[This Transcript is Unedited]
Hubert H. Humphrey Building
200 Independence Avenue, S.W.
Washington, D.C. 20201
DR. LUMPKIN: Good morning. My name is John Lumpkin and I am chairman of the committee, the Workgroup on the National Health Information Infrastructure, and I would like to welcome you all to our hearing on a couple of aspects of the National Health Information Infrastructure.
As you are all aware, the report of the committee has now taken on a life of its own. There are a lot of people who are interested in discussing the National Health Information Infrastructure and moving forward to looking at how we can expand that vision.
Today and tomorrow we are going to be talking about two aspects, one related to the personal health record, the second, which we will start off with, is talking about the issue related to the Internet, where it is and where it is going to be going and where it needs to go, despite the fact that over the weekend it wasn't going very well. But that is how we learn is by challenging the system and then responding to those challenges.
We are going to start off with some introductions and I think we will start off with Mary Jo. Before we get started with the introductions, let me just first say that we are going out live over the Internet as we do on this committee. Please, when you speak, identify yourself and also those of us at the table, please put the microphone close to you so it does, in fact, pick up your voice so people can hear you.
DR. DEERING: Mary Jo Deering in the Office of Disease Prevention and Health Promotion. I am the lead staff to the NHII Workgroup.
DR. SHORTLIFFE: I am Ted Shortliffe. I am a member of the committee and the subcommittee. I am from Columbia University, Department of Biomedical Informatics.
MR. HUNGATE: I am Bob Hungate. I am a member of the committee and the subcommittee and work under the label of Physician Patient Partnerships for Health.
MS. WILLIAMSON: Michelle Williamson, National Center for Health Statistics, CDC and staff to the NHII Workgroup.
DR. HAYWOOD: Trent Haywood, Region 5 Chief Medical Officer, Centers for Medicare and Medicaid Services and staff to the Workgroup on National Health Information Infrastructure.
DR. YASNOFF: Bill Yasnoff, Office of the Assistant Secretary for Planning and Evaluation at HHS and staff to the workgroup.
MR. VAN HOUWELING: I am Doug Van Houweling from Internet 2, also on the faculty at the University of Michigan.
MR. BUSH: I am Aubrey Bush. I am from the National Science Foundation. I am the director of the Advanced Networking Infrastructure and Research Division.
MR. HEPETER: -- Hepeter(?), medical officer at Centers for Medicare and Medicaid Services, also staff to a number of work groups.
DR. STEINDEL: Steve Steindel, senior advisor for data standards and vocabularies, Centers for Disease Control and Prevention, liaison to the National Committee and staff to the workgroup.
DR. ORTIZ: Good morning. Eduardo Ortiz. I work at the Agency for Healthcare Research and Quality and I am also staff to the working group.
DR. FITZMAURICE: Michael Fitzmaurice, senior science advisor for information technology to that Agency for Healthcare Research and Quality, lead staff on the Secretary's Council on Private Sector Initiatives to Improve Security, Safety, Quality of Health Care, liaison to the National Committee and staff to the Subcommittee on Standards and Security.
MR. BLAIR: Jeff Blair, vice president of the Medical Records Institute, member of the NCVHS and member of the NHII Workgroup.
DR. ZUBELDIA: Kepa Zubeldia with Claredi Corporation, member of the committee and subcommittee.
MR. STRAWN: I am George Strawn from the National Science Foundation, also co-chair of the Interagency Large Scale Networking Working Group.
MR. HITCHCOCK: I am Dan Hitchcock from the Department of Energy and I am also co-chair of the Large Scale Networking and Coordination Group.
MR. FIELDS: Larry Fields, senior executive advisor to the ASH(?).
MS. JACKSON: Debbie Jackson, National Center for Health Statistics, staff to the National Committee.
MR. ESLONGA: Don Eslonga(?), American Health Information Management Association.
MS. WADE: Terry Wade on detail from CDC to Advanced Objectives for Bill Yasnoff.
MS. HARVELL: Ginny Harvell, senior policy analyst in the Office of the Assistant Secretary for Planning and Evaluation.
DR. EDINGER: Stan Edinger, Agency for Healthcare Research and Quality and staff to the Quality Workgroup.
MS. HARRIS: Linda Harris, the National Cancer Institute.
DR. LUMPKIN: Thank you.
We are going to change the order, if that is okay, and start off with Doug.
MR. VAN HOUWELING: I am happy to be here this morning. It was a nice brisk walk across from over at 6th and Pennsylvania, where I was overnight.
I noticed your remark about the Internet over the weekend. We, of course, were following that rather closely. All of you who has some background in epidemiology, which I am sure a number of you do, would probably recognize that we saw an interesting phenomenon on the network over the weekend. That is that the intensity of the infection was -- the virus was so strong that it essentially killed itself off.
When it infected a host, it caused so much damage that the host was shortly unable to continue to replicate. So, it was an interesting kind of phenomenon. We, of course, track these kinds of things very carefully at Internet 2 and as I continue with my discussion, I am sure you will understand why.
Let me, first of all, say a few words about Internet 2 and why the effort that we call Internet 2 exists. The Internet as you all know has been around for quite a long while now and when the people did the original design work on the Internet 2 -- and I wish Vint were here
-- ah, Vint, right on schedule. Well, right on my schedule. In just mentioned your name.
As I was saying, when Vint and his colleagues did the original design work on the Internet. I don't think they thought that it was going to have terabytes of data, hundreds of millions of users and that it would be used for real time interaction in multimedia and it would turn out to be so critical to our infrastructure that security would be a dominant theme.
But we have also learned something, that they did such an excellent job of designing it that we have a capability here that we have discovered can scale, that it can accommodate explosive growth and because it can serve as a common bearer service for so many different media, it can enable the convergence of information work, mass media and human collaboration, all issues that are very important to research in the health care arena.
Internet 2 as an organization is focused on the Internet's potential for our future. We develop and deploy advance network technologies and apply them in research and higher education. Along the way, we work hard to accelerate the creation of tomorrow's Internet. As you all are aware, the Internet, as we know it today, went from a research and development activity all the way to the commercial Internet that we know today.
Internet 2 is yet another spiral on this effort. Working together with our colleagues in government and industry, what we are trying to do is move from research into the capability to privatize and commercialize the new capabilities of the Internet. For instance, we at the technical level support advanced services, multicast, which facilitates conferencing and large scale delivery of multimedia, IPV-6, a net set of protocols that support many of the challenges that the network is dealing with and, of course, measurements so we can understand what the network is doing and security activities.
As a non-profit membership organization, there are more than 200 universities across the United States, 60 corporations and 40 non-profits and government affiliates. In fact, 130 of our member universities have medical colleges, members of the AAMC, which provides us with a capability to put together strong leadership teams with health care and life science foci.
We have a number of government affiliate members. The NIH and the Food and Drug Administration are both affiliate members of Internet 2. People from time to time ask what is the relationship between Internet 2 on the one hand and the federal programs on the other hand. Well, the most important thing for all of to understand is they actually work very closely together.
The government programs are, of course, led by federal agencies and they are driven by the missions of those agencies, but they also develop research test beds and advance our general capabilities in Internet technology. Furthermore, at the National Science Foundation, the Federal Government has a long tradition of being a pioneer in supporting research and development efforts in Internet technologies in the universities through direct funding of university activities.
But, of course, our colleagues at NASA, DOE and NIH and so forth have also been involved in that. That funding goes to the universities that are members of Internet 2. Internet 2 is supported by its members with a small amount of federal grant funding for particular research projects. The university led Internet 2 is, of course, focused on the university objectives. At the base, though, we have common technical meetings in which we make sure that the Internet 2 activities interface and interact in a mutually beneficial way with the federal activities.
You will hear more, of course, about those activities as the day proceeds. Now, what does Internet 2 mean to this National Health Information Infrastructure? The first thing, of course, is that we are very much about a network that provides very high band width and low latency, which means that it is a network that can be used for real time control and interaction in situations where there is a large amount of information that needs to be transmitted.
It can support augmented virtual reality and enable human interaction through telepresence. So, we are now seeing the Internet 2 environment being used for a whole series of applications, ranging from teaching to actually doing research on remote manipulation of equipment and instruments.
Finally, we are very much focused on doing middle ware work that allows for there to be easy to use but secure access to information and computational resources. In that area, we are working with our colleagues in the number of efforts around the world known as the grid. When you think about the challenge we have in front of us, scaling all the way from the atom to the organism, the issues we confront with regard to database and modeling are extraordinary.
We often hear from the high energy physicists about the extraordinary amount of data that they are generating and developing with their large scale experimental apparatus. But frankly, when compared to the amount of data that we are talking about here, the potential in the health sciences and research area is much greater. Today, of course, we are just beginning on the journey to exploring that field of data, but it will become critical that we manage that and allow it to be shared across the world.
Now, our road map for much of our work has been the NRC report that, of course, now is getting to be old and so we are very happy to continue to interact with all of you. The consensus we are hearing from the health science community is that more new information will be graded over the next two years than throughout our entire history in digital form in the health sciences and that medical science is increasingly dependent on advanced computing solutions.
We believe that along with many of our colleagues in health science that instantaneous global communication of information and in support of human interaction is the next killer application of the Internet and that research and development in the health sciences will become more and more reliant on academic and industry partnerships.
Now, we have a number of activities that we are engaged in partnerships to support in Internet 2. Let me just run through these briefly. First of all, there is a Medical Middleware Working Group. This is working on the software that sits between the network and the many applications and supports the kind of security that are required by HIPAA and also by the various kinds of authorization and credentialing activities that have to take place in this arena.
We are exploring with our colleagues in the veterinary area the whole business of allowing students at a remote location to participate in grand rounds and we are beginning to see those same capabilities now explored in human medicine as well. We are very much involved in the visible human project laboratory, which I am sure you all know about. The Biomedical Informatics Research Network or BIRN, which is an NIH-sponsored effort to actually pull together the neural scientists in their research work. Just recently at our member meeting in Los Angeles, we showed an early instance of orthopedic surgeons actually providing on line real time education regarding orthopedic surgery over the network.
Also, we are working very closely to try to streamline the whole area of clinical trials through the Virtual Tumor Board. All of these activities are activities we provide infrastructure for but they are really led by the federal and university efforts in health science. We have been working very hard together with our colleagues on security and privacy guidelines. Here is a map of the BIRN sites. BIRN is anchored at San Diego and, as you can see, has national coverage.
The Virtual Tumor Board is an activity that is undertaken in Seattle where the doctors are exploring how they can more rapidly understand and get broad consultation on tumors and radiographs and micrographs. The fact is that we are engaged in a multidisciplinary activity that requires the collaboration in all of the areas that are outlined here on this slide.
In those multidisciplinary areas, we have a number of partnerships to exploit and develop. I have listed some here. I am not going to obviously go through and list them all here today, but the reason I gave you this relatively long list is because in each one of these areas there is specific work going on that is network facilitated through Internet 2 and we now understand how critical the infrastructure is to the future of the health sciences.
Well, we will have a chance to talk a little bit more later, but this also provides you with a source for information. If you want to know more about Internet 2, you can go to our Internet 2 web page on our activities in health care. You can also e-mail me or Mary Kratz, who is our Internet 2 health sciences program manager. Both of us would be happy to provide you with any further information you would like.
Thank you very much.
DR. LUMPKIN: Thank you.
MR. CERF: Thank you. Sorry to be late. I was actually here on time except that they wouldn't let me park here. So, I wound up in some place like the Capital Gallery and walked about four blocks in the cold. So, I assumed that was your way of improving my health plan.
DR. SHORTLIFFE: I wanted to ask you to explain something to the group here because it is a point of some confusion until you hear it explained and then it is simple.
MR. VAN HOUWELING: Okay.
DR. SHORTLIFFE: An individual at an academic institution that is a member of Internet 2, how does that individual know if they are using Internet 2 rather than the commodity Internet at any given time. How do the local routers, et cetera, know? This confuses a lot of people because they get the feeling these are two separate networks and you have to choose which one to use.
MR. VAN HOUWELING: As a matter of fact, most people who use Internet 2 don't know they are using Internet 2. When they send e-mail, log onto a web site, do a video conference or something like that with a colleague at one or the other institutions that support Internet 2, it just automatically routes that traffic through the Internet 2 infrastructure.
But at the user level, the protocols are very similar and as a consequence, unless you have got a very high performance requirement, which won't work without Internet 2 infrastructure, you are not aware of which one you are using.
DR. LUMPKIN: We apologize -- since I am at a couple of days a year, I don't have to apologize.
MR. CERF: I don't think any apologies are needed, but I am sorry that I wasn't here promptly. It just happens. Are we ready to roll? Okay.
My job this morning is to give you some sense for where I think Internet is headed. You got some pretty good ideas from Doug Van Houweling's presentation about where at least one aspect of the Internet is going, particularly on the high band width side.
MR. VAN HOUWELING: But I counted on you setting the scene for that. So, I am glad you are going to do that now.
MR. CERF: So, let's do a little arithmetic, first of all. This is kind of a five year glimpse of Internet's growth from the middle of 1997 to about the middle or end of 2002. The 22 1/2 million servers that were on the 'Net in 1997 have grown to 162 million servers. That is not counting laptops and other, you know, PDAs and things of that sort.
The number of countries on the 'Net is increasing. In fact, I was pleased to see that the last country in Africa, I think it was Sierra Leone, finally got some access to Internet. So, every country in Africa has a little bit and that is a major milestone.
The number of users has gone up by a factor of 12 in that five year period, but to put it all in perspective, keep in mind that there is over 1.3 billion telephone terminations. So, Internet, in spite of its rapid growth, is still small compared to the scale of the telephone network. However, it continues to grow at a fairly rapid clip.
It is interesting to see where the users are. If I were giving this talk five years ago, the users would have been about 80 percent in North America. That is no longer true. In fact, North America represents less than a third of the users on the network. Europe is now the largest population, but it will soon be overtaken by Asia Pacific, particularly as the Chinese come on line as they are doing very rapidly.
Latin America has 33 million users. That was only 5 million about three years ago. Africa has continued to be a difficult place to install Internet services because the telecommunications infrastructure there is quite weak. In many cases, the only way to get there is by satellite. But it still continues to grow, particularly in South Africa and in the northern part of Africa and in Egypt, for example, and Tunisia. We hope, of course, to see more growth as time goes on, as the economies there improve.
So, that is the distribution. In terms of the growth in the total number of users, my estimates now are that there will be about 2.2 billion users on line by the end of the decade. You will notice that this is not an exponential curve anymore and the reason that I don't believe it will be exponential is that as the network continues to penetrate in places where the economies are weaker, the disposable incomes determine whether or not people can afford to be on the 'Net and can afford the equipment that is required.
Fortunately, the cost of the equipment is coming down. So, that helps as we go farther into places where the economies are weaker. But, nonetheless, it takes time to provide the infrastructure. So, perhaps I have a pessimistic estimate here, but 2.2 billion users is still a fairly good size number. It is more than a third of today's population.
MR. BLAIR: Excuse me. Would you be able to either speak more into the microphone or raise your voice.
MR. CERF: Oh, I am sorry. Why don't I just pull this microphone up here. How is that?
MR. BLAIR: That is great.
MR. CERF: Okay.
In terms of the number of devices that are on the 'Net, I had actually made some estimates in the chart and the yellow bars show that my estimate was about 900 million devices by 2006 would be on the 'Net. I hadn't counted on Internet-enabled mobile telephones and the side effect of that is to add another 1 1/2 billion devices to the 900 million I thought would be there so that by 2006, there will be about 2.4 billion devices on the 'Net. Now, that is in the presence of about a billion users.
So, right away, we have more devices on the 'Net than there are people and as we progress in this talk, you will see that I believe that that trend will continue and that there will be an increasingly large number of devices per person on the network as time goes on.
It is pretty clear, particularly once you heard from Doug Van Houweling and what you know perhaps of the industry, that the backbones of the Internet are increasing in speed. Today, they typically run at 10 gigabytes per second. Some of them are approaching 40 gigabytes per second, although there are some physics problems that make the 40 gigabyte speed not as attractive as the 10 gigabyte speed.
The simple story there is that you need repeaters at more frequent intervals to handle the higher speed transmissions and repeaters take up space and power. So, until you can avoid that, we typically wind up using 10 gigabyte per second per channel on a fiber. But there can be up to 160 different callers being transmitted on a single fiber, optical fiber.
So, even at 10 gigabytes a second, a single fiber can carry 1.6 terabytes per second of traffic in parallel and at 40 gigs, you are talk about 6.4 terabytes per second. So, a fiber cut can have quite a big effect on the traffic going across the system.
