[This Transcript is Unedited]
Hubert H. Humphrey Building
Room 705A
200 Independence Avenue, SW
Washington, DC 20201
Data Council
HHS Implementation of PL 104-191 Health Insurance Portability and Accountability Act of 1996
Privacy Component - NPRM
Data Standards Component
Mr. James Scanlon, ASPE
Mr. John Fanning, ASPE
Dr. William Braithwaite, ASPE
Update on Interagency Working Group on Summary Health Measures
Edward J. Sondik, Ph.D., Director, NCHS
Discuss Advisory Mechanisms for NCHS
Dr. Edward J. Sondik, Ph.D., Director, NCHS
Dr. Lumpkin
Presentation on Digital Signatures
Mr. Jay Wyck
Reports from Subcommittees and Work Groups:
Executive Subcommittee
- May 9 Subcommittee Meeting
- August 17-18 Strategic Planning Retreat
Dr. Lumpkin
Standards and Security
- PMRI Report Action Item
- Hearings
Dr. Cohn
Mr. Blair
Subcommittee on Privacy and Confidentiality
Ms. Frawley
Subcommittee on Populations
- Functional Status Project
- Work Group on Quality
- 21st Century Vision for Health Statistics
Dr. Iezzoni
Ms. Coltin
Dr. Friedman
Dr. Lumpkin
DR. LUMPKIN: Good morning. My name is John Lumpkin. I am Director of the Illinois Department of Public Health and chair of the committee. As is our practice, this session will be transmitted live over the Internet. As such, we will be available not only live but also for delayed playing for the west coast.
[Laughter.]
We will start off with introductions so that people who may be listening will be able to identify our voices. We will start with you.
MR. SCANLON: I am Jim Scanlon from HHS. I am the executive staff director for the committee, and I have with me today Florence Nightingale -
[Laughter.]
MR. SCANLON: ¾ at least in spirit, who had a lot of these ideas a couple of centuries ago. She would probably be happy to see that we are making some progress on them.
DR. LUMPKIN: It is only about 150 years ago.
DR. STARFIELD: I am Barbara Starfield. I am from Johns Hopkins University and a member of the committee. The first time I talked to Carl White, he told me about Florence Nightingale and encouraged me to strive for that level of excellence.
DR. COHN: I am Simon Cohn. I am a practicing physician and from Kaiser Permanente, a member of the committee. And actually on the basis of hearing the stories about Florence Nightingale, I intend to visit London this summer and visit her museum.
DR. LUMPKIN: You can do it on the Internet also.
DR. COHN: I think it is probably better in person, thank you.
MR. GELLMAN: I am Bob Gellman. I am a privacy and information policy consultant in Washington. If you want to see part of Florence Nightingale's operation, it is really not there anymore, but a couple of - about a year or two ago, they discovered her offices over on 7th street above the storefronts in an office that no one had gone into for like 100 years, and they found her records and a place that she used as an office, I believe, after the Civil War. For a while, when you walked by 7th Street, you read about it in the paper. Up on the second floor, in a window, they had that picture of her so you could identify the office. I do not know what ever happened to the papers. The last that I heard ¾
DR. IEZZONI: Bob, I think that is Clara Barton and the Red Cross.
MR. GELLMAN: Oh, I am sorry. Never mind.
[Laughter.]
PARTICIPANT: It was a nurse!
[Laughter.]
PARTICIPANT: Wrong country.
MS. FYFFE: Kathleen Fyffe, a member of the committee, and I work for the Health Insurance Association of America.
MS. WARD: Elizabeth Ward from the Foundation for Healthcare Quality.
DR. NEWACHECK: Paul Newacheck from the University of California at San Francisco.
MR. BLAIR: Jeff Blair, vice president of the Medical Records Institute and a member of the committee.
DR. NACHINSON: Stanley Nachinson from the Health Care Financing Administration and serving today as a staff person for the committee.
DR. FANNING: I am John Fanning from the Office of the Assistant Secretary, Planning and Evaluation of HHS and the privacy advocate of the department. I am a speaker at this morning's meeting.
DR. IEZZONI: I am Lisa Iezzoni from Harvard Medical School and on the committee.
MR. ROTHSTEIN: Mark Rothstein, University of Houston, member of the committee.
DR. ZUBELDIA: Kepa Zubeldia, Envoy Corporation and member of the committee.
DR. FRIEDMAN: Dan Friedman, Massachusetts Department of Public Health, a committee member.
MS. COLTIN: Kathy Coltin, Harvard Pilgrim Healthcare, member of the committee.
MS. GREENBERG: Marjorie Greenberg, National Center for Health Statistics, CDC, and executive secretary to the committee.
DR. LUMPKIN: Noting the 50 years of the committee. The Secretary arrived and gave quite a stirring speech. It was very interesting the reminiscing from various chairs who all seemed to reminisce about the future and what we needed to do.
[Laughter.]
So we will get on with that. The first item, do we have any conflicts for today's agenda? I see none. We will move on.
Any additions or changes to the agenda? I have a request. I am going to need to manage the quorum today, so I would like to ask each member if you would write on a sheet of paper and pass it to me - just write on a piece of paper and send it to me with your name and what time your flight is. What time you need to leave the meeting to make your flight. What time you are flying away from here.
MR. BLAIR: Is it the flight departure time or when we leave the meeting here?
DR. LUMPKIN: When you would expect to leave the meeting here.
The Subcommittee on Standards and Security has redrafted the document, and we should expect to have that within about an hour. When that is available, we will pass it out so members may have an opportunity to read it. Depending upon when people are leaving, we may or may not take a formal lunch break. That is all kind of up in the air until I find out when people are leaving.
We are going to proceed with our update from the department. Jim.
MR. SCANLON: Thank you, John. Good morning, everyone. We are going to give you, the three of us, a report this morning on various activities from HHS. Bill will talk about data standards, and John will talk about some activities in the privacy area, several developments in the privacy area.
I thought I would best spend my time on and focus on some activities that occurred recently in the data strategy area that the committee has been working on and is obviously interested in. Earlier this year, our HHS Data Council took stock of where we stood in HHS on a variety of data initiatives. The initiatives I am speaking here relate to statistics and population-based data with a focus on the content. You will recall, I know I have briefed the committee before, on our survey integration plan on activities in the race and ethnicity data area, on Healthy People 2010, and on health system data, recommendations for health system data, and provider data, and so on.
The council sort of looked back to try to see where do we stand on all of these recommendations, where do we stand in terms of our overall capability, and in the light of current and anticipated needs, where do we need to go. There was a conclusion that basically there was some excellent progress in each of these areas and actually in all of these areas, but we probably have reached the stage where we should move beyond the survey integration plan and that approach to a broader approach to this kind of data strategy, data content, in HHS.
We concluded that we probably needed to focus on overall data strategy that pulls these various data needs and gaps together and integrates them with our capabilities and data in HHS. So, the council at that meeting established a standing data strategy committee similar to our standing committees on health data standards and our standing committee on privacy and other areas. That committee replaces our earlier Survey Integration Work Group, which I think reported to you several times before.
What is this group asked to do? The Data Strategy Group has actually been asked - it has a very broad charge, and it has been asked to look across the health and the human services area, to look across our data collection, analysis, and dissemination activities as well, and to develop recommendations to the Data Council for a multi-year data strategy that is linked to the budget process. The group has been asked to sort of take the work of some of the content-oriented data groups including recommendations from the NCVHS in various areas and to try to integrate them into this overall data strategy.
Let me just give you some of the charge that the - I think we are going to put this charge up on the Data Council website shortly. It is still being edited a bit. Let me describe briefly what the goals and vision for such a data strategy would be and then what the charge or the various steps are that the Data Strategy Committee would be asked to undertake.
When the council set up this group, it asked the group to first of all include some broad goals for HHS data strategy. Among those goals are the following: to assure that HHS and its partners obtain the data that they need when it is needed including certain subgoals, and one of these is to close critical data gaps, and secondly to reconcile data when we do have it, to reconcile different estimates of data across different sources; then as well, to look at opportunities for phasing out data that appears no longer to be useful or just not as - or phase out the period use of that data if it no longer seems to be useful.
A second broad goal that I think the group is asked to address would be to improve the access to HHS data as well as analytic capability for HHS data. A third broad goal that would be included in the strategy would be to meet HHS data needs as effectively and efficiently as possible, and here we would look at opportunities for efficiencies in our current portfolio as well.
There are several steps that the council asks the Data Strategy Group to go through. I will go through those briefly, and then I will leave time for discussion. In developing this multi-year data strategy, the group was asked to, number one, in essence look at, identify, and describe current and emerging needs for data in the Health and Human Services area, and with special attention to three priority areas. These will be very familiar to the committee.
The first area deals with the area of populations, subpopulations and geographic level. One of the priority areas that the group will be asked to look at will be in the area of basically health and socioeconomic data and data on the well-being of the population, on specific subpopulations, including the major demographic, and race and ethnic groups as well as state and local data.
The second priority area that will be looked at will be the whole healthcare delivery system and its organization. I think I had reported previously that we have had groups in HHS looking at our current capability to monitor trends in the health system, and the conclusion almost always is that we are - things are changing faster than our ability to be able to describe, document, and understand those changes.
A third area deals with outcomes, effectiveness, quality and safety of health and human services. Again, that is identified as one of the three broad areas that the data strategy group would be asked to look at.
Basically in those broad areas, as well as all of the other areas in terms of data needs that have been identified, the group is asked to first of all develop a synthesis of those; secondly, to assess our current capability in essence for our data collection and our analytic and dissemination resources in the light of those data needs; and then number three is to identify optimal approaches to an HHS data strategy taking into account opportunities for integration, coordination and so on, as well as relationships with partners. This would include creating user-friendly access to HHS data and improving analytical tools, capacity, and expertise.
Based on that review and so on, the Data Strategy Committee is asked to develop proposals for a multi-year HHS strategy that would be submitted to the council, that would reflect a broad, coordinated approach to data planning, investment, and decision making here at HHS. This would include, as I said, integrating the work of the various content groups; number two, it would identify a process for facilitating consensus on priorities and directions; and it would include recommendations for informing and interrelating with external partners as well as increased opportunities for collaboration.
In brief, the Data Strategy Committee has been established. It has been meeting on a weekly basis. It includes representatives from all of the agencies across HHS, and it is proceeding along two tracks at the moment. The first is the total data strategy activity, but secondly, as you know, the budget process goes on. Not only are we implementing one budget, waiting for appropriations for another budget, but we are also developing plans for the third budget, which is the fiscal year 2002.
The Data Strategy Committee has been asked to provide some crosscutting perspective on data priorities and plans for the fiscal year 2002 budget. In this area specifically, HHS has identified the area of information or decision-making and action as an area of special consideration in the budget development process. Agencies are asked to look at their capabilities and to identify opportunities for enhancement in their budget plans.
Finally, when the agency preliminary budgets are submitted later this summer, the Data Council's strategy group will be looking at those budgets to see how well they address our major data needs and to provide some recommendations to the Data Council for advice in terms of budget development. Let me stop there. Paul?
DR. NEWACHECK: It sounds like this Data Strategy Committee has some very important objectives that I think will be very useful. I had a question about - when you talked about the goals, you mentioned that one of the goals is to reconcile different kinds of estimates that come from different surveys. We have talked about this before, but clearly we have very different estimates about the number of uninsured persons in the United States. We have different measures of health status and functional status that are used in different surveys. They often contradict each other; at least they yield different estimates that are confusing to analysts as well as policymakers.
I am wondering, how will this committee go about attempting to reconcile those estimates given that they seem to be kind of entrenched within the data collection agencies themselves?
MR. SCANLON: That is a good question, and actually there have been a couple of steps in this direction already. One of the ways that we have taken in the area of health insurance estimates - and you are absolutely right, Paul, they are depending on the survey that you use or the data source that you use. Obviously, there is quite a range of estimates of health insurance coverage.
There are really two aspects to this. In many cases, the different sources are different for a variety of reasons that make sense, and they actually give you a different look at the problem. It is not that you would necessarily want to throw that one away; it is just that you have to understand the strengths and the weaknesses of each of the estimates.
In the area of health insurance coverage, one of the things that we have done is to pull together about a three page primer of estimates, what these various health insurance estimates mean and depending on the source, what is the strength and the limitation of each one and which one is appropriate for different policy uses. A three- to five-page sort of discussion of the comparison and the contrast among these is one of the ways that we can go.
The other area is in the area of drug use among youth, for example. We just had a discussion at our recent Data Council meeting where we actually had some experts come in and look at our three major surveys that provide data in that area to look at: do the estimates differ, why do they differ, what does each of these estimates tell us. Those of you familiar with those surveys know that they are very big, annual surveys. They are used in the war on drugs and so on.
That is somewhat of a different approach where we had estimates come in and sort of look at which - what are the strengths of each. Again, I think our aim in the data strategy group is to have ultimately available on the HHS website or in many of our publications something like a three-page overview of what these estimates are, the data sources, and what the strengths and the limitations of each are, and what you might want to use for each one. We can certainly use the advice of the committee as we proceed along that route.
DR. NEWACHECK: Can I just follow up briefly. I think it is useful to point out differences, and if there is an underlying rationale for the differences, that is useful. But, if the differences are simply minor wording changes or things like that that fit the agency's way they have asked the question in the past that really do not have any underlying rationale seems pointless to continue that. It would make sense to try to change that so there is some uniformity where it would be of value.
MR. SCANLON: Yes. The interest is in intentional differences for one reason or another. I think if they are just random or they are simply the fact that two people are not using the same measures when they could, that would suggest an issue for standardization or comparability at a minimum.
DR. STARFIELD: Jim, yesterday, we heard a lot of people talk about the need for an over-arching group that would deal with data needs in the country. You used the term "our" needs. I did not know whether that referred to HHS or whether it referred to the country or what? What is it, really, the scope of this effort?
MR. SCANLON: We are really looking at - this is really something that the focus here is largely within the HHS. Well, it is both. I think in terms of looking at what data needs have been identified over the years and where do we stand in addressing those. There, I think the committee is casting a fairly wide net, and it is including - but it is largely national from what I can tell.
It includes Healthy People. It includes recommendation from this committee. It includes recommendations from some of our other working groups and other groups that have recommended. It largely deals with national data, national statistics. It includes, in terms of content, virtually any major area in health or human services that people thought we have major data gaps in and keep identifying and recommending that we would close them.
In terms of how do we address some of those data needs, I think here we have to have a fairly sophisticated strategy. I do not - the world is probably past, if it ever did exist, where HHS or a federal agency could address all of these needs realistically in terms of budget resources. So, I think we are going to have to have some creative strategies for enlisting partners and others for data that, for certain kinds of data, it would just be very difficult to get on our own.
In Healthy People 2010, for example, there are some areas where it would just be very difficult or it would take a large proportion of our resources to fill in some of the templates. We have to look at competing requirements for those same resources, so it is going to take a fairly sophisticated approach, I think.
DR. COHN: I actually just have a question about the level of participation from the various HHS groups and agencies. I guess very specifically, please do not take this question as being a cynical question, but has HCFA bought in on this one?
MR. SCANLON: Yes.
DR. COHN: They are fully participating throughout its organization?
MR. SCANLON: HCFA is a member and a fully participating member.
DR. NEWACHECK: Is there an effort to bring in other departments like Census?
MR. SCANLON: I think later on in the process. They are certainly being considered in the look at our current capabilities.
I might add that when we look at current capabilities, I sort of refer to this as looking at our portfolio and how do we - of data resources. When a data need is identified, how do we begin to think about addressing it? It is not always to go and start collecting new data. It is often a look at partners like the Census Bureau, administrative data, state data, organizational data, that might be pulled together. Even simulation is often looked at, microsimulation. I think we are going to look at, in terms of these - given the set of data needs, how does one organize resources to get at them. I think that we are going to look at the full array of approaches. All of the agencies are involved.
DR. LUMPKIN: John. Thank you, Jim.
DR. FANNING: Thank you. I have several news type items. Everyone is, of course, wondering when our confidentiality regulation is going to come out. Fortunately, I do not have to address that because apparently the Secretary addressed that yesterday. I will go on to the other items.
Jim made reference to the Data Council and its committees. We have now constituted a Data Council Privacy Committee, which replaces an earlier Interagency Health Privacy Working Group. It will cut across programs. It is not health focused. We have welfare programs and other programs in this department as well as internal issues. One of its early inquiries is, what are the best organizational mechanisms within federal agencies for assuring attention to privacy?
We do have a privacy advocate in this department. The Health Care Financing Administration has established a Beneficiary Confidentiality Board to assure high-level policy attention to this. The Internal Revenue Service has a privacy advocate, and we heard from her at our first meeting.
