Hubert H. Humphrey Building
Room 705A
200
Independence Avenue, SW
Washington, DC
Call to Order and Introduction - Ms. Frawley
Panel Discussion:
Discussion of Next Steps:
MS. FRAWLEY: I'm Kathleen Frawley, and I chair the Subcommittee on Privacy and Confidentiality for the National Committee on Vital and Health Statistics. In my real life I am vice president of Legislative and Public Policy Services for the American Health Information Management Association.
For those of you who have been to meetings before, what we're going to do is just around the table, introduce all of the subcommittee members and staff, and then our panelists, and then our audience, because there are a number of people here today who are participating.
[Introductions were made.]
Great, thank you all very much.
[Administrative remarks.]
What we would like to do today, and I'm very pleased that we have a number of people here with us, is as you know, the subcommittee issued a report to the secretary in June 1997, on issues regarding confidentiality and privacy. The secretary subsequently, as mandated by the Health Insurance Portability and Accountability Act issued her recommendations to Congress in September 1997.
As we sit here today, Congress is facing a mandate of passing legislation by the summer of 1999. There are all kinds of bets as to whether we will see that or not. In the interim of course, we do know that the secretary does have a mandate to promulgate regulations in this area in the event that Congress fails to enact legislation.
So the subcommittee, over the past several years, has been holding meetings, really bringing different representatives of different groups in to talk to them about issues regarding confidentiality and privacy. We thought it was important this morning to spend some time with all of you really to talk about what happens when a patient walks into a pharmacy, what is the flow of information.
Certainly we have read a lot in different trade publications, and also in newspapers, talking about how information is handled. So what we would like to do this morning is really spend some time with each of our panelists, really to understand from their perspective, what is going on in the industry. Some of you have also done some studies, and have been specifically asked to come forward and talk about some of your work.
This afternoon we will spend some time as a subcommittee. The audience will have an opportunity also to participate, really talking about what we heard this morning, what if any recommendations we should be making to the secretary, and is there a need for any follow-up as a result of what we have heard today?
So I'd like to keep it very informal. There is absolutely no bias here on any of our subcommittee. We haven't even talked about this. We just kind of made up a list of witnesses, and asked Gail to go round everyone up. So we are glad you could join us.
I'd like to start with Carlos. We'll have you start first. Then we'll just continue down the line with Doug and Ron and John and then John.
Thank you.
MR. ORTIZ: I'm going to pass out some slides, overheads, which I was planning to use, but I think working off the hard copy will just be easier, because of the location of the screen and the format.
First of all, I have been a pharmacist for over 30 years, and I have been with CVS Pharmacy for about 22 of those 30 years. I can tell you that pharmacy is facing challenges today like we have never seen before. The first thing I wanted to talk about, and you find a little bit confusing or question why I want to talk about dispensing of prescriptions, volume, and the manpower issue in the United States.
The first question that I have when I talk about pharmacy programs that may happen outside of the pharmacy is why don't these occur at the point care? Why don't they happen in the pharmacy? I'd like to talk just very briefly about some of the challenges that we're facing in the pharmacy today as to why that is not a reasonable alternative.
In 1990, the number of pharmacies in the United States totaled just over 58,000. By 1998, that had dropped to just over 50,000, and at the same time that that was occurring, the number of outpatient prescriptions filled in the United States increased from 9.16 billion outpatient prescriptions to 2.8 billion.
It is expected that these trends, the decrease in the number of pharmacies, and the increase in the prescription is going to continue, and that if it continues at its current rate, by the year 2005, with the senior boom that is going on, the number of outpatient prescriptions in the United States will increase to 4 billion, and the number of pharmacies will continue to decrease to about 43,000.
That having been said, what that translates into more workable numbers is an increase since 1990, where the average pharmacy in the United States was filling 643 prescriptions per week, to 1998, where the average pharmacy is filling 1,061 prescriptions per week. That's a 63 percent increase. The increase projected in the next seven years is another 69 percent increase, to over 1,800 prescriptions per week in the average pharmacy in the United States.
While all this was occurring, if you look at the next slide it shows that there has actually been a decrease, or a leveling off in the number of pharmacists in the United States. There are currently today, based on a survey conducted by NACDS in August, 3,500 unfilled pharmacist positions in the United States in the community chain pharmacy alone. What that means is that with this increased volume, the natural conclusion would be, well, go out and hire more pharmacists to handle the increased volume. The question is, where are we going to find those pharmacists?
If you know of any unemployed pharmacists, any of you here in this room, we'll have them interviewed tomorrow to find out if they qualify for employment, because there is a major shortage of pharmacists in the United States. This is going to be exacerbated in the next few years, because many of the schools are just in the process of converting from a five year bachelor of science pharmacy, to a six year doctor of pharmacy, and that will be completed in most pharmacy schools in the early 2000s.
The other thing that has happened is that the demographics for the pharmacist work force has changed dramatically, from a predominantly male dominated profession, to a predominantly female profession. This has led to a lot more part-time employment on the part of some women. The average part-time pharmacist at CVS works about 23 hours a week, versus 40 hours for the full-time. And we find that the part-time pharmacists is about 65 percent female versus 35 percent male.
Those are the challenges that we are facing when we try and deliver some of the services that I'm going to talk about at the point of care.
The two types of point of care program -- let me back up. What happens when a prescription gets filled at CVS is that it is now where 87 percent of our prescriptions filled at CVS are filled for third party insurance coverage. Only 13 percent are now cash, and that is dropping every year. These are public figures.
That trend is increasing. CVS being predominantly located in the East Coast and in the northeast, which has been really infiltrated by managed care, as opposed to some of the areas of the country has probably seen a slightly higher percentage of third party prescriptions than some of the other companies that are in the Midwest, which might not have that same penetration of managed care.
Having said that, of those 87 percent third party prescriptions, the major of those are filled on what we call on-line claims adjudication. We input the prescription information into the computer, and it goes out to a series of switches, to a third party payer or PBM.
That all happens within 10 seconds, so that it happens almost instantaneously. We get back an answer as to whether this patient is eligible, and whether the product is covered. We then fill that prescription. It is part of the filling process, so it isn't like we wait until that prescription has been adjudicated to fill it. It's part of the filling process that happens concurrently with the filling process.
Then the medication is delivered to the patient, and the records are stored in the central data warehouse at CVS and at the store level. CVS has a unique system compared to some other drug companies in the sense that every store pharmacy has memory capability. Some drug store systems are totally dummy systems at the store level, and everything is stored centrally. We have memory capability both at the store, plus at the central data warehouse, which makes it slightly different than some of the other systems, and that will be important with regard to one issue as I go forward.
What I really want to spend most of my time talking about is some of the compliance programs which have drawn the concern of certain people with regard to what we do with this information. We have these support programs. They basically, we believe, are an extension of treatment, and really are done to enhance patient compliance with drug therapies, and to just serve also as CVS pharmacy as a role for health care information.
There are two types of programs that we were conducting, and I stress that in the past tense, and I'll discuss that has happened since February 15, 1998, which was the day of The Washington Post article, in a few minutes. But the two types of programs that we were conducting, one was what we call a persistency and adherence program, which is basically a refill reminder compliance program. These were for maintenance medication, where it was important to have the patient continue taking the medication in order to receive the proper therapeutic outcome.
The other type was an informational type of mailing, where we thought there was an important new therapy that might benefit a patient that was on some other type of therapy. The type of program that that was, and the one that was highlighted in The Washington Post article was the zyban mailing. Zyban was an important new therapy with regard to smoking cessation, that we knew would benefit people who might have failed on the nicotine gum therapy. We thought it was important for us to get that information out to those patients that might have failed on the nicotine therapy.
I have already discussed why they can't be done at point of care given the volume increase that has occurred in our pharmacy. But also the other problem is that the patients who need this the most, just aren't in the pharmacy. That's the reality of the situation. They are the ones that aren't coming in. They are not there.
I would like to talk very briefly about The Washington Post article, because I think there was a considerable amount of misinformation that was communicated in The Washington Post article. Yes, CVS did contract with manufacturers to offset the cost of the mailings that we conducted. But the reality was that we never sold any information or shared any information with any pharmaceutical manufacturer.
What we did was perform an extract of applicable patient names and addresses from our central database. No patient profiles were released to anyone, including Alensis(?). We contracted with Alensis to act as an agent fulfillment house to do the mailing for us. It is important to note that two employees at Alensis were involved at every mailing.
One of them stuffed the envelopes, so that if you were getting a refill reminder for a particular type of medication that might identify the condition, yes, the letter was stuffed by one person, but then that letter went to another employee who had the patients' names and addresses. They had no other information other than the patients' names and addresses.
After they completed the mailing, they were contractually required to send us back the diskette with the patients' names and addresses, so they could not maintain any sort of databank of patients' names and addresses. There were substantial monetary penalties for failure to contractually comply with that contractual requirement.
Finally, with regard to Alensis, we required that every Alensis employee sign the same patient confidentiality document as every CVS employee. After my presentation I would like to pass out copies of the CVS confidential statement. This confidential statement and requirement appears about half a dozen times for every new employee. It's part of the employee handbook, part of the professional practices handbook. It's part of the store operations manual. It's part of the pharmacy operations manual. It's part of the pharmacists' training manual. It's part of the technician training manual. It's posted on the bulletin boards in our stores, and it is routinely distributed to all employees. I think it's one of the most stringent confidentiality statements in the industry. We required the same thing from Alensis.
What has happened since The Washington Post article? The Washington Post article appeared on the front page of the Sunday Post on February 15, 1998. A correction was inserted, and I do have a blown up copy of the correction which was inserted that indicated that we had not sold any prescription data information to anyone. This appeared on February 18th.
On February 19th, because we could not communicate our position to our customers, and clearly, patient and customer trust is the only thing that we have to offer that is different than other pharmacy. We had a letter printed in The Washington Post from Tom Ryan which stopped the programs, which ceased all programs.
The agreement with Alensis was terminated on February 19th. These programs are still on hold. Unfortunately, in my opinion, the losers of that program are the many people who were benefitting from these types of programs. Just to reiterate, CVS did not sell patient names, nor will we ever sell or allow access to our prescription database for any patient-specific information.
I think it's important that I say the pharmacy is a little different than other health care services. The reason that I say that is that's impossible to perform an x- ray on someone other than the patient. It's impossible to perform surgery on someone other than the patient, or a physical on someone other than the patient. But every day in every pharmacy in the United States we are routinely asked to deliver prescriptions other than the patient.
You are asked to deliver prescriptions to mothers, to fathers, to sisters, to brothers, to neighbors, sometimes even to taxicab drivers if the patient can't get into the pharmacy. So the idea of a patient release required for the delivery of services would delay pharmacy services considerably in many cases, even with new patients. Many times the new housebound patient is the one who often doesn't get into the pharmacy, even initially.
Opt-out versus opt-in, and these are really sort of marketing terms rather than legal terms, but I think everybody has come to know what opt-out versus opt-in is. Even though our programs are on hold, we believe, and I think the industry believes that opt-out is clearly the best option.
A recent study that was done last year showed that if you have an opt-in program, and there were about 1,500 people that were presented with the option, about 20 percent of the people opted in. After no information was delivered to either of the patient groups, either the 80 percent that didn't opt-in, or the 20 percent that did opt-in for three months. At the end of three months, they checked the refill patient compliance therapy of the two groups. Ironically, it was the 20 percent who opted-in, who had the best compliance.
So it just confirmed the idea that the people who will opt-in to a program are the people who least need the benefits of that program. The 80 percent who opt-out, or who didn't opt-in, are the ones who needed it the most.
One of the things that we have had to find was when we stopped our programs, we did a very thorough searching of all our programs internally, other than just these compliance programs, to see what other problems we might have with patient privacy and confidentiality. We found that there was a whole slew of small house charges, of small companies, Joe's Tool and Die Shop in Mechanicsburg, Pennsylvania, who maybe had ten employees, who rather than go through a big PBM or a big insurance company, would just contract with the local CVS to provide prescription services for their employees, and would just open up a house charge for that purpose.
Now it's difficult to get the owner of Joe's Tool and Die to agree to pay for something if they don't know what they are paying for, and who received the prescription. But we had to tell them we felt that giving him a monthly bill that detailed the prescription and who it was for, and what it was for was a problem. We have had to stop all of those house charges if they weren't willing to agree to just accept the billing that all it had was a prescription number.
They can't hire an auditor to go out and audit. It's a small company, but many of those people I would venture to say probably opted to find other pharmacies if they wanted to continue the benefit for their employees, because we decided it was just too strong an issue for us in light of all the publicity, to continue that.
I think that some of the challenges that we are facing is CVS is in 25 states with pharmacies. There is such a confusing morass of patient privacy laws, that I think that we really do need some sort of federal preemption.
Even with law enforcement officials, the laws are completely different. In the state of Ohio, any law enforcement agency has the right to rifle your prescription records for potential legal violations. In Massachusetts only the drug investigative unit can do that. In Virginia the chief of the state police can authorize a record search for possible problems. Obviously, the DEA has the right to come in, and they do come in and rifle through our prescription records to look for potential problems.
Health departments -- I know of at least two states, New Hampshire and New York, which require, still on the books, that when we fill a prescription for tuberculosis, that we report it to the department of health; patient name, drug, and specific information about patient identification.
In many states some health department officials still have the right to pursue information on STDs. We don't get that too much anymore, but it's still on the books, and they still have the right in many states.
Just as an example is taking the D.C. area, because what if a patient of CVS gets a prescription filled in the District of Columbia, because that's where their doctor is located. They work in Virginia, and they get their first refill there, but they live in Maryland, and they get their second refill there. Of course, all their prescription records are stored in Rhode Island. Which state's privacy law applies to the prescription records for that individual? I don't know which one would apply, but I think that's another case of why we need some sort of federal preemption.
I have talked about what we have done to protect. I don't want to spend too much time on that. I can tell you ironically we have more problems with paper than we do with databases. I know that the HIPAA law really concentrates on the electronic, but I can tell you that paper -- what do you do with all those prescriptions, all those three by five pieces of paper that we have in our pharmacies? Many of the states' pharmacy laws still require us to daily print out a prescription log with all of the information. What do you do with all of that paper at the end?
We are in the process of buying shredders for every CVS pharmacy. There are 4,200 CVS pharmacies throughout the country. We're going to have to buy shredders in order to get rid of those old prescriptions, and those old prescription records.
We have had people jump into our dumpsters to take a look at prescription refill vials that people bring in when they wanted a refill, and we throw them in the garbage, then run stories on how this could be a potential breach of patient confidentiality. That has happened twice that I'm aware of right now.
Just briefly, why do we think we need it? I mean in OBRA 1990, which is the Omnibus Reconciliation Act of 1990, which mandated that for Medicaid patients, pharmacists had to perform prospective drug utilization review, and make an offer to counsel. Clearly, it went well beyond Medicaid recipients. Almost every state that I'm aware of has something that applies, and makes the same requirements for all prescription patients with regard to that.
And the prospective drug utilization review, just a couple of things like our therapeutic drug duplications, drug/disease interactions, interdirect drug dosage, and duration of treatment, drug allergies, and abuse and misuse. We need a lot of the information that is being considered to be required to be protected.
We also must make an offer to counsel. If that counseling is accepted, we have to counsel the patient on the dosage, the route of administration, duration of drug therapy, and on common adverse side effects and contraindications. Often that means when you run across these problems, that you've got to communicate that to other health care professionals.
It's a fragmented health care delivery system we have in the United States. People are using multiple doctors, and unfortunately in some cases they are even using multiple pharmacies. It's a very fragmented delivery system. Clearly, it's a highly mobile society. When a patient needs their medication, they need it where they are, and they need it then.
In conclusion I will just say that we do feel we need federal preemption. I would urge for an opt-out version versus an opt-in version. Whatever laws we come up with, we must recognize that with regard with pharmacy, often the patient isn't in the pharmacy to receive the service.
Thank you.
MS. FRAWLEY: Thank you, Carlos.
What we're going to do is continue with each of our panelists, and then open it up to questions. So Doug, I'd like you to go next.
MR. LONG: Good morning. I appreciate the invitation to be with you this morning. What I would like to do is share with you actually four things. This is what Gail asked me to do. The first is what is the role of IMS Health? What do we do? The second is really two parts, what happens to prescriptions that IMS receives, but also what is the path a prescription may take from the time it's originated from a doctor, to the time it is filled with the patient?
The third step is how does IMS Health safe guard confidentiality, and what are some of our policies? I'll be very happy to share those with you, because we've been working at this for a long period of time. A number of you may know Gary Friend, that was with us for a few years, and has now gone to another company here in Washington, D.C., and we certainly miss him.
So those are the four things I'd like to cover. Certainly on page 3 if you look, there are a number of pressure points on the whole aspect of privacy. Federal and state laws, the technology that exists with new IT applications, electronic commerce, the information superhighway, globalization, what's going on in the European Union with the European Union directive.
So since we are a global company, we have really had to stay on top of how you secure and keep records, whatever they are, confidential. IMS Health is the world's leading provider of information solutions to the pharmaceutical and health care industries. We operate in over 90 countries around the world. We have been in business for over 40 years, and we are the largest pharmaceutical manufacturer information partner, very important to the day-to-day operations of our customers.
Our vision statement reads as follows: "IMS is a leader and a central partner in the advancement of health, providing critical data, global intelligence, and knowledge- based solutions to the health care community." I think the important thing is advancement of health, knowledge-based solutions and critical data, and also global intelligence as the world becomes more global.
We really have five major parts of our business which we determined to be: market research, sales management, technology-enabled selling, over-the-counter medications, and managed care. You can see in your handout, a description of each of those.
The point that I would like to make is where you see market research, the context that we do market research helps make the market more efficient in the United States and other countries around the world by looking at product planning, launching sales, marketing, tracking diseases treatments and outcomes.
What's more germane to our discussion today is that since we are in the information business, we do collect a lot of data. In the United States alone we collect from over 250,000 different sources. In the average month we process more than 72 billion records per month. When I say records, I'm talking about different data elements and such.
Primarily, our business is predicated on anonymized data. So we track billions of anonymized prescription records annually. These data are central to the effective implementation of prescription drug recall programs, performance of pharmaceutical market analyses, assessment of drug utilization patterns, and comparison of drug costs. So it is very important to draw the distinction between anonymized data and person or patient identifiable information. The bulk of our business is in anonymized data.
Before I tell you how we safeguard all this information that we collect and have, I would like to take you through a path a prescription may take, going from when it is prescribed by a prescriber or a doctor, to where it is filled by the pharmacy for the patient.
The process starts out with a prescriber or a doctor writing a prescription. It is followed by the pharmacy receiving the prescription. This prescription, once it is in the pharmacy, is screened or pre-edited. It is switched, or I should say goes through a switch, because I want to draw the distinction between a switch program, and the actual what I call a router or a switch that moves the prescription to the appropriate parties.
The prescription goes to a processor and/or a PBM, because in some cases a processor could be a PBM and so forth. The prescription goes back to the pharmacy, and the prescription is filled for the patient. As Carlos said, this happens within ten seconds, to go through all these steps.