Having a high speed backbone is not really much help unless you have high speed access to the 'Net. You heard the term "gigapop" in Doug's presentation. There are interesting new high speed technologies for connecting to the 'Net, Gigabyte Ethernet being one of them. It has two flavors, 1 gigabyte and 10 gigabyte. It typically requires an optical fiber to carry traffic at that data rate.
In the longer term, I am anticipating that we will reach the point where it no longer is possible to look at every single packet that is flowing through the core of the network to decide what to do with it. There will be too many of them flowing too fast. You may have a nanosecond or two to examine each packet in the aggregate and that is not enough time.
So, the side effect of increasing band width is probably pushing us towards optical switching. All that means is that the packets at the edge of the 'Net will be groomed to flow onto a particular color of light and the optical switches will simply switch photons. At this point, you don't need to know what the packet boundaries are or anything. You just need to know what color is the light. Where do I send it now and that speeds things up.
So, in the core of the 'Net, we may not have to do packet switching anymore.
Finally, one of the most visible trends on the 'Net is wireless access. I am sure many of you have heard the term "Y Phi" or "802-11." It is a very popular 2.4 gigahertz and 5 gigahertz technology.
802.16 is a newer technique for sharing radio spectrum, using the code division multiple access method. Ultra wide band is another area of examination where very wide ranges of frequencies are used to transmit data at high speeds. Up until now the FCC has been a little reluctant to allow this kind of use because they have been careful to allocate frequencies to given functions.
Ultra wide band covers frequencies that are dedicated in the past to specific functions, but the idea now is to see if we can share the spectrum more efficiently. There are third generation and fourth generation cell phones that have data rates that are up in the megabytes per second in terms of carrying information.
So, those trends are all feeding Internet's growth. One of the most important commercial transformations that is happening is to use the Internet to carry voice or other audio. I am sure you have all heard streaming audio and maybe even seen streaming video --
DR. LUMPKIN: You are actually on streaming audio right now.
MR. CERF: I am on streaming audio now. I am streaming my head off, right?
What is interesting about the technology, the telephony on the 'Net, is that its economics are quite different from traditional circuit switched technology. SIP means session initiation protocol. It just happens to be the technique that is used for setting up and tearing down calls on the Internet.
It is actually an extremely general protocol and the reason it is so interesting is that it is the kind of protocol that you use to allow devices to negotiate with each other exactly what kind of service the one device is expecting the other to supply.
It is sufficiently general that it will almost certainly be used not simply for setting up and tearing down Internet telephone calls, but for controlling devices. I can easily see in the medical field a variety of systems that are interacting with each other using this very general and expansible protocol.
However, the point I wanted to make here is that the telephone world or telecommunications world is being stood on its head. The economics of Internet telephony lets you bill at fixed prices, rather than price per minute. That is a huge change in the industry. So, there is going to be a period of turmoil between now and surely the middle of the decade, if not the end of the decade when companies that supply telecommunications will have to learn a new paradigm for providing service and figuring out how to reduce their cost.
There is another technique, which has been developed by the Internet engineering task force called ENUM(?) and what it basically lets you do is to associate a telephone number with a domain name. The side effect of that is that you can -- if all you know is someone's telephone number, if that person is registered in the ENUM portion of the domain name system, it will be possible if that person wishes to find not only his telephone number, but also his e-mail address or his fax number or his cell phone number, whatever it is that you want, so that this way it will be possible to communicate with people, other than simply by calling them on the phone.
What is interesting is that you could cause -- you, yourself, could decide how you want your calls to be handled. If somebody discovers they want to call you on the phone, you could divert the call and have it sent to your pager. You could have it sent to a fax machine to leave a message for you, a written message. There are a variety of things that this kind of technique will allow you to accomplish.
More generally I am expecting to see very large numbers of Internet-enabled devices on the 'Net and you have already seen many of them, web TVs, palm pilots, mobile telephones. The video games now are becoming Internet-enabled so that kids can play these games in groups scattered across the network as if they were participating in the same room.
There are even Internet-enabled picture frames. They are very simple little devices with enough memory in them to keep maybe 20 or 30 images and they periodically dial up through the telephone network to the 'Net and go to a specific web site that is associated with -- each picture frame has its own specific web site or web page. It asks should I be downloading any other images.
I have one of these in my office. I have it at home. I have scattered them around my family around the United States. We sort of keep each other up to date about what is happening with the kids by taking digital pictures, uploading them to the appropriate web site and those are picked up and relayed to the picture frames. But you can imagine all kinds of other techniques that would allow you to put any kind of information.
So, now they put news. They put weather reports, you just pop it out onto the picture frame. What is interesting is the picture frame has only two buttons. It has one button to control contrast and the other button says please go look on the 'Net and see if there is anything new. If you don't push any buttons, it will periodically wake up and say I guess I should go check, maybe every 24 hours.
There are Internet-enabled refrigerators for sale now, too. They have liquid crystal displays and touch sensitive liquid crystal displays. Some of them have bar code scanners. So, the refrigerator now knows what it has inside of it. So, while you are off working, it is surfing the 'Net, looking for things it could make with what it knows it has inside. When you get home, you see recipes on the display.
The Japanese have developed an Internet-enabled bathroom scale so when you step on the scale, your weight gets recorded and it becomes part of your medical record. Of course, if the refrigerator gets the same information, you might come home and find diet recipes coming up on the display. I can imagine going shopping and having the refrigerator page me saying, you know, don't forget the marinara sauce. I have everything else I need for spaghetti dinner tonight.
The Japanese and the Dutch are Internet-enabling cars with the global positioning satellite receivers. The side effect of Internet-enabling devices is perhaps captured well in a simple scenario. You are driving down the street. You have your Internet-enabled mobile phone with you. The car has a global positioning satellite receiver and it has a wireless local area network.
There is a navigational display, which has its own Internet address. There is an on-board computer and you make a phone call through the ordinary voice network to a computer that also happens to be on the Internet. And it understands speech. This is perfectly normal because today, in fact, this is a common practice to have machines that understand speech.
So, you say where is the nearest Thai restaurant and the computer you are talking to, once it understands what you want, has found out where you are because your cell phone got that information from the global positioning satellite receiver and relayed that information as data along with the voice. So, the computer that understood the voice then goes out on the 'Net to a geographical index database server and says here is where my customer is. Where is the nearest Thai restaurant? Gets the information back and says in your ear it is two blocks up and to the right. But it sends a map to the navigational display because it knows what the Internet address of that is.
Then it says, well, do you want to see the menu or would you like to place an order or do you want to have a reservation. The thing I want you to take away from that scenario is not the specifics, but rather that a collection of devices with Internet addresses on them were capable of interacting with each other, being assembled briefly to perform a complex function for you and then go off to serve other people.
So, this notion of drawing computers together to do something and then go on to other things is a very, very powerful notion and I believe it will be increasingly common. At the bottom of the slide you see Internet-enabled wine corks and Internet-enabled socks. Since I am short on time, let me just mention the sock thing because it is relevant to the medical field.
I am sure you are aware that clothing is being developed that can sense vital signs, whether it is pulse rate or oxygen levels or, you know, breathing rates or things of that sort. So, I got to thinking what it would be like if you had Internet-enabled clothes in general. So, thought, well, let's see if I had Internet-enabled socks, the first thing I could do would be interrogate my sock drawer and I would get back a report saying that there are 17 matched pairs of socks in the drawer and one sock is missing. Sock No. 144L is not in the drawer.
So, you would send a multicast around the house and you would get back a report from the sock that is missing saying, hi, this is Sock 144L. I am underneath the sofa in the living room. So, I have solved the problem of the missing sock, which I think is a tremendous contribution.
Now, like all clever ideas, though, every engineer has to remember that there is a downside. So, I got thinking of a different scenario. Some guy is -- well, he is wearing his Internet-enabled and he calls his wife and says, hi, honey, I am going to be working late in the lab tonight. There is a brief pause and then she says, well, that is nice sweetheart. It is odd, though, because your shirt is down at 19th Street at the bar. So, maybe this Internet-enabled clothing is a dumb idea and we shouldn't pursue it.
Let me outline some major issues that I think we are facing in the Internet world. One of them is clearly reliability and availability. If you are going to apply this network to the kinds of things that you do or your colleagues do, it has to be reliable and it has to be available at all times. I am sure you are all aware of the major worm attack that took place over the weekend. It was a fairly intense attack. On the other hand, people were able to respond pretty quickly to it.
But I am still not satisfied that we have an infrastructure that is sufficiently reliable and available for you yet. Security, Doug mentioned, and I will, too, it is a huge task ahead of us to secure all of the Internet infrastructure, whether it is the routers or the domaining system or the servers and clients that are at the edge. There are many, many places where reliability can be breached -- or I am sorry -- where security can be breached.
I don't have to tell you how important personal privacy is in connection with the health care industry and once again technology and practices will be critical. Another big challenge that Doug mentioned, too, is the deployment of IP Version 6. We need it because the current address space at IP Version 4, which is what you are running now runs out at 4.3 billion addresses.
Since I think we will be at 2.4 billion by 2006, I am concerned that we move to the larger address base, which handles 10 to the 38th addresses, which I think should be enough until after I am dead and then after that it is somebody else's problem.
Finally, just another example of the major issues getting people or things authenticated so we know who is transacting what with whom and plainly for access control to information that is important for remote control devices, for remote surgery if there ever is such a thing. One would clearly want to make sure that the n points that are understood and known to each other so that we don't have a 15 year old taking over the surgical theater. That would not be a good thing.
There are some huge policy problems ahead. The most obvious ones that I am sure you have all seen have to do with intellectual property protection, whether it is music or books or movies and the like. I think we have beginning to see the same transformation that occurred when the Xerox machine came along. People are struggling to understand how this digital world changes our understanding of intellectual property. Fair use is going to be redefined almost certainly as a consequence.
There are rabid fights over trademarks and domain names. Those two notions are in direct conflict with each other. The trademark is not unique. More than one party is allowed to register a trademark and use it, as long as they are not conflicting in business or don't create confusion. Unfortunately, domain names have the unique property that they have to be unique and only one can have a particular domain name, not two people.
So, those two things are in fundamental conflict with each other. There are huge issues associated with competition among the telecommunications carriers and Internet service providers. The FCC is in the throes of trying to reexamine the Telecommunications Act of 1996. It believes that it is moving down a path that will increase the likelihood of high speed access to the Internet. Some of us don't necessarily agree with their thinking about this.
What they are basically doing is recreating an unregulated monopoly by permitting the local exchange carriers to withhold access from any new infrastructure that they build so that any competing Internet service provider won't not have access to that facility, which unfortunately is counter to the original intent of the Telecommunications Act of 1996.
You can see evidence of concern over information on the network. Some countries, including our own, attempted to censor the content of the 'Net. It doesn't work very well. We are starting to see some very peculiar national efforts. In Panama, for example, my company was instructed to block the ability of the network in Panama to carry Internet voice because it turned out that the Internet were not generating any revenue for the country; whereas, the conventional international calls had a settlement system associated with them.
So, the Internet voice was actually essentially taking money away from the Panamanian Government and, oh, by the way, Cable Mileist(?), which is the party that was running the PTT there. So, we did as we were told, but anyone who understands how that stuff works can work their way around it. So, eventually this is not -- this notion of blocking and censoring things on the 'Net is not going to work very well.
Finally, just as another policy issue to put on the table, as Doug was talking about the collaborative activity in the medical profession, I wonder about the licensing problem. Am I practicing medicine out of state as I consult in these collaborative environments? I don't know how that is going to get resolved but I suppose that is going to be something you have to worry about.
Some of the challenges we face, scaling to billions of devices, making the system more resilient than it is now, making sure that the services that are on line in real time are safe and, finally, achieving cost savings in the health care transaction processing business, which I believe the government will enlarge proportion in our total health care bill.
I thought I would spend just a couple more minutes, if it is all right giving you a slightly longer view of what is going to happen to the 'Net. What I am about to tell is not a Worldcom activity. This is something I have been doing with the Jet Propulsion Laboratory for the last four years.
You know, that we have been exploring the solar system for a long time and Mars has been one of our major targets. You remember the little rover that went to Mars in 1997, the Pathfinder Mission. We now have a new mission, which is about to be launched in May and June of this year. The rovers are 150 kilograms each. They are going to be landing sometime in early 2004 on Mars.
But the reason I bring this up is that they will be Internet-enabled. We are going to be -- we have been developing an interplanetary extension of the Internet with the intention of supporting robotic exploration of the solar system in a more efficient way than we have in the past. So, this little rover is actually quite a bit more sophisticated than the one that we saw in 1997.
There is more here, but -- well, actually I can't resist showing you the reentry method. Here is the -- the rover is entering the Mars atmosphere. There is an ablative fuel and you can see it starting to burn. The parachute will deploy. There is a thin atmosphere in Mars, but it is possible to use it to slow down the landing craft.
The shell of the reentry vehicle blows away and inside of it is a device that blows up into a huge number of balloons that surround the device. Now, I don't recommend this for human landings, but the little rovers seemed to survive okay in 1997. So, we are going to use the same technique for this one.
So, what we are expecting to do -- we have now developed a new set of protocols that can work over interplanetary distances. TCPIP does not work when the round trip times are 40 minutes to 40 hours. So, you can imagine clicking your mouse and waiting for a rather long time for the first bit to come back on the web.
So, we have had to develop a new set of protocols that we now are on the fourth iteration of. We now have prototype software. We are starting to deploy a little bit of it, at the littlest link level, in the new rovers that are going. As the decade wears on, we hope to have more and more of the robotic systems fully enabled for interplanetary operations.
We are going to use standard Internet on the surface of the planets and on the spacecraft because that works just fine in the below delay environments. So, that is where we are. Of course, in the long term, we hope to build up an interplanetary backbone as new missions are launched, each of them carrying a little bit of the interplanetary protocols on board.
These web sites are sources of information that you might find of use. My search up web site has lots of pointers off to interesting places. If you are interested in following the interplanetary work, the next to the last web site is www.interplanetarynetworkspecialinterestgroup or IPNSIG.ORG, which is a special group of the Internet Society.
I certainly invite you to have a look at those sites and I am looking forward to the rest of the day's discussions.
DR. LUMPKIN: Thank you. Thank you very much.
MR. BUSH: I am going to violate one of the basic tenets of the Internet, which is never follow Vint Cerf on a program. I can't resist one anecdote. Vint was talking about the GPS capability in the automobiles. There was an article in a business newspaper in Atlanta a week or so ago. A fellow there has just given his daughter her -- a teenager -- a new BMW GPS-equipped, wirelessly connected so the car signals dad when she leaves home and signals him again when she gets to school, can potentially if he queries it, tell him where the car is anyway at any time and also signals him, I think, if she ever exceeds 80 miles an hour and that kind of thing.
She seems very pleased to have the new BMW, though. That is, I guess, sort of extreme. From having raised a couple of daughters myself, a better strategy may be simply to not ask any questions you don't want to know the answers to.
Let me tell you some of the activities that the National Science Foundation is undertaking now. In the Networking Division at the Foundation, it historically goes back to the eighties when ARPANET, which Vint was involved in, sort of walked into NSFNET and began to spread into a much broader group of users, actually attract enough commercial attention that the commercial Internet basically took over in the early nineties and the NSFNET was phased out around 1995. That was followed by high performance network connecting supercomputer centers and some other sites that, again, became a much wider spread high performance network, which Vint in fact is PI on.
The program is in a three year no cost extension phase, which ends in April and for the last several years Vint has been the PI on that. The community has through the Internet 2 consortium, which Doug Van Houweling was telling you about earlier, has created an a network, the Abilene Network, which I will say just a bit about further downstream. So, the Networking Division has been involved basically in the expansion of networking activities from a research curiosity into what has become a necessity in life, I think. They have comments about how widespread it is and what the utility of it is.
One place where I use the Internet voice, for example, was things weren't broken here in Washington on 9-11, but the telephone system and the cell systems were all saturated. My wife lives in Atlanta. I wanted to tell her I was okay. I managed to make an Internet call to a gateway in Tennessee and then make a regular call from there to Atlanta to let her know I was okay.
A number of people found that they were able to notify people either with e-mail or with voice over the Internet on 9-11 to convey information, which was convenient for their families anyway.
Let me tell you about the infrastructure programs that are underway at the National Science Foundation in the Networking Division today. I have a list of them here. There is a middleware -- I will say a little bit about each one of these -- middleware program. Still a small high performance network connections program, strategic technologies for the Internet and then two programs, which are just getting off the ground, which will be announced very shortly, although the announcements for these programs are still in the approval process in the depths of the Foundation, the experimental infrastructure networks and research test bed networks.