We will have other tasks and interests, and we can report to that as time goes along.
There was news in the area of protection of research subjects. The department has reorganized its arrangements for administering the protection for research subjects program. It was previously done out of the Office of Extramural Research at NIH. There has now been constituted at the Office of the Secretary level within the Office of the Assistant Secretary for Health, an Office for Human Research Protections. The director of that office has been identified as Dr. Greg Coskey, Associate Professor at the Harvard Medical School, who has had a long interest in protecting research subjects.
The other thing that is happening here is that an advisory committee is being established. A notice appeared in the Federal Register earlier this week asking for nominations for that advisory committee, so I just call that to your attention. I can give you more information about this later, give you citations and the like if you wish, but you have until August 18 to send to the address noted in the notice names of people who you think would be helpful to this committee.
The third item is the study of data privacy, and database research, and IRB attention to it. Our office and ARC funded that study at the Institute of Medicine. Today, they are unveiling their workshop summary of a summary we had a few months ago. In late July, they will release their final report, Protecting Data Privacy in Health Services Research, so we are looking forward to that. This is one of these areas where additional technical and practical guidance is needed. There is much agreement on the principles, but there is much to be worked out on the ground.
Lisa, do you want to add anything to that?
DR. IEZZONI: Yes. I was on that IOM committee, and it was a very interesting process. I do not want to anticipate exactly what the recommendations will be. The final wording needs to be worked out. I think, though, let me just say that I suspect that the recommendations will suggest new levels of expertise on institutional review boards that have not existed previously.
I hear all of the time from IRBs that they do not have enough resources to monitor the standard clinical trials, the standard human subjects types of things. So, how we constitute that expertise to be sensitive to issues of using existing health data, administrative databases, and be mindful of the costs, I think, will be somewhat challenging. It is going to take some working through.
DR. FANNING: Apropos of that, the National Institutes of Health has put out grant notices noting the availability of money for training in the area of research ethics, the development of training programs and material as well as the conduct of training. Among the issues mentioned are privacy and confidentiality.
A few other items: the administration has offered to the Congress legislation to restrict the sale and purchase of Social Security numbers. That is, in large part, a reaction to abuses involving identity theft and the like but also many other uses of information. The bill would give authority to the Federal Trade Commission to regulate this. It has been introduced as HR-4611 and S-2699. It does allow for special provisions for the purchase or sale of Social Security numbers for research with certain standards. If people want to know more about that later, we can talk about it.
A few international items: Canada has a new privacy law of general applicability. Canada has had, for many years, a Privacy Act akin to ours which covered the activities of its federal government. They now have one of more general applicability that goes into effect on January 1 of next year. The health sector got itself a postponement for a year. The details of that are not fully clear to me and perhaps not appropriate to go into now. It does accommodate the research - in my view, at least, the research needs in terms of allowable disclosure.
Another item from Canada, the Privacy Commissioner of Canada identified in his annual report a body of identifiable information held by Human Resources Development Canada which is an agency that includes things that in the U.S. would be handled by the Labor Department, this department, some elements of the Office of Education and so on. They collected information called the longitudinal labor force file for statistical and research purposes. The commissioner had various problems with it having to do with its never being purged, possibly inadequate controls on access to it, and the lack of legal controls to prevent its use for administrative purposes.
After that was called to public attention, the Minister of Human Resource Development Canada eliminated it as a comprehensive program partially by eliminating many of the links. The data will exist in many other - separately within the organization, but there will be elimination of links with other departments of government.
I guess what it points to is the need to attend very carefully to the protection of data held for statistics and research and to be utterly scrupulous about limiting it to the minimum necessary to conduct your business and limiting its accessibility to others, and making absolutely sure through both the legal and administrative arrangements that it is not used for administrative purposes. The commissioner's report is on the website of the Canadian Privacy Commission.
The European Union, the European Commission and the individual nations have approved the arrangement that our Commerce Department has been trying to work out with them for some years to insure that the United States was a worthy recipient of information protected by the European Union Data Protection Directive. That directive requires the member states to forbid the export of data to countries that do not have adequate protection. So the issue is, then, what is adequate protection?
The scheme developed by the Commerce Department in conjunction with their counterparts in the European Union is a set of safe harbor principles, which companies can adhere to, profess their adherence to, and thereby identify themselves as proper recipients for data. It is not geared toward the non-profit sector and does envision regulatory control mechanisms like the Federal Trade Commission.
I have not identified a great many issues where research information or other information within the purview of this committee would be affected by this. In many instances, individual consent is obtained, and in some instances, contracts can be used. If people hear of issues of privacy concerns in the transfer of data across the Atlantic, I would be appreciative to know about it. That is what I have, Mr. Chairman.
DR. LUMPKIN: Any questions?
DR. BRAITHWAITE: The hippos are coming.
[Laughter.]
DR. BRAITHWAITE: I am sorry, Bob, I just could not resist.
AUDIENCE: I just have one question. Since some of us in the audience and probably most of the Internet audience did not hear the Secretary's announcement yesterday, perhaps could that be repeated for the record today? Thank you.
MR. SCANLON: It was not really an announcement, and it has not changed anything, but the Secretary in her remarks honoring the 50th anniversary of the NCVHS just said that later this summer, we would be issuing our privacy regulation. So, there was not really - it was not different than previously anticipated. But at any rate, that is the story, and we are sticking to it.
[Laughter.]
DR. BRAITHWAITE: Okay, so back to the hippos coming. The Department is on track to issue the first HIPAA standard transaction rule at the end of this month, which is coming very soon.
[Slight applause.]
Yes. We are all very anxious to get that out. In addition, in the same issue of the Federal Register, the plans to publish another document announcing the designation of the standard maintenance organizations, which are the ones that signed the review at our last meeting here, which will be part of the process of maintaining those standards.
Of course, there is the issue of how is industry going to react to these, and how are they going to sort of coordinate and cooperate in implementing these. Because Karen Trudell, my cochair on the HHS Standards Committee could not be here today, Stanley Nachinson is going to give us a report on what happened at the meeting recently held on the Work Group on Electronic Data Interchange.
DR. NACHINSON: Thank you. Several months ago, the department was approached by a couple of members of WEDI, the Work Group for Electronic Data Interchange. They were interested in sponsoring a national implementation effort. They felt that it would be extremely worthwhile to develop a coordinated approach by all plans, and providers, and vendors, and clearinghouses in the country for implementation guidance, for cooperation, for collaboration and dissemination of best practices.
Rather than looking to HCFA and Medicare as sort of the leader in doing anything new, which is sort of the way things have been done in the past, we certainly agreed that this would be an excellent opportunity for the entire industry to cooperate in implementing the HIPAA standards. Out of these discussions, SNIP, the Strategic National Implementation Process, was born. Actually, some of the smaller work groups in SNIP are now known as snipettes.
[Laughter.]
A steering committee was formed by several members. HCFA and the Department are participating. Some of the leaders in some of the major organizations also are on that steering committee. The first kickoff meeting was held last Thursday and Friday in Alexandria. There were over 180 attendees from various plans, providers, clearinghouses, vendors, and major organizations.
Three groups were sort of put together. There is a group on education and awareness; a second group on transactions, identifiers and code sets that are responsible for timing issues, testing issues, coordination issues between plans and providers, et cetera; and a third group on security implementation.
These will be ongoing groups. Clearly, we did not put together the entire national implementation plan in a day and a half, but there was some agreement that these groups will be ongoing. There are some 30-day deliverables. There will be ongoing meetings via teleconference and email and list serves.
The department really views this as just a tremendous opportunity and really a burden that has been lifted from us. We had a number of discussions about how we were going to manage the national implementation of the HIPAA process since it is not just Medicare and Medicaid programs that have to do this but everybody in the healthcare industry. I think the stepping forward by WEDI and the participation by a broad spectrum of groups is just a terrific step forward. We are really very pleased and excited, and I think this really marks a step forward and a realization by the industry that number one, the standards are coming, and that June 30th or thereabouts is a real date; and secondly, that there is a lot of work that needs to be done, and they all seem to want to pitch in and work with us and with each other to make sure that the standards are implemented on a timely basis and in a very cooperative, industry-wide basis.
DR. BRAITHWAITE: In conclusion, the next question that comes to people's minds is, now that that one is out, when are the next set of standards coming out for the provider identifiers, security and so on. We have not set any target dates for those yet. We have not even had a chance to think about them. Once we get the first standards rule published, we will try to come up with a rational projection, but we will be cranking them out as fast as we can. Hopefully all of the pending ones will be out by the end of the year.
DR. LUMPKIN: If I could just, for planning of our workload, there are still, I think, two NPRMs that are pending? Is it expected that they would be issued within the next 35 or 45 days?
DR. BRAITHWAITE: Probably not, but I do not know yet.
MS. FYFFE: Actually, I think there are three NPRMs: enforcement, claims attachments, plan identifier.
DR. BRAITHWAITE: The plan identifier and the plans attachment identifier are the ones, I think, that John was talking about. The enforcement NPRM I do not expect out until next year at the earliest.
MS. FYFFE: Oh, 2001.
MR. BLAIR: Bill, could you clarify if it is in fact true that the regulations for privacy would be issued later this summer? Then is there still the plan that the regulations for data security will be toward the end of this year?
DR. BRAITHWAITE: I cannot tell you, Jeff. The two have to be closely coordinated in the writing of them, and if one comes out, I would expect the other to be out shortly.
MS. FYFFE: Let me just - for the benefit of the audience on the Internet and so forth, when we say that the final rule or NPRM is going to be out, are we saying that it is going to be issued in the Federal Register, or is there some other sort of thing that has to be done with other parts of the Federal Government before the rule gets issued?
DR. BRAITHWAITE: By "being out," we mean published in the Federal register.
MS. FYFFE: Thank you. Thank you very much.
DR. LUMPKIN: Elizabeth.
MS. WARD: Will the announcement in the process for the SNIP be on the website so that we can direct people to track how that happens and how the announcement gets distributed to everyone?
DR. NACHINSON: The education and awareness subcommittee of SNIP is developing their own website. They have asked us to make sure that we link, for the Department to link as much as possible the number of websites to that so that we can direct people, and we certainly plan to do that. Within the next, I would say, 60 days, there should be a SNIP, an overall SNIP website that we can start directing people to.
DR. LUMPKIN: I hope they will be pleasant to deal with, because people would hate to think that they would be snippy.
[Laughter.]
DR. NACHINSON: Any suggestions for other identifiers for SNIP would certainly be welcome.
DR. COHN: I will restrain myself from making any comments about the acronym, however difficult that may be.
First of all, I obviously want to congratulate HHS on the work in terms of getting these regs out. I know how difficult it has been, and I know our concern earlier in the year, and I am delighted to hear that we are getting close to all of these things being finalized.
Stanley, I actually had a specific question for you in relationship to the SNIPs and work that had been going on previously around security. My memory is that last year there was a meeting, I believe at Johns Hopkins, that did a number of draft proposals on how security might be implemented. Is the work of SNIP around security designed to take this work forward, or is that another activity?
DR. NACHINSON: The idea of SNIP is to sort of provide a cooperative portal where work that has been done in many other places is referred to, so the security group will certainly be relying on the previous work that was done last year at Hopkins by the group that has already put together some best practices in security. They felt that there were not enough resources even among 180 people to start from the beginning and be the implementers, but they certainly wanted to draw on previous work, so that is what we will be doing.
DR. LUMPKIN: Kepa.
DR. ZUBELDIA: I know we are going to have a presentation on digital signatures later, but could you update us on the status of that final rule on security and the digital signature part of it?
DR. BRAITHWAITE: No.
[Laughter.]
DR. NACHINSON: Actually, in regard to digital signature, I think we are going to put that off for a little while. Our colleagues at the Department of Commerce are not yet comfortable that there is an agreed-upon industry standard, so they are still going to wait for several months. We anticipate that the security final rule would not include a digital signature standard, but that digital signature standard will be published at some later time either in connection with a different final rule or in a final rule in and of itself.
[Comments off microphone.]
DR. COHN: For those on the Internet, Dr. Braithwaite and I were sort of trading hand gestures. I had a comment that obviously these areas are of great interest to the subcommittee on standards.
DR. LUMPKIN: For those on the Internet and across the room there.
DR. COHN: Yes. We have a large audience. Obviously, the SNIP and other activities are of major concern to the Subcommittee on Standards and Security. We are actually intending in July to have some hearings around early implementation issues as well as tracking implementation. I think Dr. Braithwaite was going to do a little bit of updating on what those areas are going to be looking like.
DR. BRAITHWAITE: Okay, this is not from the department but from the NCVHS Subcommittee on Standards and Security. We are planning a hearing July 13 and 14 to address two topics: One is the local codes issue, which has been a major issue particularly with states and Medicaid because the proposed rule proposed to do away with local codes. By then, we will know whether the final rule does away with local codes or not. The second topic is about some feedback from early implementers about the 4010 version of the X-12 transactions that we expect the final rule will adopt, providing some input to the committee from various geographical perspectives, vendors and clearinghouses out there that have already promised to have these things implemented in a very short time after the announcement of the final rule. So, we hope to hear from them on how they are doing that and what their progress is.
Some input from providers and/or consultants to providers about how they are dealing with this and some input from various organizations in the industry including the WEDI-SNIP effort about how the industry is helping as a whole, the various components of the industry, to implement these standards.
We have just started to call people and get people lined up to testify. So, if you know of some people, some particular individuals and how to contact them, if you think it would be appropriate to add to these panelists, please let myself or Karen Trudell know, and we will talk to them about it. Thank you.
DR. LUMPKIN: Thank you. Thank you to the panel.
Having looked at how many people are leaving, I would like to propose the following change to the agenda. We are scheduled at 3:15 through 5:00 roughly to get reports from the subcommittees. Having reviewed the subcommittees' agendas, I do not believe that there is anything that will be discussed in the subcommittees that will change the reports. Therefore, I would like to move those to noon.
After we have those reports and review of future agendas, we would then adjourn to the subcommittee meetings. Then the subcommittees would adjourn to going home. We will adjourn the full committee after as long as it takes us, 12:30 or 1:00, to carry on the business. Is that agreeable?
PARTICIPANTS: [Comments off microphone.]
DR. LUMPKIN: The vote on the PMRI will occur around that time.
MS. FYFFE: Around noon, between noon and 1:00?
DR. LUMPKIN: Right. I am assuming that the document will be available by then.
PARTICIPANT: [Comment off microphone.]
DR. LUMPKIN: Right. It should be available, and people will have an opportunity during the 11:15 break to review the changes in the document. Then after we have the presentation on digital signatures, we can carry out the rest of the business including reviewing the PMRI. Okay.
Agenda Item: Update on Interagency Working Group on Summary Health Measures.
DR. SONDIK: Good morning.
DR. LUMPKIN: Welcome back!
DR. SONDIK: Thank you. Nice to be here. We are referring to Tab 8 in your books for this. This is by way of an update from the February meeting on summary measures of health. I thought it was really an excellent panel discussion last February. Somehow it seems like a long time ago. As you recall, we heard from Michael Wilson, and from several people from the department, and also someone from outside the department on activities related to summary measures of health, summary measures like dollies, quallies, sollies, hollies(?), whatever you want to make up yourself, years of healthy life.
One of the points that I think was clear from this was just from the people that you heard from the department that there was quite a bit of activity in the department. The fact of the matter was that that activity within the department was not coordinated at all. There might be an occasional passing of one ship and a signal back and forth. For example, I might see Richard Sousman from the National Institute on Aging at a meeting, and we might talk briefly about what their activities were, but they were really not being coordinated or communicated.
For this area, which is getting more and more attention, it is very important that we have a department focus on this. For example, I do not know how many of you saw the paper this morning. The WHO report, perhaps that was mentioned this morning. The WHO report came out. Linda Blankenbaker has a copy of the article.
The health systems of various countries, I am not sure exactly how many countries but many of the countries in the world, were ranked on a five dimension scale. One of those scales is dollies(?). So, there is more and more attention in this area. We felt it was important that the department form a committee, an interagency working group, to do several things. These are outlined in the document you have.
First of all, it is to coordinate. We have talked about coordination with a small "C" if you will rather than a large "C", coordination in the sense of sharing activities, where one activity can support another activity to do that, keeping the agencies abreast of ongoing work. I think it is particularly important from those to foster research and application based on what it is we are learning. Then finally, and this is particularly important for NCHS, to stimulate/simulate data collection activities that can inform and support, and I underline support, the production of various summary measures.
We have had an initial meeting of this working group and had excellent representation from across the department, from HCFA in the north to CDC from the south and a lot of enthusiasm for supporting this committee. We are planning another meeting in the fall, and we are planning on probably three meetings a year with working groups looking at particular activities.
