[This Transcript is Unedited]
Hubert H. Humphrey Building
330 C Street, S.W.
Washington, D.C.
Proceedings By:
CASET Associates, Ltd.
10201 Lee Highway, Suite 160
Fairfax, VA 22030
(703) 352-0091
DR. COHN: Good morning. I want to call this meeting to order. This is the first of two days of meetings of the National Committee on Vital and Health Statistics. The committee is the main advisory body to the U.S. Department of Health and Human Services on national information policy. I am Simon Cohn. I'm a practicing physician and the National Director for Health Information Policy for Kaiser Permanente and a member of the committee. I want to welcome fellow committee members, HHS staff, and others here in person. I also want to welcome those listening on the Internet. We do apologize for the feedback. Obviously I want to remind everyone to speak clearly into the microphone, which I will try to do. As I'm sure you have all noticed, I am not John Lumpkin. Obviously he is not here today, nor will he be here tomorrow. He sends his regrets. He is, as I understand, currently working on a smallpox response plan for his state in his capacity as State Director of Public Health for the state of Illinois and couldn't get away. However, we are hopeful that he will be on for a conference call with us at about 11 o'clock, to talk about the national health information infrastructure report as well as an update from the Executive Subcommittee retreat that was held in August. We hope anyway.
I do want to welcome a new member of the committee, Dr. John Danaher, from Connecticut, and when we do introductions around the room we will ask you to maybe take a minute or two just to introduce yourself if you would. We really do want to welcome you.
Let me just review for a minute the agenda briefly today. The agenda starts with an update from the department. Then we will have a briefing from Brian Burns, who is the Deputy CIO of HHS on HHS Information Systems. Afterwards, as commented, we hope to have John Lumpkin on the line with us to talk about the Executive Subcommittee retreat, and then the NHII report. After lunch, Mark Rothstein will be reviewing a draft letter on aspects of the final privacy rule being brought forward by the Subcommittee on Privacy and Confidentiality tomorrow.
Following that we will be having a briefing from the Department of Defense on E-health initiatives. Now from 3 to 5 o'clock we are going to have subcommittee breakouts, and those will again occur tomorrow morning from approximately 8:00 a.m. until 10:00 a.m., at which point we will convene again as a full committee.
I think as you are all aware, subcommittee members and staff are invited to a dinner tonight honoring Bill Braithwaite and Kathleen Fyffe for their service to the committee, and we are hoping that you obviously all can come. Talk to me later if you have any questions about that. With that, let's have some introductions around the table and then around the room.
For those that are on the national committee, we ask in the process of your introduction if you would identify if there's any issues coming before us today that you need to recuse yourselves about. I don't think there is any intent to be voting on this, but we still would, if there are issues where you would have conflicts, we do need to know about them. With that, Marjorie, would you like to introduce yourself.
MS. GREENBERG: I am Marjorie Greenberg and I know that Simon is not John Lumpkin (laughter). I am the Executive Secretary of the committee and I'm at the National Center for Health Statistics, Centers for Disease Control and Prevention. I am here today, but I will not be here tomorrow because my son will be getting married on Sunday. So I am officially and let me just say I am physically here today (laughter).
DR. FRIEDMAN: I'm Dan Friedman, with the Massachusetts Department of Public Health and a member of the committee.
MS. COLTIN: I am Kathryn Coltin. I'm with Harvard Pilgrim Health Care in Boston, and I am a member of this committee.
DR. DANAHER: My name is John Danaher, and I'll just take a moment or two to tell you about myself. More so, you can figure out how to utilize me. I am a physician. I am a board certified internist. I did my residency and chief residency at Stanford, where I was trained partially by - a fellow by the name of Ted Shortliffe, whose house that I also rented (laughter). I did send him that rent check 10 years ago (laughter). Anyway, then had the pleasure of being a White House Fellow and working for Dr. Lewis Sullivan here at HHS.
I went back to Stanford and went to business school, and worked in my first job out of business school, it was in Boston, as the Assistant to the President of the Deaconness Hospital, and then we formed an integrated delivery system there. The kind of fun thing that we bought up a number of hospitals, Glover, Nishoba, Offen Westin Baptist, and the biggest issue was we didn't salary the physicians there, but we tried to get them to become part of our network so we could do global contracting.
And so what they were asking for, one, two and three, was information systems. Now you as the parent, you know, give us information systems to make our, so we can, you know, out-compete the next doc. From Boston I went to work for a health plan called Health Systems International, which then became Information Health Systems, which is now Health Net. And what I worked on there for a very, very charismatic visionary IS leader, a fellow by the name of Mullicason, was enterprise-wide information systems solutions, and actually he is now the Chairman of the company called Health Trio, that is doing a significant installation at Harvard Pilgrim.
From there I then went to Atlanta, was part of the early management team of Web MD, and had the responsibility for the professional division and that was a very exciting, interesting time, but really think as much as anyone we tried to be at the forefront in bringing the Internet to change in the way how healthcare is delivered and accessed. And then after Web MD there was kind of the last acquisition we did, Quizitor became the Inquisitor, or whatever the - became the Inquisitor. I went and was the President of a digital health plan. There's a whole bunch of these companies now that are forming that are trying to use the Internet to make healthcare more, health insurance much more consumer centric.
And right now what I'm doing is heading up and informing and starting up an E-learning company that is in the compliance area. So I have made all my appropriate disclosures and conflict of interest and promise not to grab any of you and say hey. But I happen to believe very passionately that E-learning is one of the fields that is going to explode very shortly.
It is an honor for me to be here. I very much look forward to working with everyone and hopefully making a contribution. So thank you very much.
DR. COHN: John, we want to welcome you and obviously we will be talking I think off line with you about various subcommittees. It sounds like, by the introduction, that there will be a number of them you may be interested in.
DR. SHORTLIFFE: So I am Ted Shortliffe, formerly of Stanford, formerly a landlord (laughter). I'm currently at Columbia, where I Chair the Department of Medical Informatics, and a member of the committee.
DR. ZUBELDIA: I am Kepa Zubeldia. I am President of Claredi and a member of the committee.
DR. MAYS: Vickie Mays, University of California, Los Angeles, a member of the committee.
MS. TRUDEL: Karen Trudel, Centers for Medicare and Medicaid Services.
MS. FYFFE: Kathleen Fyffe, with the Department of Health and Human Services, Office for Civil Rights. As of last month I was a member of the committee (laughter), but my status has changed.
MS. MC ANDREW: Sue McAndrew, Office for Civil Rights.
MR. BLAIR: Jeff Blair, a member of the committee.
DR. LENGERICH: Gene Lengerich, a member of the committee. I'm from Penn State University.
DR. NEWACHECK: Paul Newacheck, with the University of California and a member of the committee.
MR. ROTHSTEIN: Mark Rothstein, University of Louisville, member of the committee.
MR. SCANLON: Jim Scanlon, with the HHS Office of Planning and Evaluation. I am the Executive Staff Director for the committee.
MS. SLYE: Marietta Slye, NCHS.
MS. CONON: Susan Conon, writer for the committee.
MS. JACKSON: Debbie Jackson, NCHS staff.
MR. FANNING: John Fanning, Office of the Assistant Secretary for Planning and Evaluation, HHS.
MS. ARRENSON: Debra Arrenson, member of the public, and here on behalf of FACEB.
MS. WILLIAMSON: Michelle Williamson, NCHS.
DR. STEINDEL: Steve Steindel, CDC.
MS. HORLICK: Gail Horlick, CDC.
MR. WILSON: Bruce Wilson, with the Physician Insurers Association.
MS. GILFOY: Helen Gilfoy, Gilfoy Consulting.
MR. GROWIN: Pete Growin, Deputy ACO for Veterans Health Administration.
MR. WINE: Mark Wine, Health IT Sharing, Department of Veterans Affairs.
MR. DATE: Michael Date, American Dental Association.
DR. EDINGER: Stan Edinger, Agency for Healthcare Research and Quality and staff to the Quality Workgroup.
MS. LOGAN: I'm Deitra Logan, Office of Information Resources Management at HHS.
MS. ALD: Vivian Ald, National Library of Medicine.
MS. GREENBERG: Barbara Greenberg, Office of the Assistant Secretary.
MS. GRAY: Courtney Gray, for the College and for Health Information Policy.
MS. BEBEE: Suzie Bebee, NCHS.
MS. GADPLA: Ellen Gadpla, Office of the Assistant Secretary for Planning and Evaluation, HHS.
MR. HARNICK: Jim Harnick, American Association of Health Plans.
MS. JONES: Katherine Jones, NCHS.
MS. BLUMMER: Marilyn Blummer, a member of the public from Aspen Systems Corporation.
DR. COHN: John, we want to welcome you.
DR. LUMPKIN: (By phone) Well thank you. I wish I were there.
DR. COHN: We've given your regrets. You will be on all morning, so that you can present the information on the Executive Subcommittee retreat and the NHII?
DR. LUMPKIN: Yes, I should be able to stay. I may be going in and out during other sections, but I'll be there for those sections for sure.
DR. COHN: Okay, well thank you for being able to join us. With that why don't we start off with the update from the department. Jim.
MR. SCANLON: Thank you, Simon, and good morning everyone. Let's see, we are going to, obviously a lot has happened since our last full committee meeting I think in June, including the events of September 11, which kind of disrupted committee work and other things for awhile as well. This morning we are going to present some activities from HHS that are of interest to the committee, and things that the committee has worked on and been interested in previously. And we are going to divide it up in a certain way.
I guess before I start I should announce, for those of you who don't know, about two personnel defections that have occurred (laughter) in the past few months.
DR. COHN: We apologize for the technical problems we are having here. Jim, do you want to try again?
MR. SCANLON: I'm going to start this morning by, first of all we are going to report on a number of activities that are of interest to the committee, the committee has been involved in within HHS, and then we are going to have our Deputy CIO here, Brian Burns later to talk about information technology within HHS, and Federal information technology, and some of the initiatives in health, in E-health. And I'm going to give a report on about three initiatives that I wanted to update the committee on, and then I'm going to try to quickly update the committee on where we are with some of the NCVHS recommendations.
But before that I did want to, just for those who haven't heard, we've had two personnel changes relating to the committee, in addition to Dr. Danaher coming on. Earl Braithwaite, who has worked with the committee in HHS probably since 19, since HIPAA was enacted in 1996, has left HHS to join the other side (laughter), has actually joined Price Waterhouse troopers in the health practice here in Washington. So just about two weeks ago Bill left HHS. So we will try to keep up some relationships with Bill. But anyway, we will all miss him and Tria will too.
But on the other hand, we did gain someone in HHS, from your side (laughter). We are happy to have Kathleen Fyffe join HHS just about three weeks ago in our Office for Civil Rights, working on the privacy regulation and issues relating to outreach in education. Kathleen is going to talk about that in a few minutes.
So with that let me turn to three initiatives briefly that the committee has been involved in, well two initiatives that the committee has been involved in, one new activity that is going to affect all of the Federal agencies, relating to information quality.
The first is a National Academy of Sciences study on the adequacy of race and ethnicity data, and basically in health systems of HHS, other Federal agencies, and the private sector, the Minority Health Research and Disparities Act, that was passed by Congress just about a year ago, you will recall directed HHS to fund a study at the National Academy of Sciences, and basically the study would look at our data systems and policies and practices within HHS, those of the states and private sector and other public data systems as well. And it would look at the adequacy of the policies and practices relating to the collection of information on race and ethnicity.
The Academy will then, will appoint a panel, I think with 10 to 12 members is what we've awarded the contract, and we'll probably have a panel of about 10 to 12 members representing a good cross section of the health sector, ranging from the research to the clinical side, to look at this issue. The Academy is, we've asked them, as part of the study, to hold a workshop to bring in clinicians and administrators and plan representatives from the private sector, to look at what the policies and practices may be there.
I think in terms of our own HHS data systems, we pretty much know what we have. We normally collect race and ethnicity data in a fairly standardized way, and the issues are more relating to sample size, cell size, this sort of an issue in some populations within the standard, rather than collecting it at all.
In the private healthcare sector there appears to remain a fair amount of confusion about the legality of collecting such information, what it can be used for, the conditions under which it can be collected or disclosed, and it appears that no matter how many operational policy letters we issue, there remains confusion about what can actually be done. So we are hoping that the Academy study and the workshop can at least shed some light on what exactly the situation is, what the problems may be, and how we might move forward.
This is literally a report to Congress from the Academy. The Secretary was directed to do the study through the Academy, but it is a report back to Congress, and it will include estimates, well descriptions of what the situation is, any barriers to overcome, and it will attempt to cost out, at least that is what Congress asked for, some of these ideas.
We have contracted for a 24-month study. I expect that we will have the workshop results within a year, and we will have the full deliberative report, at least in draft form, probably within about 18 to 20 months. And because of the committee's involvement and interest in the study and the formulation of the study, we are sending, we solicited nominations for members of that panel. As you recall, the Academy pretty much appoints panels independently, but we have arranged to at least give them ideas for who might be a pool of good candidates to pick from, including a Chair.
So if any of you in the next week want to contact me with some additional ideas about who might make a good member of the committee, please let me know.
PARTICIPANT: There generally is a kind of written charge to such a committee. Does that exist yet? That might be helpful for us to look at.
MR. SCANLON: I can circulate to this committee our scope of work. I don't think the Academy has yet posted a precise or a call for nominations yet, but I can circulate the scope of work. The Congressional language was very specific. It sort of led, it asked the panel to go through a very specific process of identifying the needs, assessing the policies and practices. And again, this is not just the Federal or the HHS data systems, and it is not just research statistics or surveillance. I think we would probably view it as sort of a failure if that's all it looked at.
I think we really are looking at healthcare quality, safety, clinical care, we are looking at discrimination potential and all sorts of things. So we do want to get the clinician point of view of the plan, the administrator point of view as well. But I will circulate electronically, if that is agreeable, the scope.
Let me turn now to an activity I think I reported on in June to the committee. Under the auspices of our HHS Data Council, the department has began to pull together a portal, an electronic gateway or portal, for, it is basically statistics and data and our program evaluation studies. The way this is visualized is a basically, ultimately kind of a one stop shopping portal.
You are all familiar with web portals where the attempt is to pull together all related web sites and web resources relating to a subject. In this case the subject is data and statistics, as well as our program evaluations in HHS, and a bit of our policy research. We've actually developed a prototype, after the Council asked us to do this, and we are testing it within ASPE, and literally we are pulling together virtually all of the web sites of our HHS agencies, as well as web sites that HHS sponsors or supports in some way, at contractors and universities as well.
And the criteria here is that it contain statistics or data from, relating to Health and Human Services, developed under our auspices. We also have links to state health web sites. We have a preliminary list. We are including others. We will also have Federal data sources, I mean and state data sources. There is one sort of room on the gateway, where we have Federal data about states, and another room next door that basically has actual state data and links the state data, health data web sites.
We have shortcuts to our major HHS data systems. There are basically about two dozen. And we have our entire meta directory of HHS data systems up there as well. That is roughly 150 of our major data systems, ranging everywhere from the surveillance at CDC to our big surveys to our administrative data at CMS. We are also in the process of updating that, just to make sure that we have the most information as well.
A unique feature that we went, much of that is basically pulling together existing web sites obviously, and organizing it and applying a certain amount of expert judgment about where these fit in and how you can search most intelligently. We have added some lengths to the NCVHS, to our Data Council, to some other data policy web sites, and the new feature is actually a new search engine that helps you to find from the holdings any of our data. You can search by topic, by key word, or by some sort of a free research.
This literally takes you to whatever data our agencies and our contractor and others may have. It could range from smoking among teenagers to administrative data at CMS to some of our completed program evaluations, going back all the way to the 70s when there was a lot of big policy research being done.
So what I hope to do is we hope to, we are testing this now in ASPE. We are working out a few kinks. I think we are planning to have kind of a beta test within HHS in December, as soon as we can work out some of these kinks, and I think I would like to come back to the committee then and have the committee take a look at it as well, because there are clearly features that we would like to open up more. We have a link as well to the administrative simplification web site. So hopefully that will be a portal resource in the data and statistics area.
We are thinking that we could establish, you know, special rooms or archives within the gateway, for example privacy. John Fanning has already developed a privacy archive pretty much of most of the policy resource documents for our Data Council Subcommittee. We might have a link there as well. We are trying to get literally access right down to the data and even the questionnaires or the forms or the records used, so that it really would be a one-stop shopping center once completed.
We can only go as far obviously as the agency itself has gone or the contractors has gone in terms of what they put up on the web site, but I think the basic framework is here for actually having a quite useful resource in gateway for health data and statistics. I should say it includes human services as well. We include research on the welfare side, on the child well being side, any of the human services programs and activities in HHS as well. And obviously we include other agencies like Census, Commerce and others who have, who do relevant work as well.
And finally let me, in terms of just initiatives, this is fairly new, a guidance from the Office of Management and Budget, that was just finalized for all agencies to comply with as of the end of September, and it basically requires all agencies to establish guidelines to insure the quality of the information they disseminate. And this is an off shoot of the Shelby Amendment relating to FOIA research data, you remember about 18 months ago. This is part two of that Shelby Amendment.
The Shelby Amendment, to remind everyone, basically made information collected under research grants subject to FOIA requests in essence. This was done because there was some resistance, well Congress believed that there was some resistance on the part of some researchers to make available data that was used for regulations, and having failed other approaches to get access to that data by the regulated entities, the Shelby Amendment was passed that literally makes this kind of information FOIA'ble.
The second chapter of that approach was a second provision in the statute that basically directed OMB to require agencies to develop guidelines for the quality of the information they disseminate. And this is actually quite interesting, because it raises as you know around the table, just thinking of the information that Federal agencies, and your organizations around the table as well disseminate, whether it is through journals, whether it is through reports, papers, presentations, or the web, how do you assure the quality of those.
In the scientific there is sort of well-established procedures for peer review, there are referee journals and so on, but what about consumer health information, what about program evaluation, what about administrative data, what about surveys and so on. It turns out that within HHS we actually, each agency, depending on the kind of information that it focused on disseminating, pretty much has various quality assurance procedures in place, and some are better and some are not. And obviously you wouldn't necessarily, the peer review standard is in a way the goal standard. You wouldn't hold all information up to that standard, though you might think about a variation of it.
So at any rate, we, HHS, and all Federal agencies will now have to have guidelines in place by next October for any information that we disseminate at that point and beyond. So we may be coming to the committee for some guidance, but what we have done within HHS is establish a workgroup just to kind of get a baseline of where these efforts stand now. And I have to say, we have in HHS probably world class information systems in many cases, and many of them are one of a kind, and obviously with the various agencies we have in HHS, we probably have some of the most high quality and objective research.
On the other hand, we have a lot of different information that is disseminated across HHS, and there are different policies and procedures to kind of assure what happens there. And there are some challenges here. The consumer health information I think is one of the areas, though it looks like now that the industry is kind of getting together now for developing some guidelines in terms of quality of the information presented.
We have library operations like NLM, we have press offices and a number of other things, and I shutter to think how we are going to deal with quality assurance in some of these things, but we, there are ways now, and I think we will look at what it is. At any rate, those guidelines have to be available and in place by next October, so we have a workgroup looking at that.
Those of the three things I wanted to update. I can take questions, and then I was going to update the committee on some of the most recent recommendations.
DR. COHN: Any questions from the committee so far? Okay.
MR. SCANLON: Let me go to some of the NCVHS recommendations and let me start with the most recent ones and just kind of update you on where you are, where they are. Yesterday at the HHS Data Council meeting Lisa Usonie, former member of the committee, came to give a report on the committee's report on improving the classification of functional status, the ICF and general recommendations relating to the ICF and functional status classification.
It was a good discussion and we are asking the agencies to look at the Tenorsol recommendations and to see where we might want to go, how it fits into the bigger picture, and where we might want to go in terms of R&D and application relating to that. So that's beginning to move forward now as well.
The committee I believe in the end of October sent a letter to CMS relating to the collection of race and ethnicity information in the Medicare Managed Care regulation, which was out for a comment period, and this is now at HCFA, at CMS, and I think all of the comments are now being looked at. I might note that the Data Council sent a comparable letter to CMS that outlined the framework for how such information might be accommodated within the Medicaid Managed Care regulations.
The committee's letter to HHS on recommendations for the modification to the privacy regulation, I think that was October 1, that is now within our Office for Civil Rights, and as the modifications are being considered and discussed for the a proposed rule later this year, we'll get an update on that later.
There were two letters I believe at the end of June relating to HIPAA, industry readiness, the industry fast track recommendations for the transactions regulations, and a number of issues actually relating to the implementation of HIPAA, particularly the transaction regulation, and our Deputy Secretary, Claude Allen, has responded to the committee, to all of the issues raised. And I think that letter is in your, should be in your agenda book.
We are working on a meeting for the Chairman of this committee to meet with our Secretary, or at least the Deputy Secretary, as soon as things quiet down a bit. And I think we might want to use the occasion of the NHII report to serve as the centerpiece of that meeting and use that as a meeting for other, to update the others in the department on the capabilities of the committee and the activities of the committee. It is looks like that is going to stretch on too long, then we will arrange a meeting with my boss or with the Deputy Secretary.
Going back even further, the recommendations for the committee relating to the retraction of the NDC codes, you will recall, on the HIPAA transaction code set regulation, that is being accomplished in a proposed rule. I guess Karen you will update everyone on a set of proposed rules relating to the transaction reg in a minute.
And finally, on patient medical record information, you will recall when the committee outlined sort of a process for moving beyond the first stage of HIPAA into the clinical patient medical record information data standards, there were a number of recommendations there. We have discussed those in the Data Council. We circulated these among our agencies, and it is fair to say that again the department, that report did not contain any recommendations for clinical data standards as you remember. It sort of set the stage where the committee gave itself a self-imposed deadline of recommending some data standards probably within an 18-month period.
I think there was a lot of receptivity within HHS for this kind of a process, looking forward to the standards. There were a number of other recommendations in that report that dealt with more or less R&D, helping to move the standards development along, and some agency work, and we've had our agencies update us on where they are. I've reported back to the Subcommittee on Standards and Security. We went through pretty much the whole list of recommendations.
And I think it is fair to say that in virtually every one of the areas, 90 percent at any rate, there is some activity, a fair amount of activity actually, underway within HHS. The actual clinical data standards themselves will, I think everyone is looking forward to.
Let me stop there and take on any other questions.
DR. COHN: And Jim, just before we open for any questions, I should indicate for everyone that the letters that you have all commented on, as well as the responses, are all on the NCVHS web site. That includes the most recent letter and response from Claude Allen.
MR. SCANLON: Yes, from Deputy Secretary Allen.
MS. GREENBERG: I thought I might just thank you, Jim, for that comprehensive report. I thought I might just add that the letter from the committee, as well as the letter from the Data Council to CMS, I believe both quoted the committee's previous report on Medicaid, data from Medicaid Managed Care. So that report lives in that regard.
DR. COHN: Any other questions or comments? Are you done? Karen do you want to go next? Go ahead and comments.
MS. TRUDEL: I'm primarily here to update you on the status of the regulations, but carrying on with the prior theme of personnel changes (laughter), I thought I would inform the committee of some changes that have occurred at CMS and what I think they mean for HIPAA.
When Administrator Scully came on board and we briefed him about HIPAA, one of his first impressions, aside from the fact that he thought we had done that 10 years ago, was you don't have enough focus on this thing. And as a result he has made some staffing and organizational changes, and he has designated a senior executive, who works in and reports directly to the Administrator's office, who will be responsible for all HIPAA activities throughout CMS. That person is Jared Adair, who was our Deputy Chief Information Officer, and she is on board and working on this as we speak.
MR. BLAIR: Could you repeat her name please slowly?
MS. TRUDEL: Jared Adair. Jared's organization, and I have moved along with her to be part of that organization, will be engaged in liaison and outreach activities for all of CMS's HIPAA undertakings, including Medicare, fee for service, managed care, Medicaid, all of the outreach, and we will have a specific focus on outreach activities, getting the message out to providers and making sure that they understand what they need to do to be HIPAA compliant.
I think what that really means is that we are rising to the challenge and this does provide a high level executive focus on HIPAA that we did not have before. So I think it is a very positive occurrence.