The network middleware, this is software, which is common to multiple applications. What we found is that even though we have available high performance network backbones, that doesn't really mean that it is an easy one to develop applications that use those backbones and it doesn't mean that things are always going to go smoothly. It doesn't mean you are going to get the performance that the backbone can provide unless you have tuned the, for example, TCPIP parameters of the end stations to take advantage of the network that is available to it.
As many of the scientific disciplines are coming to use the power of computation as an essential tool -- computational biology, for example, is becoming very important. In almost any field, the power of computation is becoming an essential feature of research. As we develop applications for that computation and for access to the large databases that the various disciplines want to use, there is a lot of middleware, which can go between the network and the application that is common to the various applications and doesn't have to be reinvented in a stovepipe sense for every application.
So, what we have is a program, which is attempting to design , develop and deploy and support a set of reusable and expandable middleware functions and services that benefit those applications. The hope is that this will enable things to progress more rapidly and more transparently and that we could have an effective collaboration. Grid technologies is one of the things that is moving ahead. The idea of a grid is that they are computational resources distributed at various sites in a grid. Sometimes the analogy is made with a power grid. Users are certainly distributed geographically and so for distributed users to have access to distributed resources and to interact with each other with advanced services certainly has a potential to expedite research and education.
I think this is very important. Education and health services are two of the key things that we need to improve the quality of life and I think the network and in particular in my opinion the middleware type things that can make that possible are things that have to be in place in order for that to become widespread, as well as broad band access in the last mile.
So, middleware then is the software that makes things transparently used, makes this idea of transparently using things happen and we have a program now, which we are investing about $10 million a year on, which is now entering its third year and we are -- we hope that it will have some successes there. Grid computing, public key interface infrastructure for authentication and so forth are two of the first leading edge components of that middleware that are being developed.
We still have a small connections program. Early on, when the vBNS was just getting off the ground, we established a connections program to enable a large number of research universities to connect the vBNS and to Abilene. As things moved along, the vBNS evolved from a research network into a commercially successful venture, vBNS Plus, and the R&D community has developed on its own as a grass roots bottom up development, the Internet 2 consortium, which Doug heads, and the Abilene Network, which it operates as a very high performance network for that community.
There are still about a $2 million a year program in high performance network connections to enable primarily to this point smaller schools and institutions, who have applications that require at least 45 megabyte connections that can take advantage of the high performance backbone, Abilene and still in a few cases, the vBNS to do so. So, we are still managing to add maybe a dozen new participants a year generally in partnership with some of the research university participants in the Abilene Network.
The strategic technologists of the Internet, again, this is about a $10 million a year program. This year from budget constraints, we will limit it to about $6 million. It focuses on -- it is a research program, but it focuses on things that have a potential to impact the Internet infrastructure in a three to five year time frame.
A couple of projects that I will just mention, there is an HPWREN, high performance wireless research and education network, in San Diego area that is using unlicensed bands, that is using line of sight microwave links that are commercially available. It is providing 45 megabyte connectivity wirelessly in areas that are difficult to get to. It is providing a 45 megabyte, for example, for Mt. Palomar Observatory.
It also provides wireless connections into a number of Native American communities in the area there east of San Diego. It provided for the first time Internet access into those communities. That has turned out to be exciting. It is providing wireless access for instrumentation associated with the Scripts Oceanographic Institute there to bring data from remote instruments back into the laboratory. Some of that, in fact, is actually off shore at this point.
So, over line of sight links demonstrating the capability of wireless to get us some moderately high band width connections into remote areas. There is also a Web 100 Project, which is focused on determining the -- making network measurements to determine the state of the network and use the information from the network to fine tune the TCPIP parameters to allow applications to get the maximum performance that they can for particular applications on a high performance network.
So, those are just a couple of examples that focuses on innovative access technologies right now as we think that is one of the key areas. Vint mentioned Gigabyte Ethernet and we have seen the crunch in the dot com industry. We made promises that we haven't fulfilled, I guess, but if you stop and think about it, if you had a gigabyte in and out of a hundred million homes, that is a lot of zeros. I am not sure there would still be any band width excess fiber glut if we could manage to pull that off.
Internationally, we have connectivity through StarTap facility, which started out as an ATM switch in Chicago. It is now gone to a 10 gigabyte Ethernet interchange point called STARLight, where people are bringing wave links from Europe and from Japan. The international connections that we support financially are through programs called the TransPac, which has partners with the Asia Pacific network. There now are two 622 megabyte links to Asia going into Japan.
The EuroLink Project provides connectivity into Europe and there are, I believe, three 622 links involved there at this point. NOCANET(?) is a high speed -- I think right now moving toward 155 megabyte if it is not already there, connections into Russia, into Moscow. There are other international connections. These are the ones that we have been providing some financial support for.
We are moving into the future now into a three-tiered network model that the top level is the operational research network. This is the Abilene Network that Doug has described and the new efforts that we are just getting underway of what we call experimental infrastructure network and a network research test beds.
Abilene is an operational network and it is supported by the community. As a matter of fact, we provide support for focused activities originally to enable universities to connect and now to through things like the Web 100 Project and the middleware activity, to try to accelerate the development and enhance the performance of it, but the Abilene Network is an essential tool. The research and education community really couldn't function in today's environment without it. So, it is really a 24 by 7 network and it has many industrial parties, including one state partner. The State of Indiana supports the network operations center financially in Indianapolis.
The experimental infrastructure network is something that we don't anticipate interconnecting, the large numbers of sites that the Abilene or Internet 2 does, but we anticipate it being driven by advanced applications and cutting edge technologies. There are many applications that can take advantage of network features that can't be provided in a 24 by 7 operational network today.
Some of those features would be ultra high speed rapid reconfiguration. Some of the applications are in high energy physics or in astronomy or atmospherics and we anticipate the network being driven by those high end applications, other high end applications other than just those.
And we anticipated being a partnership with industry so that vendors would be able to have an opportunity to try out new equipments that are not really ready for prime time, not ready for sale, not ready for 24 by 7 guarantees, but nevertheless working it well enough to be in support -- be used in support of applications and used in a trial basis then.
The research test beds on the other hand, there might be a number of these. We will see what we get in response to the announcement this year. We want an opportunity here for things to be driven by cutting edge networking research, want an opportunity to experiment with technologies that may be disruptive. We anticipate wireless and optical technologies, perhaps some Sensinets(?) and things that will improve not only things in the long haul area but also in the access area.
So, that is the picture of where we are moving with things at NSF now and I thank you for your attention.
DR. LUMPKIN: Thank you very much. It is very interesting and thought provoking series of presentations. I think I will probably pass on the socks for right now, but, Jeff, you had a question?
MR. BLAIR: Could you help me -- and I guess, Doug, you addressed this and our last testifier addressed this a little bit as well and maybe, Vint, you can chime in also. I get the impression that work is being done to help include aspects of authentication with public key infrastructure technologies for -- which might be helpful for accreditation of health care professionals, maybe even accreditation of other caregivers and maybe even patients, where you are beginning to look at seeing how you could integrate that into the upcoming infrastructures like for Internet 2. Could you just help me understand what is happening in this area better?
MR. VAN HOUWELING: The fundamental effort here is to make sure that we have a standard way of authenticating users of the network and then allowing that authentication to be also on a standard way to support authorization to use particular facilities.
MR. BLAIR: Since I can't see you, is this Vint or Doug or --
MR. VAN HOUWELING: This is Doug.
MR. BLAIR: Doug. Thanks.
MR. VAN HOUWELING: Vint stepped out here for a moment.
MR. BLAIR: I never knew.
MR. VAN HOUWELING: He was quite quiet about it.
The fact is that as all of who use the Internet know, we have to authenticate ourselves to almost every service we get on the network separately.
Vint is back now.
So, you have to give every new person that you are going to buy something from your credit card information over and over again. You have to have a separate password, a separate user I.D., essentially for everybody that you work with in the research community.
We also suffer from that. If you work at several different institutions, chances are you need a separate identification and a separate password for each institution you work at. This is all a barrier to using the network in a convenient fashion. Furthermore, the fact that you have to keep all this stuff around means that you don't secure it very well because it is impossible for you to remember it all. So, you inevitably put it someplace that somebody who is diligent enough could find it or you use simple kinds of passwords and so forth that are fairly easy to discover.
So, the work we are doing together through sponsorship with the National Science Foundation and its network, this National Science Foundation middleware initiative is designed to create a secure and standard way to both authenticate and then share the authentication across organizational boundaries. So, we now have in place at a number of universities in beta testing a software that allows an individual at one university to authenticate to that university and then assuming the other university has provided access to then use that authentication to access informational facilities at another university without reauthenticating.
We expect as a result of the work that we are doing collaboratively also with the grid community that within -- I think probably within the next couple of years, researchers will routinely be able to authenticate at their local institutions and use facilities and access information all across the world. That is the objective that we are trying to achieve here.
MR. BLAIR: Clarification between credentialing certification and authentication. If you use a process of certifying where you have background information on individuals that they happen to be board certified in a particular area and that they are affiliated with a particular hospital, that is all certification and you can wind up using public key infrastructures for that, but there is the other piece, the other exposure on that, is would someone without some type of biological authentication be able to wind up saying that they are that person?
So, does this -- are you matching this up with some kind of biotechnical authentication to complete it?
MR. VAN HOUWELING: As a matter of fact, this technology is independent but parallel to the various technologies that are used -- ensure that you are you when you are on the network. Typically, the way things operate is that you can only be authorized through these systems to use facilities and information up to a certain level with more casual kinds of personal identification.
When you actually get to the level where you need to have very secure -- access to very secure types of instruments and so forth, then, in fact, the best practices today are to make sure that there is something that identifies you biologically, something that you carry with you that only you can have and also something that you remember so that you get multiple ways of making sure that the person who is at the network port is who they say they are.
For most uses, you don't need all of those levels to enable information access.
MR. BLAIR: How soon do you think that this capability will be available to the health care profession at a reasonable cost?
MR. VAN HOUWELING: As I said, my hope is that we are going to see -- there is work going on. Also, I have to say in industry, the Liberty Alliance, various Microsoft efforts, those activities are beginning to converge with regard to standards. So, I am hopeful that within the next two or three years you will see these kinds of capabilities widespread in the Internet. I want to make sure to caution you, though, that simply being able to share authentication information does not necessarily mean that we have solved all the problems of securely identifying people who are at terminals.
Vint was going to say something about that.
MR. CERF: Thank you.
A couple of comments about this. We struggled for almost -- well, let's see, since 1977 with this whole public key cryptography mechanism, which looks so attractive and yet it has not taken hold, except in certain areas that turn out to be almost invisible. Whenever you are surfing the net, for example, your browser will often exchange public keys with a server site in order to secure the communication. However, that is not something you have to engage in because the only purpose behind the exchange is to make the information flow over the net in a confidential way. It is encrypted. That is very different than trying to figure out who is on the other end.
I came in a little bit late in the conversation but I want to draw a distinction between authentication an d authorization and I am pretty sure you made those distinctions.
With regard to biometrics, let me caution you about some examples of things which would be mistakes in my estimation. For instance, some people would say, well, let's take a fingerprint and let's digitize the fingerprint and let's use that as your identifier or two fingerprints or something like that. There are occasions when these identifiers get compromised. I mean, this happens with the non-biometric identifiers.
Usually, what you do when an identifier is compromised is you discard it and you just generate a new one. You get a new I.D. in effect. Getting a new finger is a bit of a problem. So, what we would suggest is that if you are going to use biometrics as a primary source of identification, that you combine it with some other thing, like a random number, which can then be dissociated from the finger and a new one associated with it so that you don't wind up having to cut people's fingers off to claim that their identities have been compromised.
MR. BLAIR: It seems to me, unless -- you know, correct me if I am wrong -- that we need certification. We need then in addition to the certification for real authentication, we need biometrics, plus we need verification, which is what you are saying, some other independent form. So, we virtually need three elements. Is that correct?
MR. CERF: I am not sure that I would put it that way, although I certainly agree that if you are going to decide that someone should be authorized to do something that you want them to be certified. You want to know -- so, having done that, now the question is is the person I am dealing with the one that got certified. You need authentication for that and the authentication mechanisms are much as Doug mentioned. Sometimes it is what you have and what you know; for example, a Smart Card, with cryptographic information inside, which has been generated by the card itself.
It is very common now to take a Smart Card and have it generate both halves of the public and private key and keep the private key inside the card and never let it go anywhere. That card now becomes a mechanism for digitally signing things, which is a way of authenticating yourself.
MR. BLAIR: Exactly. Could I just add one last question to my thread of questions here? That is the extension that you just is to, which is digital signatures that are authenticating that a particular document has not been altered or changed in any way, tied to the authentication, which some people would call an electronic signature. Could you help me understand where we are in achieving that threshold?
MR. CERF: Actually, the digital signatures for protecting document integrity is a very developed process at this point is being used in a number of system, one of them in the copyright office where you submit digital objects and they get digitally signed, so that later when you want to find out if it is the copyrighted object, you can verify it by doing the computation on the digital signature. That technique, the mechanisms for it, are very well worked out.
The thing which I found fascinating is that companies like Verisign(?), who have made a business out of doing various kinds of applications of public key cryptography, have been able to make a business out of this under certain circumstances, for example, with Internet or Prize(?) or within a given government agency or within the military, but they have not been able to make a business out of it for the general public.
When I asked what was the barrier, they said the real problem was the validation of the individual's credentials. How do I know who this person is? They walk in, you know, with a fake driver's license and what have you. So, the cost of doing the validation of the credentials of the individual before you issue a public key certificate that allows the individual to claim he or she is who they say they are, it is the cost of doing that that is the barrier so far for the general public. It is terribly frustrating because we could be using this technique in many different ways if we only had authentication for individuals as well as, you know, within a certain context.
Which by the way it leads me to one other observation, when Doug was describing, you know, having multiple identities, which you have today with your multiple credit cards and so on, it may turn out, whether we like it or not, that having multiple identities is going to be the only way it works. In other words, a single identity has the risk that if it is ever compromised, everything is compromised. So, there is an interesting tension between convenience, which you clearly point out would be improved if you had one to authenticate and then everything else works on that basis.
But that also is a potential risk factor. So, I am tempted to believe that in the end we will wind up with having more than one identity, partly to mitigate that risk.
MR. BLAIR: Interesting.
DR. SHORTLIFFE: I think a line of questions that we have just heard from Jeff can be generalized to the issue that I would like to address -- you know, Vint, you have painted a picture of the future and the directions we are headed in, which for anyone who works in biomedicine resonates well with notions of what the health care community and the health promotion communities are going to need over time in order to better leverage networking, especially the wireless components, given the nature of clinical practice and the mobility of people as they take care of patients and the like. We see this happening a lot.
So, both Doug and Aubrey talked about current activities at the federal level or the national level that are pushing this envelope in directions consonant with the view of the future that you were drawing. Doug, you mentioned, you know, there is the health-related subgroup that Mary Kratz oversees, but, of course, Internet 2 and UCANE(?) are much bigger than biomedicine and health care.
In the case of NSF if there is at least a perception that it would be a rare networking group in a health science center that could apply to and get support for the kind of things that are going on in health science centers with any of the NSF programs because of a sense of mismatch between the -- you know, the goals and the activities in the health care community and what NSF supports in the way of sort of basic research in networking.
I would like to get a feel actually from both Doug and Aubrey about to what extent you really see the kinds of health care issues that clearly are on Jeff's mind front and center in the way in which your organizations are anticipating the future, doing your planning. Is health care really a kind of interesting set of applications or are the needs of health care actually influencing day-to-day planning decisions or operational decisions with the way in which the technology is evolving or how you prioritize things?
I would like to know to what extent you believe that those needs are really reflected on a day-to-day basis as opposed to as an interesting application.
MR. BUSH: I guess one of the constraints early on was that when the National Science Foundation was created, of course, anything that is clinical is not within our sphere of effort. Anything that is not clinical would be. There are a lot of things in networking that are not specific to a medical environment. I would have to say in direct response to your question that, you know, we don't -- I don't think we are driven in our day-to-day activities by the special needs of the medical community, but as boundaries there between the biology group, which is a part of the activities of the National Science Foundation, and the specific needs blur, then certainly there is an overlap.
For example, we are highly interested in all aspects of collaborating at a distance, telecollaboration, and I think that is a key element for medicine as a distance as well.
So, while there are special needs of medicine that would be resident just in that community, I think, some of that just is special needs of authorization and access and privacy that most of us would like to have, I guess, about our medical information. Probably more private about our medical information than we are our financial information. So, there are some special needs there that would not be on our day-to-day activity list.
The privacy elements are because personal information of students and so on, the public key infrastructure that we are trying to get rolling now with the middleware project, with the Internet 2 group as a partner in that. We are also hoping that the National Science Foundation itself in its operational networking aspect, as we do business electronically with universities across the country will be a leader in adopting some of that as well.