We have included a chart in tab 8 that gives just the briefest of summaries of activities in the various agencies. The size of the box here associated with each agency does really not reflect the magnitude of the activity of that agency. For example, I think the single agency that probably has the most underway is actually the National Institute on Aging which is supporting a wide variety of activities including the activities of the group called REVES. By the way, there are acronyms in here as well. Acronyms were mentioned yesterday at the symposium, and this area clearly has its share of these.
They are supporting longitudinal studies. In fact, some of those longitudinal studies are with the National Center for Health Statistics. They are supporting a number of WHO activities. They are very much in the thick of this activity.
The National Eye Institute developed a visual function questionnaire or VFQ, which is one and a quarter lines here but turns out to have been a very well researched and developed document. That has received a great deal of attention because of the rigor that has gone into it.
So, I just do not want you to get a sense here that this diagram or this table by any means really reflects the wide variety of activities that are underway. I think it really hints at that.
I see this as a significant step forward for the department. I think it is very important that the department, the various components, work together. For example, it is very clear that of all of these activities, probably the activities that could have the greatest impact, and this is - I am speaking now from a personal point of view. The greatest impact is the activities of the CDC because the CDC is working on measures that relate to every state and perhaps every county in the country. When the CDC publishes a compendium of these, this could very well have the effect of moving us toward focus on one measure rather than another measure.
Jim Marks, who heads the Chronic Disease Center, and I have talked about this. We are both agreed that at this point, it seems premature to settle on any particular summary measure of health but that we really need to explore multiple measures, and we need to understand the implications of using any one of these. That said, the CDC does have a number of activities underway that are looking at dollies. We, both of our agencies, hope to be supporting research that will look at the implications of dollies for decision making as well as other measures including years of healthy life.
That, in a nutshell, is an update on the establishment of this committee.
DR. LUMPKIN: Any questions? Dan?
DR. FRIEDMAN: Ed, most of the measures that are referenced here are survey based, which really have the advantage of richness and flexibility but the disadvantage of being able to, as you mentioned, drill down to smaller groups or state or local areas. At the last meeting, we heard from someone who was discussing the leading health indicators for 2010 who said that state and sub-national measures were not - that they were on the back burner or were not on the back burner, or something like that. It indicated that, at least for the leading health indicators, there had not been a lot of attention given to the capacity for subgroup or sub-national measurement.
I was wondering if, as part of this effort, in addition to - wondering if, as part of this effort, there is any thought being given to using non-survey-based summary health measures or survey-based summary health measures like dollies that might have a more specific national, essentially, plug-in rather than an international plug-in?
DR. SONDIK: Let me respond first to the leading health indicators. There is a great more than interest in activity in the department right now on looking at the data requirement for the leading health indicators not only at the national level but also at the state and below that level. In fact, I have a meeting at noon concerning exactly that.
I would say that ought to be mentioned in here but is not, and it probably is not because there is a - because when we talk about summary measures, we are thinking about single dimension, if you will, measures like a dolly(?) or whatever. I think that your point is well taken. Certainly the activities in the department like leading health indicators would certainly be mentioned and should be a part of this.
As far as specifically summary measures of the type that you mentioned, I think that the number of areas in the department would be very open to that. I am sure that, for example, CDC would be happy to think along those lines. Of course, the Offices of Disease Prevention and Health Promotion, I would think, would also be very much attuned to thinking along those lines. I will make sure that this gets into the agenda.
There are other activities that are represented here that some people might not immediately think of as involving summary health measures. For example, measures that are used in clinical trials to judge the overall health of one group versus another group also are included here. There is a lot of NIH activity in that area, less so in the rest of the department, but clearly that is an important component related to summary measures.
DR. STARFIELD: This does not direct back on your description of what is happening here, but it does talk about the World Health Organization report, which is a summary-summary measure of five different measures. Do you have any insights or any knowledge? One of them sounds completely weird as described in the paper, and that is an index of fairness, which is that each household should spend an equal amount of its non-food expenditures on health care, which seems completely bizarre to me.
DR. SONDIK: This is the first - actually, talking to John Isenberg was the first that I had heard about that. I do not have any insight into that.
DR. STARFIELD: Whatever it is, an equal percentage. Some households have more needs than other households. Why would they spend an equal percentage?
DR. SONDIK: You know, I think - I do not know what the measure is, whether the measure is looking at variance or whether the measure is - or what it is doing. I just do not know. It is very hard to tell from the scientific journal that you are reading there just what that -
[Laughter.]
DR. STARFIELD: I should mention, for those who are going to attend the International Society for [commenting too close to microphone causing feedback] next week, there will be an unveiling of the details of the report.
DR. LUMPKIN: Other questions?
DR. SONDIK: We will keep you informed of progress in this area which -
DR. LUMPKIN: Actually, I just had a comment. One of the areas that I think states would be very interested and concerned about is the extent that - scalability, obviously, of the deliberations. I know that we in Illinois are expending a fair bit of effort and resources to assure that what we do at the state level is accessible at the county level because that is the level at which we do our planning. Certainly the states will have a lot of interest in what you are doing.
To kind of follow up on that, and this is just an offer, and I will not put you on the spot exactly at this particular point. One of the things that I think was a very important part of the relationship of this committee to the department during HIPAA was the participation of members of this committee on the various work groups within the department. I would like to suggest that perhaps we could also do that in relationship to this committee.
DR. SONDIK: I think it is an excellent suggestion. I would be happy to bring it to the committee. I would think the committee would welcome this. This is something in which the activities we are looking at are activities that are going on within the department but also things that are going on outside the department. The more we know about that, the more we understand the needs, the better it is for the department.
DR. LUMPKIN: Thank you. Next point?
DR. SONDIK: Do you want to introduce this or should I?
DR. LUMPKIN: Go ahead. We have that under Tab 9.
DR. LUMPKIN: This really is a continuation of discussions that we had at the last meeting about the ongoing relationship between the NCVHS, the inches, National Center for Health Statistics. Following on the theme from yesterday.
PARTICIPANT: Some would say non-inches.
[Laughter and comments off microphone.]
PARTICIPANT: We can take that off the Internet. It is a ten-second delay.
DR. LUMPKIN: The ongoing discussion has been centered around the fact that our plate has been extremely full as a committee, and we have not been able to serve a role that the committee has historically played, certainly from its inception, playing a key role in the development of some of the earliest health surveys. Yet, the committee, I think, continues to believe that we need to play a role and that there needs to be coordination amongst advisory activities of the department.
So, we have a proposal that is before us that was prepared by the NCHS that would discuss how they would form a board of scientific advisors or scientific counselors that would provide that sort of technical advice on the survey process in their relationship with the NCVHS. Do you have anything to add before we take questions or comments?
DR. SONDIK: Just that -
DR. LUMPKIN: Do you want to walk through it?
DR. SONDIK: Well, let me just say a word, I guess. There is just the need for continuing advice at a number of levels, two levels, I suppose. One level is at the level of the actual activities that we have, whether they are surveys, or standards development, or methodological research related to small area estimates, or research on identifying populations that have particular health needs, or whatever they might be.
There are these different levels, one at that level, and then there is an overall policy level that is also important. We have these continuing needs for this. For example, the HANES program is now continuous rather than being cyclic and going on for six years and then off for a period of time and then back in the field for six years.
What we hope to do is to have this continuous and, as a continuous program, rotate in new tests on a periodic basis and then rotate them out. The process by which we solicit ideas for those tests and decide on which tests is one where clearly the community at large needs to be involved. I think this is a very important role for a Board of Scientific Counselors as well as for other boards that would review the issues, overall issues about the center, and particularly issues related to resources and allocation of resources across the center.
The issues, as I said, come up all of the time. At this point, we do not have a group that is concentrating on the center, but many of you clearly know a great deal about it. We periodically go back to you about various issues, but we do not do that on a formal basis, and I think something that is more formal would be of great benefit to the center.
As you said, given the agenda of this committee over the last several years, it has been very difficult to focus on the center. We certainly are in need of this advice and are open to suggestions as to how to incorporate this committee and others in this process of advising us.
DR. LUMPKIN: Paul.
DR. NEWACHECK: Just a question, Ed. You implied that there might be two committees or boards, advisory boards, one which would be this scientific advisory board and the other would be more of an executive or policy advisory committee? Is that correct?
DR. SONDIK: What I was thinking is, and this is what this proposal is, is that this committee would continue its role of working with the center, but we would establish in addition to this committee a Board of Scientific Counselors that would work at a more nuts and bolts level, if you will, with the center.
This is patterned after the way much of NIH works in which each of the institutes has an overall advisory board or in some cases an advisory council and, for the intramural programs, has a Board of Scientific Counselors. I see NCHS as being an intramural program, a unique intramural program, but I certainly see it in those terms.
I think as an intramural program, it is important that there be this type of activity, this Board of Scientific Counselors. For example, one of the things that the Boards of Scientific Counselors do at NIH is they review - periodically, they review the research underway in the different intramural research components. It is essentially a peer review function. This judgment on the level of research, the relevance of the research, the quality of the research, is then fed back to the overall BSC and the communicated back to the director of the institute.
I would see that same type of activity happening here in which the functions of the center would be reviewed periodically, whether it is HANES or the Health Interview Survey or the Longitudinal Survey on Aging, whatever. There would be a periodic review of the quality in a formalized way that, at this point, I do not think we are really able to do.
I think that would be an important function of the activity. This would allow us to do this in a way in which we have a kind of continuing corporate memory on the committee that we would not have by pulling together, if you will, ad hoc groups.
DR. LUMPKIN: Dan.
DR. FRIEDMAN: Ed, I completely agree, and you have completely convinced me of the need for an ongoing, stable advisory group. At the same time, I have sort of three reactions to the document, one of which is I think that it is going to be essential to essentially parse the functions of the Board of Scientific Counselors and NCVHS very, very carefully so that it is absolutely clear who is going to do what so that there is not any apparent or possible overlap.
Second, in the document, you talked about the relations between the two groups. I think to the extent those relations can be greater rather than fewer and institutional rather than purely personal, it would minimize the overlap. Personally, I am not convinced, and as the Lord knows, it is nothing against chairs. I am not convinced that having the chair of the Board of Scientific Counselors sit possibly as an ex-officio member of NCVHS is going to be enough to really institutionalize that relationship.
Third, and in some ways this is really minor, but in some ways it is the most minor concern and at the same time it is also worth mentioning. Sooner or later, I think somebody is going to say, well, we have a National Committee on Vital and Health Statistics, and we have a National Center on Health Statistics, and the National Center on Health Statistics includes health statistics and vital statistics, and we have an NCVHS, and now we have a Board of Scientific Counselors. I think we are going to have to do a really good job of defending and clarifying why we have got an NCVHS and why we have a BSC for an NCHS.
DR. SONDIK: I think those are very good points. I would go back to the point about the evaluation of the activities, the detailed evaluation of the activities. I think any organization needs that. We could do that. I mean, there are two alternatives to do it, it seems to me. We could do it on an ad hoc basis, in which case we would not have to have the committee go through the FACCA(?) process because each time that we do it, it would be an ad hoc group. That is the committee approval process that I think you are all familiar with, too familiar, I would think.
Regardless of whether we have that group, we would go through this process. The idea, the benefits from having a group that is more formalized, has a longitudinal arrangement, relationship with the center, I think that to me, there is great benefit in that.
I think that - you talked about sort of not overlapping well-defined functions. I think that there should be some overlap because I see the BSC, at least in the way that I am thinking about it, and I know there is not that much detail here, but in the way I am thinking about it, I think it would really hone in on the individual programs within the center. What I want this committee to do is to also think about the individual programs of the center. This committee is really tuned to thinking about this in relation to overall health data policy, HIPAA type of issues, a wide variety of things that I do not think the Board of Scientific Counselors would be tuned to because of its focus on the individual programs.
I see one as more of an envelope, if you will. The other is a bit more compartmentalized.
DR. LUMPKIN: Barbara.
DR. STARFIELD: This is variance of the previous two questions. As Lisa said at a previous time how the devil is in the details and talked about parsing, both of those are real issues for me. If I look here, you have seven functions listed here. I actually think there are two more that with my familiarity of the center I would certainly think are relevant.
One is the operationalization of measures. You have things you want to measure, and the question is, how do you measure them? The ninth one is something you may need, the advocacy for the center. I think that needs to be added.
If you try to divide those nine into policy functions and technical functions, most of them turn out to be policy functions. Those are things that I think most of us on this committee would think need to be considered by this committee in the context of all of the other things that we deal with.
DR. SONDIK: I think that is absolutely true, and I do not want this committee not to do that, but this committee would be in a much better position for doing this if it had input to it from a Board of Scientific Counselors that was looking at the details of the individual programs.
DR. STARFIELD: Now you are defining something different than is in this document. You are talking about a committee that would basically report to this committee.
DR. SONDIK: No, I do not see it as reporting to it, but I see it as reporting back, if you will, as opposed to reporting to. I mean that I am open to all, any relationship. The bottom line for me is that we have the kind of ongoing review and consultation that we need. This is at least one proposal for doing that.
DR. LUMPKIN: Simon.
DR. COHN: I am actually sensitive to your needs, and I actually agree with most of what has been said including Lisa's comment during the conference call that the devil is in the detail.
I guess I - my understanding of the national center is that you do a variety of things. Certainly this document seems to be focused on, at least to the best of my understanding, surveys and data gathering. I think that is at least as I read this, but I am also well aware that there are other functions of the national center which includes ICD and other activities. I guess I read through here, and I see things that I cannot decide sort of what is in and what is out.
What I seem to read here is that you really need advice and guidance around surveys and data gathering. At least from my view, I would probably be comfortable with the scientific counselors for surveys and data gathering, which to my view is a little different than an overall set of advisors for all of your activities. I do not know what you are thinking here. Was this intended to be for all activities of the center, or was it just focused on surveys and data gathering?
DR. SONDIK: The way that I saw the committee, the makeup of the committee, as I saw it, would be looking at it from the standpoint of what expertise do we need to look in detail at the center's programs. Those programs would include, for example, ICD and standard setting. The fact is that the majority of the center's activity has to do with data gathering either through the vital statistics system or through the number of surveys that we do, through the development of new technology or new types of surveys that we might do in the future, that sort of thing.
I did not see that, and maybe this is what Dan was getting at as well. I did not see this really as that anything was off limits to either the BSC or off limits to the NCVHS. I saw it, again, as really NCVHS as taking perhaps more of an overview but certainly as a function of the issues that may come up getting involved in detail as well.
Your charge, I mean your plate, is, to echo what John said at the beginning, seems to be so full that it does not seem possible at this point for you to be able to spend the kind of continuing time with the center that the center really needs. So, I do not see - this should not be viewed as being limited to say four major surveys, for example. I see it as dealing with the center activities overall.
DR. COHN: Thank you. I will make a comment on that. Thank you for clarifying, because it was not at all clear to me. I think I had been going on with the discussion feeling that what you needed was some assistance and guidance around surveys and data gathering. I guess we feel pretty clearly that the national committee has a major interest and involvement with the whole issue of national code sets, ICD, et cetera. I think my view is that is really the province of the NCVHS, and I would speak against that piece being delegated off to a Board of Scientific Counselors. I guess I would be speaking personally on that one.
I am not sure exactly what to do with this. I do understand that you do want some ongoing guidance.
DR. LUMPKIN: Paul?
DR. NEWACHECK: Given that our plate is full, as everybody has said, it is hard to see how exactly we would be able to provide ongoing guidance on a continuing basis. I am wondering what you are thinking about, Ed, in terms of how you would like to see our role? I mean, it obviously is important to the committee that we do this, but given all of our competing demands, it is not something that is easy to see how that would work. Do you have some thoughts about that? I have a better sense about how the BSC would operate and function than how, at least in your proposal, how we would function in terms of being advisors at this higher level, the policy level?
DR. SONDIK: Over the past few years - let me give you some things that we have not done that I think would be very useful. For example, I think a report on the center on an annual basis is important to do, and we have not been doing that, one that gives an overview of the activities.
Given the significant familiarity with the members of this committee and the center, I think this can be done in a relatively succinct kind of fashion and still get across what is going on; something that focuses on sort of new activities and activities that we are no longer involved in; a review of resources and where the resources are going across the various components in the center; training issues, staffing issues, that sort of thing; something in which the purpose of this review would be to give you an idea of how well the center is operating, whether it has significant problems, and an opportunity to pose those problems to you for your advice on how it is that we could solve them.
We have not been doing that, and I think that would be important. I think it is important to do.