As long as I am talking about outreach, I would just like to mention to you that CMS has just produced a 30-minute video on HIPAA, intended for providers primarily, and it is a relatively high level discussion of HIPAA, what you need to do to be HIPAA compliant, and places that you need to go to look for things, and it talks about the transactions specifically, and also some about privacy. So we are talking about primarily the standards for which the clock is ticking, that will be available via satellite broadcast. The first broadcast will be the 29th of this month, so we are really excited about that.
Let me go on to talk about the regulations. Jim mentioned the DSMO changes that were proposed by the committee based on the DSMO fast track process, and he mentioned the proposal to limit the scope of the NDC standard to retail pharmacy transactions. And indeed we have prepared proposed rules, MPRMs, on both of those items. Those have cleared CMS, they are in the department's review process. At this point we are trying to work toward a December publication date. We are pushing as hard as we can on that.
There will be only a 30-day comment period because the discussion and the debate on these issues has already occurred in this very open format and through the DSMO process. And what we are trying to do is to get these things in place 180 days before October 16, 2002, so that people can implement the revised standards right off the bat. So that is our goal.
With respect to the remaining regulations, there are four packages that are moving not as a group, but they are all very closely grouped together time wise. The final regulation for the employer identifier, the final regulation for the security standards, yes, the proposed rules for the claims attachment standard, and the proposed rule for the plan identifier, are all on their way through the review process, the regulations are completed, and we are targeting, they will not probably all be published at the same time. We are not going to be holding regulations and publishing them in bunches, that's been decided, and we are targeting somewhere in the January through March period these will begin to roll out.
You will notice that there is a omission from that list, and that is the final rule for plan identifier, provider identifier thank you. We are still discussing issues that are related to the enumeration process. There are some really thorny issues there. They have to do with who is going to do it, how much is it going to cost, who is going to pay for it. And those are still under discussion.
You might ask why can we published the proposed rule for the plan identifier, but we can't publish the proposed rule for the provider identifier. The reason is that those same issues exist with respect to the plan ID, but that is a proposed rule, and the fact that it is a proposed rule gives us the opportunity to lay out some options and obtain public input. Therefore we can publish a proposed rule on that plan ID, but we need to have all of our decisions made before we go forward with any final rules on those two identifiers. There is discussion that the enumerator system, for instance, for both of them would be the same thing.
The other thing I haven't mentioned yet is enforcement. There is a working group in the department that has begun to scope out how the enforcement regulations should look. We still do not have a definitive decision as to where in the department or even elsewhere non-privacy enforcement activities would take place. But that is also going to be worked on by a cross-cutting group at the same time that we develop the regulation. So that is in process as well.
One other thing I wanted to mention was that earlier this week I attended and actually Kepa and Simon attended also, a WHTE Snip success conference in Florida, and there were almost 500 people there. This was a conference to share information and implementation strategies and tools, and a number of presentations had to do with regional implementation efforts that are underway. And I guess the lesson that I took away from this primarily is that the industry is stepping up to the plate.
People with something to offer, with something to share, are doing it. People who can volunteer and help to develop white papers and best practices are doing it. There are organizations in place to facilitate, they are doing that, and to make available and disseminate on a pretty wide basis the fruits of those discussions. And I think that is something that is very, very encouraging, and I think it is something that the committee has been in favor of for some time. So I think that is starting to bear some fruit.
I'll take any questions that you might have. Thank you.
DR. COHN: Let me just make a comment and then Jeff has a question. Karen, I first of all want to thank you. As you know, the committee had a letter in mid-June asking the department to expeditiously publish the remaining rules and basically get moving on it, and it really sounds like you are being responsive to our request. So I really want to thank you. Jeff.
MR. BLAIR: Karen, thank you for the good news, that Jared has been appointed to be the focal point for responsibilities within CMS on HIPAA implementation issues. That is very heartening. The question that I have is whether the scope of the focus will extend to the PMRI standards, or is that specifically focused on the financial administrative transactions and the code sets and data security that are already out?
MS. TRUDEL: The organization that she heads is looking at a number of different programmatic initiatives that cut across the agency. One of them is risk management, another is project management, and another is operational review. Some of the responsibilities that we appear to be getting seem to have to do with things like E-gov and E-health initiatives, and as a result Jeff, I think that we are going to be having some interest in the responses, the results of the PMRI workgroup.
DR. COHN: Thank you.
DR. ZUBELDIA: Karen, you mentioned this video that HHS is producing to give more HIPAA education to providers. Would it be possible for I suggest to make that video available to the SNIP regional workgroups for showing in their meetings, because they are having meetings pretty much on a monthly basis and it could be a good educational tool for them.
MS. TRUDEL: For once I am ahead of you Kepa (laughter). I already talked to the education group at SNIP while I was at the conference, and offered to at least pilot the use of it in one of the regional SNIPs to see how it worked.
PARTICIPANT: Karen, may I ask you another question about the video? Is it an awareness video or is it, I mean what is the video seeking to do, is the first thing? And then how are you publicizing it so providers know that this resource exists then?
MS. TRUDEL: Well I'll take the last one first. Anytime I'm up in front of more than 10 people I talk about it (laughter). A CMS resource called Med Learn, it is a site from the HCFA, the old HCFA web site, and that contains an enormous amount of information for Med Learn - provider groups especially know that the video is going to be aired at a certain time, and then if people want to serve as downlink sites they can register to do that. And then providers can find out where the downlink sites are in their area and possible go and sit in. Very often like large hospitals or universities that have satellite capabilities and an auditorium will offer to serve as the host, and then providers in that area can go and view the video.
As to what it is intended to do, there really are several different aspects. One is just general awareness. It is coming, you have to cope with this, here are some of the boundaries to it. We also did several location shots though, where we went and interviewed an institutional provider and a professional physician practice, and talked to the practice managers and asked them what they were doing, how their compliance activities were going, what they had found, what was important. And so it sort of gives the viewer the ability to see what someone who is pretty far ahead on their compliance activities is actually doing, and how they got started.
DR. COHN: Thank you. I'm sure we will be talking about this tomorrow at the subcommittee. Kepa, is it an important question?
DR. ZUBELDIA: It is not on the video. It is something I think is pretty important. On this addenda to implementation guides, you mentioned that the intention of the department is to have the final rule in time for the 180 days before October 16. Is the intention to sunset the May 2000 implementation guides at that point, and have the industry implement the addenda version, or would there be a period of implementation of both?
MS. TRUDEL: We are still discussing those options. I'm hoping that we will get some good industry feedback on that issue from the proposed rule as well.
DR. COHEN: Karen, thank you. I know we will be further discussing this tomorrow morning at the Subcommittee on Standards and Security, so I'm sure there will be additional questions and comments as we move forward. Ms. McAndrew and Kathleen Fyffe, do you want to talk about the privacy regulation and current status.
MS. MC ANDREW: First I wanted to thank the committee for their October letter recommending suggested changes, some modifications, and/or additional guidance in the privacy area, and we look forward to the second half of the letter. I would say that. good news/bad news, it is still timely. The department's decision making is ongoing, but all the decisions have not been made. And so your views are more than welcome and they will be timely whenever your second letter comes to us.
We have I think responded mostly in the way of an acknowledgment to your October letter and the substantive response to your comments and suggestions will be contained in the rule making when it comes out. To the extent there is anything that is not covered in the rule making, we would bear your indulgence and send you a letter to coincide with the publication of that document to complete comment on all of your recommendations.
But we really do appreciate your public hearings and your input, and we are very anxious to make sure that we get it right and that we get this rule on the street so that it is workable by the time the April 2003 compliance date comes around.
The mods are consuming most of my time. What is left over will be devoted to working on additional guidance material, answering those questions that have been raised that do not require an actual regulation change, but can be done through clarification. And we are committed to having more guidance materials in the way of frequently asked questions and other materials up on the web. We did the initial package in July. I do not expect that we will have much more to add before the end of the year because the mods are so consuming, but we are committed in the coming year to getting more and more frequent information up on the web to help in the compliance area.
And with that said I would turn it over to Kathleen Fyffe, and I can't tell you how happy I am (laughter) that she has joined the Office for Civil Rights and has taken the reins in the public education, technical assistance outreach area. It is so nice to have that very, very important function in extremely capable hands, and to have good strong minds and wills available to press those much needed efforts forward. So with that I will turn it over to Kathleen.
MS. FYFFE: Thank you, Sue. Good morning to the committee, and this is a bit strange for me to sit on this side, rather than be one of you. The outreach area in the Office for Civil Rights for the HIPAA privacy rule is staffed now. I have working for me three folks, Linda Sanchez, who came over from ASPE, also Kelly Hilman, who is a new hire, who has excellent HIPAA background experience from the state of Maryland, and also Elke Chaviz, Some of you might be acquainted with Elke, who had been in the Secretary's office.
And we are going to be focusing on outreach public education and technical assistance materials. I'm anxiously awaiting an approved budget from Congress in order to specify exactly where the outreach is going to be and where we will be putting our efforts. But I would welcome any feedback from this committee, because you are out in the field, about the types of outreach and technical assistance in public education activities we should be doing that would be most helpful to everyone in the U.S.
And at this point I would be happy to take any questions.
DR. COHN: Well first of all, just to start before questions start, I want to thank you obviously for the opportunity to provide input to the development of the proposed, next generation of the proposed or modified rule. So I think we want to thank you for the opportunity for that. Having said that, do we have a view on the time line for a next notice of proposed rule making for privacy?
MS. MC ANDREW: We do not have a specific time line. I think unfortunately the events of September 11th have seriously altered the original time line. We had been hopeful of having the mods done through both proposed and final rule making by April 2002, so that there would be a full year beyond that left of the original two-year compliance deadline. I'm not optimistic that we can make up for the time that was lost in order to have a final rule out by that April date.
We are still hopeful of, I mean this still is as fast tracked as we can make it. I think we are aware that the compliance clock is ticking, and would be targeting to get the proposal on the street as early next year as possible. But I have a feeling that a January or February date for the MPRM is probably the best we can do at this point. And with that I don't think that we will make a final rule by April.
DR. COHN: I think we probably in the public and the industry probably all appreciates at least that guidance in terms of time frames. Other questions? Mark.
MR. ROTHSTEIN: Kathleen, could you sketch out in broad terms what you think the education and outreach component is likely to be. I know it is perhaps an unfair question, so I mean any general comments would be interesting.
MS. FYFFE: In broad terms, we would be working with and through the 10 HHS regions in the U.S. They have offices in major cities such as Boston, Philadelphia, Atlanta, San Francisco, Seattle, Dallas, Kansas City. And I have thought that we would want to work with state and regional trade associations and professional societies. For example, the state hospital associations, I've had some preliminary conversations with a few of those, as well as state medical societies, in addition to the national organizations who have already been heavily involved. But again, without having an approved budget and knowing exactly what I'm dealing with, it is difficult for me to be more specific than that.
In terms of technical assistance materials, in addition to the frequently asked questions and guidance that Sue is working on, there might be such things as compliance checklists, summaries of the rules according to or various audiences that would need to comply with the rule, and maybe over time possibly compiling some best practices. But those are generally my thoughts at this point in time. But again, I want to emphasize that HHS and the Office for Civil Rights has 10 regions around the country, who already have relationships with a number of regional and state organizations.
DR. COHN: Kathleen and Susan, are you going to be able to join us for the subcommittee session this afternoon, for additional questions.
MS. FYFFE: I'm going to try my best.
DR. COHN: Okay, thank you. Well I will apologize to our next speaker. We obviously started 15 minutes late, and I think those of you who know me know that I run a pretty tight agenda. But I figured since we started 15 minutes late, we would allow this important session to go on for its full length. So I want to thank all of you for I think this very interesting and informative update, and obviously look forward to continued conversations with you as the full committee continues with its meetings over the next day and a half. So thank you, and we'll do everything we can to help move this forward.
With that thank you, and Brian, we look forward to your presentation.
MR. SCANLON: While Brian is setting up, I might just say a couple of illusions to the budget process. The HHS and just about all of the other Federal agencies are now in fiscal year 2002, and we basically have only a continuing resolution, which more or less on a month to month basis allows us to spend more or less at the same level as last year or other assumptions. It is not clear when the actual this year because of September 11th and other issues, when the actual appropriations for various departments and agencies like HHS will be enacted.
At the same time the fiscal year 2003 budget was developed earlier this summer and sent over to OMB. That would be the President 's budget ultimately that will go up later this year. But I think anything is up for change now because of September 11th. I think budgets are up for change and reorientation and things have pretty much gotten a bit off track. I think they are getting back on track now after the events.
And I have to say that HHS has actually been involved very much in the middle of the bioterrorism efforts. There 's an operations room right one floor below us, where the Stonehinge conference rooms used to be. That 's where the CDC folks and others are working. They are literally about 20 steps from the Secretary 's office. Thank goodness there was somewhat of a respite in the anthrax cases, and there is a reassessment going on obviously now.
But CDC and other Federal agencies, NIH and others, were really drawn in, did a wonderful job really on this event, and hopefully will be prepared for the next one, hopefully we don't have one. But a lot of the resources have been directed towards that, and certainly the leadership on the sixth floor has been taken up with much of that activity.
(Break)
MR. BURNS: My name is Brian Burns and I 'm the Deputy Chief Information Officer for the Department of Health and Human Services, and what I like to do is go through and talk a little bit about some of the initiatives that we have underway within Health and Human Services.
I'm going to start out at probably a layer that you probably are not as much interested in, but it is an important part, to make you aware of where we are looking at our infrastructure development, and then get into some of the applications that we are going to be supporting over the next fiscal year, and also in the next five years.
So without further ado, I'm going to start and talk about very quickly what does the typical user see. The typical user sees the systems that we have, a phone, a person they are going to talk to, an application, and data base. But from our perspective as a CIO, there's far more things that we have to provide in order to provide the communication, whether that is security, whether that's the network, whether it is all the switching gear in between.
Our biggest challenge right now, quite frankly, is security. One of the issues that we have is security awareness. It has to be at all levels of the organization. It needs to be priority one. We have to build, to trust the relationships between the organizations, and we have to have ample resources in order to allocate the funding and the staff to provide the appropriate security that we have. And these are the fundamental challenges that we have today.
I'll talk a little bit more about trust and relationships when I talk about public key infrastructure. The bottom line is that security is very simply to be secure you have to know what you have, where it is, who owns it, who uses it, how is it configured, and when was it last modified. If you can't answer these questions, we are not going to have a secured system, we are not going to be able to protect the data with the systems that we have.
We have a variety of drivers at Health and Human Services, whether this is specific to the data we are collecting or other areas. First of all we have the Clarin Cohen Act, the Paperwork Reduction Act, we have security requirements from government information security format to continuity of operations and critical infrastructure, HIPAA regulations, and now E-gov initiatives that are coming out, including electronic signature and digital signature.
Where we are going to be going within HHS quite frankly gets down to three major things, mitigate our risks, reduce our costs, and improve our efficiency. How are we going to do that? Well we are going to do it in a couple ways. First of all we are going to make security and privacy priority number one in the IT arena. We are going to consolidate where possible and bring our data centers together where we can, our applications together, and working with the Data Council, looking at how we can do more survey techniques and so on together and provide better cohesiveness within the data that we collect in the systems we support.
We are also going to procure enterprise-wide licensing. One of the things we have recently done is a SAS license, where we have opened it up to the entire department. We have also opened it up to our contractors that support HHS, and in the case of CDC, for some of their grant communities, they actually have access to the software. And this is a vital thing to understand, that if you have grants, you don't necessary have to go out there and procure the software separately and so on.
There may be an opportunity within HHS to get these software tools at either a discount or no price. That will be worked on a case by case situation with the grant community. But if you are a contractor or if you are within HHS, we will have these programs available.
We are going to enforce the investment review process so that we can better manage our programs, and completely enforce the architecture that we are assembling at this point. And we are going to manage in a standard commodity utility environment. Today how we operate when we get into our infrastructure quite frankly, is as if each organization has their own power plant. And what we need to do is basically have a utility down the street and we plug into it. IT is getting to that point where we are an appliance and we are a commodity. We are no longer these gee whiz brain surgeons out there. We don 't need to do that.
We also have to design our web sites as a planned community instead of the urban sprawl that we have today. Within HHS we have some very good web sites. We have Med Line, we have Health Finder, we have Cancer Net, very good web sites. But we also have 2,000 web sites. We have 400 web masters and 8 million web pages. So we have to better organize that. And then we are going to pilot the solutions.
Just a little history. Before 1995 we were pretty much stand alone systems. We have been moving from 1995 to 2001 to be interoperable. I mean let's connect everything together. But quite frankly, with the new Administration, Secretary Thompson wants one HHS and we are going to begin to move towards integration. This is where we are going to save a lot of money and get the bang for the buck as we move forward.
We are in full support of the enterprise architecture that the Federal CIO Council has put out. It is a five-tiered architecture. You start with your business architecture, derive your data, derive your applications, for the technical solutions in place, and then have the security architecture that links all these together.
Why do we do that within HHS. We 've decided it is really a four-level model. At the very bottom is the things that people quite frankly don't really care about, but are probably the most important things. How do you do network management, how do you do software distribution, how do you do security management, how do you do user support out there for Help Desk and so on. These things have got to have the metrics in place to roll up to your business goals and also link to department goals.
The other thing we have done is we are now looking at cross functional areas for things such as procurement, financial management, grants management and these activities, where in the past each organization had their own systems and looked at that. Well really where we are going to begin to focus is on the applications within the programs. We are going to allow the programs to continue to develop their applications, but they are going to be supported through these utility layers, but ultimately the change that we are going to have is the funnel effect of through E-government providing better continuity of systems, portals and technology so we can bring data in and out without having to know where do you have to go throughout the organizations. And that is what we are going to attempt to do.
Just another picture of the same thing. And utilities, they stack upon each other and they are building blocks, and we have actually gone out to identify which of these building blocks are we going to pick off first. And what we have decided is we've developed a five-year plan where infrastructure and cross functional systems, and the first things that we are going to quite frankly spend our money on are network redesign. We have seven major networks within HHS and 13 operating divisions and about 50 IT staffs and so on and so on.
We are going to go down to one virtual private network is what we are going to attempt to do. We are going to see if we can streamline things. We got NEDSS out there, which is another great capability, how can we fold that in and really exploit that technology there. We are going to put the configuration manager in place, we are going to provide the security event management, and we are also going to provide accounting.
Security, we have three major goals. One, improve the reliability and availability of our systems, protect the integrity and confidentiality, and quite frankly, provide a PKI solution for authenticity and also non-refutation. Earth modernization, we've got activities, configuration management, governance process, and in our world of accounting we are going to be putting in new financial management systems, one for Medicare and Medicaid, another one for everyone else in HHS. And we've also started on our own human resources system, People Soft Solution.
So those are cross functionals. Here 's one called system or capability - I would advise any of you to look at. The National Cancer Institute developed usability.gov. They looked at Cancer Net and they wanted to organize content. How do we get information to people better than how we 've organized before. Well they sat down and did usability studies. Well what they decided to do is then well let 's package that, and then working with HHS, instead of us going off and trying to figure out how to do this independent, we basically said NCI, we'll use your concept, we'll use your capabilities for the department. They have a usability lab where you can come in, you can bring your web sites, you can test them out, you can see if they are designed well for users, and they put the cognitive modeling together with the data to see if it is a good fit.
Usability.gov actually has and outlines a variety of empirical data that is out there through studies and research that identifies what are the capabilities of putting a web site together, how is best to organize data. So you may want to take a look at that, and that is something we are going to use as we begin to develop web portals and other technology as we move forward.
This is near and dear to everybody 's heart. One of the things that is going to drive infrastructure quite frankly is HIPAA. As you know, it is in effect, we have two years to implement it, and basically how are we going to do that. That's a good question. Well internally we have the Data Council which we are collaborating with, we have ASPE leading privacy, we have CMS leading security, and we have OCR on the enforcement side.
Well what this is really driving us to is another activity. Healthcare PKI is a working group that we put together through the Federal CIO Council, and under the auspices of the Federal PKE bridge. The concept here is how do we get HHS, Social Security, VA, Department of Defense, DEA, OMB, GSA, United Postal Service if we want to get into registration, how do we get us all to communicate and begin to build some solution that we can use.
We've talked to the Western Governors Association, we've talked to the state of Illinois, we've talked to NAS CIO, which is the National Association of CIOs, and what we are trying to do is come up with some common ground in which we can develop a solution that we can all live with. And this gets back to the trusted relationships. In the Federal PKI model there 's four levels of security associated with that. The least level is basically give a certificate and the person can trade back and forth.
Level three is the level we basically said we are going to standardize on. This is our minimum level. What this means is that for level three, first of all you have to have in-person registration. You can 't just use FACE="WP TypographicSymbols">AI know this person, give me a certificate. FACE="WP TypographicSymbols">@ You have got to register some place. Well that kind of opens Pandora 's box a little bit, how do you register and how do you validate. One of the organizations that we are looking at is the Postal Service as potentially a place to go and register.
The question is once you register, who validates either your passport, your drivers license, or any other, birth certificate or so on. Do they have some mechanism back to either the state agency to look that information up and validate it or not. That is what we are working on now. Postal Service has a couple ways that they think they can actually provide from a risk management standpoint pretty high, well pretty low risk and high probability that you are that person through some of the other software that they have that can inter-correlate data bases. So that's a mechanism. That's not necessarily the only mechanism that we will be looking at.
The other think that is happening is the Western Governors Association is piloting their Health Passport. It is a good concept. It is a smart card technology, in which they have a PKI certificate. They also have some data on there with health records. And the idea is to be able to go into your office with this thing, plug it in, and be able to identify you are that person, and share the appropriate information between organizations. They have just piloted it in a couple of states and we are working with them to see if there is a way we can roll this out.
The other issue that surrounds that quite frankly is the issue of do we have a national health ID, and the answer is no. I mean by law we cannot do that. So that is very clear. So what do we do instead. One of the ways to do this potentially is through the states. Let the states be essentially the keepers of the identifiers and work through them. So that is probably the path we are going to be going down, and legally can go down also. So that is really going to be the stumbling block I think with PKI.
It is not going to be technology, it is going to be purely the policy and the legislative mandates that we are under. We want to move out on this as quick as we can within the next year or two, see if we can get some pilots really going, and demonstrate this capability of sharing medical information from one point to the other, and also identifying through that person that they have the right to do that.
The E-government committee, through OMB and also through the Federal CIO Council, put together what they call the quick silver team. The quick silver team surveyed the Federal government and looked at essentially all the activities that are going on within E-government. They settled down to about 23 initiatives that they are going to fund and they are going to promote as high priority. They break into four categories, government to citizen, government to business, government to government, and essentially internal, or in our case as interactive tools here, but internal processes to improve our capabilities.
The heart of this is again enterprise infrastructure management. We have to have the appropriate networking, the appropriate security, and so on in place. Of the 23, HHS is going to be very heavily involved in three. The three are E-consolidate health informatics, and CMS is going to be the lead on that, and that is a collaboration between Veterans Administration and DOD and CMS and also Indian Health Services within HHS. But E-vital statistics is going to be led by Social Security and also collaborate with HHS, and that is another major initiative.
And then E-grants is something that HHS is also working on at this point, and that is to provide a front-end portal to provide better capability of identifying what the grants are out there, so you can better apply.
Very quickly, E-common health informatics that says healthcare information held by Federal, state, and local agencies, healthcare providers and physicians, insurers, need to be shared amongst the organizations to improve healthcare, reduce administrative costs, and streamline eligibility determination and claim payment processes. That 's the goal of the common health informatics.
Associated with that is other things that have been going on, such as government computer-based records. That will be tied into this also, and as you know, VA and DOD and Indian Health Service have been piloting that capability and have been pretty successful so far in the pilot mode.
E-vital statistics, as it basically says, is basically a partnership between SSA and HHS to collect national vital statistics from the states, and it also helps to establish data standards, and that is the goal of that program. And E-grants is to provide online Federal grant administration grant administration in a governmental and non-profit partners.
HHS a year ago, we sat down and we actually formulated our focus areas, very similar to actually what came out of the - we had citizen constituent participation, or government to citizen, we had online customer access, which is really government to business, we had government to government, which is government to government, and we had interactive tools and productivity which is internal. We broke core, we deal with an HHS into these quadrants, so we have grants and contracts in our government 's business area, we have E-money and E-funds transfer in our government to government, we have internal processes such as our interim law capability for electronic cataloging, Federal commons and so on.