Now the first description I would like to make is what happens when a prescriber writes a prescription? The prescriber writes the prescription for a patient, and it is transferred to a pharmacy to be filled. Really there are five different ways it can get to the pharmacy. It could be that three by five piece of paper that the doctor gives to the patient, the patient takes to the pharmacist.
It could be the doctor's office phones the pharmacy and authorizes a prescription by phone. It could be faxed from the doctor's office to a pharmacy. Recently, there has been work in transmitting prescriptions electronically, although that is probably less than 5 percent of all the prescription records.
In addition, if it's a refill prescription, the patient can just call an 800 number, and call the pharmacy, and the prescription will be there waiting for them when they want to pick it up. So that's how the prescription is prescribed, and how it gets to the pharmacy.
When the pharmacy receives the prescription they record the patient, the product, the plan, and prescriber information for dispensing and record keeping purposes. Script details are transmitted electronically in a standard NCPDP format to a processor for electronic adjudication purposes. Scripts may pass through multiple intermediary points along the way, predominantly what we call a screen, or a pre-editing or a switch, before reaching the final processor. Again, this happens almost instantaneously.
So let me first talk about what a screen does, what is the purpose of the screen. Screens or pre-editing basically helps decrease overhead costs by assuring that the script estimated will be authorized the first time. Generally, scripts, or prescriptions are screened before they are sent for five basic reasons:
(1) Is the patient eligible? Is it part of a plan?
(2) Is the NDC correct?
(3) Is the product on the formulary or not on the formulary? If it's not on the formulary, it may be rejected.
(4) The quantity range. Is the quantity too high? In other words, generally retail prescriptions are a 30 day supply. If the prescription is written for a 60 day supply, by and large it may be rejected.
(5) And it may be refilled too early. So if they come back in before the 30 days is over to fill the prescription, generally there is a waiting period that takes place. Again, this happens computer-to-computer, and happens instantaneously.
Is the --
DR. HARDING: Pardon me, what is an NDC?
MR. LONG: National drug code. So there is an 11 digit product description for every drug or pharmaceutical out there.
The prescription generally goes through a router or what we call a switch. This is not product switching. This is actually the moving of a prescription from one place to another. What the role is, is to minimize the number of phone connections pharmacies are required to maintain to send prescriptions to the finally processor.
So generally in a CVS pharmacy some prescriptions go directly to PCS or Medco. Others are collected and routed out to some of the smaller processors. Call it kind of the U.S. Postal Service for prescriptions. It works like the Postal Service, and hypothetically the confidentiality of what's in the switch is confidential to the player on the one end, versus the other end.
The person that serves as a switcher does not have the right to open up the envelope so to speak, and look at what's in there. So you might call it an electronic mailbox. Generally, they use information found on the script, usually the bank information number, to route the claim to the finally processor.
When it gets to a processor, the processor combines patient history with eligibility and formulary files, which are regularly updated. They are able to verify the prescription for pharmacy reimbursement. Large processors have a phenomenal amount of computer horsepower to process the prescriptions and return a message through a switch to a pharmacy in seconds.
So if it takes 15 minutes to fill the prescription, this is only taking seconds of that 15 minutes, for the prescription to be electronically adjudicated, as we call it.
Then comes the role of the PBM, or pharmacy benefit manager. The PBM maintains the patient and product formulary eligibility files in a contract with insurers and self-insured employer groups to provide contracted pharmacy benefits to their members. That is a higher percentage each year. As Carlos said, 87 percent of the prescriptions that CVS fills are third party prescriptions. Generally what we're looking at for a total United States average is about 70 percent at this point.
The pharmacy benefit manager's generally control access to classes of drugs, and specific branded products through a formulary. That is their cost control mechanism. But again, the doctor is the final decision-maker in this process. Also, the PBMs generally determine what the co- pays are, and as we have seen recently, the co-pays are going up.
So that's the path a prescription takes from the originating point, to the point that a patient picks up the prescription. Hopefully, that will be what you were looking for.
What I would like to focus on next is what IMS Health's commitment to privacy is, and take you through how we handle the 72 billion records, admittedly mostly anonymized records, and generally what our principles, and what we stand for, and how we safeguard confidentiality.
First of all, the bulk of our business is that we require that the data must be anonymized prior to being sent to IMS Health. But that is not enough. We have to make sure that we screen the records before acceptance to insure that they comply with this requirement.
What I mean there is that you may have times that when you are looking to trace what we call a longitudinal patient tracker. It's a unique person through a system without identifying who that patient is, but to know that it's a unique person.
So we want to make sure that if we ask for a unique identifier by CVS or anybody else, that what we're not getting is the social security number, a phone number, a combination of name or any sort of digit. We want encrypted information, with the key to be held at the CVS headquarters or a third party. We do not want to have any patient identifiable information within IMS.
We also tightly control access to this information. We require in the cases that we do handle patient identifiable information, patient consent before collecting any of this information. We call it informed consent.
We restrict use of information to only the purposes that it is supposed to be used for. We routinely audit our information processors, and we enter into confidentiality agreements with data sources, employees, and clients.
Another things is a privacy advisory council, which is made up of 12 individuals across the company, that get together on a frequent basis to discuss how do we safeguard confidentiality and privacy within IMS, and what policies and procedures should we have to make sure this happens?
The next page is our fair information practices. We have had a fair information practice brochure developed for the last eight years now. We are currently in the process of updating it for the third time. Generally, the principles are the data suppliers know the use of their information, and whether identity is disclosed. The second tenet is that privacy of individual medical records is inviolate. Informed consent is required for any use.
Our research never intrudes or influences the interaction between a health care provider and a patient. We insure accuracy and security of information in our safe keeping, and our clients share in the responsibility for keeping data secure, and using it appropriately.
The next page is just the actual code of fair information practices that you see in specific.
Now I think the pages you have talk about IMS Health U.S. information flow. Basically, there are five steps similar to what I outlined before. Again, to reiterate:
(1) Prior to transmission IMS Health instructs the data suppliers to strip the data of patient identifiers.
(2) We enter into contractual agreements with our data suppliers, which explain the use for why the data is collected.
(3) Once the data are transmitted to IMS Health, they are subjected to its screening and validation measures.
(4) As a further preventive measure against IMS Health handling individually identifiable data, in the times that we do handle it, the database design for the system has no provisions for storing name, address, phone number, and social security number.
Now let me just go back on that, because I misspoke. In anonymized data, to make sure that nothing gets into our databases, we do not have any provisions for storing name, address, phone number, social security number. So there's not a place for it in the databases for it to be stored.
Then what we have recently done is all employees of IMS Health have had to sign a confidentiality agreement requiring them to abide by the company's confidentiality policies. You will see that as the next four pages in your handout. The first is a letter from our president, Robert Hooper, to all employees. The second and third pages are the tenets of the employee provision and safe guarding. The fourth is a signature page. All employees are required to sign these things, and our intent is get them signed once a year, just to reinforce the policy.
We have four beliefs in terms of essential elements of patient privacy. I would say they work for our business. We're not in a business that one size fits all, but since we do deal with anonymized data, we want to,
(1) Encourage the use of anonymized data if that can be done, as compared to personally identifiable data.
(2) Is a prohibition against reverse engineering, which means adding other factors to the data that we have to identify a patient. We have a prohibition against reverse engineering.
(3) Require informed patient consent for the use of patient identifiable information.
(4) Harmonize state laws through federal preemption.
I would like to leave you with some parting guidance, or just what our basic philosophy is. Patient privacy is not an option for any player in the health care business. It is a must do, have to do.
Insure all practices as companies are in line with patient expectations. I know Ron will be taking you through some of the research NWDA has done on asking patients what they feel about programs, and the different legislative trends. Again, no surprises, and again, patient privacy is a given.
I would encourage all of my brethren to develop and implement a code of fair information practices. We are in a climate at this point that encourages opt-in, rather than opt-out. I believe a better term is informed consent. Communicate, communicate, communicate. Again, it's very important to make everybody accountable, your data suppliers, your employees, and your information partners.
My conclusion is that it's imperative that any person or entity handling individually identifiable or anonymized health information adopt policies and procedures for insuring patient privacy. The implementation must include everyone in the data collection chain, not only in your company, but going down and going out. Education and constant self-auditing are a key to an effective system. Federal legislation should help insure universal adoption of sound practices, and promote patient trust.
One final comment. IMS Health is committed to maintaining the right balance between patient privacy and the uses of information that contribute to the advancement of health. I think the key there is the balance between a patient's right to privacy, which is very important, and the advancement of health, which is also equally important.
Thank you.
MS. FRAWLEY: Thank you very much, Doug. Ronald, if you would like to go ahead.
MR. STRECK: Good morning. My name is Ron Streck, and I'm president to the National Wholesale Druggists Association. NWDA is the trade association representing distributors of health care products, and our members include 80 distributors, which 225 distribution centers in the U.S., nearly 300 manufacturers of health care products, and international distributors throughout the world.
I am delighted to be here today to share some key findings from an in depth research initiative conducted by our health care foundation concerning the privacy, security, and confidentiality of patient medical records. The foundation study is the most comprehensive available -- at least we believe it is. It includes primary research in the policy standards, market, and consumer areas, including a sweeping political analysis of the players and stakeholders, where there are 41 key consumer and professional groups in terms of positions on the issue, and where compromises may be drawn.
A comprehensive market research analysis that studies the industry attitudes toward medical record security; sectors doing it right, and sectors beginning to think about doing it at; a consumer report in which patients talk candidly about their feelings regarding their privacy, their health, and their medical records. We heard some things that may surprise you, and could affect the way you perceive your markets.
A closer look at the Department of Health and Human Services proposed standards for electronic data interchange and security transactions; product codes and identifiers across the health care system; and who will make the decisions. This controversial effort will affect our business and how it is conducted, and ultimately determine who will benefit from the new practices, and who may fall behind.
As we embarked on this far reaching initiative, we were often asked why is NWDA, and why are wholesalers concerned at all about this? This graphic illustrates the vital link wholesalers play in health care. They are responsible for managing logistics from the point of drug discovery, all the way to a patient taking a medication. In this role, wholesalers literally touch nearly every entity in health care. They provide automated systems to manufacturers, pharmacies, and other health care entities to help them manage care.
As a result, the way privacy, confidentiality, and security is regulated will impact our sector in addictive ways, not just directly, but indirectly, based on what wholesalers' customers will need to do.
Time today will only allow me to share the most critical findings with this distinguished panel. Even with the most concise presentation possible, the final comprehensive research findings required 120 pages to report, and two extensive appendices with key documents. We offer one for the panel, so that you will have it to read.
MS. FRAWLEY: Thank you.
MR. STRECK: I want to focus on two areas. How do senior information executives with leading companies in ten health care sectors view this issue? And what do older consumers, over age 50 -- I hate to think about that, over age 50, older consumers; we're not older consumers are we? - - about the privacy, confidentiality, and security of medical records.
Let's look at the market first. We talked with executives from 38 companies: managed care organizations, physician practices, management groups, hospitals, manufacturers, chain drug stores, wholesalers, pharmaceutical benefit management companies, both manufacture and nonmanufacturer owned group purchasing organizations, and health data market research firms. The overriding reason given by all these groups for trying to integrate patient data was to improve patient care. Let's look at specifically how.
First, the groups cited using data to improve health outcomes and clinical research. By standardizing and automating large amounts of data about patient populations, the groups hoped to learn what is the most cost effective type of care.
Secondly, by pulling together medical, pharmacy, and financial data about patient encounters, groups hoped to standardize effective treatment by building clinical protocols and guidelines. These guidelines are then computerized and built into software to support decision- making by clinicians.
Third, groups extend this use of integrated data to insure that patients are following clinical instruction and receiving the intended benefit of their prescribed therapy. These programs can focus on looking at large patient populations, and identifying those most appropriate for intervention. Or they can be based at clinics, or individual pharmacies.
Fourth, connect the data about product usage and movement is used in the logistics system to improve efficiency in getting products to the people that need them. Wholesalers and other logistics providers connect information to help individual non-corporate customers look at effective treatment and care.
Finally, groups told researchers they hoped by lowering costs through these improve care methods that more uninsured would be able to access the health care system. We learned that across sectors, IT or information technology executives were very confident about their internal computer security measures. They use a number of methods to achieve security, including controlling access to data, insuring on a need to know basis only, using authentication and authorization procedures.
These groups told us about the types of checks and balances they had in place to insure their security measures were working. These included: auditing data access; utilizing password management; making employee understand, sign, and abide by confidentiality agreements; using physical security; and levying sanctions when procedures are violated.
External security measures were state-of-the- market as well and include: using direct transmission and dial up access for moving data; using non-patient identifiable data; using non-disclosure agreements with trading partners; and encryption techniques.
Lastly, as a whole, these executives were highly conscious of maintaining security of data. They did believe attempts to legislate and regulate this area were beyond reasonableness, and might inhibit moves to improve care. Balancing interests was the theme we heard most often. They also said their greatest fears were from internal mishandling of data by employees, an issue that IT technology can positively impact, but only training and good management can control.
On the consumer side of the research we did learn some surprising things from over 75 men and women over age 50 who use medications for chronic conditions. We did 11 focus groups with consumers who had received interventions in three areas. Groups were conducted in Davenport and Des Moines, Iowa, and Memphis, Tennessee between June 24-July 10, 1998. Different types of medication intervention groups and sexes were interviewed separately.
The three kinds of interventions were people who had received either letters or phone calls to switch pharmaceutical products; those who had received letters or phone calls with information about their condition or therapy or refill reminders; and those who were part of a formal therapy monitoring program with their pharmacist.
Our goals were three fold. We wanted to find out how these people currently received information about their medicines; how useful or not useful they found different methods of receiving information; and how they feel with regard to the privacy and confidentiality of their medical information.
First, older individuals -- I hate that term "older individuals" -- are receptive to unsolicited medication information that has value. In particular, they felt it had value if it educates them about new therapies for their conditions; educates or updates them about their condition in general; and is targeted to their condition and situation.
Second, unsolicited information on switching medications is viewed as junk mail. Older consumers are generally unimpressed by direct to consumer, or DTC ads. Older individuals generally feel that their health care providers, their physicians, their pharmacists know best. Medical switch requests are lumped in with credit card solicitations. Employed individuals are more concerned about receiving switch requests, and I quote one individual saying, "I am concerned about how they got my name, and how they know what medication I am taking."
Third, older individuals are comfortable sharing extensive medical information with their pharmacist. More willingness was exhibited among individuals who know their pharmacist and/or who are in pharmaceutical care programs. It is important to keep in mind that most of the participants in the pharmaceutical care programs were receiving care at independent pharmacies, but there are many chain and food pharmacies across the country who also provide these programs, and other studies indicate excellent consumer response.
The pharmacist is cited by most as the primary source of information about medications. The pharmacist not only has medication-specific information, but has time to counsel. The most common secondary source the physician, though they seem to have less time to discuss the medications.
I will go back to what Carlos Ortiz said, and that is, yes, we do have a problem that we have to contend with. We have to look at how we can further automate the system so that the pharmacists can spend more time with the patient in the future. It is critical if we really want to change and improve the environment of health care for all individuals.
Other sources of medication information are: medical reference books such as the PDR, which everyone seems to be familiar with; the Pill Book as another example; family members, friend, and magazines. These findings echo those from a mid-1996 study conducted by the American Pharmaceutical Association.
With regard to sharing medication information, older individuals are skeptical about insurance firms. Older individuals feel at odds with insurance firms over the provision of their health care. Many tell horror stories. They do say they would be more concerned if they had "sensitive" conditions versus the chronic conditions that they in general suffer from.
Finally, retired persons had feelings of powerlessness in the information age. They are resigned to the fact that their lives, including their medical histories, can be exposed to everyone. I quote one individual saying, "Anyone can know everything about you."
However, targeted mail about their conditions sometimes, and "makes it seem like someone cares about them." Most would rather receive helpful information than not receive it. This is an important finding given the media attention that has been given to this issue.
Now before I pass the microphone to wholesaler executive John Pike, let me offer a few observations based on the extensive research we have done to date. First, most groups echo the need for a balance between protecting confidentiality and security with the gains that can be made by connecting personal health information to improve care.
Those responsible for integrating this data feel confident about the information technology they employ. Their greatest concern centers on internal employee misuse, a concern that speaks to training, confidentiality agreements, and sanctions that you have heard about already.
Older consumers seem to have very different views about privacy than the attitudes expressed recently in media stories. NWDA is very interested in conducting further quantitative research that would allow us to generalize findings across the population as a whole. While the focus group research is unique in that participants were party to interventions, it is qualitative, and can't be generalized.
Lastly, the availability of technology has allowed health care entities to connect data heretofore impossible. This connectivity allows the study of large numbers of patients, and can help providers identify costly and inappropriate care for further follow-up and intervention by health providers. It is these population-type techniques that seem to disturb the public, and often they are not up- to-date on how technology is being used to help them.
We think any solutions to protecting an individual's right to privacy needs to balance needs between persons and society to the benefit of the community at large.
Thank you very much.
MS. FRAWLEY: Thank you. John.
MR. PIKE: Thank you. I welcome the opportunity to participate in this meeting this morning. My name is John Pike. I'm the vice president of research and development for The F. Dohmen Company. The F. Dohmen Company is a regional drug wholesaler. We have distribution centers north of Milwaukee; basically, Milwaukee and Minneapolis.
We service 600 accounts six days a week. These accounts are pharmacies, hospitals, clinics, and physicians. Our role is to bring them pharmaceuticals. Basically when you look at the business, we compete a tote. A tote is a box. In the box is pharmaceuticals. If that box is half empty, we're not going to make it.
Our role is to fill the box, get the best price. If all those things are equal, then our pharmacies look for other services, which we provide. That's in the realm that we are going to talk about today, the other services which we provide. The pharmacies look to us for things like marketing programs, or private label programs, for business information so that they can manage their store and pharmacy better.
About two years ago we started on a project to create what we coined is a virtual chain. That's to get centralized information at The F. Dohmen Company, and it is patient-specific information. When we embarked on this, I immediately went to our attorney and asked him a number of questions, mostly regarding patient confidentiality. The attorney we use is in a big Milwaukee law firm. He's got an M.S. in hospital administration, and a J.D., so I figure he is a perfect individual to pose a number of questions to.
I didn't get the responses that I really thought I would get out of him. I'm used to having very exact guidance responses from him on thou shall do the following things in the proper order. I didn't get that, and over the last two years I feel like I actually have been training him, and realizing that we are breaking new ground. That there aren't a lot of regulations.
We have medical records regulations, which we pay attention to. We have pharmacy regulations, which we pay attention to. But obviously from the CVS/Giant issues that arose in February last year, there are other issues that we must pay attention.
So today I only have five overheads, and we will convert those overheads to handouts during the break. I did not bring handouts. I would like to show you what we are currently doing in the role we can currently play for the pharmacist, and our goals for this application.
As I mentioned what the basics were is we fill totes. We bring into the pharmacy, the competitive prices, and then we add other services to that. This is one of the services which we add. It's called Dot Connect. Like what we have discussed, business tends to get more complicated. The bar tends to raise, and we are providing a different service to the pharmacies.
