCHIT turn of the crank as the Secretarys called it.
DR. COHN: And Karen, thank you for that actually that final bit of clarification because I was actually going to ask my understanding that CMS actually didnt have the regulatory, the legislative authority to actually do the things that were being suggested. And I think the fact that youre describing that the recommendation would be basically that HHS encourage the legislative branch to give it the regulatory authority is obviously a very different conversation than just necessarily go forward, and that is a correct my statements are correct.
MS. TRUDEL: Right.
DR. COHN: Okay. Michael.
DR. FITZMAURICE: Two questions, both of them may be correct. Under HIPAA, there are long lags in updating the transaction that could set standards. How will the electronic prescribing standards be changed by regulation, for example, prior authorization or this fill status, how do we add something, how do we change it? Does it have to go through the same regulatory process that we do for HIPAA.
MS. TRUDEL: Thats a two-pronged answer because some of the standards under ePrescribing are also HIPAA standards. Those are required to go through the HIPAA update because they apply to the industry as a whole and not just Medicare Part D. So the eligibility transaction is a HIPAA standard and has to go through that process.
The scripts standard is not which is why we were able to move forward with the voluntary adoption of the backwards compatible version 8.1. The formulary standard is likewise a stand alone NCPDP. It is not a HIPAA standard. The medication history standard that were proposing is part of the script standard and is therefore not a HIPAA standard.
If we move forward with a prior authorization standard, that would have the HIPAA overlap, and we would need to work with that. So that is an issue that we will be grappling with for some time until we get everything synced up and hopefully get a better way to move forward on the HIPAA modifications area.
DR. STEUERLE: Good answer. Second question. Under the Presidents Executive Order of August 22nd, federal agencies interoperability standards, those that are recognized by the Secretary of the HHS must be adopted by federal agencies. The HHS Secretary is expected to recognize 303 use case domain interoperability standards in December with a January 1st compliance date.
Within CMS, is this part of OESSs responsibility, and then what is CMS doing to prepare for these health data standards. The rest of the agencies would like to know whats going to be expected.
MS. TRUDEL: We basically have been working with the remaining, the other department agencies with the Office of the National Coordinator to develop whatever roadmaps are necessary to move forward. I think its called a Green Plan, and ONC has the responsibility to coordinate. Each agency needs to figure out what these standards mean to them. Its very different for CMS to look at standards than it is for IHS, the Indian Health Service to look at them because the Indian Health Service actually has electronic health record technology. They run facilities. And so this means something very different for them than it does for CMS where were mostly looking at this in terms of our contracted health care, our Part D and Part C plans.
So we basically are looking at these just like everybody else and trying to figure out what we need to do to get there.
DR. STEUERLE: So your office will be the point person for CMS on this?
MS. TRUDEL: We coordinate with the department, right.
DR. COHN: Bill, you have a comment that I didnt
DR. WILLIAM SCANLON: It was a comment on Gene and it was kind of a question on why Genes comment is probably an issue of language, and its this rule of regulation and incentive, and I think that one of the things that we sometimes do which is unfortunate is we refer to what Medicare is doing as regulation because thats the legal construct. But the reality is that what theyre doing is theyre specifying the purchasing requirement. In order to be sort of a Medicare provider, you have to the following. But being a Medicare provider is not a requirement. Its a voluntary thing that I want to be a Medicare provider.
In some respects, the incentive is that if to be a Medicare provider you have to do X, and I want to be a Medicare provider, then Im going to do it. And I think in particular we want to think about incentives other than financial ones because of the whole issue of do we have enough money in this system or not, or if we answer that with sort of saying that we do have enough money in the system, then the question is spending it more wisely. And the more wisely part may come through specifying heres the services that we want, and were not going to pay unless we get those services.
DR. STEUERLE: Or you can pay less for the services you dont get.
DR. WILLIAM SCANLON: Right.
DR. COHN: Well said. Now Judy and then Paul, and then were going to give everybody a break.
DR. WARREN: I actually have two questions. One is about the infamous signature for DEA. Every time we hear information about this, I keep thinking what Id really like to see is someone writing up why a wet signature is any more important than an electronic one, and look at it. This time you brought up the fact of the legal or the tort representation of the signature as well as one for following whether or not medication is being diverted, et cetera.
So Im wondering if in either the AHIC deliberations or these meetings that youre talking about if one of the byproducts could be maybe just a quick description of dual electronic signatures legally stand for things, why is a wet signature superior to one, or are we just looking at outdated laws? I mean, so I think that might help us move forward because I keep hearing the same question coming up for the last three years that weve been working on this.
MS. TRUDEL: Youre absolutely right, and there are other areas of industry and even health care and government where there has been a move away from actual pen and ink signatures. There are two aspects to the issue. Theres the question about whether you can put compensating controls in place that will prevent diversion. And then theres the question of if diversion occurs how does the lack of a pen and paper signature affect the prosecution and the legal aspects of that.
So I really think there are two, those two things are really different. Are you trying to avoid diversion, or are you trying to address the legal aspects of it, and I think the requirements are different.
DR. WARREN: Because I think until we get either some harmonization between those requirements or at least a better understanding of when one comes into play and the other one does, were probably always going to be stick in this discussion.
The second question I had is you were talking about looking at the business of some of the standards on ePrescribing, on whether or not the prescribers would know what to do with the information. Is there any effort being done to solicit what patients think the business case is of this data? I mean, it just seems to me when you were talking about it, it was something I hadnt thought about before is were only looking at one side of the business case. Were not looking at the patients side of the business case of whether or not they find that information to be valuable to them as their physician or nurse practitioner or whoever is caring for them.
MS. TRUDEL: Thats a good point, and I suppose well what we get back in the comment process. It is a public comment process, and we may get some groups representing patient organizations providing us with feedback.
I have heard anecdotally that some patients may feel that thats an invasion of their privacy, that their physician doesnt have a need to know whether they picked that prescription up or not, or whether they ever even put it in to be filled in the first place.
DR. WARREN: And are your comments mainly about the fill status notification, that people are wondering if thats where the business case?
MS. TRUDEL: Yeah, I didnt get a sense that even with the pilots there was any concern about the business case for formulary and medication history. But, of course, you know, well get comments that completely cover the map.
DR. WARREN: Thank you.
DR. COHN: Paul, last question.
DR. TANG: That was a very helpful update, Karen. Thank you. NCVHS had a role in providing input on the ERX standard. Might NCVHS have a useful role, given this new recommendation about mandating that electronic prescribing be used, would NCVHS have a role in providing input on the desirability of that policy that accompanies the ERX standards.
MS. TRUDEL: Im going to punt on that one, Paul, because its a recommendation from another HHS advisory committee, and how the advisory committees link together in interfaces is always something that I find perplexing as well.
DR. COHN: Well, Paul, you asked a good final question, and I think Karen actually has given you I think a very reasonable answer on that one.
Without trying to in any way further discuss it, I think were running a little bit late. But I think obviously well make up time as we go through the day. First of all, I want to thank Karen for her presentation. Obviously, Jim, Im sorry that we thank him that hes not sitting here any longer.
Im going to suggest we take about a ten-minute break, and then well start talking about the report for today.
[Break]
DR. COHN: Okay, why dont we get started. Will everyone please be seated.
Now the topic of the next section or next session anyway is basically to discuss a report being brought forward by the Ad Hoc Workgroup on Electronic Health Information entitled Enhanced Protections for Uses of the Health Data.
I think we will spend -- we will certainly go up to lunch and maybe even beyond lunch a little bit going through this. We have talked about it during my introductory remarks, and I obviously want to thank everyone again for their participation and involvement.
The one thing I neglected to comment on and I did want to mention before we started going through the document has to do with our public comment period, and I think that this has turned out to be a very useful thing. Its something we did with the NHIN functional requirements last year.
I just want to mention to everyone that obviously in addition to our almost 60 testifiers, eight days of hearings, and testimony that we took on this topic and admittedly this is a controversial area that we went into, we actually produced a draft report that we circulated publicly in mid-October and from there actually held another open conference call, took additional testimony, both written and verbal, received somewhere around 1,000 comments from a wide variety of stakeholders and individuals, all of whom I want to thank publicly. And I think the input and comments have actually helped make the document much better.
Now you all received a copy of this document about ten days ago. Im hoping that youve had a chance to review it, and indeed as we go through the document which well be going from sort of section to section reviewing, its really with the assumption you have reviewed it. I know weve received at least one sort of redlined version. That was from Paul which I want to again thank, and we will show you some additional wording changes in certain areas that I think identified through Pauls effort that needed further clarification and tightening.
But as I said, beyond that what were really primarily interested in is content and to make sure that people are okay with the content knowing that we can handle offline wordsmith issues like the wrong comma, the wrong word. As we read through this one, we discover sometimes that its a passive tense, and it needs to be the active. So there are things that we can handle offline even after passage of the report.
Now as I said, Im going to actually turn it over to Harry and Justine. But I think the intent here will be to go through section by section to get comment and go from there. And I guess, Harry, do you have any other comments before we get started?
MR. REYNOLDS: No. Justines going to start.
DR. COHN: Okay, Justine, youll lead off here.
DR. CARR: Great. I want to again thank the Committee, the workgroup, the staff writer. This was a tremendous effort that was very impressive to me.
Before we start, I want to give you an overview just briefly if youll bear with me. I think since we last met, one of the major changes in the document is the inclusion of the guiding principles for making recommendations. And Id like to just
DR. COHN: Page?
DR. CARR: Im sorry, on page 17. Even let me back up for a minute and say I want you to also pay attention to the fact that the title is called enhanced protections for uses of health data: a stewardship framework, and I think that that is a very important change and focus. Its not a change, but its a focus of what were trying to do. So this is about stewardship. And as we pulled our information together, we used these guiding principles. So just to briefly read them, protections should maintain and strengthen individuals health information privacy, number one.
Number two, enable improvements in the health of Americans and the health care delivery system of the nation.
Number three, facilitate uses of electronic health information. Four, increase the clarity and uniform understanding of laws and regulations pertaining to privacy and security of health information. Five, build upon existing legislation, regulations whenever possible. And six, not result in undue administrative burden.
And developing these, borrowing heavily from Minnesota helped us to balance the diversity of input that we heard. And so just to again frame what did we do, we began with HIPAA. HIPAA was our first giant step towards stewardship, and it is the cornerstone of this report.
We strengthened some dimensions of HIPAA, the accountability, the chain of trust agreement. We strengthened transparency, notice of privacy, clarity and education for the community, strengthened security.
So in addition to strengthening, we want to expand because we know that not everybody is a covered entity. And so even though we have great things within HIPAA, if youre not a covered entity, they dont apply. So were looking to expand that
Were also looking that in the interim or when we have non-covered entities that they have additional protections on their health information including authorization. So were strengthening, were expanding, and then were introducing because HIPAA doesnt really talk in contemporary terms about data quality, data integrity and oversight of uses of data. And so we have introduced those elements.
Using all my adjective words, we also want to explore something that was specifically excluded from HIPAA, and that is de-identified data. You heard a lot about that, and we felt we had some ideas about it. But thanks in part to the feedback that we got on the October 31st posting, we realized theres a lot we dont yet understand about de-identified data. And so thats on our list of something important, but something that we want to explore.
So with that overview, Ill now go back to the organization of the letter. Any questions about that? Okay. I think that were not going to do high level. Ill read through the title. So our introduction just talks about the purpose and scope of this report weve discussed at our previous meeting.
The next section is on terminology where we make clear that
DR. COHN: Justine, did you want to go over the whole section, or do you want to go by section by section and ask people for input?
DR. CARR: Okay, right, right. Got ahead of myself.
DR. COHN: Okay. Thats fine.
DR. CARR: The purpose and scope. In the absence of reading it, were there any questions or concerns about purpose and scope? Hearing none, oh, sorry.
DR. FITZMAURICE: On line 94, you talk about electronically available health data, and not only claims data. Are we concerned about how theyre available, that is, theyre available to a covered entity, are they available from a non-covered entity. Are they available on a website, or does it matter. Are we concerned about all data that passes electronically.
DR. CARR: Are --
DR. FITZMAURICE: My concern is are they available. If theyre already restricted in somewhat like being covered by HIPAA, are we less concerned than data that arent covered by HIPAA but available for anybody to access and see. Is there a qualification on this?
DR. CARR: I think well reflect on that. I think the point of this paragraph was simply to say whats new and different. Were not just talking about claims any more. Were talking about very rich data that is available electronic. Its simply setting the stage. So I think youll see that we get into this in much greater detail. Are there other questions or comments? Hearing none, we will move to terminology.
And under terminology, we have two subsections. The first is entitled secondary use of health data, and it is in this paragraph that we record the NCVHS position that we dont want to use the term secondary use of data for all the reasons outlined. Are there any questions or comments about that.
Moving on, the next is terms describing health data. Now youll see Margrets done a great job. Actually you wont see because we distributed the glossary. Margret has developed a glossary with the relevant terms used in this and related documents.
However, we wanted to highlight four of them, and those are protected health information, individually identifiable health information, personal health information or data, and HIPAA de-identified health information. So each of those terms is defined. We felt they were important enough to the document to have them not in the glossary. John?
MR. HOUSTON: One thing I thought was odd was that on the fourth definition I read through it, youre using HIPAA de-identified health information and HIPAA de-identified health data. Why isnt we just standardize on one phase to describe it and then replace it throughout the document so its just
DR. CARR: Yes, thank you for that. Well do that. My only comment, too, was that we might move individually identified health data, health information in front of protected health information so that its understandable.
So we then just have an outline of the report. Are there questions? Okay, hearing none, well move on now to report background.
And the subsections of the report background include one, our coverage of the topic. In other words, the history of well, let me just take it one at a time. NCVHS coverage of the topic, and this includes the work that NCVHS has done through the years on topics related to uses of health data. Are there any questions or comments on that section?
All right, continuing, on report background, the next section talks about NCVHS process and how we met and took testimony. Any questions or comments.
Moving on, now we have having completed report background, were now on to major themes from testimony about uses of health data. And here, we have one, two, three, okay, we have about several major themes.
The first one is the benefits from uses of health data enabled by health information technology and health information exchange and the outline includes the benefits that occur at the point of care, the benefits that accrue for quality measurement reporting and improvement, and benefits for clinical and population research and benefits for disease control and prevention.
I think Paul had a couple of benefits here that we found helpful. Yes, Mike?
DR. FITZMAURICE: We may be missing one benefit that I would suggest we add, and that is for the person to have control over their healthiness, that is, they can use for their education, for their monitoring their own healthiness. So Id like a personal health record would help them.
DR. CARR: All right. Other comments on Mikes suggestion? So the recommendation was that we add another example of personal wellness. So it would be a benefit from uses of health data enabled by HIT and HIE is personal wellness as in personal health records.
DR. FITZMAURICE: If I understand my own healthiness, my own conditions and what the Internet, what the literature says about it, Im better able to control things that influence my healthiness, my health habits, for example. And if I know what my blood pressure is, in other words, I can access it and I can see it, that reinforces my good health habits, so I benefit from that. If I never see it except to go to the doctors office, I know your blood pressures a little bit lower this one.
DR. CARR: So youre saying in a personal health record where you can have your blood pressure over time, you can see a trend, and Steve has
DR. FITZMAURICE: All Im saying is this is a benefit.
DR. STEINDEL: But I think we have to look at the overriding title, and thats themes from testimony, and I dont recall how much testimony we actually heard on that. Obviously, its a benefit that were all well aware of. Weve written a report on that.
DR. CARR: Right, right. What Im going to do is put an asterisk there and ask for us to come back to that unless there are additional comments. Marjorie?
MS. GREENBERG: Well, I think we always these reports always involve what you hear in testimony and what this illustrious committee brings to the discussion, et cetera, and I think personal wellness or however you want to phrase it, is really an important element, and I would encourage you to include it.
DR. CARR: Yes. I think what Im trying to think through is the title being health information technology, health information exchange. And so I was just trying to tie it back to that. Yes?
DR. DEERING: Im Mary Jo Deering. I think that perhaps this personal health management covers all of the above.
DR. CARR: Okay.
DR. DEERING: And its wellness, prevention, financial records under NHSA, and that exactly is the HIT value.
DR. CARR: I like that.
DR. COHN: Yes, and it sounds like were talking about one sentence basically, something on that line.
DR. CARR: Yes. Thank you, Mike, for bringing that up. Gene?
DR. STEUERLE: A voice awakes sometimes in these documents. We hardly use language like research and I know things that for instance like clinical population research can be strengthened. For researchers, its immediately intuitive why thats so important. But believe me, its not for a lot of policymakers.
And I dont know whether you have time or you want to do this. But can you fit in, for instance, I think it really for instance, its been modeling for some time that HIT or information might help us detect or even solve problems like why is autism increased or if HIVs increasing in certain parts of the country more quickly than others, if we have early warning signals are just examples, you know, such things just help improve, might make it very clear to people like the Secretary that were talking about lives being saved or being much better and make explicit what all of us knows is implicit.
DR. CARR: Thanks, Gene, and that has been our we found that to be very useful, and Im going to ask you to develop an example that we can include under this section.
DR. STEUERLE: Okay.
DR. CARR: Are there any other oh, yes. Donald?
DR. LAND: Just a minor point, but disease, control and prevention, maybe to be more complete would be to include surveillance. Its part of control and prevention, but you might just add that one word.
DR. CARR: Yes. So it would be disease, surveillance, control and prevention. Any further comment on that? Okay, hearing none, I think we will now move on so that was the first major theme, benefits. Now were moving on to the theme potential harm from uses of health data enabled by HIT and HIE, and Ill just give you the headlines.
They include erosion of trust, compromise to health care when individuals not trusting, and risk of discrimination and personal embarrassment. So, yes, Leslie?
DR. FRANCIS: The discrimination one is individualized. And one point, and I dont know whether this was in the testimony, but at one point that was distinguished between discrimination against an individual and risks of groups stigmatization which was relevant when you have de-identified data sets.
For example, if the data suggests that immigrants are more likely to have a certain kind of disease or something, and I dont know if that came out as a theme. But it was at one point in the report.
DR. CARR: Right. So Ill comment on that and invite others. One is first on line 354 it should say risk of discrimination, and that was a recommendation. And then with regard to stigma of a particular group, I think there were two parts to that. Weve addressed the concern that misinformation would be generated about a group by amplifying the importance of structure and rules for data aggregation, data integrity and quality so that the information could not be so you would avoid the risk of using fractured information to draw an incorrect conclusion.
Now youre raising a risk that is actually is not limited to health information exchange. Its true in research, in publications, throughout medical and health fields that when a condition is associated with a group, and Im not sure that that is unique to this focus, and so I invite other comments. John, you had your hand raised?
MR. HOUSTON: Yes, this is more of a generalized comment throughout the comment, but I first noticed it in this section, and it relates to the examples. Im a little concerned that some of the examples either seem to be weak or are almost things you would put in the text of the document.
DR. CARR: Okay.
MR. HOUSTON: Or on point, and I mean I can I dont want to keep bringing them up.
DR. CARR: Right.
MR. HOUSTON: But it really seems like the document, other than examples, is really good. But when you get to some of the examples, I say, geez, its either a really bad example or it just doesnt need to be there.
DR. CARR: John, thats a very helpful recommendation. Would you note on your copy which are the examples that you think should be strengthened and/or deleted.
MR. HOUSTON: Sure, Id be happy to, and again some of them by the way, too, are also almost repetitive just in the text.
DR. CARR: Okay.
MR. HOUSTON: And in other cases, Im not sure necessarily whether examples are really just intended to be part of the body. So I dont want to keep bringing it up, but I also know that
DR. CARR: Right. You know, as were going through, if you could just make a note of that and perhaps therell be a time at the end we could get a little summary of here are the examples that added value and here are the ones that
MR. HOUSTON: As were going through it, Ill mark mine up more completely and give it to you.
DR. CARR: Thank you. Marjorie.
MS. GREENBERG: Yes, I really had the same reaction.
DR. CARR: Okay.
MS. GREENBERG: Some cases I thought well now this example is really helpful, and in others I thought its kind of a strange one. And I must say this one here on the bottom of page nine was in the latter category because I felt like I mean, what you dont want an example to do is make someone think of something else. And what I thought of here is Id be less concerned if my personal condition was being exposed than why didnt they publish this sooner before I ended up knowing this, having this
DR. CARR: Okay. So my question then is do you think any example is necessary or a different example or no example?
MS. GREENBERG: Its hard to say, but this one
DR. VIGILANTE: The point is well made. Its not a complex concept. So the examples of the most useful ones. Its really not clear what youre talking about and needs an example. In this case, I think its almost intuitive.
DR. COHN: Thats you, Kevin, Right?
DR.VIGILANTE: Yes, Im sorry, yes.
DR. CARR: Hi, Kevin.
DR. COHN: Thank you for joining us.
DR. VIGILANTE: Yes, I was on at 1:10, but I didnt want to interrupt.
DR. CARR: Right. So
DR. COHN: All right, hang up for just a second so Kevin can introduce himself. Kevin, do you have any conflicts for the issues today?
DR. VIGILANTE: No, I do not.
DR. COHN: Okay.
DR. CARR: Is there anyone else on the line? Okay. Yes, Marc.
DR. ROTHSTEIN: I want to go back to the point that Leslie made a few minutes ago, and that is about the importance of mentioning potential risks of de-identified information.
In the document, there are several places where it recommends additional protections for de-identified information. We say that business associates even if they use the information in de-identified form have to comply with the HIPAA requirements, and it has to be in et cetera, et cetera, et cetera.
And therefore, I think its important for us to make the case as to why there are risks even associated with de-identified information, and one of the ones that we heard testimony about the risk of group based harms. We heard others as well, the ease of re-identification, et cetera.
But I think this would be a good place to add the group based harm.
DR. FRANCIS: Can I follow up on that. Just remember that this is about secondary uses of someones health data, and thats why its different from just the general research question.
DR. CARR: Any other comments?
DR. COHN: Are there additional comments on this particular point? Mike, on this particular point?
DR. CARR: On group risk of group based harms?
DR. COHN: On the group based harms. Can we come to resolution on that one.
DR. FITZMAURICE: No, not on group based harm.
DR. COHN: Okay. So I just want to make sure were because we talked about this one. I actually sort of agree. I think there needs to be something in here that will I guess we need to figure out how that gets written. Margret, is there something you can
MS. AMATAYAKUL: We had some language before. We had some previous language that we took out. So we can bring that back and rework that.
DR. COHN: Okay, and maybe we can ask Mark and Leslie to review it for
DR. CARR: And also an example. Okay. To see what I think an example would be helpful. Now, Mike, you had a question?
DR. FITZMAURICE: Yes, I wanted to go back to the two examples on page nine. Its one of the things about the examples that kind of grates a little bit, its like Im standing in a grocery line is that words like there may be surprise and concern, or providers may become suspicious of what other uses can be made. Its the becomes suspicious. Its the emotional words as opposed to D
DR. CARR: Right. Emotionally laden adjectives. Weve all agreed to take it out. So I think were done with that. Other comments? Were a potential for harm yes?
DR. COHN: And I guess I should sort of comment. I think what Im sensing is that theres going to be enough changes here that what were going to do is to come back with a redlined version showing all of the changes, recognizing that were not going to go through all the things that youve already accepted. Is everybody okay with that? So well have a version that will have all of this new stuff in it.
DR. CARR: Okay. Continuing on the major themes, we talked about benefits. We talked about risks, potential harms. Were now onto another theme which was HIPAA privacy and security rules. And here, we talk about whats covered by HIPAA and what is not, what is a covered entity, who is a business associate. John?
MR. HOUSTON: I will, even though I said I wasnt going to comment about examples, I think heres a couple cases, though, where I think these types of things that are examples are more I think appropriate simply in the body of this document.
DR. CARR: Incorporate them into the body and not have them as examples? Thats what youre saying?
MR. HOUSTON: Yes.
DR. CARR: So thats the HISPC and business associate contracts and their lack of specificity and business and agents. Okay, so not have them as examples.
MR. HOUSTON: And to a specific point on line 380 which starts with HIPAA covered entities do not include organizations and their agency perform function involving protected health information on behalf of covered entities. I think it would be more appropriate to say HIPAA does not directly cover or apply to organizations, and their agency may perform functions involving protected health information on behalf of a covered entity.
DR. CARR: Okay. Could you forward that on to Margret?
MR. HOUSTON: Yes.
MS. GREENBERG: John Paul and I seem to be like a team here, but what he says triggers my thoughts. But the one thing that I think, though, is positive about interest versus the examples and italics, it really helps the readability.
DR. CARR: Yes.
MS. GREENBERG: This is a dense report. Im not saying that as a criticism.
DR. CARR: Yes, it is.
MS. GREENBERG: Theres just a lot of content here, and I do think that kind of does help with the readability when its appropriate.
DR. CARR: So we agree that it adds value and how its configured will work off line? Are there other comments on HIPAA privacy and security rule. Mike?
DR. FITZMAURICE: In reading through the top example around line 380, vague statements such as, well, Im wondering if you say such as permitted by law to really parse that out, youd have to make a lawyer out of all of the patients and explain it.
And it leads to a general statement that its really the covered entity thats responsible for this chain of use of data through business associates. And probably somewhere along the line we should say the Secretary should remind covered entities that they are responsible for this, that the responsibility comes back to them. And if its a lot of work to follow this daisy chain, thats whats required by the law is to do it. Thats where their responsibility lies.
MR. HOUSTON: Mike I think youll see that in our recommendations.
DR. CARR: Yes. Again, as were going through, as you can see, Im trying to keep us on case, and if you have something that you feel is valuable wordsmithing and you write down, give it to us at the end. Well be working on this probably for the rest of the day.
Okay, any other comments on HIPAA privacy and security? Seeing none, well move on to importance of health data stewardship. And here, we have some definitions of stewardship, and we introduce the concept and talk about what was in the privacy rule. Are there comments on this section?
Okay, seeing no hands and hearing no voices, well move on to yes?
DR. FITZMAURICE: Just a suggestion that the paragraph beginning on line 345 that it might contain a footnote or a reference. It says there has long been legitimate concerns that personal health information has been used to make decisions that adversely affect the individual as an implied benefits coverage. There must be an article that says something like that. That would add legitimacy to our saying its legitimate.
DR. CARR: What line?
DR. FITZMAURICE: Line 345.
DR. COHN: Go back a couple, right?
DR. FITZMAURICE: Whoops, did I oh, I have these out of order. All right, Ill just turn this in, and you can see it on my handwritten stuff.
DR. CARR: That would be great. Id appreciate that. Okay, importance of health data stewardship. Any comments? Okay. Well now move on. This section now talks about specific uses of health data, and we begin with uses of health data for treatment, payment and health care operations as permitted under HIPAA, and its basically a description of whats already permitted. John?
DR. VIGILANTE: The second line where it says when providing access to the individual, should that be providing care to the individual?
DR. CARR: What line are you talking about, Kevin?
DR. VIGILANTE: Im not sure if I have the same one. In mine, its 479, but it may be a different number. But it says HIPAA
DR. CARR: Wait, yes.
DR. VIGILANTE: -- covered entities to use and disclose protected health information without authorization from the individual when providing access to the individual.
DR. CARR: Yes.
DR. VIGILANTE: Or do I have an earlier copy?
DR. CARR: No, no, youre right. Im looking at that. Privacy rule permits covered entities to use and disclose protected health information without authorization from the individual when providing access to the individual. What does that mean?
DR. COHN: Why dont you simply strike when providing access to individuals.
DR. CARR: Its line 478. Line 478 reads the HIPAA privacy rule permits covered entities to use and disclose protected health information without authorization from the individual.
DR. VIGILANTE: The phrase when providing access didnt make sense to me. It probably should be providing care, I would imagine.
DR. CARR: Margaret will answer.
MS. AMATAYAKUL: This is a statement that is a list of things that comes from the regulations. So maybe it would benefit from having some numbers on there. Theyre not exact quotations, but its an enumeration of when you dont need an authorization. So its when youre providing access to the information to the individual for treatment, payment, operations, incident to, et cetera.
MR. HOUSTON: It might mean that you need a colon there.
DR. STEUERLE: Just a colon instead of a semicolon.
MR. HOUSTON: Colon after individual and between when, maybe when is one of the enumerations.
DR. CARR: Okay. So it sounds like we need either citations or quotations to make it clear that were yes.
DR. COHN: I think Kevins point, if you take out the word when providing access to individuals, if you take that out, thats what HIPAA really says.
DR. VIGILANTE: Yes.
DR. CARR: Yes. Okay.
DR. VIGILANTE: Yes, otherwise its confusing.
DR. CARR: Right. That line, so the recommendation is to strike when providing access to the individual. So Margret, can you just look at that and see if that compromises the
DR. CARR: Were going to move on from punctuation. John?
MR. HOUSTON: Yes, there were two separate sentences in this section that I had concerns about.
DR. CARR: Okay, what line?
MR. HOUSTON: The first one starts on 503, and the second one starts on 531. The one on 503 says the area of health cooperation was observed to be broad in scope and not well understood by individuals.
And then the one on 531 says use of health data for quality improvement while permitted under HIPAA in identifiable form are not well known or understood by individuals. Theyre both sort of dangling thoughts, and I guess when I read HIPAA, even though I know HIPAA, Im not sure how much clearer you can get it for one thing. And then later on this letter, you talk about trying to further enumerate what would be acceptable health care operations purposes, and that concerns me greatly because if we try to enumerate too much, theres too many cases where we didnt think of the enormous amount of
DR. CARR: Your time ran out.