The other key area though is the government to citizen. If you look on the left hand side, there's a lot of activities that are on the human services side, and on the right hand side a lot of things that are on the health side. And these are actual systems we have up and running today, E-government capabilities that we are going to continue to move forward with, focusing on those three that I mentioned up front from the E-gov perspective, but then internally with an HHS.
Some of the forces that are impacting these quite frankly though are citizen expectations and cultural differences. Here this is very important to us. The usability, and this gets back to usability.gov, the usability is going to be a key aspect as we design these systems. It is not just the data, it is not the technology, it is how do you get this information out. There was a lot of talk last year about a, I think they call it a town community metaphor, or town center metaphor, for developing web sites. Well that is all well and good, but we do have nations out there, tribal nations, where that metaphor may not be the appropriate metaphor.
We have to look at that, we have to look at the language barriers, the language differences, as we design our screens, and those type of capabilities. So the metaphors and the language are key aspects that we have to look at.
Standards for privacy, as I mentioned, PKI is going to be critical to how we do this. We've got to get the infrastructure in place. We have to have the Federal bridge, in our view, up and running so that the Federal government can communicate with each other. And then if we can get industry to agree with the same standards, we will be in a lot better shape. There's other standard groups out there that are proposing capabilities, and thank goodness we are working with them, so that we have basically a common ground between these things.
Human factors, real simply, we've got to look at the layouts, we've got to look at how we design our screens, the content, better search and find capability, disability support, and as mentioned, cultural differences. The HHS web page, we, excuse me?
PARTICIPANT: You are standing in front of the projector much of the time and we are not seeing the slides.
MR. BURNS: Oh, I'm sorry, that's all you had to say. One of the things we did with our web site, we kind of designed it to do more the human factors of grabbing information and pulling into the center and trying to make it look nice and pretty. Recently with 911 we 've actually gone away from this a little bit and are putting out more content. If you look at our screens today, the bottom of this, this has been replaced and it 's what the latest stuff that we have out there, what are the emergency contact points, where are the blood banks, where are the places you can get additional information, either on anthrax or whatever. So we are now going back to instead of nice and pretty, back to content, and focus on the content.
Health Finder is another excellent example of a web site that we have. It is content oriented. It is very easy to find information, and it pulls together a lot of the HHS information that we have. Med Line is another good example of bringing research and other information together so you can find pretty rapidly. And then Cancer Net, as I mentioned, they spend a significant amount of time looking at the content format of this and making it easy to find information. That is critical when we are looking at these things.
So real quickly, the bottom line is we have to take these into consideration and go from the urban sprawl that we have today into more of a planned community. I'm going to skip portal technology.
Another thing that we are working on, and Steve Parmesan at HRSA is involved with this very heavily, is basically web based Federal credentialing capability. This is going to be important to bring together as we do PKI, as we bring in health records. The next level beyond identification is also roles and responsibilities. And this is where the Federal credentialing is going to play a significant role at that point of tying things back together.
Ill Health Tele-medicine is another program that we are going to continue. We have a variety of pilots underway at this point between - FDA, CMS, Indian Health Services and so on. IHS, VA and DOD have already piloted out in Alaska, and they are also, as I mentioned, doing the government computer-based records.
Knowledge management is another area that we are going to expand generically, and then focus on specific aspects of knowledge bases. We are trying to get the technology at this point that we are going to utilize, and then figure out which domains we are going to go after from a knowledge management standpoint.
And the last thing is distance learning that we are going to be focusing on. We've actually implemented internally for employees a pilot to do about 700 courses online. Our goal there is to extend that out to all the employees, but then same idea, contractors and so on, and out at the state and local communities to help train them in areas of health and human service activities.
So these are essentially the key areas that we have been moving towards as we look at our enterprise infrastructure management, the way we are going to be developing our E-government strategy, and moving forward with our technology. Any questions? Thank you.
DR. DANAHER: This is just a comment. It is a tremendously ambitious endeavor, and I just share some of the scars that I have on my bar. I used to be a Web MD. We had the responsibility for launching the professional portal, and I guess there's a lot of similarities I perceive in what you are doing. Just kind of the mistakes that I made that I might would like to share with you is there's a tendency I think when you are doing this to have at the end of the day, we had a lot of stuff, a lot of great stuff, but there wasn't really a cohesive, it wasn't cohesive tapestry. And so I guess what I would, there was a front page article in the Wall Street Journal about two days ago about the new CEO of Mattel. What this guy is doing now is he is doing a lot of early stage focus groups to figure out what people want. And so I guess if I had to make a suggestion about something I wish I had done differently, is who are the people who are most likely, who are your customers, who are the people who are most likely to use this, and then based upon that, how are they going to access these departments, how are they going to access this portal, and what 's the most likely sequence that you 'd go about doing it.
So I guess what I am getting at is it is a tremendous exercise that you are doing to get all these different departments and divisions, et cetera. The risk that you run is, you know, you've got ASPE and they are promulgating things about privacy, and you've got CMS doing security, and you've got E-grants. At the end of the day, rather than just kind of having a big aggregated shopping mall, can you and in the early stages of the state of architecturing that you are going through, is there a way of kind of figuring out what the customers are going to want to do and building it on that.
MR. BURNS: Yes, I mean it is an excellent point, and quite frankly what we started with was gee, let's put a web page out there, and that's what we did, and so we have a bunch of stand alone things. The next thing we said is well let's at least provide some index to that. So we have an index. Now you kind of have to know what organization that was in. We attempted to do, going back to the four quadrants, was let's get away from the 13 organizations or 12 organizations that we have, and begin to focus on the grouping of the information, not the organization itself.
So we are in that process right now. I 'm not saying we are done by any stretch of the imagination, but we are starting there. Then with, going back to NCI, with usability.gov, that is where we can start doing exactly what you are saying. Let's take some of these web sites, let's take some of these content domains that we need to define, and let's test them out. Let's go in there and see, does it make sense how we are organizing these things or not. That 's where we are attempting to go. We are not there yet, but it is going to be a long haul.
DR. DANAHER: The last point I would just quickly say, because I 'm very interested you know, Ted with his background in AI, et cetera, you know, one of the kind of nice little things might be as the user gets on, is to be able to fill out a quick profile, so what gets served, you know, in the way you kind of architect the data, so that it becomes more customized to their needs.
MR. BURNS: And that's a good idea. The one thing we have to balance there is we also have restrictions on what we can do from a privacy standpoint and collect. So that is the magic question, how do you secure and keep it private at the same time, and then we have the OMB requirement of no cookies, so that is another issue that we have, and then what do we do with that data and is it a system of record at that point.
So we want to begin to build portals, but there 's also a lot of hurdles we are going to have to get over from a privacy standpoint of what we can keep, can 't keep, and what we can and cannot do.
DR. SHORTLIFFE: As John suggested, I see an incredible ambitious set of ideas in what you have just been describing here, and it is not just building a unified and sort of consistent web portal. Particularly interesting to me was the efforts that I hadn't heard about, and trying to develop some kind of not only technically acceptable, but politically sensitive and acceptable PKI approach, because that does seem to be absolutely crucial.
You are talking now about the ability to actually have individual patients register so they can be properly identified when they interact over the Internet, and we can begin to do much more secure things with patients in an Internet environment once we have an infrastructure in place for doing that, and yet have to do it in a way that is compliant with, you know, the lack of a single health identifier for the nation. So I really like the sounds of that activity.
I know there have been local and regional experiments, that some companies have been working the area and the like, but I think getting some kind of coordinative Federal approach that involves the states and looks, you know, in a way that really will work across state boundaries, would be very exciting and would meet the needs for a variety of health applications that go well beyond things that the government itself does. It would be a kind of government service to help create the infrastructure that would support many other activities in the health care sector in that regard.
But coming back to the way you sort of framed your presentation, I understand and sympathize with the desire to bring together the diverse resources spread across all these agencies within HHS. The fact is, however, that each of them built what they have today very much as an in house activity. Now you pointed out that that has led to a kind of hodgepodge. On the other hand it has led to a kind of pride of ownership in a sense that we did it, we owned it, we built it, and I see some real challenges within the department in dealing with the politics and resistance that you might encounter in trying to bring together under one kind of philosophy a kind of centralized approach to the way that the HHS web world looks.
And it is not, maybe it is not just political, I mean maybe you do lose something in trying to bring that all together and provide a kind of uniform set of interfaces. So you didn't talk at all about the potential downside of this kind of bringing together. I keep my ear to the ground and I know that some of the agencies out there within HHS are quite worried about some of the centralization and activities because they fear lose of control and their own quality control on what they have been doing, and a concern that they will be told how they must do their web site when they feel they know darn well how to do it already. And so how do you deal with that?
MR. BURNS: There's a couple of things we are looking at, and the first level of this is, where we are starting with, is this I call the Tupperware approach, the container. We are not dealing with the content, we are just dealing with the container. Do you really care if it is your own server, or can we consolidate that into a server form and consolidate it just purely from a data center standpoint. That is where we are focused right now, can we do that.
From a content standpoint, there is really no push at the department level to, maybe I shouldn't be this bold and say this, from a content standpoint, the owners of the content are the program offices. They will remain to be the program office/owners. We need to share some data, but from an IT perspective, we are not pushing to say now let's take that and try to mush that all together. We are trying to say is do we have common content out there between organizations, and can be begin to aggregate some of that data.
We want to start looking at that, but we are going to leave it to those program offices to figure that out quite frankly, because they understand the business. We don't from an IT perspective understand that business, and that is not our job, that's more the Data Council's role to provide that information and that guidance than the IT folks. But we are going to be pushing on the can we combine the boxes, can we combine the technology that we are using out here.
And the technology then brings up the question well then are you stifling creativity or not, you know, should you use things like ATG capability for portals or should you use oracles capabilities. Well probably what we will do is on an IT perspective do enterprise licenses for both or whoever comes along with the tools, make that available, but then have some guidelines go with that. What should be on the web sites, OMB gives us guidance of what icons we must put on and so on. If you look at ours, you know, even things for kids and First Gov.gov and all those things, the labels have got to be there. But it's really going to remain as a program specific content ownership at that point.
So I don't know if that really answers your question. It is going to be a balancing act. It is not going to be easy, and there is a lot of resistance out there, because we are talking about consolidation of IT, which people sometimes confuse with consolidation of the actual content, and that is not really what we are talking about.
DR. SHORTLIFFE: Well by analogy to what we sometimes encounter in smaller organizations, I mean academic medical centers which don 't feel all that small, although by these standards are tiny, there is an increasing desire, now that web sites and information resources have grown up sort of helter-skelter, to not only bring them together, but to try to adopt an organizational look and feel, you know, the watermark of the web site kind of notion.
Now that is starting to affect content, if you do that. It is the way, if you really try to do that, if there's an HHS wide look, sort of look and feel directive, on what Med Line Plus should look like or the CDC Travel Pages should look like or something, you could see where you begin to start directing from a central location the way in which those very popular and very heavily -
MR. BURNS: The point -how do you aggregate some of this data. Should we just say now two sites have two sets of data, there you go, or should we try to build composite data sets out of this stuff. That is going to be a far more difficult issue to wrestle with. We are just trying to quite frankly get it all together and get some, our arms around it all and identify it all. The next step is how do you begin to aggregate it, and that is where we are going to need your help to help us figure out how to do that.
DR. COHN: Okay, Jeff.
MR. BLAIR: Actually I think Ted addressed some of the questions that I have. I guess I would like a little bit of clarification here, and maybe it is from slides that I just couldn't see, but you refer to the users, and you refer to, you know, working in coordination. By the way, I really applaud the idea of your being able to pull everything together and to work with standards communities and so, you know, I really applaud the intent, the direction, and the way you are approaching things.
When you talk to us about certification of users, that was where I didn 't quite understand the scope of the project, and you referenced the GCPR project and the Indian Health Service and the VA that's part of that, and the DOD that is all part of that. And it sounded to me a little bit as if you were, the scope of your effort actually includes patients that would be served by each of those institutions as providers. That I felt was interesting, and you mentioned that you were figuring that the Post Office might provide the certification.
And did you feel like the Post Office was going to provide certification for all users, or just the patients of those institutions, or did you envision separate certification bodies like for the healthcare professionals and the employees of these organizations, or is this question going beyond where you are right now and that is going to be worked out in the future.
MR. BURNS: Let's back up a little bit on terminology, because, you know, certification is a dangerous word sometimes here. What I was talking about is purely from an IT perspective of public key infrastructure. You have registration authority and certificate authority. So at the first level what we are talking about is in the Postal situation, they can be a registrant, they don't have to be the registrant. But the idea here is you need some body that you trust that will allow somebody to come in and say I am that person, identify themselves, have credentials with them, and in the typical case it has been passport, birth certificate, and/or, it has got to be at least two, and/or drivers license.
So can the Postal Service do that capability for you. Well in theory they can. The question is can they validate that information either on the spot or whatever. The one advantage to the Post Office is because they have the postal laws. If you falsify a postal claim, you can go to jail for that. So there 's some legal bounds that they have that maybe other let's say industry organizations may not have that legal bound to go after the people with.
The certificate authority quite frankly could be Postal Service, it could be In Trust, it could be Verisign, it could be any certificate authority company out there that provides that capability. The key though is that they say I 've registered a person, now we are going to issue a certificate for that person. At the healthcare PKI level we are just talking ID only at this point, we are not talking any roles or responsibilities. It is purely am I that person, yes, no. At that point the idea is to have your information go back to the appropriate party or system and they do the appropriate roles and registrations at that point. Are you a credentialed doctor, are you an authorized insurance agent, are you the person on that medical record. That would have to go back to those systems and do the identification.
Now that also opens Pandora's box too, because now we are talking about designing systems from an enterprise directory perspective or, you know, a LDAP or whatever you want to get into, whichever standard you want to use, and begin to go down those directory service capabilities instead of the traditional ways you have done today, which is standard passwords in a data base.
So I don't know if that answers your question, but that's kind of where we are going at this point.
MR. BLAIR: Well let me save my questions for maybe if you could give me your business card and we could talk after this (laughter).
DR. COHN: Okay Jeff, thank you. Kepa and Vickie then Clem.
DR. LUMPKIN: A comment?
DR. COHN: Yes, John.
DR. LUMPKIN: That's my hand up.
DR. COHN: Oh you have your hand up too (laughter), okay. I think we will have you be the last questioner, because at the point we will transition to you.
DR. ZUBELDIA: And Dr. Lumpkin has his hand up because in Illinois they are developing a PKI, and that kind of leads to my question. There 's a number of PKIs in process in healthcare in the private sector. There 's a South Key project funded by the - Johnson Foundation, the California Medical - is developing a PKI, the AMA is developing a PKI, and there's several other private PKI projects.
You mentioned that you are going to be working with Federal PKI bridge, and I am wondering if you are going to connect these other private PKIs into a Federal PKI bridge. There has been an attempt by the private PKIs to create a private healthcare bridge, drawn by Miter Tech. And that is kind of not working right now, and I think that one thing that we have to keep in mind is that in the private sector in healthcare, they consider that they know their employees, hospitals know their employees, and the state medical associations know their doctor much better than the Post Office, and you have a much better reliability and assurance by knowing people personally, than just by going to the Post Office with a piece of paper.
So the concern is that there may be a wide difference between the Federal PKI bridge levels and what the private sector is doing, and I am wondering how you are going to integrate those two, and if you are going to integrate those two. And then if you are going to do that, if you have considered the need in healthcare that it is becoming very evident that people need portability of the certificates, either with smart cards or something, where if you have a centralized solution like what you are proposing, you probably can have a centralized private key data base because it is - by the Federal government, for our government employees, whereas in the private that may not work.
MR. BURNS: Well first of all it is not a centralized model. The Federal PKI bridge it is really an interoperability model, where you have multiple sources for certificate authorities, and what it is is you have agreed policy-wise that if you get a certificate from this it is identified at what level that that has been cleared at. So at that point you can then transfer that and say we accept that certificate from company A to company B, and that 's the point of that. So we don 't have one central thing.
Now quite frankly, my understanding is DEA is setting up a centralized one for licensing of physicians for type two and type one drugs, or level one and level two. That is a little bit different, and we are working with them to see what we can work out there. We have talked to CMA and the idea is can we get to agree on the same policy levels. How do they do in-person registration. What they were talking about in their example, if I remember correctly, was I 'm a physician, I know that physician, I'll vouch for that physician.
Well technically that is in-person validation if you know that person. So that would be acceptable under that policy, and that would qualify as a level three capability. CMA, I think it was CMA and I think it was Social Security also, was very concerned about having a, another way of doing this was having a public notary notarize. And the answer to that was no. So we took that out of our policy, and that is a change from the Federal PKI bridge level three to where we are. So you can't use a notary public. People didn't feel that was secure enough so we said okay fine, we 'll back off on that and take that out of our policy.
So we are trying to work with the different organizations as they come forward. And that is the key, which ones are working well and which ones aren't. There's been a lot of attempts, there's been a lot of failures out there. We are trying to figure out why did they fail and then which ones are working well at this point.
DR. ZUBELDIA: Would those private organizations be able to connect with the Federal PKI bridge?
MR. BURNS: That's something I have to, I can't answer that question right now. I would have to go back to the Federal PKI bridge group to officially answer that. The goal here though is if we can agree to the same standard, the idea is, are they officially connected or unofficially, it is the same standard we are using, then we can share the certificates back and forth. It would come down to would HHS accept the CMA certificate, would HHS accept an AMA certificate, and vice versa.
It wouldn't be the Federal PKI bridge saying I accept it or not. But we would have to identify that we agree with that policy that that organization has, and that is essentially the same implementation or close enough that we feel secure enough at that point.
DR. ZUBELDIA: Could you continue this conversation later?
DR. COHN: Well yes, I was actually going to make the following comments. Obviously we have dipped into PKI and the whole issue of digital signature (laughter), and I want to observe first that we are not going to solve the problem during this session. I am also going to observe that the full committee obviously has a great deal of interest, especially in its responsibility around digital signature standards in terms of following this.
And I think what we are hearing is that since the last hearings and updates from the last year, that there has been considerable progress and activity in relationship to that by the Federal government, and we need as a full committee either today or tomorrow, to figure out whether or not this needs to be a subject of further subcommittee hearings, a significantly long session at our February full committee meeting, because clearly we are not going to solve it in the next 10 minutes.
But I think it is clearly an issue that we need to get into and feel comfortable with, because at some point we are going to need to come forward with digital signature standards. And I think from my user provider, the last thing in the world I want to have is a PKI standard and set of certificates with the Federal government and another one for the DEA, and another one for payers that I have to deal with, and another one and you know, on and on and on. It is not my view of a good outcome for the future.
MR. BLAIR: Simon, could I suggest with respect to what you are saying, since the Subcommittee on Standards and Security in February, that Kepa will be heading, is going to be addressing this particular issues, maybe we could invite Brian to join us at that session.
DR. COHN: Well that is actually procedure codes, and I think that the issue will be one thing we can discuss here later today or tomorrow, whether this should be deferred to the subcommittee or if it is such an interest to the full committee, we can ride a special session, and I would I think refer some to John about that one. Now John, did you have a question? I mean Vickie and Clem are before you. Did you want to have a question or comment though right now?
DR. LUMPKIN: Actually my comment was exactly what you said, which is to do an update, and I think that we would want to have both Federal, state, and private partners to present. So exactly what you said.
DR. COHN: Great, gosh, we hadn't talked about this beforehand, but it is good that we are in agreement. Okay Vickie, your question, and I guess I would ask, recognizing that we've Vickie and Clem, just to try to get us back a little bit on schedule, if we can contain our questions, please.
DR. MAYS: Okay, I'll only do one question. You said something at the very beginning about combining surveys, and it kind of went quickly. Could you talk a little bit more about that.
MR. BURNS: Actually no (laughter). That 's not really my domain. It is more in Jim's area.
MR. SCANLON: We have a data strategy and a data integration underway. We had a survey integration initiative where, I thought we briefed the committee on this, but maybe it is time to brief them again, we basically looked at all of our major surveys within HHS, and we did some integration, the centerpiece being the national health interview survey and the medical expenditure panel survey, and we tend to use the HIS as the nucleus or the focal point I should say probably for relating to a number of other surveys. I can brief the full committee at any point on where we are with that effort.
It is now operational. The health interview survey serves as the sampling frame for the MEPS. We have the national survey of family growth, the NHANES, and a number of other surveys oriented towards those. And where they are not directly linked, they are linked in terms of comparability and other analytic approaches. We are not sure we can take that much forward, because it has got to the point, well the more you integrate the more interdependent everything becomes, and you may reach the point where the respondent, the poor respondent is spending six hours (laughter). So you have to sort of know where you have reached the point of optimization, and then you sort of look. But we can arrange a briefing on that for the full committee.
DR. MC DONALD: A number of similar comments. This is a huge task and that is scary automatically for the government to take on a huge task (laughter). But what is encouraging is that I heard more savvy in your discussion in this task than I have in many other government discussions of task. So I am really encouraged that you have sort of, you have the moxie you need to get some of these things done, and you have picked out some of the important issues.
Regarding, I just can't help but say something about the certificates, and there really, there is a huge problem. If we as hospitals and institutions are going to be at risk for giving out the wrong information, wrong patients under the privacy regulations to not be damn sure who is who, and frankly I remember as kids, not me, some other kids who drink under age, and they had perfect IDs. It just wasn't them, you know. So the real issue is how do you know they are them, and I don 't think the Post Office can know they are them at the level you would want to know to be letting people do things in your institution.
So there's a challenge. Biometrics, especially with all the new television, you know, viewing how you can spot people in a crowd, this sounds very appealing, but that may have other problems.
And the last thing you said, that we can 't have a patient ID, and maybe the group could un-confuse me, because it is against the law. I kind of thought it was against the law not to have one because HIPAA said we have to have one. I realize that politically it is not possible, but didn 't HIPAA say we were supposed to have a national patient ID, and that hasn't been revoked.
MR. SCANLON: You are right, Clem. HIPAA, enacted in 1996, contains a requirement that among the standards that we would adopt and promulgate in the U.S., would be one for a unique health identifier for individuals. But subsequent to that time, we have been directed by the White House and the Congress, and we literally have it in our appropriations language, that HHS is prohibited from using any of our funds for developing or adopting or promulgating unique health identifier until Congress says so.
DR. MC DONALD: So that means it is against economic law.
MR. SCANLON: It is literally in our appropriations. In fact we shouldn 't even be talking about this.
DR. COHN: So I think the answer is, Clem, you can do it on your spare time for free. I'm just being facetious obviously. Let me read the following. I guess I need a little bit of guidance and John, are you there?
DR. LUMPKIN: I am.
DR. COHN: Okay. I guess the question is that this is obviously, and please Brian, this was a wonderful presentation and thank you for updating us on it. I think that there's some very interesting Federal activity. But as a committee I know that we are obviously tremendously interested in the issues of PKI, digital signature, where we are and where we should be. And I know that the subcommittee I've attended, I mean Kepa has been taking the lead on this one and the Subcommittee on Standards and Security had intended to do at least a little brief update sometime over the next couple of months to sort of take a look at this one.
It seems to me that the full committee, I 'm just sort of looking for interest, maybe in February we should try to carve out some time for a fairly extensive panel, and John I think you mentioned the players, the Federal, the privates, us and others should be here.
DR. LUMPKIN: There are two states, Washington and Illinois.
DR. COHN: That's right. It seems to me that there's just multiple players on this one, and I would think that our interest here is to make sure that we don't wind up with multiple different, incompatible PKI infrastructures, and that things are moving sort of towards appropriate sort of standards and supportive standards. And I guess the question is, just looking at everybody, is this something that you would like to see in February at the full committee? John, do you have a thought on this one?
DR. LUMPKIN: Well I think it would be very appropriate, and good timing.
DR. COHN: Okay. Other nods from people that we should pursue this further? Okay, I just want to make sure that there is full committee interest as opposed to just having the subcommittee delve into it. Okay, I think we will look to maybe Kepa helping us put together the appropriate people and all this, and I think Brian, if it is okay with you, we may very well have you back for some further discussions about this.
MR. BURNS: That's fine. The other thing is I'll send to Jim, we have regular meetings for the healthcare PKI, and we open them up to pretty much everybody. So if you want to attend, you are welcome to attend. And we do have a web site. Unfortunately I just don't remember the URL for it right now.