This builds on what you learned from Carlos today and from Doug today on how prescription medication is electronically transferred. We realized if we wanted to create this virtual chain of pharmacies, to offer goods and services like a home office in a chain, that we had to have central information.
The cleanest way, the easiest way for us to do this is to get in the communications pathway, realizing that there truly are over 100 different pharmacy management systems nationwide, and that the idea of pulling information from 100 different management systems is not going to work. It's just going to be too costly, and it's going to be ineffective.
We looked at the common thread of how pharmacy management systems transmit data to the PBMs. So right now we are looking at currently the 80 percent of the prescriptions, that as Carlos mentioned, go electronically. What we did is we built an application which resides between the pharmacy and the PBM.
We are part of that couple second transmission. We only add about a half a second in there. No pharmacy has noticed any difference in their transmission times, even a pharmacy that we hooked up in Texas. So what we have done is taken this common thread and put ourselves in the switching business essentially. We made a contract with the switch. The switch looks at the information, sends it to us electronically, where we can do pre- and post-edits as the electronic transaction comes in and goes back to the pharmacist.
There are a number of things which are important that we can do for the pharmacist. I'd like to explain a few of these. But we are very concerned about patient confidentiality. When I first got into this I was concerned about patient confidentiality. Yes, we have a corporate statement regarding patient confidentiality, but it is not strong enough.
I have asked Doug Long, who is a professional in patient confidentiality at IMS; he has been kind enough to give us his information, and I'm feeding it to our attorneys. We need to have it more corporate-wide than it currently is. We also have an individual confidentiality statement for the people who are involved with this application.
The information in the middle is protected in its own server in a locked area. Only five people can possibly access it. There is no external access to the information. Then internally, we actually physically separate a patient and the prescription record. We put extra protection around the patient information. So it is difficult to get to.
We do not sell this information to anyone. As a matter of fact, the idea of selling it was completely foreign to me. I just didn't understand why it would be sold. There are things that we can do with this information to help the pharmacist manage their business better.
I had these graphs done for me yesterday, and I just have two of them. A lot has been explained by others to me about these graphs, depending on your perspective. What this is the refill rates of particular prescriptions. I chose a product called glucophage, which is for diabetes. I specifically chose a product for diabetes, because there is an awful lot of information regarding keeping the patient on their medications.
If you do not keep the patient on the medication, there are short-term consequences, i.e., they go to the emergency room, thousands of dollars are spent. If you don't keep the patient on their medications, there are long- term consequences. This is decreased feeling in your hands, losing your eyesight, losing a foot, ulcers.
There are many things that are complicated with diabetes, and there are many programs sponsored by managed care organizations for diabetes and asthma. Those are the two biggies that come up often. The reason for that is the event is very close. It's days or weeks away if the patient does not take their medications.
What we see here is very, very typical. The high point is the day that we expected the patient to come in to get their prescriptions. Anything to the left of that point, the patient is coming in early. Any day to the right of this, the patient is coming in late. For Mr. Blair, this is just a typical bell curve. We have 5.4 percent of the people to the left of seven days, and 19.6 percent of the people to the right.
So what I'm saying is I'm actually defining something in the center of plus or minus a week that is within acceptable limits. I have been told by some drug firms that this is not acceptable limits, that it has to be tighter than this.
Some things that I have learned from this, this is a typical graph. As a matter of it's so typical, this little dot -- that's Monday. Those are people are going in more on Monday to get their prescription refilled. You'll see this on another graph that I will bring out. It is a very common little blip in the graph.
What I was looking at, coming from a retail pharmacy background, was the tail. This is where the managed care organizations are focusing in on. They are focusing in on the tail; people not taking their medications correctly, and developing programs around the tail. Why? It's because the event is close by.
It has been interesting to bring this to different pharmacists. I displayed a number of these graphs at the Pharmacy Society of Wisconsin annual meeting. Things that I were learned were very interesting. One is pharmacists are not used to seeing this data at all. They just didn't realize what the problem looked like. Here is the problem.
You can look at the drug-to-drug variances. When there is a terrible side effect profile from the drug, you have a much worse refill rate. When there are no consequences to not taking the drug, it's a worse refill rate.
I wanted to point this out for diabetes, and then switch just to one other graph. This is pravachol for hyperlipidemia. What we have here is to the left, 4.5 percent of the people get their prescription eight days early or more; 17.3 percent of the people get their prescription on the eighth day or after.
I read and I hear of a 20 percent refill rate problem. That's basically what my data shows across all drugs. This is very typical. You notice the Monday point is there also.
One of the most interesting things that has occurred when I have brought this out to different pharmacists is the managed care pharmacists focus on the left front. They focus on the 4.5 percent of the people who are getting their prescriptions too early, and they say they are killing us. They are ruining our PMPM, per patient per month cost.
I have spent enough time in managed care organizations, and I have heard generally discussed, yes, it's important for diabetes and asthma. Yes, we have other programs. But when you ask the pharmacist how they are going to be evaluated during the year or during the quarter, it's their PMPM cost. Their goals are to lower their PMPM cost. The quickly way you can lower your PMPM costs are to hit the front end.
So we have 4.5 percent of the people coming in early. This is "managed" data. This goes to a PBM, which behind it is an HMO or the PBM is serving this function. Four and a half percent of the people coming in early, no one can address the tail, and this has come up. The people that can address the tail really are the pharmaceutical company and the pharmacy. They are the two that have the incentive to address the tail.
The problem that we see on this is no different from diabetes. We are dealing in hypercholesterol. What I find is no one is paying attention to any other disease states really but asthma and diabetes. Those are really the two biggies. This graph occurs over and over and over for all medications. There is a significant problem that we see of people not taking their medications.
This is the whole crux of refill reminder programs, is there is a definable group that if they are not addressed in some systematic way, educating the patient, letting them know that taking their medication is important, that there are going to be failures. These are people who have had their medications prescribed.
Once we solve this problem, it's still not over, because then we attack the patients who are not getting their prescription filled. There are a number of people who are getting their prescriptions, and not getting them filled at all. This is just the beginning of something that we can address. When we look at it, it is going to take more time, more effort, and more money to normalize these people. That's all we're looking at is bringing possibility a third of the tail into normalcy.
Since we're on-line with pharmacies, there are some things that we can do, and we have developed a few edits specifically for patient care. One of them is an informed consent edit. This edit was put in place last summer. What we have the ability to do is for patient care programs, where it is important to be able to send refill reminders to patients, to send them educational material, we actually message to the pharmacists on-line for that particular prescription to get informed consent.
The pharmacist has the patient sign an informed consent log with a yes or no. That log is then faxed to us, and we go in and physically tag that particular patient as saying, yes, they want to receive information. They want information. As a sidebar, I've gotten more comments of patients saying I signed the thing. When do I get my information? I want more information regarding my prescription drug.
But the idea with this particular edit is the pharmacist fills 150 prescriptions a day. Getting 150 informed consents is not going to work. It is just not going to happen. It's too much going on in the daily work flow for the pharmacist. If we said you only need to get 10 a day, is that okay? Yes, that was okay. So this edit was developed. We message to the pharmacist on-line saying get informed consent.
The other patient-specific message that we do have is even if we don't have informed consent, we can message to the pharmacist that the patient resides in that particular tail. That the patient is not compliant with their medications as they should be. So we can on-line message to the pharmacist.
Many pharmacy management systems do that. We reinforce that for particular drugs, that yes, this patient is not compliant. It may be worth the extra 20 seconds, the extra 30 seconds, the extra minute with that particular patient to talk to them about compliance. Maybe they forget. Maybe they're going to another pharmacy. Maybe they are on too high or too low of a dose. There are all sorts of things that can come up as that exchange between the patient and the pharmacist happens. We need to have more communication to the patient.
I brought an example of the authorization log that the patient signs, saying yes, they allow the release of the information to The F. Dohmen Company so that they can get information regarding their health and their medication. The patient signs yes or no. They can sign no. We go in and physically tag that patient saying they are not going to get any information. They do not want to receive things.
Now this is a very pure opt-in program. It happens at the pharmacy counter. The response rate has not been overwhelming for this. We're getting less than 25 percent of the people signing, meaning there is a concern at the pharmacy where the pharmacist is not following through, or the patient just refuses to sign. We are not getting the number of authorizations, which we would like to really have a more healthy program and bring more information to the patient, but that's just the way it exists.
We're going to stick with an opt-in, and a pure opt-in until things are more defined. I look to this group to help me define these. An opt-out certainly would be a more effective program, and I'm only concerned about those 20 percent of the people who fall into the tail. An opt-out would bring us more, but we are staying with a very pure opt-in.
Since we are on-line with the pharmacies, there are other things that we can do. These are really pharmacy- specific. We message on price. We built a pricing edit in the background. This is from a past experience when I was working in PBMs, where pharmacists weren't asking enough money for their prescriptions. We all know that the margins are low. Something was going on at the pharmacy management system where the pharmacist was not asking for enough money for their services.
A pricing edit was in place, and we ran it in the background for one month. An average pharmacy would have gotten 175 messages a month from us on this pricing edit. They are dealing with thousands of drugs internally at the pharmacy. Something is incorrect in their database. So we are informing them of this something. The 175 could just be a couple of drugs, that's all it could be. But we put in a pricing edit, and this brings pharmacies into the system.
The other thing we have is an on-line message based on the NDC number, which is the national drug code number. We can build any message that we want based on a particular NDC number. We're not doing this for any switches. We have no plans for doing switching programs at all.
What we are looking for is the ability to message to the pharmacist of an unavailability of the product. That package size that they are sending through may not be available the next time. We have used it for product recalls. We have an on-line tie to the pharmacist, and I do not want to use it as an advertising vehicle. It is for informational purposes only, and it better be important information, and that's regarding the patient or their business.
That covers what I had to bring to you. I will be here the entire day to answer questions as they arise.
Thank you.
MS. FRAWLEY: Mr. Zatti?
MR. ZATTI: One of the advantages of being Z is you're used to be being last.
MS. FRAWLEY: So that worked out well then.
MR. ZATTI: Always. It also gives you the opportunity to respond too.
Today I am representing the Academy of Managed Care Pharmacy, which is a national professional society dedicated to the concept and practice of pharmaceutical care in managed health care environments. The academy's mission is to promote the development and application of pharmaceutical care in order to insure appropriate health care outcomes for all individuals. Its sole purpose is to represent the views and interests of managed care pharmacy. The academy has more than 4,500 members nationally, who are part of more than 600 health care organizations that provide comprehensive coverage to millions of Americans served by managed care.
What I will do as a disclaimer in that, occasionally I will deviate from the academy's position statement, and reflect what reality is within the George Washington University Health Plan, of which I am the pharmacy director.
I could not resist my colleague here. You can't categorize, like in the past where one group does one thing, or a whole class of HMOs do one thing, one way or the other. One of the concerns -- and this is where I'm deviating -- the George Washington University Health Plan, because of the way we are configured, as are a number across the country, we're affiliated with a teaching institution, of which those of you from this area understand that we have a medical school and we are part of the medical center. We are also owned by the university, and being a not-for-profit.
One of the things that we learned a long time ago -- and I have worked for Blue Cross of North Carolina -- we looked at global budgeting. While we segment out the pharmacy budget, we also bring it back in. It is part of the health care overall cost or expense or investment, depending on what word you want to use.
One of the areas that has been of major concern to us is the fact that we are looking for clinical outcomes. In order to reach a good clinical outcome, you have to have a balance. A balance includes pharmaceuticals. Almost every time where you have a catastrophic illness or a major disease, there are so many comorbidities, that to deny in one, will just cause another one to become more -- the condition will worsen.
One of the areas that we have targeted as an HMO has been the underutilization. Because we work with a technologically advanced PBM, who have worked with us in our development of it, we have targeted underutilization. Too early is a concern, because that sometimes reflects a problem. Either they are not following the physician's directions, or they are buying for others and selling diversion.
What we have done is we have taken a look at those that are not getting it filled on time, and we have targeted the same diseases everyone else has, whether it's the diabetics, the cholesterol lowering, and the variations in the blood pressure medications. So we have made a concerted effort.
We are fortunate in this market. We have some significant players in terms of numbers of stores, and we have had the pleasure of working with CVS and Safeway in this market, as well as certain smaller chains, independent multiples, as well as independent pharmacies. They have worked with us in the process of trying to get the underutilizing patient to follow their directions.
One of the difficulties, and having been in practice for over 30 years, the reality is that you can only catch so much at the store level. There are no pharmacies that I'm aware of who also enjoy the medical records, the hospital records. That's where the HMO comes in, and that's where we can combine through the data warehousing systems and eligibility systems to at least work in conjunction to get the correct clinical outcome.
One of the items that we have done most recently has been -- and those that are physicians are familiar with SSRIs -- but for those that are not, it's prozac, is the biggest player in that class. What we have done, where we have noted a lot of usage in that category, and we started this back in November, and we have had the most response of any program that we have done, is we went ahead and put together what the patient was actually taking, and identified the physicians that were prescribing it.
One of the things that you have in an HMO is you have a primary care physician. In theory, they should know everything that is going on with that patient. The reality, that is not the case. For the female patient, they have the opportunity and option to opt in and out without a referral, the OB-GYN care. They also prescribe. They also treat.
We also have those for the mental health benefit, where frequently people opt-in and opt-out and the PCP is unaware. We have those that pay privately so that they realize they do not have coverage, or they do not want to share that information. Or they forget when they are filling out the form. Also over-the-counter medications; all of these things are all elements that we can pick up a large percentage of those, and let them know what they are getting.
One of the things that was amazing, every single prescriber was amazed at what they had personally written, and how long they had written it for. So we provided the profile. Well, pharmacies -- people travel, and in this market I would say probably everyone here has traveled from somewhere today other than the center of D.C. But when you go on vacation, Orlando, and you need your prescription filled, how are you going to know whether the pharmacy down there can fill it? It's called eligibility. Where did that come from? The information there starts with us, the HMO. That is transmitted normally through a PBM.
The PBM then, as Carlos and all of my colleagues to the left have described, the process goes. All of that has given the flexibility of health care. In the past, when you were down in Orlando and you got sick, given the price of those passes into the Disneyworld -- I didn't know for four hours it was $42. That was the group rate. But the reality is that a person may not have that extra money, especially where you have medications that run into the thousand plus category. And the good value is it's either 5, 15 or 25, or it may be 5 or 10, depending on the programs.
So all of these things, we are very concerned as a profession and as an element that is part of all of this system. One of the things, and to get back to what I was going to touch on, since that seemed to be the request, we are very concerned about confidentiality. I have samples, if someone is wanting a copy, I will be happy to make.
We take it so seriously that anyone who is employed within the health plan, any job, has to sign a confidentiality statement. They have to go through confidentiality training. We have very stringent policies.
Because we are part of the university, and we enjoy the pleasures of that, because the computer center at the university is part of the group that helps keep us strong in terms of technology, they also sign a confidentiality statement. So anybody for the "for your eyes only" group can give out a statement with confidence to anyone else that is a very restricted group that are going to take a look at patient information.
This goes to data entry people, who data enter the payment process of what the ICD-9s and CPT codes and the HCPCS codes and all of these systems. Most of those who are going to see the most critical patient-specific data are licensed health care professionals. All of us are licensed at least within one jurisdiction that we are involved in. In my case, all three.
Using myself as an example, we operate under the board of pharmacy laws. My colleagues that are physicians operate under the board of healing arts or medical boards, who have very strict regulations, none of which we want to violate, because it would deprive us of the ability to practice, which automatically we'd lose our jobs.
Our staff within who take a look at any patient- specific information are all credentialed. Credentialing is a very stringent process, described through a policy, and it is also through an NCQA overview.
All of our disease management programs that we have at the health plan are physician driven. Whoever the primary is, are the players who make up the decision-making initiation of the process. We are not unusual in that particular vein.
What we have in our particular program that we use, one of the drivers is called CIMS, Clinical Information Management System, which is the PBM system that helps us put together a process. This process allows for the physician to make the decision whether they want their patient to, depending on the program, either seek additional educational programs, to participate in programs, to sign up for programs, or to have a change in their pharmaceutical.
Or in the case where, referring back to the SSRI, where they took a look at all the drugs that they were on, realizing that a portion of them were causing the reason for the prozac, if we want to use that as an example. So there are many issues that all of this comprises, all of which we are very driven by confidentiality and security.
What do we use for technology to make sure that our systems are protected? Our pharmacy data systems, all of the exchanges and everything, are driven by NCPDP standards, the National Council of Prescription Drug Programs, of which both Roy Bussewitz and myself and I can't speak for anyone else, have been very involved for many, many years. These are an ANSI standard, if you not familiar. They are affiliated for those -- I'm sure most of you are, but just in case.
So again, we use the data warehousing. We put in all the standards, all the whistle that we can to protect. Protect from what? The hackers. Again, we are trying to prevent.
With respect to what do we also provide, and I mentioned briefly the medical pharmacy data interface. One of the things hopefully technology will bring to the plate, and this is part of the prescribing packages that were mentioned, that roughly 5 percent of prescriptions are driven off of, is that the two of them will eventually interface, so that the pharmacy will know rather than the catch-all generic statement things that cover every single indication, that we for once will be able to have the patient-specific.
I'm sure everyone here has suffered from amnesia. You're in the doctor's office. The physician take the time, has made the statement this is what you need to do, and the amnesia hits about the door knob. Here the last interface with a health care professional is usually at the pharmacy. When you're not with your regular pharmacist, for whatever reason, whether you have gone to a different store because of convenience, or you are traveling, having that ability to have that information move along with you is very critical. Any impediment to that has a potential for several consequence.
When do we send this personally identifiable information? Well, we don't sell it. We don't give it. We use it for where there is an assurance that we can do an accurate and efficient coordination of health care, and we can meet the requirements of the various state and federal agencies, and the accreditation bodies such as NCQA.
Those of you who haven't been through NCQA, trust me, they look at everything. One of the things that they look at, and when they do the assessment, when they come to us, they have to sign the same confidentiality statement that everyone else does who walks in our door to touch any of our stuff, and of our data.
NCQA looks at patient records. They take sampling, and they interview patients, members. I call them patients, because they have been treated, or are in the process of being treated, but they are our members. Is that intrusive? It is to insure quality. People say they want quality; this is one of the things that is part of the process.
In the state of Maryland they have the HCACC data submission manual, which is I don't know how many pages. Oh, it's only 60. What do they require in their file layout? I looked at this for the first time a few weeks ago. Patient identification, the number one field. Now the state of Maryland wants it encrypted. Pennsylvania, at least up through last year, did not.
So every single agency -- and I'm hopeful that this particular agency takes a hard look at it. This is by law. We have to report this. So we hope that the "for your eyes only" people are again, under the same scrutiny that we are.
The HEDIS again want to know flu shots. They want to know who got them. Breast cancer screening, we could not do that if we did not have patient-specific information that we could disseminate and go back out to the patient. So all of these things, and there are others -- I just happened to take those as examples -- there are other agencies that require and expect.
Also Medicaid; we are right here, not too far away. We're in D.C. The D.C. Medicaid has some very specific requirements in reporting. They want to know what the patients are doing, and their compliance rates, and they want certain programs to hit at those patients. All of these things affect the patient confidentiality, and it requires a lot of effort. HCFA has a 416 report. So here's another report that again, you're talking about data and data collection that is individual.