Right now we can do a lot of electronic interaction, but it is with passwords that are not all that secure. We hope George Strawn, who will in the next panel, is a CIO for the foundation and maybe he can comment on some of those directions.
DR. SHORTLIFFE: Just to follow up on this before Doug responds, there is a perception of if not active collaboration and a great deal of interchange and communication in the networking interested groups between NSF and other key federal agencies involved in networking work, ARPA and DOE and NASA in particular. Has there been a movement towards similar kinds of interactions with either HHS or NIH in terms of networking planning design, networking policy, et cetera.
MR. BUSH: I think the primary vehicle for interagency coordination has been the National Coordinating Office and Dave Nelson is here with us this, is the new director of that office. There is the Large Scale Networking Committee, which works under that umbrella. George and Dan Hitchcock co-chair that group. There is representation in the Large Scale Networking Committee from NLM and NIH.
That is the primary point of exchange of information and coordination of activities. So, we try to stay aware through that vehicle of what the various agencies are doing and try to have the agencies aware of that and, therefore, able to complement and enhance each other's activities rather than overlapping in a destructive way or wasteful way.
DR. SHORTLIFFE: I am sure we will talk more about this in the next panel. Thanks.
MR. VAN HOUWELING: In Internet 2 we have several application-focused activities. One of them is in the medical area. One of them is in the engineering and hard sciences. Another one is in humanities and the arts. We typically because as -- despite what you said, we are not larger than the biomedical. It is certainly the case that our span of interest and applications is large, but, you know, we know we are an organization that has a budget somewhere in the neighborhood of $20 million and it is all contributed by our member universities with the exception of some very welcome grant money from the Foundation.
But that is probably only about 1 percent of what we do. What we have tried to do is be a good partner to institutions like the National Institutes of Health and the Food and Drug Administration. I have myself and Mary Kratz has done more of this, we come to meetings like this and we try to help folks understand the capabilities that we offer and then we ask for advice on how we can collaborate with them. That collaboration usually means that through some grant, they provide some resources to either us or to our members so that we can actually do the work on their behalf.
At this time, we have one relatively modest grant from the National Library of Medicine to do some survey work on Internet access and so forth in health centers. But other than that, we basically have one FTE working in this area in Internet 2, which is not -- I hasten to say is not allowing us to meet the needs of this community for advanced networking.
Now, fortunately, it is the case that a number of our members have done significant work, but at a meeting of the research resources organization at the National Institutes of Health -- I think you were there -- a key problem was identified that a number of the medical centers and research centers do not have good infrastructure within the centers to connect to this high performance network. So, there are a number of barriers to actually using these technologies that need to be addressed.
DR. LUMPKIN: Kepa.
DR. ZUBELDIA: One of the things that the National Health Information Infrastructure white paper talks about is the possibility for the medical records to be held or controlled, at least in part, by the individual, the patient, perhaps with a little -- ISP or another mechanism like that. In order for NHII to work in that environment, we would need some sort of naming infrastructure that could identify where your record is located, based on your name or identifier or whatever identity you take at that point.
We have a similar problem today with HIPAA. In order for the providers to send the transactions to the payers, they need to know how to reach that payer, in fact, how to reach that payer for that specific transaction because a payer may choose to go through a clearinghouse for real time transactions and through a different clearinghouse for batch transactions.
Could you talk a little bit about the naming infrastructure that supports the Internet today and how it could be used for this environment?
MR. CERF: First of all, I would not recommend using the domain name system for this purpose. The reason for that quite simply is that that binds names to machines, computers and that is really not what you want. There are some systems that are being explored now. One of them, my colleague, Bob Kahn(?), has been working on for quite awhile and has instantiated with the music industry and with the copyright office at the Library of Congress. These are essentially object identifiers.
They are potentially just very large random strings of digits but they can be -- because they can be a very big string, there can be a very large number of these object identifiers, which you will need because you will need for things to be unique. You will need for them to be known for quite a long period of time because even though a transaction may not take very long, all of the accounting that goes along with it, perhaps even keeping an audit trail of a particular procedure so that you know what was done with a patient.
That information has to be known for quite a long period of time, perhaps as long as the patient is alive. So, having the ability to assign these kinds of identifiers that are very, very big and then process them so you can find the information that is associated with them is exactly the problem that I think you are describing.
Let me give you an example from the copyright world. There is this notion of international standard book number, SBN, a similar thing for journals. You could imagine extending that notion if you have an identifier for virtually any document. That is what Bob has developed with the system that he is running right now.
What is interesting about it is that you can take this very long, almost random number and we would perform a function on it called hash coating. All that does is map the string to a particular server that knows something about where that information is actually kept. In some ways, it is like the domain name system because in the domain name world, you take a string like www.nih.gov and you look it up in a table and it points you to someplace else that says where the actual physical machine is with that name, that serves that particular domain name.
Hash coating allows you to take a much larger space and uniformly spread it across a bunch of servers. So, I would -- in the case of the copyright, the interesting problem is that copyright information has to be maintained for, let's see, something like 75 years plus the life of the author. So, this is a time period, which is more than sufficient to deal with most of the medical information I can think of that is associated with a given patient.
I don't know how to -- I don't want to spend a great deal more time right here trying to describe the details on how this stuff works, but, in fact, there are object identification systems that are being worked on in other contexts, which I believe are directly applicable to the problem of medical record keeping.
Moreover, the information can be maintained in a protected form. It can be digitally signed. It can be encrypted. Different parts of it can be protected separately so that you have some control over who has the ability to look at various parts. So, you can imagine having a lot of the information, medical information, being accessible to a broader community of people, those who are doing research worried about epidemiology and the like, while the specifics of an individual's identity might be withheld and separately protected.
So, I believe that there are some methods for dealing directly with the problem I believe you are describing.
One other comment to make about just transactions in general in the medical world. One of the problems we have is understanding what is in these documents and something that Tim Burners-Lee(?), who developed the world wide web has been working on is called the semantic web. He is using extended market language as a way of labeling the various components of a digital object.
Although this is not a trivial exercise and it is fraught with all kinds of potential traps, the ability to recognize content based on these labels and, therefore, be able to process it, could be quite helpful, especially if you start standardizing the information that is those documents in the same way that you have standardized descriptions of medical procedures for purposes of billing.
So, there are technologies that I think would address your problem.
DR. ZUBELDIA: But this doesn't address the issue of how do I find the host that serves my data. If I go to my pediatrician and they want to get the medical records of one of my children, they need to get to my computer at home. How will they know that?
MR. CERF: Actually, I would argue that that is a very bad idea. If someone thinks that by keeping your information in your computer at home that this is (a) protecting it and (b) making it accessible at will, you have now saddled every human being with the requirement to become a system operator and to assure that the infrastructure is so resilient that this potentially life saving information will be directly accessible from that person's home. I think that is a terrible mistake.
The right thing to do is to make sure that the information is properly protected, but put it into multiple 24 hour a day data centers that are backed up with power and all the other -- you know, the whole storage systems and everything else, disk arrays, that are deliberately set up to protect the information and to maintain its accessibility.
DR. LUMPKIN: Kepa just made a side comment. He is describing his home environment but Kepa is different than most of us.
DR. DEERING: I know over the past 15, 20 years, there has been a lot of discussion, first, about, you know, the last mile, then from the curb to the house, et cetera. I think we have all probably finally encountered what may be the last leap, which may be the most insurmountable of all, which is the distance between the screen and the brain.
I think for medical care, both for health care providers and for patients and consumers, it is knowledge management, rather than just the transmission of the volume itself, which is the barrier. Is there any work that any of you are doing in your middleware areas or other -- I mean, this is a problem generic to any knowledge industry. So, is there any really exciting work about knowledge synthesis and presentation that would be particularly interesting to us?
MR. BUSH: I guess at the National Science Foundation the term that is being coined is cyber infrastructure. Cyber infrastructure would involve high performance computation, high performance networking and also very large data stores and the management of those very large data stores.
The cyber infrastructure initiative is still in the talking stage. It will, I think, become a very important initiative at the Foundation. I think it is the
-- it is the thing that I feel personally that is going to be the next biggest thing that we will be doing and it will involve the data storage management. There are a number of projects that the various scientific disciplines are embarking on that will depend on that, particularly in biology and in physics. It involves more than just -- middleware involves more than just networking. It involves more than just high performance computation.
The data storage and management and availability is the next leg of things that support the whole enterprise, which I think is going to become known as cyber infrastructure.
MR. CERF: Aubrey, don't you think that that sort of gets down in the bits and the bytes and the management of large amounts of content, but I am not sure that that gets to the question that Mary Jo was trying to work on. I don't mean that as a criticism, but I think you are going after the semantic content here.
I have had these conversations before and they are very frustrating. There are for purposes of classifying documents, research documents, the medical subject headings, but those don't talk about procedures very well. They talk about, you know, the description of various pathologies and the like. But what you are also after is information about the actual protocols that are being applied for treatment.
You also need to communicate with ordinary human beings, who have not had exposure to a full vocabulary, medical vocabulary. So, now we have the problem of trying to translate in and out of common terminology. I know that Don Lindbergh has worked in that area or has sponsored work in that area in the past, as a member of the Meta-Thesaurus is one of them and MASH(?) is the second.
I believe that controlled vocabularies may be the only way that we will make much progress there, together with some very, very carefully constructed ontologies that help mitigate this gap between common usage, common language and what the medical terminology is. Then you have the problem of getting machines to understand, you know, what that all means.
So, the answer is that the AI community is I think still wrestling with that problem. Ted, you probably are closer to that than almost anyone, given your background. My sense is that we are increasing our ability to understand natural language text, but when they become specialized like this, it gets harder.
MR. MC DONALD: Yes. Mike McDonald from Global Health Initiatives.
On this point, I think there is some progress being made. Perhaps the intelligence community is doing the most amount of work there and there are substantial amounts of money going to it.
In DARPA now with the total information awareness program, a lot of it is focused in this area. I think one of the debates is the traditional AI approach is fundamental. There are fundamental barriers there and is it better to look at human machine networks so that we are using some of the pattern recognition in the networks of humans along with what we can use from the machine site.
DR. SHORTLIFFE: I would just add that nobody has commented on another element of this machine to the face problem, which is the whole issue of the cognitive perceptions of the user, which in the case of some of our user community in biomedicine -- we will leave out the professionals, although it may be just as big an issue there, but for many patients the mismatch between the way in which information is being presented today and what it is going to take to really match their mental models of their own health and their social and economic and other issues that create their perceptions is huge and it suggests a need for a great deal of cognitive work about mismatches and mental models between presentation and perception and the like.
MR. CERF: Ted, could you say something about this persistent rumor that in spite of all this, given all the information that is available on the net now and the misinformation, too, I hear patients -- doctors saying that patients are better informed than they have been in the past. Is that a fair --
DR. SHORTLIFFE: I don't think there is any question about that. They are also perhaps more misinformed than they have ever been in the past. Both things are happening and it is addressing that latter issue, of course, which is part of the concern. Physicians certainly see patients coming in with a lot more knowledge of their diseases, but they also come in with tremendous misperceptions and long lists of really rather silly questions at times because of the inability for them to adequately process what they are getting at.
NLM has tried to tackle that by a whole MedLine Plus effort just to try to produce more consumer-oriented health information than MedLine, which is, of course, intended for scientists and practitioners. That helps a bit, but that doesn't necessarily address all these cognitive issues either. It is just more trying to find the appropriate educational level and background knowledge to use it.
DR. LUMPKIN: Well, at this point, I would like to thank the panel. It was a very interesting and thought- provoking discussion and certainly raises some clarification for all of us, except for people like Kepa who have their own secure networks at home. But we do appreciate you coming in.
We are going to take a 20 minute break at this time.
DR. LUMPKIN: We are going to go on to the next panel. I am going to ask the panel members to introduce themselves and contrary to popular belief, where the committee sets the agenda, the panel has reshuffled themselves and seeing as how they know their topic better than we do, we think that is a good idea. So, thank you for that.
So, let's start off with the introductions. Dan, we will start off with you and then I will announce your other panel.
MR. HITCHCOCK: My name is Dan Hitchcock. I work at the Department of Energy in the Office of Science and we are responsible for advancing computer research and large scale networking there.
With George Strawn, I am the co-chair of the Large Scale Networking Coordination Group, where NIH actually also participates from this community and we coordinate network support and some deployment of things and test beds for the research community across the Federal Government.
DR. LUMPKIN: Okay. Ted, we know.
DR. NELSON: I am Dave Nelson, director of the National Coordination Office for IT Research and Development in the Executive Office of the President and on loan from the National Aeronautics and Space Administration.
The what we call NCO or National Coordination Office helps to keep the program that we are going to be talking about on track.
MR. STRAWN: I am George Strawn from the National Science Foundation where for the last few months I have begun operating as the CIO. Prior to that, I was in the Computer and Information Science and Engineering Directorate as the executive officer. Prior to that, I was the director of the Networking Division that my colleague, Aubrey Bush, is currently holding.
DR. LUMPKIN: Before we start off, we are going to start off with Ted first and then we are going to go to David Nelson, then to George and then Dan is going to bat clean up.
I have a meeting elsewhere in the building and I will be leaving a little bit before the panel finishes. So, if I get up and pass the gavel over to Kepa, it is not an editorial comment.
DR. SHORTLIFFE: Bill Yasnoff suggested that I kick this off with just a few words to set the scene because twice in the past, actually before I was a committee member, I came and reported on some other activities I was involved with that are quite relevant for this topic. Since some members of the committee are new, we just thought it might be good to quickly refresh your memory about those past studies. It is particularly interesting -- they are not that old. One is from 2000 and the other came out in 2001, but already I think we can see some change in the department here and in the mindset of the health care community that is consonant with some of the recommendations in the report.
So, for my summary, I chose to focus on ones related to the Internet, in particular, and as you will see, some of them I think still are areas for ongoing activity. This was the report that Doug Van Houweling mentioned that was produced by actually the National Research Council at the National Academy of Sciences.
It is available on the web at the URL that I have on there. I have a copy here if anybody wants to flip through it. Of course, you can order it from the National Academy Press if you are really interested in the content, although it is all on the web.
This was a report that was commissioned, I believe, by the National Library of Medicine primarily in which they asked us to look at the Internet and health care, which, of course, is the topic for today and, therefore, this report is particularly pertinent. There were four objectives that we were asked to address for this study. What are the necessary technical capabilities in the Internet to meet the needs of the health care community going forward?
What are the applications that will, in fact, drive those technical requirements with the right strategy for helping to assure that the health care community properly capitalizes on those capabilities and is involved in assuring that they are, in fact, part of the Internet of the future?
What, if anything, are capabilities of the Internet that are uniquely required by health as opposed to other segments of society that have their own requirements that they place on the Internet?
As you might imagine, in ten minutes I cannot summarize this book in any detail. So, I am going to just pick a few key points that seem most pertinent. Pretty much there was a conclusion by the committee that there was absolutely nothing we could think of that the health care community needed that somebody else couldn't also capitalize on and that the notion that we were totally unique in any area from an Internet perspective is probably simply not true.
On the other hand, health care introduces a whole set of complexities that are somewhat unusual and not the least of which is the rapid changes in topology of organization. Patients coming on and off. They need to be added, et cetera. VPNs won't meet the needs, for example, of lots of secure requirements that are out there because of this changing topology.
So, we do place some interesting additional constraints, although you can think of others who would benefit from solutions to those constraints as well. There is a large portion of the report that deals with the major areas of application. These are reflected in our own working group report, these six areas all being important consumer health clinical care, administering financial transactions, public health, professional education and use in the biomedical research community.
There is a lot of discussion about the different requirements of these different areas and interesting, the most intense requirements tend to fall on the clinical care area where you have broad requirements both in the band width latency technical end of the spectrum and also in access, ubiquity and reliability areas.
The findings of the report are broken up into these categories, a whole bunch of general observations and discussion about some of the organizational challenges because of the nature of health care and its fragmented distribution in the U.S. system at least, without much centralization. A discussion, a whole chapter on the technical issues with a focus on band width and latency requirements, quality of service as a major additional issue and, of course, security.
I have got organizational issues on here twice. I don't know why I did that, but policy issues is the last one and in a way the policy issues may be more pertinent today than any of the others for our discussion in this panel.
During this report, we became very aware that these are the books that the NCO produces every year, the National Coordinating Office for IT R&D. This is last year's cover and these were smaller little blue books back in the early nineties, but ever since HPCC legislation was passed and these books were produced, it has been fascinating to see the extent to which health care or biomedical topics have been part of the grand challenges that are summarized as one looks to the future of networking and high performance computing in this country.