DR. COHN: I just want to thank you very much. I mean you went through a tremendous amount of information very rapidly. I mean you are sort of reminding me of somebody from Kaiser Permanente, which is the organization I represent, trying to talk about the overall national IP plans, and we are a very large organization, sort of like HHS and trying to become a nation IT organization, and I think I understand very personally the issues that you are trying to deal with as you move from regional or local environments and infrastructures to something national. You obviously have my understanding - and I think we all recognize the difficulties of this job, as well as the issue that being a lot of it is going to require ongoing attention, and that is obviously something that we always know is a problem, especially in the Federal government, that sometimes things go well for a couple of years, and then suddenly there is a new direction. But certainly it looks like a very good architecture. So I congratulate you on that. With that, any final thoughts before we move into the other issues?
MR. BURNS: Thank you.
DR. COHN: Brian, if you have time, would you like to stay for the NHII presentation and discussion, or do you have other? Okay. Well I 'm sure that we 'll want to have you review the report at some point. John, are you there?
DR. LUMPKIN: In fact I am.
DR. COHN: Good, okay, well I think I would defer to you then. I think the two issues we were going to ask you to talk about had to do with the Executive Subcommittee retreat, if you would like to provide an update, and then we can move into the NHII report. I guess I should just ask about the NHII. Is that an actual action item intended today, or is this a review of the report?
DR. LUMPKIN: The intent was on the agenda, as we do with these reports, to bring them out for initial discussion and then final action tomorrow. Obviously if everybody has read it and they are completely thrilled with, then we can go ahead and take a vote at the end of the session. But the plan was to get comments and then have the committee review them and then come back with a final approval tomorrow.
DR. COHN: Okay. Were you going to make modifications in your workgroup this afternoon?
DR. LUMPKIN: That was our plan. Of course I was intending to be there.
DR. COHN: Oh we have the workgroup, okay. I see people nodding their heads. Okay well good. Okay John, go ahead.
DR. LUMPKIN: First under tab 3 is the report and the summary of the Executive Subcommittee retreat. I think the key issues to talk about is that we've had this ongoing debate that has sort of been characterized as being right brain, left brain, concerning the issues of the population base of broader public health and population health issues, and then the right brain being our standards, work and security and privacy. And after really kind of thrashing this out and realizing that we are probably beating ourselves for something that is hard to own responsibility for, we sort of came to the conclusion that it was not based upon the committee's, a sense of narrow vision, rather than a sense of restrictions due to resources and personnel.
And so that we believe that the committee remains committed to taking both approaches, a firm commitment and lead role on standards as well as a lead role on issues related to population health and public health data issues.
We went on further to talk about one of the important roles of the committee, and that is to exercise leadership in building bridges among areas and disciplines, and this kind of follows from the prior discussion, and that one of the things that we would look at for the full committee, and certainly would appreciate input from the various members, is to the extent that we can have hearings that will allow us to focus on these topics where it may not seem appropriate for any particular subcommittee, but the kind of cross cutting, bridging issues are ones that would be appropriate for the full committee.
We further went on and discussed the issue that we have had a very long history of the committee being involved in international issues, and we 've kind of have not had time to do that much, at least during the time that I have been on the committee, and while we have had some very important presentations from Marjorie and others about some international development, that we need to continue to include an international scan as part of the work of the subcommittees, both those that are dealing with standards and privacy, where the issues remain very significant in dealing with the European Union and others as we have discussed, but also issues related to other standards in public health and population based areas.
We had some ongoing discussion about enhancing our relationship with the ARC and the Quality Forum, in relationship to the National Quality Report, and that seems to be progressing fairly well. And then finally we talked about the composition of our meetings and following up on the comments and discussion for the last session, looking at ways that we can enhance the full committee time and discussion in areas that are more cross cutting and significant to all the members.
So that is kind of a very short rundown of what we had in our retreat and our discussions, and a full detailed summary is under tap, so if there are any questions, I would be happy to answer them or other members of the Executive Subcommittee could answer them.
DR. COHN: John, I think people seem satisfied with that report. I don 't see any comments or questions.
DR. LUMPKIN: Great, love it.
DR. COHN: Did the meeting with Claude Allen occur yet, that is referred to here, or is that the one you are talking about doing about the NHII report?
DR. LUMPKIN: Yes.
MR. SCANLON: Yes. This is Jim Scanlon. I think Ted will try to have the full, the centerpiece will be the NHII report. We 've been trying to get the Secretaries and this thing settled out.
DR. ZUBELDIA: Simon, I have a question.
DR. COHN: Okay, Kepa.
DR. ZUBELDIA: In the action bullets, the last one that says the next - annual report will cover 2000 to 2002. Does that mean that we won 't have an annual report for 2001?
DR. COHN: No. It may have been a mistype. It is the NCHS annual report.
DR. LUMPKIN: Yes, as opposed to the HIPAA. There are annual reports and then there are reports or summaries of the work of the committee, and I believe this refers to that.
MS. GREENBERG: It is not the HIPAA report. This is the, we used to put out annual committee reports before HIPAA, and then we had the HIPAA annual report. We've moved more to a multi-year reports on the overall work of the committee.
DR. COHN: I guess I should clarify, since the Subcommittee on Standards and Security is responsible for at least the initial drafting of that report though, I do expect that we will be seeing a fair amount of input from the Subcommittee on Privacy and Confidentiality this year. But I think as is common with our previous work, what we are going to try to do is to get this done by February for the full committee meeting, and depending on how it is, it will either be a draft for consideration and review in June, or the hope would obviously be that it would be of sufficient completeness that it could be actually passed at the February meeting.
John. Actually, any other questions for John before we move on? Okay. Well I think we are done with those issues. John, do you want to go on to the NHII?
DR. LUMPKIN: Certainly. I think I would like to first start off to say that this has been a process that has spanned a number of years of the committee and a number of, two Chairs of the workgroup, ongoing leadership by Mary Jo and Steve and Michelle and Theresa and Cynthia, and of course we could not survive without our scribe, who is moving to California, who has of course enabled us as a committee to be literate, not only just for our workgroup, but other work of the committee and other subcommittees. So Susan, we know even though you are only virtually leaving us, physically leaving us and virtually still here, so I did want to give thanks, and then to the members of the committee who have worked very diligently.
This is a follow up to the interim report that the committee has adopted, and we've moved forward to the Secretary. We've had some interim reports since that report, verbal reports to the committee, and all the committee has had an opportunity to review the recommendations that are at the end of the report and are a key component of that.
The full committee should have a chance, should have had a chance to read the document under section four, and I just want to highlight a few items and then lead into the discussion. We have started off with our vision of the need for the national health information infrastructure, and as the document reflects, we believe that the importance of this is not only, ought to be on the front burner, is current, but as we as a nation are addressing how we respond to the events of September 11th and the subsequent anthrax attacks, we recognize that health information becomes not only an issue of improving overall health of the public, becomes also an issue of national security, and as such, this report and the recommendations takes on heightened importance.
As all of you know, I was unable to attend the meeting because, you know, we in the states are really dramatically evaluating what we are doing. We are making an incredible amount of plans and alternative arrangements, figuring out how we are going to better be able to monitor the health of people in our state as well as other states, as we address the new reality of what terrorism can do to us in our homeland.
This report talks about the kinds of things and identifies key things, key activities that need to occur. But first and foremost, as we lead into in our Executive Summary, is that the clear message we received when we conducted our hearings, that there is a need for Federal leadership, that we need to have clear leadership that pulls together the concepts, that rededicates itself to the development of standards and creating the foundation in which entrepreneurial activity can occur and innovation can flourish, and that a fundamental foundation of that of course is the standards that enable the data to move, and not only just in the financial side and the transaction side and the health information side, with things like patient medical record information, a document, and the subsequent activities of the standards committee, but also in a broader sense with the national standards that CDC is developing.
But clearly a national center needs to be present on health information policy to allow this national health information infrastructure to occur.
The committee's recommendations fit into three key stages. The first stage has certain tasks, which you can see on page six, the creating of a senior focus position and thrust with appropriate support within the Department of Health and Human Services, to be the lead on pulling together this national health information infrastructure and the pieces that will be necessary to allow it to come into being. Issues related to that of course, that it is not just enough to have the personal and the leadership structure, but also funding and authority to be able to carry out these things.
Division will need to continually be fleshed out with policy and implementation plans, enhancements upon the work of the committee as it goes from the conceptual design into the actual development of the plan as it gets increasingly more detail and tasks are being assigned. We have to look at the establishment of incentives and a balance of incentives and requirements, and I think as organizations are looking at the realities of HIPAA, what they are seeing is that when you begin to get beyond the initial cost, the benefits are starting to become clearer and clearer, and various reports from organizations, healthcare organizations that have now begun to spec out the long term savings of these kind of standardizations.
In addition the short range is the launching of comprehensive standards acceleration process as the sort of the foundation for many of the conceptual ideas that are being presented within the document, and the need for ongoing commitment of the resources by HHS to accelerate that standard process.
And the second phase, which is a little bit long term, talks about developing and expanding collaboration at national, state, and local levels, to kind of bring this sort of conceptual model throughout, with clear partnership with the private sector, and to continue the complete and - the implementation plan.
And then finally the last stage talks about carrying out the implementation plan in all the relevant areas, with the involvement of the private sector and all levels of government.
So it is not an overly long document. I think it is a document that is current, that it is pertinent to the times, and with the enhancements by the full committee and adoption, I believe that we are ready to move this to the Secretary to really lay the foundation for this dramatic step, and our vision, the nation's vision for a health information infrastructure that meets our needs of not only government and national security, but individual people and the country as they move forward to enhance their health and improve their safety.
Questions, comments, problems with the report. I think - would be very happy to entertain them and to the extent that we don 't have any show stoppers, to then move this report on for adoption.
DR. COHN: I think we do probably have some questions and comments. I actually had a couple of questions and comments, one substantive and another having to do with I think somewhat the format. John, I think you can appreciate that one of the great pleasures of flying across country is that you have a chance to read such short reports that you are describing (laughter). They are actually going to make me move to Washington, DC because of that (laughter).
Actually I had a specific question, and actually I think conceptually I think it is hard not to support these. These are very important recommendations. As I began to look in the substance, specifically the recommendations, I found myself scratching my head a little bit at the, in your recommendation, second paragraph, on the Federal government, where it says this office would lead responsibility for personal health information privacy issues and activities within HHS and then semicolon the HHS Office of Civil Rights would retain responsibility for enforcement of HIPAA - privacy regulations. Can you perhaps provide me some insight into why this office should be dealing as the lead group on privacy issues?
DR. LUMPKIN: Well I think that this really follows some of our construct and some of our thoughts as we were framing the recommendations, and other members of the workgroup should feel free to jump in, but that HHS as an organization has two responsibilities. One, under HIPAA they have lead responsibility for the privacy provisions of HIPAA, and that really reflects how privacy is protected throughout health and healthcare related transactions and communication.
But the second is that HHS has a host of privacy issues that are related to how HHS does its work and handles its data. And so the thought would be is that there would be a bifurcation of its national responsibility as well as its internal responsibility. Mary Jo, are you shaking your head?
DR. DEERING: No, I wasn't shaking my head. I think that you have stated it pretty well, and I would also say that it follows the general construct that responsibility for many tasks is split across the department. I mean we noted that in one of our tables. And this is just following the general principle that one of the purposes of this office was to help bring together responsibilities that lay rightfully within other specific areas.
DR. COHN: Okay. I guess before we leave this one, I 'm just sort of looking at our Chair of our Subcommittee on Privacy and Confidentiality, about whether you have any opinions or comments on this one. I mean if everyone is fine about it, I am happy to leave it. I just thought it was sort of an odd activity that could easily swallow all of the other activities that this office might do, and that was just sort of the observation of when you start dipping in at this level on privacy, it can be sort of overwhelming. Actually I don 't know if our Chair wants to comment.
MR. ROTHSTEIN: Well I don't have any specific comments, Simon. It is something that probably would merit discussion at the department level, should they consider that, because it would be a major reconfiguration of the resources, the human resources, in working this out. And whether that is better or worse organizationally, I'm certainly not in a position to say. But I do hear the concern that you raise.
DR. COHN: Okay, Jim.
MR. SCANLON: Just an observation. Proposing an organizational unit, you want to probably be a little careful about how specific you get, because then you don't leave the department much wiggle room in terms of optimizing. And the other thing is you probably want to be careful not to mix functions. Operational functions are one thing. Outreach and - other type programs, R&D type programs, are something else.
In the privacy area, as in many other areas, there are some structures already besides, HIPAA is not the only privacy activity within HHS, I think all of you know that. There is a fair amount of activity. HHS is the first and only Federal agency to actually have an HHS privacy advocate. I think Justice has subsequently established one. But I think particularly on this one, you may want to rethink. It is one thing to have a focal point and say that HHS should strengthen the focal point for that sort of thing, but I 'm not sure you want to give it to this office necessarily.
DR. LUMPKIN: Okay. Well let us mark that for something that we can refine at our workgroup meeting.
DR. COHN: Okay. I think Paul Newacheck has his hand up, and then Clem.
DR. NEWACHECK: Thank you. I think this is a very important report. I think it does an excellent job of articulating a vision, the need for this health information infrastructure, and I am very supportive of it.
What I wondered about is whether the workgroup has thought much about next steps for this. This is obviously kind of a birds eye view of health information infrastructure and fleshing it out, and beginning that process of moving this forward is obviously going to be very important. And I 'm concerned that some of our reports in the past, once they have been issued, haven 't gone too much further than that. And I wondered has the workgroup thought through what the next steps would be in this process of making sure that this report gets the attention that it deserves?
DR. LUMPKIN: Well first of all I think that this, you know, the activities by the committee has already generated a fair bit of attention and focus. The National Quality Forum is already convening, or will be convening next spring, a conference on trying to build public and private partnerships to advance the national health information infrastructure, building upon activities of prior organizations, including our committee which has been asked to support a summit that they are trying to pull together.
The second response to that is that, you know, I think it is an ongoing role of the committee to work with the department, but in a sense the way we have functioned is to sort of toss the ball to your Department of Health and Human Services, and I think that it may not be fair to say that our reports have languished. I think they have generated a lot of internal activity that we may not see always, but that subsequently we begin to see some internal responses to that and recognizing that HHS, being as large an organization as it is, moves when it has the time to do, which it hasn 't over the last two months, demonstrating it can move very quickly I think in the last two months.
But most other times when it does have the time to be deliberate, it is deliberate in responding to the kinds of things that we have submitted. So I believe that our committee would continue to have a monitoring role and that we would expect them to, that HHS would partner with us as they roll out, and determine how they will accept the responsibility that we are urging them to accept.
DR. COHN: Okay. Clem. Oh you are going to respond?
MS. GREENBERG: Just on that particular point. We set a bit of a precedent I think with the functional status report, in which we asked, or the committee, asked the Data Council, or the department through the Data Council, to provide an annual report back on how the department was pursuing the recommendations. And as was noted, that report was presented yesterday at the Data Council. And I'm sure this report, actually the interim report on NHII, was presented to the Data Council previously. And this final one certainly will be.
And I believe the draft cover letter that I saw is including that as well, which you might think was part of the functionally status report. You might want to put it actually into the report as well. So I learned from Jim Scanlon we don't make policy in letters (laughter), and so anything that is in a letter should probably also be in the report. But I think that that is a good pattern actually, and I'm not saying it is sufficient, but I think it is a way of really trying to have some ongoing feedback when recommendations are expected to be dealt with over a long period of time. They aren't something that can be dealt with quickly, but we want to have that.
DR. SHORTLIFFE: On this point, very briefly, I just wanted to say that one of the reasons that I would like to see the final report out is that I am still to this day seeing a lot of people reference the draft, and it is amazing the impact I think that the draft has had. It has clearly circulated widely. A lot of people have read it, a lot of people keep pointing to the NCVHS NHII report, not really knowing that it is a draft. So this may be good news in terms of the chance of having an impact, because I think there really is a sort of voracious appetite for seeing this get out there. But I agree with the point that we need to be vigilant to make sure that we follow up, yes.
DR. COHN: Dan and then Jim on the same issue.
PARTICIPANT: A different issue.
DR. COHN: That's what I thought.
DR. FRIEDMAN: Simon, I'll be brief. I completely agree with Paul's point, and I think in some ways the more fundamental and broad the recommendations, the greater the need for followup, and I am concerned about it for both this report and this workgroup, as well as for the health statistics one that we are working on. And I think in some ways that we should conceptualize an important ongoing activity of the workgroup as working on, not just monitoring, but trying to - implementation of the recommendations, you know, rather than just putting it out there, rather than just waiting for monitoring, really working on trying to push, actively push implementation. So I think it is a very well taken point.
MR. SCANLON: Well I think in terms of the report itself, as with any reports, I think it is really the burden on HHS to make sure that the report is circulated and presented to our leadership and actually gets a thorough kind of an assessment within HHS. Whether or not HHS, we can assure you I think a fair hearing and consideration, but whether the specific recommendations get, you know, get modified or changed or something like that, I think you sort of have to let the process work its way through.
But I guess the other point is to the extent that you make the cornerstone of your report to passing the ball to HHS, you sort of left a vacuum to some extent otherwise, and particularly the industry, I 'm not sure what the industry, what guidance there is to the industry or the market, or what the market itself could do. It is hard to change, without understanding the market, to sort of change things. So at any rate, we can certainly assure you I think at the very top levels of HHS, that the report will be seriously evaluated, and then hopefully moved forward.
DR. COHN: Jeff, is this on this issue or another issue?
MR. BLAIR: This issue.
DR. COHN: This issue, okay.
MR. BLAIR: Ted, you mentioned that there has been widespread visibility and reaction to the draft NHII report, and I was wondering if you feel like the final report here addresses any weaknesses or ambiguities or criticisms that the draft got. Are we in good shape with this or is there something we still need to address?
DR. SHORTLIFFE: Well you know people I don 't think have analyzed the report and that therefore the substance of this report is sufficiently different, that having it out there hopefully will have an incremental impact shall we say.
DR. LUMPKIN: If I could maybe make a suggestion, and part of the problem may be is that I think when we are scheduled to meet as a workgroup I may be in the air.
DR. COHN: On a plane you mean (laughter).
DR. LUMPKIN: Yes, on an airplane. And it sounds to me that we probably need a concluding paragraph that would describe what the committee will be doing, that the workgroup would continue with, monitor the implementation by the department and conduct hearings on how the non-Federal portions or significant stakeholders are responding to the report and the recommendations.
DR. COHN: John, very good. That was exactly sort of where I was going to be, sort of asking everybody. So that's a great suggestion. Clem, did you have a comment?
DR. MC DONALD: I have actually some problems with it. Some of it is just surface things that I think are somewhat naive, but I don 't, maybe too much detail. One of them, like the hand helds, it says we maybe be using, more than 57 percent of doctors may be using them, and that maybe true, but it doesn 't, the implication is that therefore we solve our communication problems. These are not wireless, these are not ones you can do dialogue in and out. So that a couple places I think some enthusiast on a given technology has kind of just taken over a paragraph, and I think it is maybe, it wouldn't, it dishes the report a little bit by suggesting something that isn't true.
My major concern is this is largely a report that says we have got to standardize, and I think it either diminishes or doesn 't know about or is ignorant about, or damns by being praised, that almost negligent mention that is made of the standards organizations. There's not a reference to what they, you know, their address, where they are. There's one sentence that says these standards organizations are doing some good things, and then the next sentence says but it is not very good. I mean it is sort of damning by - praise.
The discussion of Canada does bring up the fact that the big provinces that are having massive effects, like British Columbia, which has standardized all of its drug data and all of its lab data and doing it through HL7, you are talking about this kind of vague super model instead of what they have really done at the troop level. You've talked about public health and not mentioned the five to eight year old projects with immunization. I mean there 's progress that has been made, and I think it sort of sounds like we just invented this subject here. You are not giving credit to those agencies and efforts that have already occurred.
And I think it does a disservice to the process. I don 't think, the report is great, but I just think, maybe it is partly my fault. I thought I was promised a beefing up of this when we had that telephone call, and I didn 't get a chance to do the editing that I would have done if I wasn't doing too many other things.
DR. SHORTLIFFE: Clem, you need to move to California so you have longer plane flights (laughter). So we need you to beef it up.
DR. MC DONALD: I think this is something we could do this afternoon even, if I could get on a keyboard and get a printer or something like that, some suggestions. It is a good report. It is just that one dimension when we are speaking so strongly about standards and we don 't recognize, you know, what is there that we can build on a little stronger, and make some more concrete statements.
There are some other things, like the standards organizations should assure that you have, you know, certain kinds of people there. Well they are open and free to everybody, so it sort of suggests, you know, how do you do that and how do you pick those categories. And there are some action items that may be a little tricky. They should welcome those as though they aren 't. It is just that if people don't choose to go, they don't go, unless you are saying we should pay their way, you know, your government should pay their way, but then how do you pick who you pay the way of.
DR. COHN: So Clem, just to sort of restate some of the things. You are talking about page 16, 15, 16, about a paragraph that has to do with various percentages of implementation.
DR. MC DONALD: That's roughly my -
DR. COHN: Well no, I meant actually that I looked at that stuff and I sort of went huh, I mean only in the sense I saw it footnoted, but I'm not sure I really believe the statistics, and I think your comment is it does make you wonder about the validity of the rest of the report. I wouldn 't say we should change the statistics, but probably the workgroup needs to review those and make sure that they are comfortable with them.
DR. MC DONALD: Well it is not the statistics, it is the implication that is suggested, that if everybody uses these hand helds, therefore we have solved the problem. Well 90 percent of the usage is to look things up, and the hand helds, those who have experienced them, they are very difficult to enter data into rapidly. So it doesn't solve the problem. I think this raises though once we get them in, then we've got the linkages all connected between physicians and providers and the patients and everything is solved. That's the problem I have with it.
DR. COHN: Well okay. Well I guess I looked at that and I also was myself scratching my head a little about the statistics that 53 percent of the providers report they are either beginning to install hardware and software for CPRs or have planned CPR implementation, and I was sort of scratching my head. I wasn't sure that I thought that that was very real or not. And that was sort of my, and that was sort of the type of statistics that make you scratch your head.
MR. BLAIR: Could I comment on that?
DR. COHN: Jeff, sure.
MR. BLAIR: Because Mary Jo, is this the reference to the EHR report?
MS. GREENBERG: It is.
MR. BLAIR: Okay. That is not a survey of all providers, so it is not saying that it is, and maybe we need to clarify that those are folks, just like the HIMS survey, the EHR survey, basically are folks that wind up responding on the Internet, and I think we need to clarify that that is the survey that it is so that it is not misinterpreted.
DR. COHN: Okay, and I was just, you know, just following up on Clem 's piece, which I wasn 't even going to mention.
DR. LUMPKIN: Right, because actually, if you look at that paragraph that you are describing and the following paragraph, the intent of those paragraphs are to say that the technology is unevenly being diffused, of technology throughout the healthcare sector, but that there is an increasing commitment by healthcare organizations to some form of electronic automation. And I think it is just in building that case and I just think to the extent that Clem can help with some language that may allow us to make that point without obviously getting to far out on a plank, that would appear to be making a broader statement than what we want to do.
DR. DEERING: This is Mary Jo, if I could, and I also welcome his attention to the implication that we assumed that this technology all worked. I mean certainly not only is it diffuse, that we did not mean to imply in any way, shape or form that it has reached the threshold that it needs to have reached. So this was just an illustration of what is out there. So to the extent that you can help us tighten that up, I think that would be very helpful.
DR. COHN: Yes, Jim Scanlon.
MR. SCANLON: Following that paragraph, this is page 17, paragraph 2, where the discussion now turns to clinical data standards, PMRI standards. The paragraph reads as if the committee has already recommended clinical data standards, and I think the whole idea was that we would be recommending data standards. The 2000 report was more of a process and a framework for which those could be recommended. So we could make an edit to, referring to the upcoming or the forthcoming clinical data standards I think in that paragraph.
PARTICIPANT: Which one was that?
MR. SCANLON: In addition to the PMRI standard recommended by NCVHS in 2000. It sounds like they have already been recommended.
DR. LUMPKIN: Okay. So we just need to clarify that sentence.