MR. HOUSTON: Under health care operations, and I just Im not sure you can make it any clearer, and if you try to be more clear or more specific, I think you may jeopardize the uses, the secondary uses, I know Im not supposed to call it that, that are bona fide and are necessary within a hospital environment. It is a complex concept, and I dont know how much clearer you make it.
DR. CARR: Harry?
MR. REYNOLDS: Clear to who? Everybody that I mean, the people and the entities that are related to HIPAA might get it. But do the individuals get it.
DR. CARR: I think these comments are foreshadowing a later recommendation around transparency, and I think just let me finish. That the issue is not, you know, that there are a lot of uses and theyre undoubtedly referenced somewhere in the NPP. But in general, theres a need for education around uses and benefits. I think
MR. HOUSTON: But I believe there was some recommendation or something later that spoke to further clarifying or defining quality improvement or health care operations. I forget which one, and when we get it, maybe I can point it out.
It just concerns me that if you put too much definition around these concepts, I think were going to find more things to fall out than was ever intended, and that could jeopardize a lot of what are reasonable and bona fide purposes. So Im just cautioning. This concept scares me a little bit.
DR. CARR: Kevin, is that you?
DR. VIGILANTE: I was just going to say that, you know, this is just an apparent description of the themes that we heard. And I would say that or its fair to say that one of the themes that emerged is that some of these nuances are not well understood at least by individuals as opposed to groups. I would just say that theyre reserved reward and scope are often not well understood, and I think that covers a multitude of things.
DR. CARR: Okay. Simon? I think, yes, these are very helpful because youre right. Some of this is covered over, and we probably need to punch it out a little more clearly or tighten it up and not be too prescriptive where were not being asked to be too prescriptive.
DR. FRANCIS: The who there is really patients, right? So you might want to put in not well understood by patients.
DR. VIGILANTE: It could also be providers, and I think a lot of people still grapple with the nuance understanding of HIPAA even though its been around for a while.
MR. HOUSTON: I did find a reference in line 1245, and I apologize for getting out of order a little bit, but it is relevant here. It says NCVHS was asked by ONC to consider whether there were or should be boundaries around what quality activities are included in HIPAAs definition of health care operations and which may be outside of that definition and may call for greater choice by individuals whose data are included.
I think it goes to my concern that you might create a boundary that was not intended and could really be problematic for trying to carry out the bona fide
DR. CARR: Right. And so that was teeing up the recommendation, and as youll see as Harry will get to recommendation 7.1, it basically says that data uses for quality measurement, reporting and improvement, and were changing that word from are to remain within the scope of health care operations. But thank you for pointing that out. Lets note it, and then lets make when we get to that line that we have tied out all of these foreshadowings.
Okay, so we were talking about specific uses of health data, uses for treatment, payment and health care operations. Are there other comments on that section? All right, well move on now to uses of health data for quality measurement, reporting and improvement, and this identifies it talks about the benefits of quality measurement, the challenges and organizations that link health data have an important role in promoting quality but must not violate trust. So pharmacy benefit manager issues are raised there. Are there questions or comments about this section on uses of data for quality measurement and reporting? Okay.
DR. COHN: Yes, John Paul, you had the same issue in this section as you did in the other section.
MR. HOUSTON: Yes, but I dont think I need to restate
DR. COHN: Okay, I just wanted to make sure that Margret has it.
DR. CARR: You got that, Margret? Thank you. All right, we are now moving on to the next use of health data which is uses of health data in research. John?
MR. HOUSTON: Sorry for monopolizing this, but on 573, it talks about research studies. You have evolution of quality improvement and the research they may violate the HIPAA privacy rule. Im not sure whether thats the case as much as it might violate the Common Rule because the HIPAA really does defer to the IRBs structure and the Common Rule to govern the oversee research. So I think you have a problem with the Common Rule.
DR. COHN: Could we say and/or the Common Rule?
MR. HOUSTON: I think its the Common Rule, though.
DR. FRANCIS: It is the Common Rule.
DR. TANG: But the privacy rule says that it would be it needs to go through the research pool if its going to be research.
DR. COHN: The microphone, please.
DR. TANG: In some sense, HIPAA is deferring to the Common Rule. But if you try to escape it through the operation
DR. COHN: Then maybe we should say both. It violates the Common Rule which would in turn or just however you want to word it. But people who look at that who understand the balance and will say thats wrong. So we want to be clear.
DR. CARR: Okay, I had some wordsmithing on this as well which is on line 576, for example, a review of cases for quality assurance may reveal that administration of a new drug, and then I just change it here to say is causing previously oh, I cant read my writing, but unanticipated consequences, and that public safety necessitates publication of the information even though it was not originally collected under IRB oversight. Is that helpful? Very lengthy flight down from Boston last night. For example, a review of cases for quality assurance may reveal that administration of a new drug is causing previously something about unanticipated consequences and public safety necessitates publication of the information even though it was not originally collected under IRB oversight. Weve heard a little bit about that, the VIOXX risk and so I just feel that to Johns point, really punching this out to a very real life experience, and we actually theres been a whole issue with a protein and cardiac surgery now, you know, thats coming out of exactly these kinds of evaluations. So I think giving it a little more texture if you permit me some wordsmithing there. Are there other comments or questions about uses of health data in research?
DR. DEERING: Justine?
DR. CARR: Yes, Mary Jo.
DR. DEERING: Actually, its just a simple request, and Im happy to work with someone on it to add some sort of an opening sentence to this section because were jumping directly into the issue of research regulations. It leads the reader to anticipate that thats the sole thing. So I think its a simple thing of just leading off the section.
DR. CARR: Thats great. Did someone just join us? No? Or they hung up. Kevin, are you gone?
DR. VIGILANTE: Im still here.
DR. CARR: All right, other comments on research? Hearing none, well move on to uses of health data for public health. Any comments on this section?
DR. VIGILANTE: I have one. I cant see the hands.
DR. CARR: Yes, Kevin, go ahead.
DR. VIGILANTE: So its really just a construction issue. So one 602, 603, the example needs to be its sort of an awkward construction of things. Many individuals are unaware of requiring reporting. Others are aware to the extent that they may see the caregiver under a false name to avoid consequences of reporting. I think it just needs to be reframed as
DR. CARR: Right, we will do that.
DR. VIGILANTE: And then a new paragraph begins because then you sort of launch into what the CDC is doing.
DR. CARR: Okay, well incorporate that. Other questions about public health? Michael?
DR. FITZMAURICE: I would also suggest a public health operations efficiency. Often you have scarce money for public health, and so you use this health data to decide where you put your money, what services you provide to the people, and thats an important use of data for public health. Youre making presentations to a budget committee, you need to put money here because it has a greater effect on the population than putting money over here. You bolster your arguments for data.
DR. CARR: Thank you. Leslie?
DR. FRANCIS: This may be more than you can do. But there are real differences between the kind of surveillance collecting it for public health where were worried about disease spread and where were worried about interventions to help people take better care of themselves like the diabetes one. And this doesnt separate that out. I dont know whether it should or how it could.
DR. CARR: I think we can incorporate that. Thats a good comment. And Michael, if you have language that youd like about your comment about the efficiency and operations budgetary allocations, that would be helpful.
DR. LAND: The example bio sense may or may not be the best. As I understand, bio sense is under considerable reconsideration right now, and I dont know if its actually going to be going forward as an example like this.
DR. CARR: Does he have an alternative?
DR. LAND: I dont have the answer to that.
DR. CARR: Do you have any alternative recommendation or example for here?
DR. LAND: Not at the moment.
DR. CARR: Steve?
DR. STEINDEL: I think it should remain. Its a specific example at a point in time. And while Garland is quite correct that the program as conceived of today may not move forward, I suspect what might move forward is going to move forward in a similar fashion.
DR. CARR: That type of surveillance, yes, and I think
DR. VIGILANTE: Probably right. Its very likely to have natural disease surveillance.
DR. CARR: And I think that when we had discussions about this, a point was raised that this is different from the traditional public health reporting of existing disease, and its more on the surveillance information. So well work with that and take your point into consideration. Are there other comments on public health? Moving on, using public data involves information change. This really ended up being only two paragraphs and an example. But I would say it represents about 500 hours of discussion.
I think it was raised actually AMIA raised it in their meeting in June about commercial uses, and we talked about it in our meeting in October about when there is monetary exchange, is that necessarily undesirable. And so weve summarized it somewhat here, and I think we later point to the fact that we need more attention on it.
The example here, John, yes? Yes, did I miss that? Oh, thats right, sorry.
MR. HOUSTON: Theres a new second paragraph.
DR. CARR: Thats right. Paul made some significant improvements to this. Ill read as it appears on the screen. These privacy protections are not well, I think I better read both paragraphs. So the topic is uses of health data involving monetary exchange.
First paragraph, an increasing concern relates to the sale of data where financial benefit accrues to someone other than the individual who is the source of the data. HIPAA requires an authorization for any use by covered entities of protected health information or marketing except if the communication is face to face by the covered entity to an individual or if it is in the form of a promotional gift of nominal value provided by the covered entity, and the other citations. That could maybe be two sentence.
HIPAA also specifies that if marketing involves direct or indirect remuneration to the covered entity from a third party, the authorization must state that such remuneration is involved. These privacy protections are not available to individuals when dealing with organizations that are not HIPAA covered entities or that de-identified protected health information or for selling it. There is a need for sustainable business models to maintain and use data for patient care, research, public health, personal health records and other expected purposes. If other unanticipated uses of personal health information are not disclosed to individuals, they may cease to trust the system which would potentially harm patient care and other beneficial uses of health information.
Paul, did you want to comment on that?
DR. VIGILANTE: I think thats fair.
DR. CARR: Yes, what you did was very helpful and helps us focus. Okay. Marjorie?
MS. GREENBERG: This may be wordsmithing. And if so, dont worry about it. But to me, in this example, I think the first sentence, I would take off that last phrase because its confusing as to whether theres actually advertising in the EHR or what.
I would just say an individual may benefit from a provider using a EHR. In turn, the provider may be able to give better care to an individual by using an EHR. But when the EHR vendor mines the data to supply advertising to the provider book, blah, blah, because that is, EHR being subsidized through the use of advertising, I found quite confusing as to what you meant by that.
DR. VIGILANTE: Yes, I agree.
DR. CARR: Oh, yes, youre right.
MR. HOUSTON: Do you want me to read an alternative?
DR. CARR: Do you want to I have it here. Do you want to read that? Ill read it. So the example then as revised by Pauls recommendation to say an individual may benefit from a provider using an EHR. However, the providers use of an EHR may be subsidized by the use of advertising to the physician. Alternatively if the EHR vendor mines the data to supply advertising to sell products directly to the individual or to sell information to a third party for other uses, the individuals trust in the provider may erode and concerns about privacy increase.
DR. VIGILANTE: I think the phase about advertising detracts from the main its really about the mining of the data and getting right to that without that intermediate sentence or phrase, I think, gives it greater impact.
DR. CARR: So Mary Jo?
DR. DEERING: And my question was not seeing it and only hearing you read it, it sounded like the second I didnt know what to make of the second sentence. I didnt know if it was a statement of approval, but it began with the word however.
DR. CARR: Yes, provided use of an EHR
DR. DEERING: So I wasnt
DR. VIGILANTE: Lets take it out.
DR. COHN: Yes, and I actually this is one where actually I think Marjorie clarified it better. I guess Im sort of thrown off by the word alternatively which Im not quite sure what to make of that transition through there. I actually think that with the changes that Marjorie was suggesting here, it actually comes away as being a relatively compelling example.
DR. CARR: So Simon, if we took out the word alternatively, then it would be Ill read it again. An individual may benefit from a provider using an EHR. However, the providers use of an EHR may be subsidized by the use of advertising to the physician. If the EHR vendor mines the data to supply advertising to sell products directly to the individual or to sell information to a third party for other uses, the individuals trust in the provider may erode and concerns about privacy increase.
Yes, Jeff?
MR. BLAIR: Maybe theres an example of this somewhere. Ive just never known of this. So Ive known of areas where advertising might be included, but it isnt the EHR vendor. So I dont mind if its used as an example, but I think there should be something to say like if this occurs rather than because it almost implies that it is occurring.
DR. FITZMAURICE: And it could also be illegal. How does an EHR vendor get access to this protected health information.
DR. CARR: Business associate?
DR. FITZMAURICE: Its still illegal.
DR. COHN: Why dont you let Margret talk?
MS. AMATAYAKUL: We actually have a specific example of a vendor that is doing this today. I didnt cite that vendor. I dont know whether its appropriate to do so. But
DR. COHN: Now is it a vendor of EHR systems?
MS. AMATAYAKUL: Yes.
DR. COHN: Or is it
MS. AMATAYAKUL: Two vendors.
MR. BLAIR: So theres two examples of something like this has happened. Then Id like to know is it where its a stand alone, or is it an ASP model where its a service thats being provided.
MS. AMATAYAKUL: An ASP, I believe.
MR. BLAIR: Thats exactly what I was thinking, and that can give the way its worded it gives a very different impression because I think most people think of EHR vendors as ones that provide software as opposed to those that provide a service. And so I think that I have no problem with your including the example. But lets either add that its a service as opposed to just a generic term vendor and maybe indicate that is not common.
DR. COHN: Jeff, if I may jump in, but is the word vendor the one thats bothering you, and would you rather have that maybe be like service provider?
MR. BLAIR: Yes, thank you.
DR. CARR: All right, I saw a number of hands. Harry?
MR. REYNOLDS: Yes, again, as we go through this and as we get deeper and deeper in the document and start zeroing on certain things, one of the key points that this is continuing to show that there are people outside of the HIPAA world right now, whether its services, whether its vendors, whether its these other things, they are in free space in many cases. And so weve got to be weve just got to keep that message. So remember to keep every once in a while keep looking back at the guiding principles because those are the things that we have to keep that consistent message throughout this.
Im not picking on anything that anyone just said or anybodys going to say in the future. Im just saying thats the one thing that we continue to hear clearly, and thats why we want to there may not be as many examples as people would want, but there is a group of people out there that are non-covered who are offering services in todays world that are outside the stream of what we want to protect.
DR. CARR: John Paul?
MR. HOUSTON: Just a little comment. I guess one of the challenges Im having with sort of the organization this reports to is the recommendations are sort of separate from this overview or this background section of the report. And I guess one of the areas that I know one of the recommendations involve the FTC and oversight of these types of activities. I know its later on in the report.
Im not sure whether you do whether you can do any changes. Maybe Im just sort of stating it. I keep looking at different sections of the report, and theres a little bit of a disjoint between theres a section that talks about the background, and theres an entirely separate section that almost restates some of these things with the recommendation.
DR. CARR: I agree that theres an inconsistency of where we draw the line from the amount of data in the background and the amount of data in the observation. Would you favor
MR. HOUSTON: Let me ask a question. Do these sections lend themselves to be moved so that they go along with the section at the recommendation? Are they really organized in a way that would make that incompatible? I dont want to make people go through a lot of rework. Im just noticing
DR. CARR: Right, we have an earlier draft we could show you.
MR. HOUSTON: Really? Okay. I just thought Id bring it up because, again, this is the FTC recommendation which is later on, and Im thinking, okay, where is that recommendation.
DR. CARR: Lets hold that thought, and then Im just going to go around and make sure we get everybody. Paul, did you have a comment?
DR. TANG: So as you pointed out, this topic is probably the thing that once stimulated the expiration of this content area and generated the most controversy. Yet it may occupy the least amount of space in the entire document on a relative basis.
I dont think we want to short change it by not fully describing the concerns that were raised and being able to characterize them in a tribute, you know, and identify the root causes of the concerns so we can deal with them.
So to that there seems to be two concerns of use of data. One is in using the data to influence the decision making of physicians that may turn around obviously and influence the care the patients receive.
And the second is to use personal health information to influence patients or consumers decisions or choices, and those are both things that you tried to bring out in this example.
Another example I circulated just yesterday that came out of the news was the example of a PBM, and PBMs covered? Okay, they just businesses, okay.
MR. REYNOLDS: Theyre either business associates or covered entities depending upon whether they dispense drugs.
DR. TANG: Okay. So in this example, a PBM obtains information for its authorized use, then turns around and sells it to data miners who then turn around and sell it to pharmacy companies. And so we have this clearly involves this use of health data including monetary exchange, and it clearly deals with the interface of covered entity, business associates and other uses of health data. That might be another example and, again, Im saying I dont think we need to be too concerned about lengthening this very, very short section since it is the major concern of
DR. CARR: And I have a question, too. What we didnt talk about in this write up is that there are exchanges are data for monetary exchange that promote quality and things like that. Is it necessary?
MR. BLAIR: It may or may not promote quality. But I think its valid that that is a possibility that it could be good or not good.
DR. CARR: Yes, were immediately jumping into the situations that are concerning. But I think a part of our discussion was that to simply say monetary exchange does not equate with nefarious purposes, and so I wonder if there would be
MR. BLAIR: Thats a good point. Thats right.
DR. CARR: Yes. So perhaps we could add something about that as well because I think that we started with the assumption that it was something to be managed. Okay, Leslie.
DR. FRANCIS: Another kind of use that I was a little surprised I didnt see here or somewhere is use by an entity for its own advertising or to persuade people to come get care from them. Thats different from direct consumer advertising of drugs, but it could also be sold. You know, data could be sold as an advertising mechanism.
DR. CARR: Right. Mike?
DR. FITZMAURICE: Two suggestions. One is involving monetary exchange, the example doesnt talk about a monetary exchange. Its subsidizing, its a thing of value. So you might want to say exchanges of value including monetary exchanges.
And secondly, Im bothered by when the EHR vendor mines the data. The EHR vendor isnt a covered entity. So it must be a business associate if its dealing with a covered entity. And I dont understand how a business associate can mine the data to supply advertising to the provider unless the provider argues that something I can do for myself and Im hiring this vendor to do it for me. Absent that, its illegal in my opinion. I of course am not a lawyer.
DR. CARR: Well, in the example that Paul sent out last night, I think it was de-identified data no?
DR. TANG: So it was sold in identifiable format, and it didnt get de-identified until it sold the second time.
DR. FITZMAURICE: So then the vendor would have had to have hired that second stage to de-identify the data. You cant just do it without the providers authorization. Its illegal, and they could be prosecuted.
DR. CARR: Yes. John?
MR. HOUSTON: Can I say one thing here? By the way, it is a very common practice for EHR vendors to try even non ASP vendors to try to get ownership or rights to de-identified data. I do contracts constantly, and I strike it out of probably about 20 percent of the contracts I do. So this is a very common practice, and theyre very successful about it.
DR. CARR: All right, Jeff and then I think Jeff has the final comment.
MR. BLAIR: Right. And what Michael was just commenting on where sometimes the entity thats providing service might appear to be a professional association, and thats why I feel as if and thats the one where, you know, theres really a real concern about either and the secondary use of the data may be for good purposes. But theres where the deceit and the transparency the deceit is such a concern, and the transparency is so important. And thats why I was concerned that we get this on target, that we get it focused towards the area of concern.
DR. CARR: Thank you, John. I have one question. We dont really call out de-identified data in the background. We get into it in the recommendations and observations. So I wonder if we need to tee it up a little bit in the background as we do for other things. So a note about that.
The next section then is the guiding principles. In the interest
DR. COHN: Well, hang on a second. What are we doing with this section now? I heard you throw out a bunch of things. So whats going on with this section?
DR. CARR: Yes, okay, so what Ive asked a number of folks to make their
DR. COHN: This section, uses of health data and monetary exchange, that section.
DR. CARR: Oh, okay, that needs additional work.
DR. COHN: Explain to me what additional work is going to occur.
DR. CARR: Well, it sounds to me like we need more detailed or more precise language in the examples. And as Paul, one of the things we heard is that we didnt break out in more detail. We heard three uses, uses of data to influence an MD which might downstream influence a patient. Two, use of data directly influencing a consumer. And then three, the example we heard about last night about the PBM has an authorized use and sends it to a data miner who sends it to multiple exchanges. Theres three areas that are not specified in this but are areas of concern. So I would say that that was one thing that we heard.
I think Jeff asked for some clarification in the example. And then I mean how much more do we want to expand this? Let me put it back to the group.
DR. COHN: Well, I think I also heard a sentence that needs to be something along the lines of while not all uses of health data that involve whatever is Congress now exchange of
DR. CARR: Value including monetary.
DR. COHN: Yes, value including monetary
MR. BLAIR: Exchange of value.
DR. COHN: Should be of concern or something like that. The NCVHS did hear some areas that were of concern, something like that.
DR. CARR: Okay.
DR. COHN: Margret, you were going to make a comment?
MS. AMATAYAKUL: I was listening.
DR. TANG: And maybe just to add to that list of things to explore, it stated that it sold for monetary exchange that have the potential to cause harm that you previously enumerated like discrimination, et cetera. Its clearly another way to do it is to find ways of excluding people from insurance. That would be a use of mining data sets, and thats one of the things youd want to address as well.
DR. FITZMAURICE: Justine, Id also suggest addressing the fact that some of these things may be illegal. And so the illegality is an avenue is pursue as well.
DR. CARR: Thats already covered under HIPAA.
DR. FITZMAURICE: Under HIPAA or state law? HIPAA goes so far, and then the rest is contracts that would be covered by state law. Business associate agreements, for example.
DR. CARR: Right, right. So I mean I think we talked later in the recommendations about strengthening and pursuing the business associate agreement. So presumably that implies if you break the contract or do something illegal that it should be, and I think we do say that in the recommendations.
DR. FITZMAURICE: But my point here would be some of these things are illegal. And so the illegality of it raises great concern.
DR. COHN: Well, I think, Mike, youre making an assumption that may or may not be the case. I think what we all heard in testimony and Im sorry obviously you werent part of it was that in some cases the ambiguity of the business associate contracts actually allows it legally.
DR. FITZMAURICE: Not if the vendor is doing something the provider cant do for him or herself.
DR. CARR: Okay. I think that we need to move on to the next section, but I dont want to lose sight of that comment, and Ill circle back with my Marjorie because you are the executive secretary. You may have the final
MS. GREENBERG: Well, I dont like to use that too often. But I would have to say that from the very beginning I have had a problem with this concept of the sale of health data where financial benefit accrues to someone other than the individual who is the source of the data. I really dont think thats the problem.
Jim just leaned over to me and said NCHS sells public use data tapes which includes information about de-identified, but about individuals, and theyre not getting any monetary benefit. I think the issue has to do with marketing or other types of things.
But this is so mostly the sale of anything doesnt necessarily accrue to the person whos the source of it. I mean, and I cant even imagine how the sale of the data would accrue to the person whos the source of it. So Ive always had a problem with that conceptualization. But Ive mentioned this now over a period of months. So if everyone else is comfortable with it, then I
DR. CARR: Well, is everyone else comfortable with it?
MS. GREENBERG: I really dont have it.
DR. CARR: Is it taking us down a road that we dont need to go? Steve?
DR. STEINDEL: I think weve discussed this topic repeatedly in the group, and Im happy with that sentence because its not putting a value judgment. Its just saying that there is concern, and then we go on in the recommendations section we address the concerns. And I think this is a very you know, I think you brought this up a couple of times, Justine, in discussing peoples comments.
In that this section is a background section, it is introducing thoughts. And Im leery about expanding those thoughts outside of where we start going into specific recommendations.
DR. CARR: Yes. Simon?
DR. COHN: You know, this is just a suggestion that maybe rather than increasing concern, its more like NCVHS heard concerns. I think that more objectifies it.
DR. SCANLON: I would even make its just not a well-defined. It sort of raises an alarm about something that may or may not exist, and were not sure what exactly the situation is. And I would just feel more comfortable with few and, again, many organizations sell data including our own agency, and some of its identifiable under certain circumstances.
DR. VIGILANTE: Well, maybe we can put that in one of the examples to show sort of the gradation of some things that really are concerning and some that might be concerning.
DR. SCANLON: Well, I would just make it more exploratory like this jump came up and it needs further investigation.
DR. CARR: Yes, okay and frame it that it was raised. Yes, because its written a little bit like it is an absolute. And what we want to say is it represents the opinion of someone. Yes?
MR. BLAIR: I think this is not a question whether its done or whether its legal to resell data. I think that this is getting, laying the foundation for the issue of whether the public understands this or not. Its the transparency issue. Thats what its laying the foundation for.
So I would agree with Marjorie that we dont want to say that this is necessarily a bad thing. It may be done for improving the quality, in patient safety, for good reasons. So its not that in itself its a bad thing. The issue is whether or not the public is aware.
DR. CARR: Okay. With that comment, I believe we will conclude this section. I think in the interest of time, having already covered the guiding principles, I will not go to that but turn it over to Harry.
DR. COHN: And Im going to ask were going to do a late lunch break obviously and sort of try to go through the recommendations. Marjorie, do you have a comment, and then Ill let Harry get started.
MS. GREENBERG: I thought we probably were going to do that. But we do need to keep to our schedule later in the afternoon. But I wanted to Im sorry, but to ask if anyone else is on the phone line.
DR. VIGILANTE: Its Kevin.
MS. GREENBERG: I know Kevin. Is anyone else on the line? Okay. Ive been emailed that someone else was on the phone.
DR. COHN: If they mute themselves, we wouldnt hear them, but they would hear us. Larry?
DR. GREEN: I wanted to just raise one concern about the guiding principles before we go by them. Theyre at page 17 in the letter. In my view, this is some of the most important words in the whole letter, and I think we have widespread agreement about that.
But I dont want to be dismissive of them, and I want to raise just one issue. On line 650, it says that the recommendations reflect the ability to support benefits from users of health data while protecting their privacy.
In my view, having studied the simple times now front to back, this is the closest line we have to a goal statement in this letter, and I believe these words are hugely important. We dont have anywhere in the letter a statement of what NCVHSs goal is in submitting this other than come and ask us to write a report. So heres the report sort of thing.
Im just wondering if we might not want to in this guiding principle statement make explicit that our goal is to make recommendations that will reap benefits to this nation from the uses of health and not at the cost of reasonable privacy protections. Thats really what were trying to make recommendations for.
I really like this language. I like these words, and Im wondering if they could be almost held out as a goal since they are goals to do this. And then we say in our guiding in these protections, our principles are that these protections should do these things, elevate and clarify it because this is a complicated letter to understand.
DR. CARR: And even more to write. Are we comfortable with the guiding principles appearing just before the observations and recommendations in that sequence?
DR. GREEN: Oh, yes. I think thats a very important development, a very good development.
DR. CARR: I like your idea, though, because youre right. The introduction is we were asked to do this. And I think it would be it is really our intent that the goal as outlined here is the goal of all this work. So we will work to put something very strong in the opening.
DR. STEINDEL: Can I just ask that like in the very first sentence of the document you throw the word balance back in this also.
DR. CARR: Yes.
DR. STEINDEL: Because some of these, they require trade offs.
DR. GREEN: And just one small thing. I think it will be very important in principle number three to put the word appropriate in front of uses.
DR. CARR: Number three, facilitate appropriate uses, okay. I apologize because I read them, but I didnt ask for comments back, and that was my mistake. Are there other comments about the guiding principle? Michael?
DR. FITZMAURICE: And we say these are guiding principles against which each recommendation should be evaluated. Then under observations and recommendations, we say NCVHS believes that data stewardship principles should be applied. Are these the same principles, and if so we probably should call them the same thing. Theyre not the same thing. Okay. Then they go to say what those data stewardship principles are.
DR. CARR: Yes, and we do in that closing sentence, but Ill leave that to Harry. Marc?
DR. ROTHSTEIN: This is just that tiny wordsmithing, but this is now the most important section of the document. So Ill take the liberty of doing that and recommend on line 662 delete the word uniform.
DR. CARR: Okay, increase the clarity and understanding of laws.
DR. ROTHSTEIN: Right.
DR. CARR: And regulations pertaining to privacy. Well delete that word.
MR. REYNOLDS: Okay, to give you a brief mental break from that, I think one person that we havent recognized, we havent recognized in this process and just remember were just going through what weve heard so far. We havent gone into what were recommending, and that would be Simon. His leadership through this especially as weve worked with so many different entities and as you can see, this is a power packed emotionally driven assignment that weve had, and a lot of the other things we tended to have havent gotten quite this far in quite this breadth in some of the things that weve looked at. So I would like to have an equal round of applause, if not a bigger one, for anybody that so far
[Applause]
MR. REYNOLDS: Now that youre applauding, I take that as approval for the recommendations.
[Laughter]
MR. REYNOLDS: Okay, moving right along. As we move into observations and recommendations, we have nine major areas of recommendations. And so Im going to do these recommendations. When we get to number one, well make sure that we then go through all the way through the whole section, 1.1, 1.2 and so on and make sure because, remember, everythings that numbered that way is about that same subject. So its a message, and its broken into pieces, and those pieces again tie back to the guiding principles, and they tie back to that particular one.
So as we touch one, you know, a sub-bullet, we may be touching the theme. So lets be very pragmatic in the fact that we look at this because we lumped these things together purposely in that way. So with that, were starting on 17, observations and recommendations. So Id like to take any comments through number one if anybody has any there. Michael?
DR. GREEN: Again, Im puzzled by NCVHS believes that data stewardship principles should be applied to all organizations. Do we know what those principles are that we think should be applied.
MR. REYNOLDS: Yes. If you read on later, data stewardship principles include accountability, transparency, individual participation and control, de-identification, security, safeguards, controls.
DR. GREEN: Well, principles arent just a listing of terms normally. Theyre statements of the goal that you want to achieve. If you will data stewardship issues include those.
MR. REYNOLDS: Okay, well, give me a word then because the rest of the document talks about data stewardship in many, many pieces in many ways. So you need to give me a word --
DR. GREEN: or data stewardship issues include attributes.