Wherever possible, we encrypt. We, as a health plan, do not use the social security number. We have a unique identifier for every member. The decision was made many years ago, because of the fact that there was some concern about the use of social security number. And again, the advantage of being a health plan owned by a university, who also happens to have a law school, has been very beneficial, because we get additional opinions, sometimes solicited.
The other areas with drug interactions, duplicate therapies, inappropriate therapies, we do the same as many other organizations. We do a lot of aggregate information. That is part of rebate programs, which is no secret to anyone. And other contractual obligations for individual clients, where they want aggregate information.
One of the questions that I presume has crossed at least someone's mind, what do employers want? Well, we have a policy that we just not going to give that out, unless you have at least 100 employees. that's the absolute minimum, with a normal distribution age-sex distribution. Most of the time they have to be an employer much larger than that, several hundred, in order to do that, because if you have let's say an all male organization with two female employees, well, wowee, we can tell exactly what they are getting, if as an executive you wanted to take a look at what people are getting.
And vice versa; it could be the other mix. Or if you have a lot of old people, and just a few young, or a few young and a few old. I'm like you, I'm not really old. I've just gotten more mature. I'm not getting older, I'm maturing out.
With respect to any of the other areas, both the PBMs and ourselves have all kinds of reporting requirements, and in some states, in some organizations, the PBMs are obligated to also report data to various state agencies, for those organizations where all of the pharmacy benefit is in fact controlled by those organizations.
So you also have licensing criteria that also go into place. We are seeing various states where they have mandated and requiring credentialing of the PBM staff, and licensing by the PBM for specific activities such as utilization management and all.
So again, there are a lot of blocks, a lot of barriers that are already in existence, and the need for more just make it more difficult. As my colleague, John next to me referred to the plan about opt-in versus opt-out, opt-in are a disaster. We had the same challenges. Trying to get people to get something that we pay for, that they are paying for indirectly or directly through their health benefit is a major undertaking, and a major challenge.
You get 25 percent, you feel really well that day, because you feel that you have been successful. We can't even give away glucometers free, just to give you an idea. All you have to do is call an 800 number for our members, and we're not the only ones. I have heard this from my colleagues around the country. It's the same problem. It sits there for the diabetic to call at no cost.
States in this jurisdiction have made a mandate for coverage for all the supplies. When we went back, and again, the patient information, the data is so important. We went back, took a look at those that got the glucometers. They filled a few supplies, and have fallen off the wagon, and haven't got any of the supplies since.
That tells us a variety of things, one of which is compliance. This is where hopefully down the road we will have more and more pharmacies able to participate in programs to get that compliance. But we are also notifying the physician.
The pre-authorization process; physicians will request a drug that is not on the formulary, saying that they have had treatment failure. We look at the system. What does the system tell us? They never got the previous four drugs the doctor had written for filled. What's to say number five will in fact get filled?
So we go back to the physician and let them know this. It shocks every one. I have yet to have a physician that was aware of what was going on in their prescription drug filling. Again, it gets back to utilization.
We target our resources. We are a relatively small health plan. But when I was working at Blue Cross in North Carolina, a very large health plan, we had the same problem. We had limited resources. We have to target the sickest patients, or those that we're trying to put wellness programs out to, the newborns, the pregnant mother. All of these things require focused activity. What does that all get down to? Patient confidential information. Again, it's the need to know basis that we focus in on.
A mandate go into place for opt-in. Opt-out works better. If you are going to go that route of putting in more restrictions, please don't put the opt-in as a mandate, because the patients that unintentionally avoiding programs are the ones who are going to suffer. We have found in the programs that were an opt-out, once they have participated, they scream very loud when that program has been discontinued, and we have several examples at our health plan, and I have heard from my colleagues in other health plans.
Just to try to summarize, we are trying to work within the constraints. We have put a lot of restrictions on our members to sign documents. All of our disease management programs have statements for them to sign, as well as their physician to initiate. We try to put in all the safeguards. Like so many others, we do not sell information.
Now all of you have what our position paper as the Academy of Managed Care Pharmacy has, this document here. I tried to avoid reading it and following it to a T, because everyone here can read it, and in the interest of time.
Thank you very much for the opportunity to speak to you today.
MS. FRAWLEY: Great, thank you very much. We appreciate all the presentations. I really am very grateful all of our panelists were able to join us. We had to change the schedule a little bit, so before we open it to questions, I just want to find out, will most of our panelists be able to join us after the lunch break? Great. We were originally planning to have an afternoon panel, and we had to kind of reconfigure our schedule.
Certainly just before start questions, I want to thank Gail for all of her hard work, because she really did a yeoman's job over the last month of putting this together.
I would like to open it for questions, but I have to take the prerogative of the chair to ask a question on behalf of John Fanning, whom many of you may know. He works for the Department of Health and Human Services here at the Humphrey Building, and works as a privacy advocate. John unfortunately could not join us today, but he did send me an e-mail message.
Carlos, you touched on it a little bit, and it's our favorite hot button, the whole issue of law enforcement access. Typically, any of the discussions we have had as a subcommittee over the last couple of years, no matter what the issue is, we always kind of come around to this issue of law enforcement access.
There is a real concern in terms of consumers that someone could walk into the local pharmacy and obtain information. I just wanted to get some input from the panelists about how real is that problem in terms of what law enforcement officials are looking for in terms of searching for information. You kind of referenced it, and John did ask that we kind of get a little bit more insight into that issue.
MR. ORTIZ: It does vary considerably by state. I can tell you that in fairness to the law enforcement officials, it's usually pursuant to some active case that they are pursuing. But there are some times when they are just fishing, and that happens somewhat more -- it doesn't happen as often as it used to, but it still does happen, where they are accessing.
Often it's where they are investigating a physician. Unfortunately, the physician's patients get caught up. Now some of those patients may in fact be doctor shopping patients who have some sort of problem. Sometimes they are the innocent victims of an indiscriminate prescribing perhaps on the part of a physician.
I identified a state, Ohio, where I think it's especially problematic, and that law has been upheld by the Ohio Supreme Court, because it was challenged. It was challenged very rigorously about four or five years ago.
The other one is the DEA, which does come in on a routine basis nationwide and look at prescription files, and they have the authority to do that. Where it's a pharmacy, they also have the authority to look at our files. But they usually don't come in unless they are really pursuing a specific situation.
MS. FRAWLEY: Anyone else want to comment on that?
MR. ZATTI: As a pharmacist, also having had various inspectors come in over the years, again, it varies in jurisdictions, state by state, and actually certain areas, cities. The realities are that it's incumbent upon the pharmacist who is there, unless it's a board of pharmacy, but I'm talking about a local jurisdiction situation, where you may have a city police or a county sheriff's office or whatever, depending on the situation, most of the time I have requested, tell me who you are looking for, what doctor.
I really try to keep it as confidential as possible, because once you open up that draw for every single prescription that is out there, most people have pretty good memories. It's amazing how many people in a community, that you can recognize the name. It would be very problematic if it got out that I'll call them the innocents, the ones who had the prescription next to the doctor that is being looked at, as they thumb through.
I think it's incumbent upon all of us to make sure there is somebody with that individual, whoever it is, looking at the prescriptions. There should be at least a professional staff person there. It's very, very difficult.
MS. FRAWLEY: Bob?
MR. GELLMAN: I have some other questions, but let me follow-up on this. For those of you who are running pharmacy programs, when you get a request from a law enforcement agency to see a record, either by subpoena or otherwise, do you notify the patient that you have received that request?
MR. ORTIZ: I can tell you that often these are handled at the store level, not necessarily at the corporate level. I would venture to say that it's infrequent.
MR. GELLMAN: You have no company policy on this?
MR. ORTIZ: The company policy is that yes, if a - - we know that certain individuals have a right to look at the records by law. That's statutorily allowed in certain jurisdictions. Having said that, if they present us with a subpoena, we will usually comply with that subpoena separate from those that were statutorily authorized to access.
MR. GELLMAN: Dr. Zatti?
MR. ZATTI: Frequently, most of us at the district office, or if you are working within a corporate entity, you let them know that the inspectors are there.
MR. GELLMAN: You let who know?
MR. ZATTI: The district office or the regional office, whatever the company is. You let them know that the inspectors are in the store. So if they want to refer it to corporate headquarters or whatever, they can do so.
MR. GELLMAN: My next question is when you get one of these requests or subpoenas, and somebody gets to see or walk off with a copy of a patient record, do you keep a record of which specific patient records they took?
MR. ORTIZ: Absolutely. They have to leave a receipt for any records that they take.
MR. GELLMAN: And in what way is that receipt maintained?
MR. ORTIZ: It is usually maintained the prescription file for the prescription, or it's at the store level in an alphabetical sequence if they took -- but usually when they take records, they don't necessarily take a printout. They sometimes do take a printout. They actually take hard copies of prescriptions, and they have to leave receipts in the prescription file of that hard copy prescription.
MR. GELLMAN: Can I go on to another topic? Does anyone else want to follow-up on this?
MS. FRAWLEY: I don't know if there is any follow- up on the law enforcement piece. Sure.
MR. GELLMAN: I want to make a couple of comments and let people respond. I'm just going to pick, just for fun, the CVS statement. One of the pages here says, "CVS did not sell patient names to a database marketing company." Well, I assume that's true. I don't find that to be a very meaningful statement.
The worst junk mailers in the world, list brokers, do not sell names. This is not the way direct marketing is done. Nobody sells names. People rent names and make them available for use. There are all kinds of arrangements here. No one sells names. So to stand up and say we don't sell names is not a very meaningful statement. It may not be fair to yourselves to describe what you are not doing, but it's not very meaningful to stand up and say, we don't sell names.
Secondly, you didn't sell names to a database marketing company. Is Alensis a database marketing company?
MR. ORTIZ: Alensis is a database marketing company. That's the way they describe themselves.
MR. GELLMAN: So you did give names to a database marketing company?
MR. ORTIZ: We gave names and addresses only. No patient-specific information with regard to prescription records.
MR. GELLMAN: How did they know what to do with those names?
MR. ORTIZ: As I stated before, they did mailings. What they did was data scrubbing for duplicate names, et cetera, because we didn't have a mail fulfillment house. What they did is they had separate employees stuff a letter. One employee stuffed a letter into an envelope. That was then married by a second employee with regard to patient specific name and address only.
MR. GELLMAN: How did they know what letter send?
MR. ORTIZ: Those letters were boxed according to CVS Letter A, CVS Letter B, goes with this diskette of patient names and addresses, CVS Letter C goes with this diskette of patient names and addresses.
MR. GELLMAN: And the letters were different?
MR. ORTIZ: Yes, they were different programs.
MR. GELLMAN: Another thing that I find disingenuous about what you say here is you didn't release patient profiles. That's not a meaningful term. I don't know what a patient profile is. Name and address is a patient profile. When you marry that with the fact that you are sending Letter A, B, and C to the patient, that can be a patient profile.
If you are saying you didn't disclose every scrap of information you have about people to Alensis, that's very nice. Saying you didn't disclose patient profiles is not really being very descriptive. You're not dealing with defined terms here.
You said that you did not provide patient-specific information to the manufacturers. I'm sure that is true, but you did allow the manufacturers the use of this information. Is that fair?
MR. ORTIZ: The manufacturers did not use the information. The manufacturers covered the cost of the mailing, yes. We, CVS, used the information to communicate with our patients.
MR. GELLMAN: Did you make a profit? Did you receive any money?
MR. ORTIZ: No, we made no profit. We covered the cost of the mailing used by the manufacturer. Did we make a profit because perhaps we filled more prescriptions? Yes, but that's what we're in the business of doing is filling prescriptions.
MR. GELLMAN: Did you approach the manufacturers or did they approach you?
MR. ORTIZ: It usually is they approach us.
MR. GELLMAN: And another comment on your statement. You said you didn't breach patient confidentiality. I think that in fact the record shows that that is not what patients think. I think you have your own experience here that it's very nice to say that we didn't do this, but patients heard about this, and they were outraged. This is not the first time that this has happened with respect to the use of personal records.
We've got one going on right now you may have seen in The Washington Post with respect to the sale of photos by state motor vehicle departments. People found out about this, and they were outraged by it. You've got politicians and companies running like mad, because in fact people think you did breach their confidentiality.
One the reasons that you may have trouble getting cooperation from patients for some of these opt-in programs may be that they don't trust you.
MR. STRECK: Another very important question is did the patients benefit by being reminded that they were not complying with the drugs that they were on?
MR. ORTIZ: We certainly think. Yes, I agree with you. The patients' perception was that we breached their confidentiality. We could not get past that perception. I stress the fact that that was a perception, not a reality. We could not get past that, and that's why we have put the programs on hold. We have discontinued the programs, and to date they are still discontinued.
Unfortunately, what Mr. Streck said is that unfortunately the patients are the ones who benefitted from this, and they are not receiving that benefit now.
MR. GELLMAN: So you're saying that the patients don't know what is good for them, and that you do, and that's why you want to have an opt-out program, rather than an opt-in?
MR. ORTIZ: We believe that certain times there are certain patients who will benefit from the programs, and that an opt-out program gives the best chance of reaching those patients that will benefit, and would not necessarily opt in. We're not doing either right now.
MR. GELLMAN: Why can't you convince patients of that? Why is it so impossible to convince patients?
MR. ORTIZ: It takes a lot of time, and it takes a lot of time at the pharmacy counter that is just, as I stated before, just not available to do at that pharmacy counter given the conditions of the marketplace today.
MR. GELLMAN: Patients would benefit from taking more of the drugs that they are prescribed. Do you want to hold them down and force the drugs down their throats?
MR. ORTIZ: No, that is clearly not where I am.
MR. ZATTI: Back in 1972, in Memphis when I was in practice there, we started taking a look at our refill record in terms of our patients. We were seeing that people were not complying very well, even back in 1972. What we did manually, because nobody was computerized in those days, manually we wrote out a little postcard and said we have noted that you have not had your whatever prescription.
Most patients were shocked that they heard from the pharmacy, that anybody gave a hoot. There were also those cases where we saw that a patient was in fact not taking the right medication. They were taking a duplicate situation. This is before profiles in the new definition of every single drug all on a nice neat record, which you can get electronically. Because of that, we probably saved on an average month, at least one person's life.
Now can we afford not to use patient-confidential information to save one life? How much is that worth? Now, it is true that this program was discontinued by CVS, and Giant I believe they were the other one who was brought out in the article. All I have to say, and this is a personal observation, nothing to do with the academy or the university, I would hate to be the editor or the writer of that article knowing there was a possibility of one person's life not being saved for not getting that patient compliance information to them in a timely fashion. I would not look in the mirror and feel very good about it.
So that's the issue. On occasion you have to trade something. Compliance, I think, is a very worthy and worthwhile effort. If it means that I have to give up, for me personally, just a little bit of confidentiality, which is as controlled as humanly possible, then hey, knowing that somebody in my neighborhood survived because of that, then I feel good about it. I would hate to be on the other side of that issue.
MR. GELLMAN: Let me make two comments about that. One is people don't like this. People don't like what was done, and people aren't going to tolerate it. So what you are doing, whether you think it helps patients are not, clearly doesn't. I mean the response of Giant and CVS to patient concerns was to get out of the business, because they couldn't stand the heat. Patients didn't like it.
Secondly, I can turn your statement around, and based on what Dr. Ortiz said, and you can explain all of this to patients, but you don't want to spend the time. You don't want to spend the money to explain this to patients one-on-one when you have an absolute opportunity, and the best opportunity in a face-to-face environment, to tell patients that filling prescriptions and taking drugs will benefit them.
You don't do it, because it's not cost effective for you guys to do it. So I can turn it around and say you guys could save one life or a lot of lives by exercising, and you don't do it.
MR. ZATTI: Do a variety of different things. You are generalizing, because an awful lot of patients were very happy with the program, such as that back in the seventies, and I'm sure they are still happy with those programs that are being conducted still in the United States, because of the fact that reminders are nice. Ticklers are nice. People like that, not everyone, but to generalize and say people don't like something is just not fair to anybody's program.
MR. GELLMAN: Well, me just say that I actually don't have any disagreement with the basis for these programs, the notion that reminding people and whatever -- I don't disagree with that. The question is whether people want this done. For people that do, and I think it's very interesting that the statistics that have been quoted are the 20-25 percent of people opt-in.
If you look at other polling and other analyses, you discover that 20-25 percent of the people are called privacy indifferent. They are not really concerned about privacy at all, and whether the numbers match up or not, the coincidence here. The rest of the people fall in the category of either people who are very concerned about privacy, or people who want to know what's in it for them. They are willing to deal, depending on how they perceive things.
Just on the raw numbers here, what you're getting is anyone with a concern about privacy is not participating in these programs. If these programs are beneficial to patients, and I think that there is a case to be made, the answer is make that case to patients; don't just stuff it down their throats.
MS. FRAWLEY: We need to stay on our schedule, I'll let you respond, but then I have to kind of close out.
MR. BUSSEWITZ: Right. I don't think you can really equate opt-out with forcing medication down the patient's throat. In an opt-out situation, the patient would have the opportunity to call an 800 number and say I don't want to be part of this program. They have a chance to send back a self-stamped envelope that says I don't want to be part of the program. It's not forcing the medication down the patient's throat.
MR. GELLMAN: I agree that my characterization of that was a bit unfair.
MR. ORTIZ: Can I just say one very brief thing? The last time I checked with our people in customer relations, and I don't work in customer relations, we did not have one complaint from someone who had actually received the mailing. The complaints came from people who perceived that there was a problem as a result of the article in The Washington Post, not from people who had actually received mailings.
MS. FRAWLEY: We're going to continue, so don't feel like this is going to be your last chance to say anything. But we do need to take a lunch break.
So we're going to reconvene at 1:40 p.m.
[Whereupon, the meeting was recessed for lunch at 12:40 p.m., to reconvene at 1:40 p.m.]
MS. FRAWLEY: Richard, I know you might have some questions.
DR. HARDING: Following-up on the kind of thing that you brought up, we have had a number of people come and testify over the last year and a half, one of which was a group of occupational nurses who felt that they were under a great deal of pressure from employers to relay information about employees and their medical condition, not necessarily related to their medical condition, but to their employability and to their performance. Why is he out every Wednesday afternoon and so forth, and they had a lot of conflict with that, and mentioned that to us.
I wondered in the same sense -- the issue was addressed by Dr. Zatti, I think, when you have same groups of individuals that are easily identifiable. Do you have concerns or things that you feel that it would be helpful for us to know about, about the use of identifiable data given to employers? Identifiable, not the gross databases and so forth, but identifiable information?
How often does that come up? Is it brought up just in terms of cost? Can of course the possibility be used for other issues of discrimination and so forth? That's certainly one of our concerns. I just wondered if you had thought about that over the lunch period?