DR. NEWACHECK: Just another wordsmithing issue, on page 4. I think it is important that we don't give anybody the idea that this infrastructure is going to be intrusive on people's lives, and I don't think it is clearly meant not to do that in fact. But on line 4 of page 4, where we are describing the personal health dimension, it says the personal health dimension supports the management of individual wellness and healthcare decision making. When I read that I kind of took it to be potentially that someone else was going to be managing my individual wellness and decision making, and I think it would read much better is we just simply took out the management of, so that it would be the personal health dimension supports individual wellness and healthcare decision making.
DR. LUMPKIN: How about if, well we can work on the language, but something along the lines of it supports the individual 's management of their wellness and healthcare decision.
DR. NEWACHECK: That would be fine, and it is also on page 14 too.
DR. LUMPKIN: Okay.
DR. COHN: John, I guess I will chime in on, back to the recommendations. I guess it is really a question for the workgroup, and I am in strong support of the recommendations with the comment that I already made about the privacy issues, but I found myself sort of scratching my head as we went. Now I guess, who is the recipient of these recommendations, I really do tend to think they are HHS and the Federal government, and I found myself looking very hard at the Federal recommendations, and then sort of trailing off with all of these miscellaneous groups of other recommendations.
And I just wasn't sure that the recommendations section was served by lumping all other people with all these miscellaneous recommendations in the same area, and it seems to me that if indeed you have that last paragraph where you say the NCVHS is going to work with these other people, maybe there is a chapter before these recommendations that talks about the contribution that needs to be occurring from all of these other players, and all these things need to be happening.
But as I said, I was just looking at this and I began to sort of diffuse out the important Federal recommendations because there are all these sort of litany of state and local, community organizations, academic and research organizations. Once again, I would leave it to the workgroup to, I may be wordsmithing too much, but it just seemed to me that there maybe needed to be some thought into some real revision there.
DR. SHORTLIFFE: Maybe this is actually a committee issue because it goes to the heart of the nature of the committee it seems to me. Are we in fact simply positioned to make recommendations to the department, in which case all the rest of these kinds of recommendations, these other entities, may be by the by, or is there a kind of visibility to the recommendations that provides a kind of credibility that can influence the decision making of other entities around the country who will look at this kind of a report.
We go to great efforts to put these meetings on the Internet and to make sure all the documents produced are available broadly in the community, and it would seem to me that we should not underestimate the potential for this to have an impact on people, other decision makers besides HHS. I think this is very much in keeping with the kind of, you know, recommendations that come out in the typical National Academy report too, which tries to be very clear about for this entity or this group of people here is what we would recommend for these folks, here's what we recommend, and it is not just the agency that funded those reports that gets recommendations.
Often recommendations are made by NAS study groups that go to other groups, that they hope, and then often make a special effort to be sure, will in fact read the report, in addition to the agency itself. I think there is a conscience raising intended here that goes will beyond HHS, and although I 'll be very disappointed if HHS ignored it and everybody else embraced it, I certainly think we should not fail to recognize the potential impact broadly and keep it in.
DR. COHN: Other comments?
MS. GREENBERG: I really would have to second that because in a fairly long history here with the committee and being familiar with its, thanks to Susan's good work, its entire history, I think it has really been a voice for health information issues nationally and in some cases internationally, and as I think Jim suggested, sometimes the recommendations have been embraced more by those outside the department than those within the department and quoted more, and it is interesting they have a life that often definitely is longer outside the department sometimes than internally.
So, I think by, you know, putting the Federal government first, it is clear that's where the responsibility is, and I guess the only group that is absolutely required to at least acknowledge the recommendations is the department, but I think the committee does have a real role well beyond that, and people expect that from us.
MR. SCANLON: I second that. I think the committee has a history of making recommendations for the field generally. I thought the second point of Simon's comment though was that the depth and richness of the recommendations do tend to taper off the minute you leave the Federal government, and in my interest particularly I find very little that the market, I find very little about understanding the market itself for these kinds of services and ways that the market itself could play a role or that influence in terms of moving forward. But that is my own method.
MR. STEINDEL: Steve Steindel on the working group. I would like to make a comment that we actually did solicit information from the various other people at the hearing, and the testimony from the hearing tapered off in the same way (laughter). So we tried to elicit this information and it was difficult there.
DR. DEERING: If I could, a couple of points there. And we have circulated these outside, including to industry, and the only thing we got from industry was sort of one extra bullet to put under the IT area. We haven 't perhaps circulated them as widely among the provider organizations as we might have, but I think I would characterize the situation in a couple of ways.
The first is as everyone has said, HHS leadership was the heart of the testimony that we heard, and it was felt that you needed to spell out the various ways in which, and opportunities for, that leadership to be exercised. On the other hand there was a little bit of concern about getting into too prescriptive detail for everybody else.
Another argument for keeping those sections in, however, as relatively weak as they may have been, is that I think the workgroup would say that the HHS role is meaningless without all those others, and to keep them there all on the same plate is absolutely vital because much of what the words are all about under the Federal recommendations is how you work with everybody else.
DR. LUMPKIN: Simon?
DR. COHN: Yes, John.
DR. LUMPKIN: My thought on that is that perhaps we can address this by putting an introductory paragraph between the Federal recommendations and the rest, and say roughly what Mary Jo just said, and use that as a transition.
DR. COHN: Yes, and maybe there's even a title there that begins to indicate the other stakeholders or whatever.
DR. LUMPKIN: Right.
DR. COHN: Okay, I think that actually might be sufficient and that might meet my needs. I thought the Federal recommendations were overall very good and very specific. So thank you. Other comments regarding the report? Okay. Well let me ask me a couple of questions. We are obviously talking about some fairly significant wordsmithing, plus this issue of privacy somehow needing to be discussed and reflected on by the workgroup. I guess one concern I have, I mean this could certainly come up tomorrow as an action item. I just want to survey the committee to make sure that we have a quorum tomorrow for any votes, and I know that there's some people that sounded to me like might be not present for a vote. I know of at least one, but I don't know of others that might not be here.
PARTICIPANT: How early tomorrow?
PARTICIPANT: What time will the vote be?
DR. COHN: It would be 11 o'clock, and so I guess I'm sort of looking at everybody. It shouldn't make us feel very good if we come to some conclusion and want to bring it up for a vote but can't vote on it because we don 't have a quorum.
DR. SHORTLIFFE: Let me suggest that in order to be a little more sure of having a quorum, you don't wait until 11 o'clock, because some people may have to leave a little early, but will be here in the morning.
MS. GREENBERG: The outstanding policy issue is whether privacy should be included in this overall office. The other things I think can be, some of Clem's suggestions, all of which, all of the suggestions I think were excellent, they can all be incorporated I think without affecting policy.
DR. LUMPKIN: And Marjorie, actually the privacy is not that substantial because what I would see us doing is saying that there should be a privacy focus within HHS as a separate recommendation from the central focus, and then that would give HHS leeway to either include it in the office or have it someplace else.
MS. GREENBERG: We have privacy focus with close, if it is not the same, there should be close interactions between the two. I mean that is what I 'm wondering, if we can actually bring this to a vote now.
DR. COHN: Well that's what I'm asking everybody.
MR. BLAIR: Because it sounds like we really have, for the most part, some wordsmithing and minor revisions, and if there is enough confidence in our drafters here, we might wind up indicating that we approve the document with trusting the core group to make the revisions.
DR. LUMPKIN: If I can make a suggestion, that if we are looking for a procedure, that we approve the document, that the revisions would be made, that it would be sent out for committee members to look at one more time, that comments would be made back, and that the Executive Committee would determine whether or not the comments were significant enough to require a second vote through some other mechanism.
PARTICIPANT: So moved.
DR. COHN: Second?
PARTICIPANT: Second.
DR. COHN: Okay.
DR. MC DONALD: Will we have a chance to actually submit some change suggestions today?
DR. LUMPKIN: Absolutely.
DR. COHN: Today and probably for the next 10 days I would imagine. So John, just to make sure I understand your process. We can accept it today, there will be further modifications made, a new document will be sent out probably within the next week or so to the full committee, they will be given about 10 days to review it, comments will come back, the Executive Committee will have a conference call, and finally accept or revise as necessary.
DR. LUMPKIN: Right.
MR. BLAIR: We still have on our agenda from 5 to 6 the NHII.
DR. COHN: Yes. Assuming the desire of the workgroup to do that, and assuming that the Chair of the workgroup is able to be in attendance.
DR. LUMPKIN: I will be there, I will be able to do most of it beginning about probably the first 45 minutes.
DR. COHN: Okay, I think that will work. John.
DR. DANAHER: Simon, may I exercise my prerogative as the newest member to ask a few dumb questions?
DR. COHN: Please.
DR. DANAHER: Is this something that we have been asked to produce, NHII, or is it something that we are putting forth as our vision? I guess, let me jump right to my concern. My concern is that like so many things, if there is not, if we haven't done enough work in building a coalition of support amongst the private sector and industry and other government, kind of the constituents that are listed here, that there just won't be, you know, there won't be an impetus for action, and I just think of how hard this is to do in our relative organizations, be it Kaiser, be it Harvard Pilgrim, or whatever.
What is going to keep this from being one of many kind of nice strategic documents that just sits on the shelf somewhere? So I guess what I am just wondering, I'm wondering about the process of submitting this and finalizing this and whether there is a preliminary step of working to get some more support before this is finalized and submitted, and pardon my ignorance.
DR. COHN: Well sure, and you obviously have not been briefed on this. John, I know you would like to respond to this.
DR. LUMPKIN: Thanks. And John, welcome aboard and I 'm sorry I 'm not there for your first meeting, but this is something that the committee has been working on for approximately three years. We began with a series of hearings, well actually we began with a preliminary report, first with a letter, than a preliminary report. We got some feedback from the department that this was something that they thought was an important activity of the committee.
We conducted hearings in Chicago, San Francisco, Boston, and Raleigh-Durham. We also have sent out the recommendations to a fairly tight list of people for comments, as well as the full committee. I have been asked by numerous organizations and a number of the standards development organizations to do presentations based upon our draft report. So we have had a significant amount of public comment, public input, feedback on earlier drafts and directions, and I think that this report is ready to, and people are looking to us, to get this out, to get it out soon, to sort of crystalize a direction that they are supportive of moving in.
DR. DANAHER: John, I appreciate that. Thank you for the background. I guess I am just kind of befuddled about the comments earlier about when it was put out for public comment, that there was really, you know, that an industry really had only added a bullet point here, a bullet point there. Is it because they are so supportive of it and so in line with it, or is it something that they are just not coalescing behind?
DR. LUMPKIN: Well we had some difficulty in our hearings because the first hearing that we had in Chicago we really expected that what the hearing would be, it would be for the industry to push back on what we were presenting as a vision, and they didn't do it. We spent a significant portion of that hearing listening to all the partners coming in and saying this is really nice, this is wonderful.
And so we had to restructure the subsequent hearings to say don 't tell us that, we think it is validated, where are the weaknesses, what kinds of specific recommendations should be made. And the one that came through the clearest was their need for the Federal leadership. And we said who should be the leader, we didn 't ask if there should be Federal leadership, we said there clearly needs to be leadership, who should it be, and uniformly, and I can't think of anyone who didn't agree with that, they said the leadership needs to be Federal.
So I think that there was, it is not that people weren 't focusing on that, but I think that there was such a strong feeling of need that many other organizations said, you know, we are willing to follow that lead, we are willing to play, but we need to see the leadership from the Fed.
DR. DANAHER: Thanks, John, thank you very much.
DR. COHN: Thanks. Dr. Sondik, did you have a comment you wanted to make also?
DR. SONDIK: Yes if I could. Ed Sondik from the National Center for Health Statistics. First of all it is very exciting to see this thing sort of reach this penultimate stage. I have a couple of comments though. One is, and it is sort of prompted by a couple of the comments around the table about getting industry involved, and also something along the more general line of sort of major motivating factors to do this.
I think the sidebars are effective in part, but they kind of lack a kind of a bottom line notion, that for example, if we had this infrastructure, I feel not counting the cost of the infrastructure, I think, I 'm totally convinced we would save an enormous amount of money on healthcare in the U.S., or if we don 't save the money, we would know much more precisely how the healthcare system is operating, which is extremely important.
In fact, other countries are now really getting interested in this notion of how the health systems are performing. A huge challenge just to come up with something like that for a country, a developed country. But there is going to be a great emphasis on it, and I'm convinced that this is critical to that, to be able to assess that.
But cost, unless I missed it, the cost of healthcare is not in here, and it means, you know, driving down the cost or maintaining the cost or optimizing care will be a benefit that comes from this. So I think that is one suggestion that I would make or put on the table as to whether or not that has a role in this, and if it does, you know, I think it should have a place in it. You are looking at me puzzled, Simon.
DR. COHN: No, no. I actually was just sort of thinking of a presentation I gave on HIPAA the other day, where I talked at the end as we moved into clinical data and began to transition in the NHII, and I talked about patient safety, you know, improved patient care, and then about improving the efficiency and effectiveness of the healthcare system into the 21st Century, with the idea that we might be able to do a better job of both caring for the population and potentially even beginning to address the issues of the uninsured, along the line of what you are describing.
DR. SONDIK: Absolutely, and healthcare quality relates to this as well, and that notion doesn't come across strongly in this as well. It seems to me that is another driving force in the country right now, and it will be, concerns about quality despite the fact of the health status of Americans, which is in general quite high, but of course we've got distributional problems. This will help with that as well, and I don't think again, see it comes across as the personal use of information, very strongly, but there are other uses of this information, system guidance, evaluation types, the use of the information, which I think do not come across strongly. And again I think this is more wordsmithing than anything else.
The second point is one of the key things I think in the Federal recommendations is fleshing out the plan. Now that appears in here in two places as I see it. One is in the Executive Summary and the other is in the recommendations. But there isn't anything there, and maybe it doesn't have to be, that is more specific about who is going to do this and how it is going to take place and on what schedule. Now maybe I 'm being compulsive here in thinking about that, but the way this is structured is we 've got the Federal, we create this new office, which is really a major, I hate the term, bully pulpit if you will, but it is not going to have control over.
It is the same kind of thing we are hearing now of course with the homeland, the fence or whatever type of office. It doesn 't have, this office would not have control. Now this is, you know, you could debate this in a variety of different ways as to which is the best sort of organization. Do you somehow take the health information infrastructure in the Federal government and somehow completely reorganize it, or do you start with this.
Well I think this is prudent to start with this, but that plan I think is critical, because I think it will really flesh out what is meant by this and the steps to do it and the role of the market, the role of the market forces and other forces in this. And I don't think that is here. Now maybe it doesn't need to be, but it is a thought.
And the third point was, talk about wordsmithing, I wonder if, let me just suggest a slightly different title. Rather than strategies, strategy. When it says strategies, it says it is implicit to me, sort of what is in the title of course. Well actually I think a lot is in a title because I think that 's what kind of people carry away. It seems implicit to me when it says strategies, that there are two columns. We can choose from column A and we can choose from column B, and I don 't see it as that.
I see this as an integrated, in the sense that it is dealing with state, local and so forth, an integrated strategy. It is sort of the same thing as saying the vision more fleshed out is what this is. So a strategy personally appeals to me more than strategies.
DR. COHN: So is it a strategy or the strategy?
DR. SONDIK: Well I thought a, I mean because the might be presumptuous (laughter). Anyway, those are some thoughts.
DR. COHN: Thank you. John, what do you think?
DR. LUMPKIN: Sure (laughter). The equivalent of a couple of letters.
DR. COHN: Well no, I mean I think he did a whole bunch of other comments too.
DR. LUMPKIN: No, I think that the first one on the savings, and this is one of the issues that we struggled with. Clearly when I 've been going out and talking to groups about the NHII, we emphasize the important role as the vehicle to yield not only better quality, higher efficiency, and more effective healthcare. And maybe the way to do that, because the difficulty in writing this report is now once you have done that, how do you reference that, and it may be to use a, you know, as we have used the boxes, to maybe quote somebody, saying exactly that.
And we can figure out how to do that. That becomes then an editorial issue rather than a substantive issue of what the recommendations are. I 've already got a note down from early comment about having something in there about the role of the market. I think we need to have some paragraph in our discussion as we try to wordsmith that.
As to the details issue, I just don 't believe that give our role as an advisory committee, and more importantly a resources advisory committee, that we can get down to more significant level of detail of the plan, and I think that's probably our limitations. And I think I agree with you that maybe it doesn't really need to be here, because that is what we are looking to HHS to really pick this up and start applying the resources that are needed in order to accelerate the process of putting into place this health information infrastructure.
DR. COHN: Ted and then John.
DR. SHORTLIFFE: Well this growing consensus about the Federal role here has been fascinating to follow. As you know, I 've been quite interested in and involved with these discussions for a few years, and the first report that came out that made a lot of recommendations cited in here is probably in this precise area, is probably that NRC report on networking health. And there was tremendous reluctance to be too prescriptive about how HHS or the Federal government in fact should deal with this issue of leadership in this area.
So if you go back to that, the published version of that report is extremely permissive. It just basically says we need Federal leadership. And that was the most that that committee and the Academy felt it could really say. If you then go to the PETAC report, which came out last year, also cited in here, its recommendations were much more specific. There needs to be some kind of an office, probably in the Secretary's office. But it too, what I find interesting is that this report and these recommendations, in spite of Ed's comments about the details being left out, is much more prescriptive. It is that next step and still trying however to leave the final decision and the final design to the department and to those in the department who know it best and how it would work.
But I see this as a very natural progression of those three reports, all of which have come to very much the same conclusion. And in response, John 's response to John Danaher 's question I think made that clear. It is pretty uniform out there in the world at large that the reason we are not adding lots of other bullets and recommendations in other areas and getting industry to suggest lots of other solutions, is that everybody keeps focusing the problem back and needing to be some kind of much more effective Federal leadership in the area.
So I think we could nitpick about how much more detailed we want to be, but I actually think this has gone quite a bit farther than other reports and we should view that in a positive light.
But the first comment that Ed made, I wanted to respond to now, and now I am blocking on what it was. Yes, cost and quality. A lot has also been written on that subject, and the problem is that nothing that 's been written can support it with data. So we have to decide, I mean the studies that allow us to prove this are incredibly hard to do. It is intuitive, and we all have our sense that this would be a great savings in cost and that the ability to enhance quality would be tremendous as well, and we can draw scenarios to try to show some of the ways in which that would occur.
But I do think we would have trouble fleshing it out in detail that would be convincing to people who are actually looking for the cost effectiveness analyses or the quality assessment, the cost benefit analysis and what had been done. Now that doesn't mean we couldn't cite some of those analyses as John was just mentioning, and maybe we should be a little more scrupulous in doing that, but I don't think we can make strong claims about either cost or quality based upon data. It is intuition, it is our sense, it is our firm belief, and I don't have a doubt for a moment that it is true. I just don't think we can prove it right now.
DR. COHN: Well and I think Ed was describing a sidebar, I think, to do some of this. Maybe I misunderstand. I'll let you think about that.
DR. SONDIK: In part, but it is striking to me that the, if you stand back from this and say well why should we do it, the answer seems that, in the examples here, is that healthcare would improve, but we don 't try to, not that we can, and I completely agree with what Ted says, there 's no question about it. I don 't know of any studies in health that show this strongly anyway, but there are sure as hell parallels in lots of other fields, in which, you know, just the inventory, for example, work has enabled us to shop in ways that are incredibly different than they were years ago, to prepare to build devices in cars and so forth in a just in time basis and so forth.
All of that is based on having the information you need in the right place at the right time. In Peoria I think there was a sense of faith that that kind of thing would work, and have the cost savings that no doubt have been documented from all of that. What this doesn 't do though is give the notion that that might be in the offing.
And it is kind of like what are the, you know, somebody is going to look at this dispassionately and say for God sake, we have the best health status in the entire world, not quite, but it is quite good in any case. We are leading in research, we are doing all of this. Do we really need a major Federal investment in this. Well this doesn't provide that evidence, and I'm not sure we can. But if we could give an inkling, a little more than an inkling, that this is something that could come from this, and that at this point we've got something that is, the paragraph on the numbers I thought was really fascinating because, you know, it does say that this is kind of a jumble, and we really have no basis to know whether the number really is 40 percent or whatever it is, 25 percent, and it is going to jump to 80 percent.
We need help in that, and I think the Federal government, not because it knows all, but it can provide the kind of coordination and cosmic glue to this that could really move this forward.
DR. LUMPKIN: Simon?
DR. COHN: Yes sir.
DR. LUMPKIN: Let me ask this as a way to try to bring this to a head.
DR. COHN: Okay (laughter), to bring to closure, John, I think you don 't want to bring this to a head (laughter).
Dr. LUMPKIN: Sure. And that is that the question is would the committee be comfortable in the introduction section, which is kind of a somewhat of a break from the way we do it, but a statement along the lines that the committee believes that although, you know, the cost studies have not been completed and the evidence base does not exist, but the committee believes that the implementation of NHII will have a dramatic impact upon the effectiveness, the efficiency, and therefore the overall quality of the health care delivery system in this nation.
MR. BLAIR: Could I react to that?
DR. COHN: Jeff, go ahead.
MR. BLAIR: First of all I strongly agree with the suggestions that Ed has made, and I just had a thought to sharpen them a little bit because one of the things that we have had a tendency to do in our efforts to be comprehensive and accurate and complete, is to wind up looking at all of the costs and trying to measure them against only the benefits, and of course we don 't even have the data to do that.
But I think that the real key here, and I think intuitively we all know this in our committee here, but it could be that those that will make the decisions on this don't quite realize this, is that most of the costs are either for projects that are already underway, in terms of whether they are HIPAA or whether they are standards development or whether they are other activities being done within Centers for Disease Control, so most of the costs that are reflected in this report are either in place or are being committed to in the future.
What this report is saying is that a very small increment of cost to provide leadership, to provide focus, to provide integration, and provide coordination, those are not major cost items, those compared to the other costs that are already referenced in the document, those are rather minor costs. But it is like a lever. Once you have that in place, the focus, the integration, the coordination, you could get dramatic improvements in terms of the quality, the cost of healthcare, and all of the other items, the ability to provide national defense. So that would be my only addition to what Ed has suggested.
DR. COHN: Okay. John, I guess that thought I think is probably something that ought to be incorporated. It probably goes in the introduction to the recommendations, sort of an observation I would imagine, assuming you agree with it. Now John, you have been very patient for holding your comment. Go ahead.
DR. DANAHER: I feel bad for John Lumpkin, because I sense a tremendous amount of work has gone into this and now you 've got new people coming in and saying ah, well just add this. But I have to be one of the ones to violently agree with Ed, and I think that the overall likelihood of this document, oh I 'm sorry, the overall likelihood of this document being well received by the Secretary and OMB, et cetera, and the overall likelihood of it being acted upon, will be greatly enhanced if it is infused with some economic analysis. And so I guess I am a big believer in that for me it would make the transition from this being a very nice vision statement, boy the industry should really do this and we should really have, you know, an office that leads us, it makes the transition from it being a vision statement to an actionable strategy.
And so I guess, you know, and I do agree and acknowledge that the quality of the information out there, the economics, couldn 't be worse, et cetera, but I think it at least gives people first level analysis, economic analysis of what the benefits of doing this are, what the costs of doing this would be, who would bear the cost, et cetera, and it is just not creating another Federal agency or another Federal position to do this. So it is a long winded way of saying I am supportive of Ed's point.
DR. COHN: Let me sort of agree with you and let me try to wrap this up. Mark, you have a comment? Maybe I'll let you make a comment and I'll try to wrap it up with John's assistance here.
DR. ROTHSTEIN: I wanted to provide I think a privacy perspective to this, and that supports the document in its present sort of scope and tone. I appreciate the comments that have been made in terms of greater specificity and greater data on economic impact, et cetera, et cetera. That would make me uncomfortable without a parallel discussion of the privacy protections that we would envision in such a system.
I mean if we are now putting forth a system as our vision, that looks like it is very centralized, very sort of bottom line driven, et cetera, without the same degree of specificity on what we have in mind in terms of privacy, that would make me uncomfortable. I think what the report does very well, it makes the case for a new health information system really promoting the health of individuals, and by implication, of the population. But going from the population down to the individuals rather than in the order in which I read this to be emphasizing it, I think would raise some rather deep concerns among maybe not the same group of people that would share John Danaher 's concerns, but I think it would be problematic.