MR. REYNOLDS: Fine. Thank you. Anything else before we get to number one? Okay.
MS. GREENBERG: Im a little uncomfortable excuse me for interrupting here. But getting rid of the word principles which is a very nice solid word, and I think you could just say include assuring all of these things. I think those are principles to assure accountability, to assure transparency, whatever.
DR. GREEN: I would go along with that if you say data stewardship should assure. But I dont see the statement of principles yet.
MR. REYNOLDS: Marc?
DR. ROTHSTEIN: Or you could say the principle of data stewardship includes
DR. GREEN: Oh, thats good.
DR. CARR: Yes, I think we actually began with data stewardship without principles, just data stewardship, and we did get push back on testimony after we published it. But I would like to raise it again because I would be very comfortable with us saying data stewardship.
DR. GREEN: But I like the suggestion that was just made, the principle of data stewardship includes the following attributes. I mean, data stewardship can be a principle.
DR. FITZMAURICE: I would say its a burden. Its a responsibility. But I dont see that its a statement of principle, a statement of how you want to proceed by doing something whereas the principles the one through six before says heres how we want to do something, and heres how were going to do it.
Data stewardship is a responsibility.
DR. FRANCIS: What theres a kind of confusion here about, I think, is whether this is something you have to bear in mind in how you are a steward of data, or whether this is something you ought to do. For, example, you have to de-identify when you ought to, but that doesnt mean you always ought to de-identify, and thats what I think may be the confusion underlying how to read this. So you might say the principle of data stewardship includes appropriate attention to each of these matters or something like that.
MR. BLAIR: But I think that Michael really made a really good point in it took me a little while to digest it. But referring to data stewardship as a responsibility, and you can still wind up having the same attributes underlined or things, and it makes it clearer because it says data stewardship is a responsibility.
MR. REYNOLDS: Steve?
DR. STEINDEL: I think theres a difference here when you and a confusion. I think in this document, were talking about data stewardship as a principle. Were not talking about it as an absolute. This person is the data steward. This is what the person does. Were talking about this as an abstract quantity, that these are things that any organization thats handling data has to do. And then they will probably, if its a large enough organization, they will appoint somebody to be a data steward that has the responsibilities to do this.
And I think we were very careful in trying to frame this as not responsibilities but as attributes. I dont mind the word attributes. I prefer the word principle. But I have no problem really with the way its been worded.
DR. FITZMAURICE: I kind of agree with what you said. A person who is designated as the data steward should follow the following principles. Data stewardship isnt a principle, but it should follow the following principles. Im not sure that I see them listed, but I agree that these are attributes of data stewardship that are listed here.
DR. STEINDEL: Why isnt data stewardship a principle as well as a person?
DR. FITZMAURICE: Its two words together. It doesnt tell me how to act, how to act responsibly.
MR. REYNOLDS: Okay, Larry, you had your hand up.
DR. GREEN: It may have been Margret. Im not sure. In our last meeting, someone actually projected, I believe, the definition of stewardship. I may have missed it, but I dont think in our glossary we have the word stewardship. And on page 48 on Appendix D where we have the health data stewardship conceptual framework, it seems to me this gives us a location in which we could address this issue. Its definitional, and what do we mean by stewardship.
Its a non-trivial issue because this is one of our fundamental conclusions from all the words. This is our fundamental recommendation, and it seems to me we should have a definition --
DR. COHN: I think there actually is one in here. I think its on 435, on line 435.
MS. AMATAYAKUL: Its 442. Im sorry, 435.
DR. GREEN: Is that satisfying to everyone in this corner of the room over here?
MR. REYNOLDS: Okay, so does this page stand as written, or do you still want it changed?
DR. FITZMAURICE: Well, I dont see data stewardship is not a principle. It has attributes. On line 684, we say a framework of health data stewardship. So its part of the framework.
MR. REYNOLDS: Judy?
DR. WARREN: Well, what Im wondering listening to all of this is if it shouldnt be reformatted into the same format that the above protections format is and then take each one of those attributes and turn them into a principle because I dont think it would be that difficult to flesh them out. Because as I go this, if we dont do that, then the rest of the document has to be rewritten. The framework has to be redone because it doesnt flow. So and I guess I think those are principles. Theyre just not worded that way.
MR. REYNOLDS: Okay, do we want to take this offline and work on this? I think weve heard enough comments on it. Simon, are you good with that?
DR. COHN: Yes. Im just trying to think of what it is were doing because Ive heard about four different so basically this is going to be either reformatted ala Leslies comment about I mean, you had some wordsmithing here that was
DR. FRANCIS: What I was just trying to say is these are the topics about which were developing principles, and the rest of it is the principled recommendations. So there isnt a principle that says maximize individual participation and control. But theres a principle that says you have to have a set of principles about what levels are appropriate and stuff.
MR. REYNOLDS: I think, Simon, what weve heard is rearranging either a changing of a couple words or rearranging those words all the way to call it some kind of table like Judy talked about.
DR. COHN: Well, I guess thats one reason why Im bringing this up because I think theres ways, for example, Leslie sort of commented about paying appropriate attention to da, da, da, which is like way different than trying to make definitive statements about each of the pieces that relate here because I mean we are in each of them, were sort of, theres a reason why we have 1.1, 1.2, 1.3. This gets to be a little bit complex in terms of how we do that. But I
DR. FRANCIS: And this is really just an outline. Its a list of what were going to be developing principles about.
MR. REYNOLDS: Does anybody have any concern with Leslies approach? Does that answer what we have been talking about? Okay. All right, lets go to number one, and thats the observations and recommendations on the principles of data stewardship for accountability and chain of trust within HIPAA. The first thing, well answer questions between this and 1.1, and then well get into the serious nature of 1.1. Yes, John?
MR. HOUSTON: Yes, I have a couple comments. On 713, it states HIPAA privacy and security rules only apply directly to health payers, clearinghouses, providers of electronically transmitted health information in connection with transactions for which HHS has a standard. I thought it was simply that it was in conjunction with the electronic transmission of health data in that standards part of thing came in insofar as they were only then permitted to use the standard format. So long as they electronically transmitted it, I dont know how to say this, but this doesnt seem correct. The transaction relates to the payer provider.
MR. REYNOLDS: In the standard format.
MR. HOUSTON: Right. But I think we need to be careful because health information transmission by an HL-7 or something else would not cause this to occur. So its just a standard transaction is what causes HIPAA to apply. The use of the payment or the processing of claims or whatever by a standard transaction is what causes HIPAA to apply, and I dont think this sentence is necessarily technically correct, I guess, is my point.
MR. REYNOLDS: Margret, we can validate that in the rule, right?
MR. HOUSTON: And the second thing is on line 722.
MR. REYNOLDS: Well, hold on. Karen, do you have a comment on that one?
MS. TRUDEL: Yes, thats absolutely correct. Its a transaction for which the Secretary has adopted standards under the HIPAA regulations, not under other authority. And when the HIPAA law was passed, that was the only authority the Secretary had. Thats now standard.
MR. HOUSTON: All right, so what we need to say is that if hes adopting the Secretarys adopted or identified the standard, if youre going to do that type of transaction, you have to use that standard and then HIPAA does apply.
MR. REYNOLDS: Is that wordsmithing?
MS. TRUDEL: Ill talk to Sue McAndrews.
MR. REYNOLDS: All Im saying is look up on the screen. Here look at the screen. Michael?
DR. FITZMAURICE: I cant quite read that. But if we strike out everything after transactions and say electronically transmit health information in connection with HIPAA transactions, I think that nails it.
MR. REYNOLDS: You dont like whats up there>
DR. FITZMAURICE: I cant read it.
MR. REYNOLDS: Well, yes, but youve got to read that before you I like it.
DR. CARR: Ill read it. The HIPAA privacy and security rules only apply directly to health care payers, clearinghouses and providers who electronically transmit health information in connection with transactions for which HHS has adopted standards under HIPAA.
DR. FITZMAURICE: I think thats perfect.
MR. REYNOLDS: Okay, good. Any other comments? Mark?
DR. ROTHSTEIN: Does it permit covered entities to enter into contracts? I think it requires. Thats one line 722.
MR. REYNOLDS: Its 722.
MR. HOUSTON: It says permits. It should be requires. The HIPAA privacy and security rules permits covered entities to enter into, and I think it needs to say the HIPAA privacy and security rules requires covered entities to enter into.
MR. REYNOLDS: Marc, do you have a comment on that?
DR. ROTHSTEIN: Yes, I just wanted to not what John said.
MR. REYNOLDS: Well, let me finish this one. Are we okay with requires?
DR. FRANCIS: Thats only if theyre transmitting electronic health records?
MR. HOUSTON: No, no, no, this is for business associates, and my only point is that its not a permissive, its required. Once somebody is doing something on your behalf, its required that they enter into a business associate contract.
MR. REYNOLDS: Marc, next comment.
DR. ROTHSTEIN: I just want to go back to the definition of whos a covered entity. I mean, if you
MR. REYNOLDS: What line are we talking about?
DR. ROTHSTEIN: Uhm, 715. I mean, if you want to be technical, we should include sponsors of prescription drug card. Congress amended the Act to include them under HIPAA. Did that expire? Okay, never mind.
MR. REYNOLDS: Your comment was correct. It was just not timely.
DR. ROTHSTEIN: It used to be correct.
MR. REYNOLDS: Anything else on the section between now and when we get to 1.1. And this is our area of our observations and recommendations after weve heard all of the testimony.
DR. TANG: Are you going paragraph by paragraph?
MR. REYNOLDS: No, Im going through that whole area until we get to 1.1.
DR. TANG: So I have a number of comments from lines that
MR. REYNOLDS: Okay, they are now on the screen. They are what lines, Margret?
MS. AMATAYAKUL: Seven forty-one to 759 on the original document. And Paul, just we had separated that big paragraph into several smaller paragraphs. Thats why it doesnt look the same.
DR. TANG: So what am I
MR. REYNOLDS: Do you need to comment?
DR. TANG: Im submitting those.
MR. REYNOLDS: Well, I guess we need to read them because its changed it pretty dramatically. So yes. Margret, why dont you go and read them.
MS. AMATAYAKUL: Sure. So
MR. REYNOLDS: So this replaces 741 to 759 in the document in the book?
MS. AMATAYAKUL: Right. So furthermore, since HIPAA de-identified data are not protected health information under HIPAA, business associates or their agents may use de-identified data for purposes not required to be described in the business associate contract. There are also no assurances that the de-identification process used by the business associate will be consistent with that required by HIPAA. NCVHS heard testimony concerning varying ways protected health information may be de-identified. Without assurances of proper de-identification methods being employed or without an awareness of the uses made of de-identified data, covered entities Im sorry, without an, it might be good to make this or an and without assurances of proper de-identification methods being employed and without an awareness of the uses made of the de-identified data, covered entities are unable to describe what uses may be made of individuals data and are not able to confirm whether proper and reliable methods of de-identification are being used. The risk of information being re-identified continues to increase as more public databases become available and techniques for re-identification become more sophisticated.
The ability to re-identify information that was previously believed to be Im sorry, we just changed that believed to be de-identified constitutes a use of protected health information not described in and in violation of the business associate contract as re-identification occurs further down the chain, it is more difficult for the business associate to identify such a violation and report it to the covered entity. Consequently, these issues open up an individuals data to uses that the individual does not anticipate and for which the individual may or may not be in agreement.
DR. REYNOLDS: Comment?
DR. TANG: So the rationale behind making those changes is a second major theme we found is that this whole notion of de-identification has evolved just in the ten years that HIPAAs been around, and we know more and more, and the risk increases every day that more and more without complete de-identification theres a certain risk of being re-identified.
So thats why one Karen said HIPAA de-identified, i.e., de-identification by the HIPAA method from others that claim to be de-identified. And, again, if we go back to the example I circulated yesterday, thats another example where the letter that PBM submitted saying were going to stop this and we used non-identified data was probably a way of expressing that they didnt use the HIPAA prescribed de-identification.
MR. REYNOLDS: Any questions? Michael?
DR. FITZMAURICE: I wonder if what Paul just said doesnt lead to consideration of a recommendation that HIPAA be changed, the privacy rule be changed to require the person receiving de-identified information to promise not to re-identify it. Before we didnt think it was possible. But it might be possible in some cases.
MR. REYNOLDS: Well, I think one thing at the end of the recommendations we do say as far as it relates to de-identified, we will hold additional hearings.
DR. FITZMAURICE: Okay, so then out of that, after that
MR. REYNOLDS: Could come whatever recommendations we would or would not want on de-identified further than we have.
DR. FITZMAURICE: Thats good enough.
DR. REYNOLDS: Okay, moving along, lets go to the next main paragraph which is organizations providing data transmission services. Margret? Who had their hand? Oh, Jeff, put it up a little higher next time for me. I cant see you down the end of the line.
MR. BLAIR: I was putting it up just as I think you were about to read the document. Im sorry. Is re-identification of de-identified data, is that legal or is that illegal?
DR. FITZMAURICE: The burden, as I understand, the burden is on the covered entity not to release the entity and de-identified unless its re-identified.
MR. BLAIR: I mean, has there ever been a legal ruling that re-identifying de-identified information, is that still legal?
DR. FITZMAURICE: Im not sure. I would refer to a lawyer on that. But my lay opinion is that the burden falls on the covered entity, and if somebody else does it, then you have a chain of contracts enforceable by state law that lets you file suit for harm. Steven, again?
DR. STEINDEL: We actually did have a comment about that from Maurice Landel in our discussions, and he noted that if a person who has received de-identified data regardless of where it is in the chain and, you know, with the presumption that its really down the chain so they dont have a direct relationship with the original covered entity generating the data and did re-identify the data, theyre now holding PHI.
DR. FITZMAURICE: Only if theyre a covered entitled.
DR. STEINDEL: Well, yes, thats the key. So there is a quasi theres a strange legal status thats been undefined about de-identification.
DR. FITZMAURICE: And Jeff, its clear that going down the chain that the covered entity is responsible for not letting that de-identified data be re-identified.
DR. STEINDEL: And thats, you know, thats why it led to us saying that we will investigate this further because of the lack of clarity on that.
MR. REYNOLDS: I think, Michael, youre leading right down the chain which will be starting at 1.1 because that chain is a significant issue, significant concern and significant part of this process.
Okay, ready to move on to 1.1 which really starts getting into, its headed by the recommendation on business associate contract provisions, and then we have 1.1, 1.2, 1.3 and 1.4. Any comments on those? Okay, John.
All right, moving on to 1.2 is the recommendation on the confirmation of business associate contract compliance. John?
MR. HOUSTON: Yes, specification on line 862, it says under number one, parenthetical one, issuing guidance about practical scenarios where contractual violations by a business associate could result in violation of the HIPAA privacy rule for a covered entity. Im not sure whether how theres a violation of HIPAA by a covered entity through a business associate. I guess if potentially if the covered entity doesnt take appropriate steps based upon the business associate doing something wrong, there could be a violation of HIPAA. But you might want to clarify that.
MR. REYNOLDS: What would you want it to say?
MR. HOUSTON: Issuing guidance about practical scenarios where a covered entity fails to appropriately or discipline or appropriately manage a business associate could result in a violation of the HIPAA privacy rule.
MR. REYNOLDS: Anybody have any issues with this?
MR. HOUSTON: Or something of that sort because its the failure to appropriately oversee or discipline and disciplines not even the right word. But theres an obligation to take steps to mitigate and to address any inappropriate activity by a business associate which would give rise to
MR. REYNOLDS: Now we got Jeff and Justine.
MR. BLAIR: Because Ive had some exposure to dealing with state legislators on these privacy issues, one of the things that surprised me because I dont come to issues in this manner. But I discovered that one and then several state legislators look at these issues in a very different way.
I typically looked at it in an overall view in terms of what is the risk, if the risk is small, then I wasnt going to worry about it. They look at it the opposite way. They wind up coming at it if theres any risk at all, and Im coming to the de-identification, then thats where they zero in. And Im mentioning that because some of these legislators in my state may have the same mentality that others do in other parts of the country, and therefore, I think we ought to have some statement in this recommendation letter beginning to address the exposure of re-identification because theyre going to zero in on that.
MR. REYNOLDS: Well, how about if we do this, Jeff. How about if we include that in and you know, were doing a further hearing on de-identified.
MR. BLAIR: Okay, but lets clearly state that we consider that an issue, and that that issue will be addressed further so that yes, it is, okay.
MR. REYNOLDS: Margret, will you make sure we note that when we get to that recommendation.
MR. BLAIR: Thank you, Harry.
MR. REYNOLDS: Justine, did you have further comment?
DR. CARR: Yes. I just wanted to follow the chain of discussion here or the chain. So going back to 1.1 for a second, were saying that you have to in the business associate contracts in 1.1.2, it should include terms that explicitly describe what HIPAA de-identified data may be used and to whom de-identified data are supplied. Okay, and so weve been talking about a concern about re-identification. But weve also raised the issue that theres a lot that we need to learn about de-identified data and its uses and so on.
So were not addressing re-identification in these recommendations, is that right?
MR. REYNOLDS: That is correct as it stands right now. Its an open item.
DR. CARR: Yes, its a concern that needs
MR. REYNOLDS: Because until we understand de-identified better, we dont understand the re-identification of it any better. Judy?
DR. WARREN: Mine is kind of an editorial comment, and its back up on the top of page 22 for 1.2. When I see all this in a paragraph, its really hard for me to follow one, two and three recommendations that are under that. I was wondering if they cant be listed out kind of like in this format where you can see them because its hard for me to see issuing guidance, updating business associates, and incorporating confirmation stuff.
Look back what Im talking about is on line 862, if there could be a carriage return after by, having number one listed, a carriage return after number one, have two. Its just a formatting issue, but its really difficult for me to read those.
MR. REYNOLDS: Okay. Michael, I thought I saw another hand up.
DR. FITZMAURICE: On 1.1, 1.1.3, I would suggest a word insertion that reads that there must exist a contract. I would insert with protections equivalent to the business associate contract as described above between the business associate and all of its agents.
So the contract doesnt have to be equivalent, but the protections that afford it have to be equivalent. Were concerned about protecting the data, protecting the individual.
MR. REYNOLDS: Does that make a covered well, the question that it would raise, does that make the covered entity or the business associate or the agent have the same responsibilities as the covered entity.
DR. FITZMAURICE: Well, as delegated by the covered entity and as required by HIPAA.
MR. REYNOLDS: Okay. Margret?
MS. AMATAYAKUL: Im sorry. So were adding as delegated by the what exactly -
MR. REYNOLDS: Michael, say your words again?
DR. FITZMAURICE: That there must exist a contract with protections equivalent to the business associate contract as described between the business associate and all of its agents, and then including agents of agents.
MR. REYNOLDS: Okay.
DR. FITZMAURICE: The protection follows the data. Ive got one more suggestion.
MR. REYNOLDS: Yes.
DR. FITZMAURICE: 1.1.4, that any organization that supplies de-identified health data for a specified purpose will ensure that the de-identification process follows the HIPAA requirements for de-identification.
MR. REYNOLDS: Comments? Okay. Did you get that.
DR. FITZMAURICE: That any organization that supplies de-identified health information as opposed to any organization that specifies it will use de-identification organization. If Im going to use, I probably dont know how it was de-identified. But the person supplying it to me
MR. REYNOLDS: Yes, you just added the word supplies.
DR. FITZMAURICE: Yes, thats right.
MR. REYNOLDS: Good. Okay, anything on 1.3 before we move on to 2. Larry?
DR. GREEN: Harry, on line 875, it says any organization providing data transmission. So I mean, this one as scoped. So I want to ask for just your clarification of the intent of all three of these now in a row, 1.1, 1.2 and 1.3 and it if applies to anybody to this situation. All over the country, one of the most prevalent ways of pursuing quality improvement now are variations on this theme. There are collaboratives of providers who organize themselves for the purposes of doing a joint project across sites. There are practice-based research networks for covered entities, providers, maybe 100 of them from all over the country get together to do a quality improvement project.
There are HMO improvement networks. Theres IHI works. It seems to me there are more and more of these things, and that these are highly desirable. These are one of our most effective ways of getting that quality improvement. With such an entity, and Ill pick one for the sake of discretion. If theres 100 practices that have organized themselves into a quality improvement network of some sort, each of the practices is a covered entity.
MR. REYNOLDS: Correct.
DR. GREEN: Would it be the intention of this recommendation 1.1, 1.2, and 1.3 that there would be business associate contracts amongst all of those practices and wherever the data from the quality improvement project or pool, whatever that organization is, it would be saying this requires a business associate agreement amongst all of them.
MR. REYNOLDS: My initial answer would be if they had one entity that was pulling all the data together and consolidating it, that would be the business associate of all of them. But I dont see them having to be business associates with each other. Theyre covered entities. They already know their responsibilities. They already know where theyre sending it, and they in other words, if Im sending something to a covered entity, a good example is a payer is not a covered entity of a provider, when providers send all the data to the payers right now. Okay, so we dont become no payer becomes a business associate because the reason the definition of covered entity says I know what Im supposed to be doing, and if I dont, Im the one that would be personally in trouble as that organization.
So I would say covered entity is the covered entity is my interpretation is thats not an issue, and its not. But if they created a group that pulled the data together, then they would probably need to be a business associate of that whole group.
DR. GREEN: So, for example, we heard this morning about CMS green demonstrations of various sorts. If they pulled together cross-cutting learnings from their various demonstrations, are there implications for the demonstration sites about how were expecting them to do something further to protect privacy and disease guidelines here in 1.1, 1.2. Would they apply to these, are we expecting them to apply to these already implemented efforts.
MR. REYNOLDS: Im going to seek some help from Karen and a few others that know a little bit more about I dont want to step off of Michael, do you have an answer to that, or do you have another comment?
DR. FITZMAURICE: It seems to me that a covered entity cant just send its protected health information to another covered entity unless theyre both taking care of the same individual. But they can all pull their data in an association, but the association cant take my data and give it to you, a different covered entity.
The covered entities could bind together for quality improvement purposes, turn themselves an organized health care alliance, I think it is in OHCA and then they can share information, personally identifiable information for quality improvement purposes.
MR. HOUSTON: As long as they have a common patient population.
DR. FITZMAURICE: No.
MR. HOUSTON: Yes.
DR. FITZMAURICE: No. Thats a legal question that would have to be resolved. I cant speak on it as a lawyer because Im not.
MR. REYNOLDS: Karen, did you have any comments on that that you could help us with.
MS. TRUDEL: Well, two things actually. I was going to suggest that we might benefit from Sue McAndrews.
MR. REYNOLDS: Well, I was hoping Sue would I would see movement out of my right eye here, but I hadnt see that yet. So youre the only one close at the moment. Shes walking to the door.
MS. TRUDEL: While shes walking up here, give me a break. No, one important thing and Im sure shell say the same thing is that part of the the critical part of the definition of a business associate is someone who is doing business on behalf of the covered entity that the covered entity would ordinarily have been doing for himself. So that, for instance, thats why the health plan and provider are not each others business associate.
MR. REYNOLDS: Right. Yes, which is the same reason I was answering Larrys question.
MS. MCANDREWS: But in terms of the quality collaboratives, there are provisions that do allow the sharing of that as a health care operation. They can come together and share information for that kind of health care operation without forming a business associate arrangements as between them as long as everyone in the collaborative is a covered entity.
MR. REYNOLDS: Yes, well touch base on that again, Larry, when we get into the quality is part of health care operations. You dont are you comfortable weve answered your question completely, or
DR. GREEN: Why dont we do the rest just like you proposed. Well come back to quality operations and see what happens.
MR. REYNOLDS: Okay.
DR. GREEN: But I just want to flag it. Our goal here is to improve quality of care in the way it protects privacy, and we want to do this in a way we said that doesnt create undue regulatory burdens, and there are a lot of quality collaboratives all over the country that I suspect are going to have immediate questions if these recommendations were to be implemented. Theyre going to say does this apply to me and what were doing. It would be nice if we knew the answer.
MR. REYNOLDS: And if I remember correctly, Northern New England was a great example of this that we heard testimony from on this with covered entities grouped up to do this. Okay, observation two. Observations and recommendations on principles of data stewardship or transparency. First, Ill take any comments through 2.1 well get to 2.1. Yes, Marc?
DR. ROTHSTEIN: I have a proposal on line 932. I would recommend that we delete two sentences beginning with this section originally had and the second one that begins with 2002, and the next sentence dealing with however up to the end of that line which would include the word enabled and substitute just the following, covered entities may be required to follow more stringent state laws, period, and then leave the last sentence in there.
I dont think the sentences that are currently in there that begin on 932 are necessary for the discussion.
DR. VIGILANTE: The other thing above that in line 928, it says an authorization is required for other uses and disclosures that are enumerated in 164.208. I dont know what those are. Maybe we should footnote those or refer to an appendix just so people are interested, and they can see what those are. Otherwise, it has no meaning for the reader.
DR. COHN: Okay. So Kevin, your suggestion we just footnote the legal references rather than
DR. VIGILANTE: Yes, yes. I imagine it might be too --
DR. COHN: I think thats fine.
DR. VIGILANT: -- to put in there. So at least the reader can refer to it.
MR. REYNOLDS: Now lets go back
DR. COHN: Okay. Yeah, Margret on line 938 delete the rest of that line.
DR. VIGILANTE: Oh, Im sorry.
DR. COHN: So delete the rest of that line and then start a new sentence with covered entities may be required to follow more stringent state laws, period, and then we have the next list. I mean, you can put them together, but Im trying to
MR. REYNOLDS: Marjorie?
MS. GREENBERG: Yes, I just want to support that because I think that its a judgment statement that who considered it, recognized it as being unworkable. Its obviously workable in some states. So I would agree.
MR. REYNOLDS: We had a motion and a second, right. Okay. Anything else before we get to 2.1. Yes, Leslie.
DR. FRANCIS: The descriptions of informed consent are odd.
MR. REYNOLDS: Where are you?
DR. FRANCIS: Im on particularly 944 to 946. Thats just not a standard at all account of informed consent. I would replace that whole paragraph just with a single sentence that says informed consent or consent is usually all you want is the contrast between consent and authorization. So that consent is normally viewed as the permission given by an individual to a provider for a variety of healthcare services or something like that.
MR. REYNOLDS: Youre eliminating 940 to 946. Is that correct? You say get rid of the paragraph.
DR. FRANCIS: No, you might just get rid of beginning with the sentence presenting the provider with implied consent.
MR. REYNOLDS: You would replace it with what?
DR. FRANCIS: I would just get rid of it.
MR. REYNOLDS: Oh, so youre not adding anything else?
DR. FRANCIS: No.
MR. REYNOLDS: Are you satisfied that thats what you said
DR. FRANCIS: The point I took it the point you had that in there was to contrast authorization and consent.
MR. REYNOLDS: Yes, youre correct.
DR. FRANCIS: But you actually dont need anything in that whole paragraph because the real contrast isnt about informed consent to health care. Its about the confusion with states statutes that talk about consent to data release, isnt it?
MR. BLAIR: What does the contrast now say that youve eliminated that?
MR. REYNOLDS: Well, lets do this first. So as Margret captured what you want to say, then once we can get it to stop moving it on the screen, then we can all get a sense if we agree.
DR. FRANCIS: Well, what you could just do is you could just say instead of that first thing, take your sentence, instead of saying, we could just take the sentence its also noted the consent and leave that in. But the rest of it is just inaccurate about informed consent.
MR. REYNOLDS: So the way it reads is informed consent is usually viewed as permission given to a provider by an individual
DR. FRANCIS: Well, I was just trying to take that out. I was just trying to play with the language there. Just go ahead and use your second sentence, consent in health care more commonly refers to use that.
MR. BLAIR: For our benefit, could you read the whole sentence
MR. REYNOLDS: Hold on, Jeff. Once it stops moving, I will read it for you.
DR. FRANCIS: Okay. Im just using your sentence on 940, consent in health care more commonly refers to just use that sentence.
MR. REYNOLDS: Youve got to read it.
DR. FRANCIS: Exactly what it says. Consent in health care more commonly refers to the permission given by an individual to a provider no, you dont need that, and then just delete the rest of it because delete the part that said presenting to a provider is an implied consent and giving permission after all benefits and risks have been explained.
MR. REYNOLDS: So are you satisfied with whats on the screen now, and then Ill read it so that Kevin and Jeff can see it.
DR. FRANCIS: Yes.
MR. REYNOLDS: Consent in health care more commonly refers to the permission given by an individual to a provider for providing health care services (which may include interviewing, examination, specimen collection and treatment of the individual as well as use of health information).
DR. VIGILANTE: I dont even know why you need the parenthesis. Lose the stuff in the parens. I mean, do we have have to go to that level of detail?
MR. REYNOLDS: Yes.
DR. FRANCIS: Yes, I think you do.
DR. VIGILANTE: Yes, everybody thinks we do.
DR. VIGILANTE: Then I do, too.
MR. REYNOLDS: Then that would be a good thing. Okay, Mary Jo.
DR. DEERING: I wont be able to be as helpful as Id like to be here. But I remember at one of our prior discussions I raised the issue if you look to what in our current draft is line, its at the top of page 24, in summary, the use of the terms authorization and consent and when such uses are required or permitted causes confusion.
It seemed to me that that was a very important concluding statement that had been built up very appropriately from above. I didnt think we really helped resolve it in anything that followed, and I couldnt figure out how to do it. The only one of our recommendations that begins to get at it, it seems to me, is currently 967 that clarifies that the NPP is neither authorization nor consent.