MR. ORTIZ: One of the things that I mentioned in mine that we hadn't even thought about were the small employers. Clearly, with the large employers, where we are sending it off to PAID(?) or PCS or some large PBM, but these were the small employers who had contracted with a local CVS. To be honest, we just hadn't thought about it until we convened the privacy and confidentiality subcommittee as a result of some of the activity, and we started vetting or looking at every program. That's where it came up about the small employers who had opened up house charges. We clearly felt that that was just inappropriate.
With regard to our PBM, and we do have a PBM called PharmaCare, I don't know what they share with their clients, with the employers. I just don't know. I can tell you that they only have access to CVS information for PharmaCare covered recipients. They don't have access to anybody else's information. We send them information, just like we send it to PAID or PCS when we send them a claim.
So they have that information, but what happens after that, I just don't know, Dr. Harding. I'm sorry, I just don't know.
MR. ZATTI: I have used several different PBMs in my tenure. We have had PCS, not here at George Washington, but at North Carolina. We have had PCS, which is one of the largest, if not the largest. We've had First Health out of Richmond, and Advanced Paradigm out of Baltimore, and PharmaCare.
We had put in all of our contracts right up front, and I presume others have done the same thing, is all data is controlled by us in terms of being disseminated outside. In other words, they cannot generate for any of our membership, any reports to an individual employer, or even to an individual unless it comes through us, so that we have a watch oversight of it.
DR. HARDING: "Us" meaning GW?
MR. ZATTI: When it was Blue Cross, Blue Cross, and in this case, George Washington University. We are very protective of that data, that information. It isn't theirs. It's ours. It belongs to the member indirectly or directly. We just aren't going to do it. We put very strict locks on it.
Now if they want to say we filled a gazillion million prescriptions for -- well, since I brought it up earlier, prozac, well, fine. You can say you filled a million gazillion processed claims. That's fine, but nothing that would even come close to going back to either a region or to a specific member.
MR. STRECK: I'll take a little bit different tact. As an employer, I have no right to see what my employees are taking in terms of medication, nor do I have a right to know what medical conditions they have. I don't feel I have that right. That's their private right to know, and to take of themselves.
But I think that in the future as we do this weighing process, the good to society, as well as the good of the patient, that I will have a right in the future to have a program that will assure that patients take care of themselves, or pay accordingly. In other words, if I have employees who are diabetics, but decide they don't wan to comply, decide they don't want to take care of themselves, or have children, but still want to be insured through our program, the rest of the employees have a right I think as a result, to not have to pay additional money for someone who refuses to take of themselves.
It's not stuffing medications down their throats. It's not forcing them to see a physician. It's simply making each of us have our individual responsibility. If we choose to do whatever we choose to do, we have to pay accordingly. You can't burden society, I don't believe anyway. I think we are moving in that direction slowly as a society.
It seems to me that as you look at what recommendations you want to make, you have to take that into consideration. It's very futuristic, and it's very important.
DR. HARDING: Just one follow-up. The come back would be that a president of a company would say I pay the bill, and I want to know what's going on in my company. Certainly that has come up a number of times here. I want to know if there is a person who is taking us down with costs and so forth. That's information that maybe I can use in a beneficial way, but I want to know it. That's a real bind.
MR. STRECK: I'm not paying the bill, I'm competing for that employee versus other companies who can hire that same employee. If I offer a program, than it's to compete, to get the best employees.
MR. ZATTI: Quoting a legislator in Maine, a few years ago I attended a hearing. This legislator, who will never see 70 again, let's put it that way, and very mature. The reality was he said, you know, I'm running for reelection. There is a young person who is coming along, who wants to unseat me. Do I want him to know what I'm taking so it will be on the eleven o'clock news? The answer is no.
Well, taking that same analogy to an employer who says I want to know what everybody is doing, do you want all the employees and the stockholders to know what you are doing and where you are in terms of health? Are you fit to run the company? So the right to know can really go across many, many lines. If it's a privately held company, maybe, but maybe the family doesn't even know what you are doing in terms of medication. So there is a lot of this crossover.
MR. GELLMAN: I have a few more questions. Let me address this to Roy, although others may want to talk. We haven't heard enough from you, Roy. I assume that NACDS reports opt-out for these patient notice programs?
MR. BUSSEWITZ: That's, correct, yes.
MR. GELLMAN: I want to ask about the Jeffords bill. This is from the last Congress. It's S-1921. I'm going to read you a little piece from Section 202F. This is the section that deals with authorizations for disclosure. Basically what it says is authorizations for disclosure of protected health information for treatment, payment, and health care operations shall not authorize the use of such information by an individual with the intent to sell, transfer, or use protected health information for commercial advantage.
Commercial advantage is not defined in the bill. The question is, are these patient notice programs covered by this section? This an opt-in requirement.
MR. BUSSEWITZ: Right. When we looked at that, we had the same question you did, Bob. How do you define commercial advantage? There are some people I think that believe that it is not right for health care providers to make any money whatsoever on patient care. What we like to think about compliance programs, disease management programs is yes, we're going to make money on it. The patient's health care is going to improve. The payer is going to save money, and the manufacturer is probably going to make more money if the patient is taking the medication as the doctor prescribed. So we are concerned that, yes, the programs would get caught up in that lack of defined word.
MR. GELLMAN: It seems to me that this language came expressly in response to the O'Hara story in The Post, because the bill was coming down the pike. It was about to be introduced, the story hit, and they pulled it back, and this is the language that appeared. So I don't know what it means either, but that seems to be what the intent. You can look at it and say, well, that covers us, in which case you don't like it. Or it doesn't cover you, in which case the burden is on Jeffords to find language that does, and I don't know what the answer is. You may not either.
MR. BUSSEWITZ: We would certainly like to suggest language. We fully support informed consent, and a single authorization that would cover treatment of the patient, payment for that treatment, and also a third category of programs that would take into consideration the disease management compliance programs. Those are programs that would improve the quality of care and/or reduce health care costs.
Up to this point in time I think a lot of public policy people have uttered the mantra, we want to improve quality of care. We want to reduce health care costs, and I think pharmacy has come up with programs now that do both of those things. So what we are looking for is to have an opt- in situation apply to us, which will have a change of enrolling more patients into that program.
Again, what we're really getting at here is saying, hey patient, if you want to opt out, we're giving you every chance. In the letter I know that Carlos used, the last third of the letter had all to do with the opt-out. If you want to opt-out, call this 800 number. Send in this self-addressed card. They make it very, very easy to opt- out. I don't think the distinction between that and the opt-in is all that great from a technical perspective.
What we are trying to do is say look patient, if you start down the road of these compliance programs, and you really see firsthand the value of the programs, you're not going to opt-out, and we've seen this statistically. Folks just don't opt out of them, because they see the real value.
You asked the question before, and it's certainly a very valid question, why don't pharmacists spend more time trying to describe the program to the patient? The hypothetical situation, you do try to describe it the best you can, but it doesn't substitute for really involving that patient in the program, so they can see the value themselves. Again, the patients that come to our pharmacies want to take that prescription and get out of the pharmacy as quickly as possible.
So opt-in is very, very difficult. We're missing a lot of people. Again, what I'm totally supportive of is informed consent, and that ability for the patient to opt- out. I think health care providers -- I know there are a number of physicians on the panel here -- have been accused of being paternalistic for a long period of time. I think we all suffer from some of that, certainly.
But opt-out is just the opposite of that, because it's right front of them. You can opt-out by doing two things. You make it easy. You've got it right there in front of them. So it's not being paternalistic whatsoever.
MR. STRECK: The Jeffords bill would cover medical care as well, physician care?
MR. GELLMAN: Yes.
MR. STRECK: It seems to me, just speaking personally, when I go to my dentist, I fill out a card. I address a card to myself so they can send it to me six months later to remind me to come back. Or for my child when she was younger, I would receive a notice from my pediatrician that it was time for immunizations. That's not commercial, that is real care.
It seems to me that compliance is also real care. If there is even the possibility that that would be read to include that those activities would be commercial activities, then I think you would want to have language that would exclude those kinds of reminders.
MR. GELLMAN: Do you think that there is some use of medical information for commercial advantage or for marketing that is inappropriate?
MR. STRECK: For commercial advantage that is inappropriate?
MR. GELLMAN: Well, for marketing. I don't know what the right term is here. I'm struggling with the definition the same way you are. I don't know what it means.
MR. STRECK: Yes, I think there is.
MR. GELLMAN: What? Got any ideas?
MR. STRECK: It just seems to me that if you take a patient's private information, that there will be occasions when it could be used commercially in a very inappropriate way. An AIDS patient receiving a catalogue of other services, because not everyone knows that they are an AIDS patient. I think there are occasions when you have got to assure that privacy.
MR. GELLMAN: Somebody else have a comment? I'll move on to another question.
MR. ZATTI: Just to pick up on what Roy was talking about, one of the difficulties, and I'm sure you've probably experienced it yourself when you pick a prescription up at the pharmacy. True, most people want to get the heck out of Dodge or CVS or whatever. The reality is you want to leave. Frequently, when do we pick those up? Noontime, very busy; evening, very busy. You really don't want to talk to anybody at that moment.
What a lot of chains, as well as independents, as well as HMOs and PBMs have done, they have contracted as an option, for patients to call a number. One example of that, and one of the most successful in this country is 1-800-call your pharmacy or ask the pharmacist out of Chapel Hill, North Carolina. They have over 100 pharmacists and nurses and all on contract, again, signing confidentiality statements.
I'll use an example of what we are doing. We have an asthma program. People get their medications or whatever. They get home and they're not sure how to use it, they have an 800 number to call. They initiate the call 24 hours a day. There is a health care professional at the other end. They are home. They've got privacy. They've got time, and they are not limited to two seconds, 20 minutes, 30 minutes. It's until they are satisfied.
They are under the same conditions, whatever the contract is, on patient confidentiality. Nobody gets that information other than back and forth. Now there are going to be occasions where they may want to sign up for a program where that goes back, that information saying patient so and so going back to their physician has made the call to get the counseling. There could be something like that.
But the bottom line is that it's on the patient's time and their privacy, and there are other opportunities, and they are under a contract, and yes, they are covered under those contracts. Again, patient confidentiality. It's a great service. You can't get it all done sometimes at the pharmacy, especially if you've got a child that is very sick and is tugging, crying, and all of that. I don't care who the parent is, you don't remember.
So these are some other options that are out there that people use. They can opt-in or opt-out as a benefit, but it's covered under their benefit.
MR. BUSSEWITZ: I've got one quick follow-up on that too. On the commercial advantage, a community retail pharmacy, as you know, is a very, very competitive business. There is no way in the world that a chain pharmacy or an independent pharmacy for that matter, is going to purposefully create information policies that irritate their patients, get their patients really mad, so that the patient then goes to a competitor.
MR. STRECK: At least not on purpose.
MR. BUSSEWITZ: Absolutely not on purpose. I will bet you any amount of money CVS didn't expect to get the kind of response that they got from that program either. So again, I think it's what is good for the patient -- it's that old cliche, what's good for the patient, is good for business. I really believe it, and you have to do things that are good for the patient, otherwise they aren't coming back. They are going somewhere else.
MR. PIKE: Extending those comments from the pharmacist to the physician also, there have been a number of opportunities for me to do switch programs. There have been incentives to do switch programs. We haven't done any switch programs at all. We have walked away from them.
I use a key group of retail pharmacists. Most of these pharmacies are in a rural setting. They also do not want to harm the physician-pharmacist relationship at all. When they see these kind of incentives, they say we don't want them. We don't want to deal with them. That is not our role. We must protect this relationship with the patient, and with the physician. So it goes beyond the patient too.
DR. BRAITHWAITE: We have heard a fair amount about what happens to a patient's information now as it goes through the process of filling a prescription, and getting a claim for that prescription adjudicated. And then what might be done with it afterwards.
As you heard Bob read the law, the question has come up where and when and how do you cross the boundary between health care treatment, payment for that treatment, and what is called health care operations? Because we don't really know what that means, or at least I don't.
Can you describe from your perspective in this process of information moving, where you think it crosses the boundary from treatment and payment into what might be labeled health care operations?
MR. ORTIZ: I don't know the answer to that question.
MR. BUSSEWITZ: I think I mentioned earlier that we supported that single authorization for payment and treatment. The administrative information that would see to fall within that area would be that information which is necessary to perform those functions of treatment and payment. That's why again, I suggested a third category to fall under that as well, and that is being the programs that would improve quality of care, and reduce health care costs.
So we didn't have to get into a line drawing situation, now is this really treatment, or is this something else? But if we create another category, I think it's much easier to draw the line. I still think there is going to be some line drawing, but I think it's the administrative information that is necessary to perform those functions.
MR. GELLMAN: Can I follow-up on that, Roy? I thought from what you said before that you see that third category as allowing for a patient opt-out of that third category. Is that your position?
MR. BUSSEWITZ: Patients I think can opt-out of anything, Bob. If they want to opt-out of any treatment, they certainly don't have to go along with their physician's suggestions and operations or prescriptions or anything. They always have the right to say no, I don't want to participate.
MR. GELLMAN: Well, I don't want to pursue this, because it's a little bit off point, but the Jeffords bill doesn't provide that. The Jeffords bill says you have to sign an authorization for treatment, payment, and health care operations. You can't change it. You can't opt-out, and if you do, you can be refused treatment or insurance. So NACDS doesn't support that?
MR. BUSSEWITZ: I would have to take another real close read of that. I don't have it in front of me. I was focusing on the provision that you mentioned specifically, and I could talk to that from the top of my head, but I would really have to read the words.
MR. GELLMAN: Fair enough.
MS. FRAWLEY: Jeff or Simon, do you have any questions?
MR. BLAIR: Opt-out and opt-in, could somebody please give me definitions for those?
MR. ORTIZ: I agree with Doug I think who said he didn't really like the term opt-out or opt-in, because those are really more marketing terms than they are legal terms. Probably informed consent is a better legal term.
Opt-out is where the patient has a right to drop out of a program, and has to take -- the action occurs after some sort of information has already been disseminated to the patient. Opt-in is prior to sending any sort of information to the patient, they have to actively authorize you to send them any sort of information.
MR. LONG: Another way to look at it is that opt- in is an active enrollment, and opt-out is an active disenrollment.
MR. GELLMAN: The two, opt-in and opt-out are not the only ways. For example in many cases, you have no choice at all. There is no option. Information is used in the health care system and without, without your consent, without your knowledge, and there is nothing you can do about it. You got to a doctor with a reportable disease, he will report it to the public health authority. There is no choice.
Another formulation which doesn't directly apply necessarily in this context, not unless we think about it some more. It may come at some point in the future is neither opt-in nor opt-out, but opt. This is clearer in the context of the Internet. You come to a screen and you want to get onto a Website. You are given choices, we can use your information, we cannot use it. You can have any kind of choice you want, but you can't get beyond that screen until you have picked one.
So it is a way of essentially not having a default, the default either being we can use it or we can't, but forcing people to do it, and that doesn't work. It works neatly in the context of the Internet, where people are at a screen and if they want to go further, they make a choice or they away. It doesn't work so well in a pharmacy for all the reasons everybody talked about. But those are other options for structuring default rules.
MR. BUSSEWITZ: There was some bill language around last year, maybe even the year before that came out after The Washington Post article, and basically said that pharmacies would have to obtain the written authorization from a patient every time that patient wanted that pharmacy or pharmacist to fill a prescription.
Now there again it's a problem, because whoever is drafting that legislation or staff person didn't realize that a lot of times a patient doesn't even come in. Refill requests by the patients are often done over the phone, and that wouldn't be allowed.
I did a very simple calculation and found out that if in fact that provision in that draft privacy bill on the Hill would have gone into effect, it would have generated in four pharmacies in total a pile high of paper 60 miles high of authorization forms. Well, when they heard that, they removed the provision, because they realized we are now putting more of a burden on the consumer, on the patient, than we are on the pharmacies. They wanted to hit us, because again of the misreporting and the react that that got, but in fact, they are really hurting the patients.
I think if they make opt-out too difficult, they are going to be hurting the patients again, because not as many are going to enroll in those programs.
DR. DETMER: Another spin on this was in Minnesota on research where initially they said the patient had to sign approval, but then they came back and said, well, they should sign approval, but if you make every good effort to try and reach them and can't, you can assume that they did sign. So it's another kind of spin on how do you try to cope with all these options.
MR. GELLMAN: Can I change the subject? Several of you talked about the need for preemption. I think you make a reasonable case. Preemption is a complicated issue. It's not a black and white issue, it's not an all or none issue, but I think you guys made a good case.
What I want to ask is you talked about preemption in terms of confidentiality rules, privacy rules. I wonder if you favor preemption of all state pharmacy regulations as well?
MR. ORTIZ: Well, first of all, the federal government doesn't not engage in the regulation of the practice of pharmacy. Would we like to see some consistency in the state pharmacy? Yes. Is there a model act that we support? Yes. Do I think that there is a role for the federal government to preempt all the state pharmacy laws? No.
MR. GELLMAN: I'm not pushing the idea, but I'm just wondering why preemption in one area -- I assumed you would say something like that. Why preemption for this one issue, federal preemption is so important, whereas nothing else matters?
MR. ORTIZ: Well, it's not that. It's that the federal government has been charged, and is actively engaging in drafting a federal law. If the same sort of activity with regard to a pharmacy practice act, we would support federal preemption on the pharmacy practice act too.
DR. HARDING: I have one for Mr. Long. In your testimony I listened carefully, and several times you said the following. The data that was to be sent to IMS you said should be mostly anonymous. What is the mostly? What are those exceptions?
MR. LONG: Let me make this distinction; 99.9 percent of the work that we do is anonymized data. We do have one refill reminder program that we started operating that we started operating with the American Pharmacy Alliance. That is an opt-in program. So 99.9 percent of anonymized data, we don't see it. We don't want it. But consistent with our philosophy is that we decided that in the environment in Washington, the right thing to do was to run an opt-in program for that. People enroll instead of disenroll. So thank you for allowing me to clear up that misunderstanding.
DR. HARDING: For Roy, you mentioned that no pharmacist wants to get in the way between the pharmacist- client relationship, or nobody wants to mess with that. That's a very important part of the pharmacist's survivability, especially in small areas.
But the question comes up to, who is the pharmacist's customer? Is it the patient, client? Or is the company? Who is the primary allegiance to, especially in a small area? You can say you can go from CVS to Saveco here and jump around, but if you're in a small community, that pharmacist may be more interested in making the CEO of the company happy than that patient. That would be kind of a bind I think for confidentiality.
MR. BUSSEWITZ: Well, I haven't filled a prescription since 1978, and we have people on the panel who have probably filled one certainly more recently than that. But I can tell you this, when I was filling them, the only thing I saw when I took that prescription, was the patients. Maybe it's five years of pharmacy school, now it's six, but you come out totally patient-focused.
MR. ORTIZ: We clearly make a distinction between the patient/customer and the payer. We realize that the payer is someone other than the patient. Our responsibility is to the patient, not necessarily to the payer.
MR. ZATTI: Looking at it from the HMO perspective, if we did not have the pharmacies putting the patient or member first, we wouldn't want them. It's just bottom line, if they are not taking care of the patient, they are part of the health care, they've got to take care of it. True, there are economics and everything else, but they better take care of the patient.
DR. HARDING: But their PMPM better come down too.