Perhaps at one or more times during the year, an update on activities in the center, much like the update that we just heard from the Data Council, I think would be useful, perhaps at every meeting. Now, if there is really nothing to say at that point, then that can be said, but there are a number of things that change over the year, new activities that we are involved in, again, issues that may come up.
DR. NEWACHECK: I think that is an excellent idea.
DR. SONDIK: I think this would have the center have the committee much more involved in the life of the center.
DR. LUMPKIN: Lisa.
DR. IEZZONI: Ed, I feel like one of the old guard here because I have been on this committee long enough to remember that before HIPAA came along, we were a lot more involved in kind of oversight of what was going on at NCHS and survey coordination, and so I think that - I am chairing the Subcommittee on Populations. There has been some guilt I have been feeling that we have not been able to do for you what your committee did do in the past, and I apologize for that.
I wanted to make two points. The first one is, you are going to have to recruit people to serve on this council. Are you going to pay them? No, just kidding. The basic question is, I mean, you are going to have to try to find people who will serve on this, and feel that they are spending their time well, and that they are being listened to, and I think that you are going to have a challenge trying to find the right kind of people.
If you find people who are the real aficionados and the users of the specific surveys, they are going to come with a very different perspective on how they want to spend their time than if you are able to recruit people who have a kind of broader knowledge of code sets and all that kind of thing. I think the constituting of the committee is going to be a challenge.
The second point that I wanted to make is that I think that you do need somebody to give you some detailed advice on the surveys, but it is going to be important, as Jim Scanlon was talking about, the Data Council trying to coordinate across different agencies to make sure that you have buy-in from some of your sister agencies to maybe attend or as ex-officio members join this council.
Let me just give you an example from our April meeting. We had a presentation from your staff about the redesign under the functional status measurement in the National Health Interview Survey. We talked about how that is different from what is in MEPS. It is really frustrating for those of us who use both the Medical Expenditure Panel Survey that is funded by ARC and those of us who use NHIS and try to compare across the two surveys functional status information. We cannot really get it, especially for vision impairment and deafness. The measures are very, very different.
If you are going to have people serving on this committee who want to really get into the survey part of it, they are going to want to have people from ARC available to them so that they can talk, as Paul talked about earlier this morning, the issue that surveys, if they tweak questions slightly differently, are going to come up with very different ways of looking at the same kinds of concepts. Have you thought about that at all, that issue?
DR. SONDIK: I must say that I had not thought about membership, if you will, ex-officio or otherwise from other agencies. I would be happy to admit that to this. I would have no problem with that. It also could be - actually, for the kind of thing that you mentioned, it actually is sort of an issue as well for the Data Council and its deliberations.
PARTICIPANT: Yes, let's let the data strategy group review it.
DR. SONDIK: That is certainly is an area in which we could do that or a venue in which we could do that. What I would see on the BSC is, for example, having someone let's say from ARC who is an expert, let's say, in economics, for example, who could bring that point of view, which is one that is not really present other than in maybe one and a half people at NCHS, to really bring that to the table. In the sort of the functionist kind of the visiting committee, if you will, the peer review group of a particular program, I think that kind of expertise would really be needed. I think in terms of what the components of HIS should be and that sort of thing, it strikes me that that is a place for the Data Council to be involved because it is kind of a level up from that.
DR. IEZZONI: I agree, but I assure you that the members of the committee, the people who are sitting around the table, once they start talking about it, they are going to want to not punt it up to a higher level committee because they are going to be feeling, this is my valuable time; how am I spending it? Am I spending it with people who can help me think through how to solve this? So, it is kind of - my reaction to that comes from having served on a committee and punting notions, sorry, Jim. We will talk about that just for about ten seconds during the committee report. You know, submitting things to a higher level to feel that you are not really accomplishing what you are spending your time there to accomplish.
DR. SONDIK: Let me just mention. If I could go back, actually, to one point that Barbara made. You added another function actually. I think it was something like constituency. In the sense of people who use the information being closer to that and dealing with people, in a sense, on a more detailed level, then I suppose that is one function. I do not see that as a principle function of this. I mean, in terms of the use of the data, yes, but in terms of building a constituency, that sort of thing, I do not think that is a principle function of the BSC. I really see it more as a scientific advisory body for the center.
MS. FYFFE: Ed, I would like to give you my reaction to some of this and also pick up on something that Lisa said. The expert volunteers around the country now are stretched pretty thin, and it is only going to get worse. Have you considered contracting to consultants or to experts and giving them the incentive of money so that you can get some commitment to get some assistance? Do you have contract money that you can use?
DR. SONDIK: First of all - well, I have not considered that. This activity is certainly not free to us by any means.
MS. FYFFE: Right.
DR. SONDIK: Whatever it is. It strikes me that to do it under contract would not be in the peer review spirit that I would like to see this.
MS. FYFFE: Oh. Okay.
DR. SONDIK: I did not think, I mean, Lisa certainly is injecting a note into this that I really had not thought about which is how difficult it might be to find people. Maybe it is my enthusiasm for what it is we do, but I felt that the problems and issues are sufficiently exciting that it would be possible for us to identify people who would be willing to do this for a variety of reasons.
MS. FYFFE: I mean, there may well be.
[Comments off microphone.]
DR. IEZZONI: --what the term would be and make it really clear, right?
MR. SCANLON: Again, I start off my remarks by completely sympathizing with Ed in terms of the need for some sort of new look above the center at what goes on there. The NIH model is certainly one to look at. But, I worry about just a couple of things, and they are the same things that have come up already. One is in terms of scope. Secondly, it is in terms of policy versus science and technical advice. The third really is some link to some sort of a threshold mechanism and a personnel mechanism to this committee.
I guess in my first point, I worry that HHS and this committee has spent a lot of time trying to get at least a perception of a place, one place, where people can come to discuss these sorts of issues. I would worry to the extent that another committee may actually be sending a different signal, that there is another place to go for health statistics policy and so on. I think that worries me somewhat although I think that what that would lead to is a clear delineation of what is policy versus what is not, and the threshold mechanism that when a certain level of interagency or broad interest was reached, there is a threshold that brings it to this committee or somehow invokes a broader view.
I would be comfortable, actually, with the concept of scientific and technical advice. If your list here was preceded by the function to advise NCVHS on scientific and technical aspects of the following with some sort of a threshold mechanism that was open so that when an interagency issue came up that was not scientific or technical, it was policy, it was related to some other issues, that there would be a way of at least linking it to this committee or some broader issues as well.
Then I think in terms of mechanisms, rather than have the chair serve on this committee, which would be a little complicated, I would think that we were earlier thinking about perhaps having, and I do not see any volunteers yet, but someone from this committee who would actually serve in some capacity on the board.
DR. SONDIK: I think those are very good points. I am trying to remember back to the original time when I first talked to John about this. We were thinking of a body that would essentially be an extension of this body, as I recall. For reasons that escape me at the moment, it did not seem - I think there may have been issues related to the constitution of this body. Marjorie, do you remember?
MS. GREENBERG: It was talked at one point about a subcommittee of additional technical experts, but that would require, since the committee is 18 members, in legislation, it would require opening up their committee's legislation which nobody thought was a very good idea. There was also some discussion of getting at that probably - although it is ideal in some sense, I think, if it were possible, but it probably is not practical.
There was also some discussion of the Board of Scientific Counselors making recommendations through interacting with NCHS as you describe but bringing some of the recommendations maybe at this threshold level, I do not think it was thought out very well, but to the NCVHS. That was one suggestion.
Another was having maybe one joint meeting per year which would focus on - although the committee would still do its mandatory business but would focus more on these population-based health statistics issues. Those were some of the suggestions, I think, that came up.
DR. SONDIK: I would certainly be open to modification of this particularly along the lines that Jim mentioned.
DR. LUMPKIN: Kathy.
MS. COLTIN: I share some of the concerns of the other committee members. I look at it from two perspectives. One is that when I look at the list of activities here that you have laid out, in my mind, they kind of sort into the what and the how. Within each of those, there is a high level "what," like what your priorities are at the center, down to a very detailed what of what questions should be included in particular surveys. Just as "how" also sorts into a very high level of evaluation of the center's activities, how well are you doing carrying out your charge, down to the very detailed "how" of how you would minister and gather data for a particular survey. The "what" is more policy oriented and requires really, I think, a broad perspective of what is going on in the other agencies as well as what is going on in NCHS. Our charge has been to advise the Data Council and is more consistent with that broader role around the "what" questions.
So, I feel a little uncomfortable letting go of what I see is the "what," the fourth bullet, the third bullet, and perhaps some portion of the first bullet, as well as the issues that Simon raised around coding which clearly have a long history in this committee. I would feel more comfortable having this technical advisor board deal more with the "how" than with the "what." Perhaps that is a way to think about some of the division of responsibility and how the committees relate, not that there would not be some overlap in both of those but that major responsibility might divide along those lines.
The other concern that I have is that a large majority of the staff support that is provided to this committee and to its subcommittees comes from NCHS. Were NCHS to set up another advisory committee, it would also require staff support. What would be the impact of that on NCHS's ability to continue to provide the level of staff support that it has to this committee and its subcommittees?
The other is that I share Jim's concern about sort of the diffusion of focus in the audience and constituencies about where to go around particular issues. Also, it is competition in a way for bringing in outside experts to come and talk to us. Are they going to want to come and talk twice to two different committees that might be looking at similar or related issues? So, resources, I guess, is my second concern.
One thought that I had is to really have the Population Subcommittee rethink its charter to some extent and see how we might better support some of your needs, particularly what category and perhaps consider some overlap in membership with the new technical group that you are proposing.
DR. SONDIK: I understand the concerns that you are raising. In terms of the members of this committee serving on that committee, that obviously - given that this is the hardest-working committee in the advising business, and I think from what I have seen, I think that it actually is, I think that might pose some difficulties, but I would certainly welcome that.
I would also welcome the Population Subcommittee taking another look at its own priorities and involvement with the center and what it is - and focusing both on the "what" and to the degree that it is appropriate, that it feels appropriate, on the "how" as well.
I come back sort of to - I understand the issues that are being raised, but I come back to the question of how can the activities of this committee be meshed with that of the center on a more effective basis than it has been? It seems to me still that we need additional people involved with the center, additional advisors involved with the center on a continuing basis.
I think that if I sat on a BSC for the center, I would feel that I would also want and have a right to talk about part of number one on here as well as issues about priorities. Again, this is advice to the center just as you give advice to the center. I think it is kind of hard to say that something is, if you will, off limits. I think that what committees do, in my experience, is a function of the agenda that is set. If the agenda is set to comment on the overall priorities, that is one thing. If the agenda is to look at the issues in the design of HANES and it is representation of minority communities in HANES, that is another issue. Actually, the latter one is actually an issue that actually is important to this committee, and it would be important also to, on a more detailed basis, to any committee that is looking specifically at HANES.
DR. LUMPKIN: Simon.
DR. COHN: I am not going to repeat what everyone else has said. I think I am in this conversation searching for what the expected outcome of the discussion is about an individual bullet that is going to occur one way or another, at least as I understand it. I am reminded in our conversations that we brought this up at our last full meeting, and I think we had agreed to refer this to the Executive Committee to talk about it in the context of strategic planning.
Now, what happened was that there was a relatively, I will not say brief, but there was certainly not a full discussion during a conference call of the Executive Committee. I am struck that these issues are really strategic planning issues. There is a piece here that goes, gee, is it really the needs of the National Committee on Health Statistics, the National Center for Health Statistics. On these issues, can the NCVHS meet those needs? What are the priorities of the NCVHS? What else does the National Center need?
It is hard to have that discussion in an hour at a full meeting, but it is probably really part of the strategic retreat with recommendations coming back to you and the NCVHS. I think that is my thought about next steps.
DR. LUMPKIN: Which we are doing in August.
DR. COHN: Exactly.
DR. FRIEDMAN: This is sort of a marker, Ed, but at some point as you are listing functions, despite our name including vitals, I think that vitals would do well on your list as well because I think it is clearly going to be a limited extent to which NCVHS is going to be getting into those issues.
DR. LUMPKIN: I think if I can try to summarize what I heard, I do not know if I can do that. I think that first of all, the committee certainly recognizes the issue that has brought you to the table and recognizes the fact that with the expansion of the committee's responsibilities, particularly under HIPAA, that that has really changed our focus. Almost, it is kind of like a divorce in a sense, and now we are trying to figure out what to do with our children, the children being much of the work of what the NCHS has done but has been handled so closely by this committee. We are kind of talking about visitation rights.
DR. BRAITHWAITE: Do you have another analogy?
[Laughter.]
DR. LUMPKIN: I think that in many ways, the concern of the committee reflects our new role and responsibility, which is to create a focus that is seen as a department-wide focus. We have had a number of discussions, even the one earlier where the question was asked, Is HCFA playing in that game?
I think that one of the things that has happened through the HIPAA process is that this has been a place where HCFA has been working, that they have staffed the committees. A lot of federal agencies, hopefully over time, will begin to see that not only is the Data Council a place to go to meet but the NCVHS is a place to go to agree and to get that sort of input. Looking at that relationship, how can we give you the kind of advice that you need, and certainly the Board of Scientific Counselors is one approach.
My suggestion at this is that we do a couple of things. First, it is that this is an item that we will spend some time with at our retreat in August, in the latter part of August, of the Executive Subcommittee. The second is to try to come back with another iteration of this particular document. I think there are some concerns, which you have heard. I think that they can probably - many of them can be addressed, but perhaps part of the difficulty is that the level of detail of the document is probably not what would ease some of the concerns of the members even though I think the issues as you are describing them are ones which they can agree with.
DR. SONDIK: What I would like is a sense from the committee. If something like what is being proposed here in which there would be another body that would have a relationship with this body would be acceptable if clearly the devil in the details could be resolved? If not, then this puts us in a position of needing to do things on much more of an ad hoc basis in terms of getting this advice.
Kathleen mentioned contracting. We do contract at this point, but what we contract on tends to be very narrow issues, questions, and analytic types of things. That is not the kind of advice that I am looking for. What I am looking for, for the center, is advice on the quality of the work that we are doing. It is judgment of that, and an assessment of that, and then guidance on how to improve that quality. I am looking for holes in what it is that we are doing. What aren't we doing that we should be doing, which I think both of these now are the province of this committee.
In order to do this for an activity of the size of the center and the diversity in terms of the activities of the center, it seems more than this committee can do. My question is really do we look for a mechanism here in which we do not have another body, or do we think that we can formulate a body and a relationship between these that can give us this guidance?
DR. LUMPKIN: Would it be fair to say, and then I will look to the committee, that what we perceive is the task is how to define a mechanism that divides the roles and clearly delineates responsibilities of two bodies as being the direction that we are moving forward and see as the ultimate outcome of the process? Is that a fair statement?
PARTICIPANTS: Yes.
DR. NEWACHECK: We all recognize that we cannot provide everything that you want, so there really does have to be two bodies somehow with a good mechanism that relates them together.
DR. LUMPKIN: The direction that we are moving to is a comfortable way to have two bodies recognizing roles and responsibilities of what the committee is under its current charter and recognizing your needs, but I think what we are really looking at is how to delineate the functionality of the two bodies. Dan.
DR. FRIEDMAN: I would just add a clause or a phrase in the middle or two words, two closely connected bodies.
DR. LUMPKIN: Okay.
DR. NEWACHECK: Could we also add or incorporate -
PARTICIPANT: [Comment off microphone.]
DR. NEWACHECK: -- incorporate Ed's suggestion that he be included or a member of his agency be included in the briefings that we get or the updates -
PARTICIPANT: Oh, yes.
DR. NEWACHECK: -- from the department on a regular basis so that we become a little bit more involved with the full committee, and that also we take up Kathy's suggestion that the Subcommittee on Populations discuss at least kind of the level of potential involvement of our subcommittee anyway?
DR. LUMPKIN: Yes, everyone agreeing to that.
MR. SCANLON: Just a point of clarification. The charter for this committee is broad enough to include the functions that Ed is describing. There would be no need to change this charter if that was an issue. The charter here is quite broad and covers a lot of territory, policy and technical.
DR. LUMPKIN: Okay, I think we have -
DR. SONDIK: Just one more comment.
DR. LUMPKIN: Yes.
DR. SONDIK: I do not want anyone to leave feeling that I personally or others in the center feel that there should be a divorce.
[Laughter.]
DR. LUMPKIN: Okay, bad analogy
PARTICIPANT: Very bad.
DR. SONDIK: If anything, I feel that I would like the role of this committee enhanced in this. I saw this as a way - even though some see this as sort of a division, I saw this as a way of really enhancing the role in the sense that much more input would come to this committee on what the center is doing, much more input from, if you will, a third party to come to this committee. That is crucial.