But in spite of that, although there have been all these agencies involved in high performance computing and communications program in the 1990s, more recently in the next generation Internet or NGI efforts, the vast bulk of the focus has been on four of the agencies, both in terms of funding and in terms of intellectual participation, the activities.
If this is no longer true, I look to Dave Nelson and the LSN people to tell us that, but the rule of HHS, NIH, NLM, although they have been at the table, has been quite different I think or at least it was our impression when we did this study than the way in which DARPA, NSF, DOE and NASA have played roles and been funded through this set of activities.
There was a small amount of money that went to each of these other agencies, but the vast majority of the money went there, but also the intellectual connection was much stronger in the four agencies that is mentioned. You may say that makes sense, but I would ask why? What makes health care any different from the military or defense when it comes to the relevance of the Internet and information technology in general to their mission.
That was sort of a question that the committee asked a great deal. So, there were recommendations made in these four areas. I don't have time to go over all the recommendations but I thought I would make -- I would just summarize in two categories some of the key points that are relevant for today's discussion under technical requirements and public policy.
The key technical recommendations were, first, we should ensure that the technical capabilities suitable for health and biomedical applications are incorporated into the test bed networks being employed under the NGI initiative and eventually into the Internet. In other words, we have to make sure that our needs are understood and reflected in the design process.
And, second, that the health community ought to work with the networking community to develop improved networking technologies. In other words, we ought to not only be at the table, we ought to be intellectually engaged in the process because there is no resistance to biomedical considerations being taken into account on the part of those that are doing network planning and design. It is simply one could argue that these issues are not being raised front and center and, therefore, aren't part of the mindset as decisions are made.
The policy recommendations largely were thrust at HHS, a feeling that it should much more aggressively address a broad set of policy issues that influence the development, deployment and adoption of Internet-based applications for health care. Many of these ended up in our NHII report as well. It needs to provide strategic leadership for Internet-related efforts. It needs to assure departmental participation in national network design, technical implementation and policy setting. It needs to convene public and private bodies on Internet and health.
The four cross cutting issues affecting the various agencies within HHS -- by the way, there was a lot of discussion with HHS people that led to these conclusions. So, there are many folks within the department, who recognized that this has not been optimal in the past. These issues have not been optimally addressed within HHS.
Explore cross cutting issues, encourage information sharing among the agencies, advance the national debate on IT issues in health and create the organizational structures to ensure that policy issues are properly addressed within the department. So then, the second report, I also have a copy here -- I see a few others around the room -- came out in February 2001. Now, this was from the President's Information Technology Advisory Committee. It was not focused solely on the Internet. But as you might imagine many of the issues that came up were quite pertinent to any discussion of the Internet.
This, too, is available on the web at the URL up there at the top when you look under their various committee reports on the PITAC web pages.
I am just going to summarize the findings. I think the recommendations will be obvious as I look with you at these findings, that the United States lacks an accepted national vision for the role of IT in health care and this is in contrast to some other countries that have made a major effort to try to develop national visions in this area. Now, you could argue there is an attempt to address this very active right now that is going on but I think at the time that this report came out, it was a pretty fair statement.
A critical and enabling investment in biomedical computing infrastructure and enabling technologies has not yet occurred. The closest thing we have had arguably has been the network connections program of the NLM to try to get more hospitals on the Internet. Most of them, academic medical centers, have ended up on the Internet because their universities got connected and they get sort of back door access that way.
A number of difficult public policy and regulatory issues constrain the adoption of IT health applications by health organizations and consumers and advances in IT are critical in order for DHHS to accomplish its mission, to improve the quality of U.S. health and health care.
Next set, biomedical community relies on IT innovations produced by other parts of government. We don't do it ourselves. We wait for others to do it and then we use it. This may have adverse effects on the pace at which biomedicine benefits from IT research and the solutions may never adequately reflect the needs of the biomedical community because they are not part of the design consideration.
There is a line in one of these reports that basically says somehow or another NIH has to realize that biomedically motivated information technology research is biomedical research and, therefore, is part of the charge at NIH, not really a well-recognized notion at NIH right now.
We need a larger cadre of researchers and practitioners who understand both health and computing and communications, just the people problem that we are facing. Recognition of a suboptimal role in management of IT within the department because decentralized management constrains both the development of coherent IT vision and departmental activities applying IT and health care of biomedical research and that there is a lack of any kind of coordinated IT effort and leadership across the agencies. I think, again, we are seeing changes in this area in the last year or so.
For example, we have heard testimony about the Consortium for Health Care Informatics -- is that right? -- Consolidated Health Care Informatics. That has all happened since that observation was made.
Finally, a lack of central leadership within HHS or a centralized budget, which leaves agencies in DHHS functioning without coordination and guidance and the individual agencies in the department do not accept a mandate to support IT research and I think that applies to all those agencies within HHS with the exception of NLM that support extramural research, even if it is fundamental to their mission.
I think this has been raised very interestingly in the last year because of the issue of public health infrastructure and the role the CDC might play in supporting IT research that will support the infrastructure for Public Health in the Future, a lot of which is related to the Internet and the NHII and then the issue of whether CDC is well set up to actually provide the kind of research funding that would be necessary for that kind of work.
And you can comment on whether this is still a correct observation but it has been the observation that the department is perceived as a pretty minor player in federal information technology policy development. So, there is a quick start to what I hope will be a very interesting panel session. We have just the right people here to talk about these things.
DR. NELSON: It is a pleasure to be here. The hand held mike may slip away and if it does and my volume drops, if somebody would let me know because I know especially for those who are listening rather than listening and hearing a good voice is important.
My name is David Nelson and I am director of the National Coordination Office for Information Technology Research and Development in the Executive Office of the President. You have heard in the first panel and with Ted Shortliffe's remarks a number of the issues, the challenges.
I am here mainly to issue an invitation to HHS to work with us. The three talks you are going to hear now are myself, giving sort of an overview of the networking and information technology research and development program and then George Strawn, who co-chairs the Large Scale Networking Coordinating Group will talk about how that works and how HHS can work within it and to some extent is already.
Then Dan Hitchcock, who is also co-chair of the Large Scale Networking Group will talk about some of the technical issues that not only the Large Scale Networking Group is working on, but the other research coordinating groups within the -- and I will start using the acronym NITRD. It stands for Networking and Information Technology R&D Program.
So, my bottom line message is this is an invitation, that this is a mechanism whereby HHS can become more of a partner and participant. As a submessage, it is more than just networks. I think you already heard this morning that getting the bits through the fiber may be the easiest part. Getting them useful, reliable, available, secure, ease of use for those who aren't experts, those are still research topics and though many of the elements are in place, the final answers are far from being in place.
The Federal Government has played a critical role in supporting fundamental research in networking in IT and even though we think of fundamental as 10 to 20 years out, the Internet and computing has been so rapidly moving that many of the things we have been working on turn into practice within five years. It is kind of amazing. It is hard to see the boundary between fundamental and applied. I think as we go through this, you will see some of that. I would say that is a creative difficulty. Would we have those problems everywhere?
Federally sponsored research has helped to build the technology base for the IT industry. It is typically funded research that is too long term or too broad reaching or things that can't be captured with intellectual property or with invested capital. So, it builds the basis on which the private sector can carry on.
The Networking and IT R&D program, again NITRD, provides a mechanism for focused long term interagency R&D and information technology and as I said, in some cases, long term is five year payoff, rarely but not in an empty sense, even less, two, three years. It is about a $2 billion agency program. Each agency brings its own money to the table.
This is not a program that is like a federal giveaway for agencies. Come, there is money. Instead, it is a program where the agencies, and as long ago as in the 1980s, realize that their individual capability did not match their individual needs, that as an agency the mission needs, the research needs transcended what they could find in terms of not only dollar resources but intellectual resources within their agency.
They felt it worthwhile to come together -- this was originally in the HPCC, high performance computing and communication program, but that tradition has survived. The intellectual involvement is arguably as important as the dollar involvement. I offer that observation to HHS.
NITRD program is assessed and advised by the President's Information Technology Advisory Committee and Ted Shortliffe, the prior speaker, was a member of the President's Information Technology Advisory Committee, again, in a jargon sense known as PITAC and he mentioned this report. You have in your package also, I think, what we call the blue book and, again, Ted referred to it. And this is a fairly high level description of how the program works.
This is a wiring diagram and some of these charts are going to be fairly dense. I will not read all the words and I commend you to look at your hard copy, but at any rate it starts with the White House and the Congress and then the National Science and Technology Council and then under that is what is called the Interagency Working Group on Information Technology R&D. We could think of that as the board of directors for the NITRD program.
I co-chair that. Peter Freeman of the National Science Foundation co-chairs that. Then off to the left is the National Coordination Office, which is what I also chair and then up in the upper left in yellow is PITAC. Now, down below you have six, both coordinating groups and what we call program component areas. The program component areas, what you are trying to do in the coordinating group is how you do it.
As I said earlier, Dan Hitchcock is going to go back to some of the specifics of those. So, I am going to brush through them fairly quickly. High End Computing on the left and then Large Scale Networking, outlined in red, because that is the focus of many of our comments today; High Confidence Software and Systems, Human Computer Interaction and Information Management, Software Design and Productivity and Social, Economic and Workforce implications of IT, an IT workforce development.
I would suggest that the role of health care fits into each of these in a non-trivial way and I say health care in the main research all the way through clinical and financial and databased and so on.
The National Coordination Office, what do we do? We try to keep the CATS(?) going in approximately the same direction, even though we listen to them very carefully to hear which direction they want to go in, but they sometimes veer off. So, we help to formulate and promote federal information technology research and development in order to meet national goals.
Let me digress a bit. I could put this comment in almost anywhere, but those of us who participate in the program are all human beings. We all have health problems. We all have relatives and friends who have had serious health problems. I think Ted alluded to it and so I can only underscore it, but when we meet to figure out what the important research issues are, the things that the agencies should be working on, health care is always in our minds. We always try to think of health care issues.
For one thing, they are fascinating problems. For another, we all suffer or are for the benefit, but we don't necessarily have -- and, again, I think, Ted mentioned this -- we don't have the intellectual heavyweights at the table, who can speak authoritatively about these. So, we are trying to do them as amateurs and we would welcome the help.
I report to the director of OSTP. I co-chair the Interagency Working Group. We do coordination. We do planning. We keep track of budgets, assessments and so on and we support the technical groups where the work actually gets done.
This one really is an eye chart and I am not going to go through it, but you have it in your package. What these are some of the things that those coordinating groups work on. Just to pick one, we will do large scale networking. The issues that the large scale networking group deals with as a program component area, network access, reliability, security, scalability and management, active and intelligent networking, networking in extreme environments; applications, such as networks of sensors, grids of networks, collaboratories. You already heard discussion about collaborative technology test beds.
So, all of these are things that have a health care component and we invite HHS to be involved. I could go through the others. I will leave you to read them. We will talk a little bit about some of these issues in Dan's talk.
I always have to have a budget description. How big is this? What are we talking about? If you look, the total for 2003 -- and, of course, we are still on a continuing resolution. So, this is still not quite final, but, hopefully, it is close, about $1.9 billion. If you look in this, at the HHS participants now, we have NIH as a substantial collar participant, totaling slightly over $300 million dollars and we have AHRQ as a smaller participant, totaling just about $9 million.
The distribution of the columns is by those program component areas and I will leave it to you to do the mapping. This is just the initials. But as you can see, the biggest one is high end computing infrastructure and architecture and if you take high end computing research and development as well, it is definitely the biggest activity. That is partly the nature of what scientific research is all about. It is also partly a legacy of where the program came from, but you see a large scale networking at over 300 million as a very substantial component and then human computing -- human computer interactions and information management next biggest and the others somewhat smaller, but growing.
If you were to look at this equivalent of ten years ago, you would see quite a different program. It is a munch broader program now, much more equipped to deal with some of the social, personal, security, reliability issues that are of such importance in health care.
Let's talk a little bit about how you participate in the Interagency Working Group and through that, in the coordinating groups. The IWG member agencies, former board of directors at the IWG itself, but then they participate in the program component areas to coordinate on specific R&D goals, ensure adequate investments and maintain necessary budget visibility.
Now, the kind of things that are actually done in both coordinating groups are identifying research needs, what needs to be done. That is done together. That is it is not what are research needs for NASA, what are the research needs for NSF. We try to sit down and cover the whole waterfront. We often form workshops, work with outside groups, with our partners, Doug Van Houweling, Internet 2. They are often at our table. It is a broad net. PITAC is helpful.
It is what are the research needs. All right, given the research needs, what are the research plans? What are we going to do as a Federal Government? Of course, eventually that comes down to what agencies do, but we keep looking at each other to try to get a balanced program.
As I said, when this first came together in the mid-eighties, it was that the agencies realized their needs exceeded their capability and only by planning together and executing together could they accomplish what they individually needed. They almost got for free what the nation needed. Exaggeration, but almost for free.
Solicitations and application review. We trade reviewers back and forth. This was the intellectual involvement. So, if NSF does a solicitation in an area DOE might offer reviewers, that is mutually beneficial because NSF gets a stronger review process, but DOE knows what NSF is doing and can bring that back home. The same can happen to HHS.
Program reviews, how well are these going? What things aren't working so well? Maybe there are some outside resources that could be brought to bear. Maybe there is another activity somewhere that if you knew about it, you would do a better job. So, the interagency program review helps. Workshops of all sorts, I think research is a workshop rich environment. We don't know how to proceed other than do workshops. But they are often more informal. People sit around over the coffee or the beer. It can especially valuable. That sets the sort of raw ingredients that go then into research needs and research plans.
Also, outreach and partnering, partnering with other non-profit organizations, such as Internet 2, partnering with industry groupings, such as ITAA and as appropriate partnering with individual profit-making organizations. All of these activities are done across agencies, obviously not all agencies participate in all activities. There is a self-selection that goes on, but the availability is always there. The invitation is always there.
Now, in addition to those IWG members, we have some federal agencies -- and I just mention here FAA, Federal Aviation Administration, and USGS, U.S. Geological Survey, participate primarily as users of research as opposed to suppliers of research. Why would they do that?
Well, to identify the NITRD research that is applicable to their agency program, so as it comes along, they can harvest, but also to leverage agency research and development by offering their research needs. In other words, let's take one, FAA. FAA has serious needs for reliable software for managing the air space. Even though their research budget is very small, they influence the decisions by other agencies as to how to do reliable software.
So, this is an area where HHS can become involved as a consumer of research, as well as a generator of it. Then finally participating in test beds in standards development, test beds need people as testees. So, sometimes an advanced user, even though they are not knowing the research can be a vehicle for figuring out whether the research has actually borne fruit.
Here is contact information if you want to reach me directly. It is just firstname.lastname@example.org. We have a generally answered e-mail address at email@example.com and there is a web site, www.itrd.gov.
With that, I will stop and turn it over to my colleague.
MR. STRAWN: Well, good morning from me also, ladies and gentlemen. I am very happy to be here discussing these interesting and important matters. I guess I would begin by seconding several things that have been said. I think Ted is right, especially in the early days. There was a big four agency grouping of DARPA and NSF and DOE and NASA, which short of put their heads together really early on, in the eighties, to sort of begin popularizing the ARPANET and spreading it beyond just the small research project that it had been.
I think it meant a lot to those of us who were there at that time because we did get our oar in the water. We did know what each were doing. We did badger each other to do things that would be compatible and make a broader sphere of activity and it worked. It really worked. Maybe it is because networks have to work. You have to interconnect federal networks. They have to work and so on and so forth.
The job of the Large Scale Networking Group has always had a very practical component, as well as theoretical research. I suppose there are areas of interagency coordination that work better than the LSN activity, but I am not aware of what they are. I think we have a 15 year track record. In the early days we called ourselves the Federal Networking Council, rather than the LSN, but other than going through that name change, this is a longstanding group and I certainly echo Dave's invitation that we would love to see more HHS participation.
That is the way you find out what people are doing. That is the way you get your agenda in front of us. You have heard all the interesting stuff up to now, what is happening, what the important futures and present products are. I am just going to briefly talk a little about process, about the process of our getting together, what some of the things we have done together in the past and why you might find it interesting to increase the amount of HHS participation with us.
The LSN works by forming teams of special interest. We have had a thing now called the JET, the joint engineering team, which is the practical group, which makes the activities, makes the actual network work together. We create interconnection points that have been called different things over the years. We have promoted use of comparable standards and the like and this has been our practical test bed coordination mechanism.
The other end of the spectrum, our networking research team, brings our program officers and others, who actually run the fundamental networking research programs of the various agencies together and that is where we make heavy use of the evaluate each other's programs, provide reviewers for each other's solicitations, et cetera, et cetera.