MR. ZATTI: That's all governed by physicians anyway. Just kidding.
MR. STRECK: It seems to me that the patient always has to come first. That's been one of our issues. What we are seeing as we discuss the privacy of information is the integration of data. It's even more critical. As long as we see one another in this business as one is a customer, and another is a seller, or whatever you want to call them. Until we all focus on that patient, we will continue to be silos of physicians and nurses and hospitals and pharmacies.
As long as we are silos, we'll never integrate the data the way it ought to be integrated that would truly benefit the patient in the very best of ways. I think part of this very discussion is we still are silos. I just think it's so critical. You look at other countries, and some of them are far behind us, and it will take years, maybe even generations to change.
I think we made huge progress from when I first graduated from pharmacy school, and what I could say to a patient, to today, what can be done. All the professions benefit from it. I don't think there is harm to any one profession when that patient is taken care of better than they have ever been taken care of before.
MR. PIKE: I just kind of wanted to continue with that too, and it shows the frustration within pharmacy. Pharmacists, as part of OBRA-90 are required to give patient counseling to Medicaid patients. Which means in your pharmacy there is a patient there, and there may be two or three or four or five people lined up behind them. You are required to speak to that patient. In a lot of cases it's not a very confidential area. There is a lot of activity. There is a lot of discussion that goes around, and other people can hear. But we are required to give the patients consultation at the pharmacy.
State boards then take it and say, well, you really have to do it with everyone. Everyone who comes into your pharmacy, you should counsel. So we're giving information, and that's good. I do question the privacy within the pharmacy.
But one of the frustrations that comes in is we can provide other information, health state information, material about the drugs that they are currently taking. A lot of general information can go out to the patient, and is that considered okay today? You can't use the pharmacy database to send a letter to the patient without their informed consent, but I'm required to talk to that patient in the store.
So there is this dichotomy. The pharmacists are confused. They don't know which way to go with this. To default on patient care is the best way to go. It's better patient care to give them more information. We're just looking for the proper avenue and channels to do that.
MS. FRAWLEY: I just want to follow-up on that, because I was going to ask Carlos this at some point, only because he happens to be the store that I shop at. There is this thing called consultation logs. I'm one of the 13 percent that use cash, so I have never been asked to sign this. But it says, yes, I want to speak to a pharmacist, no, I don't want to speak to a pharmacist.
What I see people being asked to do is sign this log. There is like a peel off from the prescription that goes into the log. I can't for the life of me figure out what the purpose is. But then I realize, I can stand there and read everyone's name. I don't know what prescription they are taking, but it goes back to what John was just saying. There is like really no good place to have any of these discussions in any of these stores.
What is the purpose of that consultation log, or is that just a D.C. requirement?
MR. ORTIZ: No, it's not. Basically, all of the patient counseling logs say that the pharmacy must document refusals. That's what it says. That's in every state pharmacy practice act that I'm familiar with. It doesn't say how the pharmacy has to document the refusal on the offer to counsel.
The law in most states is very clear. With the exception of a couple of states, the law requires that on every new prescription you must receive an offer to counsel. We have designated that that offer is made by, do you have any questions for the pharmacist about your prescription? Now that doesn't obviate the entire pharmacist's obligation.
Obviously, if they see an important issue that they feel they have to discuss with the patient, whether the patient wants to discuss it with them or not, they must make that extra step. By the way, you can't drink any wine with this, because this is a MOI inhibitor; no red wine or cheese with this, because it's going to cause a major problem if you do that. Any pharmacist who doesn't go that extra step I think is not exercising good professional standards.
You have to understand one thing that Mr. Zatti said earlier, which is that everybody is in a hurry. The most commonly asked question we have in our pharmacies is how long will this take? Not, what is this for? Not, how much does this cost? How long will this take? Everybody is in such a rush that we have to get beyond that somehow.
We really do have to document, and that's what the purpose is. We are changing that counseling log, because it only offers two columns, and the center one is for third party insurance, which constitutes 87 percent of our patients now. We're going to let the patient choose which side they sign, or if they don't sign, they don't have to, because it's going to be three columns.
The center will be for insurance, and we have to document that we actually delivered the prescription to the patient, because we get audited by third party insurance, and what documentation do you have that Roy Bussewitz actually received the prescription that you are billing me for? Well, that's the signature log.
Now we're going to have two columns on either side of the third party insurance that says, yes, I do want to speak to the pharmacist about my medication, or no, I don't want to speak to the pharmacist. They will not have to sign that if they don't want to, but we would like to, because we have to document somehow that they refused.
MS. FRAWLEY: I have just never seen anybody check yes, and I'm always wondering, does anybody ever check that? All I ever see is a string of nos.
MR. LONG: Rarely do they check yes. You want counseling, and you're refusing your right to counseling. If you look at the stickers, they are predominantly in the right column.
MR. BUSSEWITZ: Another thing that certainly motivates the pharmacist to speak to the patient, and it obviously goes along with providing that information that is necessary to optimize the patient's health care, but you also are concerned about legal liability if you are a pharmacist if you don't tell them something that you should have told them.
Pharmacists certainly are getting sued more frequently these days, and that pressure is always there. I know the physicians around the table here are certainly aware of malpractice, but it's permeating all of health care really. So that's another driving factor. Not only morally and professionally are you obligated, but legally you are required to as well.
MS. FRAWLEY: Kathleen is now able to join us, and let me first introduce her. Kathleen Fyffe from the Health Insurance Association of America, who is one of our subcommittee members. I know, Kathleen, you wanted to jump in.
MS. FYFFE: I have come in, in the middle of the conversation, but I have two questions for any of you guys. I know of two circumstances under which the patient will not get counseling. That is through mail order. You get something written. You get a written document along with the prescription, and the other is the military pharmacies. You will get the bottle, without anything else; maybe a sticker on it, but that's it. Are we concerned about that? Do we need to be concerned about either one of those circumstances, or was that already extensively discussed earlier?
MS. FRAWLEY: Not at all.
MR. STRECK: What you mean is oral counseling, right?
MS. FYFFE: Right.
MR. STRECK: Because even with mail order you receive counseling.
MS. FYFFE: Okay, so you can have written counseling?
MR. STRECK: You can have written counseling. You can have an 800 number. Most of the ones I know of have that. There is counseling there, I believe.
MS. FYFFE: So counseling is not defined as just verbal counseling?
MR. STRECK: I don't believe so.
MR. ZATTI: Most states wherever the mail order house is located, mail service pharmacy is located, they have to follow at least that state's requirements. That's their minimum. You have states, and I'll use the example of North Carolina, that anyone sending anything into the state of North Carolina, they have to have at least one pharmacist who is in fact licensed in that state, so there is the hook that you follow that state's law. So you have those carryovers.
Again, it's a business competition that is out there, that has put the pressure on that says, hey, I may be mail order, and again, it's an opt-in/opt-out, but if you want further information besides what comes with the package, you can call back, or they have someone who will follow-up if it's a serious medication.
But the presumption is most of the mail service facilities, it's a maintenance drug. You've been on it for some period of time. Most mail order pharmacies want you to have had at least one or two months, or most health plans want you to have one or two month's worth at the local level, to make sure that the pharmaceutical is in fact working. You should have had at least initial counseling through either the physician or the local pharmacy. This is the maintenance component.
MR. ORTIZ: We have a very small mail order operation, and a very large community pharmacy operation. We would rather have the people come into our pharmacies any day. In fairness to the mail order operations, every state pharmacy act that I'm familiar with, and I'm familiar with quite a few of them, says that if you deliver a predominant portion of your business via the mail, you must offer an 800 toll free number that must be distributed to the patient with the medication in order for them to be able to access and talk to a pharmacist. There must be a toll free number.
MR. LONG: I think it's safe to say that if you think back maybe five or ten years ago, when you picked up a prescription, all you got was the bottle. They may have had a sticker on it here and there of what to take it with. I think virtually every prescription today comes with a lot more patient information than how to take it; what is contraindicated and so forth, both on the community pharmacy side and also on the mail service side. A number of pharmacies are also, in addition to the mail service pharmacies are offering 800 numbers.
MS. FYFFE: But Department of Defense military pharmacies is?
MR. LONG: I'm not familiar with the Department of Defense.
MR. ZATTI: It may be facility-specific, because I know a number of the VA hospitals, and they do have opportunity for counseling. I don't if it's every facility. It may be facility-specific, whether they were designed for it or not.
DR. BRAITHWAITE: This is for Doug, but others of you might be able to chime in here. IMS has gone to great length to make sure that most of the data that they have is anonymous data. This committee has looked at this problem from the other direction, that is, what is identifiable data, as opposed to anonymous data. How do you draw that line?
It was made clear to us that if you have any information about the patient at all, including just a birth date and an idea of where they live, that's not anonymous anymore, because of the availability of public use files like driver's license files and so on. You can very easily match a high, high proportion of people, given very little information about them.
In fact, I was at a conference last week where identifiability is a statistical problem. It's a probability. Any information is identifiable. It's just how probable is it that you can identify an individual given that information? Do you have any advice for us in that perspective of how IMS defines what anonymous is versus identifiable?
MR. LONG: First of all, let me take the second part of what you asked, which is if you notice the second tenet of what we are talking about, after we talk about anonymized data, is a prohibition against reverse engineering. Realistically, we were probably in an era and with the technology with the way that it is, there probably is nothing that can created that couldn't be broken if you had the desire to break it.
What you have to ask yourself is what's practical. I would say in the vast majority of cases, people I know in the health care industry would not take the time, or consider it ethical to kind of reverse engineer, to try to back into identifiable patient information.
So I think that we're dealing with the exceptions rather than the rules. So I think reverse engineering is very important. It's not enough to say well, we're for anonymous information, because you can match that anonymous information up with social security records, department of motor vehicles. You have seen the same statistics that I have. You can get pretty good matches. The big question is would you ever want to do that? I would say that most of the time, that it wouldn't.
In terms of the advice I would give on what makes data patient identifiable versus what makes it anonymous is that I was pointing out the initial experiences that we had with what we wanted was a longitudinal patient tracker, to track a unique individual, but not by name, just to follow the treatment patterns. Most people in medical records want to do that. They are not as interested in who that person is. They just want to know it's a unique individual.
So that's when we said we want to make sure that we audit what we're getting in terms of what's in that number. What number do they come up with? We don't want a social security number. We don't want a phone number. We saw some combinations of taking the four digits of somebody's last name and putting them together with another number. We didn't want that either. So we really audited the input.
The third step was just to make sure that nothing snuck by in the databases that we had, there was no provision for those ever to be included in the database, because there is no space for a social security number, telephone number, a name, an address, or so forth. So I think you've really got to be very careful what you are getting on the front end, because you may be getting data that inadvertently you are not supposed to get.
Now you can't educate enough. We went back to all the data suppliers, and it was just a few. We talked to them, and said this is not what you want to be doing at all. If you have it encrypted, just make sure if you're the entity, don't have the key to that. Better off that the CVS has it, better off that a neutral, third party has it. You don't want to have it in your shop, that somebody could match up column A versus column B to give you the information on column C.
So that would be the word of wisdom that I would give. I think it's important when I say you can't educate enough, you can't communicate enough, is that why information, whatever it is, has to be handled with great sensitivity. Particularly in the atmosphere when the press likes to get hold of all the abuses of health care information, and there are a few. Unfortunately, I don't think it has been balanced with all the many positive aspects of the advancement of health.
There is a seminal study which was done by Lyle Boutman(?) out of the University of Arizona back four years ago when the pharmaceutical dollar volume in the United States was $75 billion. Dr. Boutman looked at just the retail segment, and he looked at all the side effects of pharmaceuticals, wrong dosage forms and all that other stuff. He came up with the statistic of $1 billion of health care dollars were spent on the side effects and misuse of the prescription drugs. It represented something like 20 percent of all the hospitalizations.
So when I say trying to balance the advancement of health, because I am a big believe that the best dollar you can spend in health care is the pharmaceutical dollar. You only have to look at some of the charts on the wall on the other side about what's the AIDS death rate, which is a third of what it was before with the advent of pharmaceuticals.
So it's a balance, and I can't stress enough you have to put the safeguards and procedures in place to make sure the data is handled with confidentiality and privacy.
MR. GELLMAN: Kathleen, could I follow-up on this point? Before I do, in the interest of disclosure let me say that I have done some work for IMS, but I have a hard question anyway.
On this issue of what's identifiable, a lot of the data that you have, under probably anybody's definition, is wholly nonidentifiable. There is the lowest probability, however you want to characterize it. But you do have some of this data that has an encrypted identifier. You don't know who it is, only the provider does.
Now we're into sort of the gray area where we don't have any clear definitions of from your perspective this is not identifiable, from somebody else's perspective it might be. So we don't know how to characterize these things, because we don't have precise language to talk about that.
The Europeans face the same kinds of issues, and interestingly they take different approaches in Europe. Here, this kind of information that you don't have the capability of identifying the people on your own. All you have is basically a random number. I think most people here would probably call that at least toward the nonidentifiable end of the range.
In Europe though, at least in France, I am told that they think that kind of data is still identifiable. If there is any connection anywhere, even though you have to go through a third party or what have you to unencrypt something, kind whoever has the key, and whatever. I'm just wondering. You guys have operations in Europe. Do you have any experience in dealing with this kind of identifiability question there, and whether you've got different experiences in different countries in terms of what requirements are imposed on you?
MR. LONG: Well, it's true that we operate in 90 countries, so you can rest assured that we have to deal with the laws and regulations of each of those countries. I would say to you, Bob, that I'm not the expert on how we operate with the European Union directive. I can tell you that we're in compliance of it, but I would be more than happy to find out and pass it on to the group or however you would like to do that.
MS. FRAWLEY: One of the things when we close this session is any follow-up information, we certainly would appreciate, if there were things today that we didn't get out on the record.
MR. LONG: Generally, the Europeans are much more strict on patient confidentiality or individual confidentiality than we are here in the United States, and have been since their histories started.
MS. FRAWLEY: I know Jim has a question.
MR. SCANLON: My question has already been sort of introduced. The idea of the European Union, several of you mentioned the European Union and the privacy directive that went into effect this past October. Are there any lessons to be learned from the European Union in terms of the opt- in/opt-out kinds of procedures?
The privacy directive in Europe applies to all sorts of commercial activities, financial information, banking, credit, insurance, as well as medical and pharmacy data. In general, I guess the approach is for relatively less sensitive, it's more or less of an opt-out approach. It varies by country obviously. Sensitive data and medical data generally be concerned to be sensitive. It's generally an opt-in kind of a procedure.
Have you had any experience? Obviously, it works presumably. Have you had any experience, or are there any lessons to be learned from that?
MR. LONG: I would just like to make a comment on that, Jim, which is that you have to look at how the health care systems are organized in the European countries versus the way they are organized in North America. Predominantly, the model over in Europe is a national health care type of system, not the free enterprise type of model that we have in the United States.
So from the inception, they are kind of fundamentally different, because the payer of health care is the government in the case of Europe and Germany and so forth.
MR. BLAIR: Which person on the panel mentioned that they comply with ANCI and NCPDP?
MR. ZATTI: I did, John Zatti.
MR. BLAIR: When I think of NCPDP message format standards, I think of them as a message format, message communication standard. When you mentioned it, you wound up indicating that that would enable or facility data security. So you probably are aware of some characteristics or attributes of NCPDP that support or enable data security. Could you educate us on the panel, so that we sort of understand what that might be?
MR. ZATTI: Work Group 11, which patient confidentiality and security of information, and the communications between the pharmacy and the patient and all of that basically falls under Work Group 11. I know they have addressed a myriad of changes and all to protect as much possible. Roy, maybe you can add a little bit more to it. They have been meeting on that now for years.
MR. BUSSEWITZ: Right. I think the major point is that virtually all of the pharmacy transactions go over closed networks. They were talking about the direct connections between the pharmacy and the payer or the PBM, or the switches. The pharmacy would send and it would be switched to the PBM or the individual acting as a payer.
That's all done within a closed system versus over the Internet. I don't believe any of that is going over the Internet now, and of course there are folks who are looking at that, and believe that encryption would be necessary for those kind of communications over the Internet. So I think the way they looked at that, and they said we don't see anything that isn't happening outside of a closed network.
DR. COHN: Ron, I was actually very impressed with the study that your group did. Obviously, one of the key points you mentioned that, and I quote, "Older consumers do fear insurance companies and employer use of data." I am well aware that you only surveyed older people, so I presume that probably most consumers have some concerns about this.
I would ask the panel just generally, as you look at the information flow, pharmacy data really beyond pharmacy and perhaps even beyond benefits companies. Are there any areas that you would find of concern, or you would point that the subcommittee needs to be aware of or delve into in relationship to this sort of data potentially going either in inappropriate ways to either insurance companies or employers that we should be looking at?
I know Carlos, you mentioned mom and pop operations in small towns, but I would wonder from your knowledge of how the information goes, do you have other thoughts or ideas?
MR. PIKE: I have one, because you should pay attention to the switches, because they do retain data. I am unaware of ever a problem. As a matter of fact, the discussions I have had with the switching companies, I felt that things work right. That's they do things correctly. That they protect patient confidentiality. That they do not release it.
But it is a central point. It's for navigating transactions from one pharmacy to a central database. I know enough that they do retain information. As part of to get to the switch, and to get to the PBM there is a transaction path. I don't have the knowledge to understand the security regarding that transaction path, but as we are sending this information on a closed network, it is just characters and numbers.
If you look at it, you could string it out, and you could see my name, John Pike, right in that, no doubt it, and my birth date and the NDC number, and the quantity, and the days supply. All of that information is in a long string of characters and numbers that is being transmitted.
DR. HARDING: Is a switch the same thing as a VAN, a value added network?
MR. PIKE: I don't think so. I've hear the term "VAN" a number of times.
MR. LONG: I relate a switch more akin to the Postal Service. It's just moving the mail around the system.
MS. FYFFE: It's a telecommunications term.
MR. PIKE: Or for our sales at the wholesaling, I say the switch acts like a wholesaler. Each pharmacy could send transactions to 80 different PBMs. The amount of work and communication, it's not worth it. It's just so much easier for everybody to send it down one pipe, like it is for them to get most of their orders from one central location. It's just so much easier, and they are willing to pay just a bit of a premium for that.
DR. COHN: I think it's like a clearinghouse.
DR. HARDING: It's formats and bundles before sending it on?
MR. PIKE: It does retain. They have to do billing. They bill entities. There is information there. But it is mirrored off of the ATM system. I can get $20 right now, and I really don't know how it works, but I bet you a phone line is involved, and my bank is involved, and there is a switch.
DR. HARDING: If I were the industry, I would switch switch, because it's a loaded word that is floating around all the time.
I do have one other question. Bob early on, when he started just before lunch, was firing out a number of things. One of the things that he mentioned that I'd like to just ask you as a group is the issue of trust, and how we go about helping that issue with legislation or whatever it is that is going to come up, regulations?
There is right now kind of a low level of trust in the system, however, outside of the system in the alternative medicine, you can't make people not take medicines. We're talking about people not complying with medications within the system, and they are going outside and taking unbelievable things that have absolutely no basis in anything, but they are taking, and they are compliant to the health food store, and so forth.