DR. DANAHER: I don't think it just needs to be cost effectiveness, I think maybe cost benefit. So I think having some of those other metrics in there would also be helpful, if by doing this medical errors fall, or if by doing this confidentiality and privacy, you know. So I'm in agreement with you. I don't think it should be a pure economically driven infusion, but also cost benefits.
DR. SHORTLIFFE: Simon, could I make a one sentence counter argument?
DR. COHN: Sure, one sentence counter and then I would like for us to wrap this up.
DR. SHORTLIFFE: We have been calling this the information superhighway for the last decade. That was because Al Gore 's father was the Senator who implemented the interstate highway system, and the analogy when Al Gore was promoting this when he was a Senator led to this notion of an information superhighway. The interstate highway system in this country was an incredibly expensive investment by the U.S.
DR. COHN: Comment?
DR. DEERING: I believe that I am hearing the possibility of in some way leading the reader to be able to explore the cost benefit issues without our making a definitive case, and there have been a couple of suggestions. One was just to pull quote. We are going to have the DOD speaking this afternoon from 2 to 3 on their E-health initiative, and they have done a lot of cost benefit. So if we really just want to pull quote, well we can say the DOD estimates for example that doing this will save X billion over X years, et cetera. So I think that is one solution.
I think that it would be very helpful nevertheless for a variety of purposes for the workgroup, and certainly for the staff, to get from the experts around the table the best references there are on cost benefit, whether they go into this report or not. We have a web site for this. I think it is the sort of thing that does continually come up, and I think it could not help but be valuable to at least collect those references from people who have them, and then we can determine, you know, how to use them.
DR. COHN: Okay, let me try to wrap this up, and as best I understand the discussion. What I think we have done is spend a lot, we 've talked about the recommendations, and I think what the one discussion about the personal health information privacy issue piece, are basically all in favor of the recommendations. I 'm not hearing a lot of discussion about that. What I am hearing about is a lot of discussion about the case that leads up to the recommendations, at least that 's what I 'm hearing, that 's what I believe is happening.
John, I guess what I'm going to suggest, and see what you think of this one, is that I think that we probably should put this up for a vote at this point, with the recognition that the subcommittee, actually that the workgroup will be modifying the case, and what we will be doing is seeing it, having a chance to further comment. The Executive Committee will review it. If it is generally along the lines that we have discussed, they will approve it. If it seems to make some radical departures from sort of our common understanding, we 'll probably have a conference call of the full committee to make sure that everybody is comfortable with it. Is that a reasonable sort of set of next steps?
DR. LUMPKIN: Well if the committee feels comfortable, what we can do is adopt the recommendations today, and then adopt a process for, as you described, for the final approval of the report that carries the recommendations.
DR. COHN: Is that, what is the wish of the committee in terms of this one?
DR. SHORTLIFFE: I think it would be more expeditious to do it that way.
DR. COHN: Would somebody like to move that?
PARTICIPANT: I think I did earlier.
DR. COHN: Okay thank you. Second?
PARTICIPANT: I second.
DR. COHN: Okay, any further discussion? Good (laughter). Dan?
DR. FRIEDMAN: I just want to be sure that I understand.
DR. COHN: Please.
DR. FRIEDMAN: What John is proposing. John, are you proposing that we vote on the recommendations now and vote on a later process for approving the rest of the report now? Okay, thank you. This is why I 'm seeking clarity.
DR. COHN: I think John, I think you were agreeing with what I described as the process that involved some Executive Committee judgment about whether the changes to the case were significant, that they needed to be really reviewed by the full committee.
DR. LUMPKIN: Right. Let me describe the process so everybody is clear, that after this the workgroup will look at that, we 'll get input for those who have already talked about making additions, we will send it out to the full committee, they will have 10 business days or something like that to turn around, to give comments. That will then be pulled into a final document which the Executive Committee will look at the comments from the individual members, look at the final document, and then give approval to release that final document.
MR. BLAIR: I think it would be helpful if the committee had an understanding of what our target deadline is. I can 't help but feel as if time is of the essence to be able to get this report up and acted on as soon as possible. What do you envision as the target?
DR. LUMPKIN: My guess is we should be able to work that process in three or four weeks at the outside.
DR. COHN: Okay. Marjorie.
DR. DEERING: Which should be fine, because I think if it were delivered to the department at the beginning of 2002, given the fact that, you know, we 're starting to get into the holiday period, et cetera, it would not be a bad thing. It is my understanding, just in response to what Dan said, and make sure this is what you are saying John, is that basically the committee would vote on the report, with the recognition that the recommendations will probably not change at all, unless there is a little wordsmithing, but that the context, the case, you know, the business case, et cetera, will be beefed up as discussed, so that they are really voting on the whole report, not in two chunks, but as a report.
I mean because I think if the recommendations were going to change in any significant way, we would probably have to, either certainly have a conference call or bring it back in February. But if it is more the packaging, then I think that is fine.
DR. LUMPKIN: That is correct.
DR. COHN: Kathy.
PARTICIPANT: Just one question. Given everyone 's feeling that there is an urgency to get it out, I haven't heard any discussion of the dissemination strategy for this report, and I'm sure you have talked about it, but it is not in the report and I'd actually like to hear how you are thinking of getting it out, not just the obvious, to the Secretary, but to the private sector.
DR. DEERING: Well actually, this is Mary Jo, as an agenda item on our meeting this afternoon, and I had made some notes about that, because no, we don't have a detailed dissemination plan, we thought it was a little bit premature, but we do have a variety of ideas. I think as Ted and John have both said, one of the most remarkable reactions has been among the professional organizations who are hearing about this and learning about it, and who are themselves, you know, requesting it as opposed to waiting to get it.
Secondly, I think we have, in terms of the hard copy, we do have a variety of mailing lists and intermediaries with whom we can work to get it out. In additional to the NCVHS posting on the web site, there is a separate NHII site that is maintained that has supporting materials, et cetera, that was also an agenda item for this afternoon, again depending on how much time we had to get to it.
And then the third thing was our office, I 've been approached by Dan Fox, who is now at the Milbank Memorial Fund, and as many of you know, they just published the article by Bill Lee and Joe Bufort, and they mention the NHII very, very frequently. They take a more heavily population oriented approach to the NHII, but one way or the other the words are there. And Daniel Fox very specifically wants to come and talk and we are talking on Monday, about what can the Milbank Memorial Fund do to help promote the NHII.
So one of my questions to the workgroup was going to be, so this is news to the workgroup and I guess it is to Marjorie and Jim, has there ever been a release event for any NCVHS report, and if a private organization came to you and said gee, we would really like to, you know, organize an event and have some people stand up and talk about this and do it at the National Press Club or something, is that off the table?
DR. COHN: I actually wanted to throw this to the workgroup. I think that this is something that we should, you know, if the workgroup wants to come back with recommendations for the full committee or just initiate, rather than continuing the conversation, considering that we haven 't voted on the recommendations or the document yet.
DR. DEERING: Sorry.
DR. COHN: No, that's fine. I think, Kathy asked the question, and I think you responded. I just don't want to open this up as another discussion at this point. But let's let the workgroup maul over this, come back with some recommendations, and if there are issues, we can discuss it at that point, if that is okay. Anything else on the actual motion that is before? Okay. With that I think all in favor raise your hand.
DR. LUMPKIN: My hand is up.
DR. COHN: Okay. All against? No hands raised. Any abstentions? Okay John, this has been passed.
DR. LUMPKIN: Wonderful. Thank you.
DR. COHN: We want to thank you for your help. Sorry that you can 't be here to join us.
DR. LUMPKIN: And Mary Jo, if you would just give me a call so we can work out the logistics for the workgroup.
DR. DEERING: Will do.
DR. COHN: Now it is 15 to 1. I'm going to suggest that, we were actually doing pretty well until we got into this, why don't we take 45 minutes for lunch. We'll come back at 1:30 p.m. We will at that point begin on the privacy recommendation discussion. Hopefully the representative from the Department of Defense will be understanding and recognize that we 'll take a little time on that.
(Lunch)
DR. COHN: Now what we are going to do over the next couple of minutes, everyone please be seated, what we are going to do over the next couple of minutes is to discuss and get some preliminary input on the letter coming forward from the Subcommittee on Privacy and Confidentiality, related to potential modifications to the privacy rule, and we will be getting early input from that. We'll be bringing it back likely tomorrow for a full committee vote.
Then after that we will be talking, have the DOD presentation. After that we will be taking probably a couple of minutes to do a couple of housekeeping chores. That includes, I think Marjorie wanted to address some issue or other. Actually, do you want to do that now:
MS. GREENBERG: Yes. I just wanted to, when you came back from lunch, you found Chairman Mao's (laughter). As you know, the report of this committee on classifying and reporting functional status identifies the international classification of functioning disability and health as the really only comprehensive classification system for functional status, and that classification was approved by the World Health Assembly in May, and it has now been published in all official WHO languages, English, French, Spanish, Russian, Arabic, and Chinese.
MR. BLAIR: And Brail.
MS. GREENBERG: Has it been published in Brail? It should be. Actually I suspect there will be a Brail version in the store. And we were, at the courtesy of the World Health Organization, we are providing you all with this short version. I had only two of the full versions available at this point. You want to hold yours up there? I have given one to the Acting Chair, the full version, and one to the Chair of the Subcommittee on Populations, and also in your capacity as Chair of the Subcommittee on Standards and Security.
Anyone else who would like the full version, just let me know. We have ordered some, but it will take awhile, you know, for it to get through the procurement process. But I would be happy to get a full version for anyone on the committee who would like one. So just give me your name. And I encourage you to have some bedtime reading here (laughter) with the ICF.
I also, the North American Collaborating Center, which I, for the Family of International Classifications, which is responsible for the ICD and ICF in North America, which I have the honor of being the head of, did just host the 2001 annual meeting of the Family of International Classifications, and if you would like, in light of the discussion you had earlier about international issues, I would be happy to report to you on that at the next meeting.
DR. COHN: Great, thank you, and we 'll take you up on that in February. Anyway, one of the other housekeeping items that we will deal with before we adjourn at around 3 for the day, will be to just check on the issues of quorum, and actually as I think about it, probably after our discussion on the privacy letter we should check people about their availability tomorrow, only because obviously the next steps are going to be significantly different if we don 't have a quorum here for a vote on that tomorrow.
With that, Mark, do you want to lead off on the discussion and review of the letter?
MR. ROTHSTEIN: Sure. On your agenda it is listed as an action item, but it is not an action item. We are not ready for a vote on this. In tab 5 of your binders is a draft letter to Secretary Thompson. The date on the draft is November 5th, and just a little background. At our hearings this summer we concentrated on four issues, and those four issues were consent, minimum necessary, research, and marketing. We have previously sent to the Secretary, and it is in tab 9, a letter dealing with the first two issues of consent and minimum necessary.
This is our draft letter on really the third issue, research, and a hint that there is more to come on marketing. But we were not able to get the marketing section in the kind of shape that we wanted even for consideration by the subcommittee, and in fact, one of the things we are going to talk about this afternoon at our subcommittee meeting is whether we need additional hearings on the issue of marketing, and possible to include the fund raising issue as well, which we didn't discuss at all at our hearings in August.
So the draft letter raises several issues that were of particular concern to the witnesses, either those who testified in person or those who submitted written comments, which we broke into six areas that you can see. And we have received detailed comments from Michael Fitzmaurice and we have not received comments from other members of the committee or staff, and we are going to be discussing the first draft letter this afternoon.
Simon, is that the level of specificity that you wanted (laughter).
DR. COHN: Well I think that is probably not bad. I actually thought that you might want to review the six issues that we were commenting on and ask if there is any comment or issues from the full committee that we should take into account in our considerations.
MR. ROTHSTEIN: Well I can easily summarize the issues, the six issues. The first issue was that some of the witnesses wanted us to basically bring research in along with treatment, payment, and healthcare operations, for which a general consent would suffice, instead of a specific authorization, and point one indicated the subcommittee's view that that would be a bad idea and we are rejecting that suggestion.
I'll go through them all quickly and then we can have comments. The second one was the concern about the asserted burden of the de-identification requirements in the rule, and the suggesting being that it is so specific and extensive in stating what has to be done to de-identify information that as a practical matter, people will not use de-identification, or be able to use de-identified information, and the result is they are going to be using identified information. That sort of runs counter to, arguably, the purpose of de-identification, and our recommendation is to ask OCR to reconsider the issue, and of course we did not take a position in setting out specifics of what ought to be done here at this point.
The third issue was recruiting research subjects. The concern was raised that before IRB approval, the rule allows researchers access to PHI to identify individuals who could be recruited for research protocols once they receive IRB approval, and that this two-step process was difficult because when you are doing multi-institutional studies, you know go to 10 different hospitals, find out what you would want, and get IRB approval, and then you would have to go back again, because the rule doesn't permit you to remove information off site from the institution or the covered entity. And we are recommending that OCR reconsider, clarify, and as necessary amend to at least spell out how that problem can be resolved or whether in fact it is a problem.
The fourth issue is post-marketing surveillance, which according to the privacy rule does not allow for use of information for that purpose unless it is legally mandated, and the FDA currently does not legally mandate the submission of that information and only strongly encourages it, and that leaves somewhat of a gap that needs to be closed somehow.
Some people raised the issue about section 528, and accounting for disclosures, keeping these records for the research uses of protected health information is allegedly burdensome.
And number six is that we supported OCR in their efforts for education, and as sort of a case in point, we noted in sort of a kind way, that some of the testimony contained assertion at variance with the rule. In other words, people testified based on misunderstandings of what they thought the rule provided, and therefore that sort of underscored the necessity and indeed the urgency for Kathleen Fyffe to get cracking (laughter) and make sure people know what is required.
So those are the six in the research setting. As to the marketing, we just talked about it in very general terms, alerting the Secretary to the committee's current feeling that we need to get more information and that additional comments regarding marketing are in the pipeline.
DR. COHN: Okay. Comments at this point from the full committee. I would remind the subcommittee members that you will have an opportunity for a couple of hours to chew over this today, so probably the desire is primarily to get input from people who are not part of that subcommittee. Clem, please.
DR. MC DONALD: I don't know, I think I'm not.
DR. COHN: I don't think you are on this.
DR. MC DONALD: But I might come and kibitz anyway. I think there remain some tough issues regarding research the way it is currently written and the ability to interpret it. For example, the consent instead of authorization, I understand why the decision was made and I don 't disagree with it, but the consent as it, the authorization has a poison pill in it. You must say two things that won't usually be true. And I think someone, you have to say this will cause you irrevokable loss of this and that.
I mean it has two sentences that are required in authorizations which are really clues to tell you don't ever sign this thing. And I think that is a problem. I can't remember what the phrases are, but it more or less says, I mean no matter how the investigator says what they do, you've got to have these two sentences in it, to me are poison pills. And I think we should look at those sentences and see whether they really have to be included.
The second tangle really relates to consent for what, and they are recruiting research subjects. They are kind of tightly entwined. We 've had people on our campus say you can't actually ever call research subjects based on any data you have in the medical record, because then you would know the data and you couldn't know it until they approved. So it is this Catch-22. I think the IRBs generally can overrule that, but it is still sticky and messy and it would be nice, and since we also have to have privacy policies, well it would work a lot better within our privacy policy, as we had in the past, we 'd say to our university in the consents, we'd say, it is analogous, that we may use your records to engage you or ask you, invite you into research studies.
And I don't know how we are going to get past this circular thing that you can't ask them without knowing, but you can't know. So that's really a quagmire I think for recruiting patients in an environment where we always have as part of the announcement that we are a university and we do studies. So I would hope we could find a way either to clarify things enough, if it really lets us do that, and not have it be a continued cause of arguments before you can do it.
I think those are the two major things. If we could, the privacy policy could say to the university, we are going to try to recruit you and we 'll use your data to recruit you, but you'll have to get permission, or something to that effect, and that wouldn't require an authorization, life would be more reasonable.
DR. COHN: Mike, did you want to comment.
DR. FITZMAURICE: Maybe a clarification or a question, and that is as I understand the privacy rule, I think the privacy rule has in it the ability to go into the records and look for people who fit a protocol, and you can identify them, you can look to see if they fit your research project, but you can't take those records off the premises. So the researcher might take notes, might write down the names and phone numbers, and just walk away with the number of people in his or her head, leave them at the institution, and then when you accumulate enough you have a good protocol, then you go to the IRB, the IRB let's assume approves it, then you can come back and pick up your notes and contact the people with the IRB approval.
So I think that part of it might be handled, although it is not as easy as being able to copy the records and take them back to your office and put them in a framework that you want before you go to the IRB.
DR. MC DONALD: Well that is another layer of it, and the bigger problem is some of the people think we can't even look at the record. Does it really say, I didn't read that in the thing to make it clear that we could do that even.
DR. COHN: Yes, actually Mike is correct if you review the rule. I think this begins to reflect some on the education issue (laughter), that the rule by definition is - Dr. McDonald's education, but really the idea that the rule is complex, the rule is long, and it is easily misinterpreted or misunderstood.
DR. MC DONALD: Well I have a specific educational request, because I actually read those 1,500 pages over two weekends, and yet, and then a 15 page set of suggestions about it. The problem is you can 't figure out what qualifies what, and what would be marvelously helpful, if the 10 or 12 dimensions that qualify things we could have a table, I actually asked for that in one of these things, it would be a lot easier, if you can't tell what trumps what in the rules, well you know, well you are this and you are not a that, but you really still are that if you are that, and it wouldn't, those who really knew it I think could write a table that would define what trumps what.
MR. ROTHSTEIN: Those who know aren 't saying (laughter).
DR. MC DONALD: Well the de-identifying thing, we 've had arguments from a funding agency that we can't de-identify stuff but we have to look at it to make sure that it is de-identified. That is nobody can look at it because they are not, you know, how can you de-identify or verify that your de-identification works, and then Bill Braithwaite says oh yes, within the organization you can make sure it is okay. That is not clear in the regs I don't think.
DR. MAYS: Well I stand guilty, I haven 't read all those pages. I kind of know this experience from another side, which is I sat on the IRB and I was even a vice-Chair of the IRB for awhile, so I was kind of on the other side where you see what comes in. And I guess what I am confused about, and you know again it may be there was something I should have read, but there is the issue of what the IRB determines versus what, you know, is kind of in these regs, because some IRBs can say that in their campus what they want is that you will go to them before you go into the record, because they are going to specify specific things you can do, they are going to specify the conditions under which you can do like the record searching.
And then you do it and then you come back, and at that point what they specify are things like what the script is going to be when you call the person. So you know, I don't know if you can have this carte blanc because I do think that the, what is the Federal, the Office for Protection of Risk to Subjects, or whatever, the Fed office.
PARTICIPANT: Office of - Research.
DR. MAYS: Okay, alright. Because that is what our campus is called, so the one you said is what the Feds are called. Actually I think one kind of supersedes the other to some extent.
MR. ROTH: Well I think what the privacy rule does is sort of set a floor in terms of the protections, and your campus IRB could well establish protections in addition to that, and so even though the rule says that preapproval, researchers can have access to a PHI, your particular IRB might say no, you would need IRB approval before you even do that.
DR. FITZMAURICE: But the covered entity can allow you to get access to those records and go through them without IRB approval. They can also refuse you as well. But you do not need IRB approval for the covered entity to grant you permission to go through the records to prepare your protocol.
DR. MC DONALD: But under what authority, because if it not, Mike show me the paragraph that says you can look at that to develop your protocol. It doesn't explicitly say that you can look at the list to get lists of people you might later contact.
DR. FITZMAURICE: You would have to leave that list at the institution. You cannot take it away from that office. What it says is no protected health information is to be removed from the covered entity by the researcher in the course of the research. But it doesn 't mean you can 't develop materials and leave them there.
PARTICIPANT: I think in fact we were looking to the protocol that would be developed in conjunction with the IRB to address the manner and the parameters of recruitment policies, and if in fact the IRB felt that access without the individual's knowledge or consent was necessary for recruitment purposes, meaning that the researcher would be able to do the initial contact, that that is something that would be part of the protocol and would be subject to a partial IRB waiver authorization.
DR. MC DONALD: It is subject to confusion that people - and we get into this stuff about how many angels on the head of a needle, and it would be very nice if some clarity was put into the regulations that would be, recognize the realities of this enterprise of research, and our university institutions have traditionally had in your consent saying we do research, students will examine you, I mean those kind of things, and we would look at your data, but not do anything to you or invite you into studies. And that is going to, may be very difficult to continue, because you can 't go around, marching around the building asking would you like to be in our study, and expect to get any kind of recruitment, when you could previously get directly to them in some fashion which was dignified and appropriate.
DR. COHN: Mike, is this on this point?
DR. FITZMAURICE: You know, after listening to Clem and hearing Sue's advice, it becomes clear that additional guidance is needed on this point, and so the recommendation for education really holds up, particularly with an emphasis on research.
DR. COHN: Vickie, anything else before I go on?
DR. MAYS: Well I just think that the issue of where the IRB comes into play is that there is what is known as community standards, so what may occur at my institution might be different than what occurs at another institution. And so I think while we can put the information in there around education, the institution still, or the entity still has community standards that will be established by its local IRB that we 'll have to work with. So I don 't think, if what we are going to push for is that it is uniform, I don't think you can do it, unless there is some cooperation between the Office for Risk to Subjects and you know, this particular policy. But you have community standards so I don't know how you would do it.
DR. FITZMAURICE: I agree that there are cases where it is burdensome for research and it could be easily taken care of if the privacy rule were interpreted one way rather than another way, and it is that kind of guidance that I think is needed in this case.
MR. ROTHSTEIN: But I think your concern is one that was shared by the subcommittee, and that is why the recommendation is written as it is, and ultimately what we would like to see is if it in fact is the position of OCR that the IRB has such and such discretion, well then that should be set out in a guidance, which is the IRB can do this and that, but as to other things, you know, the rule applies.
DR. SHORTLIFFE: I just needed a clarification about number one here. I didn't hear what the witnesses actually were proposing and therefore I 'm not exactly clear from this what you are saying shouldn't be done. The blanket authorization notion, was the proposal that they sign once on admission to a hospital or to a clinic to give permission for four rather than three purposes?
MR. ROTHSTEIN: Yes. DPOR.
DR. SHORTLIFFE: I see, and what if they gave two signatures, one for the first three and one for the fourth?
MR. ROTHSTEIN: Well the whole idea of a consent is that it is a general consent and it covers this broad category. But when we have authorization for research, it is a specific authorization for a particular study, et cetera, et cetera, and that is why we felt that this general front door consent was inconsistent with the kind of informed consent that IRBs and researchers traditionally view as appropriate for research.
DR. SHORTLIFFE: I don't want to reopen a bunch of old discussions, but since I wasn't privy to them and I 'm educating myself, I hope you don 't mind a quick question or two. How does one define a single study then. I'm thinking, what I keep coming back to when I look at this, is something like the Framingham study, because to me this was a huge important multi-year data collection and many of the questions that were asked of that data base were never contemplated when the people agreed to be in the data base and to participate in the study.
In other words, you don't always know when you collect patient data, what the research questions are going to be, for what you are going to want to use those data at some time in the future. And what concerns me about requiring specific permission or design statements about exactly how someone 's data are going to be used is precisely that it rules out these kinds of retrospective analyses when a question becomes important and you have a resource like this, but the patient is no longer accessible or the logistical issues of trying to gather permissions for access to those data are simply overwhelming, yet the data are sitting right there.
Can you only ask the questions of those data sets that they gave permission to use at the beginning to ask, or can you in fact ask the kind of permission up front that basically says I participate in this study and any and all questions that may be appropriate that will result from the collection of these data, you have my permission to use my data for. To me that is kind of a blanket permission for an identified individual or a group of individuals who have asked you to be in a study, and this is one I keep being asked about all the time, and I personally have not felt that there was clarity in the way that I understood the privacy regulations right now about this kind of study.
I would hate to think that the Framingham study would no longer be an acceptable kind of research under the guidelines that we are proposing for privacy.