Of course, you can pick up an awful lot of information about what is going on and what needs to be done by participating in that type of activity. Our newest working group or at least newest named and most cleverly named, I guess, the MAGIC team, Middleware and Grid Infrastructure Coordination, since middleware and grid technologies and terminologies have become quite prominent over the last several years, these turn out to be highly beneficial to coordinate among the federal agencies and the university networking activity. So, we have a very active group, which is promoting doing things in a comparable fashion. This group has attracted quite a bit of interest from the private sector, who also sees a good thing and sees middleware and grids as an important future technology and we invite them in to watch what we are doing.
That is, I guess, a good point to remind you that the Internet itself is a good example of the government/university complex as opposed to the industrial military complex in terms of where these ideas came from, how they were first promulgated within ARPA and then within the other agencies for the support of basic science and after we have demonstrated the general applicability in a broader university and government laboratory environment and then the private sector said, whoa, there may be money to be made here. Step aside, folks. Don't hold us back. And the Internet industry was created.
This is a subset of the information that Dave had on his chart. So, I won't belabor it, other than to point out that all of these agencies do participate in LSN and that NIH, NLM levels have gone up quite a bit in the last few years. So, their participation is definitely increasing.
The next generation Internet was mentioned a couple times. I will mention it just briefly for historical purposes. This was a five year project between 1998 and 2002, where the agencies marched together under this common banner with the goals that you see here below. We wanted to enhance the fundamental networking research and QoS, multicast, measurement, security, reliability, some of the now fairly traditional topics were on our minds. The test beds were the most visible portion of the activity because we wanted to increase -- actually, we stated it originally, at least a hundred sites, operating a hundred times faster than they had been because at the point of time we began, a typical university connection was a million bits per second and we did end up with a hundred million bits per second, some more than that before the process was over.
DARPA led the ultra high group on their SuperNet, connecting more than ten sites at at least a gigabyte per second. By the time we were done, we had pretty well doubled those goals of 200 sites at the hundred megabyte or above level in 20 or so sites at the gigabyte. We did also focus on applications to be run over the test beds to take advantage of the fundamental network research and so forth. You will note we categorized them into both the general enabling applications, collaboration technology, digital libraries, other general topics and then looked specifically to science applications, basic science, crisis management, education, environment and we generally have health care as one of the important components that we always mention.
I think we always sort of wish we had more participation. Just as Ted mentioned, we -- and I will tell you that the agencies tend to go out of their way to say now how can we make more seats at the table for the health care
community. It is such an important area and, obviously, so related to an important application of information technology.
Specifically, there were several ways, I believe that the NIH community benefited from next generation Internet. You have heard some of these networks mentioned before. As the next generation Internet began, the NSF had a network called cryptically the vBNS, run by Vint Cerf and his crowd for us and we began expanding academic access to that network until we had more than a hundred universities connected to it.
At that point in time, NIH didn't run, doesn't run an independent network, but at that point in time we struck a deal with NIH to have their campus connected to the vBNS. That, of course, was of particular potential use to them since now most of the university-based medical colleges were also connecting to the vBNS. So, this was all done under the next generation Internet rubric, but as vBNS was commercialized and the Internet 2 -- Doug's Internet 2 organization fielded its Abilene network, then NIH and the universities have migrated to the Abilene network. So, one of the legacies of the next generation Internet project was this tying in NIH and the medical community to the Internet 2 Abilene network.
As I mentioned, NGI has been successfully concluded. We are looking beyond -- we always look beyond. This is another good result of our getting together. Every year we have a full day retreat, where the members of the agencies come together and say what is on their mind, what the research topics are of interest to them. We also form workshops of mutual interest. For example, we just held last summer a workshop on middleware and grid technologies. We have a cyber security workshop coming up in a couple months.
Aubrey mentioned this STARLight thing, which is an all optical network of interconnecting the agencies and the university networks with our international partners and it is going to an all optical environment. Security has always been important. It is, I guess, the silver lining of the 9-11 cloud that a lot more work has been galvanized in information technology security over the last couple of years in our agencies.
This thing called grid appears in grid supported science. There are a number of projects. GRPHN(?) is an acronym you can get out of Grid Physics Network, where the physicists hope to get terabytes of data from the large Hadron(?) collidor in Zurn distributed to every physics work station in the world for distributed processing. Astronomers have something similar in mind. Dan and his SciDAC collaborators at DOE have collaboratories and a number of other huge projects that go along these lines and so forth.
You can see all the activities that we are currently focused on, prototype telemedicine applications, mobile, secure, distributed, collaboration support. In our retreat of October of this year, we came up with a bunch of key activities that we are going to be focusing on. Basic research is always there. Optical networking has been there for a long time.
Aubrey mentioned that at least at NSF we are looking at this three level business of networking, where you have got production, high performance networks, experimental that you can't rely on as much as you could rely on Abilene, but maybe we can slip some new capabilities in and then test beds for the fundamental researchers, which we are calling our research networks.
I have just italicized the three that I think are standing out in terms of an awful lot of new activity, the grid, the security, which we have been regalvanized and wireless ad hoc SensorNets and so on and so forth. I think everyone suspects this is the decade of wireless and there is a lot of fundamental research to be done, as well as test beds to be promulgated to figure out what we need to do and where we need to go and a number of the other issues as you see.
Lastly, I sort of tongue in cheek say there are a bunch of non-LSN issues of interest to the LSN agencies. Some actually are of direct interest to us. Others are of indirect. We, of course, have the bursting of the dot com bubble and some people in a recent op ed page in The Post, for example, well, the problem is not enough creativity. If we had more killer aps(?), we could get on with the next bubble, I guess.
Of course, one of the things we look to in the fundamental research has as fundamental research produced the web browser and the web itself came out of the Zurn laboratory and so on, we would expect that additional incentives for killer aps will come out of the fundamental research. The meltdown of the telecommunications industry, so-called, has some benefits, maybe some opportunities, as well as some troubles. Some of our research networking activities might actually be able to take advantage of the glut of fiber that is available at the moment if we can act with some haste on that.
Melt down in the -- I am not much of a student of history, but it does look a little bit like the railroad situation in 1880, where you have this extremely important infrastructure that is built very rapidly and over built and goes up and down and up and down. We are watching that, of course, as much as we can.
I think Vint mentioned the failure of the Telecommunications Act of 1996 to introduce competition into the last mile. We still are not sure how we can have the right incentives for development of new services into the homes and so on and so forth. We continue to hold out hope that maybe high performance wireless will introduce a competition into the last mile and that is a research issue, of course, as many of the investigators were supporting our pursuing wireless activities.
I believe that is the last of my slides. So, thank you very much.
MR. HITCHCOCK: I am from the Department of Energy and we do a lot of research in advanced network to support science. I just thought it was useful to have a little disclaimer here. Health care is different from scientific research. We have to go from 10 or 20 major data perusing centers to a couple of hundred research institutions or maybe a thousand research institutions around the world of high band width and deliver data, a lot of data to those places.
We don't have to get to every doctor's office once a day when he needs it to deliver an x-ray. So, we have a very different problem than health care has in some ways. The consequences of errors, nurses hate it when the network goes down and they can't see their data and they really hate it a lot and they make your life miserable when that happens. But that is different than having a network go down when you are in the middle of brain surgery.
Going into the operating room and seeing Windows booting up on my surgeon just is something I find a little frightening. There are legal and regulatory requirements that are different and you have to think about this seriously because this is a fundamental constraint that you have to deal with and if you don't engineer things right, you can make them so nothing works at the end and you also have a very large number and variety of sources of data of very non-uniform quality.
You have physicians' scribbled notes and dictated notes. You have drug companies' disclaimers on their products in 8 point type. And you have, you know, protocols and it is just very complicated how you put that all together and fuse it so you can get real information out of it. So, I am going to talk about some of the network issues. I am going to talk about trust, privacy and security, data management and fusion and the manageability of large systems. It seems to me that these are the really key issues and they go a lot beyond the network and they touch actually all the parts of the IT research endeavor.
You have heard a lot about where the network is going and here is my view of sort of the state of the art. We know how to deliver thousands of gigabytes to hundreds of sites. You can afford to amortize the infrastructure. You need to do that and you understand how to do that.
Delivering gigabytes to hundreds of thousands of sites we don't know how to do. It is the last mile. It has regulatory issues. There are fundamental protocol issues. There is the economics. You only need something that you have to scale some things to the peak need, but then you have to figure out how you are going to pay for them. It is just a -- the performance of networks today depends on the skill level of the people at both ends of the connection. This is just ugly, but the difference between what a wizard can get on his work station cooking up and what an average human like you or me can get is substantial.
Web 100 is working on automated tools for that, but it still remains a significant thing and requiring every physician in this country to also become a network engineer is probably not a viable solution for the future. The Internet is a packet switch network and this means that while you could emulate real time behavior and you can hide the variability to delay, there is variability to delay and some applications you might not want to trust to that. You just have to think about that.
No one does hard real time control over packet switch networks because they have a fundamental feature that sometimes packets don't arrive. So, you have to think realistically and you can do a bunch of things and you can hide a bunch of things in collaboration. It works fine, but they have inherent jitter in them due to the nature of what is going on.
This is the web site of the LSN coordination group and they are the people who worry about this sort of thing. So, if you want to talk about this sort of thing, they are the people you go to and George and I co-chair that group.
Trust. If you are going to define the security infrastructure, the most important thing to figure out is who you trust to do what. This is not easy because you may trust your doctor and your doctor may trust his clearinghouse, but you may not trust his clearinghouse or you may trust your insurance company and you may trust your doctor, but that doesn't mean the doctor necessarily trusts your insurance company either and they may trust them sometimes for some things, but not for other things.
You have to figure out how you are going to describe that because if you don't do that, then no amount of PKI technology will make the system work and it is also the case if you aren't careful about doing this, there are opportunities for people to use the way you have set your trust infrastructure to subvert it by saying, you know, I will trust you 15 minutes and you will trust me 15 minutes. If someone comes in in the middle who is trusted by both of you for -- in the three minutes that you overlap and has access to everything when they are not supposed to. So, you have to really think about this carefully.
Two easy models are the models where everyone trusts everyone else to see everything. That is sort of like most of the open research community. Trust everyone to see everything. That works really well and it is real easy to manage. I submit that is probably not likely to be a model that health care is going to adopt.
Rigid hierarchies where everyone trusts the general and the general trusts lieutenants and that works pretty well, too, although if it is scaled to be very big, it is hard. Things are more complicated than that are in the really hard category. Fundamental research is needed to make this actually function.
The other thing that is hard in these sort of things is revocation. If you decide that you don't trust someone after they have all their certificates from everyone, revoking all their certificates in a way that you can manage it in a large system is an open problem. Since you might care if you revoked some person's privileges that he wasn't able to do things anymore, this is the problem you have to face.
Medical care, it looks to me, has a very complicated set of trust relationships and looking at how long HIPAA guidelines are, it strikes me that figuring out how that fits in with the legal requirements is something where you probably have unique research challenges for the IT community and they don't know about them and won't know about them until they talk to you.
The high confidence system's working group thinks a lot about this and Elathin(?) thinks some about it through some of the grid middleware stuff, but the real trust model is multiply a high confidence system because you really want to make sure that only the right people have access to the data and they only have access to the data that they are allowed to have access to when they need it. That is just a hard problem.
Data management and fusion, so this is from the CRT to the eyeball. I went to the Center for Health Care Statistics and they told me that there were over 800 million doctor visits in the U.S. per year. That gives you an idea of the scale of things you sort of have to keep track of. And data comes in large chunks like CT scans and x-ray images that have a lot of bits in them and they come in small chunks like web pages and doctor's notes and, you know, recording of the temperature. So, figuring out how you put that altogether so you make it into information someone can use to make better medical decisions is a significant issue.
The human interface to enter and retrieve data must be intuitive easy and fast, even in scientific research for the significant benefit from putting things in electronic so you can reproduce them. If the scientist has to do that twice, if he has to write it in his notebook first and then put it in the system, it will be in his notebook and it won't be in the system.
So, in things where time is money making it so you automatically capture as much data as possible quickly, is really important. Data has to include quality metrics. You have to know what the confidence in this piece of data is. Do you think it is really real or was it someone who saw the patient for 30 seconds and remembers it a week later?
You know, this is really important, finding where the data is located, since it is located in a lot of places and it is going to not all be in one place. It is going to be inherently -- you know, some is going to be in doctors' offices, some in insurance companies. Figuring out where it is located and finding it is just hard. There are significant research issues there, even in the age of Google.
Information, both good and bad, propagates very badly and most of the stuff you least want to have out is on everyone's web site tomorrow or instantly. So, that means you have to really be careful about these things in figuring out how you do this sort of data management is important.
LSN does some of this in the MAGIC group and the human computer interface and information management group does a lot of this thinking about information fusion. I know they have had some workshops with the medical community through NIH, but I am not an expert in it. But that is another place that if you are interested in that, that is a place to go.
Manageability of large systems. This is a large system. You have got 800 million doctor visits. You have got data of all different sizes. Standards for interfaces in data are crucial to success. Without that, you are just hosed. The thing is really awful if you can't do that, but you can't have a standards process that looks like ISO, where a standard takes eight years. Nothing can live in that.
You have to layer the architecture so you can replace pieces without having to replace everything below or above it. Figuring how you do that, that is one of the key successes of the Internet was they figured out where to draw those layers so you could make this all work properly.
Costs to develop and maintain this stuff have to be affordable. Since the chances of the failure rate for large software systems goes up sort of exponentially with the size of the system. Piloting, testing and breaking and redesigning of manageable pieces rather than looking to try and have the whole system at once is a strategy you might consider for something like this.
The other thing that is that dramatic changes in underlying capabilities change people's views of what their requirements are. If you went to people before the web and you said, well, you know, what would you like to have and they said I would like to be able to go to my librarian and find a journal article in four days and I would like them to find it for me.
Now, why the hell isn't it in Google and why do I get 14,000 hits? So, people's questions and the way they operate has changed. So, one of the reasons you have to pilot test and break things is because people are rotten in giving you their requirements because they don't know what their requirements are until they see something that looks like the system.
A bunch of the groups worry about aspects of this, but these are all things that you need to think about as you get -- these are all, you know -- and finally will it save money? The answer here is maybe, but it is more likely to improve quality without increasing cost. That is just --
and also in counting of costs and dollar benefits for this kind of thing is like really hard and you end up at some point with -- even in the commercial world for things like order entry systems, where you think that would -- you would really be easily able to figure out how much you benefited. It turns out there is no accepted methodology for assessing the member benefit.
So, it is just, you know, a hard thing to -- and SEW actually worries about this sort of thing and how it affects the way people work and behave.
So, I think that is all I am going to say. Thank you very much for your time.
DR. ZUBELDIA: Thank you for the presentations.
Do we have any questions from members? Ted.
DR. SHORTLIFFE: That was an excellent analysis. I appreciate it very much.
I wanted to make a comment and see if the comment is, in fact, still accurate because I believe it was. It has to do with the numbers that you showed us. Both of you actually had some numbers about what I believe to be a so-called cross cut. There is a view of the world that says wouldn't it be great if in the President's budget that chart that you have at the bottom of page 3 appeared as essentially a budget item per se and that money was allocated, $327 million to NIH with guidelines about what it meant to invest that money in information technology research.
My understanding, based upon the -- I mean, one of the things that both the studies I talked about required us to do is try to get a feel for how much actually is being spent in NIH for research-related information technology. And the cross cut as I understand it is an effort to try to go to the agencies and say would you look through your budget and all the things you are funding and tell us what you think falls under this category.
So, somebody who already has been spending money at the NCI, goes down their list of all their various projects, you know, intramural and extramural, and sort of looks at an abstract of some project that says that is sort of LSN. I think I could put that under LSN. Then they look at something else and they could put it under one of the other categories. In this way they then send it back to the NCO. They send some numbers, but it is not like the way that they make the decisions or the way in which they think about that money per se is as their IT investment. It is -- we are now reporting centrally what we happen to be doing and if you look at a tremendous amount of what NIH is actually doing, I mean, this looks like what is the problem.
$327 million at NIH being spent for the NITRD budget and then a big number, the biggest number that you showed for LSN was NIH.
I think it is incredibly misleading. I think that there is a mindset at NIH that says we want to invest $327 million in IT or 118 or whatever it was for large scale networking, unless something has changed, because, in fact, when you look at the actual projects and what they are, they are incidentally in these areas. They are very applied. A telemedicine project, which is totally dedicated toward some kind of clinical outcome and is not viewed as IT research at all gets lumped under LSN because they are using the network for a telemedicine project.