What do we have to learn from that that might be helpful in the future as we think about system? Is the fact that that's anonymous, and there is no possibility of discrimination one of the issues for the alternative medicine people? What does that have to teach us about what systems we are setting up for the future? It's just a thought I had.
MR. ORTIZ: Bob and I had some discussions during the lunch break. I think part of the reason that the alternative medicine has such good compliance is that it is very difficult to get people to do what they don't want to do, whether it's fasten a seat belt, or whether it's to take medication. Yes, there is a role for parental type behavior. We have state laws that mandate seat belts in many states, whether people want to use them or not.
However, if you can get patient buy in to whatever you are trying to do, whether it's alternative medicine or compliance programs, or taking the medication properly, that's how you get compliance. You inform them. There is a role for education that has to happen whenever that opportunity presents itself in order to get the patient buy in. I think that's where alternative medicine has been so successful. The people that are using it, bought into it, and they believe in it.
MR. LONG: It's interesting, because to play devil's advocate for a moment, and I've certainly been to the General Nutrition store and got the St. John's wort and gingkoba and echineasia(?), whatever. We all seem to have a quest for better health or we're missing something in our life that we think something word of mouth, the new thing. You want to try the new thing.
But there is no prescription there, so you never know whether people are going back to get their refills. So I've got a full bottle of St. John's wort, with maybe two capsules out of it, and I've got a full bottle of this. So I'm not going to be back to the General Nutrition store anytime soon.
So there is this thing about how do we know that they are really compliant? At the end of the day, it's the newest gimmick, and we all seem to like the newest thing. But I think that we do -- I would be very critical of the pharmaceutical industry. I don't think the pharmaceutical business, I would say pharmaceutical manufacturers, retailers, everybody in it have done a good enough job of educating the consumer on the value of pharmaceuticals, and why they help save health care costs, why they do this and do that.
It hasn't been very well articulated. We hear the negative side of the whole equation, and I don't think there has been enough on the positive side of the equation, and there are many positive stories, as I have indicated, with AIDS and so forth. So somewhere we've got to get why it's in people's best interests to be compliant to their medication, why is it so important.
We found that in the initial studies on compliance, one-third of the people are basically compliant, one-third of the people will never be compliant, so what people are trying to influence is the third in between that have the potential of being compliant. How do you treat those three distinct groups?
MR. ORTIZ: I think the other thing is that prescription drugs, and I have been wracking my brain trying to think of another one, is the only consumer purchase other than the consumer determines the need. A prescriber is determining the need for that individual. With alternative medicines, they are determining the need when they buy it. With a TV, with a wheelbarrow, with anything else, it's the only consumer purchase that I know of where someone else is determining you have to take this, or you have to buy this.
MR. LONG: And somebody else pays for it.
MR. ZATTI: But you know the other part to it though is in most plans there is a co-pay, so the patient is still having to outlay money. You think about it, of all the things you want to buy, is a prescription drug anything you want to buy? I'd much rather buy a car with that money or pay for gas so I can go someplace. So when you look in your expendable income, this is infringing on it, and you are not happy.
You look at that alternative medicine. You have selected to in lieu of a movie or something else. You have made a choice, and it gets back to what Carlos and such have stated down there at that end. The reality is that you really don't want to come to visit us, but you "have to" if you're going to continue to feel well or get well. If you are in pain, you have to go. Nobody likes to have to do anything. I don't think you can legislate trust. I don't think you can regulate trust. Trust has to be earned.
MR. STRECK: Perhaps that's our most important job in the future as the allied professions, and that is to create that trust in patients. I am more and more convinced that patients have begun to rely on alternative medicines like herbal medicines, because they haven't been satisfied by their own professionals.
As a result, it is tedious, it's difficult for them to get in for an office visit. It's expensive for them to get a prescription, and they are not sure that they want to go through that process each and every time. As a result, they will take something else, an alternative, and you'll probably see them much sicker in the future than they used to come in to you.
Where are we going to go with that? It just seems to me we have to create as a profession, the pharmacy profession, the medical profession, the nursing profession, the trust in that patient that we really are there for them. It seems to me we are in a system right now as I said before, of silos. A system where everything is reimbursable by someone else, and it's never reimbursable at the rate we normally charge, so we are always behind the eight ball.
We've got to see two more patients than we did last month, because an insurance company, or because HCFA or someone else has decided that they are not going to reimburse us at our normal charges. Each time we have to fill another 100 prescriptions in that store for that week, takes away from the time that we can truly provide, give to that patient, to take care of that patient.
That patient I'm sure feels, well, they're just there for the business, but we are all driven to that. It's nothing we can solve here, but boy, it seems to me it is so much deeper than just a mere privacy issue.
MS. FRAWLEY: I have Walter, Bob, and Don still have questions. Still we probably need to wrap this up in about another 7-8 minutes, because the subcommittee still has about another hour's worth of work that we need to do, totally unrelated to this discussion. I think we could go on for a couple of hours.
Roy, whatever point you wanted to make.
MR. BUSSEWITZ: Two very quick points. On the alternative medication, I think it's going to be just something else that the pharmacist is going to have an opportunity to talk to the patient about, because now they are finding already that some of this alternative medicine interacts very unfavorably with some of the prescription medications. So that's another reason again, to try to obtain as much patient information as you can, so you can use it to optimize the patient's health care.
Another point about the trust, I believe this is the tenth year an a row that pharmacists have been found to be the most trusted professional, and that isn't just health care professional, but professional period. That's more trusted than the clergy, by the way. For some of you who are quite close to Capitol Hill, I believe the congressmen and senators were on the other end of that spectrum.
MR. STONE: I want to direct this to John Pike. I was very interested in your bell shaped curve, and the tail end. Just help me out. How do you get that information? How do you process that information without using individual identifiers? The reason I asked is because it seems it would be valuable to get that information back to the providers or the plans, and let them know who is not on the tail end, doing what they are supposed to do. Which would seem to me would be more expensive in the long run, than those people on the front end.
MR. PIKE: When data is transmitted, the first key that is retained is there is a patient ID number that is retained in the system. We make sure that we can track that number by -- let's go back. Actually, when I said the patients reside over here and the prescriptions reside over here, we physically separated the two in our system. When the patient names reside over here, they are assigned a unique number. That unique number is just a random number that the computer assigns and puts in there.
We verify this number by other data that is sent. We make sure that this is a random number that we use. That random number is then linked with the prescription data, and that's how we were able to do that. Within the sorting, there is a day's supply and a quantity that is sent. We are assuming, and for most pharmaceuticals it is a relevant day's supply in quantity. Some products don't work very well, like aerosols, inhalers. It's supposed to last 15 days, 20 days. You end up with poor data that needs to be normalized.
Essentially, we take what the pharmacist has submitted as a day's supply. When it comes through, we count that as day one, or the first day. If it's a 30 day supply, we count out 30 days. We expect that patient to come in on that day, 30 days later. We build those bell curves off of where the patient comes in for the next refill. So where that unique number then hits again, were they a couple of days early? Were they a couple of days late? That's where the bell curve comes out of.
MR. STONE: But you don't have the ability to identify a person by name in this. You strip that out, and they just have an ID, is that right?
MR. PIKE: That is correct. We do have patient names though.
MR. STONE: And at some point you can marry that name back over to that unique identifier?
MR. PIKE: I personally could, and my programmer personally could.
MR. STONE: You do not use this information to go back to the provider and make them aware it's a marketing tool only?
MR. PIKE: Currently, we are not doing that. I find it very interesting, but as I had mentioned, I don't want to go to deaf ears too. I know how important PMPM is for this, the per patient per month cost. I know that I'm looking at increasing the per patient per month cost. I know the pharmacist wants to play a role in it. I know the drug company wants to play a role in it.
Yes, we do have the patient identified data internally, but it is separated within the system. One of the important things for me to attend to here is I need to understand where it is all going, because if there's a point where it says shouldn't even have it, I get rid of it. I get rid of all the patient information, and I only keep the ones who have said, yes, it's okay.
So I'm taking your leads on this, and I'm following what others have done. I know the switches have the information. I'm real careful with it.
MR. STONE: We are talking about in the millions of identifiers?
MR. PIKE: I've got over 1 million prescriptions in the database, yes; less patients than that.
MR. ZATTI: As part of the ongoing process of disease management programs, as well as we talked about earlier the edits of the over- and underutilitization and such, being mindful that we have set up our program to work through their physician. So as part of the process, we, the HMO, have taken that data sort that comes from our PBM, and we get back with the physician.
Because if he or she who is responsible overall for their health care, doesn't know that they are not getting it filled but one time, or they are noncompliant, we get that information back to the physician. Then it's the decision by the physician. We even provide them with a letter. We draft it up and the physician only has to sign it, with the patient-specific information like, you haven't gotten your prescription refilled in six months. Why aren't you taking your medicine?
He can alter it and do whatever he wants, but at least he has a template that identifies with the address, so it makes it easier. All they have to do is put it in a window envelope, if they so desire. Has that increased the pharmaceutical cost? Maybe. The main thing is that we are noticing our hospital days are in better shape. Is that part of it? Is it an attribute? Well, we've had a whole year that we've been trying this out.
We are in the process of compiling the data to see if we have cut down on some of the ERs in asthma and some of the others. We haven't gone that far yet, but we are hopeful that there is a correlation. That's what I talked about earlier about global budgeting. Yes, we know what the pharmacy component is. Yes, we know what the hospital component is, but it's the overall picture that we have to look at.
The silos are going to kill us. You can call pharmacy a cost center. You can call a hospital a cost center, but together they are a health care investment. How much do you want to invest? The idea is to stabilize it. I would like to see it go the other direction, but we've also got to be realistic. At this point I haven't seen anybody take a cut in pay.
DR. DETMER: Actually, Roy stole my thunder, but it was related back to Richard's comment. I have a lot here. I have appreciated this very much from each of you. It was basically as much distrust as there. Pharmacists got more than anyone else in most all the polls that I've seen. So you're doing some things right at least.
MS. FRAWLEY: Any other questions? Well, I really thank all the panelists. They certainly extended far beyond what we were anticipating, but I think it's been very, very useful for the subcommittee. We certainly encourage you that if you have any additional information that you want to submit to us, please feel free to do so. We thank you for your participation today.
For the subcommittee members, please don't disappear too far. For the audience, we're concluding this part. The subcommittee is going into a working session that we're going to be talking about our work plan for the next couple of months, and also working on a draft letter that we are going to be sending to the National Association of Insurance Commissioners, highlighting some concerns with their model legislative act.
So that's what we are going to be doing in the next hour. Then obviously, the Work Group on Computer-based Patient Records starts at four, so we need to finish our work.
So anyone in the audience and any of our panelists are welcome to stay, but I just want to give people a programming note. For the subcommittee members, a quick break is in order. We can start again in 10 minutes.
[Brief recess.]
MS. FRAWLEY: Just so you know what you are getting right now, there was an article in The Washington Post last September. It's not the February article that was referenced in the testimony earlier this morning. This article is, "Plans' Access to Pharmacy Data Raises Privacy Issue."
One of the reasons I thought it was helpful was because it has some information about the PBMs. There is also a flow chart in the article that kind of lays out some of the information flow. I didn't want to color any of your thoughts, so I didn't give it to you before the meeting this morning.
The current issue of the AMA News had an article that I also photocopied for you which is called, "Rx for Cost Containment. Pharmacy benefit management firms are not always welcomed at the doctors' offices." And again, talking about the PBMs, kind of what is going on in the industry there.
I bring that to you, because we were not able to get any PBMs to come forward to meet with us today. So I just wanted to make sure we had some information from that segment of the industry. So that's just for your information.
What we need to do -- I just want to lay out what we need to do, because we're really under time pressure, because half of us have to stay for a 4-6 o'clock meeting. What we need to do today is look at the draft of the letter that we're going to be presenting to the full committee to the NAIC. We also need to talk a little bit about follow-up from what we heard today.
We also need just to talk about our work plan, because there are a couple of items on our work plan that we need to just get a sense of what people's availability. I know the Work Group on Computer-based Patient Records, our time line for some of those activities is pretty aggressive, and we've got a number of things here we need to do.
So that's what I want to get done in the next 45 minutes.
MS. FYFFE: I've got an important question. You say we were not able to get any PBMs to testify. Are they going to submit written testimony?
MS. FRAWLEY: We couldn't even get them to respond.
MS. HORLICK: I actually contacted three. Two of the three majors one it was message after message, not even a return call. The third one I sent scads of information to two different parties, what we wanted, who was coming, what areas they would touch on. Then they said, well, we really can't provide an expert on such short notice.
MS. FRAWLEY: So this newspaper article in The Washington Post is just background for all of us.
MS. FYFFE: It's background, but it's the only written background we have.
MS. FRAWLEY: We can talk about that, because I still think that's a piece of information that we are still missing. That was kind of the reason why we were asking some of the questions of this audience. One of the things that we are concerned about is that that's a big chunk. We're just not sure what happens out there.
MS. HORLICK: I would say that there was a gentleman in the audience who came up to me from PharmaCare that CVS uses, and he said, well, we would have gotten someone.
[Remarks made off the record.]
MS. FRAWLEY: We can try again to extend invitations to the PBMs. I want to just let the subcommittee that both Gail and I personally, between my secretary locating phone numbers and contact people, and making phone calls and sending e-mail messages, we were not able to get anyone. Certainly the individual who was here from CVS indicated that their PBM would be happy, PharmaCare, to provide information. But if you look at the information that I gave you, they are not of the larger PBMs.
MS. FYFFE: To the extent that we have to submit some sort of written report, will we state that we think there is a hole here, which is the PBM, and explain that?
MS. FRAWLEY: Yes.
MS. FYFFE: Just as sort of place holder for some point in the future.
MS. FRAWLEY: What we need to do is just talk about next steps in terms of what we heard today. Would people like us to go back out and try and get these PBMs in?
[Several subcommittee members answer in the affirmative.]
MS. FRAWLEY: I have no problem with that. I actually had a thought as to how we could approach this. We talked about this in our conference call in January. The two pieces we are still struggling with is the PBM piece. The other piece is the use of health information by employers. I actually identified three organizations that I thought it would be good to hear from in terms of employer use of health information. It was actually some things that Kathleen had mentioned on our last call.
The three groups that I came up was the Self- Insurance Institute of America, the APPWP, which is the Association of Private Pension and Welfare Plans. Then there is ERIC, which represents the ARISA groups. I thought that that could be an interesting panel, to have them come and really talk about employer use of health information. Then I thought we could still try another panel on the PBM. So that actually would flow.
So I guess the next question is in terms of timing, because we're not scheduled -- our next committee meeting is in June. Certainly, we can schedule another meeting between now and June, but I just don't know in terms of people's availability, what that is going to be like. Keeping in mind we have other commitments on other subcommittees.
I just need people to think about whether they would be willing to commit a day, because we are talking about a day on this.
DR. HARDING: I would.
MS. FRAWLEY: Kathleen, do you feel comfortable committing a day to that topic?
MS. FYFFE: Yes.
MS. FRAWLEY: Jeff?
MR. BLAIR: Certainly.
MS. FRAWLEY: Simon?
DR. COHN: Yes.
MS. FRAWLEY: Bob?
MR. GELLMAN: Yes.
MS. FRAWLEY: Don, we'll send you a note to England probably. I'm not sure you'll be with us at that point.
What we can do then, I know people don't have their calendars or whatever, so what we'll do is we will follow-up and try and figure out what availability looks like. I do think it's an important piece, because to me it's kind of that hole that is out there, and that we just have not kind of closed on.
What we would like to try and do then is within the next two months, get another day set up where we can address PBM. I think the important thing will be at least we can say we have had this meeting today. We still need input from the PBMs. We think it's important before making any recommendations to the secretary. If they don't choose to respond, at least we can say well, we tried twice.
DR. COHN: This is such a gigantic area, we may want to leave the door open if we want to schedule more panels. I don't know if we want to just have a one day, or a two day session or a day and a half. Certainly, there are probably insurers and other health care providers, and we may want to ask if they have concerns in this area, as well as the AMA may want to testify or other groups. Just to understand if there are other concerns by others in the overall health care industry.
MS. FRAWLEY: Jeff?
MR. BLAIR: As I often do, piggy-backing on Simon's comment, could I suggest that one of the witnesses that we might call on that might be my former employer, IBM, because I know that there were a number of things that they did explicitly to protect the privacy of their employees, even though they were employing third party administrators to provide health care. They really had thought through how you protect the privacy of employees.
I think that would be useful for us, especially if they were one of the early folks to testify, since they voluntarily set up those criteria, to see how others might compare as to whether they were as diligent in protecting the privacy of medical records of their employees.
MS. FRAWLEY: Absolutely. What we'll do is what we did for this meeting. We'll circulate out an e-mail with any suggestions, so the more recommendations, the better.
MR. GELLMAN: Let me throw another idea on the table that is related. There is one area here that really hasn't gotten very much attention in the employment context, and that is workman's compensation. I think the committee could do a service by scheduling a half day getting insurers. I read recently that the AFL-CIO is working on some model legislation in this area, so you've got insurance, labor, and business, and it really hasn't been thought through by anybody in any of the legislation.
So if there is a way to lay out the facts, the flow of information, and what the needs are. And also someone on the treatment side of this, occupational physicians or whoever. I'm more confused about that.
MS. FRAWLEY: Worker's compensation, you said AFL- CIO is working on what?
MR. GELLMAN: A model bill. If I have any further information, I'll e-mail it to you. I think this is an area -- the employment thing is a total wreck, and this is an area that hasn't gotten looked at by anybody, and none of the bills deals with worker's compensation in any effective way. So getting the facts out, and trying to sort of grope your way toward a solution.
The constraints and the conflicts are different than they are in other areas. You've also got state worker's compensation organizations. I think if we could find one of those to come in and talk to us well, that would be useful.
MS. FYFFE: There is a worker's compensation association. Something something international accident board and commissions. I've got it somewhere in my rolodex.
MS. FRAWLEY: We'll send out an e-mail to everybody, one, trying to get some dates nailed down, and the next is to trigger the list of suspects that we want to bring in and chat with.
Simon, did you have something to say? No. John?
DR. LUMPKIN: I just was intrigued by the fact that we didn't really get an answer about the European Union. I'm sure that many of the same business practices, or some of them occur in the European Union. I think it may be of benefit to do some -- I'm not sure a hearing is going to be the best format, but some sort of analytic work of how they do the same kind of business, given the different privacy protections. It might give us a better understanding of the compromises and changes in business practices that are required by working in that environment.
MR. GELLMAN: Kathleen, we might ask someone like Paul Schwartz.
MS. FRAWLEY: Paul or Joel?
MR. GELLMAN: Paul does more health care than Joel. Either of those or somebody else who is an authority on that.
MS. FYFFE: Are we suggesting that someone from AFL-CIO who is possibly involved in a draft of the confidentiality model be included?
MS. FRAWLEY: Yes.
MS. FYFFE: Okay.
MS. FRAWLEY: On the EU thing we're just trying to figure out. There are so few people that really are familiar with the provisions of the EU. Paul Schwartz is an attorney that was on our National Research Council study committee, and who has testified before the House.