Particularly given our location within the department, the fact that this committee views health statistics and vital statistics as its critical charge and reports to the Data Council/Secretary, actually the Secretary/Data Council, is really critical for us. What I am trying to do is to enhance the advice that we are able to get and, in a sense, provide leverage with this committee, particularly on these overall policy issues.
DR. LUMPKIN: Thank you.
DR. SONDIK: Okay, thank you.
DR. LUMPKIN: At this point, we are scheduled to have a break. In light of what we are going to be doing over lunch, I guess we should take a break.
[Brief recess.]
DR. NACHINSON: --the president and owner of Tex-Ec(?) Incorporated. Jay has 33 years in the security industry. His company for the last ten years has provided security consultant services to the U.S. Navy, the IRS, the CIA, HCFA, the Social Security Administration, and has just signed a contract with the U.S. Post Office to provide digital signature services.
He is serving as a consultant to HCFA on how the implementation of digital signatures should be handled in an electronic environment. Today, he will gives us a brief discussion on information security and how PKI fits into this area.
DR. WYCK: Thank you. If you do not mind, I will stand.
PARTICIPANT: You have to use the mike.
DR. WYCK: What I would like to do is talk about information security foundation first and set a baseline because we are probably dealing in an area that has more confusion and more misuse of terms than just about any other area short of your own, medicine.
Trust is the foundation that we are dealing with here. The establishment of trust is something I will spend a great deal more time on, but that must be established first, trust.
Interoperability, because of the scale, is a huge problem in this particular realm. That is, what I do, is it consistent with what you do, is it consistent with what is done someplace else.
Scalability, the size of this, is enormously problematic. We are talking about some grand movement societally from a paper-based system to an electronic system. This is not trivial. This is a major, major event.
The idea of adherence to standards, which is how we get anything done, and the difference between authentication, confidentiality and security, and they are very, very different.
What is public key infrastructure, PKI? Besides being promised to the world as a solution, it is just a small piece of what is necessary for us to move into the electronic age, a very small piece. It is also probably the most important piece.
If you think about data, and you handle data in this audience probably more than just anyone else would, it is useless less you have some idea as to where does that data come from. Can you associate with that data some reference? At that point, it becomes information, and with information, you can then make judgments and go forward with a decision. Again, the premise is, what is it and where did it come from?
It is also known as a trust hierarchy. The idea here is, how do people who are not necessarily familiar with one another work together? In a day-to-day basis, I might say that I know Dr. Christoph. That is very good; we have a trust relationship. Dr. Christoph introduces me to Ms. Ward. I am not going to talk to Ms. Ward in the same way that I talk to Dr. Christoph because there is transference of trust that has occurred.
What happens when you deal with an electronic trust representation is that you are now going to say that I trust some third party to allow the two of us to talk to one another with some sense of comfort. That is very, very difficult to do.
In the last 10 or 15 years, there are several billion dollars been spent putting commercial enterprises in place from companies like Verisign, GT Cybertrust(?), IBM's trusted vault. Any number of products has been put into the marketplace with the idea that they are going to somehow establish this trust. They are pieces of software. They are manufactured by a company to give you a tool so that you can establish a trust.
If you recognize the functional pieces of a PKI system or a public key infrastructure, it starts at the top. It is a hierarchical system. That is, you have a certificate authority. The idea is how to register with that certificate authority. You are going to have a problem with that in that you now are trying to figure out whether I am still a good guy two years later. So, that is another problem with the revocation lists.
Then there is the issue of key backup and recovery. I suspect that you remember the clipper chip and the debacle that was associated with whether or not the government was going to have access to everybody's information. We were right in the middle of that, and I am very proud to say that I am a big part of why that does not work.
Cross-certification is the bugaboo of the whole system. Cross-certification only works if everybody is equal. If your company is equal to my company is equal to the bank is equal to the post office is equal to the government. It is never going to occur.
What I am painting here is not a hopeless situation. What I am trying to paint for you is a situation that has been examined over the last 15 years to tell you that it is not easily done.
A component of PKI is digital signatures. Digital signatures are what? They are a cryptographic representation of a value and a way for you to assign to some electronic transmission some authentication or identity, that is, it came from me. Somehow, we are supposed to believe that this is a true thing that can be proven, and proven to a degree that it can stand up in court.
I notice that we have some lawyers here, and I would suggest that they would be the first ones to tell you that this is going to be difficult and a lawyer's field day. It cannot be something that is done mandated.
I know that we have House Resolution 106 that says that electronic signatures are moving forward as an acceptable means of relationship. If you read the wording of that, I think you will find that what it says is that if you and I decide to accept a chop mark, if you and I decide to accept a visual representation of face, whatever we decide to use is acceptable if it is in electronic form. Very, very broad.
There is a part of me that is applauding the broadness of this because it leaves a lot of room for technologies to be introduced that have yet to be developed. There is another part of me that says it is also good that it is broad because it does not confine us to digital signatures and to public key infrastructure.
Infrastructure is another problem that is associated with this particular process. One of the things that I am concerned about and have been involved in for the last number of years is that there are very few infrastructures that are large enough to support what we are trying to do here.
If you think of the government in terms of the military, the military has spent a half a billion dollars a year for the last seven years that I know about - I do not know how much they spent that I did not know about, but a lot of money - to try to put up an infrastructure within the military domain that would allow a PKI to be implemented. It has failed. The mathematics are not good. The impact on the performance of the networks is bad.
There is still a question of this transference of trust. There was one particular pilot that was done out at Pax River between NAV-C and NAV-SUB. They spent a year trying to make that work. Now, this is two Navy organizations on the same base, and they could not make it work. I cannot imagine what we are going to do when we extend it between the Navy and the Air Force.
The idea is that you have a trust hierarchy. It is my belief that there is an infrastructure in the United States today that will give you that trust hierarchy. It is large enough, it is complex enough, the brick and mortar is in place, and it already has the respect of the citizen, and that is the United States Post Office.
I am in part responsible for what the Post Office is bringing to the public in the next several years. We have been doing pilots for two and a half years. I do not mean this to be a commercial ad; I am just pointing out that the Post Office, as a government entity, has the breadth and size and trust that is necessary to make this type of a circumstance work.
Is this necessary? Absolutely. We have the paperwork reduction and paperwork elimination act, which has been bandied about in the last few months as being essentially failed. There was an objective to reach by the year 2000 a 40 percent reduction in paper, and I think we hit a percent and a half. Not very well done. The reason was that there was no adequate way to associate information and the individual generating that information and to transfer the trust so that information could be used. It is very difficult.
One of the things that we are talking about here is the rock solid trustworthiness of identities. If you can imagine somebody like UPS getting in the midst of this, and I pick UPS because it is a contrast and competition to the Post Office. The UPS driver comes up to your door, and he says, "Here is the kit for you for your digital signature." Oh, by the way, nobody is home, so he leaves it against the door. This is not quite what we had in mind.
What we have in mind here is an absolute process of face-to-face, in-person proofing. If you do anything less than that, you are fooling yourself. Who can do that? We are back to the Post Office with 44,000 locations, a million employees, and more importantly, a litany of legal statutes to support the decision to talk to the postal service.
If you look at the point of the postal service, the charter was to be the agency that bound our nation together at a time when we had states and territories and areas that did not even have names. The reason it was put there was to foster commerce.
I will not get into the crux of what digital signatures and the movement of information are about because everything, when it comes down to it, follows the money. How do you trust something well enough that you are going to allow money to be used, information to be transferred, and decisions to be made? That starts with the belief that the infrastructure and the mechanism of trust are substantive. I do not know of any other entity besides the Post Office that can pull this off.
We have been talking now about authentication. The idea is you want to know that the information that came to you came from me. How is this done? Well, ideally, we have had dialog, you are familiar with my style of writing, you are familiar with the contents of what we are talking about, and you can look at it and say, clearly, Jay did not write this; there is a coherent sentence involved.
You have to have some way to know that. In the case of statistics and in particular medical statistics, there is a higher level of trust that has to be provided here because decisions are being made, and they are going to affect whether I breathe later today. I would like to know for sure that what was sent was correct. I would like to know that the statistics on which we base a lot of our decisions in terms of how do we make the health care better for everyone, the idea of the aspirin provided within an hour of a heart attack's time frame makes a 40 percent reduction. How do you get that out? How do you trust that information? How do you find out about it, and how do you disseminate it? It all has to come from a known source or a trusted source or I am not going to believe it because I have to act upon it.
So now what we are trying to do is we are trying to figure out how do we get a mathematical representation based on trust? Picture now going to the Post Office and saying, Hi, I am Jay. I live at Louisdale Road in Clarksburg, and here are some bonafides that are recognized, either a passport, which by the way is a trust mechanism, not a driver's license because that is a license to drive and is not an identification vehicle. Maybe a birth certificate. Some degree of confidence that the person on the other side of the table can look at me and correlate these pieces of information and say, yes, in fact, that is true.
Then you want to introduce something else. You want to introduce some sort of a token because you want a hardware device. If I just walk out of there with a piece of software and a floppy disk, is that enough? No. If I go up on the net and I do this electronically across the web, is that enough? No. Because I will show you what will happen, and we have seen it.
You go up on the web. You generate a key pair, maybe using PGP, maybe using Verisign. Any number of services is available. I have an instantiation there in my office, I have one on my laptop, and I have one at home. Does that mean that I exist three places simultaneously? It sure does. Now I have plausible deniability, and you are never going to tag me. You have to have one digital signature. Very, very important. It has to be in a form that is very difficult to duplicate.
As you can see, as we walk down this trust idea, not only does the mathematics have to work, but also the representation has to be solid. The trust in the hierarchy that assures that relationship has to be very solid. That is very, very hard to do.
I am enthused with what has gone on with the legal side in that the Congress has put something forth. I am absolutely ecstatic that we have gotten as far as we have, but there is a long way to go. I think this particular body, and as you relate to the health care and Health and Human Services as a whole, is going to be in the forefront of it. Why? Because you are associated with the largest block of money that is associated with the movement of information and services that can be identified.
If you look at health care as a whole, 15 percent of the national economy, that is a chunk. So, now what you have, you have most of the money, a large part of the money, easily identifiable. You are caring for everybody, so you have touched all of the people. You have information that has to be correct and verified and trusted because decisions are being made. Even if you look at the idea of a doctor's script to the pharmacy, you have to believe at the pharmacy that it was done correctly, that it applies to me. That might be far down the totem pole. In my experience, I am more concerned about if I am the guy who is firing a torpedo, did the captain tell me to do it, because I want to be really sure before that things goes off.
What I am trying to get across here is that this is not an easy thing. I think if you look at the cost savings that can be had within the health industry alone, we will do this in some form or another. If you look at the cost savings as it is perceived by Social Security and IRS, just the reconciliation of the wage reporting process is a $50 billion savings if we can do that in a reasonable length of time. It is an 18-month process now. The money has been paid out, and a year and a half later, we find out that we did it wrong, and you cannot recover it. That is a $50 billion error that occurs every year.
So, are we going to do this? You bet. Because the errors that we will make in doing this will not be as large as the errors we are currently making by not doing this.
Privacy and confidentiality have nothing to do with digital signatures. Privacy is the correct application of information and access to information. That is, if I do business with Amazon, I do not want everybody else in the world to know that. They have to respect my privacy by not telling anyone else.
Confidentiality is the idea that within my relationship with Amazon, only appropriate parties within Amazon can read or have access to the data that has been shared. Security has nothing to do with either one of the other; it has to do with how do you enforce the practices that you put into place, and how do you make it so that you can do something about it if it is not followed or acted upon correctly.
Yes, they are linked, but they are different, and that is not noted in most of the dialog that you see in the papers and the magazines. In fact, it is not until you get into actually trying to implement this and act on information that you start to wonder about where that comes into play.
Now repudiation, probably the stickiest wicket of them all. How do you, when you receive information signed by me say absolutely that it came from Jay and that the decision that you made was correct because I told you so? How do I then take the liability that came from that action?
It is humongously hard. The mathematics are not going to do it, particularly when I tell you that in my experience, I deal with cryptographers as a profession. My chief scientist is Ed Sheid who, when he retired, held the title of Chief of Cryptography of the United States of America, which I just admire to no end. Then he sat down and showed me how you can falsify digital signature.
I said, "Okay, how many people can do this?" He said, "Four." I said, "I will live with it."
As we go forward with technology, that is not going to always remain true because like everything else, what is new today will be commonplace tomorrow. What we have to be careful of when we put this infrastructure into place is that we do it in a way that it can be controlled, improved, and do the normal progressions that are associated with technologies. In the end, the integrity of the system is what is going to make it work.
The trust components that we have talked about are authentication, and for that, you use a digital signature. I like to describe a digital signature as the cellophane wrap on the meat in the freezer. You open the door, you look in, and you say, yes, that is hamburger. I am in good shape. It is wrapped up. Nobody has had any of it yet. I am likely to be able to use it. But it is still hamburger, and you still knew that. You know that it has not been changed. That is what a digital signature does for you.
Confidentiality, it would be better if you put it into brown paper. Then at least you are guessing. That is a separate component. To do that, you need encryption. Encryption is another difficult area, not easily understood, nor is it easily deployed. We have done some work in that effort, and you will hear about that in the future.
Again, the idea is to put the information in a way that it can be used. One of the things that you might have noticed in terms of digital signatures is that it is just tossed off. We are going to send a document, and it is going to be signed.
Well, if you look at the way information moves, it does not move like that. In fact, I would suggest that most of the forms that you see every day are multi-part forms. Maybe I am talking to too young a crowd. I remember multi-part forms. The idea was that you filled the top copy out, and the blue copy went to accounting, but it had parts blocked out. The green part went to marketing, and it had a different section blocked out. That is how information moves.
What you have to do when you introduce cryptography and digital signatures, now you are talking about signing objects. You just compounded the problem. But if you do not do it, you really have not accomplished anything because you have to come in with a situation that is in total applicable to the way information moves and to the needs of the people who are using that information to make decisions.
Where we want to go here is to let me go back over quickly that what we want to talk about is that you have to have an infrastructure, you have to have a trust hierarchy, you have to have a mathematical representation, a hardware assurance mechanism that cannot be duplicated so that there is only one of you, and you want to be able to do this in a way that is cost effective. It is almost insurmountable. I will tell you that the Post Office has a solution. We are going to try it. We have been trying it for two and a half years, and it has stood up very well. We are trying it with HCFA. We are trying it with Social Security. We are trying it with IRS now. We will see if it goes. If you hear about us in the future, we were successful. If not, it was very nice to have spoken with you this afternoon.
[Laughter.]
Are there any questions? I needed to allow time for questions in the half hour I was allotted.
DR. LUMPKIN: Let me see if I can get it straight in my mind because I get a little bit confused by this.
DR. WYCK: You are like everyone else.
DR. LUMPKIN: You have talked about digital signatures, but I am not sure I fully understand. Let's say that I want to send a message about Simon. I type the message. First of all, I have to get on my machine. I log on using my token and something to say that I am the one who is actually using my token.
DR. WYCK: I appreciate your including the token right off.
DR. LUMPKIN: Okay. Whatever that token is. That is uniquely given to me, and then I have to do something to the machine to convince it that I am actually the one who is using this token.
DR. WYCK: That is correct.
DR. LUMPKIN: That becomes - anything that I send after I log on is now going to have my signature on it?
DR. WYCK: Not necessarily.
DR. LUMPKIN: Okay.
DR. WYCK: You have to take a separate action to apply a signature. There are a lot of things that you are going to do on that computer that are not going to require a signature. As to making it an automatic function, it is not a good idea.
DR. LUMPKIN: Okay. I now am getting ready to send my email, and it says, "Do you want to put a signature on there?" I say, "Yes." I am sending it to Lisa. I have her email address. Now, what happens as I am in the process of sending it so that it arrives locked, encrypted, obviously as it goes out it gets encrypted or something.
DR. WYCK: Okay, stop right there because now you have hit the morass. Let me pick it up now and try to describe what you have just done.
DR. LUMPKIN: Okay.
DR. WYCK: You have an email that you have generated. You want to send it to Lisa. You want to sign it because you want to insure Lisa that it came from you.
DR. LUMPKIN: Right, and I do not want Simon to be able to open it because it is about him.
DR. WYCK: Oh, whoa now!
[Laughter.]
DR. WYCK: Actually, most email is like that. The fact is that you just mixed and mingled apples and oranges. The idea of the confidentiality between you and Lisa that you want to separate from Simon is encryption, and that has not anything to do with digital signatures. That is a separate component, a separate mathematical function. Encryption has to do with the scramble of information from something that you can read to something that you cannot.