Is that still correct? Is that a fair assessment? Because I think people here could otherwise get misled that we don't have a problem here because there is so much money being spent on this at NIH. The numbers don't seem to totally support that conclusion, in fact, if you know how they are gathered.
DR. NELSON: Let me comment and I think my colleagues will want to.
I am commenting from a perspective of about 15 years in this program, at the Department of Energy, at NASA, now at the NCO, working with my colleagues all over Washington, all over the country, all over the world. My perspective is that the dollars don't matter if the intellectual involvement isn't there. The dollars don't matter if the intellectual involvement isn't there.
Where this program has worked most successfully, both in the interagency process and for the individual agency is where the dollars to some extent line up with the authority and responsibility of the people, the people, who are involved. Now, in the case of NIH, it is my perception, Ted, but I do not pass myself as an expert on the NIH budget, that that close link is not always present. Frankly, just counting up dollars doesn't do much. Maybe you can say my pile is bigger than yours, but if you are not spending it usefully and usefully means the intellectual involvement of the people with the dollars at the table, it is sort of an empty exercise.
I have always felt as I look at whether these programs have any value, it is whether the work that the people do, either within the agency or among agencies, has with it the possibility of changing priorities and changing the way the money is spent for a higher understanding in a higher purpose. If there is no ability to influence how the dollars are spent based on what you are doing around the table, it is a little hard to defend why you have got all those dollars with what you are doing around the table.
DR. ZUBELDIA: Let me follow up on Ted's question. Are these dollars double counted?
DR. NELSON: I didn't say that. I didn't say they are double counted. I don't know they are double counted. What I said was or what I was implying is they may be empty dollars in the sense that they don't really signal capitalizing on the interagency opportunities or even maximizing the potential of those dollars at the home agency.
DR. ZUBELDIA: But they could also be double counted.
DR. NELSON: They could be.
MR. HITCHCOCK: Every dollar in the cross cut exists in some agency's budget that went to the Hill and is appropriated by the appropriate congressional committee to that agency.
DR. SHORTLIFFE: This is standard NIH appropriation that is already in the NCI or the various institutes and later they get asked how much of this did you spend in LSN and they look at what they are doing. They don't have an LSN program, in other words. They just secondarily assign things to LSN, based upon an analysis of whether it sort of fits.
MR. STRAWN: Two comments. The cross cut budget that an agency submits is not expected in most cases to represent everything that they might say they are doing in that area. It is what they think is appropriate to pub on the table for the interagency coordination. So, many agencies might say, well, do other things, but we didn't think that was appropriate to bring to the interagency table coordination.
Secondly, Mike Ackerman of NLM, who represents NIH in the LSN, I think would confirm what you said, basically. He has told us many times, look, we utilize results of LSN research. We don't do LSN research. So, their monies are, indeed, very applied applications of the research that is performed.
DR. DEERING: A couple of comments.
First, since I will be the first fed on this side of the table to respond to that and one that doesn't participate since we are just in a small staff office -- I mean, the reality is congressional earmarks -- congressional budgets are often earmarked and it is very hard to get R&D into those budgets.
So, I think the fault is not necessarily within the agency leadership or even at the departmental level and its leadership, that it is in the political process. So, I think that if you are going to solve the problem, then you need to address that problem as well.
One thought came to me that I think would be very helpful in getting more people legitimately into the intellectual side of it and it picks up on something that came up during my previous question, when we talk about -- you talked about cognitive perceptions. Vint talked about natural language issues. Because my observation was that it is partly -- one of the reasons that more people don't come to the table, even in the most legitimate fashion is that it is a question of the language with which you describe your activities.
There are many health agencies that should be represented. We can think of CMS that does Medicare and Medicaid. We can think of CDC that should be at the table. We can think of others as well. But when they look at the list of things that you have put out, they don't recognize in your terminology their interests, their missions or much less any research needs. So, it was occurring to me that something that would be very valuable -- and it is not up to you to do it, it is up to those who care -- is to do a translation, a controlled vocabulary almost of a -- you know, this is what they say. This is what they mean and this is why you need to care about it.
Because until you can explain it to people whose budgets are controlled by other people, why this does, indeed, fit into them, I think that you will miss a lot of that genuine engagement. But, again, it is not up to you to do it. It is up to us to translate it.
MR. SCANLON: I want to thank the panelists again today for an interesting presentation. We will see if we can't get more HHS involvement in the area specifically, but I think there is a bigger issue and, again, it relates to what Mary Jo said. What you are presenting today is sort of federal interagency R&D activities out of the broad NHII or broad NII kind of activities.
To some extent, HHS has, I think, a number of arms into this process. I don't know what the CIO Council, how it relates to the activities that you all engage in and maybe they don't consider it to be research but HHS actually chairs the security and the public key encryption task force as well.
But let me just go beyond that as well. I think in health care the focus has been -- I think I agree with Ted to this extent -- it hasn't been on IT as a basic research area. It has always been, at least up to now, on an application and NIH probably gets a lot more publicity because it develops and promotes research that is actually very appealing and very practical and documented well, but it may have used IT, but that is not what the glamour part of it was. It might have been a cure or medication and medical technology.
Health care for the past ten years has probably been focusing more on the needs for applications and that is why you saw HIPAA, which is not an R&D kind of an activity, though it has implications. It is more of a how can we standardize and bring collective standards and approaches to some very difficult administrative and clinical data problems in health care.
So, I am willing to say that for the past number of years anyway, most of HHS's efforts in NHII collectively at any rate had to deal with HIPAA and standardization and with applications in their mission-oriented agencies. More recently, the interest is now on sort of clinical information applications and public health. Again the focus -- and these are agendas that are set by other people for HHS -- that the Congress or other folks tell us that you have to look at this next. Clearly, it seems to be the clinical area, but the focus again is on standards. It is not on basic research and it is not on basic IT research.
Perhaps that will be further down the line, but -- and, again, it wouldn't even be viewed as research. On the other hand, it gets left out in terms of an accomplishment. HIPAA is apparently not viewed as an accomplishment or in the NHII, in these circles, nor is the clinical in formation standards effort as well.
So, I mean, clearly, I think the view has to be broadened, but I really think the focus or the emphasis was more on solving applied problems in health care, solving this administrative health care transaction situation, where standardization was needed.
As you indicate, it is very difficult even when it is viewed to be only a problem of standardization. So, I just wonder, can you comment on the difference between R&D activities, which you clearly focus on between a broader applications and standards efforts across the HHS?
DR. NELSON: Yes. Let me give a first cut at that. First, your comment about the CIO Council is very well placed. Before taking over the NCO, I was deputy CIO at NASA and a member of the CIO Council. George Strawn as CIO of NSF is on the CIO Council. One of the things that George and I have plotted is to get a closer link. The CIO Council does almost no research, but they do applications and that link is important.
Now, let me speak to the link between research and applications. I think that if you look over the last ten years, you will see a number of instances where communities of applications didn't realize either the IT that could help them or specifically the networking that would help them. When I say "networking," I am using Dan Hitchcock's term. It is really -- you can't just think about the pipes.
I will give examples. The high energy physics community. They used to think they really invented IT until they met people who had. Dan has some viewgraphs that he didn't show that give the I think very profitable interaction between the IT research community and the high energy physics. It is a research community but in terms of their use of IT, it is very definitely applications.
Secondly, I would put the chemists in the same category where in the seventies they had an abortive go at that time high into computing and kind of gave up and went to VAXIS(?) and only recently in computational chemistry and then through things like synchrotrons and other tools for research, got into heavy data analysis and have done so as a partner. I could go down three or four other communities, but let me put the medical care community right smack into this same category of a group that has its own research agenda, but that is not what we are talking about.
They want IT as a tool. What I am saying is that for that to be done profitably, there has to be discussion between those who are developing the tool and those who want to apply it. I indicated in my comments and I think you saw through George's and Dan's, that there are venues for getting those people together and the comment about translating of terms is an important one. We need to keep working in that. Every group has its jargon. That is partly a situation to be endured, but when you are interacting with a new group, it is a problem to be solved.
So, I am just suggesting it has been done. It can be done. It should be done.
MR. STRAWN: I would add on to that with a strong tip of the hat to Ted and his PITAC colleagues. One of the results of the PITAC deliberations in a report of several years ago was a major program, especially at NSF, called ITR, information technology research, which resulted in tremendous improvement in appropriations and based on PITAC leadership and deliberation. A lot of that was focused on multi-investigator, multidisciplinary research projects.
So, the ideal project that we are looking for is one that brings competing IT researchers together with researchers from any other discipline, where both disciplines can be propelled forward by their mutual interaction at the early research stages of the game. We have had some tremendous successes in that regard, both intellectual, as well as financial.
A final comment, of course, it ain't easy, even at the research level. We have trouble finding reviewers who are conversant with both terms. We have trouble getting the proposers to write their proposal in a way that is readable by reviewers from both groups and so on. So, it is a tremendously general problem right down to the fundamental research area, as well as up in the applications here.
MR. HUNGATE: Bob Hungate speaking. A question really triggered by Dan's comments, but also having read in this book that there could be an expectation of a lot of organizational change that might be driven by the discussion of the information itself. You mentioned, Dan, that you would be hesitant to have your surgeon have to boot up Windows before proceeding. I share your concern, but as I think about information, there is an awful lot of good research and I hear all the research, but I don't hear the translation to the political application of that result.
I have a question about what work is taking place in thinking about the organizational impacts because I have the feeling that the existing structure of the industry is not -- does not see how it benefits from much of what is being discussed here. I think that is the problem in translation from the research end of the clinical application. How does that get addressed in this discussion?
MR. HITCHCOCK: So, we have a lot of mechanisms we have used for trying to get knowledge out into industry to get products out. The most effective is transferring students from people to companies where they take the knowledge from the research into the companies and then build things. There are a lot of other things but I have to say that I think that transferring the people is sort of the highest band width way of transferring this knowledge.
So, having a trained work force is -- I know that the social, economic and work force thing has thought a little about this or organizational models and how this -- how you build business models in this sort of environment that will actually function so you can actually make money off this sort of thing.
There is not an easy transition between research and clinical practice. I mean, just in the case of drugs that we understand pretty well the transition between research, which is someone, you know, making chemicals in his laboratory and some pill that you are going to actually give someone and release as, you know, a fairly formalized set of, you know, FDA guidelines and trials and things to get there and so you have to figure out how it is sort of new technologies, what sort of level of oversight is really important and how you would regulate them. I think that is a serious policy issue.
MR. HUNGATE: Could I ask one follow-up? It seems to me that we haven't addressed the knowledge management issue in an organizational way. There was a report by an editor at the Boston Globe on how many patients were impotent as a result of prostate surgery concerns me as a male. I may need that one of these days.
It was apparent from the article and the comments that neither physician nor patient had a good idea of what was going to happen. So, there is no knowledge place where the clinical result is really matched against the research possibility so that you can get knowledge answers for one person and one physician, which is what the patient needs. Now, it seems to me that is an information knowledge problem for which there is no structural entity to deal with it.
DR. NELSON: Let me suggest that these are challenges. I am going to turn it around and challenge this committee. Information technology and networking are disruptive technologies and I believe it is in HHS's interest representing me as a taxpayer to help to encourage and to a modest extent manage that disruptive technology.
I will give an analogy. In the home mortgage business, Fanny Mae and later on Freddie Mac and before that FHA disrupted the mortgage market by turning mortgages into marketable securities and creating a whole industry, which the Fanny Mae people have told me drove down in their guess interest rates on home mortgages by 2 or 3 percent just because of the way the industry changed, but, of course, if you were running a small home loan -- whatever they are called -- savings bank, whatever those things were called -- they are gone, aren't they? That is part of the disruption.
You were very unhappy because your market was undercut. All right. So, that is managing disruptive technology and this was a government agency. I would suggest that there are several paths to get from research into practice. The small business innovation research program, which every agency that has a -- that is pork also, but it has been productive pork. It is a formula on agencies' research budget. So, NIH has got to have a big SPIR program. But that is for small business and Dan was talking about one path.
The student goes to the company. Another path is that the researchers -- and many SPIR researchers are affiliated with university or other non-profits. They have a research background, but they have got to be in this entrepreneurial business. So, they transition the technology into practice.
DARPA, I think, has an excellent history, working for the Defense Department, of picking up research and transitioning it rather quickly into practice. Sure, they strike out a lot, but they hit home runs. I am offering now three models that HHS could use. The FHA model, if you will, Fanny Mae and Freddie Mac, the SPIR model and the DARPA model for how to bridge this gap between research and practice.
It has got to be done in an entrepreneurial way. Yes, it will annoy a lot of established interests but I as a taxpayer don't want to see my health care bills go up at the same rate that they have been. If I could get a remote reading of my x-ray so that every rinky-dink hospital doesn't have to have its own x-ray technologist -- and I realize I am out of my depth here, but I think there is something there. If I could do that with some of the challenges that Dan talked about, reliably, securely, with ease of use and get a good diagnosis, I have to believe that would save some money and improve medical care.
So, think of it as a disruptive technology and manage it. So, that is my challenge back to you.
DR. STEINDEL: I like the others very much enjoyed this presentation and would like to echo what Mary Jo and Jim Scanlon said. Ted, there has been at least two people who have read Networking for Health. I now hear there is three. When it first came out, I read Networking for Health and I read this report as well when it came out and I was sitting there putting on my CDC hat, as well as my health care professional hat. From the health care professional point of view, I found them very fascinating reports.
Putting on my CDC hat, I was wondering what can I take to my agency because as was echoed by Mary Jo and Jim, we are primarily applied science. We put things to work and we don't engage that much in basic R&D and I know CDC doesn't like it when I say this very often, but I do say it.
But I did hear something in your presentation that made me think, well, maybe we should start talking to you and I think that is a very important thing to mention. I think Mary Jo mentioned it and Jim mentioned it. One of it was in translation, in language. A very significant thing that was said in your presentation to me was one of the key people that sit, just sit at the table and listen and present ideas was FAA.
I am looking at CDC in a very similar position. We have lots of needs that we can bring to the research community that are ideas that we need the research community to look at, to pay back to us in three to five years, that we can start applying. I am sure that is the way the FAA is using you. But I really have nothing that I can bring to you today and say we need some R&D done in this area. I hear that you are open to that and I think it is a very good message for us to take back to the health agencies.
DR. NELSON: You do bring something to us just by articulating your problems and you have heard us as amateurs trying to guess what your problems are. FAA is a very interesting example. It was just a few people who realized that research could help them. So, they came to the table and they kept raising their hands saying, yes, but this is my problem. Why don't you work on my problem and we all fly. So, we all care.
Now, FAA has graduated to the point that they now have some research funds in this area. They were able to justify it because they could show they had scoped it out. There were things they needed to do that nobody else was doing. They were working within a good community. It was all those good adjectives that helped to sell a research program and now they have money and now they are ready to join in a formal way to the NITRD program because they have graduated. I think CDC could follow that path. I think there are other parts of HHS that could as well.
DR. FITZMAURICE: AHRQ is a member of NITRD and for basically the reasons that George just gave. It is not as though we are cutting edge at the state of the art of telecommunications and the Internet, but we are at the state of the art on quality of care, on patient safety, on finding out what works in a community's practice of medicine.
Being a member of NITRD lets us work within a framework that we would never invent ourselves. It cuts across what we do. We fund a primary care physicians network, integrated service delivery networks, where they form research questions and then gather the data to answer those questions.
They are questions of ontologies, of common medical terminologies that we have to face, but there are ways of looking at things that we would not have invented ourselves, but our parties at NITRD help us in thinking about that.
It helps us a little bit with the budget. Now,one of our problems has been we haven't doubled our budget in the past five years. In fact, we are facing perhaps a 16 percent decrease in our budget. But at the same time, being part of NITRD provides a cross cut where we are visible. It provides some budget security, although there is always -- you have to argue for your budget. It provides a common way of thinking about the budget for this whole area of information technology that we can become a part of.
It also lets us participate in the future. The National Health Information Infrastructure requires many disciplines and NITRD offers disciplines that you don't often find in HHS. What I have found is that in HHS we are starting to grow in expertise and this is a very fertile area. We can offer partnerships. If anything we can certainly offer problems and we can work together on solutions.
So, I would just like to say that as you are looking around for partners, these are very valuable partners to have.
DR. SHORTLIFFE: I was trying to think how to articulate a response to what Jim said and I guess it is a question of you, Jim. All of us, I think, in this community and certainly on this committee fully understand the imperatives that have been before the department with regards to these very practical issues related to the legislation, for example.
Yet, the agencies we have been drawing some parallels with often have very similar practical imperatives as well that drive them. The Department of Defense, for example, has very practical imperatives that we are very aware of right now. So, the real question is it that the -- you know, this is a huge agency, HHS. Is it really that you have to choose between the short term important applied requirements of a HIPAA legislation and a kind of more forward-looking understand of engagement with and participation in, as other agencies do in these kinds of activities.