MR. ROTHSTEIN: The issue you raised goes beyond the scope even of the privacy rule, and it is one that has garnered a great deal of debate in sort of the bioethics community and literature. The National Bioethics Advisory Commission and a variety of other groups have looked to this issue. And basically the way the, the consensus is now is that we are sort of dividing the research world into retrospective and prospective, and consent that we obtained in the past that perhaps would not necessarily meet the standards of today, we are saying for the, for researchers they can still basically use that existing data.
But in terms of the future, when you are recruiting people into studies you can no longer use that kind of general consent and that -
DR. SHORTLIFFE: So we couldn't never do another Framingham study under these rules, is that what you are saying?
MR. ROTHSTEIN: No, there are lots of general studies that are being done, but what you need to do is spell out -
DR. SHORTLIFFE: Okay, I need to be educated. I don 't understand how you write the study permission that meets these criteria if you want to make sure you can ask any question that might arise as being a good one in the future.
MR. ROTHSTEIN: Dan, do you want to answer.
DR. SHORTLIFFE: Dan may have the answer.
DR. FRIEDMAN: No, no, no. I apologize for exhorting (laughter). I think it is a question of being explicit in the consent or authorization, and the explicitness can, the nature of explicitness, being explicit, my understanding, can be for this particular purpose and other purposes consistent with whatever, for example the general mission, or it can be for this particular purpose only. But again my understanding of Mark is that it is a question of being clear about that prospectively rather than retrospectively having the researcher make that determination by herself or himself.
DR. SHORTLIFFE: Excuse me for getting upset about this, but -
DR. COHN: Well maybe we should let John Fanning comment.
MR. FANNING: I think Mark, I'm John Fanning from ASPE, Mark indicated the difference between retrospective studies, where you looked at records, as distinguished from studies where you have the subject in front of you and you talk to him. I think what the committee heard that led to this discussion of consent instead of authorization, was a desire on the part of some people to be able to use existing records in a hospital without going through the research use and disclosure provisions set out in the regulation.
The regulation permits use and disclosure of information for research if an institutional review board or an alternative mechanism, when one is not available, a privacy board, has reviewed the project and stated that it meets certain conditions. Now that is analogous to what goes on now when the IRB waives the requirement for informed consent to permit a study of existing records.
What the people who appeared before the committee wanted was to say well research is so integral to the ordinary business of hospitals and so on, that it should be considered together with the fairly routine things for which a very perfunctory approval, called here a consent, is required, treatment, payments and healthcare operations. You come into the hospital. It is sort of assumed the records will be used by other care providers, it will be used for review of the care, it will be used for obtaining payment. The people who spoke hoped that research could be similarly categorized, so that the IRB process elsewhere would not need to be invoked to use those records.
Now the other method of course is always to get a person 's approval for a specific study in a detailed statement called an authorization. But that is not really what the discussion was about. The discussion was about records-based research and the proposal here was to make it easier by considering it part of the routine business. Now may I note that even if this were changed that way, it may well be that that would, the rather brief agreement that you made when you agreed to treatment, payment, and healthcare operations, wouldn 't meet the standards of the common rule. So if you were subject to that, you would still have to go to an IRB to use the records.
DR. SHORTLIFFE: That's very helpful. At least it helps me understand what that discussion was, and then this other discussion helped me understand how a Framingham study might still, you know, a new Framingham study might occur in the future. I guess the real bottom line is, and this reflects on what Mike said a minute ago, there is incredible confusion out there about this, and people, there are people in hospitals and sitting on IRBs who don 't even know what IRBs are allowed to do anymore, who are very nervous and concerned and they are being very conservative in how they are interpreting things for fear they go too far the other way.
And the need for education and absolute clarity about what in fact an IRB can approve is really obvious to me from the discussions that I 've been hearing out there, and so your sixth point, absolutely crucial.
DR. COHN: Maybe is the first point.
DR. SHORTLIFFE: Well that first point is confusing.
DR. COHN: Well no, but I mean maybe it should become number one.
DR. SHORTLIFFE: Maybe it should become number one, that really is an issue.
DR. MC DONALD: I would not state this simply as education. I think that things are intrinsically tangled and confusing, and I think all of the cases which are very important, these circumstances have not been exemplified. Now some of the other clarifications have made those divisions. So I think we need more than education. I think we need some further clarification from the official bodies that can rule on these things, to let us do those things that have been happening for the good of human kind for the last 30 years, and that has squished this thing like a fly.
DR. COHN: Vickie and then John.
DR. MAYS: This is just a quick comment. Technology 30 years ago is not what it is today and some of this issue of access to people 's records and data and kind of what it is that you can do with it today that you couldn 't do a long time ago is really where some of the conservativism is coming from at this point in time. So I think that that really has to be a recognition that we are going to have to do things a little bit differently in the sense of how you can genetically identify somebody that, you know, maybe you couldn 't do that before. So there was more protection.
DR. MC DONALD: For the last 10 years we sure could, and maybe the last 15. But I mean the issue really isn't this border. We are talking about no one is going to go do a study that is going to open up someone's gullet and look, I mean do something, you take a pill, without all the formality - and in fact we always get IRB for all our approvals, on any research we do. The challenge is that the IRBs now think they are not allowed to let us do anything because of the new rules. That is the challenge.
And if some statements were made that we still, and I think we should encourage that those institutions that are research institutions announce in the privacy policies, actually you have to do that anyway I think, or you can't do anything, that we will be inclined to be using you for research purposes and inviting you into studies. So if you don't like it, you should know that. Because that is what we have always done in research universities.
DR. COHN: Well Clem, I would invite you to sit in with the Subcommittee on Privacy and Confidentiality this afternoon if you would like, for further clarification. Now we actually do need to begin to wind this one down. John, hopefully the final question, and then let 's check about quorums for tomorrow.
DR. FRIEDMAN: I have a very quick one.
DR. COHN: Okay, you will be the final before we check for quorums. John.
DR. DANAHER: I just want to quickly, the one that kind of interests me a lot is the marketing one. Let me give you some scenarios so I can better understand whether it would work. If a health plan were to either look at claims or to look at PHI that they had gotten from providers, do a disease management intervention, you know, looking at the number of ER visits for asthma exacerbation or something like that, is that allowed?
PARTICIPANT: Well that really doesn 't come under the marketing rubric.
DR. DANAHER: The reason why I mention it is that you do mention it in the end here. It says, the line between disease management, and to me that is clearly disease management. Now the other things that health plans do is that they've got a big issue with retention. They lose a lot of members. So what they will do is they will look claims information, pharmacy information, to do targeted outreach for loyalty reasons, which is kind of a pure marketing function. It doesn't exist in disease management, UR, UF, but it is a pure hey here's you hit the life stage, you hit the life event. Based upon your information, here is a package of goodies from Johnson and Johnson, et cetera, you know, for your baby, or you are in the child bearing years. How is that helped, a pure marketing thing?
DR. COHN: Can I suggest that we defer this conversation to the subcommittee, only because we are explicitly saying that we don 't have enough information to make all of the difficult decisions around marketing, at least that is my understanding of the intent of those couple of paragraphs. And as I understand, you will be joining us for that conversation. I don 't feel like we are going to anything by not addressing it right now, and I do apologize.
PARTICIPANT: - at some point perhaps have Gregg - or somebody else come in from the Office of whatever it is, formerly known as OPRR.
MS. GREENBERG: We've been trying to have him on our agenda. We just haven't, I think we haven 't been able to find a time when this committee was meeting and when he was available.
PARTICIPANT: Can we schedule him for February?
DR. COHN: February would be very timely.
PARTICIPANT: Everybody is together at once.
MS. GREENBERG: We have been trying to get him here for sometime, we just, we didn't mate, you know.
DR. COHN: Okay, will a very good suggestion, and obviously just adding to our February agenda. Now the one thing before our speaker, the one thing I do need to check, since Robbie is going to working on this letter and trying to come back with a revised letter tomorrow, is really just a quorum check for tomorrow. Now my count is that there needs to be eight voting members present for a quorum to exist, and so I just wanted to check who would be around when tomorrow.
I think Ted Shortliffe has already suggested that we think about doing it early in the session.
PARTICIPANT: I'll be here until 11:30 a.m.
DR. COHN: You are here until 11:30 a.m., okay. I think there was one member, I guess the question is who is going to be here until 11:30 a.m. tomorrow, raise your hands. Six, seven, eight, nine. Okay, so we actually do have a quorum until 11:30 a.m., so fine. Thank you. I just wanted to make sure that we were actually going to be here. Okay, with that why don 't we move to our, oh, do you want to do that? Please go ahead.
MS. GREENBERG: A quick thing I wanted to do.
DR. COHN: And maybe we can ask our speaker to -
MS. GREENBERG: Can be setting up, okay. Although tomorrow might have been even more appropriate since I'm not going to be here tomorrow, I had something I wanted to present to Gail Horlick, who has been serving very ably as you all know as Chair on the Subcommittee on Privacy and Confidentiality. When we bring all of this to closure, Gail will no longer be able to serve as lead staff to that subcommittee, but she has agreed to at least in the coming year serve as CDC staff to the subcommittee, and we are appreciative to that.
But Gail, as I think you know, put a huge amount of effort into setting up the hearings, which were very successful, and now preparing these letters, which has involved multiple drafts, conference calls, a lot of comments, a lot of interest. And we have a way of recognizing people at NCVHS called On-the-Spot awards, and so we would like to give Gail, as our CDC colleague, an On-the-Spot award for all of her efforts, and I won 't read the whole citation, but it is for her outstanding contribution to the preparation and review of privacy recommendations by the National Committee on Vital and Health Statistics, and it ends by saying Gail Horlick's contribution to the work of the National Committee should be honored and commended. (Applause)
DR. DEERING: Captain Brian Kelly is the Project Director for the Department of Defense pilot project, currently is pilot phase, on E-health to set up a very comprehensive system to serve all of its beneficiaries, and we benefitted from a conversation with him about six months ago, and I thought it was particularly relevant on today, when we have just voted to accept by the way the NHII report. But we are looking to you for a couple of things, so thank you.
CAPT KELLY: I really do appreciate the opportunity.
DR. COHN: And Brian, I just warn you that the screen is right behind you, so you want to stand either to the right or left. I did want to warn you before you are halfway done with the presentation.
CAPT KELLY: I'll sit down, it will be a little easier. Again I thank Mary Jo and the committee for inviting me to speak. What I would like to do is share with you a little bit about where the Department of Defense is on our E-health initiative. We've been working on this for about a year now and I'll tell you where we are, and I think the reason Mary Jo asked me here is that what we are really trying to do is put in a DOD-wide infrastructure for the use of the Internet for all of our patients, our providers, and our beneficiaries. And I 'll give you a little bit of background on how this all came about and where we are right now, and I think we are making pretty good progress all in all.
The name of the portal I'll refer to a lot is TRICARE Online. The military health systems healthcare program now is called TRICARE because of the three services, and the portal is called TRICARE Online. What we have been trying to do, and the work really started last summer, our group first met on August 28th of 2000, so I'll tell you how fast we have come, particularly when you consider that we are part of the epitome of government bureaucracy and how we palm and manage and do things like that.
But the whole concept here, the fundamental principle, is that we wanted to develop a single common secure Internet portal for all of our beneficiaries. We take care of 8.4 million people, we are in all 50 states, we have about 600 treatment facilities, over 20,000 providers, we are in 80 countries. So we are the epitome of a large healthcare HMO. We consider ourselves, we are actually one of the five largest HMOs in the world if you think of us in that way, and we are the only one that goes to war (laughter). So we 've got a real challenging set of issues to deal with.
We have in our strategic plan for the military health system four key processes that we are trying to really work on. We are trying to improve access to care, we are trying to improve the quality of care we deliver. The third one is we are obviously trying to improve population health and what we call forced readiness protection, because it is not only keeping all of our dependents and their spouses and families well, but it is also things like anthrax and protecting our military forces. And then the fourth key point is we are trying to manage our business effectively.
The portal we find is really trying to address two major issues for us. Clearly access to care, it can be a great enabler, and there are a lot of efficiencies for access to care. And the also for wellness. If you look at the Institute of Medicine report, they identified the Internet as the single most important technology for the next five years to improve healthcare. So we are trying to leverage that, but you can 't leverage that without a secure platform to basically use the Internet.
And again, we really look at three target populations. Clearly first and foremost is our patients, our beneficiaries. The second is the providers, who are huge stakeholders in this initiative. And then the managers of our business. And they each have their own unique separate needs and we are developing sort of portal views for each one of the three groups.
Now a little background of where we were a year ago, and if you think of any other healthcare organizations out there, you will find they were probably pretty much in the same standpoint. When we started this last summer, the first thing we did was we looked across our enterprise and said who is doing what on the Internet, and we found good news and bad news. The good news was we found about 300 projects, mostly provider driven. And these were just good smart docs trying to do good stuff for their patients. And that clearly was the good news. There was a lot of innovation, a lot of really bright people doing good things.
But the bad news was that they were really all local championship initiatives. They were often based out of single clinics, sometimes at a single hospital, but more often they were the endocrinology clinic at this hospital doing this one application. And it was wonderful, but it was all champion driven, and none of these people had any idea of life cycle cost management. We actually did find three of the 300 initiatives that were actually addressing security and things like that, but that left 297 of the 300 that weren 't. So very common to what we I think would see if we did a population survey of what is going on the Internet in a lot of civilian institutions.
And, you know, we realized that all of these have to address the HIPAA issues, we are going to have to address section ADA, which is the American Disability Act, standards for accessing visually, web site access for visually impaired. And, you know, our beneficiary population is a particularly mobile population. On average an active duty person will move every three or four years. So they would get used to a certain, you know, function at one hospital.
But then they would move to the next, you know, they would go to their next duty assignment, and that wouldn't exist anymore, and it was very annoying to our beneficiaries to say gee, when they finally took the time to learn how to use this great tool, and then they transferred, the tool wasn't available to them because the other hospital didn 't support it. And we saw a lot of duplication of efforts, which we just can 't afford to do.
Now we have done over the last year a bunch of studies on how can we use the Internet effectively and what really are the bang for the buck type of things. And I think clearly if you look at studies by Garner and other groups that are doing E-health, the major benefits are on the qualitative side, to be able to have providers and patients to be able to access each other, to do secure email, to do disease reminders. That is clearly what the Institute of Medicine found, that the most important way of using the Internet was to remind people hey it is time for your annual cholesterol or your pap smear or your mammogram or whatever, and it is a very efficient way of doing that, provided you have addressed all of the security issues.
And I am also HIPAA program manager for DOD, so we hear all of the same discussions of all of these types of things with privacy that I heard you all just talking about. We also, when we look at how we spend money in DOD, we are no different than the rest of the United States. And we spend about 28 to 29 percent of our budget on administrative overhead, which is very similar to the national average. We spend about 280 billion of the trillion dollars a year in healthcare on administrative services.
Now of course they are value added in the sense that you 've got to do them and you've got to do them right or things don't work. But we sure would like to be able to take some of the money we spend to do claims, enrollments, eligibilities, all those things, and reduce that administrative overhead and pilot it into, you know, disease prevention and the delivery of care. We run about a 20 billion dollar a year business. That is what the military health systems budget is right now.
We think that if we can move' 50 percent of our current referral and authorizations, enrollments, eligibilities, appointing, and claims to an Internet self-service environment, which we think is doable in five years, we will save about half a billion dollars a year of that 20 billion dollars. It is probably one of the few places that we really do think that we can actually squeeze money out of the healthcare system. But again, this is all contingent and will never happen until we have a secure way of doing transactions on the Internet.
Clearly the 24 by seven access is a big benefit to our beneficiary population. I don't know what your healthcare plan is, but we have often very long waiting lines on people on hold waiting to make appointments, and it just infuriates the daylights out of them, and to be able to go in real time any time of day or night to make appointments is clearly a thing.
And then I talked a little bit about the population health initiatives. We have done a series of focus groups to our beneficiary populations, and we sort of stratify our beneficiaries into six main categories. Basically they are the active duty people, there are their family members, and we do stratify officers, enlisted, because they tend, although they are in essence still patients, the officers and their spouses are all college or graduate level educated. The enlisted folks, some of them, clearly the senior enlisted, a lot of them have Bachelors degrees and sometimes graduate degrees, but they tend to be a much more younger, more high school, early college type of population. We have our retirees and we have their spouses, and then we really look at our providers as another population.
We have actually gone and talked to them and we have done a series of focus groups on what do they want from the Internet and healthcare, and it is really very simple. They want access to care, they want how do I do stuff to get healthcare, how do I do it more efficiently, how do I make an appointment, how do I refill drugs, how do I get a new prescription from my doc, how do I get a question answered. When you really talk to them it is really simple. They want appointments and drugs. That is far and away what they want more than anything else on the Internet, and that, every one of our focus groups have told us that time and time again.
The other thing that we are so, we are trying to very much target this whole access to care, how do we improve care to do it. The other thing they told us is they want high quality health content information. Three out of four want it from their doc. Those that don't want it from their health plan, we the military health system, are both doc and health plan, so they really do want it from us.
And then the third thing they want is they want control of their health information. Now there is a split here. Some people clearly want a lot of this online so that they can access it in a secure way when they need it and share it with whoever they choose to. Some of them don't want their health information anywhere near the Internet, and we see both groups. And so we are taking an optimum strategy where if you want to request it and self-enter it, it is up to you, but we are not going to present anything without your going.
And then again we are trying to set a platform in place that we now can take advantage of those 300 great initiatives, we can streamline that into a common secure platform, and we can share those applications across our enterprise. That is sort of the other thing we are trying to do.
I know that with our talks with Mary Jo this is, I think we are hitting on a lot of common themes with what you are looking at with the national health information infrastructure.
We've also found that marketing is important. I mean I'm an ICU doc who has sort of evolved into IT over the last few years, so marketing is just a totally foreign, you know, animal to me. But what we have found is that the usage of a health portal will go up about ten fold if you actively market to your beneficiary population. And this doesn't mean you have to do, you know, Park Avenue type of marketing advertisements. You have to visually get the word out and for us you have to basically go through channels, which are things like for us Wives Clubs, Commanders Calls at our bases, putting out banners in front of the hospitals, you know, doing very cheap things, which is about all we can afford, such as when someone goes to pick up a medication refill at one of our hospital pharmacies, we basically put in a little, it looks like a prescription pad, that tells them all about the portal and what it does and how to access it. And then a lot of self-help and a lot of education.
The marketing theme that we have chosen is Take Command of Your Health Care. That is clearly what our beneficiaries told us they wanted to hear. They want control of their health care. This control issue is a major, major recurrent theme that we heard from them over, and over, and over again.
Now what the portal currently does, and I'll tell you a little bit about where we are with it right now, again we started this work about 13 months ago. We focused a lot on security and privacy, and I'll talk a little bit about how we have tried to address that. We try to personalize the benefit explanation so that it is specific to the person, where they are, what hospital they go to, what service they are in, what plan they are going to go to.
They wanted appointing, so we actually, if they are one of our enrolled into our HMO option, we allow them to make appointments through the primary care manager online. That is clearly the biggest application they like. That is clearly, you talk to our beneficiaries, that is what they like most about the portal.
We have contracted out with a commercial health content vendor to provide us with health content. We have 18 million pages worth of content that is commercially managed. There is just no way that we could manage that, so we basically did three market surveys of the top 70 U.S. health content vendors. We down selected to seven. We brought them all in and had our group of patients, docs, nurses, administrators, go through these seven. We chose the best four and then we did a competitive acquisition and we awarded the contract.
We use the Micro Medics drug catalog, which is targeted to 10th grade reading level. We have an online drug drug interaction checker, so they can check any medications they are on for drug interactions and food drug interactions. We use the Well Net Personal Health Journal as a way where they can self-enter medical information on to a journal that only they have access to, and what is nice about it is it basically medi-tags the data and it links it to health content, that is linked by ICD 9 code and for drugs by drug name.
And then we built a scalable platform that we can very quickly, robustly roll out. What is really nice about doing Internet-based platforms is that you can use a central server approach. So right now we've built our platform to support 10,000 concurrent users at one time. I don't think we will ever get to 10,000 concurrent users, but since you can do this and manage this at one site, and we have gone to a commercial hosting environment, which has raised some eyebrows within DOD, but we want to assure that our patients have the type of access that you would from Amazon.com or MSN.com or any of those.
We are going to be, in the next 12 months, adding various features. CHDS is our major legacy application where most of our health information is. It is where all of our laboratory, radiology, pharmacy, order entry, demographic information resides within our healthcare system. Our providers clearly want to be able to access this information remotely, not from just within the firewall. So we are in the process of making that process secure and will enable them to access it that way.
Our patients want web-based pharmacy refills and appointment reminder requests, and they want to be able to send their primary care doc a request that, you know, my Lipitor prescription ran out, could you please renew it, or gee you told me it is time for my annual cholesterol, so rather than doing phone tag with the doc, to do it asynchronously in email, and also integrate it with our legacy applications, so that when the doc responds, that workload is captured and the note is documented so that it actually makes their work process easier than the current way it is.
Our share survey is our health assessment tool that many HMO type organizations use. We do want to web-enable that. Now some of these things, such as a web-enabled here, requires us to have a very high level of patient authentication and I'll talk briefly about how we are going to do that. And then the whole issue of patient to provider secure email is clearly a big issue and one that we are going to go into very, very slowly.
Those are the things that we have funded for in the next 12 months. I have a list of over 40 applications that people want to pile on to the portal and we still haven't, we are just barely getting it out of alpha testing. So clearly we see the potential, but you know, you've got to walk before you can run.
As I said we first met as a group, I mean literally we first got together as a group on August 28th of last year. We went to four hospitals in June, and we basically just now completed our alpha test. We've got about 3,000 users on the system, about 800 docs, and about 2,400 patients. What we are getting ready to do is going out to, we are in the process of getting ready to go out to 85 more hospitals in the next four months, and then our plan is to hopefully world wide to our 600 hospitals by the end of the next calendar year.
The reason we think we can do this is that again with Internet-based platform, there is very little hardware to deploy. It is really a question of training, managing, marketing, which, don't get me wrong, those are big issues, but we have taken a lot of time to develop and take lessons learned from our alpha sites and say here's the cookbook for how you do it, and provide certain support. And I'll talk about some of the lessons we have learned and kind of some of the division of roles and responsibilities that we found have been very, very helpful.
We at sort of the central office, we are the ones that have, we design, we test, we implement, and we sustain the system. So we've got to do all the budgeting, we've got to make sure all the software fixes are done and the like, and we have to develop a package where we can train both our providers as they develop their pages, and market to the beneficiaries. And we work through our regional coordinating boards, which we call our lead agents.
Each of the lead agents, and again what we do is the military health system is designed so that we have 15 regions around the world, so each one of these has a lead agent. They basically coordinate with all of the facilities in their region, because we can't go out to 600 hospitals and touch them all. They are responsible for certain parts of the portal that are specific to the region, and I'm going to show you a screen shot for exactly how the portal is set up, and I think this will become more apparent. And then they assure the hospital, we call military treatment facility or MTF, satisfy these requirements before that actual hospital goes live.
Most of the heavy listing is always done by the hospitals and the providers at the hospitals. And the way we've set this up is that, you know, we go in and we market directly to the MTF commander and their senior leadership. And if they don't support this and don't actively make this work, it will never work. The providers and staff have to train, and each of the providers, all credentialed providers need to develop a home page that is available to their patients. It takes them about an hour to train and to learn how to develop this page, and then it takes them about an hour to do. Then about every two or three months they just have to go in for five minutes to make sure that the links are current. But it is a wonderful education tool for their beneficiaries and we'll show how that works.
We also need to do certain things to make the online appointing application work, but between the day we show up at a hospital and they go live, we are looking at about a 60-day time frame, and then they will be on. One of the things, as I said, we have to market this effectively, and we actually have teams at the hospitals which consist of someone appointed by the hospital commander as well as some patients and some providers that actually look at metrics of how many people are using the site, what are they doing on it, and make recommendations back to the MTF commander how we can get more people to do this.
We realize that for every appointment and every claim we move to an Internet-based environment, we save about $7.00 per transaction. And just to give you an idea of the magnitude, we did 45 million claims in the military health system last year. We did about 32 million appointments. We did over 30 million eligibility checks. And so you can look at the numbers and the numbers really do add up pretty quickly once we get this in place.