MR. GELLMAN: At the EU level it's less interesting, because there are few provisions in the directive that deal with health as a category of sensitive data, and there are different kinds of consents. But this is something that you're really going to have to look at the country laws. That gets really complicated.
MS. FRAWLEY: I'm going to follow-up with Doug Long anyway from IMS health on the EU, and see who is the right person in his company to get a bigger handle on that. It just might be a situation where we are not reaching into the right person at IMS.
MS. FYFFE: My memory bank tells me that the International Association of Industrial Accident Boards and Commissions is the worker's compensation trade association if you will. I will find them.
MS. FRAWLEY: They are probably here in Washington.
MS. FYFFE: Actually, the last time I checked, they were in Florida. So I will find them somehow.
MS. FRAWLEY: They would be good to talk to, Bob. It's a good suggestion. I know when I was in medical records, we used to send an awful of photocopied medical records out to worker's compensation boards all the time. We could have staff just around the clock photocopying charts. So there is another whole piece out there.
MR. GELLMAN: John Fanning and I have had a couple of meetings over the years with people, but it's never been explored.
MS. FRAWLEY: I think those are good suggestions. So we have our next steps for follow-up from today.
MS. FRAWLEY: The next that we have to do, which is the highest priority, and I figure the work plan we may have to put on the back burner, because we certainly have enough things going. I just want to really formalize and take a look at that again is the letter to the NAIC.
Just in the way of background for everybody who is here, if you remember, we did have a presentation in November on the health information privacy model act that was developed by the National Association of Insurance Commissioners. We did have our conference call in January to talk about some of our comments.
We were fortunate in terms of the fact that we did have the transcript from that meeting. Plus, people had had an opportunity to look at the model again, and kind of put some comments together. So as a result of our conference call in January, Gail took all the of comments that we came up with, and tried to format them in such a way that we felt kind of flowed with the secretary's recommendations.
So what we need to do this afternoon is to edit this letter. What will happen is tomorrow we'll be giving it out at the full committee meeting, and then asking for the full committee to vote on Thursday to approve the letter to go to NAIC. Since our conference call in January, I found out that the different insurance commissioners rotate. So George Reader(?) is current the president.
I did go to their Website, and was able to download all of the insurance commissioners' contact information and mailing address. So a letter can go to each of them individually. So we can make sure that they are getting the same message, and it's just not going to the central office in Kansas City.
So the way it is set up is just to really obviously thank them. The area that we had the most concerns were redisclosure of protected health information, research, and use of nonidentifiable information. We did talk about there are some drafting errors and other issues that I think are less important in terms of what we need to communicate to the NAIC.
What I wanted to get a sense from the group today is if they are feeling comfortable with the letter, what we need to do to rework it before we bring it back to the full committee tomorrow.
MR. GELLMAN: I couldn't find a copy of it to look at yesterday.
MS. FRAWLEY: I have it right here with me.
MR. GELLMAN: What's here seems okay to me. I just think the one concern that I have is that I don't this letter to be taken as everything else in the bill is okay.
MS. FRAWLEY: Good point.
MR. GELLMAN: I think we ought to say something like these are major concerns, or some way of making it clear.
MS. FRAWLEY: How about where we say our review highlights the following major concerns?
MR. GELLMAN: Or our major concerns include the following.
MS. FRAWLEY: I agree with you, because I didn't want people to assume that we thought everything was fine there. John Fanning raised some points in terms of some of the language. There broad definition of insurance functions. There are a lot of things we could nitpick about. What I was trying to do was kind of go with our report, the secretary's recommendations, and kind of keep it in terms of that focus.
I agree with you. I wouldn't want them to think these were the only three things we were concerned about. They were probably the most substantive in terms of what was on the record, and what our conference call in January brought out.
MR. BLAIR: Would it take too much time to read to me what it says?
MS. FRAWLEY: Not at all. Absolutely. I would be happy to. As I said, Gail drafted, I edited, and we looked for input from all of you. It is addressed to George Reader, who is the currently president of the National Association of Insurance Commissioners. They do have a Washington office, so the people that did come in November came from their Washington office, but they are based in Kansas City, Missouri. So that's where the letter is going.
It is just,
"Dear Mr. Reader, the National Committee on Vital and Health Statistics appreciated the informative briefing on the health information privacy model act provided by Wendy Pella(?), legislative counsel, federal health affairs, and Jennifer Cook, counsel for health policy of the National Association of Insurance Commissioners on November 12, 1998, to the Subcommittee on Privacy and Confidentiality."
"The NCVHS commends the NAIC on the development of the health information privacy model act. The model act was reviewed in light of NCVHS's recommendations to the secretary of health and human services, and the secretary's subsequent recommendations to the Congress in September 1997, concerning federal legislation to protect the privacy of health information."
"Our review highlights the following concerns," and the recommendation is to insert the word "major" there, "regarding provisions in your model act. The first is redisclosure of protected health information. The NCVHS is very concerned about the redisclosure of protected health information to individuals and organizations who are not bound by the ethical can legal obligations to maintain the confidentiality of health information, and to use it appropriately."
"Section 10E, Subsection 2 of the act allows a carrier to disclose protected health information to an individual's employer, including the employer's designated risk manager, without authorization if the information is disclosed pursuant to the employer's administration of the health and welfare benefit plan."
"The secretary has recommended that with very few exceptions, health care information about a consumer should only be disclosed for health purposes. The recommendation specifically states that employers should not be able to use information obtained for health care purposes to make decisions about job hiring, placements, and promotions. This principle is reflected in Section 10J of the act, which states that a person who received protected health information from a carrier shall only use it for the lawful purpose for which it was disclosed. Nevertheless, employers are not bound by this act, and there are no restrictions on the use of the information that they receive."
"Americans are legitimately concerned that their employment decisions will be based on protected health information. Americans are also concerned that decisions about health insurance coverage will be based on protected health information. Section 11A, Subsection 3A, Subsection 2 of the act allows the disclosure of protected health information to or from an insurance support organization provided that the information is used to perform certain insurance functions including the prevention of fraud."
"The NCVHS notes that this provision would allow all health claims that are filed subject to this act to be disclosed without authorizations to the medical information bureau for the purpose of detecting fraud. This provision would vastly increase the ability of the MIB to track information on people who have never applied for underwritten life or health insurance."
Then the next section is,
"Research and use of nonidentifiable information. Section 12A states that a carrier may disclose protected health information without authorization to research organizations conducting scientific medical or public policy research as provided in the act. The model act does not require the use of an institutional review board, as recommended by the secretary."
"The secretary's recommendations recognize the importance of research to improve the public health of all citizens, and acknowledges that there are situations under which protected health information should be made available to researchers without consent. The recommendation states that the conditions for such disclosure should include a determination of an institutional review board that the research involves minimal risk to participants; that the absence of consent will not adversely affect the rights or welfares of participants; that conducting the research would be impractical if consent were required."
"In addition, the recommendations state that the researcher would be required to remove personal identifiers, and to provide the IRB with assurances that the information will be protected from improper use and unauthorized additional disclosures. The NCVHS strongly supports the recommendations regarding research. It is the view of the NCVHS that the requirement of an IRB in the model act will limit further disclosure of protected health information, and provide greater protection against the use of personally identifiable protected health information from marketing or unscrupulous purposes."
"It is also important to note that the act does not require the dis-identification of data, or suggest the use of aggregate data whenever possible. The NCVHS recommends that the act be revised to support the use of nonidentifiable data whenever possible."
"Thank you for the opportunity to provide comments on the model act. If you have any questions, please don't hesitate to contact me as chair. Sincerely, Donny Detmer, M.D." And the cc would go to all of the state insurance commissioners individually, because on our conference call our concern was that we just sent it to central office, that the 50 state insurance commissioners would not know some of our concerns, and also to the staff who provided the briefing. So that's the substance of the letter.
MR. BLAIR: The only thing that concerns me, and I thinking of the first major concern that we have, which is passing on information to employers, and we kind of cited the laws and regulations that would pertain to that. Towards the end of that paragraph we seemed to acknowledge that apparently there is nothing actually preventing them from passing -- at least this is my understanding. Correct me if I didn't understand the letter.
It seemed to be saying that while there are concerns about employers misusing the data, there is no law against them passing it on to the employer. I almost wish that -- this may be more than we can do in our meeting -- I almost wish that we could take a position on that, that's a little bit stronger.
Maybe you had already thought about this, and you found that that was beyond what you could do in the letter. Maybe you can tell me how you feel about that.
MS. FRAWLEY: The problem that we have is that it is a two-fold issue. One is the insurance functions that they define, and what they can do with the information without authorization that we're not happy about. Number two, the second problem, which is the employers who are not covered by this act. This is just the model act for the state insurance commissioners.
So if someone took this 26 page document and decided to introduce this in their state legislature, the only group it covers are insurance companies. So we are still back to that same issue that we keep running up against all the time, which is it doesn't address the employers, which is where we always bump up against.
So I mean the problem is that we're writing to the national association saying we think you did some good work in your act, however, here are some concerns.
MR. BLAIR: This is as far as we could go.
MS. FRAWLEY: To them, but we still haven't tackled the employer piece, which is basically what our next meeting, we'll try to get our hands better around. That of course is going to be a major challenge, because look at the number of employers in this country, and it's all over the place in terms of what people are doing.
So I don't know what else we could put in the letter, but I am open to any thoughts.
DR. COHN: I was actually going to comment that the letter was excellent. With the minor change that you have described, I think it does a very good job of indicating most of the issues we are concerned about.
MR. GELLMAN: I've got two edits here. At the end of the first paragraph, where instead of commending them on the development of their act, I would commend them on their interest in privacy. I don't think the act is a great blow for anything. The notion of having all these separate privacy acts covering different people in the health care thing is not a great idea.
Then the sentence in the second paragraph, "Our review highlights the following concerns." Instead of that I would say, we want to call your attention to some of our major concerns about the model act.
MS. FRAWLEY: Good suggestions. I don't want them to get the letter and think we think it's swell. That was what I was struggling with. I wanted to be polite, because they did put a lot of work into this. I know from some of the staff over the years, I have been contacted by the NAIC. This was about a five year effort. So I think they put a lot into it.
I think we all agree there are definitely pieces that need to be redrafted, or weren't really thought through. I think the other thing that was important too was the fact that this didn't pass unanimously at their board meeting, which shows you that there is still a fair amount of disagreement about this.
I think those are good suggestions, because I just didn't want the letter to make it sound like we thought everything was wonderful, and didn't want to get into nitpicking ever single thing. I went back and looked at our notes from the conference call and realized that on almost every page we could pick something up. I didn't want it to be viewed as being not helpful either.
So in terms of that, other suggestions or comments? Does everybody feel comfortable with it? What we do is tomorrow I will present the letter on behalf of the subcommittee. Kind of give the full committee a little bit of background so they understand, because none of them have seen the ball of wax, and wouldn't have the benefit of that discussion.
Give them the draft, which I will correct tonight, so we will have a current copy for them tomorrow, and then they get a night to sleep on it. They would be asked to vote on Thursday. We wanted to get it done before Don departs for Cambridge.
DR. HARDING: I think maybe Bob's suggestion of having one or two of those model acts here in case anybody wanted to look at it.
MS. FRAWLEY: Yes, I do have one copy with me. I'm sure if we need to, staff will get it. That's a good point.
So that's the game plan in terms of the full committee meeting. So I just want to make sure everybody feels comfortable on that.
MS. FRAWLEY: We have 15 minutes left, because the next meeting has to start. Since four of us are at that meeting, I know that none of us want to go past six o'clock tonight. This is just in follow-up from the executive committee meeting in terms of our work plan. I just want to tell you what we have officially listed on our work plan, and I will update this and send it out to everyone.
Bob had brought up a comment this morning that I thought was useful, and I'm just throwing this out in addition to everything else that we have listed. We still have the PBM issue on our plate, and of course the employer use of health data. So those are still two open issues, and we agreed that we've got a game plan within the next two months.
We completed the anti-fraud issue. We did the NIC model. One of the things that Bob mentioned this morning, and I thought about, and I'm just throwing this out and you can all tell me I'm nuts, we have never heard from any consumer groups in any great detail. We talked about this a little bit last July when we had the hearing in Chicago on unique health identifiers for individuals.
The question that I just want to throw out to the subcommittee is, is there any interest potentially at our June meeting, the full committee meeting, that the subcommittee meeting at that time might be an opportunity for some of the consumer advocacy organizations and privacy advocates to come forward? I think we need to hear from those groups. I think it's an important point. So I'm just throwing it out, and everybody can just weigh in on that one.
MS. FYFFE: Can I have a point of clarification? We have heard from some privacy advocacy groups. They have talked about I thought, some of the issues that consumers would concerned about. We, I guess, had no specific consumer groups?
MR. GELLMAN: I don't think that's accurate. I think we have had some consumer groups, patient groups, privacy groups sprinkled in. I think having them by themselves is not necessarily particularly useful. I think what would have been useful is having some of the here for two purposes. One is to respond and react to what the industry folks were saying, and frankly another purpose is to drag some of the along and educate them about what the industry is doing, because not all of them are necessarily any better informed than any of us are.
So it serves sort of both purposes. When we did some of the workshops last year, there were some people who were invited solely for that purpose, to offer perspective, and to sit and listen. So I think that in the context of whatever we are doing, we need to integrate some of these people in.
MS. FRAWLEY: I just want to make sure we don't lose that perspective also. That was why I just threw that out. Now whether we do that through our next meeting on the PBMs and the employer use of information, that's fine, but I also want to make sure that at some point we are going to have to wrap some of this work up, because we know that the time line that the secretary is facing is getting shorter.
My feeling is that by late summer, if Congress hasn't done something, we know we're kind of switching into the rulemaking situation. I would expect at that point that we're going to be asked to react to some of the work within the department on a notice of proposed rulemaking. So my concern is I want to make sure that we get all the key perspectives. That's what I wanted to talk about in terms of the work plan.
What we laid out six months ago as our game plan, we have pretty much addressed. So we have kind of a limited time window here in terms of what more we can do. So I just wanted to make sure that we don't leave any segment out, and later be criticized that we didn't hear from various constituencies.
It's not just consumers. There might be other groups out there that maybe we should have -- the subcommittee over the last three years has reached out and talked to a lot of people, but still, you want to make sure that everybody feels like they got their chance to come in.
MR. BLAIR: I know that there was quite a reaction. I wasn't at the meeting, I think it was in June of this last year, where there were a number of individuals that were very concerned about identifiers being misused to violate privacy and confidentiality of health records. At least when I read the newspaper reports on that, it was a mixture of valid concerns, with fears of things that are not involved.
I just heard Bob mention that he thought that kind of this cross-pollination would be effective, where folks who have privacy concerns could hear other folks testify. I think some of that is past, although maybe that's a good idea, to invite some of those folks to other hearings like the CPR work group hearings. Maybe we ought to reach out proactively so that that could be an education process.
My thought was whether it would be useful to have a forum, to have those folks that are especially concerned about privacy of our health records, and the identifier issue, to come and testify on two things: their attitude on what we are proposing with respect to the NPRMs on data security, which maybe by that time will be regulations; and the other is on HIPAA legislation itself, and the direction that that has.
In other words, to have them focus on what we really are doing, what our mission really is. Do you feel like that would be a focused session?
MS. FRAWLEY: The only problem I see, and I'm going to have to punt this one to Don Detmer, is I got the impression after the appropriations bill was passed that we can't use any resources within the department. I assume as a part of that, we would fall into the definition of resources to any work on unique health identifiers for individuals.
DR. DETMER: We're essentially in irons.
MS. FRAWLEY: Even though, Jeff, I think it's a wonderful idea, I think that's why at this point it's kind of on the back burner. I think that there are perspectives from the consumers that would be helpful, particularly as it relates to some of the issues about employer use of the information. I think that's a good way to get it out.
But I think in terms of unique health identifier, we would not be able to bring people in specifically to talk to us. The best I understand both from what Don has communicated to me and Jim.
DR. DETMER: The language itself really doesn't proscribe it, but I think the clear policy recommendation is not to.
MS. FRAWLEY: So at some point if we get permission to kind of go back and explore that issue, because I thought the first hearing in July was very useful, and would have liked to have been able to see us continue that dialogue.
DR. LUMPKIN: Perhaps one of the issues, because as the August 1999 deadline gets closer and closer, we conducted hearings, and then we came forward with a letter to the secretary. We have never gotten feedback on the position that we took, which is very similar to the one the secretary took.
Perhaps as a prelude to the issuing of the NPRMs, assuming that Congress doesn't act, a hearing in June or July might actually do some good, so that the department can get some feedback on issues that are working their way into the NPRM, just on our letter as sort of being the document for which we are conducting the hearing. It's just something to toss out and think about.
MS. FRAWLEY: It's a good suggestion.
DR. DETMER: Yes, in fact actually, one of the things I have suggested periodically at the Data Council is that actually they use us explicitly -- the department -- for that purpose. I think it's a terrific way for the department to get a good airing of issues and such, in a much diffused manner, work a day kind of approach. So I think that's an excellent point.
DR. LUMPKIN: I kind of like the model that Bob was suggesting of having representatives from industry and consumers and advocates on the same panel, because that may provoke a little bit different kind of discussion on the issues than having them in segregated ways.
MR. GELLMAN: A couple of comments on the suggestions. I think that finding the right thing for us to do in the next couple of months is good, but there are going to be hearings all over the place on Capitol Hill. So you've got to really pick your spots, and be either narrowly focused or stay out of the way, because no one is going to care what we do while their hearing is going on, on Capitol Hill.
Secondly, with respect to Jeff's idea about trying to get some other folks and other points of view involved, and some of the standards issues and whatever, I think that is really a very good idea. I think it would be very hard to do. I have talked to some people in the privacy community, and no one is paying attention to this stuff. There are too many decisions going on to which no one has any input, because they don't participate, and they don't have the resources to do it.
If there is some way to cultivate that, or to find people in other communities that would be interested in participating with other points of view, and we can cultivate that in some way, I think it would be lovely. I think it's going to be hard to do, but you can always ask people, and they can say no.
I think cultivating that is something that would be very useful, because too often the privacy stuff gets totally segregated from all the other decision-making, and then it's too late.
MS. FRAWLEY: Other thoughts? Okay, actually we finished five minutes ahead of schedule. I'm amazed. I feel good in terms of we got a lot done today. I think it was a great day. Always before we close I feel like Chuck and our engineering students from the University of Pennsylvania and the staff over in that corner, anybody would like to weigh in? Chuck, any pearls of wisdom for us?
DR. DETMER: You thanked Gail, but I also wanted to thank her.
MS. FRAWLEY: Absolutely. She did a yeoman's job in putting this together. I think what was very helpful was that we told everyone when they were coming in the door, what we wanted them to address. I think the panels were very well prepared. I think we got a lot of good information.
But she certainly, over the last month, did an awful lot of work. So again, thank you very much, Gail. I certainly thank everybody for their participation, because I thought it was very useful today.
With that, we are concluding our subcommittee meeting.
[Whereupon, the meeting was adjourned at 3:55 p.m.]