So I think what Im picking up on here that might be an approach but we cant probably wordsmith it in real time is to be a lot more succinct than we currently are, and Leslies just helped us be more succinct about what is consent and what is authorization so that we are clear on what the appropriate uses of those terms are, and that perhaps the one thing I did suggest is it would be probably down on line 980, again, education and clarity and required documentation, there or somewhere to add something about clarifying the definitions and uses of authorization and consent and using them consistently because I think some of the confusion which is important to mention in this text is not just the legal confusion. Its in the eyes of all parties to the various activities.
And so its important for us to state clearly what the issue of this confusion is, to state clearly if we can what we think the intended meanings and uses are, and then show that in our recommendations that we want to reinforce the importance of addressing this issue.
So I just think that the way something is a problem didnt quite get through the so what.
DR. COHN: So Im going to have to jump in here because we are running out of time. So Mary Jo, if you have some wording offline, we have Margret to sort of help with that. So we certainly welcome that.
Now we need to break for lunch because its one oclock, and we promised privacy an hour to talk about their letter. We have a presentation at three oclock. Now Ive got a problem I want to bring up to the full committee that we really need to go through a first reading of all of this before we finish up today, and I cant see how were going to finish this up if we are basically continuing to discuss the recommendations for the first time tomorrow morning.
Now I will offer ideas. I think I will be talking to the Subcommittee chairs that have break outs this afternoon to see if theres any time we can eek out. But Im certainly up for suggestions on all this stuff.
I also want to remind people the purposes of these conversations is not to do wordsmithing. Wordsmithing can be done offline, and as much fun as it is, we really dont need to take the Full Committees time for wordsmithing.
What we are concerned about is content at this point, and are we basically agreeable with the recommendations because, as I said, all the rest we can sort of handle offline. This is just another reminder on that.
Now its one oclock. Lets give everybody a 45-minute break. Well get together about 1:45 again. We will at that point move into the security piece and privacy discussions, and I think hopefully at that point we will have a proposal for how to deal with the rest of this at least for our first reading today, okay. So Ill see you back in 45 minutes.
DR. VIGILANTE: Simon?
DR. COHN: Yes, Kevin?
DR. VIGILANTE: Simone, sorry, I wont be able to join you this afternoon. But I did want to say I liked the privacy letter and will have no substantive issues with it.
DR. COHN: We appreciate that. Will you around, available for a call or otherwise tomorrow morning?
DR. VIGILANTE: Yes, depending on the times. Ill watch the email if theres any sort of changes in schedule.
DR. COHN: Kevin, thank you. Im sorry you cant be here in person.
DR. VIGILANTE: Im sorry as well. Talk to you later.
[Luncheon recess taken.]
DR. COHN: Okay, will everyone be seated? We want to get started. We want to start out by just sort of going through, I think, some revisions to the agenda based on progress weve made so far on the or lack there of on the enhancements report.
I think weve been talking with the subcommittee chairs. Now for the next hour, what were going to do is to talk about a letter that is being discussed within the Privacy Subcommittee, and certainly that will be unchanged. Well give them the floor over to Marc in just a minute or two to review this and begin to elicit conversation.
At about three oclock, we still have the presentation from the Robert Graham Center talking about the session that occurred since our last meeting around harmonization of primary care classifications which I think should be interesting for everyone.
Now whats going to happen, though, is that according to our agenda, at four oclock we would be dividing up normally into standards and security and populations. And what weve done is Im sorry, privacy and confidentiality and populations.
And because I think we all think that its critical that we finish the review of the documents today and get it redlined so that we can properly consider it tomorrow, and so as a result these meetings are going to basically be deferred til tomorrow morning.
Instead, what we will do is to reconvene as a full committee at four oclock and probably go until about six. We will stay convened. We will stay convened after a break with the idea being that we will finish up the recommendations and redline them before we adjourn this afternoon.
Now what that means is tomorrow morning, populations and quality are sharing basically an 8-10 slot.
MS. GREENBERG: Right, quality is first from 8:00 to 9:00 or 9:15. Populations is in the same room from probably in this room from 9:15 to no later than 10:15 because then we will reconvene at 10:15 for sure as a full committee.
Standards and security has relinquished their break out session and will do their work on conference calls, correct, and email. And privacy and confidentiality as currently scheduled would meet from 8:00 to 10:00.
DR. COHN: Questions?
MS. GREENBERG: No, either for quality or populations, if theres anyone who has to call in, they will be able to. I dont think we have capacity for someone to call in to the privacy and confidentiality, but I dont know that thats needed. Okay.
DR. COHN: Jeff, you had a question.
MR. BLAIR: Yes. If we go straight to six which is fine, will we have how much time will we have before we hit dinner because
MS. GREENBERG: We were always going to end at six. Dinner is at 6:30.
MR. BLAIR: Is it still going to be at 6:30, or could we have a little bit more time then before we hit dinner like if we could hit 7:00 instead of 6:30.
MS. GREENBERG: Well, originally, it was 7:00. I mean, we could certainly ask it to be 6:45. Yeah, usually we gather ten, people have a drink or whatever.
MR. BLAIR: Okay, thats fine.
MS. GREENBERG: I think we would hope to order our meals by seven. Would that work?
MR. BLAIR: Thank you. Its my opportunity to call back and check my emails somewhere in there.
MS. GREENBERG: If someone arrives at seven, they will be accommodated.
DR. COHN: And we will make final determinations and commitments around meetings that are occurring tomorrow morning at the end of our session before we adjourn this afternoon, okay.
Now with that, I want to turn the floor over to Marc Rothstein to talk about this letter, and we have Mia Bernstein also joining us. Thank you, and please.
Agenda Item: Subcommittee on Privacy and Confidentiality --Report Update
DR. ROTHSTEIN: Thank you, Simon. Let me mention to the members of the Subcommittee to the Full Committee and to the staff you should have in front of you a copy of two versions of our letter, and you also should have received by email copies of these same two versions of the letter. And just a note to our non-member non-staff guests, because this is a working draft and constantly changing, its the NCVHS policy not to distribute to non-members drafts that are not being proposed. So this is a work in progress, and the public certainly will have access to the draft when it is being presented for consideration.
Just a little background about where this letter comes from. Youll recall that in June of 2006, our big letter on privacy and the NHIN set out a whole series of recommendations, and many of them such as R-6 and R-7 which are indicated on your copy were not definitive recommendations. They were sort of setting the stage for follow up clarification.
And in June of 2007, we followed up with our letter on covered entities which was a sort of a spin off clarification of our letter, and this is in that same vein. Weve been working on this for some time. We started in April. Youll see that this is our tenth draft. So that says something right there. Were getting close to the point where the Subcommittee will be able to, I hope, sign off on it.
MR. BLAIR: The Subcommittee or the Full Committee?
DR. ROTHSTEIN: The Subcommittee. We have not voted yet. So I think were close in the Subcommittee, but because its taken ten drafts so far, we did not want to sort of push the last mile and then bring it to the Committee and have the Committee members have fundamental problems with it and send us back home.
So the purpose of this meeting is to primarily give the non-Subcommittee members of the Full Committee an opportunity to review the concepts that were proposing tentatively in these drafts and to give us input and feedback and guidance about what concepts, principles, recommendations you like or dont like or cant live with or think need improvement or what have you.
Please dont be concerned about wording because the Subcommittee hasnt even reached that stage yet. And in fact, Pauls revision contemplates a reorganization of the letter which were going to take up ourselves, that is, the Subcommittee, when we meet privately. So dont even worry about that.
So thats the framework. Let me just briefly discuss with you the highlights included in this letter. And the purpose of the letter, of course, is to deal with the issue of what abilities individuals should have to control their most sensitive health information when that information is being disclosed for treatment purposes.
This does not take up the issue of disclosures for other sorts of purposes, some of which are being discussed in what used to be called the Secondary Uses letter and other disclosures will be addressed, I would imagine, by the Subcommittee on Privacy and Confidentiality in the future. But this is just disclosures for the purpose of treatment.
In the letter, we try to make the case for why individual control is so important, and basically its because the advent of interoperative longitudinal comprehensive records means that it will be possible to disclose to any health care provider all of an individuals birth on records, and that would include in many cases sensitive information that is unnecessary to any given provider, and we have a partial list here of every physician, nurse, dentist, pharmacist, chiropractor, optometrist, physical therapist, et cetera who requests health records. I think many patients, individuals would be unhappy if they got certain parts of their health record.
So how do you control that? How do you protect privacy to a degree where people are not discouraged from seeking treatment promptly for all sorts of stigmatizing and sensitive conditions, and yet still enable the health care providers to practice their profession in a way that theyre not sort of flying blind.
And we considered various options, and the letter discusses all the various options we considered. There are no sharing restrictions, restrictions by provider, restrictions by age of information, item by item restrictions, restricting everything but predetermined fields, in other words, starting with nothing and building up.
And the letter explains why we did not recommend that and why we did in fact recommend that the Secretary consider the alternative of sequestering information in sensitive categories. And the letter lists several categories as examples of the kinds of sensitive information that people might want to sequester such as mental health information and reproductive health information.
Note that this concept is fluid in the sense that the categories might change over time and will require a considerable amount of work to try to figure out what is actually in each of these categories. And so what we are clearly recognizing is that this way of thinking about things is not sort of off the shelf. Its a work in progress not just for us, but I think its a work in progress for the Department and the country if we decide to go down this path.
And its the same issue, I might add, that many other industrialized nations going to electronic health systems are struggling with. And so the same problems that were dealing with, theyre dealing with as well.
So the recommendations, you can read them yourself. I hope you all had a chance. It should permit individuals to sequester specific sections of their record in designated categories that are pre-determined, and that there needs to be a process to determine what categories to have inclusion and exclusion criteria, et cetera, and there also needs to be a process by which individuals who have elected to sequester certain information and authorize specific providers to gain access to that information. So you might elect not to have your mental health information available to everybody, but you do want your psychiatrist to have access to it. So theres obviously some way that needs to be developed to do that, and that should be determined as well.
Another point that health care providers, when they access a record in which there has been some sequestration will get a notice that information has been sequestered at the request of the patient, but it will not identify the information or even what field its from.
We recommend that the issue of clinical decision support be studied. Thats the very difficult one of technically, conceptually and so forth. Were not making a specific recommendation on clinical decision support at this time.
We are recommending that there be a break the glass feature incorporated in the system for emergencies so that in a genuine emergency a provider can get access to everything. And if that happens and theres a notification process automatically for the institutions for the entitys privacy officers informed immediately that the break the glass feature was used. The individual or the individuals representative is notified of the circumstances of that.
And then the last set of recommendations deals with the importance of research, development, implementation, pilot testing, not only the technologies but also the human factors that are going to be necessary to adopt this system or some system like it. In other words, the public and professional education as well as studies of the consequences of doing it overall. Is it going to improve health. Is it going to improve privacy. Are there any anticipated consequences, et cetera.
So basically those are the recommendations in various categories. The letter has been evolving over time, and at this point we would be very interested in hearing comments from the full NCVHS, not subcommittee members necessarily, to this overall theme that we are contemplating.
MR. BLAIR: Marc, it would help me if maybe Paul could go over his modifications first because Im not sure whether any questions I might have might be covered in Paul Tangs modifications, and I didnt get a copy of it.
DR. ROTHSTEIN: Paul is out at the minute. If you can hold back until he gets back, Ill let him speak for himself. If not, then Ill try to characterize it.
MR. BLAIR: Okay.
DR. LAND: I saw in the paper today where somebody was suing because they had authorized or requested their employer make a change in their 401K plan, and that change was not made, and they actually lost money. Is there anything in here relating to how you enforce this, how does the patient ensure that the provider does follow through on their request?
DR. ROTHSTEIN: Were not making any recommendations dealing with enforcement at all. Presumably, it would be dealt with in the regular enforcement mechanism that is associated with the NHIN. Now if you take a look at our June 2006 letter, we specifically have a whole set of recommendations regarding enforcement. And so this would be subsumed under that.
We did not in our 2006 letter I can get what we said on recommendations. We did not specifically recommend that there be private right of action or anything like that. We just identified the issues. That was one of the many areas in which we viewed our role as setting a framework for future discussions but not making a recommendation.
DR. W. SCANLON: I guess I was trying to put myself in the position of being a physician and how Id feel about this in the sense that that information that might have been available to me was being concealed. And I guess the area being sequestered was substance abuse, and someone coming to me and convincing me that theyre in pain and they really need Oxycontin.
And the best I can learn is that theyve got some sequestered information, and depending upon the ability of this patient, maybe they can convince it that its in another area, that I neednt worry about it. And I wonder if theres the right balance there because on the one hand I would think that if a physician does something and theres sequestered information, what does that change to the liability of the physician in terms if something goes wrong.
And yes, maybe sort of a diligent physician wouldnt have let that happen because they would have pushed to get the relevant information. But we know that theres a lot of humanity out there, and people dont go to the extreme in a lot of cases.
So thats kind of my reaction. Im wondering about the idea that you can sequester things and the physician can only know that somethings been sequestered but not know what area its in, that you can only sort of break the glass in terms of an emergency. But I dont know what exactly constitutes an emergency. I mean, it could be that we could say that if youre going to get a controlled substance, that there has to be disclosure, something sort of along those lines. But thats getting into the detail probably beyond where we want to be.
But when I read the letter, I was struck by this question of balance.
DR. ROTHSTEIN: I think weve been wrestling with many of those issues, and let me see if I can give you a sense of how we intend to deal with it.
The first question and I like your example about the Oxycontin. I think its a very good example. We are not recommending anything at the moment on the issue of clinical decision support. But one possibility would be you would, if you were thinking about prescribing, lets say, Oxycontin for pain control, the clinical decision support would search both the non-sequestered and the sequestered information and therefore come up with perhaps a drug interaction warning to you, and then you would make further inquiries of the patient. But that has not been approved as a recommendation of the Committee.
A second possibility would be, and I think this is probably what most physicians, Im guessing, would do regardless of how we handle the clinical decision support is Im not prescribing something as powerful as Oxycontin for you unless I know everything that youre currently on, and theres stuff that has been sequestered at your request, and I cant go that far unless you tell me everything youre taking.
And I think and I would ask my physician colleagues to comment, but I think that might well be a common response, and I think that would be a I dont think anything in this letter would preclude them from doing that, and it would not be a violation of the letter or the spirit of this to say I cant treat you unless I know everything.
And thats no different than it really is today when physicians are given incomplete information by patients, and they say, you know, Im not going to I need to know everything to treat you properly.
I had recognized Carol and then wait a minute, I have to get this down. Okay, first Ill get Carol, then Ill get everybody else.
MS. MCCALL: Two comments in reading this through. The first one was on the same area that you had talked about, Bill, but from a different perspective, and it was from the perspective of a person or patient, and the fact that I might be uncomfortable with my physician even knowing that there was sequestered information, that that may not even be information that you have today that something is sequestered. So youre actually getting more information than you did before.
Today, if its not in your record, you just dont know. And so my question to you is did you guys talk about that, number one, as it being more information than may be available today.
And number two, did you collect any testimony where you heard whether or not people were comfortable with that level of disclosure. That was item number one.
And then the second has to do on the break the glass feature. I would like to see something that explicitly says that theres also please make sure to put in place a replacement glass feature. So you broke the glass, but now you have to come back and fix the glass. So you have to do more than tell me who saw it or that you broke it. But you have to come back and put it all back the way that it was. And so that needs to be in place as well. Those are my two comments.
DR. ROTHSTEIN: Thank you. On the second point, we will certainly take up the replace the glass feature in subcommittee.
MR. REYNOLDS: Can I ask her a question to explain? Yes, thats what I was going to ask. Can you explain what you mean by replacing the glass.
MS. MCCALL: Yes. If you break the glass and you rip up all the sequestered information so its open now, once the emergencys over
MR. REYNOLDS: One person, one entrance.
MS. MCCALL: Okay. But youre saying that other people cant, its not kind of open forever.
DR. ROTHSTEIN: So would it satisfy you if we put in something that says like that information disclosed would then have to be resequestered? Is that what youre
MS. BERNSTEIN: Well, now youve created I think what shes saying is youve created a
MS. MCCALL: No, now its in the emergency record, and theres a discussion of whatever that information was that was maybe relevant if it was relevant to the emergency.
DR. ROTHSTEIN: Okay, she asked another question yes, on this issue, Steve? Okay. Yeah, Carol raised a very interesting point, and I can see the perplexing nature of it. I mean, obviously if theyve sequestered information and theyre not allowing it and you do a one shot thing and you say give me access, you know, then the security system goes back into place immediately after. And somebody who comes to the record immediately after that is hitting the same sequestered information as before.
I think thats not the issue that youre necessarily talking about because now the person in the emergency department has got sequestered information, may have acted on that sequestered information and has put that sequestered information in the record concerning that visit, and I think youre asking what do we do with that information.
MS. MCCALL: Right.
DR. ROTHSTEIN: Thank you. I wanted to make sure it was clarified.
MS. MCCALL: Right, and just to talk about what that does it inherit the property of sequesteredness, or whatever.
DR. ROTHSTEIN: Okay, I thank you for raising it. And Jeff did you want to comment on that.
MR. BLAIR: Yes, and its just another example of this, but it starts to make it even more complex. You know, I think that this is addressed in the context of an NHIN where typically a health care provider will wind up putting data on an EdServer if its a federated model for the health care provider to access through the NHIN. It gathers up that information from the EdServer.
Now if you have this construct the way it is now, whether its a break the glass feature or whether its six sections, you know, six different categories or four, you have I cant see technically of a way to change these things because youre looking not at its like the Internet. You know, once that information is in one format and its out there, how do you reconstruct it and remove or replace limitations once the data is out there.
And its going to be the same thing with the categories. Once health care providers have organized things in one set of categories, you had a phrase in there saying that of course these things will change over time. Well, and its not that Im against the idea of it conceptually. If I look at it privacy and legally, Id love to have all of these freedoms to be able to protect data. But technically I cant imagine how its possible to either change the categories or, you know, after youve broken the glass to put the glass back.
By the way, the letter was beautifully written. I really wanted to preface everything I said with how impressed I was with the letter. So this is a technical issue. This is a technical issue, but the letters excellent.
DR. ROTHSTEIN: Thank you, Jeff. Carol wants to address this
MS. MCCALL: On this very specific issue, I guess I would we can have an offline discussion, Jeffrey. But I will tell you there are in fact technical solutions to this matter, and I have seen them play out and have been introduced to them in the intelligence industries where it is possible to do things that are simultaneously open, yet secure.
So I would be very comfortable in this letter addressing the replace the glass type issue and leave it ot the technicians and the technologists. I know that theyre there.
MR. BLAIR: Theyre there if youre a single entity. But when youre talking about a thousand different entities and integrating that and pulling it together, okay.
DR. ROTHSTEIN: And Harry, did you have a question on this particular point. Then we go to
MR. REYNOLDS: Carol, back to your point again about replacing the glass because Im just like Jeff. I implement things, so I want to make sure I understand this. Once it goes into that entity that breaks the glass, then its in their medical record. Its in the lab. Its in everything. I mean, its all through there.
So its within that entity. Now as I understand the philosophy of the NHIN and whether that entity has information about me, then the next time it goes out, its sequestered anyhow because now its back. You know, Im using the same rules. But I agree with your point.
Im using the same rules every time Im pulling data from ten places, Im using the same rules in sequestered the same stuff. But are you saying that that entity that broke the glass and has all that data has to make it go away?
MS. MCCALL: No.
MR. REYNOLDS: Okay, well, replace the glass to me could mean that.
MS. MCCALL: Ive never said pretend it never happens. What Im saying is that if it has been made available for a specific use, that it needs to be recovered. And what youve told me is that that was always the intent.
MR. REYNOLDS: Yes, right.
MS. MCCALL: Right? That has always been the intent.
MR. REYNOLDS: But again, having listened to a lot of testimony and a lot of the doctors in the hospital side of this, one they have it in their records, then thats how they treated the patient. They knew that data, and thats what they used to treat the patient. So it has to be able to stay available to them because thats their whole audit trail.
But when it goes back on the NHIN again, I agree with you. Its back locked. So the next person that touches it somewhere else, its locked the same way as it was locked before.
MS. MCCALL: Right.
MR. REYNOLDS: Okay, good. I just wanted to make sure I understand.
DR. ROTHSTEIN: Okay, let me just say that first I want to recognize Justine. And then Paul, while you were out, Jeff asked if you could explain the revisions that you made to him, okay. So Ill just alert you to that end, and then well take other comments in order. Justine?
DR. CARR: Thanks, Marc, and also I agree. The letter is written very, very clearly. Its just the content of it.
DR. ROTHSTEIN: Maybe it would have been better off not so clear.
DR. CARR: Well, I have a question of clarification. I know that one of the candidate sequestrates is medications, and at the current time JCAHCO has just implemented a requirement that every encounter be begun and ended with a reconciliation of medications. That means that every provider needs to know every medication a patients on, and then when its over, they have to add to the list, take the ones off. Let me say it has been an enormous initiative to get these online medication things settled, and its considered to be highly valuable for the safety of the patient and the knowledge of the next provider.
So one question is just how do we reconcile or how do we balance privacy in this situation. And the second is I was thinking perhaps a little bit differently about the break the glass, replace the glass concept.
But if someone comes in with abdominal pain and you dont know about their reproductive history and you have to break the glass, and now youre writing your history and youre saying this gravita to para to woman has, you know, signs and symptoms of what could be ectopic pregnancy or something like that, that becomes part of the narrative. I dont know how you could say this blank blank woman has a blank blank, and it could be a blank blank. I mean, I just dont understand how medicine can be practiced if this information cant be then part of the history of the present illness.
So Ill put that in the history of the present illness, and everybody else who reads it will now know it. Even though its sequestered, its in my notes.
DR. WARREN: Yes, I guess I have some of the same concerns that Justine is experiencing. I mean, if I have to break the glass to treat the patient, then does that mean that my entire encounter has to be sequestered because it has some of that information in it. Or do we do something like a blank blank which then makes you wonder about that.
But I always get worried about you have a patient who comes in with a mental health history. Theyre on pretty powerful medications, and now youre getting ready to prescribe something or do some therapy. And if you dont know about those psychoactive drugs, you could make some pretty severe errors in your treatment of that patient.
And your example, too, of the OB history, if you dont know about other kinds of OBGYN history, again, you could start prescribing treatment that can be very detrimental.
But then once you start doing that, I mean, how do you redo the glass. I mean, this is data thats out there that youve documented your treatment on.
DR. ROTHSTEIN: Were going to on this point, then well take new points. Carol?
MS. MCCALL: Actually, I think what youve described isnt a break the glass situation. I actually think its the first question I asked which is what if theres something that I dont want you to know, and yet theres a flag on it that says somethings hidden here, but Im not going to tell you what. Isnt that the situation today where something is not known to you, and yet theres not even a little flag on it that says dig here.
DR. WARREN: Then tort law handles that differently than if you start making decisions with the little flag on it.
MS. MCCALL: Thats what Im saying. So I may be uncomfortable with you knowing that theres a flag there. Thats actually more information than you have today.
MR. BLAIR: Yes, but it says a flag somewhere. It doesnt say the particular area.
MS. MCCALL: Yes, but then that goes back to what Bill was bringing up. That could actually create a liability, you know, for a physician that says if theres a flag and you didnt dig, you didnt get him to reveal all that stuff, then does that create a liability for the physician.
And in fact, did you hear anything, testimony from patients that said that they like having some sort of indicator, or they dont want to have some sort of indicator.
DR. ROTHSTEIN: We didnt. Ill defer to my colleagues on the Subcommittee. But I dont remember any of our witnesses particularly addressing that issue.
DR. FRANCIS: I think the flag came actually, it was an attempt to respond to the physician concern about not knowing that something had been sequestered.
DR. ROTHSTEIN: Not even knowing
DR. FRANCIS: I mean, that something had been sequestered. Thats where that came from. And you know, I dont know, I guess the question that Id ask people like Justine and Jeff and others to help us reflect on a little bit is whether the perfect is sort of the enemy of the good. I mean, were not at all trying to figure out what would be a perfect system of protecting all the information that people want protected.
What were trying to do is figure out whats a reasonable balance between protecting privacy with the knowledge that people might actually not go see providers if they dont think that some things could be sequestered. So weve got that on the one hand, and then weve got safety on the other.
And one of the ways we were trying to create some of that balance was break the glass because it seemed important in emergency. Another was the flagging device. So what Im wondering is whether you just think the whole idea is off the table, or whether youre pointing out what we perfectly well agree with which is that theres some problems here. I mean, Im just trying to push you about where youre coming from.
DR. CARR: I mean, you know, you raise a good point. I think its hard for us who have practiced in a certain way, at least its hard for me to envision what this is like, what it would be like.
I mean, I think in a lot of ways maybe its analogous to, I guess, if a comatose patient is transferred in from somewhere, you just do the best you can, and you order all the lab I mean, in a way, it undermines the availability of data because if its fractured data, maybe you just start all over again. You build your own data set. You know, I have this feeling that part of this solution is breaking what is working in the care of patients, and you know, I have immense respect for the work and very thoughtful reflection thats gone in this. So Im just reflecting back. Im not offering an answer. But I just worry that, you know, especially this image of JCAHCO requiring this incredible effort to get all these med lists available and a part of every encounter throughout the hospital, all the consultants, all the outpatient, all this work is going into that. And yet, by the same token, we have all of this work that will make that all not possible or not usable or not
DR. ROTHSTEIN: Well, I wanted to ask you about that for just a second. So youre seeing a patient, and now at the end of the encounter you want to make sure that you know all the meds that that patient is on, both the ones that youve prescribed and other people have prescribed, okay.
So now if a patient is seeing other doctors somewhere, you have to rely on them coming forward and saying and telling you what other things there are, right.
DR. CARR: Right. So theres an electronic medication list that exists, and its available to every provider. And you see the patient. You say, okay, lets go through the list.
DR. ROTHSTEIN: But its outside of your system. Its not in your
DR. CARR: Right. No, youre right. I mean, this is part of the challenge of it. Were getting everybody on the system as we live in a world thats part paper and part electronically different systems.
DR. ROTHSTEIN: Couldnt you tell your patient verbally under this hypothetical system I need to know all the meds that youre taking, even stuff that may not be reflected in here, or I cant treat you.
DR. CARR: Yes, I mean, what Im saying is that the trajectories of these two initiatives seem to be going in different directions.
DR. ROTHSTEIN: I understand. Its not
DR. CARRL: And so what were struggling with is getting these electronic lists correct is a lot of work over time. If we have to keep rolling this boulder up this mountain, whats the point of having electronic at all.
DR. ROTHSTEIN: Okay, let me just take a time out for a second and let Paul answer Jeffs initial question which was whats the difference between the version that Mia sent out and Pauls revisions. And then the floor is back open. Don is on the top of the list, then weve got Mary Jo and Bill and Marjorie.
DR. TANG: So presumably, you dont want to know all of the changes, but Ill just focus in on this same topic which is the sequestering of data. Is that fair?
MR. BLAIR: What are the major changes that you made?
DR. TANG: Probably the major category is sequestered information, and the suggestion instead of having an open ended, you can sequester anything that can be deemed in a category, my suggestion was that we actually have an enumerated set so that everybodys playing on a level playing field particularly since its a quote NHIN, and you cant just go by tape. It rules.
So one was uniformity. Two was a pre-enumerated set. The idea was so that people could already be used to what that set is like psychoanalytic progress notes, or come to understand whats included in this so-called category.
So, for example, genetic information might be one of those things that people could learn to say, oh, thats in a special place, and I know that its going to be in this special place, and it is or is not available.
Mental health mostly is defined in the psychoanalytic notes. Maybe I just know California law. So I cant make that statement. One of the things certainly is true in California and I think is true in most states is that medication and the entering of problem list is not excluded. So in other words, psychoactive drugs would appear on an active medication list. Its not excluded because it is quote in mental health category.
Social and family history, I think a number of members have said is too broad. And so I would definitely exclude that as it not be one of those categories that you could sequester.
Drug abuse and abuse of chemicals is another area that people already know are often - are by law excluded without special consent from the patient. So the goal was to have an enumerated set of categories that physicians either already are familiar with or could be educated on what would be in that category. That was sort of the major change in this area.
DR. ROTHSTEIN: Jeff, does that
MR. BLAIR: That helps me a lot, and please put me on your queue to ask additional questions.
DR. ROTHSTEIN: Okay, you are. You made it to the bottom of the list.
DR. TANG: maybe the only other major change was to group all of the recommendations, all the ones that are together, I made them 1, a, b, c, through f. And the reason is you cant take one recommendation on its own without the others because partly doesnt make sense. And two, you do need all of them together to make the whole set.
DR. ROTHSTEIN: So the Subcommittee is going to be working to reconcile Pauls revisions with the original document that was sent. But the table is open or the floor is open for all sorts of issues. Don?
DR. STEINWACHS: There were two things that came to mind and like others its a great letter. The break the glass phenomenon, it seems to me, patients may have different thresholds for that. And so one thing at least I find appealing and may reflect my bias is the concept of looking at patient safety or potential harm to patients as a criterion level for breaking the glass.
And then you might think about is there an informed consent process that I as a patient might go through and say, well, I want to set that threshold either very high, or I want to set it very low. If theres a risk of discomfort, I may say break the glass or someone else may say unless theres a significant risk of mortality.
Now the process, like an FDA process of how you decide what goes where, might be different. But I think that idea that there are different thresholds might be a way to try and deal with this. Otherwise, its not very clear about, you know, when you break the glass
DR. ROTHSTEIN: So theoretically, are you saying that I could check the lowest level of, you know, Ive really got a bad headache, breakway versus Im drugged and unconscious.