Again we really go in with a marketing plan. We actually go in with a tool kit to say here is how you market to your patients. We basically give them preformatted marketing material and marketing banners. We also have a central web site where they can download all sorts of graphics if they want to move it into their newspapers and things like that. And we also give them a suggested roll out plan of who you should send letters to. If you have a, you know, a wait line when people call in and they are put on hold, well we have actually messages that say hey, have you thought about making the appointments through the Internet, those type of things.
And again, we go in with a whole approach to how they need to configure their business processes to support our online enrollment process. And then we give them tools to monitor this.
The other thing that we found out as we moved through this is that you need to have call center support, and people, the number of reasons why an Internet site or making an appointment on an Internet site or trying to refill a medication on an Internet site won't work are immense. It could be anything from the patient doesn't understand how to navigate a browser to, you know, they think they are enrolled but they are not enrolled, or they think their primary care manager has moved away and they haven't been reassigned. So you need to have call center support and this has been a lesson we have learned and we have tried very hard to address this.
What we basically do when we go out to our sites, we have all sorts of implementation plans and manuals and marketing materials all online, and this is the only way that you can manage this in a geographically dispersed entity.
So what I would like to do just very briefly is to sort of show you some screen shots of the portal, because unfortunately I don't have active Internet access right here, and so I can't actually take you to it. But if any of you would like to go look at it, it is available on, you can, the URL is COLOR="#0000ff">www.tricareonline.com. It is a dot.com site. And any of you could go take a look at it. You won't be able to log in as a registered user, but you will be able to get a good sense of what is available to anyone at this point.
What we basically did here is we tried to highlight the different things that we felt our beneficiaries really wanted, and at this point anyone can come into this. To get to this point you have to go through one screen where you have to hit "I accept." We spent 200 hours with lawyers trying to figure out what are all the rules that are germane to the use of truly an interactive Internet portal. And if any of your sites are doing this, I mean obviously this is DOD specific, but we have a nine-page disclaimer which, you know, we have designed it in such a way where you get "I accept," that is what everyone does, but if you want to read all nine pages, it is all there for your purview, and you know, there is just no other way around it.
But take a look at our site and if you are interested in those type of things, we spent a lot of time trying to deal with what is the right balance of privacy and conflicting health policies, not that they would ever exist in the Federal government (laughter).
What we tried to do is we tried to ask our patients what is it they were most interested in, and we put hot links to that, and again for our patients it was appointing, drugs, you know, pharmacy, and then kind of information, dental, stuff like that.
As you come in, I'll basically just show you, if you were to click on things, we have services and benefits, and again to make appointments obviously you have to register and log on, we have to know who you are. We heavily leverage other existing web sites, so I mean DOD has lots of web sites that talk about different information. At this point we don't know who you are. Anyone can hit this. This is a commercially available site, a site that if anyone wants to hit, it is a public site. So we basically give you general information, and again for dental, for pharmacy.
Now the way we have done registration and the way this works I think is probably what is most important to a discussion of a national health infrastructure. We would love to be able to do PKI, you know, digital encrypted type of solution. That is totally impractical at this point. I mean I think in five years we will be there, but I think in the next few years to go to a beneficiary group of 8.4 million people and try to manage a digital search, there is no way.
Our total budget for this, to get to this point, has been just under 2 million dollars. The digital certificates alone run on average $8.00 to $9.00 per piece. They last three years, and we've got 8.4 million people. So do the math. I mean there is just no way we could even do that. Plus just logistically, some of our development team, I just love this story because some of our developers are a bunch of MIT grads who were, you know, MIS grad students up at MIT, very, very smart guys. A couple of them paid their way through MIT as a part of their, working at their Help Desk. Guess what the number one call to the Help Desk at MIT, I mean here are the 3,000 smartest computer nerds in the world, and the number one call to their Help Desk was what is my password and I can't get my PKI cert to work. So if MIT can't get their certs to work effectively, I mean, you know, my 8.4 million benes, it just isn't going to work.
So we are taking an approach where we are balancing what we put on the portal with the level of security that we can offer. And I think that is really important. I mean it is a balanced approach, saying here is what we can offer, here's the level of security that we can do right now, and let's only put stuff out there that are commiserate with that level of security. And then as we increase our level of security, then what can happen is as you log in, new applications, new menu bars on this left hand thing, will then be displayed to you based on the level of authentication that you have hit us.
Now the way we do it right now is when if someone registers to have an account on our system, they come in and we ask them, and our whole site is encrypted, so everything is secure socket layer enabled, so it is all encrypted transmission from the browser to our service, so that is a given, that is sort of the ground rules that everything is done. So the transmission of this information is encrypted from the browser out to us, so it is not going to, it shouldn't be hacked.
We basically ask people for certain information. We need their name, their social security number, and their date of birth, because what we then do is we go out to our military personnel data base and we basically see are they one of us, and if the answer is is there someone with that name, social security number, and date of birth in what we call the DEERS data base, then we let them establish an account. If they are not in the DEERS data base then they are not one of us and they can't establish an account. That is how we basically make this an infornet.
Now what you realize is that, you know, those three pieces of information are, certainly you know other people could have access to them, so we don't know yet for sure that that person is who they say they are, but we have some semblance that they are probably pretty close. We only give people access to information though that is commiserate with that level of access. And I'll show you exactly what we allow them to have.
Our hope is that as we roll out across the enterprise, to next summer begin the process where people will come in and do a one-time face-to-face authentication with a trusted agent. We will then revalidate their password and we will then give them access to new levels, new applications such as to be able to make maybe more robust appointments, to do prescription refills, to do secure email to their doc, because now we know who that person is for sure. It is still a password protected account, but we have proven that the only person with that password is actually who they say they are.
Now that is still a step short of a digital certificate, which is basically either a hardware or software token that the patient either carries and puts into a device that is read on their platform, and DOD for all their active duty is going down that way, and that is a very good strategy for DOD for national security issues. But for things like the type of information that we are passing, which we think of as sensitive but not classified, that is probably more than we need for right now.
Now there are issues of non-repudiation and yes we would love to be at the digital certificate layer, but we are not going to be there for several years. And what will happen is we will only put applications that are commiserate with what our level of security is, and then we will begin to pilot test certain digital certificate applications, probably to the provider and manager side first, and at a later time to the patients. So that is our migration strategy for moving forward.
Now once they have put in just some basic information, we ask them for the region they live in and we also ask them what hospital they go to, and you will see why that is important later. Once they log in, what we have decided is that we don't want to make this seem like the great TRICARE site in the sky, because all healthcare is local just like all politics is local. People identify with the hospitals they go to. So one you log in, we will automatically take you to the hospital that you told us you were accounted with.
The way we look at the people who take care of your health is it is the TRICARE program for our group, it is the region you live in, because there are some things that are done on a regional basis, it is the hospitals you go to, it is the clinics you go to, and it is the providers that take care of you. So we have basically developed tools that will allow each of these groups, health plans, regions, hospitals, providers, and clinics, to develop a home page that they can display to their patients that can post education material, information on how to get to us, on there.
So now we have a way of very much personalizing our patient's page to them, and I'll show you how we do this. This is just an example of what a typical hospital page would look like. If you were to click on that picture there, that would actually take you to the current web site for that hospital. But each hospital's page is done with a web - tool. It takes about 50 minutes to do. It is a one-time investment. And then they have to just update the announcement, a few minutes periodically. They don't need to know anything about coding. It is all self-driven by tools. If any of you have seen the Medum, which is how physicians do pages, it is a very similar type of approach.
This is just some information. That's what the TRICARE, the national page looks like. Each of the regions have their own pages. This is basically what they look like. Now each of the hospitals have their pages, each of the clinics have their pages, and the pages can post all sorts of announcements of information. We can post all sorts of news items. You can link any of that 18 million pages worth of health content that we provide through a commercial vendor to your site. I do neurology critical care, so I take care of neurology patients. I can post all sorts of links to my patients on the page.
And a clinic could post all of the docs at their site. That is what my page looks like. Again I can tell them all about my credentials, and then again I can link all sorts of educational content to them that they can access.
We do look for feedback. We tell them about what is coming. We offer online appointing. We had all sorts of debates about whether the open model for access to care, you know, is right, or whether the triage model is right. Let me tell you, just talk to your patients for five minutes. There is no debate here. They want access to care, they want open access, there is just no doubt about it. And that just came over resoundingly, just a great conversation to have the docs and the patients in the same room.
But what we do is we basically try to leverage nurse advice lines, we try to give them health information links before they make an appointment, and then we basically allow them to make appointments. We use Health Gate Data Corporation, that was the group we chose as our vendor, we use them as an ASP model. We basically go out and use their material. We embed it in our material. They have all sorts of health advisors. They have about 10 percent of their content in Spanish. Everything is developed by nurses, reviewed by physicians. It is very good quality material. We have been quite pleased with it.
They have again all sorts of content that you can print out, give it to your patients, or email it to your patients, or they can check themselves. We had a big debate whether we post alternative medicine information. The answer is yes we do, but we give disclaimers to say, you know, please this is general information, you know, please check with your doc before you do that.
I could talk more about some of the other offerings we have, but what I probably would prefer to do is to see if there are any questions. I know that this is more of an information brief, and I know you are looking at how are you going to move forward with the national health infrastructure. These are sort of some of the lessons that we have learned. I think by next summer we hope to be at about 300 or 400 hospitals, so I think we will have a whole lot more experience with how this is really done wide scale. But we do think it is a critical piece of getting this common infrastructure in place to be able to move forward to do this type of initiative. Yes sir.
DR. DANAHER: Brian, is there a migration strategy to take the applications and functionality that is in CHCS and migrate it to this, in other words, from your, the personal health record and central data repositories, et cetera, which is very much it seems the CHCS, you know, focus.
CAPT KELLY: Absolutely.
DR. DANAHER: And then how do you make it to a fully web?
CAPT KELLY: I think that the approach we have had is that, you know, you can either build this a mile deep and an inch wide, or you can go kind of a mile wide and an inch deep. Our approach, the fundamental thing that we realized when we started doing this was the most important thing for us to do in the next 24 months was to get an Internet platform across our enterprise. I mean that is really the fundamental enabling key piece that we had to do.
Now the integration with legacy applications is more difficult, particularly when you are like us, where we have 104 different, we have one CHCS system, but it is 104 different sites. Now yes we can still integrate with the same type of software, but the privacy and security issues of showing, if we were to go into CHCS short term and pull information out, you need a very high level of security on your web site to be able to allow that type of information to be accessible through the Internet. And until we get a face-to-face authentication at the very least in place, and perhaps even different levels of digital certificates, we felt a little gun shy about trying to display lab data, rad data, pharmacy data, even email to the patient and the provider, because of a lot of different medical records act issues.
So our approach was to say look, let's work on getting a certain amount of functionality out. Now we make primary care appointments, but the only thing you need to make a primary care appointment is I need, right now the security is I pick up the phone and say I am Brian Kelly. Here's my social security number. I want an appointment with my primary care manager. We are giving no more information over the Internet than that. I mean they have already told us that they have access to that name and social security number. All we do is we basically display whoever their primary care manager's appointment schedule is. We allow them to select one. They can't access any information that was not either available over the phone and they don't see any other appointments that perhaps they had made through a different mechanism.
With our medical record, our online medical journal, we call it a journal because if it is a journal it doesn't fall under DOD medical records acts, and let me tell you that is a key distinction, and we have a big disclaimer to say this is not DOD medical record, because then we've got all the FOIA issues and everything else. It is a tool to help you manage your healthcare.
Now over time the Well Net record does link things to ICD 9 and pharmacy, you know, drugs, the national drug code and things like that. Over time we will give patients an opt in strategy, so that in the future we hope to say will you share this information with your computerized patient record, which is where CHCS and CHCS 2 is going. What we then could do is we could port all of the information that they have self-entered into our CDR, clearly put it in an area that clearly defines it as patient self-entered, but it then gives the provider the access to that information that the patient has entered.
On the flip side, when our security is better, we then can begin to take information out of CHCS, lab, rad stuff, and move it into the Internet so that the patients can then access that. Let me tell you, there are gigantic practice issues associated with that. Do you really want your patients, before the doc has had the conversation with the patient, looking at their pathology results. Well I can tell you, probably not. So you know, we are moving very, very slowly in that realm.
We view our portal as evidentially being the front end into the legacy systems, but we realize it is going to take us a long time to get there. So we are trying to just move step wise. Our big issue is sort of speed the market to get us established as the dominant Internet portal for the military health system, and an environment where we can quickly do application development.
What really becomes nice about an enterprise approach to a portal is that paying for security is probably one of the single biggest costs and also the highest maintenance cost. This whole issue of maintaining passwords is, as Dr. Fitzmaurice said, is a gigantic issue. We are going to try to centralize it so that eventually our beneficiaries will only have one password for the military health system.
Now the bigger question is where will patients in the United States, you know, some day the grand vision would be that you have some way of identifying a person and having them have digital accesses that are trusted, and that is that whole, you know, national infrastructure question, and that is not only part of health, but it is part of all of the E-gov initiatives, and it is just going to take us a long time to get there.
DR. DANAHER: I just have a quick last closing question. Is the E-health, is the portal group part of CHCS or are you both kind of -
CAPT KELLY: Right now we are separate programs, but remember there is, I mean right now we've got multiple programs in the military health system, but we all talk to each other. And what we do is, CHCS is our core legacy application right now. It is a mum spaced application, it is a dog, but it works, as many legacy applications are. We are migrating to sort of our next generation, what we call CHCS 2. We sit, our portal sits on the exact infrastructure on which CHCS 2 sits.
So our migration system for our computerized patient record is CHCS 2. It sits on an oracle, AI data base, it sits on a security solution called Snare Works. Our portal sits on an oracle AI data base, it sits on a Snare Works security solution. We are on convergent paths, although for a host of acquisition related reasons, we are being managed as separate programs. But we hope to and the plan is for us to share common interface services that will allow us to leverage what they are doing and pour it into what they are doing, and vice versa. So we are working together.
DR. COHN: Okay. Gene then Mike.
DR. LENGERICH: Could you talk a little bit about evaluation plans, how you are going to evaluate this, more focus groups or what.
CAPT KELLY: What we did with our alpha sites is our evaluation is really based on certain metrics that are both hard and soft. We basically have, our hard metrics are things that are easy to measure, you know, number of people using the system. I mean that is an important metric let me tell you. Number of appointments that are made, number of pages that are hit, what are the most frequent pages that are hit. So hard metrics that are fairly easy to monitor and measure.
The more important ones though are the customer satisfaction metrics, and what we have done is we have, as part of our initial, before we stood up our portal we had focus groups come in and tell us, what we were planning, how they rated what we were doing. And then when we developed the product and deployed it, what did they think of the usability, you know, looking at how easy is it to navigate, how easy is it to do the things you are doing, are the applications meeting your needs, what other applications that you would like. And generally we have gotten extremely good feedback for what we do.
But I'll tell you, the health content alone, even the personalized health content, does not sell the portal. What sells the portal are the transaction services, the appointments, the drugs, the ability to do online health assessments, the ability to do email to your provider and get refills, and again, we are just getting into the transaction basis because we have a sufficient number of providers to do that.
DR. COHN: Okay. Mike, Kepa, and then Jeff.
DR. FITZMAURICE: About three years ago or so, as I remember it, the GCPR project, Rob Kolodner, VA, and -
CAPT KELLY: - doing, and what we are going to be doing the next 12 to 14 months, the answer is in the short term probably not very helpful, because again as you said, they are linking laboratory and radiology data. I can tell you we have had multiple discussions with the VA. They are about to convene the Presidential Council on how we basically link VA and DOD initiatives. I'm told I will likely be a member of that committee. I think the goal clearly is that not only do we need to link VA and DOD portals, my whole take on sort of, and this is a personal opinion and I clearly want to make it, the way to be successful for the national health infrastructure is really, in my opinion, is to concentrate on two major functions.
The first is common secure communication and transactions, and all the stuff that goes with that, how do you authenticate people, how do you manage that authentication, I think that is clearly the Holy Grail for making portals work, and that will be the way if we are ever successful with doing a national health infrastructure or a national E-gov infrastructure, however you want, or whatever you want to call it.
The other thing is to not say we are going to do a standard system, but to say we are going to do standards. And you know, the only time that a single system would ever work is that if all of our business practices for how we delivered healthcare were the same. And that just isn't going to happen. I mean healthcare for a deployed force is very different than it is at our tertiary care centers, as it is at research centers or on an Indian Health Service. But what can be common are standards, and standards now, because of all of these wonderful advances in technology, if we can mandate standards for health, and if we can get a critical mass to agree that we are going to use NOMED or we are going to use whatever, we will do more to improve interoperability of systems than we could by doing 100 GCPR problems.
So my take is that we need to look at common security platform infrastructure and we need to, we need as the Federal government, to focus on defining standards that are common, by which we can interchange information. And then the technology and the systems will take of themselves.
DR. ZUBELDIA: You must have been reading my mind, because my question was going to be about standards (laughter). You showed a beautiful portal for the military personnel. You also mentioned that it is really driven by transactions and their ability to make an appointment or get prescription refills and so on. Could you tell us what is your plan to make this available to providers for transactions, specifically HIPAA transactions. How are you going to make this link together?
CAPT KELLY. Well the goal here is to again first of all, you have to have the security, you have to have a way of authenticating the provider before you can even talk about doing any of this on that. So you do need to do a face-to-face authentication as a minimum of the provider. We do have a provider view I didn't show you today, but the goal is, and realistically, will we make it, will we have this part of it done by October 16th of next year, in my dreams. But realistically probably not.
But the goal honestly is to say, you know, the X 12 standards are going to be key enablers down the road. Now they are going to be immensely painful to implement over the next year or two, but the fact that, you know, our whole approach right now is to try to say we are trying to develop, and there are some very good software products out there that do what is called enterprise application integration. They basically translate and route, and they allow you to put business logic in place. So that our goal is to say any provider who comes in and authenticates to our portal can go in and enter claims information and that can be routed to our claims system.
And that again, what we hope to do is say all you need to do is send us an 835 and then we will send you back an 837, and then we will develop the application and the portal becomes the quick and easy entry point for which you send your applications. Now the problem with that, and where you need to really work through with all of your partners, is that, you know, we have a lot of providers across the country that give care to military beneficiaries, but in most instances it is only a small percentage of their business.
So you don't want to have to go, if you are a doc you don't want to have to go to the TRICARE portal for your military people and the Blue Cross Blue Shield one and the Aetna one and whatever. And again the big issue is if we use standards though and we put in the business logic for all these different portals, it can be routed appropriately. That is the eventual goal, but again it will take a long time to get there.
But we are looking at common standards, the enterprise application integration software to do the routing and to do the business logic to say if it comes from this doc, we always want to send it here, you know, you can do referral and authorizations all the same way. And we do look at that as a key enabler to recouping some of the cost for this, because there are efficiencies. I mean we've looked at it and we can automate probably 95 percent of our referral and authorizations through just business logic. I mean we don't need a nurse case manager looking at things and doing it, because a lot of that we can automate.
Now there, you know, for complicated stuff sure, you often are going to need nurse case managers or physician/physician review. But shoot, we would love to reduce the transaction cost of 90 percent on referrals to automated solutions. That is sort of our approach. But realistically it now takes about two years to get there.
DR. COHN: Jeff, I think you have the last question and then we will wrap up please.
MR. BLAIR: Michael and Kepa thank you. You have handled most of my questions, so I'll just add one other thought here. Brian, maybe you could give me some feeling for the areas in which the GCPR project, which has its framework which is based on standards for the most part developed in the private sector, that they have been adopting, in what areas are those standards useful where you can begin to use those, and in what areas are they not useful. And in the areas where they are not useful, is it that the standards haven't emerged or are available to meet you needs and you have near term deadlines, or are there other reasons why you haven't been able to adopt those standards.
CAPT KELLY: I want to be very careful what I say about GCPR, because I mean this is a very sensitive issue right now. The GCPR work, right now what GCPR has been focusing on is really the passing of laboratory, radiology, pharmacy data from the VA systems to the DOD systems, and actually it goes the other way, you are obviously active duty first thing you go to the VA. So it is really passing of information from our systems to theirs.
Since I do nothing right now with laboratory, radiology, or pharmacy results on my portal, nor do I intend to for the next 12 to 18 months because I don't have the security solution in place, it just has been, you know, I can't leverage anything they are doing.
Now what they have been focusing on is trying to develop what are the right ways of standardizing this information, and where I do see great value in the GCPR discussion is the more we can define those standards and the more we can use those standards, I mean when you think about VA and DOD, and if you were able to throw one or two of the big HMOs like Kaiser in there, I mean we are now beginning to talk about the significant enough market share that we could have a foothold into developing national standards just because people would then, the commercial vendors would stand up and take note.
You know, it is getting that critical mass, and I see that as truly the value of where GCPR is. Now I'll be honest, I'm not actively involved in the GCPR project at this time, so I couldn't even tell you what, I couldn't even articulate exactly what are the standards that they have all decided to use at this point, because again, it just hasn't been germane to my portal. It is not that I don't want to leverage it, it is just I can't do lab, rad and phar right now.
But clearly the idea of being able to share data between the VA and DOD is of great value to everyone. I don't think anyone would not be supportive of that.
DR. COHN: Clem, a real quick one?
DR. MC DONALD: A real quick one. You are the web guy and not the data base guy. I don't want to accuse you of that, but that is what it sounds like, but that's not the point. The point is that the VA is actually making some fairly substantial progress in communicating within itself. Now I don't know whether you guys are talking. But I'll comment on the issue about how where the government has a really strong role, when they hinted, they haven't announced this, they are going to use Loink for their instruments, we got a pile of calls from all the instrument vendors who want to send it out of their instruments. So you are absolutely right. But you not only want to get another set of standards, you want to stay with the ones that are rolling.
CAPT KELLY: Oh, no question. You know the worst thing we could do is say we DOD and VA are going to get together and come up with our own standards. We need to leverage.
DR. MC DONALD: But you do have a tremendous, I mean it is just surprising how, you know, you kind of wave your hips and everybody falls over (laughter).
DR. COHN: Will Dr. Kelly, I want to thank you. You told us you had until 3:15 p.m. and I kind of allow you to get out of the way and support your schedule, but we really appreciate your briefing. I am sort of reminded in this conversation that whereas this morning we passed a vision of a national health information infrastructure, where all these pieces are sort of layered together, I think one has to recognize that there are various pieces that are really a little bit dispread, and I think you have given us a really a very compelling view of one. So we want to thank you.
Now there is a couple of things, housekeeping issues, that you all need to be aware of, and then we will adjourn for today into our subcommittees.
Number one is that the Subcommittee on Privacy and Confidentiality will be meeting here after about a 10 minute break to take a breath. The Subcommittee on Populations Vickie will be leading in 305A. I have been informed that the NHII workgroup will actually meet here at 5 o'clock sharp, and it needs to be sharp because apparently otherwise you are going to be missing your Chairman. So you do really need to be right on time for that.
Now tomorrow morning the workgroup on quality has been cancelled as I understand, and the Subcommittee on Standards and Security will be meeting in 325A from 8:30 a.m. to a little bit before 10:00 a.m., is that correct? Now having said that, what we are going to try to do, recognizing the people's time availability and the hands raised earlier -
MR. BLAIR: Did you state the way I thought you did?
DR. COHN: 325A?
MR. BLAIR: 325A. I thought you said it will be meeting a little before 10.
DR. COHN: No, I said the subcommittee will be from 8:30 a.m. until a little bit before 10:00 a.m., and then we will try to call this meeting to order right at 10 o'clock tomorrow as opposed to 10:10 a.m. And what we are going to try to do is to move Dr. Sondik from 10:15 a.m. to 11:00 a.m. to allow us time to consider the privacy letter before people start to disperse. I can't guarantee that that is going to happen, but we are endeavoring to contact him and see if he can come up just a little bit later, so that we can do the privacy letter first. We'll try to make sure that everything works.
DR. DANAHER: What is the ETD?
DR. COHN: Well I guess I would hope that we would certainly be done by noon. Is that okay? I see the smile, is that good?
DR. DANAHER: Noon is good.
DR. COHN: Any questions or comments before we adjourn? I really want to thank you all. I realize it has been, we've got a lot of work done today. It has been a very interesting session. I will see you tomorrow and you can break into subcommittees now. Thank you.
(Whereupon, the meeting adjourned 3:15 p.m.)