DR. LUMPKIN: Right.
DR. WYCK: When you deal with encryption, what you are dealing with now is something called key management. That is, how do you start the process, whether you use Des, Triple Des, algorithms are almost incidental. The question is, how do you start it.
The Caesar Cypher(?), which has been around for a couple thousand years was based on the thickness of a rod around which a leather strap was wrapped. Then you wrote on it. If you took the rod away, the leather strap was sort of -
Digital signature is not that. Digital signature is the mathematical representation of the message digest, which is the bits that represent your email. There is a mathematical process that says, okay, these bits and bytes set in this particular pattern represent that number. There is a way to work that out. It would take most of the afternoon to do it, but the point is that is what it does for you. Then you say, I would like to then manipulate that number further by applying my digital signature to it. It is called a one-way function.
The belief is that you are now going to be able to take those two numbers together, come out with a unique sum, get it on Lisa's side. She is now going to be able to separate those two numbers with her software and then validate that the number that was used by you is the reciprocal of what is done at the registrar or the CA in the sky, if you will, the Post Office, Cybertrust, whomever.
Digital signature is based on something called asymmetrical key. Asymmetrical key says, I have an A part and a B part. If I encrypt with A or if I sign with A, I can decrypt or I can read the signature with B. Theoretically, this is published like a phone number, your public half. The private half is kept by you alone. When I say by "you alone," I am not kidding. If there is more than one of those, then there is more than one of you, and that cannot be allowed. You have to watch; that is why the token is involved. You want some representation that you need. Yes, sir.
MR. BLAIR: I have a partial understanding of this subject, and I want to run it by you because if it is correct, I think it is going to be helpful to the committee to view things in this regard. Okay?
DR. WYCK: Right.
MR. BLAIR: If I am a physician, and there is a discharge summary, and it needs to be approved by the hospital administrator before it goes on to another agency, my understanding of the electronic signatures is that it performs several functions. Number one, it authenticates who I am.
DR. WYCK: that is correct.
MR. BLAIR: But just as importantly, it winds up saying that the discharge summary that I am about to send to the hospital administrator is unaltered.
DR. WYCK: That is correct.
MR. BLAIR: So that it not only gives my identification but it seals the document so that when the hospital administrator receives that, they not only know that it came from Jeff Blair but they know that the document has been unaltered in transmission.
DR. WYCK : That is correct, Jeff. The thing that it does not -
MR. BLAIR: Then the other piece that gets a little more complicated is somehow we need to be able to handle the ability that the hospital administrator then authenticates that they have received it and that they cannot repudiate that they have received it, that is the non-repudiation piece.
DR. WYCK: That is right.
MR. BLAIR: And then the additional piece is that if they add their signature to it and then send it on, it has the capability of having the two signatures affixed.
DR. WYCK: That is correct. That is the objective. That is not trivial.
DR. LUMPKIN: Let me perhaps suggest, because maybe I have muddied the water, and we ought to have some presentation in the future on the public key infrastructure. We are just going to be talking about digital signature, that piece that we have covered, and I think at sometime we need, maybe at our next meeting, to spend a little bit more time working our way through the PKI architecture. Simon, you had your hand up.
DR. COHN: I am actually afraid - I am going to try to avoid muddying the water also. I was going to comment that digital signature is not going to be part of the final regs for HCFA. We are going to obviously be looking at hearings on this around October in the Subcommittee on Standards and Security. Generally, though, I think that there needs to be - I am just sort of impressed myself with my partial understanding that there is a number of layers, and there will probably be some education by the whole committee on the various pieces.
A slight question, though. I am not going to get into any of these, me sending data to Lisa about John even though I would like to do that. You said you were going to be doing some testing of the infrastructure?
DR. WYCK: In the process.
DR. COHN: With HCFA?
DR. WYCK: Yes.
DR. COHN: When would results of that be out, and how big of a test is this?
DR. WYCK: Specifically, we are taking a known quantity, which are the ESRDC centers around the country. There are 4500 of them. The idea is to take the submission forms, just the basic submission form, a request for service, which also goes to Social Security for authorization, and submits those electronically. What I have done in the last few months is work between Social Security and HCFA to facilitate the memos of understanding that: a) the digital signatures will be accepted; b) that the Post Office will be used as the certificate authority; c) that the token that comes from the Post Office does have the legal force of law as an: a) trusted agent, b) that it has the full force of the postal authority associated with it, so that a digital signature applied by a piece of postal property carries the same impact as mail.
[Simultaneous comments.]
MR. GELLMAN: No way. There is no legislation for that. The only legislation that protects mail is for first class mail.
DR. WYCK: I understand that. I am just talking about what is the test for and what is the legal discussion that is associated with that test. I am not saying that the conclusion is going to arrive at that. I am suggesting to you that the objective is to see whether or not the Post Office has a future in the electronic format.
MR. BLAIR: The piece that I think is important, unless this is not correct, is that there is not a separation. Once you go through this process, you have to: number one, authenticate who you are; number two, wrap that document so that it cannot be changed; and number three, when it is sent, send it in a way that the sender cannot deny that they have received it unchanged from you, and that those are inseparable, all part of digital signature functions and PKI. Is that correct?
DR. WYCK: Yes, sir, it is. The issue then is how do you assure yourself as the recipient of that object that those things are true. That is why I brought in the idea of the token, of the certificate authority, that is who is going to stand up and say, yes, I looked at Jeff, and it was Jeff who presented himself. Yes, it is Jeff that is in control of that token. Yes, Jeff has the only token that will perform that particular mathematical function.
What assurances can be brought to bear that that is in fact true from my perspective as the certificate authority or the trusted third party? What liabilities will I assume to assure the recipient of that information that I will stand up to that relationship between Jeff, his token and his signature? That is where it starts to get to be a sticky wicket.
The American Bar Association wrote a piece called, "Clash of the Titans," which I would be delighted to provide to the committee. It talks about the idea of a self-anointed point of trust being ludicrous. You cannot just stand up and say, "Well, I will check!" It is not going to work. You have to use something, some entity of size and substance before you can put yourself into that position of authority.
It was suggested, for example, under GSA that the banks would collectively go together because everybody trusts the banks. Well, there are a couple of problems right away. Banks are not trusted by everybody; we have 23 percent of the population who will not use them. The other part of it is that the banks are not going to cooperate with one another. The third part of it is that they are not all equal.
What you have to have is some load leveling event here. Who can everyone go to equally? Who can everyone go to equally in terms of access, in terms of cost, and in terms of trust? Again, that is how we logically got back to the post office. Is it appropriate? Sir, I am not the one to judge that. I am just suggesting that the belief is that in lieu of that, there is even less of an alternative.
MR. GELLMAN: Let me just - this is off the point, but let me just make one comment. Whether the Post Office has any trust or not in this area remains to be seen. The Postal Service just started an electronic bill payer service, which involves -
DR. WYCK: That will die.
MR. GELLMAN: Yes, that is right. It involves the worst privacy protections of any electronic bill payer service that exists. They get access to your account, to your checks, to your information. They have already reserved the right to turn it all over to the cops. This is what the Postal Service views as privacy or does not deal with privacy. This is why the Postal Service's foray into the PKI world is also going to fail because they do not have any trust, and they do not have any legislative protection, and they are not going to get either.
DR. LUMPKIN: And they do not have us to advise them.
[Simultaneous comments.]
DR. LUMPKIN: I am going to take two more questions because we are running over time. This will not be our first - the goal of this discussion is really to begin to open up the discussion so that when we finally get to the point of making some decisions and getting stuff from the committee that we will all be on the same page.
Much as when we started the HIPAA process, we had a number of discussions about what the standards were about and electronic data interchange. We are really using this as a means to open the discussion so at some point we will all have the same terminology and be on the same page to make the decisions that we have to make. Kathleen.
DR. WYCK : Before you ask me that question, Bob, I would like to respond to your comment in that the letter that I wrote to the Postmaster General about the quality of that particular service is what got me hired because I objected on the same basis. Yes, ma'am.
MS. FRAWLEY: I have a question about the legislation that the President just signed. I have not read it. Most of the reports that I have read talk about the impact on financial institutions and insurance companies and no reference to health care. Most states do not have digital signature legislation. Most states have statutes and regulations for health care that require that the medical record be written and signed and does not recognize digital signature as a form of authentication.
I was curious as to whether the legislation preempted any state laws that you were aware of? Can you just give us an idea in terms of health care what the impact will be?
DR. WYCK: In the beginning of my presentation, one of the things that I tried to introduce was the idea that technology fosters policy in a great many ways. It has been my experience in the last 30 years that you follow the money. If there is money to be saved or made, and technology can allow that to occur, then the policy will be put into place that conforms to that path.
Now, that is not always the best way, and I am not telling you that it is right, but it has been my experience that that has usually been true, the amount of money that can be saved by moving to an electronic format from a paper format in terms of immediacy of care, accuracy of information, time and most importantly payments. If you look at the current payment system for HCFA, it is 65 days. How about ten minutes. If you look at the burden of processing the paper and the burden reduction that is associated with automating these processes by computers as opposed to by individuals, the dollars that we are talking about are measured in the billions and billions if not tens of billions of dollars per year. It has been my experience that where those circumstances exist, policy is accommodating.
DR. LUMPKIN: I just have to interject since the State of Illinois, for a number of years, has balanced our budget on the payment cycle for Medicaid. [Laughing.] I am not sure that statement is fair.
[Laughter.]
DR. ZUBELDIA: You talked a lot about trust and PKI and this requirement for authentication. I would like to hear a little bit more about digital signatures rather than all of that. Let me ask you a question that has two parts. The first is, what standard for digital signature, not for certificates, not for tokens, not for trust or PKI but for digital signature are you planning to use that maybe is something that we can look at for HIPAA? And how are you going to, in that environment, sign not only a binary representation of something but also the context associated with it so the patient signing it or whoever is signing it knows what is it that they are signing?
DR. WYCK: Let's take that in two parts. The first part was what standard are we going to adhere to. I believe that I had a notation in there, although I went over it quickly, that standards were a critical component of any implementation of digital signature. If you look at the digital signature standards put out by NIST(?) that is going to be the rough run. I mean there is no question about it. The fifth(?) regulations and the way the security community works will tack you right there. Jim Cody and the rest of the people in the computer security lab will be delighted to provide, and I am sure that I will act as the intermediary to get it, all of the data that you could possibly want by -
Dr. ZUBELDIA: Expressed as s-mime or expressed as PGP or expressed as -
DR. WYCK: Now what you are doing is you are mixing protocols and processes. PGP, which was populated by Phil Zimmerman as an easily-used buoy -
DR. LUMPKIN: If I could suggest, this might be a better discussion for the subcommittee than the full committee.
DR. WYCK: As you like, sir.
DR. LUMPKIN: Because I think a number of us are kind of lost, and we are going to be looking to you guys to explain it to us.
DR. WYCK: I am sorry to get into the weeds, but if you want to go, let's go.
DR. LUMPKIN: We are going to bring you there, but we will probably do that at the subcommittee. The second part of the question?
DR. WYCK: The second part of the question, you were talking about how does the individual know what he is doing when he signs this thing. I have to tell you, they do not. I will answer you this way. When you formulate an email and you push the button, you believe that that email or that information, is sent. You do it on a basis of what is your choice. That is exactly where you want to be with this because it is electronic representation. It is going to be done in hardware. It is going to be done in a way that you are not going to participate. There is no good answer to what you asked.
DR. LUMPKIN: The hearings that are going to be going that the subcommittee is going to be having in the fall, will the Privacy Committee be participating in those?
PARTICIPANT: I hope so.
DR. LUMPKIN: I think that may be a -
PARTICIPANT: We probably should talk about that.
DR. LUMPKIN: That is something that should be looked at. There are obviously some implications beyond just the technical components of that based upon the last answer.
Thank you. You have had a very difficult task. I would not take away the fact that some of us like me are somewhat confused about this, but at least we are exposed to it. Our goal is, over time, to be completely comfortable that we will be able to make enlightened recommendations to the department.
DR. WYCK: If you would allow, I would appreciate the opportunity to discuss with any of you at any time the degree that you are comfortable. We will walk right through this. A half hour is not anywhere near enough time to do something as complex as this in any way.
DR. LUMPKIN: We can send you an email and know that it is secure.
[Laughter.]
DR. WYCK: No, it is not secure under any circumstance!
DR. LUMPKIN: Thank you very much. The next item on the agenda is the document that was handed out to us before the break. I am going to try to walk us through this with Jeff and Simon and all of the assistance that we can get. We will try to work through this. The hope is that we can take a vote and move to committee reports.
The first change is on page two. That is just a technical change of a date.
The next change is on page three under data quality. I will read the current language. This is under the executive summary. "It is very difficult to measure the quality of health care data, yet every provider can point to examples where data quality has clearly been suspect or could not be validated. Information systems today do not incorporate sufficient data editing capability, uniformity in units of measures or other controls. Data quality is also impacted by the inability to uniquely identify patients. This can result in loss of data for patient care."
"The administrative simplification provisions of HIPAA address this issue by calling for a unique identifier for patients. However, there is public concern about the issuance of a unique identifier for patients especially in light of the absence of health care privacy legislation. Finally, criteria for data quality need to be addressed within message format and vocabulary standards in order to improve the ability to exchange accurate data across providers when authorized for continuity of care."
I am going to stop there. We had some comments that resulted in that change. Are we comfortable with this the way that it has been changed?
Okay, moving on. Other issues. Other issues considered - and this is new language. "Other issues considered in this report include the need to address the diversity of state laws with respect to retention and authentication of patient medical record information, the business case for standards development, and the need for a national health information infrastructure. Barriers to adoption of Internet applications such as are reported in the National Research Council's 2000 Report, "Networking Health: Prescriptions for the Internet," need to be overcome."
Any discomfort with that language?
The third, this is another addition. "Establishment of uniform standards for patient medical record information also raises a wide range of issues relating to privacy, confidentiality and security. A complete discussion of all of these issues is beyond the scope of this report. The NCVHS has addressed these issues in prior documents and will continue further study and report separately."
Then under recommendations -
DR. MAC DONALD: What page are you on?
DR. LUMPKIN: We are still on page four.
DR. MAC DONALD: I just wonder if we can move this faster by maybe just asking if someone objects or has suggestions rather than reading it?
DR. LUMPKIN: Okay.
DR. MAC DONALD: At least until we get to one that is objectionable or objected to.
DR. LUMPKIN: I think if it is okay I will read it for two reasons: one, we are on the Internet, and two, to make sure that all of us know exactly where we are at and what the language is that we are voting on.
Under recommendations, the first sentence was changed: "This report reflects the belief that significant quality and cost benefits can be achieved in health care if clinically-specific data are captured once at the point of care and that all other legitimate data needs are derived from that data." Then there are just some editing issues. Lisa, does that get to you?
DR. IEZZONI: Are we going to view data as plural or singular?
DR. LUMPKIN: Yes.
DR. IEZZONI: Okay.
DR. LUMPKIN: That takes us to, unless I am wrong, page nine.
MS. WARD: Page eight has one.
DR. LUMPKIN: I'm sorry, I missed what?
MS. WARD: Page eight. Your change about accidents.
DR. COHN: Highway crashes.
DR. LUMPKIN: Oh, yes. I considered that to be editorial now that I had embarrassed Simon.
DR. COHN: And nine is editorial, too.
DR. LUMPKIN: Nine is editorial. Correct?
PARTICIPANTS: Yes.
DR. LUMPKIN: Okay. That takes us to 11. This is under the language in relationship to the question of why it is taking so long to develop and implement complete and comprehensive standards. It is in the paragraph under lack of investments. "Additionally, payers do not often compensate for the provider's burden of time and costs of implementing these systems. The point is that savings throughout the health care system should be shared with those responsible for adopting and using standardized PMRI. Otherwise, the lack of incentives can operate against taking on the extra burden of standardization."
Then unless I am wrong -
DR. MAC DONALD: This is a technical correction not a real correction, but we had agreement, and maybe it is partly my fault, to find real references for these cited - I mean references that you can find in Medline for the cited references on page 13 in addition to the reference to the proceedings. If we could have permission to still do that in terms of usefulness to reviewers and stuff.
DR. LUMPKIN: Is it acceptable to the committee that additional citations may be added to this?
PARTICIPANTS: [Off microphone.] Yes.
DR. LUMPKIN: Okay. That takes us, according to my thing, to page 19. I'm sorry. Thank you for reminding me. Before we go any further, I need to ask once again because additional members have arrived and because we have been asked to do this. Are there any in this group who have a conflict with the issue that we are about to vote on when we take the vote after we go through the document? If so, please notify.