DR. STEINWACHS: Yes, and so you cant talk to me. You cant communicate with me, and only then if theres a risk to my life will you get access to all that information. But I would just think about some way that a person could be an informed consumer or an informed patient in this process, and there would only be two or three thresholds. I dont know how youd exactly do it. But it seems to me that makes it less than just zero, one, on, off.
The other thing that raised, I remember at our institution I asked a question the other day is how long do they hold on to email, and the electronic health record might sometime look like a collection of all the email in your life. And so here it is, you know, Dons wife described in email.
And so I sort of think of the record the same way. There are lots of things in there that it would be hard to go back and always interpret. So rule out diagnoses if they dont actually result in something become kind of garbage of information.
There may be other things, and many of you could talk about it better than I could about random elevated values of things and so on. So what I didnt hear, and I didnt have a chance to read in a lot of detail was, is there anything that sort of retires information or sets it in a different category that is probably no longer useful and relevant.
I was at a lecture the other day talking about the stability of psychiatric diagnoses, and they arent. And so having schizophrenia once or twice years later, it may no longer be. Or bipolar. And so things can change. And I keep getting a sense here sometimes that the electronic health record, its written in stone. And so when Im 95, theyre still pulling up something that might be an interesting diagnoses at age six or ten.
And so its not sequestering as much, I guess, as the question of are there categories of things that should be put into a class possibly so that they dont immediately pop up all the time unless indeed they should.
DR. ROTHSTEIN: We actually did consider sort of time issue. A sort of limited time on certain information. We were, I think, persuaded that there are certain kinds of illnesses and certain kinds of treatments and so forth that would not be appropriate to wipe off.
And rather than trying to come up with a list of things that would drop off and things that would stay on forever, we just said all right, were not going to slice the pie on the basis of age of the data. Were going to slide it by the nature of the information. And certainly the older stuff has a certain appeal to drop off if its irrelevant. But who knows whether its irrelevant. I mean, thats
DR. STEINWACHS: Well, you know, a lot of us keep hoping that evidence-based medicines going to progress to the point where maybe therell will be, you know, some answers to that.
The only reason for raising it is that part of the reason youre talking about having access to every piece of information throughout the lifetime, again, comes back in my mind to patient safety concerns. Is there potential harm. And so you might be able to think of some cross walk here that talks about the timeliness or how recent is this information and the patient safety threat. And so you might have a concept, and it may be one of those things that goes under the research area. But I would as many ways use patient safety as this issue of both for the patient and the system, you know, what are we doing to protect it, and at what risk am I willing to take which people do in the doctors office.
DR. ROTHSTEIN: I think its a very good point. Its something that personally interests me. The AMA Code of Ethics says that physicians are free to discard information that would not be relevant to a physician seeing a patient for the first time, but certain kinds of information such as history of chemotherapy is the example they use in the Code of Ethics should remain there for the life of the patient.
Its a very hard thing to do. We didnt go that path because its really hard. So let me tell you whos on my list in what order. I have Mary Jo, then Bill, Marjorie, Jeff, Carol and then Larry.
DR. DEERING: Whos on first, right?
DR. ROTHSTEIN: Right.
DR. DEERING: Whos on firs? Mary Jos on first. Okay. I wanted to talk to a couple of things, the second of things is the break the glass. But the first is, and Im sensitive to what Justine says about breaking something thats working. And I would suggest that a word and a concept that hasnt been used here that is an extraordinarily high value that most people needs enforcing is communication.
Its my understanding that all docs except maybe surgeons and maybe even them, too, agree that enhanced provider patient communication is what is ultimately, is one of the unalterable factors in positive outcomes.
And it seems to me that this document could benefit by an even stronger statement about the fact that this is an essential step toward improving doctor-patient information. It depends on it. It doesnt have to be complicated. It really would be a natural extension of the sort of communication that you already do. You would never prescribe anything to anybody by just looking at a piece of paper and never looking up at the patient in front of you. Youre always going to probe and ask questions.
And it seems to me that the ability of this kind of a step to number one, open up the opportunity to discuss with the patient, you know, this is the information I have about you, and this is the way I think were going to go would be extraordinarily valuable.
So I think that given, I mean, you tucked it into a footnote that like only one in 10,000 people actually ever opts out. People just want the choice, and I think that you make those points. But maybe they dont come through strong enough.
So in other words, I think that on one hand some of the concerns may be overstated. I think it would be a disaster if NHIN developed into a system where everything was automatic decision support and people only based their diagnoses and prescriptions based on something that automatically cropped up in electronic record. I think that would be negligence as far as Im concerned as a patient.
Anyway, so thats my horse there. But I do think just strengthening this point that this is a positive step. This is a positive step toward improving care, not just privacy. This is a step toward improving care, I think.
Secondly, with regard to the break the glass, I just want to reinforce something that Carol said about the technologies regarding putting it back together again, and the word is metadata in some cases. You know, its the metadata about what was sequestered that could follow that data element from wherever it goes. If youve got that data element and it had the metadata tag on it that it was sequestered information, then that tag could persevere into the next state.
And granted, exactly how you implemented it, the technologist would have to tell you. But, again, youve called for research into how to do it. And I do believe that that could address some of the concerns that people have.
DR. W. SCANLON: Thank you. It probably goes back to what Mary Jo just said as well as what Carol said earlier. But we are envisioning a world where even if we sequester things, it will mean more information than we currently have, and thats exactly what we want.
We want care to involve a better information base. So theres a lot of trade offs that are in this. And I think that the concern that probably motivates this letter is from the data uses group, it seems that we were constantly coming back to the issue of whats the harm that will happen with respect to disclosure of information, or whats the harm thats going to occur because people fear that information is going to be disclosed. In other words, when they fear it, theyre going to withhold it, and theres going to be a consequence in terms of treatment.
In data uses, we talked about both of the issue of privacy, but also the issue of security. And I think it would be a good thing to bring into this as well which is the issue of how do we increase peoples confidence that information can be disclosed to people that are treating without it being at risk.
And as Mary Jo says, only one out of 10,000 is going to opt out. But if we feel motivated that we have to put into place a system like this, we must feel that theres a significant enough problem that maybe its worth working on the other side of it which is the issue of confidence, confidence in providers that they are going to respect your privacy because theyre going to use that information only as it should be for your treatment at that point in time.
DR. ROTHSTEIN: Thank you. Marjorie?
MS. GREENBERG: Well, I think the last two comments that were made were both very good, and I think that certainly can be accommodated. And maybe my remarks were somewhat in reaction to some of the earlier comments because what I was going to say was I dont think maybe Im wrong on this. But I was going to say I dont think anyone would youre probably not going to find a clinician who wouldnt like to have all the information and all the right information. I mean, any of us in our profession, thats ideal to have all the information that we need to do the best job that we can.
That unfortunately isnt life, but we aim for that, and then, you know, certainly we dont want to be worse off by whatever new policies come up than we were to start off with.
But I think you can take that as a given, but I also think you have to take as a given that this is an issue that has to be addressed. As Marc said, I mean, its certainly being looked at in other countries which have actually have made more progress towards something like an NHIN because they have a national health service or because theyre putting a lot of money into it or what have you.
And I think that the evidence so far, although thats why I definitely agree that this needs to be more researched, is that theres a minority of people who really would want to take this option of being able to sequester certain information.
Those are probably the same people many of whom who are not now revealing certain information. So in that sense, maybe its a wash. But youre not better off. And then theres maybe a larger number of people who want at least the option, but as Mary Jo suggested with communication, education, et cetera as Don suggested might say, well, now that I, you know, I wanted to have that opportunity. But now that I have all this information, Im going to not take it.
And so I think if you come at it that way rather than but we really want all this information which of course one would, then the question really comes down to from my point of view, is this something that the National Committee can constructively provide some guidance on and provide some reasoned recommendations on or not because somebody its not going to go away. If the National Committee doesnt address this, it doesnt mean that the issues go away. We could wait until we see how other countries solve it. But I think, you know, theres a lot of cultural differences, et cetera, so you cant completely rely on that.
So that was just sort of the context I wanted to offer.
DR. ROTHSTEIN: Thank you very much. I have five people left on the list, and that will have to close the list because theres more to go. So I have Jeff, and Carol, Larry, Mia and Gene.
MR. BLAIR: I think theres so much value in the thoughts in this letter that I really want to see it go forward. So some of the things that Im uncomfortable with I feel pretty strongly about because I dont want it to derail this.
The idea of setting up categories is fine. I like the idea of Paul saying fewer categories would be better than more because the area that I have the greatest concern about is the idea of the patient having the right to change their designations later or change their mind later on stuff because were not talking about a hospital any more, and were not talking about a network any more. Were talking about a network of networks, and were talking about health care institutions that have certain privacy responsibilities on their own. And all of the stuff in this letter can be accommodated as I could see it. Most of it either in a federated model where basically the basic categories are identified by the health care providers, and the health care networks are agnostic. Are you with me on this? The health care networks are basically conduits assembling the information. Theyre not making judgments. The judgment is made by the health care provider at the time that the patient is winding up seeing their provider, and theyre saying, oh, by the way, these are the categories that I want sequestered to not go on the network. Thats when the decision is made.
If you wind up having a different model with a centralized database which we have been told could derail everything we have, you then have a different set of technical choices. And if this letter starts to get into the architecture of the networks and exactly where the decisions are made, I think it could derail this and well lose the value of the concept of having an individual have the right to designate that certain sections of their record should be sequestered.
So my thought is that with respect to them changing either the categories or changing their minds afterwards, I would say thats for later exploration. For us to start to include it here, I think, could cause chaos.
DR. ROTHSTEIN: Well, thank you, Jeff. I just want to mention one of the things that concerned us was actually the opposite, that thinking ahead in the future ten or 20 years from now, maybe the same stigma wouldnt attach to mental illness that currently attaches to mental illness. Maybe the same stigma that attaches to genetic diseases doesnt attach in the future, and therefore we could collapse those categories, not create new ones. But the idea was hopefully that we would eliminate categories. But who knows.
MR. BLAIR: Well, thats why maybe Im learning towards the wisdom of Pauls suggestion whereas we could still identify that these are all areas that are valid for sequestering. But for us to have things as simple as possible with one, two or three general categories of sequestration so that over time if somebody wants tothere may be more abuse situations that arise in the future. And if the category is already there for all forms of abuse, then they could fit into that one all forms of genetic issues, all forms of whatever.
But I would gravitate towards fewer broad flexible, in other words, another area of criteria in choosing the categories is flexibility to accommodate things in the future so that were not looking at having information disseminated and then somebody winds up saying, well I want a new category, and theres no way to retrieve the information from the network of networks to accommodate them.
DR. ROTHSTEIN: Thank you. Carol.
MS. MCCALL: A couple of comments, and then a request for the Subcommittee. I guess the first comment is in response to Marjorie. I hear you I hear you when you say we need to think about whether or not we should opine, and I think we have to. I think we have to opine on this. I think its a delightful letter. I think you guys have done a great job. Youre not done, but I think youve captured something thats really vital.
To Justine, it is kind of a contradiction, isnt it? You know, we do all this work to try to make all this stuff available, and then were busy trying to figure out way to scrape it out. And yet, I think thats part of we need to embrace that contradiction.
So I dont neither one of these efforts, I think, makes neither one makes the other futile. I think theyre both absolutely vital. And I think what I would ask you to do one thing for the Committee is actually to place even more emphasis. Its on page two. Its that second paragraph that leads into the importance of individual control. You have captured something here that I would love for you to even emphasize more which is that the future will be different than the past, that when you say it is now possible for providers to obtain records without any notice or permission, you know, kind of cradle to grave. That is so important, and it really was impossible before. And if it was, it was that kind of Marcus Welby small town feel where its not only that you had my cradle to the grave record. You generated the entire thing. And so you already knew. The fact that you wrote it down was just moot, you know.
But thats not the same any more which then brings me to, I guess, a second request which is about this category. And so you said something, Paul, actually that surprised me because I read it another way.
I thought the categories were not going to be predefined. I thought that what you had put in here were a sample. And when I look at these categories and think about them being predefined as these, in particular, as a woman my eyes drawn to reproductive health, its a big category, and I dont want to carve the whole thing out. And yet there may be some things within there that are absolutely vital for me to carve out, and they may have to do with an abortion or a miscarriage or sexually transmitted disease, and theyre in the past. And yet I just may not want them coming forward.
And yet there are other things in reproductive health that are absolutely vital that docs today know. So talk about those specific things in the group and see how those weigh against each other.
DR. ROTHSTEIN: Thank you for your comments. Larry?
DR. GREEN: There is no change about the existence of sequestered information in my view. Theres always been sequestered sensitive information in health care. What has changed in my view is we now are entering the information age where what used to be sequestered information may be widely disseminatable somewhat anonymously anywhere on the planet instantaneously. Thats a very terrifying proposition for us as patients in my view.
But it is a mistake to think that medical records have somehow or other in the last few days, few years or because of computers suddenly begun to have sequestered information. It is the very nature of doctoring that there is sharing of information that is kept private, and how it is recorded and where its recorded and how its recorded, this has been being dealt with for centuries.
Its the size and scope and instantaneousness of being able to move this very sensitive information around that is scariness in my view. So very important. One of the assignments I gave myself after our last meeting was to pretend while seeing patients that this had been implemented.
So I have a long list which I will spare you. But I do just want to use one example to make a point. I used one of the five largest electronic health records in the country. Im in a multi specialty group practice. We are so thrilled that we actually work off the same database, 700 doctors, several hospitals, scattered all around. We really like being able to access the database from wherever we are for this patient, whoevers seeing him or her.
Earlier today, we heard from Jim and Karen about plans about electronic prescribing and that sort of thing. Well, my electronic health record will not let me prescribe electronically until I have linked the medication I am prescribing to the problem for which it is intended.
So Im seeing a bipolar patient who has asked that their mental health record be sequestered. Also their social health record. I mean, shes only the fourth generation to have it in her family, and her kid has it, too. And she doesnt want anyone to know that. But she is standing there saying Im down to my last Dolamentil. Give it to me.
I actually do not have the mechanism to prescribe Dolamentil until I link it to something. Now I have a choice. I lie, I link it to something that is not sequestered, or I say she has bipolar disorder, and that unsequesters it and it goes back to Justines point.
Now I have a long, long list not of the perfect being enemy of the good, but the practical being the enemy of the good here. And I dont want this meeting to end without just being one member of the Committee that agrees with one point and the sense of another.
Its a gorgeous letter. It raises some very important issues that we should wrestle with, and it is a mistake to go very far with this until theres a great deal more study done about how to do it and its implications.
DR. ROTHSTEIN: Larry, I have a question for you. The letter tries to point out the importance of affording individuals some level of control which I think you would agree with, and reviews some of the major options and then says as between the major options we think this is the best prospect at this point, and we are recommending that you do research and et cetera, et cetera, et cetera.
Im wondering where you get off the bus, I mean, of how far did we go beyond where youre comfortable.
DR. GREEN: I dont think were smart enough to go very far is my point. I wish we were. Im actually not clear, Marc, whether IT and the new world of information technology is positioning us to be able for the first time in human history to empower patients, to respect to their autonomy, give them more control over their health care or if we have just unleashed a technology that makes it almost impossible to protect their autonomy and their privacy.
Its a very important issue. But I really get off the bus is when we decide we know more than we do. Some of the things that were proposing that should be considered, I think that Justine and I could in the morning patient care perhaps change everyones thinking about what we thought we knew, not from trying to not make it happen, but just trying to take care of the folks, just trying to be a good doctor today for you and your family.
This is tough territory that this letter goes into, and where I get off the bus is when it just starts seeing language in here when I say, well, if I go see patients tomorrow and that comes to past, can I do a good job. When I start saying I dont think I can do it, Im going to get off the bus.
DR. ROTHSTEIN: Okay, because Im just trying to figure out what we would need to do to get you and Justine to have some acceptability level in this document. So Mia, did you want to say something?
MS. BERNSTEIN: I just I think were there, but I just wanted to ask if theres any issue that has not already arised that somebody is thinking of that can be briefly described just so I have a note that theres, I mean, the main point of this discussion was just to identify those issues. And if somebody could quickly do anything that hasnt come up already, if its come up, thats great.
DR. ROTHSTEIN: Simon is getting ready to pull the power on my mike. I told Gene that he could speak, and then Harry.
DR. STEUERLE: I will be very quick, and I have to say that I find myself, although Im not a doctor, a little bit in Justine and Larrys camp in part because Ive always feared, as you know that on the privacy side were going more in the direction of threatening potential gains we can for people.
But heres where I suggest or I think further research can be done. I think your letter is way too quick in waving its hand at the potential problem by pointing to this one out of 10,000 patients in Denmark. And then if you look at the footnote, the 3.2 percent in the Mayo Health Clinic which by the way is 3200 times the one out of 10,000 rate which just shows you that some slight difference in the way theyve worded it has caused a 3200 fold increase in the number of people who want to do things.
And as we know from opt out/opt in, we have things like 85 participation opt out, and five percent opt in or whatever else it is. So the way these privacy conditions would be passed on to patients, is it John, Paul, you know, having them when theyre in the emergency room, sign the 30 page letter that they said on the bottom line to get health care. Nobody reads it because they just want to get it done. And so technically, theyve opted out. Or is it where the doctor has to sit down and say, oh, to a 90-year-old woman by the way and in the category of what did you call that again, please, reproductive health and what, you know.
So the question of how they would work out in practice, I think, probably would be dominated by the lawyers and dominated by sort of how behavior reacts to the way the things set up. And I think the letters way too quick there. I could see a lot more research at least given to that. No matter which end of this debate one comes out on, I could see a lot more research on making sure that this process did not become, did not inundate and become very inefficient.
DR. ROTHSTEIN: Okay, thank you, and Harry, final word.
MR. REYNOLDS: Yeah, Larry and some of the rest of you, one of the things I think you could help us with because what I would add, Larry, to your discussion as to why some of us are still staying on the bus is that the bus doesnt have any brakes. And the issue right now is there are an awful lot of health information exchanges. There is the NHIN in its infancy. There are pilot projects going on all over the country.
And they are not attuned to this discussion. They are not attuned to this issue. They are not as learned as we have been able to become not because of ourselves, but because of the people weve listened to.
And so consequently the technology is occurring. And being an IT guy, I agree with you. But IT left to itself which it can be right now with some of the things that are going on, also can completely disenfranchise maybe both sides.
And so I think we may need to calm it down, and I understand everybodys point. But if we dont get this debate into some kind of structure and we dont get this debate in the game right now, the game is going on and its going on with a lot of money in a lot of places. My own states been involved in a number of them, and its going to continue to go on. And all its going to take is a couple more years, and its going to be so far outside the gate that having this discussion at that point when people are already implemented, already in production, already spent a lot of money, already doing certain things is the thing that worries many of us because I dont treat patients, and Im not a lawyer. But watching the health IT, I dont think the patients or the doctors want to turn the world over to the IT people either. And I think thats what these exchanges and other things can quickly become and are becoming.
And so thats why I hope that all of us at least stay on the bus a little longer even if we may not sit in the same seat with each other. But I think thats really important because this debate is paramount when you look at the timing of whats going on. Thats the thing thats driving a lot of us to remain passionate about where were going. Its not whether we have the right or wrong answer. If the right debate doesnt go on, we have a big problem.
DR. ROTHSTEIN: I want to thank all of you for your input. It was beautifully expressed.
DR. COHN: Mark, thank you for the beautiful time. Weve been asked that we have presenters who are outside. Theyve been asked that we take about a five-minute break which Im you all will be happy to do so they can set the powerpoint presentation. So why dont we give everybody a couple of minutes, and well get started again.
[Break]
DR. COHN: Okay, will everyone please be seated. I think we may get started. Okay.
This next session, were actually very pleased to welcome both Bob Phillips and Michael Klinkman to talk about the results of a symposium or invitational that was sponsored by ARC and hosted by the Robert Graham Center on harmonizing data standards for primary care.
As I commented earlier today, Larry Green has been a principal in it. But I think hes having to recuse himself from the conversation.
DR. GREEN: Not from the conversation, but from the presentation.
DR. COHN: From the presentation, anyway. And so were obviously delighted to have you here to sort of brief us on what sounds like a very interesting set of discussions. So, please.
Agenda Item: Robert Graham Center Presentation Harmonizing Primary Care Standards
MR. PHILLIPS: Dr. Cohn, thank you very much. Its really a pleasure to be here. I understand were a break in your business. So we can make it as long as you like or as short as you like.
Well, the conference that we held with AHRQs support was called harmonizing data standards for primary care. It was really about how do you empower the patients and send them home with health information technology. It was serendipitous that just a few weeks before our conference and right before the Institute of Medicine meeting, the roundtable on evidence based medicine, one of the working groups of the Institute of Medicine came out with its report, and one of the quotations I pulled from that because it was so helpful for our conference was this one. The single most transformational step towards achieving the goal of a learning health care system would be the development and implementation of IT industry standards.
I think that fits very well with your introductory statement on your website which says basically the same thing. And we came at this because we had concerns that the largest platform for health care in this country where more than half a billion visits are made every year, several million every day is being left behind in the health IT standards development process.
So we wanted to have a conversation with people involved in the standards process and people involved in taking care of the people in primary care settings to understand what are the opportunities for affecting this flow of standards, and what are the strategies we should be looking at to make that happen.
Because what we really need in this new era of health as an information business, as an information exchange is the capacity to have standards that are shared, but also be able to tailor our health IT and health information standards within a single setting and make sure that theyre tailored but harmonized.
So kind of the big picture in terms of primary care is most people have the usual source of care in this country. Eight out of ten people will say they do, and most of those people, if they name a person, will say its someone in primary care.
But I would challenge you to find a use case right now in development or published about the physician patient visit, particularly in the primary care setting. The medical home is a construct that has legs right now in legislation and within IT circles, within a lot of circles. Its a concept that sustaining human relationships are about a place and about a relationship, and that place, this home has a set of functions that its supposed to deliver for every patient that relies on that place for their care, and that it has to have an infrastructure, it has to have a team of providers.
And one of the things that they talk about in discussions about the medical home is that it has to have a robust IT system, period. Theres not a lot that follows that discussion. And what we really want to talk about how that is critical to the medical home actually functioning and delivering like its supposed to.
And health care is lagging in the information age, and primary care certainly within health care. And its our position, and it was definitely a consensus of the conference is you cant get to quality, you cant get to measurement, you cant get to effective decision support, you cant get to a synchronous care, you cant get the connection between personal health record and the EHRs without having these standards operating.
And primary care cant get there without its own information model, without a way of turning its data into information and sharing it with other systems. And the standards process, as I said, has really neglected primary care.
Some of what I call in here high level standards, you could call them functions if you want to. But the thing that our information and model in primary care really needs to be able to do is create registries. We need to be able to identify the patients were taking care of and know what conditions they have.
We need to know who they say their doctor is. We need to know why they come not just what theyre diagnosed with, but why do they come, what is it that brought them there today, and what are the goals and values in dealing with that condition or whatever conditions that they have in addition to it.
And we have to be able to organize those into episodes of care. And episodes mean a variety of things to different people. And an episode for us means when they came in and said I have this problem until theres a diagnosis attached to that problem and until theres a resolution to that problem, if ever.
So an episode may be one visit. I hurt here, and that hurt goes away. Or it may be I have diabetes, and its a life long episode. But unless we can organize the data that way, we cant understand how symptoms become diseases. We cant understand how symptoms and diseases and the medications and the way we treat them lead to outcomes. We just cant understand that pathway.
And payers understand it. Payers right now are taking their secondary claims data, and theyre organizing those into episodes like crazy because its the only way they can understand where theyre leaking cash and what their best opportunities are for managing care better to reduce their expenses. But theyre working with claims data.
We had an economist working on this problem at our meeting. And when we demonstrated what you can do when you have an information model operating, he lit up. He got it. He said, oh, my gosh, if we could do that from the data clinical systems and not from our claims systems, it would be incredible.
My clinic is operating with one of the top five EHRs in use in this country, and I cant do any of these out of box, not a single one of them. Weve had to retrofit it using our own coding to even get to patient registry.
DR. KLINKMAN: So heres where Bob turns things over to me for a few minutes and lets me dig down. So for the next few minutes, were going to talk a little bit more specifically about what we did at the conference.
And I start with another quote here. This is from a recent report that many of you may have seen. Its an ARC publication released in July where people from the Institute for Health Care Improvement had looked at primary care health information technology.
Basically, HIT has the potential to enable better care for patients, help clinicians achieve continuing improvements in the quality of care, in primary care. However, simply implementing current health IT tools will not bring about these results. To generate substantial ongoing improvements, health IT adoption must go hand in hand with the implementation of a robust care model and the routine use of solvent proven methods.
Its the care model were going to talk about for a bit here because what we realize in the end is and maybe something of relevance to NCVHS is that we may do a great job of identifying individual tools or terminologies that get at a piece of what the health counter price does. But particularly for primary care, those pieces have got to fit together with some structure, and thats whats missing.
So basic things we need to know. This is from my perspective, Im a practicing primary care doc who dabbles in some of this stuff when he has spare time. Who has blank, diabetes in my practice. Thats disease registries. Theyre necessary for point of care decision support and all the other things you already know about.
Who gets something? Patients coming in with fatigue. Who gets cancer? When they come in with presenting and complaint of fatigue. We simply cant answer that from data that we have in practices in the U.S. because all we have are the diagnostic information. We dont have the beginning of the episode. Thats basic clinical epidemiology for primary care is missing, and it requires an episode of care for the data for longitudinal stream of services is linked together.
What is the context in which that care is provided. What do we know about competing demands? How do we code and follow social problems that impact our ability to deliver medical care? How do we include patient goals and priorities on a routine basis, and how do we manage multi morbidity.
And finally, what happened out there? How do you move information retrieval from simply having an isolated retrieval of my practice data to being able to retrieve what happened to my patient when they left my practice and went to the consultant.
Now what we passed around before we started the meeting is a single page which gives sort of the beginning of a use case, just talking about how a medical home might work in action in primary care. You all can peruse it at your convenience.
But these questions are right at the core of what we try to do in routine health care every day, and it leads to this information model, and Im going to run through this in a few slides.
The basic structure of information in primary care is pretty simple. You need to have information about persons, their problems. We call clinical modifiers, things that would affect how we manage a problem meaning what are the risk factors because were moving from managing disease to managing risk factors.
What are significant prior events that may not be in a current problem but still affect our management. What actions are taken, what decisions are made when intervention meaning lab tests or other procedures. Time how do we structure information over time so that we can retrieve it all by pulling on one rope or one pulley.
And finally, how do we have consistent and universal data import and export so that we can find out what happened outside of our practice. Those are the structural building blocks of the model that we think probably is necessary for medical care, for primary care.
So we take a step back, and given the severe constraints that face primary care physicians and patients, ten-minute visits, ten problems to address in those ten minutes, needing to record information before we move on to the next patient and forget what we did during those ten minutes.
Under those constraints, we have to rely on patients to give us some of that information, or as time goes on, to enter it themselves. We can create templates for patients to enter data before they see us or while theyre waiting to see us totally asynchronously from home. Thats the personal health record that you all have heard about.
Clinicians also must input data whether its through natural language and dictation or structured templates. But theres a limit to how many templates you can run through in primary care when you have somebody with four problems in front of you.
And finally, automated data feeds. We found that there is one classification that enables us to tie together these different strings in different parts of structure. Its called the International Classification of Primary Care. Its in use widely in Europe and around the world. It hasnt had much traction in the U.S. yet. But it brings together in its current form several of these cases to input and structure.
So for those of you that have never heard these initials before, ICPC is a very simple classification not a terminology, but a classification that includes 17 chapters. Its intended for almost mnemonic use by primary care physicians to record patients reasons for the visit, why they came in, symptoms, complaints, diagnoses and to tie them together from one visit to the next as long as the problem is being addressed. So its organized into episodes.
The key features are that it incorporates patient voices. It allows for the use of symptom diagnoses in primary care where theyre appropriate rather than forcing a rule out or premature closure on a specific diagnosis. It accommodates social problems as problems to be addressed. Its episode based, so it can track the process of care for a problem over time.
It is of limited granularity which is an issue if youre thinking in terms of terminologies that underlie electronic records. But when youre thinking of data retrieval, lack of granularity can at times be a very good thing. Repeat it again, its not a terminology, but it has mapped the standard terminologies including ICD-10, ICD-9CM. It is being mapped now to SNOMED-CT, and its also linked to certain controlled clinical terminologies used by folks running medical records in different countries. Belgium and the Netherlands are probably the two best examples.
We have created Windows allowing ICPC to be linked to other procedural terminologies such as CBT. Weve incorporated SF and WONCA cop charts to look at disability or function, and we are exploring how to incorporate ICF, International Classification of Functions, Disabilities and Handicaps into a recording system based on ICPC.
So weve got inputs. Weve got structure. We need outputs, and this gets at much of what the ARC Report talks about which is what are the views, what are the data retrieval structures needed. How can you actually work with information in the context of primary care. How can primary care docs own their data and use it in every day practice.
There are five basic types of views that are important to have. Aggregate views which provide the kind of fodder for disease registries and heed us determination. There are aggregate longitudinal views that we currently cannot do here in this country from primary care data. There are cross sectional patient views that we all have in our EMRs to a greater or lesser degree giving a dashboard, giving prompts and reminders. And then at the very bottom longitudinal patient views so we can understand how episodes interact over time, and how problems come together or go apart over time, and what comorbidity really means.
All of those things are ways that we can structure that information. It may come in simple building blocks. We have some experiences with software. This is probably the best known international version. Its in use in many practices in the Netherlands and some in Malta.