DR. MAC DONALD: I am very involved in standards, as everyone knows, so I am conflicted on every page. Or else I am educated about every page. It depends on how you want to look at it. I have no financial - I am not getting paid by any of these organizations.
DR. LUMPKIN: Right. That does not -
MS. GREENBERG: It goes beyond that.
DR. LUMPKIN: Okay, would you explain?
MS. GREENBERG: The real issue is whether a waiver was developed that addresses any of these areas. As you know, the areas that you are not supposed to discuss or vote on go beyond those that you actually have a direct financial relationship, so it can be actual activities that people consider pro bono. Whether there is anything in this report that specifically would advantage an organization that you have a relationship with?
DR. LUMPKIN: You have a waiver for it?
MS. GREENBERG: You have a waiver that allows you to participate in the committee, but it does not allow you to vote. No, it allows you to participate in the committee but not on those topics. This report has general recommendations related to - for the most part that are not related to specific organizations though there is, I know, a recommendation related specifically to the ANSI-HISP that the department should join that.
I think this is particularly important to think of in terms of the longer run. Also when your next phase is going to be to possibly select certain standards. Then I think there is much more likelihood for a conflict. I think the idea is whether there are any recommendations that specifically relate to organizations that you have an affiliation with, and it does not have to be a financial affiliation just one that would be included on the waiver.
Part of our problem is that the waiver is up to date, obviously, and in some cases, that has lagged a little bit. We want to specifically make sure that nobody does have those conflicts.
MR. BLAIR: Marjorie, does it say that if we are a member of any of the standards committees or editorial boards of any of the medical terminology groups that we are to recuse ourselves from voting on the document overall?
MS. GREENBERG: It depends upon each person's waiver, but being a member of an organization, obviously not being an employee, but being a member of an organization in which there is no financial relationship other than that you are paying your membership dues does not usually preclude a person participating. If you are on the board or they have a leadership role that would generally be an issue.
MR. BLAIR: Is that for the item or for the document as a whole?
MS. GREENBERG: I think this document is being voted on as one document, so I guess it would have to be for the document as a whole.
MR. BLAIR: As somebody who has been involved with ANSI-HISP in the past, I would recuse myself from voting on the document.
DR. LUMPKIN: Are you currently on the ANSI-HISP board?
MR. BLAIR: I am on the executive committee of the ANSI-HISP board.
DR. LUMPKIN: Okay.
MR. BLAIR: I would be happy to do that.
DR. LUMPKIN: Simon?
DR. COHN: I am not actually going to recuse myself but just a clarification. It is my understanding that this is all identified in the Form 450s that we all complete and are sent back to us? So, it is not a question of us sort of trying to figure it out?
MS. GREENBERG: In some cases, those are a little out of date, and they are in the process of being updated by CDC based on information they have just received. So, in some cases, the waivers may not be as current as they should be.
DR. LUMPKIN: Clem?
DR. MAC DONALD: I have strong connections to [microphone feedback] organization, but it is an ad hoc group, so if you want me, I will not vote on that, but I do want to talk about areas in the document that I have nothing to do with.
MS. GREENBERG: Are there any recommendations in here that specifically relate to Lawrence(?)?
DR. LUMPKIN: No.
PARTICIPANT: I do not believe so.
DR. LUMPKIN: That would not be. Having done that, we can continue to move on. Page 19. Clem.
DR. MAC DONALD: This whole paragraph is vague, and I think it does not make any point. It s clear that in all technology there is always something else to do.
MR. BLAIR: Clem, could you identify what paragraph you are -
DR. MAC DONALD: It is called "addressing gaps and inconsistencies and the need for acceleration to improve interoperability." It says, 'Finally, there are gaps and inconsistencies in message format standards that need to be addressed. Gaps tend to occur where there are new consolidations of providers or new trading partner agreements, for example, hospitals may start acquiring home health agencies. They need to have their systems interoperative. Inconsistencies may arise when two or more different standard developers address the same standard issues, and there may be lack of awareness that two developers are working on the same issue. Gaps and inconsistencies may be created when new technologies are emerging."
It does not say anything. It is just sort of like, yes, life is hard, but what are we supposed to do, and what are the gaps? It does not say either of those things, so I find this sort of, as an editor view, it is just kind of wandering.
DR. LUMPKIN: You disagree with it?
DR. MAC DONALD: Yes. I think it is bad English. It is bad text. It does not say anything.
DR. LUMPKIN: Okay. Let me do this. Can I get a motion to move the entire document?
DR. COHN: I would move that.
MS. FYFFE: Second.
DR. LUMPKIN: It has been moved and seconded. Then would you like to make a motion to delete this heading, "Addressing Gaps and Inconsistencies and the Need for Acceleration to Improve Interoperability"?
DR. MAC DONALD: Actually, I would a point of order because we are discussing each one at a time, and are we now not going to discuss any of the changes anymore?
DR. LUMPKIN: Yes, we are, but I would like to do that as amendments to the full document so we can take care of this issue.
DR. MAC DONALD: I would like to delete that paragraph.
DR. LUMPKIN: Two paragraphs, addressing gaps and -
[Simultaneous comments.]
DR. MAC DONALD: -- is a little more clear.
DR. LUMPKIN: I am sorry?
DR. MAC DONALD: The second one is okay.
DR. LUMPKIN: You would keep the second one?
DR. MAC DONALD: Yes. It says something.
DR. LUMPKIN: Jeff? Is there a second to that motion?
PARTICIPANT: I will second it.
DR. LUMPKIN: Okay, Jeff?
MR. BLAIR: There is a struggle to prepare the document in a manner that it would be understandable by many different audiences: those of us that are heavily involved in the standards development process; those that are involved in health care; and those that might be in an administrative or Congressional level where they are not as familiar with that. I think that these paragraphs are intended as education and bridges for those that were not as familiar with it. It has been through so many updates and revisions and approvals that I do feel uncomfortable at this stage just summarily removing the paragraphs.
DR. LUMPKIN: Further discussion on the motion to remove or the amendment?
DR. COHN: I actually this is more of a question, I think, to Jeff and Margret. I am actually looking to see if there are any recommendations that relate specifically to the gaps and inconsistencies. I mean, if there are recommendations, I think we should leave it in; otherwise, I do not know that it does any damage to the body of the paper to remove this particular paragraph. I am looking to see maybe if Margret, can you comment? Are there any recommendations that specifically deal with addressing gaps and inconsistencies?
MS. AMATAYAKUL: There are recommendations relating to acceleration -
DR. COHN: right, which we would be leaving in the acceleration aspect there.
DR. MAC DONALD: Yes.
MS. AMATAYAKUL: You are talking about then deleting only the first paragraph -
DR. LUMPKIN: the first section -
MS. AMATAYAKUL: -- not the second paragraph.
DR. LUMPKIN: And changing the title appropriately.
DR. COHN: Which will become "The Need for Acceleration to Improve Interoperability."
DR. LUMPKIN: The response is that no, there does not appear to be. Kepa?
DR. ZUBELDIA: Can we preserve the first sentence of the first paragraph, that first line, the very first line, if we are going to keep the second paragraph?
DR. MAC DONALD: Well, the only thing is if that were the statement, it would be better if one said what they were. If that would make it go faster, I would accept keeping it.
DR. LUMPKIN: Jim.
MR. BLAIR: Add it onto the paragraph that we are keeping, and we are there. The way the edit turns out, I think, kind of is misleading. We suggest that standards development processes are by nature slow to permit due process, and I do not think that is the intent. It is, in order to permit due process, complete due process, they are, yes.
DR. MAC DONALD: In order.
DR. LUMPKIN: Okay. We will call that editorial. So, the motion is, as I understand it now, that this section would read as follows: "Finally, there are gaps and inconsistencies in message format standards that need to be addressed. Standards development processes are by nature slow in order to permit due process. The health care market is also highly fragmented. These factors make it difficult to address all market needs in a timely fashion. Hence, coordination and acceleration of standards development are needed to fill gaps and address emerging technologies in a timely manner."
All those in favor of the new language, signify by saying aye. Can I see hands? All those in favor, raise your hand.
MR. BLAIR: I am assuming that I am not voting, is that correct, Marjorie? Marjorie, is that right?
MS. GREENBERG: Yes.
DR. LUMPKIN: Seven. Opposed? Five. We have adopted the - to be included in the motion the language as revised. Anything else on page 19?
I think 22 is next. The language and the paragraph on data quality, data accountability and data integrity, this section was my comment. The second crucial function of PMRI is to provide the basis for assessing and continuously improving the performance -- effectiveness and efficiency and thereby improving quality -- of the health care system." Okay?
Page 23 under the section on use of non-standard codes. New language: "Some health plans do not use the current version of standard diagnosis or procedure code systems or coding guidelines. Some require that providers use health plan developed diagnosis or procedure codes in place of or as a supplement to ICD-9 or CPT-4. Use of such non-standard code systems hampers comparable performance measurement and requires tracking on multiple coding schemes for providers working for multiple health plans."
DR. COHN: I just have one slight editorial change. There are payers who are not health plans who do this. Maybe we want to describe it as health plan or payer developed.
DR. LUMPKIN: Okay. Editorial, "health plan or payer developed."
Page 24 under privacy, confidentiality and security. The second paragraph has a change in it. I will read that entire paragraph. "There is public concern that PMRI in an electronic form may compromise an individual's privacy by reducing its confidentiality due to the limited scope of the privacy protections under HIPAA. Many health care professionals share this concern. On the other hand, many believe that the existence of electronic security tools will protect the confidentiality of PMRI better than in the current paper form. In the absence of national legislation to protect the privacy of PMRI, however, public distrust is likely to continue to be the most important barrier to the acceptance of a national health information infrastructure that can help us improve quality and control costs."
[Pause.]
Okay, we will move on. There is a little mark in the margin at the bottom of that page.
MS. AMATAYAKUL: The next page starts the new paragraph.
DR. LUMPKIN: This is the same language that we have in the executive summary. It ends that section with, "Establishment of the uniform standards for PMRI raises a wide range of issues related to privacy, confidentiality and security. A complete discussion of all of these issues is beyond the scope of this report. NCVHS has addressed these issues in prior documents and will continue to do further study and report separately."
Under "Diverse State Laws," the second paragraph has changed. I will read the language. "Some of these diverse state laws mean that different states have different rules for patients to access their records." It is an editorial change.
Yes?
MS. AMATAYAKUL: We talked yesterday about looking at the paragraph that begins with authentication requirements in light of your discussion today. I was wondering, since electronic signatures is so confusing, that that first sentence might better read, "Authentication requirements also vary significantly and, as a result, may render patient medical record information in electronic form invalid."
DR. LUMPKIN: Kepa, you are shaking your head.
DR. ZUBELDIA: I think it is the electronic signatures that are invalid from state to state.
PARTICIPANT: Right.
DR. LUMPKIN: Okay, so we will just leave it the way that it is.
MS. AMATAYAKUL: Leave it as is.
DR. LUMPKIN: Okay, page 26, under "Business Case for Standards Development." At the top of this, under "Diverse State Laws," the recommendation was made yesterday that the word "data confidentiality" be stricken so that it would read, "Diverse state statutes and regulations result in discrepancies concerning authentication, retention, permanence, and other data features that increase costs and delay availability of electronic PMRI solutions."
Under business case, the third paragraph was changed so that it will read, in the beginning, "We recognize that the level of participation in the standards development process by patient advocacy organizations, minority groups, privacy advocacy organizations, certain health care professionals and vendors, and others, is insufficient to accelerate the development of PMRI standards as rapidly as desired."
DR. MAC DONALD: I have two complaints about that. First, I do not think that it is true. Secondly, all of the standards that we have in the world like Internet and all of the rest, it is open to anyone who wants to participate, but they do not necessarily have balance on any of these grounds. They will have 10 or 15 people, and they do the standard. Some of the health standards have X-12 will have 700 or 800 people at the meeting. I just do not - I think that this hints at something that is not really accurate at all. It certainly will not accelerate them to get more people there.
DR. LUMPKIN: Kepa?
DR. ZUBELDIA: Clem, still, even in X-12 with 300 or 400 people in a work group, the level of participation of this constituents is typically very low or nil.
DR. MAC DONALD: But it is open, so -
DR. ZUBELDIA: I know that.
DR. LUMPKIN: The point, and I think that this ties specifically to a recommendation later on in the document that really urges the department to take steps to increase the participation of others in the process. It really does tie in. That is the reason why it was included in this particular area, to give some -
DR. MAC DONALD: At least throughout certain vendors, they can get there if they want to get there.
PARTICIPANT: But they do not, and that is important.
MR. BLAIR: The thing is, we head in our testimony when we struggled to try to get representatives of either small vendors or some professional associations that were small, terminology developers, they expressed great difficulty in being able to attend all of the meetings that they needed to attend that were relative to what they were doing because they did not have the resources. We heard from many different individuals. Just recently, the issue of advocacy issues, getting that proper representation as well.
DR. MAC DONALD: But these are not performance standards. This is like making a CD-Rom drive. I think you are complicating it greatly. These are mechanical and technical standards, these groups that we are talking about. I think it is a misconceptualization of the issues.
DR. LUMPKIN: Is there - Bob?
MR. GELLMAN: I do not have any problem with the language that we added, but the rest of the sentence is, "insufficient to accelerate the development of PMRI standards as rapidly as," that is not the point of having all of these other people participate.
DR. LUMPKIN: Yes, I think we need to do a little.
DR. COHN: Maybe we need after "insufficient" - maybe there is a period after "insufficient."
DR. LUMPKIN: It would make it faster, but you have two people who made their decision right away.
PARTICIPANTS: [Comments off microphone.]
DR. LUMPKIN: To assure the development of broad-based PMRI standards.
MR. GELLMAN: I like that better.
PARTICIPANTS: Okay.
DR. LUMPKIN: "Insufficient to assure the development of broad-based PMRI standards," period. Okay?
Dr. MAC DONALD: It is not an edit, but I thought it was changed earlier, and I will just bring it up, whatever, and you can just boo me down. This next paragraph about the need to have U.S. representation in international standards. There are more U.S. guys at any standards groups that I have been at internationally than any other country, way more than the small countries, the poor countries. I just think this is kind of out of place. I mean, are we hinting that we need to send them, give them business class tickets?
DR. LUMPKIN: Actually I -
DR. COHN: I think that this is appropriate. This is testimony that we heard. There actually is a recommendation that does not include paying for people to go, but there is a recommendation that is related to this, and therefore, I think it should be left.
MS. FYFFE: Can we vote?
DR. LUMPKIN: No, actually, Clem, do you want to proceed with changes?
DR. MAC DONALD: If there is any support for this position, on my position, I will proceed, but I am not hearing people jump up and down.
DR. STARFIELD: I would like to ask a question. I am interested in your comment. Why do you think, or why does the subcommittee think that more representation would be useful? I mean, is it from the point of learning from others or from the point of telling others what to do? What is the sense of it?
MR. BLAIR: Can I describe some of the situation? It is a variety of things. One of the things is that as we head more and more to a global society, we have more and more software vendors that are marketing around the world. When you have situations where you have a number of groups from other countries that adhere to standards that then become ISO, which is international standards organization standards.
If an American company is to compete in Europe and the European countries wind up saying that these products have to comply with ISO standards, or Australia, or South America, or wherever else, and if we did not have our industry representatives here, our technical experts, participating in the agreement on the ISO standards, it could leave us at a disadvantage. In fact, you wind up finding that there is - winding up indicating that it is important that the United States be sure to have appropriate expertise at these meetings.
The latest example of where we do not is patient cards. I am not saying that other countries' interests in putting patient information on patient cards is wrong; however, it does potentially impact many of the things that we are doing here domestically. Right now, we have been unable to get someone from the United States to represent the U.S. positions in the ISO committees on patient cards for the last several meetings, so that is the latest example.
DR. LUMPKIN: Perhaps can I suggest that we would change the term "is impaired by a lack of representation" to "by an insufficient representation"?
PARTICIPANT: [Off microphone.] I do not think that changes it.
DR. LUMPKIN: I think Clem's point is that a lot of folks go, but I hear Jeff saying that there are certain committees where no one from the United States is showing up, and our recommendation is urging that HHS get involved in assuring that there is representation. So, an assessment that it is not sufficient would not negate the role of people who are already participating.
DR. MAC DONALD: I disagree, but again, I am maybe stretching this too long. The reason people do not go is that they do not care. We have big companies. We do very well internationally. If you go over to Europe and you look at the information systems, who they are sold by, they are sold by U.S. companies, almost like 60 percent of them are. It is a matter of what we are interested in. If government is going to decide - and how are you going to manage this? There are thousands of ISO committees not just health care.