The electronic record does structure itself so that this kind of innovation can be easily retrieved. It gives a very precise picture of primary care epidemiology. Were just experimenting in my site at the University of Michigan with Klinkotractor which does some of the things here as well.
So this last real picture I think warrants a little bit of time. I think this is what people at the conference came to some understanding of how classifications and terminologies could fit together to support primary care health information technology.
At the very center is a sort of a structural glue. You can think of something like ICPC which is, again, not extremely granular, but has the correct structure to enable data retrieval and to be able to work with data in episode format. ICPC can be mapped and linked, therefore, to ICD, to ICF for those cases in which we need to have routine functional and disability assessments, to classifications of symptoms or social problems that are not yet fully developed in that next tier. And I think heres a great opportunity for us to work with NCVHS and National Center for Health Statistics on incorporating reasons for encounter or reasons for visit into ICD.
Risk factors and health interventions, again, WHO is interested in working on an international classification for health interventions. We have our own here. At the very floor of all of this stuff is a tremendous role for SNOMED-CT because that provides the granularity, the very precision that you might want for an individual patient record or an individual specific patient problem. But it needs to be retrieved, I think, through the structural capability of something that could put the information I proper perspective so that docs in practice can learn from their data and work with their data in real time rather than depending upon a very complex structure that they may never get to.
I think with that, I think we can pass through those. Maybe going back to this, one way to think about this at maybe a 30,000 foot level and one way that we explored by the end of the meeting is to think about the value that can be added by coupling information technology, patients own ways of obtaining information with the medical home. So starting at the left, a patient currently and increasingly in the future is going to have all sorts of information whether thrown at them or sought out on the web. But it is not easy for a lay person to assemble, parse, use that information correctly.
So without there being some way to synthesize, filter and manage that information, without there being some partnership between a medical home and a patient, that information may or may not lead to better health care use and better health care outcomes.
So you see then an activated patient who couples with the medical home in which that information is synthesized, its sorted, its ordered, its recorded at that patients medical home so that the patient does not have to parse the information and decide what is given to the specialist, what is given to the primary care doc, what is given to a nurse, and how to figure out which place goes where.
Once a patient and a primary care medical home come together, the information can be focused and filtered, and that can lead to very highly structured knowledge transfer to specialists or other providers as necessary. Thats a big, huge vision.
But I think we need to put some very simple building blocks in place, and the conference, I think, reinforced that message that without simple building blocks, a system that was intended to support primary care would collapse under its own weight.
So now what can you all do to help us from this point forward.
DR. PHILLIPS: And were filtering. There were probably 40 strategic opportunities that came out of this conference that were recommended by everyone participating. And Im only bringing a few of those to you that I think NCVHS touches on most primarily.
So the first is some form of endorsing of ICPC or some direction to ONC and AHIC to develop a use case. One of the reasons this might be appealing is because the interest of bringing ICD-10-CM into this country, it might be a much easier thing if those two are mapped and primary care physicians are offered a classification scheme of 687 classifications instead of 14,000, and were perfectly comfortable using ICD-9 right now.
They may not all choose to use ICPC, and thats fine. But if theyre mapped, it makes it easier for them to start using one and be able to produce the other and meet the needs and interests of NCVHS but also WHO.
Another opportunity to integrate, as Mike said earlier, the reason for encounter codes from ICPC into ICD-10-CM, capturing that reason for encounter is so important if you want to understand how symptoms become disease.
Weve got a paper using data from the Netherlands of the probability of breast pain, breast lump, concern about breast cancer actually becoming breast cancer. And you can look at it by age and presentation of symptoms. You cant do that with data in the U.S. And putting reason for encounter codes into ICD-10-CM would be I think an amazing information opportunity, and then that could also lead to the National Uniform Billing Committee putting into their standards something that gets paid for so that theres some incentive for actually recording those.
You all are the experts on privacy standards. Im not going to try and wade in to telling you what to do about privacy standards. But some of the opportunities related to that are to make sure that the privacy standards dont affect the capacity of patients to use their PHR, their personal health record, to put information into their electronic health record. It would be, I think, just a tragedy for them to be managing information on one side and then have to carry it in on paper or some other format to be dumped into their EHR in a format that may not be standardized.
I can tell you how frustration it is. I had a 79-year-old patient of mine who carried around his medical record that we had created for him on a thumb drive around his neck between the four providers of other sub-specialty care and the three hospitals, still wound up on an extra calcium channel blocker and going into complete heart block and winding up with a pacemaker he probably didnt need. The information was around his neck the entire time.
I can envision people creating PHRs and trying to carry the information in like that. Another is to avoid privacy standards that dont permit physicians or payer groups to contract with outside data managers. Just because you construct these databases and organize the data the way we discussed does not necessarily mean that a physician can sit down and use them to understand their practice.
In the Netherlands, it created a platform that does that for the physician so that they put in reason for encounter. You know, if this person has belly pain and theyre this age and this gender, here are the ten probabilities. The highest probability is based on our active database right now of what this likely is, and here are the tests you should run to decide which of those it may be or to go to another step. And boom, heres number one, youve made this diagnosis, and now here are the guidelines youre going to follow with this patients care.
The only reason that can happen is because theres a data management platform in place, and EHR can do that if its designed correctly. But you may also want to have the capacity for outside data management systems to that for practices, but also to provide them feedback on their quality or to feed your national health information surveys so that you have a national health survey, but you also have this robust database telling you about epidemiology thats hitting primary care this week.
The other thing we really need help with that the conference helped us with a lot because we had a lot of the federal agency folks and standards folks there, but we need help in developing a working relationship with ONC with the primary message being that primary care is standards for primary care are not, theyre not done, and that they need to be relooked at, and there are some specific options for them to consider.
Another is to turn to DHS and request or recommend a standard for primary care data structures for further development in case development just like you did recently with ICF. And if you have suggestions, were completely open to them about how to get primary care and its use cases and the HITSP and CCHIT and to vendors and to other places in HHS that might be helpful.
Were not experts at this, and you all are, and we could use help. Thats it.
DR. COHN: I think a very interesting set of messages and suggestions. Any comments or questions from the Committee? Larry?
DR. GREEN: Id like to make two. One if Marjorie brought a very interesting panel together for this conference that included representation from Geneva and the National Library of Medicine. Since Carl White started beating up on me about 30 years ago, Ive held up well, right. Im not sure Ive witnessed something quite as electric as what happened when these different segments trying to organize the information world and structure it, when they started seeing how their piece of it and their interest sort of could come together around an integrated platform which worked in this international meeting by clients in medical home. People those plain English words medical home had a general enough meaning that people could plug in from the piece of the world that they knew.
Were indebted to Marjorie yet again for getting the right people at the right place at the right time to do something, I think.
The second point I wanted to make is I was just joking with him about the French again. You know, Coceau is right. The clinic as we know it and as exists in our entire lifetime was invented in France probably around 1830. And theres been very little change in that clinical model and process in almost 200 years. Its very dangerous to make predictions about the future, right. But to tread into that thin ice, it sure looks like that clinic is being burned down, and that its being replaced with brand new models of clinical care that IT enabled. Its the information age as opposed to the industrial age coming to bear on clinical care.
And in the United States right now, there is nothing that has the political legs as this term medical home. So we were talking about this in our Population Subcommittee in the morning, I guess, again. But there just may be some very promising opportunities that take advantage of this focus on constructing this integrated platform where a persons health can be pulled together into coherence and make sense across various settings. Its trying to happen now.
And a data model and the appropriate classification and appropriate coding and mapping of those codes is possibly, maybe even probably timely. My own personal answer to the question how NCVHS might help is to at least explore what the data model and the classification and coding structures are that would be necessary to support the medical home that Medicare is testing that a lot of people are interested right now.
Theres an amazing silence about this key infrastructure, about the ordering principles for it, and that might be a place where NCVHS could weigh in and provide leadership.
DR. COHN: Carol?
MS. MCCALL: I would agree with that comment. I think we can provide leadership. I think theres another place as well. Can you go back one slide, please. When I look at that bottom bullet point, privacy standards that permit outside data management agreements and then I listen to your example, and what I heard you say implied that it was a technical issue, allow somebody else to manage that database, right.
And yet before its a technical issue, this belongs in enhanced uses, and that may be another place before its a technology issue, its a policy issue, and its about aggregation and permissions and everything weve been talking about earlier today. And I think thats where we can bring things like this specifically into our conversations and make specific recommendations.
DR. COHN: I guess I should comment also. I mean, first of all, Im reminded that we, I believe, have Presuit(?) coming in February, I hope, to talk about ICD since were talking about ICD-11. And part of the question, of course, is how all this begins to come together and how this all might look in the tapestry of things in the future around classifications. So I think thats another way that we can begin to explore some of the questions.
I do have a specific issue or question. I think I may have insinuated this on my emails to Marjorie when I discovered I wasnt going to be able to attend the meeting. But and maybe you may all have very good answers for this. But you know, I think most of the vision that many of us have, and I realize Im an emergency physician. Im not a primary care specialist. But you know, the vision that many of us have about health care is integration across settings of care, specialties, primary care, data information flowing freely, and information readily understandable.
We also live in an environment where a lot of specialists deliver some aspect of primary care. If youre a person with severe chronic congestive heart failure, you may very well have your cardiologist as your primary care giver. So it isnt - the medical home obviously is just a primary care term, but its you may have cardiologists delivering five or ten percent of their care as primary care.
And yet, I hear this discussion being a lot being brought forward by primary care. Now maybe you can explain to me in the world where we really seek data flowing back and forth where were looking for things that help specialists as much as primary care or patients as much as providers. I mean, what is your vision here? Because I hear the medical home being at least as Im hearing it, a lot of primary care construct. And yet obviously our health care environment is much more complex than that. Please.
DR. KLINKMAN: I can take a stab at that. There are probably two different ways to look at it. But one way is to consider the big picture of a person having some control over basic health information whether or not that person assembles it him or herself.
So something like the continuity of care records, something like a basic structure that gives what it is that they have, what it is that they take from one doctor to another so that every doc that might see a patient has a basic understanding of that patients medications, allergies, chronic problems, significant events, things that we kind of rolled in the structure.
The docs who then see the patient in the chain move information back and forth again using either the vehicle or standards of moving information. So messages about what lab tests were completed, the eco cardiogram that the cardiologist does that you want to get back to the primary care doc, those things can be moved using current information transfer standards.
The idea is that there is a kernel, that theres a place where that information is kept that the physicians who see that patient have access to, and thats critically important because the medical home isnt always going to be a primary care home, like you said. Sometimes its going to be cardiologists office or sometimes the cardiologist will say I want to carve this piece of care, but as in my interactions often with specialists, I want you, Dr. Klinkman, to take care of these other things. Ill deal with the heart stuff, but you know, youre still responsible for the preventive care, for other screening.
DR. COHN: I guess I was actually maybe quite I was trying to where ICPCP fit into this.
DR. KLINKMAN: The ICPCP part is in the data retrieval. If youre thinking of trying we just tried to go through this. For example, we tried to go through our practice identifying which patients had depressive disorders so that we can construct a registry. We did that from the data that we have at the University of Michigan within our Klinkotractor system using ICPCP fairly quickly. When we tried to do that within the health system practices that dont do that, we had to look at billing diagnoses which were inaccurate. We had to look at a term search within the medical record. We had to a whole bunch of different ways to try to construct the same information and try to bring it together in the same way, and we dont have the horsepower to do that for one condition after another.
I think that the level of aggregation where you get basic conditions that a patient has that move around, thats where that structural element works.
MS. MCCALL: It was a clarifying question to say isnt it capture before retrieval?
DR. KLINKMAN: Its both. I answered as tailored and harmonized. Were talking about a particular setting, the one we work at. It happens to be the largest setting of care, and one that it is, we think, being neglected and has options right at hand for tailoring its standards and harmonizing those with other standards.
The ER may find ICPCP to be a wonderful way to capture and retrieve data. They may find that theres a different classification system or way of organizing its data that fits ERs better and lets you retrieve your information in a different way. And weve got to figure out how to make sure that the information flows between the two settings.
And thats why ICPC has been mapped to ICD-10 and to SNOMED, and its mapping process that lets the information flow. So were only talking about one particular setting because its the one we know, and we dont want to preach for yours without your consent. But we think there are many settings that may need tailored options and standards with harmonizing options between them.
DR. COHN: Sure. No, I appreciate that. And oh, Im sorry, Judy and then Don and hopefully well wrap up and move to our next piece.
DR. WARREN: I was intrigued by the data model that you put up there and wondered because of my nursing background where functional status was. The only place I could figure it out was clinical modifiers. But it would seem to me if you were a medical home, that would be one of your primary considerations is how well that person functions.
DR. KLINKMAN: Yes, the way it looked when we blow this out, it actually fits under person or under clinical modifiers, either one, and its not a disease link thing because it goes across several conditions.
DR. WARREN: Right. Some of the reading that Ive done on medical home is that, and this is showing my assumption about what youre calling primary care, is that you really are worried about keeping that person at home and functioning. And a lot of what youre doing is symptom management, not necessarily disease management for a while which I think is one of the problems you have for your information model of trying to come up with one that will allow you to shift from symptom management into disease management whenever that definitive act, you know, occurs.
The other thing I was very intrigued with the meeting that you had and wondered if you had any nurse practitioners involved in that, especially University of Michigan. Youve got a very active nurse practitioner. Do you Joanne Pull?
DR. PHILLIPS: Well, I can answer at least one thing. One of the nurse practitioner clinics at U of M is working with this data model now with us trying to work
DR. WARREN: Exactly. Thats what I saw because Joanne and I have had several conversations about what a data model might be for a nurse run clinic.
DR. PHILLIPS: We had nurse practitioners there. They werent there representing nurse practitioners.
DR. WARREN: If theyre there at PCPs, thats wonderful. I have no problem with that.
DR. PHILLIPS: I dont know if any of you have read Carl Sagans book the Demon Haunted World. But what he points out is that were back to middle age like experience for most people. We dont know how our cell phone works. We dont know how the TV works or the computer works. But Ive got it better.
And we had actually a reaction. The Chair of the Board of the AFP who attended a meeting and looked very stunned the whole meeting stood up finally and said I dont understand most of what you just talked about today. But I know its important, and I know that my practice needs it.
One of the experiences we had in recruiting people is we got the data standards people there in spades. The clinicians go, yeah, I want it to work.
DR. WARREN: I know, and the work that Ive done at HL-7, one of our biggest frustrations was trying to get the clinicians there to stave off the engineers so that we could say what youre designing works just fine, but not within the clinical arena. We needed more of that kind of knowledge basically. But the engineers would scare off the clinicians because they thought they had to know that stuff, too, and thats not the way we need to be working on standards.
DR. PHILLIPS: Its also stamina, too. I think just the shear weight of the meetings that you need to attend to make progress, its hard to take the time away to do.
DR. COHN: Don?
DR. STEINWACHS: Well, I very much appreciated the integrated model trying to put I always called it IT PIC, but I guess ICPC sounds better. Just two sorts of comments, you know. It seems to me primary care is in the position of trying to put the pieces together for the person where many times we think about individual encounters or specialties as putting pieces together for a disease in a person. And so it seems like the structure youre talking about becomes critically important if youre going to try and put together a profile of the person.
It always seemed to me one of the barriers is in the coding process, and even though maybe its coding systems and trying to be more user friendly than ICD-10 probably and ICD-11, who knows. But it would be useful to me some of your comments about are there ways either to support, motivate or to provide technological support to make that really happen, and one of them which has always interested me because Carl White used to preach to me about the same time he was preaching to this young man. Thats right, and it was part of our NCVHS recommendations on a uniform minimum data set for ambulatory care that there be the patients presenting complaint in the patients own words.
And so that was always one of the interesting problems to me is that frequently when you look at a chart or other things, you may have a presenting complaint. But its not in the patients own words. Its only usually sometimes in the emergency department, I guess, where the nurse or whoever the entry person will copy down a brief summary of that, and that was the other interesting part to me.
DR. GREEN: It was only 18 years ago in 1989.
DR. STEINWACHS: Just about the time when Larry and I were born.
DR. KLINKMAN: Let me respond to last part first. One of the ways that we envision this working if it ever comes to maturity is that a patient will put in their own presenting complaints in their own words.
DR. STEINWACHS: Here, here.
DR. KLINKMAN: Yes, and you facilitate that with a patient portal into whatever system it is youre using. But ICPC and about trying to figure out how to make the simpler standard work, one of the things that we did a couple of years ago is create a thesaurus links the codes one to another so that you have a map that works on an electronic basis between picking an ICPC code, figuring out whether the appropriate ICD-9 CM code is A or B because youll have a list that pops up with that, and then moving the same thing with ICD-10.
And part of, I think, where the benefit for primary care docs may come in transition to the ICD-10 CM when it comes is that if thats in existence, that makes the transition somewhat painless because theres a three way conversion already built.
DR. COHN: Im actually going to let Larry make his last comment, and then were going to we need to
DR. GREEN: Well, Ill just play doctor again and answer it. I want to offer another answer to your question where does ICPC fit in. This is really not about ICPC inherently. ICPC just happens to be the only existing primary care classification that the people at this conference could find that had ever been demonstrated to work.
So it elevates the discourse from the theoretical to this actually has been used, you know. It actually works. And playing doctor here for a moment, when Im teaching and recepting with residents, I resort to the Transhis database all the time because there is no database in the United States I can use to get answers to questions like given that weve got this 54-year-old man with his first episode of despurlic drainage, and hes got this mucosal thickening, what is the probability that any time in the next 12 months that he will have a head and neck cancer. You cannot find the answer to that in the United States. Thats evidenced based.
But if you go over to the Netherlands, they produce things like that. So what Mike just threw up there heres a 25 to 44-year-old guy, just 973 episodes they have in their database, a 25 to 44-year-old came, said to somebody like me, hey, Doctor Green, short of breath, the final diagnosis for that episode 28 percent of the time, you know, with that entre show, became acute bronchitis. You dont notice any cancers in there, do you.
I mean, this sort of quantitative evidence in the information age in a medical home is so potent to guide portal care decision making, to make the choices about what you test for and how quickly, thats where an episode architecture like as demonstrated by ICPC fits in to change the book.
MR. PHILLIPS: You can see how it differs when you got older codes.
DR. COHN: Okay. Well, I want to thank both of you for coming to present, and Larry, thank you for annotating the comments. I was actually amazing that he just didnt present actually. But it sounds my understanding is that Populations is going to be discussing some of this during your break out.
DR. STEINWACHS: Ill look forward to creating a medical home for Larry.
DR. COHN: Okay. Were obviously also - Im assuming weve got Chris coming to talk about ICD-11. I think its an interesting perspective and terms to bring up around all of this stuff.
Now what Im going to suggest is we take about a five-minute break again because people need it, and well let Margret get up and get her computer connected and all of that stuff, and then we will jump back into the discussion of the paper. So with that, we will adjourn for our five minutes.
[Break]
DR. COHN: Wont you please be seated, and well get started for the last session of the day. I just want to remind everybody that tomorrow morning were starting at eight oclock both Subcommittee on Populations. Qualitys here, will be here.
MS. GREENBERG: And Privacy will be in a different room.
DR. COHN: Okay, will be secured in a currently private room since we dont know what it is. And then the Full Committee will start a little bit after ten. Yes? Oh, so this is Privacy. So its so private, its actually going to be here. And then Populations will start around 9:15 going to 10:00. Okay.
Now Margret, you had your arm raised for something.
MS. AMATAYAKUL: I was just going to say that I fixed up much of the first part of the document. So what Im working on is that document so I dont have to work from two documents tonight so the line numbers will be different. So when you look at your page and you want to say line so and so, could you please also look up there and help me find where youre talking about.
DR. COHN: Okay. So with this one, Harry, well turn it over to you.
MR. REYNOLDS: All right. Margret, did we need to go back to that page? Okay, good. Okay, so were at 2.1. And again, were still under the heading of observations and recommendations on principles of data stewardship for transparency.
So we have 2.1 and then where we talk about the recommendation on transparency, then education and clarity and so on as you see down. Anybody have any issues or concerns on anything related to 2.1. Two point one and everything between 2.1 and 3. Yes, Marc.
DR. ROTHSTEIN: I have a question in 2.1.3 in my version is line 986, but its the fifth line down, and its just one word, but its important, and thats the word may. Can you explain to me what exactly were recommending?
MR. REYNOLDS: What were recommending is right now there is nothing in the privacy notices, most of the privacy notices about how the data will be used. And so what were saying is if somebody requests that and are you questioning may or should be will or
DR. ROTHSTEIN: Well, yes, thats what Im questioning. Are we saying that it should be should, or are we trying to avoid that by saying may to make it vaguer.
MR. REYNOLDS: Well, Marc, what do you recommend?
DR. ROTHSTEIN: I would recommend should.
MR. REYNOLDS: All right, we got a shall, and we got a shall. Comments, concerns? Okay. Anything else in 2.1 or 2.2?
MR. BLAIR: I get this uncomfortable feeling that somebody put a may in because there was a concern. We havent heard why there was a may.
MR. REYNOLDS: No, I dont think. Jeff, I dont think so. No, I would agree with you that the normal case I dont believe theres any concern on this one. Lets go to three. What were talking about in three is the observations or recommendations on principles for data stewardship for individual participation and control over personal health data held by organizations. Im on 3.0.
MR. HOUSTON: Im sorry, I did have a comment about 2.1. My apologies.
MR. REYNOLDS: Okay, were going backwards.
MR. HOUSTON: Yes. Well go backwards.
MR. REYNOLDS: And were listening. Yes sir.
MR. HOUSTON: Intently. Under 2.1.4, it says that HHS should issue guidance to covered entities to incorporate reference into NPP about what protected health information is disclosed to other organizations such as public health. My concern is that requests from organizations like public health change regularly, and Im not sure whether in the NPP to me in my mind needs to be a fairly static document. And Im just wondering how you would go about having this type of notice when it changes readily. Its an operational kind of
MR. REYNOLDS: Well, no, I agree. Let me see how to read it and maybe a little differently, maybe a little different tone than you read it. And that is that you could standardly put in an NPP that when required you will give that patients information to public health. Thats what its saying, and were recommending it.
MR. HOUSTON: Okay, all right.
MR. REYNOLDS: Thats a standard statement. Were not saying, you know, every other letter, every other field. Were not saying that. Were saying because, again, the whole point is let the person know that their data may go to public health when its appropriate, that your laws are under whatever happens. Judy?
DR. WARREN: If you look at that then, public health doesnt mean anything to me. To a public health department or public health agency.
MR. REYNOLDS: Everybody okay with agency?
MR. HOUSTON: We could argue governmental agencies. But I dont know I mean well, we might be compelled by other organizations to provide data.
DR. WARREN: Think about it, make a recommendation.
MR. REYNOLDS: Okay, public health agency.
MR. HOUSTON: Thats fine.
MR. REYNOLDS: Steve?
DR. STEINDEL: I think if were going to get picky and define what the definition on public health, we probably should talk about it more as for legally defined purposes regarding the public health or something like that because you know, when we say a public health agency, it may not necessarily be a public health agency thats covered. It may be
MR. REYNOLDS: So what do you recommend
DR. STEINDEL: I personally would just leave it as public health because public health is in the context of what we are saying here, I dont think public health is specifically defined.
MR. HOUSTON: But we do need to be a little bit careful because Im assuming that there could potentially be private/public health related organizations.
DR. STEINDEL: There are private/public health related institutions.
MR. HOUSTON: And those would not have under HIPAA the right to request and get data.
DR. STEINDEL: Actually, some of them do.
MR. HOUSTON: Okay, then not all of them. Okay, well, that would have some state sanction to it.
DR. STEINDEL: Exactly.
MR. HOUSTON: So we need to be careful about the metes and the bounds of this, and I understand were getting fairly picky here. But there is a and the reason why I focused on this again was because we get all sorts of requests from our county public health department, and we have a dialogue with them all the time. And so just be careful how we
MR. REYNOLDS: Marc?
DR. ROTHSTEIN: Maybe we can change it to incorporate both and make it such as when legally required or public health purposes.
MR. REYNOLDS: Is everybody good with that? Okay. All right, are we on three now? Okay, we got too many conversations going on. Okay. Garland?
DR. LAND: The last sentence of that same section says this information may be available to individuals upon request. What individuals?
MR. REYNOLDS: Its the individual whose data it is. Its that patient.
DR. LAND: Okay, so maybe that needs to be modified then. Its not just any individual.
DR. W. SCANLON: Is it the health information, or is it the fact of what is going to be disclosed.
MR. REYNOLDS: Its what is going to be disclosed, or that there is a disclosure to public health, yes. Its the fact that there is. Its the fact, not the data.
DR. W. SCANLON: Its the fact that information is used in the prior sentence, protected health information, then this information.
MR. REYNOLDS: Margret, did you get that? Its not the information itself thats available. Its that it was given that it would be given to public health would be available. Okay, moving on to three.
DR. COHN: Now what did we what is it? What is it that were saying here? I thought that we were basically talking generally about the nature of information consent to public health, not that Xs information on this specific topic was sent.
MR. REYNOLDS: Say it one more time. Im sorry, there was a conversation.
DR. COHN: I guess Im a little confused about the specificity of what we were including here. I thought we were making
DR. W. SCANLON: I agree with you, and I think that we would change the this to such information about such disclosures shall be available to
MS. GREENBERG: Or this disclosure information.
DR. COHN: Okay. Thank you, okay.
MR. REYNOLDS: Okay, good. Judy?
DR. WARREN: Then Im really confused with the way theyve edited it because I thought all they were talking about is that guidance to covered entities to incorporate references in their notice for whatever it is, the thing that we required, protected stuff on what protected PHIs disclose to other organizations such as public health.
Now the next sentence, the information thats available to individuals. If they look at the NPP, then are they just getting the information that was disclosed to the specific organization, or are they getting information about what was given to that organization?
MR. REYNOLDS: Margret, then Al.
MS. AMATAYAKUL: You know, I wonder if we even need this last sentence because if a specific individual asks, this should be in your calling for disclosure. If its just general what do you do, then you should be able to tell them you report communicable disease to public health.
MR. REYNOLDS: Steve?
DR. STEINDEL: First of all, Ive never looked at this sentence, the last sentence about this information may be available. I never looked at it as referring to public health. Ive always looked at it as the NPP should contain a list of organizations that you just routinely disclose information to. And what should be made available in the NPP is that list, and that last sentence refers to that list, the list of people that you routinely disclose information.
MR. REYNOLDS: Well, let me adjust it. Some of them may be categories. Public health is a category.
DR. STEINDEL: It might be a category.
MR. REYNOLDS: Im playing off of Johns comment. So you will give it to public health when its appropriate.
DR. STEINDEL: I mean, actually what should appear on this list is that you give it to payers.
MR. REYNOLDS: All right, any other comments? John?
MR. HOUSTON: Back to the again, it hasnt changed. Legally required for should be legally permitted for public health
DR. STEINDEL: No, I disagree. I think
MR. HOUSTON: The rule, the rule
DR. STEINDEL: No, this is not referring to the rule. This is referring to the requirement that is placed on the provider. The provider is required to report it.
MR. HOUSTON: No.
DR. STEINDEL: They are permitted to report it without consent.
MR. HOUSTON: Regardless, notice of privacy practice is supposed to describe how information is conveyed or is disclosed or provided. If it is to provide it to public health, it may be provided to public health when required or permitted, then its when its permitted. It doesnt have to be required. If you simply said its when required by law, then there might be a whole group of disclosures that are curved because theyre permitted that that person would never think are being made.
DR. STEINDEL: I disagree.
MR. REYNOLDS: Is it when appropriate?
MR. HOUSTON: No, when permitted.
DR. STEINDEL: I still disagree.
MR. HOUSTON: Theres a group of required disclosures. Theres a group of permitted disclosures. And my point is, is if you simply say when required by law, then you would say theres people would think, oh, theyre only giving me this
MR. REYNOLDS: Take a look at that. Take a look up there now. Its legally required or permitted.
DR. COHN: Yes. But I guess we stop and figure out what were doing with last sentence and that we better just remove it, given the rest of what were saying there.
MR. REYNOLDS: Does the last sentence go?
DR. COHN: I dont think its necessary.
DR. STEINDEL: I actually think it adds something because one of the problems right now that we found out was people are not aware of who gets their information, and I think that sentence makes it clear that the NPP should say who gets my information, whether its a group or a specific body. And I think thats the purpose of that last sentence.
DR. COHN: Well, no, the NPP this last sentence is something beyond the NPP. We already talk about the NPP having that information. This is something much more specific thats a follow on that relates to individual requires based on the NPP.
MR. REYNOLDS: Yes, thats all the last sentence is about, individual inquiry.
MS. GREENBERG: This is about
MR. REYNOLDS: Microphone, Marjorie.
MS. GREENBERG: Im sorry. The NPP may say and data are provided to public health as required or whatever, as permitted. But then this would be additional information as just what type of data are provided to what type of organization or public health, correct?
MR. REYNOLDS: No.
MS. GREENBERG: No?
MR. REYNOLDS: No.
MS. GREENBERG: I thought the idea was not that the NPP would include every possible disclosure would have maybe more categories of disclosures, but that it would tell people that if you would like more information about this type of data and what organizations in public health get this data
MR. REYNOLDS: Well, Margrets shaking her head, but we could debate type.
MS. GREENBERG: Then you could get it.
MR. REYNOLDS: Go ahead.
MS. AMATAYAKUL: It might be worth thinking about how we came to this 2.1.4 to begin with. In 2.1.3, we wanted to provide individuals a complete list of all business associates and their agents that we might do business with, we might be doing business with when they request it if theres some legitimate concern.