DR. LUMPKIN: Simon.
DR. COHN: I once again tend to reference the body of the text to the recommendations. Be aware that the recommendation states, "Promote U.S. interest in international health data standards development through HHS participation." This is not a discussion about are we going to start sending people from Kaiser Permanente to Japan on government payroll or whatever. This is what it has been pared down to, which I think is very reasonable.
I think we need to vote on it.
MR. GELLMAN: What you are talking about is not U.S. representation; it is official U.S. representation of U.S. Government representation. That is what you have just said. That is the recommendation you read.
DR. LUMPKIN: By lack of official?
DR. ZUBELDIA: I think that is a very important point because all of the other countries send official government representatives to these meetings. We are here in the meetings as volunteers that go to the meetings. We do not have an official government representative on anything.
DR. LUMPKIN: If it is agreeable, if that is the issue, then we will edit this. It is going to take more than just one or two words. If the sense of this thing would be the lack of official U.S. governmental representation.
MR. BLAIR: Yes.
DR. LUMPKIN: If that is agreeable, then we will make that edit, and if it is okay, I will review it, and Simon and Jeff, and send it off.
Editorial change at the last one: just a note to refer to a prior document. That takes us to page 27, the paragraph that reads, as it is changed will read, "Individuals will need access to their own PMRI as they assume more responsibility for managing their own health and wellness. Technology is providing new capabilities at a time when consumers are taking more active control of their health. Although consumers and health care professionals are concerned about the validity of some of the health education material on the internet, consumers are strongly desirous of educating themselves and taking a more active role and sharing medical decision making with their care givers."
Okay? [Pause.] Page 29. As recommended, the language on messaging formats has changed. "New standards such as object-oriented request broker architectures and document mark-up languages (e.g. XML, SGML) are being incorporated into message format syntax development activities and are gaining interest among vendors, users, and the Federal Government."
DR. MAC DONALD: I am fine with that. I was going to ask another minor technical referencing issue. I will give you a minute to do that, and then I will come back to the technical issues.
DR. LUMPKIN: Okay.
DR. MAC DONALD: I have a technical edit, a technical referencing issue.
DR. LUMPKIN: Okay, and what?
DR. MAC DONALD: Well, we have seven organizations named, and there is no connection to anything for anyone to know what they are, so I would suggest either an address or a URL or something for each of them be added in.
PARTICIPANT: [Off microphone.] Footnotes?
DR. LUMPKIN: On the top of page 29?
DR. MAC DONALD: The average who knows what ASCX12N(?) means? That is, it almost begs for just a citation to the address for the company's URL.
PARTICIPANT: [Off microphone.] That is a good suggestion. For all of those.
DR. LUMPKIN: Okay. Editorial change. We will just put those there as deemed most expeditiously, whether it would be asterisks or whatever.
Okay, page 30. ICDIH was added in.
MS. AMATAYAKUL: ICIDH or whatever its current name is.
DR. LUMPKIN: ICIDH?
MS. AMATAYAKUL: Right.
DR. LUMPKIN: Page 31, the fourth arrow is there.
DR. MAC DONALD: I thought we agreed to take out this figure because it seemed out of balance, at the last conference call, and the same information is up above in the bullets.
DR. LUMPKIN: It was presented to us as the committee yesterday.
DR. MAC DONALD: I thought that is what we decided at our last conference call.
DR. COHN: Actually, I do not remember that, but you can certainly bring it up as an issue.
PARTICIPANT: [Off microphone.] It is not like we are desperate.
DR. LUMPKIN: Clem, unless you feel real strongly, we are kind of being pushed for our time. I just do not think that it is good use of committee time to decide whether or not we want the diagram.
Page 33. The statement was added, "This report does not support the promulgation or adoption of any standard providing for the assignment of a unique identifier for patients until legislation is enacted specifically approving the standard."
DR. MAC DONALD: Could I just? I am not sure what I want to say about this one except that it is stronger than I think the document suggests. We describe that it is a problem not having one. Saying that it has to have legislation, not regulation, is really a very strong statement.
DR. LUMPKIN: We had a fairly extensive discussion about this yesterday, and I think we have kind of reached the point where most everybody was comfortable with leaving that in there.
The rest of that is editorial. We have two changes on the guiding principles. The new item three was added in.
MS. AMATAYAKUL: Dr. Lumpkin?
DR. LUMPKIN: Yes.
MS. AMATAYAKUL: On item three, there is actually an additional change that I did not get into the typo.
DR. LUMPKIN: Okay. Would you read it as it would be read?
MS. AMATAYAKUL: Number three would be: "Will support making patient data available in the least personally identifiable form practical when used or disclosed for intended purposes."
DR. LUMPKIN: Okay, "for intended purposes." Any discussion on that?
Item number four: "Will include strong protections for privacy of patients."
DR. MAC DONALD: The only problem with that is all of the standards do not necessarily have applicability to that. So maybe we should say, for example, if ICDM(?) is the codeset, how do you make ICDM look like it is satisfying this?
DR. LUMPKIN: I think the discussion that we had was that if we do not check, then we kind of put privacy at the end instead of at the beginning of criteria.
DR. MACDONALD: Maybe you could say "where appropriate" or "where applicable" in case some next generation readers of this become so zealous that -
DR. LUMPKIN: Does anybody feel strongly about including or one way or the other?
MR. BLAIR: Would you just read that sentence?
DR. MAC DONALD: "Will include strong protection for privacy of patients where applicable."
DR. LUMPKIN: Does anybody have objections to changing that?
PARTICIPANTS: [Comments off microphone.]
PARTICIPANT: I do not care.
DR. LUMPKIN: Okay, that is the way that it will read then.
That takes us to page 36, recommendations.
DR. MAC DONALD: John, could I just - this may be again out of order. On page 34, there are two things at item 13 and 14 that I would prefer we do not reference here because we never read these documents, none of us on the committee, either of these documents. We did edit some things in the body that were confusing. They are referenced in the body of this, and I would suggest that these would not be guiding principles, that we would follow the exact details of a specific document.
DR. LUMPKIN: Are you talking about the term in the parenthesis?
DR. MAC DONALD: Yes.
DR. LUMPKIN: Under 13 and 14?
DR. MAC DONALD: Yes.
DR. LUMPKIN: Delete them?
MR. BLAIR: Let me know what that is.
DR. LUMPKIN: That is, "For a full set of characteristics, see ASTM E2087: Standard for Quality Indicators for Controlled Health Vocabularies." Suggesting that that reference be deleted.
DR. MAC DONALD: It is cited in the document, so there is a connection. It is just that as a guiding principle, to say that you had to follow this book which none of us read, I think that is -
MS. FRAWLEY: I did. I was on the work group, so we had distributed by email that document to the work group members.
PARTICIPANT: We read it and discussed it.
MS. FRAWLEY: So I just want to make a point that we did receive the document. It was sent out to all of the work group members.
DR. LUMPKIN: Do you want the reference in there?
[Simultaneous comments.]
DR. COHN: Are we talking about the data quality modules?
Ms. FRAWLEY: I am just saying one statement that we did not read it is -
DR. MAC DONALD: Let me take that back. Some of us did not read it. I would still argue that if it is a guiding principle, those specific, very detailed books as being part of the guiding principles does not seem appropriate.
DR. LUMPKIN: Does anybody want to keep them in?
MS. AMATAYAKUL: I could just relay the comment that Mike Fitzmaurice made in that sometimes these guiding principles are sort of taken lock, stock and barrel and put into some other document like an NPRM and that the references to the body of a report are not made, so you might lose that link. That was his concern. That is why those references were put in.
DR. MAC DONALD: That is more reason why I want them out.
DR. LUMPKIN: Does somebody want them in? I do not see anybody. Jeff, do you want them in?
MS. FRAWLEY: I will vote for in.
DR. LUMPKIN: Okay. It has been moved by Clem that these two references be removed. Is there a second?
MR. GELLMAN: I second.
DR. LUMPKIN: Moved and seconded. Is there further discussion? All of those in favor of removing these two references, raise your hand.
[There was a show of hands, and the motion was approved seven votes to two.]
DR. LUMPKIN: I assume that everyone else abstains. They are gone.
I think that takes us back to page 36. Under E, improvement of drug data capture and use through: 1) requiring the Food and Drug Administration (FDA) to make publicly available in an easily accessible format national drug codes data base registry information.
Under 4 C, Four is the heading, "For each standard recommended by NCVHS, commit funding for:" under C, "ongoing governmental licensure or comparable arrangements."
Under 5, it was rewritten to read as follows: "Support demonstration of the benefits and measurement of the costs of using uniform data standards for PMRI that provide for interoperability, data comparability, and data quality. Areas in which value should be demonstrated include ability of clinicians to care for patients, clinical performance measurement, use of practice guidelines, reduction in medical adverse events, and public health surveillance and intervention.
Under 6 A, "Support increases in funding for research, demonstration, and evaluation studies to: A. Promote data capture systems that can make it faster, more economical and more accurate to collect clinically-specific information once, at the point of care, and enable use of these data for multiple purposes such as for payment, quality improvement, public health, and research."
MR. CARTER: John, I had an earlier change that we went over, but I have what I think is a minor editorial comment on, but I am afraid to -
DR. LUMPKIN: Where is that?
MR. CARTER: Page 24.
DR. LUMPKIN: Okay.
MR. CARTER: Under privacy, confidentiality and security. Second paragraph, which now reads, "There is public concern that PMRI in electronic form may compromise an individual's privacy by reducing its confidentiality due to the limited scope of the privacy protections under HIPAA.
DR. LUMPKIN: Yes.
MR. CARTER To me, that last clause, "due to" seems a little bit like a non sequitur. I think that what - this public concern that PMRI in electronic form may compromise an individual's privacy by reducing its confidentiality, I do not think that public concern results from HIPAA. What I would suggest is perhaps putting in a semi-colon so that the sentence reads, "There is public concern that PMRI in electronic form may compromise an individual's privacy by reducing its confidentiality; this public concern has not been alleviated due to the limited scope of the privacy protections under HIPAA.
PARTICIPANT: That is good.
PARTICIPANT: That is good.
PARTICIPANT: That is great!
DR. LUMPKIN: I think everybody is agreeing.
PARTICIPANT: We should have had you on the committee.
PARTICIPANT: We should have had you on the committee. You would have loved it!
DR. LUMPKIN: We now have a modified document. We have walked through all of the changes. Are we ready for a vote?
PARTICIPANT: Yes!
DR. LUMPKIN: All those in favor, signify by saying "aye."
[There was a chorus of ayes.]
DR. LUMPKIN: Those opposed, say "nay."
[No audible response.]
DR. LUMPKIN: Those abstaining, say "abstain."
[No audible response.]
DR. LUMPKIN: Jeff is raising his hand. Actually, he is not abstaining. He is not voting.
Bob?
MR. GELLMAN: I have a motion that the chairman e permitted to make technical and conforming changes in the report.
DR. LUMPKIN: Thank you. There is a motion. Is there a second?
DR. IEZZONI: Second.
DR. LUMPKIN: It has been moved and seconded that the chairman be able to make technical and confirming changes in the report.
PARTICIPANT: And to revise and extend your remarks.
[Laughter.]
MR. ROTHSTEIN: That was not part of the motion.
DR. LUMPKIN: All of those in favor say "aye."
[There was a chorus of ayes.]
DR. LUMPKIN: Those opposed, say "nay."
[No audible response.]
DR. LUMPKIN: Okay. We are done.
I would like to congratulate the committee. It has really been a labor of long and tireless effort, and we thank you.
MS. FRAWLEY: Can I say something, Mr. Chairman? I would just like to recognize Jeff Blair and his leadership during this whole process because he really put in a tremendous amount of work, and it was a pleasure to work with him on the work group.
[Applause.]
DR. LUMPKIN: I think we can probably, in a very short period of time, run through the remainder part of the agenda, or do we want to break to the subcommittees and come back?
DR. IEZZONI: we have speakers who showed up for a 1:00 start. I have told them to go away until 1:30, right, Susan?
DR. LUMPKIN: Okay, we have until 1:30 and see where we are at.
DR. IEZZONI: Well, no, our subcommittee is going to start at 1:30, and they are probably going to want to get at least a candy bar before then. I think if we could just go on and maybe try to finish by 20 past.
DR. LUMPKIN: The Executive Subcommittee has really nothing to report that is not already on your reports that you have in the committee minutes. Simon?
DR. COHN: Yes, I think the only thing from the overall Subcommittee on Standards and Security, I just want to repeat that we are having hearings on July 13 and 14 on early tracking of implementation issues, local code issues, and other things related to HIPAA administrative implementation.
DR. LUMPKIN: Lisa?
DR. IEZZONI: Just a couple of things. I think that Ed Sondik's presentation to us this morning has given pause to our subcommittee. We are going to have to think about changing the charge to be more inclusive of his concerns.
On the functional status measurement, I would like to just read into the record regret at the sudden death of one of the people who testified to us in April. Allan Meyers from BU died suddenly over Memorial Day weekend. It was a shock to all of us who knew him, and I would like to just put our regret into the record.
We did have hearings in April where we heard a little bit about ICIDH and are continuing to do that again at hearings in July, September 17 and 18th, I believe, where we will hear a little bit about how the initial rollout of training for using the ICIDH has proceeded. We will also be hearing from advocacy groups, different payer representatives, physical therapy, occupational therapy, hopefully, about their views of the ICIDH.
MS. FYFFE: Did you say payers or providers?
DR. IEZZONI: Providers. I am sorry. If I said payers, I meant to say, "providers, physical therapists, occupational therapists."
DR. LUMPKIN: Any questions on the report? Additions?
[No audible responses.]
I skipped Privacy, but we will come back to that. The Work Group on Quality?
MS. COLTIN: The only thing to report is we will be sponsoring a panel at the fall full committee meeting to talk about the national quality report effort and also some follow-up efforts on the patient safety report.
DR. LUMPKIN: Any questions? 21st Century Vision? Did you guys do anything on that?
[Laughter.]
DR. FRIEDMAN: We have the four regional public hearings coming up, and then we are also going to spend a little bit of time concentrating on trying to essentially map existing data systems to some conceptual model of the current system as well as specifically trying to deal with some of the health statistics, privacy, and confidentiality concerns.
Let me just mention, especially since there is very little time, it would be a good time to bring it up. I have also been thinking to myself, although I have not mentioned it to anybody yet, that it may be better for us not to absolutely bind ourselves into a deliverable date to a final report. Personally, I think that we would be better off trying to take the time to produce something that is as good as it possibly can rather than worrying about having it by a date certain exactly a year from now, or a certain date, as the case may be.
DR. LUMPKIN: I think that is agreeable, consistent with our project. Unless we have specific deadlines set by legislation, I think we want to make sure that we have it right.
There is not a listing for the National Health Information Infrastructure Committee which, based upon some discussion yesterday, may actually change the name of our document. I thought it was a very good suggestion. We will be sharing hearing times with the Health Statistics Division for the 21st Century, so by the fall, we expect to - late fall or early winter, complete those hearings and then complete the report with any changes to the original document and adding a section on barriers, an extensive section on barriers and recommendations to bring to a subsequent meeting of the committee.
Privacy and Confidentiality?
MS. FRAWLEY: We will be meeting this afternoon to look at the revised draft of the ICIDH, to discuss any of the privacy concerns that we may have. Lisa had asked us to take a look at that, so we will be working on that this afternoon. We will also look at the report we received yesterday from the Institute of Medicine on the privacy issues that were raised there in planning for our September meeting.
DR. LUMPKIN: Future agendas? Do we have anything that is coming up for the September meeting that we need to be aware of? Any major products?
[No response.]
MR. SCANLON: We will see where the regs are.
DR. LUMPKIN: Yes, we will see where the regs are. As mentioned, in August thereabouts, the 17th and 18th, there is an application there. The Executive Committee will be planning a retreat, and discussions will be shared, of course, with the full committee.
Lisa?
DR. IEZZONI: Could I just ask maybe, Jim, at the September meeting, whether you could get a response for our subcommittee to the Medicaid Managed Care Reports and the Insular Area Reports that we submitted several months ago? We have not heard anything, and I think it would be nice if maybe in September we could hear how those reports were received.
MR. SCANLON: Those, the Medicaid Managed Care Report and the Report on the Data Needs for the Islands are being looked at by our Data Strategy Group, and maybe I could get some, certainly before then.
DR. LUMPKIN: I think we have had a full couple of days. We have had a wonderful ceremony. We have produced three documents; one which will go to the secretary, two which have been cast out into the world for comment. I hope that everyone enjoys their summer, and we will see all of you in September.
[Whereupon at 1:15 p.m., the meeting was concluded.]