When we said that, we recognized that public health wasnt a business associate or an agent. And so we created a second recommendation that was really supposed to be in parallel that would cover things like public health because the notice of privacy practice already says you have to release data to public health, but just exactly what kind of data do you typically release is this further additional information that you would get upon request.
DR. COHN: Get to the microphone.
DR. LAND: It could be interpreted that there was a disclosure to public health on an injury, or it could be interpreted that theres a disclosure to public health or could be interpreted theres a disclosure of these data elements to public health on this particular condition. And Im not sure whats intended there.
MR. REYNOLDS: Where are we going?
DR. CARR: Can we combine it into 2.1.3?
MR. REYNOLDS: I couldnt hear you.
DR. CARR: Should it not be broken out and just combined into 2.1.3?
MR. REYNOLDS: Steve?
DR. STEINDEL: Harry, why dont we just kind of use the same construct we did before, and instead of making it a separate sentence such as public health comma, and make this information available to individuals upon request so its clear were talking about the information were referring to in the first sentence.
MR. REYNOLDS: Margret, why dont you read it as it is.
DR. STEINDEL: Just concatenate the last sentence with the first sentence by putting a comma after such as public health and say and make it available to individuals upon request. Now made available to individuals upon request.
DR. FITZMAURICE: You dont mean all the data given to public health, just that persons data that was given to public health, right?
DR. CARR: I dont think we mean to imply that were going to be able to trace whose data went to which agency. I think what we mean is that were going to be able to say the types of disclosures that we have, and then upon request a list of here are all the places that data goes, and your data could have gone to any one of them.
DR. STEINDEL: Like for instance, if youre living in New York City and they have like 120 reportable diseases and somebody asks what do you report to public health, and you say were required to report any condition involving one of these 120 reportable diseases.
MR. REYNOLDS: Right.
DR. FITZMAURICE: Im an individual, and you reported a venereal disease to the public health department. I want to see the information you sent them to see if my name is on it. If my names on it, I dont get to see everybody elses name.
DR. STEINDEL: And actually thats covered under the auditing and accounting provisions.
MR. REYNOLDS: Okay, we got this up. All right, moving to 3, 3 of 9 just to put you in Ive already asked if you needed anything in 2.2, and nobody stopped. So 3.0, and I want you to give any of your comments up to 3.1, look at the text. John?
MR. HOUSTON: The first bullet under 3 says providers who do not file claims electronically, theyre not covered entities. Maybe this is sort of a nuance, but I always said its not just providers who do not file claims electronically, but those who also dont accept insurance. But I guess they wouldnt be filing a claim electronically as well. Im just wondering whether it would be helpful to put that point in. Providers who do not accept insurance or file claims electronically are not covered entities.
MR. REYNOLDS: Okay.
MS. AMATAYAKUL: Would that be covered in 1053 or their patients south pay?
MR. REYNOLDS: I mean, your 1053 doesnt match.
MR. HOUSTON: Well, except that my change would be in the italicized stuff which I thought was as much a heading for all of this. The italicized portion of it was oh, providers who do not accept insurance or do not file claims electronically.
MR. REYNOLDS: Okay, anything else before we go to Mike?
DR. FITZMAURICE: On that same sentence, this leaves many organizations outside the protections afforded by HIPAA. When I start looking down here like providers who do not file claims, its got to be a small percentage of all physicians. And so I dont know how many many is. Do we have an estimate of it, or just say some.
MR. REYNOLDS: We got a privacy hearing on that.
MR. HOUSTON: There are a lot of them like 50,000? Holy cow.
MR. REYNOLDS: Okay. 3.1, recommendation on obtaining authorization for use of personal health information not covered by HIPAA protections. Jeff, Ill start reading the headings, but I havent been attentive enough. Im sorry.
MR. BLAIR: Thank you.
MR. REYNOLDS: John?
MR. HOUSTON: When I looked at this, and I dont know why I did this, but I sort of thought 3.2 and 3.1 should be flipped.
MR. REYNOLDS: You mean in order?
MR. HOUSTON: Yes.
MR. REYNOLDS: Well, lets go does anybody have any issues with the wording? And if not, I dont think were going to fight over the order. Okay, 3.2 is now 3.1 and 3.1 is now 3.2.
Okay, 4.0, observations and recommendations on the principle of data stewardship for de-identification. And I would ask you as youre thinking about this, remember in here we make the statement later on that we do want to hear more about this. So as were looking through this, this is not the final bell that will toll on de-identification as a subject. John?
MR. HOUSTON: My only concern was in the examples. They would have example one, and then they say for example halfway through the example which I sort of thought was odd.
MR. REYNOLDS: Okay.
MR. HOUSTON: Stylistically, I just each one of those was like that, and Im thinking an example of an example. So
MR. REYNOLDS: Good. Okay, moving to 4.1, recommendation on de-identification. Justine?
DR. CARR: Yes, I just had an example 3, the final sentence there also concerns that such a business
MR. REYNOLDS: An example three of what? Oh, youre under four, okay. I was at 4.1. Okay, thank you. What do you want to do?
DR. CARR: There are, well meant to afford the opportunity for physicians to acquire electronic health record systems. There are also concerns that such a business model may violate individual physician trust as opposed to is potentially taking advantage of.
MR. REYNOLDS: Sounds good.
DR. COHN: Margret, I dont think you need to, okay.
MR. REYNOLDS: I got some sighs. I dont have any comments. Justine, what do you want it to say?
DR. CARR: No, I thought potentially taking advantage of was less specific. Its probably wordsmithing. Ill talk about it later.
MR. REYNOLDS: Is it unfair advantage of position?
DR. COHN: Are we up to 4.2?
MR. REYNOLDS: No, Im saying did you decide, do you not like the individual physician trust?
DR. CARR: It was just take advantage of as opposed to violate. I mean, such a business model as taking advantage. I think it has a negative connotation. Go on.
DR. FITZMAURICE: I would replace individual by patient because its not the individual physician. Its the patient physician trust.
MR. REYNOLDS: Margret?
MS. AMATAYAKUL: We are using individual in the broadest sense to incorporate patients and people who have personal health records, et cetera.
MR. REYNOLDS: Do we have defined in the glossary?
MS. AMATAYAKUL: Im going to make sure.
MR. REYNOLDS: Leslie?
DR. FRANCIS: This is the paragraph 1080, but Im not sure where it is. Go up a bit.
MR. REYNOLDS: Use your paper documents so we can all get on with you.
DR. FRANCIS: So its the paragraph thats 1080 to 1084. I just want to be sure that I understand this correctly. There are some examples where people have in fact properly de-identified following the last take away any other unique identifying number that theyre required to do that. But I think there are examples where people have done that, and its still been possible to re-identify. But this doesnt care that I mean
DR. COHN: Well, isnt that what that says?
DR. FRANCIS: No, well, I would put in an in addition or something because I think we want to convey two different ideas. First of all, there are cases in which people arent taking out all of the identifiers. And second, there are cases in which even if they do, it turns out that de-identifying information in fact describes a small enough set that people can read and figure it out.
So I would just say in addition, one testifier indicated because thats a separate point. Thats it. It doesnt read like its a separate point. It makes it sound like the problem is only that people are not appropriately de-identifying. But the problem is both that and that
MR. REYNOLDS: So were adding in addition.
DR. COHN: This paragraph doesnt make any sense any more.
MR. REYNOLDS: We got two in additions.
DR. FRANCIS: Furthermore.
DR. COHN: Well, were talking about in both cases removal of the 17 elements.
DR. FRANCIS: Well, no, theres an 18th element which is the garbage can. And the first point is that some people arent paying any attention to the need to remove the garbage can.
And the second point is even if they do pay attention to all of that, it is still possible under some circumstances to re-identify.
DR. FITZMAURICE: But under those circumstances means that they didnt remove that identifying element. Maybe its female. Maybe its being Asian. That would let you narrow it down on that category.
MR. REYNOLDS: Okay, Margret.
MS. AMATAYAKUL: In this case, I think LaTonya Sweeney only compared the 17 data elements for photo registration record, although I can double check.
MR. REYNOLDS: All right, 4.1 and 4.2. Justine?
DR. CARR: On 4.2, in view of the fact that we have acknowledged that we dont have as much information as we need about de-identification and there needs to be further hearings, I would submit that we ought not anticipate what the recommendations will be until we have had the hearings. And, therefore, on our paper copy beginning at line 1128, I would take some of those recommendations out.
So if I can read it, so its recommendation 4.2. recommendation on uses of de-identified data. NCVHS believes there is significant concerns surrounding uses of de-identified data, and these warrant more thorough analysis. NCVHS will conduct hearings to determine how to structure guidance for best data stewardship practices.
And I would say put a period right there. But in the text, it says which may include but not be limited to requiring statistical de-identification, authorization, sale, specifying.
MR. REYNOLDS: Simon?
DR. COHN: Yes, you know, I guess my view is, I mean, first of all let me make maybe a slightly different change which is we sort of say NCVHS believes that there are significant concerns. Im actually going to suggest that maybe NCVHS heard significant concerns which I think objectifies this a little bit.
I actually am not sure that I think theres anything wrong with the examples were giving. But I guess thats my own personal opinion as long as were sort of objectifying the first part.
MR. REYNOLDS: Well, Im kind of the only reason Im still in the same spot is this letter is going on before we do anything, it at least gives the reader a list of the kinds of issues that we are going to address whether we find anything in them or not, whether we make recommendations on them.
DR. CARR: Well, it just seems odd to me that to go to a hearing asking to hear things and you already know what youre going to say before youve had the hearing.
MR. REYNOLDS: No, we know what were going to talk about.
DR. CARR: Well, it says requiring the use of statistical de-identification process. Well, to me thats certain threshold probability. Authorization for uses involving sale of de-identified data. I mean, do we know that? If we already know that, maybe we dont need the hearing. Im getting testy.
DR. DEERING: Take the verbs out, requiring and just remove requiring. Remove authorization, and testifying. You can use topics without the action.
DR. COHN: That would work.
MR. REYNOLDS: That works, and that makes it subjects. 5.0? Margret?
MS. AMATAYAKUL: I had a note from earlier this morning that there was an addition to this list that included exposure from re-identification.
MR. REYNOLDS: Thats correct based on our earlier discussion today. Yes. 5.0 which talks about security safeguards and controls and just look at everything from 5.0 and 5.1. John?
MR. HOUSTON: Yes, under 5.1, one of my concerns is that while this is focused at the covered entities, one of the major issues in the industry is the fact that the vendors of EHRs arent necessarily as some of the products leave a lot to be desired in terms of trying to comply with whats described here in 5. And my concern is that you can go tell a covered entity to comply, and frankly their suite of the things that theyre running int their shop may be woefully inadequate
And Im not sure whether there is any authority that you can bring upon the EHR vendors. But I think the EHR vendors need to be put on notice that they need to provide a certain level of functionality to support this. Is that something we could put in this document?
MR. REYNOLDS: Well taken. Look at the last sentence and see if you think thats covered.
MR. BLAIR: CCHIT has criteria for certifying, and they include their privacy and security requirements. Now, whether those certification requirements are as stringent as we think they should be may be a discussion point. But there is at least a mechanism there to try to set standards for privacy and security and enforce it with EHR.
MR. REYNOLDS: Look at the last sentence that we had, and see does that
MR. HOUSTON: No. Under 5.1?
MR. REYNOLDS: Yes.
MR. HOUSTON: I dont think it does.
MR. REYNOLDS: Look at what Margret just added up there.
MR. HOUSTON: My point is that the focus is on covered entities here, covered entities and organizations rather than the vendors themselves who have the products that are necessary for the covered entities and others to comply, I guess, is my point. Theres a need, you know, its akin to saying that all consumers will drive cars that give 50 miles to the gallon, but no auto maker makes a 50 miles to a gallon car.
MR. REYNOLDS: I understand your point. Tell me shes making some changes up there. See if you agree with them. Go ahead, Mary Jo?
DR. DEERING: Could I make a suggestion then? I mean, because your point is you want to include the vendors, correct?
MR. HOUSTON: Yes.
DR. DEERING: So one thing you could do is remove the new sentence from where it is and put it at the end. These approaches should be required in CCHIT criteria for vendors of products because that way it follows the issue of the non-covered entities as well as covered entities.
DR. COHN: Yes. Maybe the other part is HHS should issue guidance to covered entities as well as, you know, EHR vendors.
DR. DEERING: EHR and PHR?
MR. REYNOLDS: Well, but remember EHR
MR. HOUSTON: Or HIT vendors or whatever you want to call them. I dont know what the catch all you want to use.
DR. FITZMAURICE: But theres no basis for issuing guidance to them. Theyre not covered
MR. HOUSTON: I understand that might be outside the scope. But my concern is youre issuing guidance to a group that may be ill prepared to act on the guidance because theyre reliant upon third parties to provide that functionality, and it is a huge gap in industry. And I understand CCHITs out there.
DR. FITZMAURICE: I think youve got a good point. Its just that how can HHS issue guidance to somebody thats not covered by one of its regulations.
MR. REYNOLDS: Simon?
DR. COHN: Why dont we just add to the sentence before where it says this should also be directed to organizations that are not covered entities that maintain and/or transport personal health information as well as vendors of HIT products.
MR. REYNOLD: Why dont we say organizations and vendors that are not covered.
MR. HOUSTON: I dont know if we have to wordsmith. I mean, I just
MR. REYNOLDS: Yes, well, okay, I think well work out tonight and make sure we show you tomorrow.
MR. HOUSTON: Okay.
MR. REYNOLDS: All right, lets go to 6.0, and this is data integrity and quality. Motherhood and apple pie. Any comments? Michael?
DR. FITZMAURICE: On recommendation 6.1, it reads HHS data stewardship guidance should include the data captured aggregated and analyzed for quality measurement, reporting and improvement, ensure that the precision and reliability of quality measures.
I dont know that we can ensure the reliability of quality measures. Thats a measure of research. We can aim for reliability of the data, that the data are valid. But the data can be really valid and the quality measure might not be very good.
DR. COHN: I thought we fixed this one.
MR. REYNOLDS: Yes, we fixed this a couple times. This keeps going back to old version again. Margret must not like our change fix on this. So she just keeps changing it. Its the quality of the data. No, thats what were saying. Thats what were saying. So it should say
DR. DEERING: Reliability of data reported for quality measures.
DR. WARREN: Just leave reliability of data reported for quality measures.
DR. FITZMAURICE: Yes, thats the concept we want to get across.
MS. MCCALL: But thats still not it. This is not about quality measures. This is the data itself
MR. REYNOLDS: This is really about the quality and integrity of the data of the data.
MS. GREENBERG: HHS data stewardship guidance should address the precision and reliability of the data captured, aggregated and analyzed for quality measurement reporting and improvement.
MR. REYNOLDS: Period, good. Thats more or less what we said before. More or less, but remember we had 900 calls.
MR. HOUSTON: Is the word precision, or is it accuracy?
DR. FITZMAURICE: Both of them apply.
MR. REYNOLDS: Okay. Steve.
DR. STEINDEL: Im confused.
MR. REYNOLDS: Would again be appropriate? Im kidding.
DR. STEINDEL: I think in every way possible right now because as youve said, weve gone over this many times. And I actually like the way were finalizing it now, assuming we are. But I thought one of the intents was that there should be a burden on the data steward that the measure that theyre using is a good measure.
What were saying now is you can collect crappy data in a reliable and precise fashion. The measure is not good, and thats what were saying is allowed.
DR. FITZMAURICE: But the data steward does not have responsibility for the measure.
DR. STEINDEL: No, I agree.
DR. FITZMAURICE: Only for the data.
DR. STEINDEL: Thats why I like the way it is now. But I heard comments that people wanted to
MR. REYNOLDS: Well, good. No, its right. Leave it right where it is.
DR. STEINDEL: And I want to make sure we understand that
MR. REYNOLDS: Mary Jo, you have your hand up.
DR. DEERING: Other than the immediately preceding paragraph, the rest of this section does not focus exclusively on quality improvement and quality measures. So Im wondering why you need four quality measures because this is in the whole process of health care as I understood the intent of the section.
DR. FITZMAURICE: You know, it kind of raises the question that if you dont have a purpose for being a data steward and collecting this data, then what do you care if its bad data or not. But if youre going to use for quality measures, then you do care.
MR. HOUSTON: Actually typically Bear Steward is collecting it for their
MR. REYNOLDS: Okay, are we set? Margret, are we set?
DR. COHN: Well, are we saying quality improvement measurement and reporting?
MR. REYNOLDS: Judy?
DR. WARREN: Are we talking about data integrity and data quality, or are we talking about data integrity and quality improvement?
MR. REYNOLDS: Data integrity and data quality.
DR. FITZMAURICE: Its two things. Were talking about the quality of the data that is used for quality improvement or for quality measures.
DR. WARREN: But then you I mean, quality measures to me is that data set that gives you the information about the quality that youre looking at.
DR. FITZMAURICE: You see, the reason why you want it to be accurate and valid
DR. WARREN: Right. But it tells me nothing about data quality.
DR. FITZMAURICE: Thats right.
DR. WARREN: Okay. So I get confused when we talk about reliability of data use for quality oh, you added measure. But never mind.
MR. REYNOLD: Good. We know what you wanted, Judy. Okay, anything else on 6.1? Paul, do you Bill?
DR. WILLIAM SCANLON: Im concerned about the second sentence. I might be saying what Mike is saying. In our charge, why is this though I care deeply about data quality for sure, why is this in our scope?
MR. REYNOLDS: Because its part of the whole data stewardship framework. And everybody that we heard, a lot of people we heard testimony said youre getting a bunch of junk up front. You can talk quality all you want to. You dont have good data. So youre not getting the good answers.
MS. MCCALL: Two points. Im in violent agreement with what you just said. I have found in my work at Humana and elsewhere that it is the business in my world, the business stewardship of that data, the creators of that data, if they dont feel the ownership of that, it becomes garbage and then you cant do anything with it. So I would love to keep that here.
The point about the second sentence, does it it now seems out of place because it does seem to go with the now recent removal around quality measures. And Im still uncomfortable saying in that first sentence that this is data for quality measurement, reporting and improvement because that does seem to bound severely the uses of data.
MR. REYNOLDS: Are we just trying to improve overall integrity and capture mechanisms of all health information?
MS. MCCALL: For all of its uses. For all of its uses.
MR. REYNOLDS: Health information. Margret?
MS. AMATAYAKUL: I think one of the reasons we included quality measurement and reporting was that was kind of the impetus for this whole project from ONC wanted us to focus on quality. But if we could add and other uses of health data, that might help.
MR. REYNOLDS: Okay. Bill?
MR. WILLIAM SCANLON: Well, I agree. Carol made half of my point. But the other part of the point in the second sentence is completeness and accuracy are other characteristics of the data element that is opposed to a measure, and they belong as much up with precision and reliability.
Then you get rid of the rest of the sentence which actually refers to measures.
MR. REYNOLDS: Okay. Paul?
DR. TANG: Well, hopefully this is a contribution.
MR. REYNOLDS: Get your microphone.
DR. TANG: So I wonder if there are four words such as accuracy, the reliability, the meaning and the integrity of the data. The one word that I added was meaning, and thats probably one of the things that most derails reuse of data is not to interpret it with the meaning with which it was entered. So thats why I think that word is probably one of the things thats missing from this list. And that may be, I mean, we are getting towards that goal of having one sentence describes the various important attributes of data that a data steward should honor, meaning is it more clearly understood by more people.
MR. REYNOLDS: Okay. Bill? You look like you had a question?
MR. W. SCANLON: Well, I guess I was going to say that the term I thought people might use there is validity.
MR. REYNOLDS: What was the term, Bill?
DR. W. SCANLON: Validity as opposed to meaning.
DR. TANG: In a sense, see, meaning is in the eye of the data enterer. So you have to understand who entered it for what purpose in order for you to appropriately interpret the meaning to reuse it. And so validitys a different concept to me.
MS. AMATAYAKUL: Is there any particular order you would prefer to these terms?
MR. REYNOLDS: Hell tell you at six which ones go in what order. Moving to number seven. Okay, were looking at specific uses for quality, measurement, reporting and improvement, and then this is where we really do focus as we were asked as part of our charter to take a good look at quality itself. So I know that one thing we did change on 7.1.1 remain instead of are was the first word we had up there.
In other words, what were basically saying there is that we heard a lot of discussion about a broad definition of health care operations, quality measurement and so on are clearly stated by HIPAA and others as part of that. So we are clearly stating that they remain part of operations. Thats one of our premises as we did this. So thats why we used the word remain rather than are because we are very poignantly saying that. Steve?
DR. STEINDEL: I dont think there was any question that they should be removed. I mean, what youre saying here is they should remain where they are, and I think we should just clearly state that they are there.
DR. CARR: Yes, I think that the way that was stated triggered people interpreted it to mean the opposite.
DR. STEINDEL: Okay.
MR. REYNOLDS: We got a lot of comment.
DR. STEINDEL: You heard comments that this clarifies.
MR. REYNOLDS: Yes, yes, thats why we changed it to remain. Marc?
DR. ROTHSTEIN: I happen to think that this is the most important section in the entire document, and I had some problems with it. The sentence at 1245 which is the third full paragraph in number seven is really the key to this document, which reads NCVHS was asked by ONC to consider whether there were or should be boundaries around what quality activities are included in HIPAAs definition of health care operations and which may be outside of that definition and may call for greater choice by individuals whose data are included.
So what I would recommend Ill go through several things that I would recommend. Number one is I think we should split seven into two parts, the first part being observations and recommendations on uses of health data under health care operations.
And then on the separate section on the uses observations and recommendations on uses of health data for research. I think those should be separated.
I also think that we should begin Part 7 with that particular sentence that I just read because that section is responsive. The whole section is responsive to that particular question that ONC asked us to consider.
I also think we havent considered it very well. We have in the document, it says on line 1250 at the bottom of the page, several testifiers observed that they had instituted an oversight process to ensure the quality assessment activities were indeed those described by HIPAA. Then it continues with our analysis of some recent articles in the literature and moves directly to the recommendations which basically say things ought to stay the same. Were rejecting the suggestion that you look at whether individuals should have greater choice, et cetera, et cetera, et cetera.
We heard witnesses who said that individuals in fact should have greater choice specifically on this issue, and I think that to be complete, we ought to describe the testimony that we heard, why they recommended that, and why were rejecting that.
My personal view is I wouldnt reject it, but thats irrelevant. If were going to reject it, I think we need to say why were rejecting it. This was a specific point that we were asked to address by ONC, and were not addressing it, I dont think, adequately by just selectively picking out a couple of articles from the literature.
I could pick out ten more articles that would say just the opposite. So sorry to present such a kind of a far ranging criticism of this. But I think this section is really very important to the overall document.
DR. FITZMAURICE: I guess I would ask Im trying to bring my mind back to the stuff that Kelly Cronin sent us in the charge here as to whether it said that it may call for a greater choice by individuals whose data are included. I dont remember that, but it could be there and I just dont remember that. I mean, you remember at the beginning, she gave us several pages of thoughts from, I guess, the Quality Workgroup and her thoughts about what we should be doing. I dont remember that being one of them.
MR. REYNOLDS: Margret, do you have the original charge?
MS. AMATAYAKUL: I do. Do you want me to check it now, or
MR. REYNOLDS: Yes. Well, I think two things. I think its paramount that if thats the charge, then we need to deal with Marcs comments either way. But I would like to know whether or not were dealing with it against a specific charge or were dealing with it as something we heard in testimony and should address.
DR. CARR: Marc, can I just ask you? Are you also saying that you would, you think we should not include the references from the literature because theyre selective?
DR. ROTHSTEIN: Yes, I think thats right. I mean, we did hear testimony that supported keeping things the way they are, and that may well plus our own thinking on the issue may be sufficient rationale. But it looks like were selectively using the literature.
DR. CARR: Yes.
MR. REYNOLDS: Yes. I think, Marc, playing off of your comments, I think our framework is after hearing the testimony, we believe that it should stay as it is, and that we dont feel because of that structure and because of the additional stewardship and because of the other things that we put in place that we dont feel that that individual choice is necessary.
DR. ROTHSTEIN: No, I understand that.
MR. REYNOLDS: No, Im taking our same principles and rewording it to answer your question, not to debate it. No, I think its a great point. Leslie?
DR. FRANCIS: One of the points that is mentioned in the literature thats cited but that is not brought out in 7.1.1, 1.2 and 1.3 is information to patients. So the recommendation thats cited here is that quality improvement activities should be patients should be educated about whats going on rather than just letting the quality improvement, and theres no mention about whether there should be any information provided. One questions about letting patients opt out which is really difficult if youre trying to have a full data set for quality improvement.
But the other is about whether patients should have knowledge about how data are being used for quality improvement, and theres no, unless I
DR. CARR: I think 2.2.
MR. REYNOLDS: Yes, we ought to add that to 2.2 probably.
DR. FRANCIS: Well, it might make sense in the sevens.
MR. REYNOLDS: But 2.2 is our recommendation for education on uses of health data, and we were talking about it overall, multifaceted education. Otherwise, we may have to take all of education apart and put it in every one of these.
DR. FRANCIS: Here its specifically about, I mean, it seems to me this could be like the example of people should be able to know when data are being shared with public health, too, and theres no suggestion here that people should be able to know about on request or anything like that.
DR. CARR: Right. So I think we could reference it. So it sounds like this is what was asked. This is what we heard, and this is what were deciding. This is what we are going to do, and then maybe reinforce the education thing, stewardship thing, keep this at the same. And this is why were making this decision, recommendation.
MR. REYNOLDS: And regardless of whether we add it here or not, I think it needs to go in 2.1 also because thats where we really talk about transparency. And if were going to do transparency
DR. CARR: Right. But I think as we have done elsewhere, we can refer back to it. There are a couple of things that
MR. REYNOLDS: I think in any education, we ought to make sure we put in there about the information whether its quality, whether its anything else because thats our paragraph, and then we can restate it here. Okay, any other comments from the committee? Margret?
MS. AMATAYAKUL: You had asked well, two things. You had asked me to look at the original documents. We got three, one initially, and then two sets of comments. And that wording is not verbatim, but its sort of an aggregation of several topics that were throughout the different comments. But I think its fair to say
MR. REYNOLDS: From ONC?
MS. AMATAYAKUL: Yeah.
MR. REYNOLDS: Okay, so then it would appear that we have not addressed that particular
DR. CARR: Well, Im wondering if the way this is written reflects the intended nature of the question.
MS. AMATAYAKUL: But my second question was since I was busily looking at these reports, I didnt catch what you wanted to put in 2.1. Sorry.
MR. REYNOLDS: Well, no, we just wanted to add quality, information about quality uses.
DR. COHN: And Harry, thats 2.2, right?
MR. REYNOLDS: Yes. Well, the whole thing, well, 2.1 is transparency. So yeah, either 2.1 or 2.2.
DR. CARR: Or both.
MR. REYNOLDS: So comments from the general group on restructuring seven. Steve?
DR. STEINDEL: It was always my impression on reading this section was, and I agree with Marc that we dont address the greater choice by individuals whose data are included in section seven. But I thought we had spent most of the rest of the document discussing a lot of those issues, and thats where were really facing the choice issue.
And what were doing here is saying that there are that use of this data for quality purposes exists currently under HIPAA, and we see no reason to change it. Now what the relationship of the patient to the provider and how that feeds into the quality system, that goes back to the other sections and the various other letters that weve written in this area.
That was always my reading of this.
MR. REYNOLDS: Simon, were you going to make a comment?
DR. COHN: Im actually trying to digest what Steves saying. So Steve, your recommendation is what?
DR. STEINDEL: I mean, we may actually have to add a clarification, you know, in this area that says, yes, weve addressed the issue of choice in other areas, and were not addressing it in seven. But I feel we have addressed it.
MR. REYNOLDS: Marc?
DR. ROTHSTEIN: I was wondering if you think that theres another place I may not have noticed it where we talk about whether we think the definition of health care operations is broad or too narrow or just right.
We did hear much testimony that the health care operations provision is just extraordinarily broad, and it includes all sorts of things, some of which we approve of and encourage and other things were not crazy about.
And I appreciate Steves point and what Harry said earlier about, okay, well, this is the route that weve chosen to try to address those issues. But I dont know that weve actually talked about whether the definition of health care operations is too broad or whether its appropriate or anything else.
MR. REYNOLDS: I think weve told a story, but I dont think weve said it that precisely. I think the whole story of the data stewardship, the whole story of tightening things down, the whole story of the chain of trust, the whole story of the fact of 7.1 that we feel that it does fit in there. But, oh, by the way, you ought to have some more guidance over it which we say in 1.1.2 and 1.2.3 or 7.1.3., not the story but the factual in your face statement that it is or isnt.
Obviously, I think we could add something in here that we feel right now that it is open ended enough that the reason were adding the stewardship when were adding everything else is to make sure that it
DR. ROTHSTEIN: See, I would say something like to support your principle, not that the we heard testimony that the definition of health care operations is quite broad and considered whether a narrower definition would be more protective of individual privacy while still blah, blah, blah, blah. We dont think that would work. We think the interests that need to be protected can be protected through data stewardship principles, and its better not to mess around with the definition of health care operations because it needs to be broad and covers a variety of things, and heres how were going to strike the balance of protecting people but not by changing the definition of health care operation.
DR. DEERING: I think it was Marc who raised or someone that we have upfront general themes where we say some of the background and then leap forward to some more observations and the recommendations because upfront on our copy, page 13, line 502, 503 toward the bottom, I mean we say exactly what you said but way upfront in the common themes, although we dont draw the conclusions. But it says we heard that health care operations was observed to be broad in scope and not well understood. But then we just go on to talk that trust is more important necessarily than definitions. So we dont go as far as you had called for us to go, but we had certainly set it up earlier.
MR. REYNOLDS: It would seem to me that this needs to be one we need to take and work on as a group and get back. Yes, Marjorie?
MS. GREENBERG: I just wondered where this actual language comes from. NCVHS was asked by ONC to consider whether there were or should be boundaries around what quality activities are included in HIPAAs definition of health care operations, and which may be outside of that definition and may call for a greater choice by an individual whose data are included.
Now was that language actually in any of our written exchanges with ONC around this project?
MR. REYNOLDS: Margret just answered. But go ahead and answer it again.
MS. AMATAYAKUL: We received three or four sets of first of all the sort of scope statement and then comments. And so this is a one sentence summary of basically all of those comments. We can certainly, you know, as Justine commented when I first mentioned that, we can certainly go back and make sure this is correctly worded. But its not a verbatim request.
DR. CARR: I dont think it is.
MS. GREENBERG: Yes, its certainly not. And it may be it may be parsimonious, but I think we may have lost some of the larger meaning with it. I do think that we have our initial charge, and then there was correspondence that came through, you know, someone summarizing what someone else said like that. And I think we want to be cautious about those giving those the same weight as we did for the initial charge.
So I think we can go back to that. But I think that, you know, the points are well taken. I mean, thats the kind of question that we want to speak to that we actually already heard in the testimony. But I think its not quite right that that was the charge.
DR. CARR: Yes. I mean, I think as Steve indicated, the difference between quality and research when it actually morphs into or becomes more research and then should be, you know, perhaps dealt with differently, and you deal with that quite well.
But at least in the initial round of written documents, this was not like specifically what the committee was asked to do, and I think stating it this way kind of overstates it. Aside from the fact as to whether it may be something that
MR. REYNOLDS: I think Marcs point still resonates. But Margret, did you see anything different that would
MS. AMATAYAKUL: Well, I think weve got four documents that were looking at, I think we need to really-
MR. REYNOLDS: Good, no, thats fine. Simon?
DR. COHN: Well, I guess the question is is I think what were discussing here is whether or not we said NCVHS was asked or is it that NCVHS considered whether there should be, and maybe thats a more accurate statement of whats going on here. Is that what were beginning to assume? Paul?
DR. TANG: Marjories comments stimulated me to sort of reinterpret what was said, and I think so heres my guess at what we were asked is, one, clearly quality studies and evaluation are what theyd like to do. And where they run into difficulties and ask for our clarification is, one, whether it can go into research and does it follow different rules. But two, can other things let me use the word masquerade as quality projects, and should we draw a clear boundary to help people determine where that boundary is that people dont incur into the quality area and jeopardize the true quality uses.
So I think in a sense
MR. REYNOLDS: And we common good on a regular basis.
DR. TANG: So Im agreeing with Steve that we did handle the latter case in section two, and that were just about to do the quality research in the next section. Does that make sense. Well, were going to simply address the quality research boundary. But I think those two boundaries are what theyre trying to establish, namely so we can continue as we concluded to use data quality projects.
MR. REYNOLDS: But still I believe incorporating some of Marcs comments to be much more pragmatic
DR. TANG: What I took out of that is that in some sense we handled Marcs concern in section two, and I took that to be the overlap with ONCs request that we find a way to distinguish true quality from those uses masquerading as quality projects.
MR. REYNOLDS: Okay, so where are we? Okay, so Paul, you just made the statement. So what do you think happens with seven?
DR. TANG: I think our conclusion is a reasonable one based on the testimony and the deliberations of the work group, and that it does answer the report in totality does answer the question that was posed in that statement, that summary of the ONC charge, that it does
DR. ROTHSTEIN: My questions really not the conclusion. My question is whether your conclusion, our conclusion is supported now in the document with the support thats currently there.
DR. TANG: I think it is.
DR. CARR: Well, I mean, I think we need to rework this a little bit. I think all of the things that have been said will add value and strengthen it. So I think why dont you give us a chance to reword it, and then lets talk about it again. But I appreciate the attention to it because I think youre right. We need to say what is, what we heard, and what were going to do.
DR. COHN: And Margret, it sounds like you may have some notes that we could borrow, or is that
MR. REYNOLDS: Okay, lets move on to our line 1297 starting on the uses of health data for research which then moves into 7.2 through 7.5. John?
MR. HOUSTON: Yes, I probably kept my mouth shut too long in the last discussion. But I think that theres a hole here, and we talked about it a little bit before in terms of oversight because when research, when quality assurance morphs into research, often in many organizations theres just simply is a hole. And Ive actually in talking to the head of our IRB, hes said theoretically whats the value in having some common oversight mechanism for research and quality assurance, some umbrella organization so that you dont have to worry about where research ends and quality starts, and that theres committees and theres processes in place through a common structure to handle those things in some systematic fashion.
And he, you know, in not a very long involved conversation, said, you know, that really is of value. And the third prong of this, and I brought this up before is we still have a separate piece here that really nobodys looking at it, and its decedent research.
I deal with decedent research weekly any more. IRB says if everybodys dead, then its not a human subject research, and its therefore were not concerned about it. Its not quality, so it doesnt fall under any quality committees.
We have a group in our organization called CORAD which is related to research on the dead. But they dont deal with privacy issues. They deal with other ethical issues associated with decedent research where youre using some corpse or some brain dead individual for some research endeavor. And it does happen. I mean, it sounds gory, but those types of things do occur, and theres a lot of ethical issues, and they try to handle those things.
But were still doing with this lump of data which is data about dead people that otherwise would be characterized as research that is really not under anybodys purview. And I guess if we had a privacy board in our health system, we could handle it under that thing as well. But it begs for the fact that weve got all these different uses that are sort of, you know, investigatory whether they be research, quality assurance, decedent research, whatever, and theres no common vehicle or mechanism in order to oversee all of them.
And I guess I think I said this before, but I just think there needs to be some consideration given to a common oversight process. And I dont think thats bad to bring that up.
MR. REYNOLDS: Carol, then Bill?
MS. MCCALL: Im adding onto maybe one reason for a common process is that its not decedent research, but its true data base research, and I think some of the research oversight has come from an older world where the research itself involved the laying on of hands of human subjects, and that will become less and less prevalent, and a lot of the research will be data based.
We need the data, dont need to touch you, but I need to know who you are, you know. It needs to be at a grain that it all needs to be hooked together. But its different, and I think actually moves closer in some ways to some of whats been done on the quality on the quality front. Its not all of the quality work, but moves it closer in that respect.
And so I dont have the answers. But I dont know if a common framework is right. But certainly a common, I mean, a common oversight mechanism, but perhaps a more common framework for that type of research.
MR. HOUSTON: You could go that far. I mean, Im just thinking broadly. Theres this hole here, and thats what Im
MS. MCCALL: I find myself in that world all the time, and it is extremely difficult for me and my organization to actually work on data based research with entities some of whom are covered, some of whom are not, some of whom are overruled by IRBs, some of whom are not, and they go, okay, ready, and you try to begin this orchestra, and its just like ragtime band.
MR. REYNOLDS: Okay, weve got Bill, Larry, Marc and Steve.
DR. WILLIAM SCANLON: I think it would be a much better world if there was a common framework. But I think part of the problem we face was we didnt want to try to make changes that were too large.
But having said that, I think we have to be careful about what we say about the distinctions between quality and research. And I have page 33, line 1345, these two paragraphs start there, the differences between quality activities and research. Ive never found these discussions convincing. I can understand something being operations when Im looking to develop a guideline that is driven by the prices that I pay.
And so if Ive got drug A and drug B and Im thinking about which one do I want to put on my formulary in a particular tier, I do it on the basis of the price that I pay for drug A versus drug B. When all Im doing is looking at sort of a physiological result of a treatment, and do it under the operations rubric, thats research. The physiology of the people that I cover are probably the same as the physiology of the people that Carol covers. And so, therefore, its generalizable.
And you know the distinctions that are part of the group health distinction was, well, if its done kind of sloppy, then its quality. And if its done with rigor, its research. I mean, that makes no sense.
So while I would aspire to a common framework, I think that may be unrealistic for where we are. But at the same time, weve got to avoid endorsing a distinction that isnt really there.
MR. REYNOLDS: Larry.
DR. GREEN: I want to know if John and Bill and Carol have a recommendation about what to do here. What I heard in those three comments was that weve got a couple of pages here where we elaborate on the confusion, and then we have four recommendations that frankly dont say one hell of a lot. They dont say too much.
MR. REYNOLDS: Starting where? Starting which numbers?
DR. GREEN: That would be recommendation 7.2, .3, .4 basically says HHS should work on this. Im not being fair.
MR. REYNOLDS: No, its like nobodys taking it personally.
DR. GREEN: What I heard in those last three comments would be that we would have a finding that says we cant find a crystal clear distinction between quality improvement and research any more. We heard a lot of testimony that says that this morphs back and forth, that sort of stuff, and maybe we should just have a recommendation that says the way weve been doing this requires further attention, and we dont have a solution or something.
DR. W. SCANLON: And I think we were potentially moving in that direction in 7.1. We were aiming and trying to improve what was happening on the operations side in terms of oversight. So this voluntary proactive oversight process is not the strongest in the world.
MR. REYNOLDS: Okay, weve got Marc.
DR. W. SCANLON: And then sort of in two, were saying there should be something parallel to the research side so that even though you dont have a common framework, everythings covered. And that would be the implicit principle behind it.
MR. REYNOLDS: Larry, what Id like to do if we could is, let me hear from everybody else, and then whoever wants to put forward the recommendation, okay, because these other ones may actually have, so we can get through the list. So Marc and then Steve, Paul and Justine.
DR. ROTHSTEIN: Okay, Ive got a small recommendation thats got a much better shot than my previous one, so I say, yeah. Twelve ninety-nine, under the uses of health data for research, the first sentence. It says the common rule, and then paren, defines research as blah, blah, blah. Thats also the definition of research under the HIPAA privacy rule. And I think we should include that because just including the Common Rule gives you the impression as a reader that its different somehow.
MR. REYNOLDS: Okay, Steve.
DR. STEINDEL: I object. My question to John when he was going through this and he was picked up by others. If we broaden 7.1.3 which already calls for an institute oversight, would that address both your questions and Larrys in a way, also.
Right now, 7.1.3 is inferred to refer just to quality, but actually it doesnt.
DR. CARR: Wait. But I think that if I can jump in here, that was what my recommendation was going to be that its looking at whats being done and making that assessment. I mean, it sort of took a turn here that I guess I didnt quite remember to say what protections. But part of the protections really is, is this truly research and needs to be under that.
So I think that was what our initial intent was.
MR. HOUSTON: My fear is that not fear. If you look at all of the recommendations under seven, though, there is a disjoint here because some of them talk about giving more guidance so you can help understand what is what. And my thought is that you almost have to say either you have to give guidance or as an alternative you need to recommend some type of overarching structure to support the use of PHI for investigation purposes. You know, Im using it as a catchall.
DR. STEINDEL: Well, what resonated with me when you were talking about this was when you said you talked with your IRB person, and you suggested what if we had one group that looked at all this. And basically then I went back and I looked at 7.1.3, and a little bit of changes in language actually says that. Create one group within your organization that addresses these issues.
MR. REYNOLDS: All right, Paul.
DR. TANG: So maybe this is a good example. We have a group called HIUD, Health Information Use and Disclosure, and it precedes your access to data. In some sense, it could be an overarching framework. So before you call it anything, if youre going to get access to the database, you must be a responsible person with responsible intent and a good way of protecting the information. Then you can pass in and later on you can decide, and then you have the rules on whats research and then you have IRB.
But what were trying to do is protect the data. So lets put the filter upfront. Before you get access to the database, these are the things that you have to do, and then downstream.
MR. REYNOLDS: Okay. Since I had interrupted Larrys process, Carol? Okay. Leslie?
DR. FRANCIS: It seems to me that the recommendation shouldnt be which structure, but that there needs to be a structure that deals with the current gaps and problems in the current system, and that that structure should incorporate appropriate principles of data stewardship such as transparency and whatever.
But that would be my recommendation because I dont think weve got it solved here. And its going to take all kinds of negotiating between IRBs and everybody else to figure it out.
MR. HOUSTON: So Ill just maintain it to be the gaps, though. I think there needs to be a structure that manages it holistically because when things morph theres a lot of considerations, you know, that the IRB when they look at research and if research morphs, theres a whole process to go through to modify your protocols and things like that. Thats why I think a common structures of value. So I just think it can be a very open ended recommendation. But I just think, you know, structurally this is something that I think would help resolve this problem in a systematic fashion.
MS. GREENBERG: I wanted to ask a question. Do we have a simple statement that we have been or problem that weve asked to address like we were trying to clarify for the other one, or have we uncovered a simple statement of a problem that we believe needs addressed. Whats the problem were trying to solve?
MR. REYNOLDS: Related to this subject?
MS. GREENBERG: Related to this particular subject around research or research/quality. We is that written down or
MR. REYNOLDS: I would add operations in there, too.
MS. GREENBERG: No, well, Im trying to
MR. REYNOLDS: Im just saying I would say what is operations, what is quality, what is research. Those three things are the things weve been spinning around.
MS. GREENBERG: No, but we had for the first part, we had a specific, we were tasked to answer a question, right, and we were kind of mousing around about it. But we were asked by ONC to consider whether there should be boundaries around this and all that.
Now that did not include research. Youre saying it does.
MR. REYNOLDS: Margret?
MS. AMATAYAKUL: This was the original request that we got from ONC, and it is a little dense. But while quality measurement and reporting is a priority for HHS, there are other secondary uses of clinical data that could be potential sources of revenues to health information exchanges. These uses generally fall into two categories, research and population health.
MR. REYNOLDS: Does that help at all?
MS. MCCALL: Not yet, only because what Im looking for is for us to have a fairly simple question that were trying to answer for ourselves, whether it came from them or whether we discovered it during testimony. And I see us kind of wandering around, but we havent we dont have that clearly in front of ourselves. I think that would help us.
MR. REYNOLDS: Ive got Simon next, and then Ive got Bill.
DR. COHN: Yes. You know, I do want to implore everyone to maintain I mean, I think theres an issue of scope, focus as well as I worry personally about us wandering off into areas if we start pursuing them really require more testimony and more hearings.
And I think that at this point bringing up a common oversight for all uses of health data, yes, et cetera, et cetera would be something that normally if we were pursuing, I would want to get to hear from people to hear what the impacts and implications are.
Now I guess what I heard from John Paul was that he felt that there were other areas and other holes that he had identified. And I think that we have recommendations on research that have to do with this issue of the research quality area and making sure that these things get melded and harmonized so there arent gaps there.
I think we have a recommendation in 7.1.3 that probably, with a little bit of wordsmithing, might be able to sort of along the lines of this similar approach could also be utilized to provide oversight to other identified gaps in your institution or something like that which might help solve some of that other problem.
It isnt a uniform structure. But I dont think at this point, I mean, I guess I wouldnt be comfortable suddenly throwing out a new major recommendation that might require unintended
MR. HOUSTON: What about investigation of this. As a recommendation thing, this needs to be further considered because part of this also is that should there be because of the NHIN, should there be something more formal such as through OHRP would address these types of things.
And Im not saying thats a recommendation as much as its something that maybe needs to be considered because these quality exercises are going to be enormous once you start mining on a national and a regional basis. So I think it is fair to say there needs to be some common oversight structure considered or at least researched because of the implications of broad access to data for quality purpose or for a variety of secondary use purposes. And this is I think a reasonable thing to at least propose investigation of.
MR. REYNOLDS: Now where do you want us to go on this one because I would like to at least quickly touch base on eight and nine. So if you could give us some direction on what we want to do tonight on seven, how we want to pull all this together.
DR. COHN: Well, I guess Id be curious about whether John Paul, whether something like this in 7.1.3 or whether its actually really more along the lines of a jurisdictional sentence.
MR. HOUSTON: I think its almost
DR. COHN: Or 7.5 or 7.6.
MR. HOUSTON: Yes, I think its another recommendation, and its couched in terms of, you know, consideration for further evaluation.
DR. COHN: Okay. So its like its 7.6, other areas
MR. REYNOLDS: Okay. So this ones on the table, too, for us to clean up tonight. Marcs comments are on the table for us to clean up tonight. And I think tomorrow morning, Carol, well try to have a better answer for you. I think I got one, but its late enough in the day right now that Im not sure I would put it in as far as why it appears were wandering around, at least I know what I feel is were do that.
DR. ROTHSTEIN: I just want you all to know I have another comment.
MR. REYNOLDS: Okay, lets move to no, he doesnt. Okay, moving on to eight, lets touch base on eight and nine, please, before we get out of here so we can get anybodys comments, issues, concerns so that when we work on this further, we at least have had a complete discussion, not all the answers. All right, eight really is focusing on this whole idea of transitioning to the NHIN, and weve all on the Committee heard enough about plenty about the NHIN and what it is or isnt. And so you can see in 8.1 through 8.1.6 what were talking about there as far as incorporating a number of things into the common trials and evaluating a number of other things to deal with some issues. Any comments? Okay.
Well, moving onto nine. I think everybody had this. Not being ugly, Im just trying to make sure that we get the input from people so we can go to the next step. Well see it again tomorrow. Observations and recommendations on additional privacy protections. As we go through that, 9.1.1 is pretty much exactly what came out of our privacy letter previously as a committee. So thats and then we built off of that with 9.1.2. Short of legislation, what can we do in 9.1.2, and then you can see 9.2 and 9.3. So Marc?
DR. ROTHSTEIN: I have a suggestion in 9.1.2 on line 1523 which is the last sentence in that recommendation. Ill read it, and then Ill tell you that my recommendation is to delete it. The sentence says care should be taken to ensure that organizations of today only have aggregated health data such as employers not be included in the definition of covered entity, et cetera, et cetera, et cetera.
I dont think we thats opening a totally new can of worms, and I think we should just strike that whole sentence.
MR. REYNOLDS: The concern that I had, and I think we heard especially through responses we got back from employer groups actually on one of our open calls was that they did not want to be brought under the umbrella of covered entity at all.
And so were making it perfectly clear here that were not opening this up and saying everybodys a covered entity, so everybodys employer has all their data, and thats what were trying to do with this sentence. It may not be worded the way it is, but that is the specific reason that we called this out and actually put this sentence to clearly state that.
DR. FITZMAURICE: Doesnt HIPAA make it very clear and so our saying it or not saying it isnt going to matter.
MR. REYNOLDS: Well, if were recommending that we expand the definition of covered entities and we dont reiterate we dont mean to everybody, then I think we are.
DR. FRANCIS: Doesnt that point belong earlier?
MR. REYNOLDS: Excuse me?
DR. FRANCIS: Doesnt that point belong earlier in the discussion of the definition of covered entity.
MR. REYNOLDS: No, the definition in the document of covered entity is as by HIPAA. Were talking about expanding it, and employers are not in it currently. We dont want it expanded to them. We want to expand it to PHR vendors. We want to expand it to all these other people.
DR. ROTHSTEIN: Harry, the way it reads now is I dont think accurate because it says care should be taken to ensure that organizations that today only have aggregated health data such as employers.
Employers have specific health data. They dont just have aggregated health data. Some of them have very detailed health data from all sorts of sources, pre-placement medical examinations, et cetera, et cetera. So there are some situations in which employers might have through their health plan if its placed with a commercial insurer only get aggregated. I mean, thats really too complicated, I think, to handle in this sentence.
MR. REYNOLDS: Let me ask this question, then. Do you feel that so if we take that out and the Secretary were to include covered entities, employers, just all employers in covered entities whether they have a health plan or not, do you think thats okay?
DR. ROTHSTEIN: Well, we recommended that in 9.1.1 and elsewhere that comprehensive privacy legislation should apply to anybody who gets confidential health information, whether youre talking about employers, life insurers, whatever.
Here, 9.1.2 is our sort of back up plan, right, and I think that what were talking about is people who regularly transmit PHI in their dealings, they should be covered. I mean, I would its not just, lets see, vendors. Its like in the California bill, the health information exchanges and so forth.
MR. REYNOLDS: Carol.
MS. MCCALL: This is one place, and then early in the paper, theres another place where it talks specifically about PHRs and uses them as kind of an example. And I guess what Id like to do is I would like it if we could find another example of something else that we would like to put into this category only because its going to seem like if all we do is hit that particular nail, people will think that all were talking about are PHRs.
An example that I would give, and it may not be one that we would use here, are some of the emerging kind of you could call them incentive and rewards health and fitness, things like that. They actually capture, carry, transmit personal health information. The program we put together with a company called Virgin Health Mile now, and so theres activity level information. But theres also blood pressures and whether I step on something and it captures it for me or enter it, they have it.
MR. REYNOLDS: Right.
MS. MCCALL: And I dont believe that they are in fact captured now they wont have everything an entire PHR will have. But they have some things, and therell be more like that all the time. What is the intent?
MR. REYNOLDS: Margret?
MS. MCCALL: Ill think of a term and give it to you tomorrow. Right now you can use a placeholder for just kind of personal health management.
MR. REYNOLDS: Other than just singling out PHR.
MS. MCCALL: Yes, its not about a record. Its some sort of device
DR. TANG: Or HRA provider is another one?
MS. MCCALL: Another what?
DR. TANG: HRA provider.
MS. MCCALL: Absolutely. These are all over the place, guys.
MR. REYNOLDS: Okay, Steve.
DR. STEINDEL: Harry, Ive always read this as what were recommending is were if the first doesnt work, our fall back as Marc calls it is expanding the definition of covered entity.
MR. REYNOLDS: Thats correct.
DR. STEINDEL: And we were very specific. We said if you are going to expand the definition of covered entity, we want to make sure you its getting late, we want to make sure that you include PHR vendors, period. That is the one specific group that we wanted as NCVHS we wanted included.
Marcs bringing up the comment that we should delete the last sentence, and I agree. I think anybody else except for that specific case of PHR vendors, whether or not theyre included in this legislation is up to the legislative process.
MR. REYNOLDS: Well, thats fine. But I will go to our open call where we heard the lady that represents the employer association made it perfectly clear that they did not want to be
DR. STEINDEL: But I dont thin we should take a position on whether they are
MR. REYNOLDS: Well, whats the difference between taking a position versus I mean, we heard all this other testimony. Im just make sure, I mean, they were adamant because they do not one of the biggest issues that weve offered, and we sat through the privacy hearings a thousand times. People are most afraid of the employer all of a sudden having everything. And yes, they have some things, but not under theyre not just handed to it by HIPAA. Marjorie?
MS. GREENBERG: Well, first of all, being a covered entity doesnt mean you can get anything. I think its a non sequitur. What it says here is, so I would agree about deleting it. But what it says here is that it should cover other organizations that manage, collect, view, store, share, disclose or otherwise make use of personal health information.
So if youre doing that, that may make you covered. But it doesnt say that by becoming a covered entity, I dont think theres anything about being a covered entity that gives you carte blanche to information unless its for maybe treatment, payment and operations. I dont know. But this doesnt make sense that if you currently have aggregated health data, making you a covered entity would give you all this access. I think theyre non sequiturs here.
MS. AMATAYAKUL: I have the exact language. Would you like there were two comments.
MR. REYNOLDS: Yes.
MS. AMATAYAKUL: Okay, one said while we support expanding HIPAA framework to non-covered entities, we believe that the proposed recommendations are unclear about whether the Committee intends to accomplish. For example, by specifically expanding the HIPAA requirements to employers, we do not believe that the Committee intends to enable all employers to receive protected health information about individuals or to change the existing HIPAA privacy rule protections that apply to group health plans which establish limitations about the types of information that group health plan can share with the employer.
However, we are concerned that differing interpretations could result if the proposed recommendations are not clearly stated. And then another comment was that because of potential concerns that expanding the privacy rule might weaken some protections, for example, by inadvertently giving employers access to PHI, we further recommend clarifying the recommendation to note that when privacy rules are expanded to non-covered entities, nothing should be construed as changing the current rules governing disclosures to employers.
MR. REYNOLDS: So having heard that, Marc, do you feel any different than you had
DR. ROTHSTEIN: No, its interesting that those concerns that there would somehow be a loss of privacy by allowing employers to get access either through group health data or through other kinds of means. I dont share that. I mean, Im certain that should that happen, but I dont think this language opens a door to that. And I think thats sort of seeing goblins under the bed. I would just
MR. REYNOLDS: Mary Jo?
DR. DEERING: Im wondering whether if theres a baby in this bath water, and Im wondering whether its the sense of unintended consequences and whether theres a baseline message that were trying to convey is that such actions should not inadvertently without specifying anything. You know, care should be taken that such enhancements, changes should not inadvertently weaken current
DR. CARR: Right. That would be great. Motherhood and apple pie.
MR. REYNOLDS: Do we reference employers at all? Just inadvertently weaken what? Okay. Everybody good with that? Gene, did you have a question?
DR. STEUERLE: I have a general comment that fits in 9.2, but it applies to a number of things throughout. Are we coming back to this tomorrow?
DR. COHN: Well, hopefully, but whatever it is, I mean, we need to hear it today.
DR. STEUERLE: My concern is there are times in here when I get the sense that there were these hearings and there were these legitimate concerns raised. And then there was a compulsion this is unfair because I didnt have time to draft it. Compulsion to say, okay, this is a legitimate concern. Lets put it in here because this is a concern, and HHS should address it.
But at times the language seems to imply that it should be addressed by writing guidance or regulations or rules. Im just thinking this Committee probably spent about a million dollars worth of staff time roughly doing this document. Its recommending HHS go back and spend millions more and that the entities out there spend, Im guessing, ten or hundreds of millions of dollars in terms of their own efforts, and where theyre really worthwhile efforts, thats okay. But I do worry that we havent really thought out or are capable of measuring the time cost we might be imposing.
And in some cases, it seems to me what were recommending is things belong on the spirit. Like, you know that thing about having adequate sample sizes stuck in here. I really dont know that we really want to write a regulation. Maybe we want to remind people if you do research, you should have adequate sample size. But I dont know that we are capable of writing in fine language even if its a regulation or a guidance or law what that amount is. And just some places I think the tone should be heres the spirit of what we found that should be done in this area. But it may not be something where there is a legal way we can put it in this recommendation to HHS the guidance or the regulation or the ruling would be there.
And I mentioned this with 9.2. I just sort of waited there. It says, you know, and we shouldnt have anti-discrimination. But theres no evidence here on what you should do. Its sort of like Congress should actually work for legislative or regulatory measures. Does this imply that the ones that we now have are inadequate? Or does it mean in the spirit of the law we should be constantly looking to make sure that that discrimination isnt there.
Theres just a lot of cases where the language implies moving in a legalistic way to solve the problem when Im not sure we have determined that thats what we want. And its a general comment, and as I say its a little bit unfair, but I saw it so many places in here where there were good things to be done, but it wasnt clear to me we knew how to prescribe it.
MR. REYNOLDS: Simon, Ill turn it back over to you. The vice chairs have gotten through it now. Simon, youre holding us up.
DR. COHN: Well, I guess without going to the general, and Gene let me mention. One of the reasons we opened this up to public comment was we wanted to make sure that we were not creating unintended burden on things.
So I have to say that we actually went out and sought that sort of input to make sure that we really were not doing things that just didnt make any sense or whatever, and the document has been significantly modified as a result of that.
Now so thats the global comment. Now youre specifically commenting about 9.2, and I think I have to look to Marc Rothstein to help us with this one only because these are recommendations that have come out of previous privacy letters from the Full Committee that maintained sort of the spirit and the I mean, it isnt like this comes out of new ideas. This is things that we have recommended previously.
Marc, do you want to comment?
DR. ROTHSTEIN: Yes, weve made several recommendations, Marjorie reminds me that since the late 1990s. In fact in our 2006 letter, recommendation R-22, this is a big June 2006 letter said HHS should support legislative or regulatory measures that eliminate or reduce as much as possible the potential harmful discriminatory effects of personal health information disclosure.
So I think we are on record as supporting broader non-discrimination laws. There are a couple changes actually that I will give to Margret on the text in 9.2 that needs to be cleaned up a little bit that might help some of your
DR. COHN: Okay. I know its after six. In fact its close to 6:20. Now any other final comments on this? Now what were going to be doing is redlining. Margret will stay up tonight to work on this one. Harry, Justine and I will wake up at 5:00 a.m. to work with her to review things, hopefully not. But anyway tomorrow morning obviously after the workgroup and subcommittee meetings, we will have a redline version to review and consider.
Hopefully, as I said, I guess I would have you all consider, I mean, weve taken obviously a lot of input. It may not be perfect. Just remember the really important part here are the recommendations, and we need to make sure those are right. A lot of things in terms of wording and wordsmithing, we can take care of offline after this meeting. So I just want to keep everybody aware of what the most important thing here is.
Now I do want to tell you that anybody who had any optimism about leaving before three oclock tomorrow afternoon, I think I would abandon that optimism because its very clear based on this conversation that were going to have issues around seven again, and were going to have to sort of try to work through that.
Anyway, with that, obviously I think we have dinner which hopefully at this point is going to move til seven since I think we all need a breath at this point. Maybe you can call them and let them know you already called. And you have instructions for us about how to walk there or otherwise get there?
MS. GREENBERG: What do we do? We walk out the front door, turn left towards DuPont Circle?
[Background chatter.]
DR. COHN: Sure, ten to seven. Okay, and the meeting is adjourned.
Whereupon at 6:22 p.m. the meeting adjourned.]