I don't believe that it should be necessary. It may be practically, when you looked at your budget you had to, and I think Mary Jo is absolutely right, that fundamentally it is the way the money is appropriated and what you are sort of directed to do that ends up having a huge impact on the way these things happen. I think we are talking about culture in the biomedical world here.
And mindset. You know, Mary Jo ascribed it to problems related to terminology, but you could argue there are people in the biomedical world, who can look at the LSN list of current activities or any of the categories, not just LSN, and say, well, boy, that is relevant to biomedicine.
In other words, the relevance is there but you have to believe as someone who is fundamentally a professional biomedical person that this is biomedicine, too, as much as it is computing or technology or something like that. It is sort of fundamental. I think that is the cultural shift that has not yet occurred. It is beginning maybe, but until that happens, then appropriations isn't going to follow. You know, it is not going to be part of the way in which money is requested in the President's budget. It is not going to be the way that the agency directors think about this.
It is a really fundamental issue and I think we are sort of over many years nibbling away at pieces of it. We need to understand it in that light. There is nothing fundamental that says HHS can't both do HIPAA and be at the table as an active participant in the kind of issues we have been hearing about today. Those are both possible. They are both possible. They are both totally consistent with its charge and its mission, it seems to me. But the wherewithal, the cultural commitment and the budget and the way the budget is allocated all has to fall in line for that to occur.
MR. SCANLON: I don't think it is an either/or. I was more trying to explain what I thought to be the focus of HHS internally at least, intellectual activity and in terms of dealing with the health system in general. I think HIPAA -- I think really just the folks you see around the table have actually spent a lot of time on trying to respond to HIPAA, things like that.
It is not an either/or. Though, again, I think HHS agencies are largely -- not every agency does research and there are some clearly research agencies and AHRQ and NIH is one of them and even in those agencies I think you are right, Ted. There is always the tension and I think it is probably a healthy tension between the basic side and what is defined as basic research and the applied side. There may have been -- we have done cross cuts in HHS with OMB on a number of other things and there are a lot of ways you can portray -- if you know what you want to say, there are a lot of ways you can portray that.
But I think the idea -- and I think HHS probably by almost any measure spent a lot of money on IT applications, but you are right. I don't think in the past and I don't know what the future holds, that health information technology was viewed as a fundamental science of area of research. It was to serve another purpose.
It was to serve another purpose. It was to improve treatment. It was to support clinical research. It was to support public health and I am not even sure that the research community would even respond to applications of a more basic nature, but you have a better sense of that.
I am not sure it has changed a lot to be honest because I still think the bottom line ultimately -- and it may be somewhat shortsighted as that, you know, there is a hierarchy or research objectives and that may be the one that is hardest to convince people.
DR. SHORTLIFFE: I think it has changed, but for a somewhat unusual or maybe one could almost be a little cynical about the reason that it has changed and it is that real biomedical science, what is happening at the bench can no longer survive without IT. It is the recognition that what NIH has always seen itself as doing, namely that kind of science, has to have IT components to it now in order to go forward, has suddenly gradually introduced a new mindset on that campus. It is reflected in grants programs and the like. That may be an opening for a lot more linkages into the rest of the federal IT --
MR. STRAWN: In fact, you could imagine that realization that biomedical research now depends on the IT tool, would prompt the same response that NASA, Energy, Defense have had for decades, that we had better do some IT research ourselves because our fundamental progress now depends on it.
DR. SHORTLIFFE: But some of us would say that was always true about the clinical side in health care as well, but it was not recognized as much as suddenly the biology is.
DR. NELSON: You talked about HIPAA and if I wanted to scare you I would say Indian Trust Funds. There is an example of an agency that had a statutory responsibility. I don't thing there was a lot of fraud and criminal behavior, but it was just uninformed, shortsighted, stopgap. Well, I don't want to carry the analogy any further, but I think HHS has a responsibility with regard to HIPAA that if you don't do an intelligent thoughtful job, might come home to bit you and nobody wants to be part of an Indian Trust Fund.
George talked about how other agencies in other settings realized that they could not take a shortsighted view and invested in some of the longer term things in order to have those short term products over time. An agency that I was with, the Department of Energy, back in the days when nuclear weapons were first developed, the agency realized that it had better understand those at a fundamental basis. It had better be able to predict how those worked and invested. DOE was probably the pioneer in advanced scientific computing and it was because it took its stockpile stewardship responsibilities seriously .
Okay. Again, don't want to go very far with that analogy but I think HHS has both an opportunity and a challenge and if you don't use the opportunity, you could be challenged a lot more than you want.
MR. MC DONALD: Mike McDonald, Global Health Initiatives and I am also working with the Medical Technology Policy Committee of IEEE.
One of the fundamental questions that I have in terms of your research and the integration with the HHS mandates as they evolve is who is mapping out the value chains of the NHII? Because I see them as evolving and in particular I am interested in those areas where there is a fundamental gap in what we would like to do in biomedicine and the computing resources and communications resources available.
My concern is that looking forward, personalized medicine, although it has tremendous promise, may be a pipe dream because of the communications and computing issues for a long time to come. Even worse is on the biodefense side, that we, in fact, have huge challenges, huge infrastructural holes and it is a myth that we are going to be able to address these issues unless we really get down to seriously mapping out where the value -- what the value chain is today, how it is evolving and where the critical pieces are that we can actually make a difference.
I am wondering who are doing -- who is mapping the value chainage?
MR. STRAWN: Well, for people who have got a short term job to do, those sound like horrific challenges. For people with long term scientific objectives, they sound like a wonderful opportunity to begin work on doing just that type of thing and clearly that would be done in collaboration between the community who has the applications, the health community and others who are interested in the fundamental research associated with the tool. But as you spoke, I just thought of, oh, good, here is another avenue, here is another part of the ITR research initiative, where we get fundamental IT researchers together with health care people and we map out a ten year program for doing that.
I am sure you are right. I am sure that there is plenty of the IT not only hardware, but software and ideas that aren't available yet to do what you probably already have a good mind ought to be done. That is interdisciplinary research that could be really stimulated by a research effort coming together. Unfortunately, you won't get the problem solved in time for the next quarterly report.
DR. ZUBELDIA: I want to thank the panel for your comments, very insightful comments, and your expertise and sharing it with us.
We will have a recess for an hour for lunch. We will reconvene at 1:30.
[Whereupon, at 12:27 p.m., the meeting was recessed, to reconvene at 1:30 p.m., the same afternoon, Monday, January 27, 2003.]
DR. LUMPKIN: Good afternoon. Why don't we get started with this second half of the hearing, which will extend until tomorrow; this half taking about the issues related to the personal health dimension of the National Health Information Infrastructure.
As I had to do with the panel with this morning, I am going to apologize because I will be passing the gavel on to Kepa. As you know, the President has announced a program on small pox vaccination. Being a state health officer, I have to be involved with a conference call with the governor's office in Illinois about our implementation of this program. So, I need to step out for a little bit at 2:00 and then I will return as soon as the call is over.
So, having said that, again, if I leave, it is not because it is an editorial comment about whoever is speaking at that particular moment.
The panel that we have, I will ask them to introduce themselves. I understand that David Lansky is on the phone. Hi, David. It has been awhile. I have talked to you on the phone a couple of times. I hope the weather is better out there than it is here.
David Lansky is president of the Foundation for Accountability and he is also chair of the Markle Committee on personal health records. He is on the phone, but for those of you on the Internet, it doesn't really make any difference since you can't see any of us anyway.
So then I will have the rest of the panel introduce themselves and we will start of with David.
Bill. Oh, David, we are just going to have the panel members introduce themselves and then I will give you the start.
MR. LANSKY: Sounds good.
MR. MARSHALL: My name is Philip Marshall and I am also participating in the Markle Foundation Personal Health Record Working Group.
MS. KEELER: My name is Joy Keeler. I am formerly the chief information officer at the University of Illinois Medical Center and I am currently the associate vice chancellor for health affairs at the University of Illinois.
MS. PRITTS: I am Joy Pritts. I am an assistant research professor at Georgetown University and I specialize in medical privacy issues.
DR. LUMPKIN: Great. David, go ahead.
MR. LANSKY: Do people have a copy of my slides?
DR. LUMPKIN: Yes, we do.
MR. LANSKY: [Via telephone -- poor connection.]
DR. ZUBELDIA: David, are you going to take questions now or are you going to wait for the end of the panel?
MR. LANSKY: [Via telephone -- poor connection.]
DR. ZUBELDIA: So, let's take some questions now if there are any.
MR. MC DONALD: I am Mike McDonald from Global Health Initiatives.
I guess there are a couple of pieces that I am interested in. Are you looking at the back end data that is going to come from the personal health record because potentially it is very useful for looking at ecological conditions regarding lifestyle and environmental issues in probably the supplemental data sets associated with this.
I am also interested in how the characteristics of the personal health recommendation order are used as sort of a neurocognitive signature for the individual interacting with various systems over time, meaning that the information about the individual, which they put in to the personal health record allows highly customized feedback to them if systems are using any of the data from the personal health record, which makes its applicability and resolution for their use much better, for the knowledge that is coming to them that recognizes their personal background.
MR. LANSKY: [Via telephone -- poor connection.]
DR. STEINDEL: Yes. Thank you for your very nice presentation. One thing that impressed me a lot was the definition that you considered a personal health record electronic. I think that is a tremendous step forward and I was very pleased to hear that.
I was also very interested in hearing your perception that there is an intimate relationship, an intimate electronic relationship between the personal health record and the electronic medical record. I am wondering if you are going to give any thought and perhaps explore this in some of the studies that you are planning on doing, which I am really I have much more questions after the results of those studies come in, I think, than right now.
But are you planning to explore the bi-directional nature of that relationship, as well as populating the personal health record from the electronic medical record. There is also a scenario where a person may want to populate an electronic medical record either in a new physician provider office or in an emergency basis with information from their personal health record.
If you are going to explore what implications people have thought about that interchange of health care information, we are going to be exploring some of this in the later panel tomorrow, but what we find is a lot of people haven't given much thought to this. Are you going to explore these specific questions in this area?
MR. LANSKY: [Via telephone -- poor connection.]
DR. FITZMAURICE: David, Michael Fitzmaurice, Agency for Healthcare Research and Quality.
I want to draw a parallel here. We are getting into tax season and I notice the H&R Block and TurboTax have programs out there that take information that I put in and they tell me what my tax liability is. This year I noticed they allow me to link up with some mutual funds or some banks and pull down information directly into the record that the bank or the mutual fund supplies. Would it be a success from your point of view if someone were to develop a personal health record of the same kind, a set of software that individuals could have that they could interdate in, but they could also link up with providers if the providers provided the platform to pull down that data?
That is, is private marketing of the concepts and the attributes of the personal health record the end goal of what you are doing or is it something different?
MR. LANSKY: [Via telephone -- poor connection.]
DR. ZUBELDIA: David, have you looked at the effort from the American Academy of Family Physicians called Open EHR(?).
MR. LANSKY: [Via telephone -- poor connection.]
DR. ZUBELDIA: Would that be interfacing with the -- or creating the kind of platform you are talking about?
MR. LANSKY: [Via telephone -- poor connection.]
MR. BLAIR: I am struggling to resist my tendency to say, well, what about this, what about that, what about this, what about that. So, let me follow Steve Steindel's example a little bit as he started to mention these things.
One of the areas that I kind of was a little frustrated with when you mentioned it was that you were going to define the primary user as the individual, actually, I think you were even -- pardon?
DR. ZUBELDIA: The only use.
MR. BLAIR: The only -- yes. That is what I -- thank you. Clearly, that may be a useful way to start. Are you envisioning that this first set of research and studies will be the first of several phases and, if so, then are you structuring this first phase so that it helps lead to questions that could define subsequent phases?
MR. LANSKY: [Via telephone -- poor connection.]
DR. SHORTLIFFE: I just wanted to be sure I understood one of your comments. In response to Steve Steindel's question, you talked about the conservatism related to this notion of transferring data between the patient's health record and the EMR within an actual practice. Is that right?
MR. LANSKY: [Via telephone -- poor connection.]
DR. SHORTLIFFE: I worry that this sounds like the kind of super human fallacy that often besets computers and electronic data. I mean, as a practitioner, I constantly am accepting data given to me by my patients either in paper form, directly from them and notes they have taken or from other physicians, who have given them copies of something, which they then bring into an office.
Now, obviously, I know that this is not my own data and any exchange, it would seem to me, with an EMR would need to properly flag data with regard to source, but to reject such data as being potentially useful as part of the EM seems odd. I just wanted to push a little harder on why if we already do this in the world of paper, the electronic world has to meet a different set of standards.
MR. LANSKY: [Via telephone -- poor connection.]
DR. SHORTLIFFE: It does seem like a design issue, though, rather than something that should be rejected out of hand and one that might be worth promoting is the notion that external data could be maintained in an EHR, but properly flagged as to source because it may well be valuable.
MR. LANSKY: [Via telephone -- poor connection.]
MS. KEELER: Can I make a comment on the -- this is Joy Keeler. I think you are probably dead on, David, where if you talk to organizations w ho are actually funding those types of initiatives that are existing health care providers. I think you go back to realigning incentives. Are those really the people that should be designing the features and functionality of the personal health records? They have business motivations that are not necessarily in line with the community type of model that the rest of us are designing.
I think my experience is consistent with what David is saying if you look at health care organizations doing the design of these personal health records. So, I think it makes us as a group step back and question whether they are the folks that should be driving that.
DR. SHORTLIFFE: Well, and it does suggest on the issue that could be raised in your final document at the end of your nine months about something that is not being attended to and may be of value as part of the design.
MR. LANSKY: [Via telephone -- poor connection.]
DR. ZUBELDIA: Thank you, David. If you want to stay, you are welcome to stay. We will have more questions at the end of the panel.
MR. LANSKY: [Via telephone -- poor connection.]
MR. MARSHALL: My name is Philip Marshall and I appreciate the opportunity to speak with you again today. I work with David on the Personal Health Record Working Group supported by the Markle Foundation. My focus here is to expand upon his introduction to the personal health information data set. The name of this data set has many permutations, personal health record data set, core data set, minimum data set. Hopefully, regardless of the name, this rose will smell as sweet by the end of my discussion.
So, basically from my description, hopefully, you will get a good understanding of what we are working towards. This introduction I think probably is the best way to start. A combination of higher health care costs and use of the Internet, demands for higher quality and consistency of care and regulations requiring health care organizations. Let patients review their health care data while making it practical for patients, consumers, people to integrate their personal health information for multiple sources, including different providers and health care systems and to leverage that information to better manage their own health and obtain improved quality of care.
My direction in this discussion will be largely around the ability for the personal health record to take advantage of disparate clinical systems, really similar, Michael, to your comment earlier about the interoperability of systems akin to financial systems. So, that is actually a premise really of this part of the discussion.
The purpose that we have described for the Personal Health Information Data Set is as follows: In order to facilitate the process of patient-centered data management, organizations and systems which hold such data need recommendations we would say, for which data they should share and a mechanism for sharing that data that is easy to implement.
The PHI data set is recommended potentially as the foundation for this data sharing. There are a number of beneficiaries -- to the personal health record and potentially to this definition of a personal health information data set. I will list them here. Patients -- and I will, again, just read this off. I know that you probably all enjoy people who just read slides, but I think it is important to reiterate these points.
Patients, when accessible by patients, this data set could help ensure that the necessary data is available to guide better care decisions, cost management and health self-management. Another beneficiary is care providers. When shared by patients with their care providers and physicians, the PHI data set could facilitate better quality and consistency of care and during the initial provider visit, such as an emergency visit or other care provider visit, the health history for the physicians' record could be supplemented or even begun by this Personal Health Information Data Set.
Health plans, certainly also a beneficiary potentially of this information. In making the PHI Data Set available to patients, health plans potentially could help satisfy HIPAA disclosure requirements. Hospital systems and IDNs helping patients to maintain a complete health history, assist all community providers to provide high quality care and finally employers.
Probably a participant in this process that don't quite get the level of attention that is commensurate with the place that they -- the role that they play in health care and the financing of health care. A complete health history maintained by employees can assist the employee in making better health plan and medication decisions, while potentially ignoring overall health care costs.
Portability is an important aspect and potential benefit of a Personal Health Information Data Set. The PHI Data Set, as I have mentioned, accessible by patients, could ensure that the necessary data is available to guide care decisions, cost management and health self-management in a very patient-centered way.
This is a list of the types of information that could be part of a Personal Health Information Data Set. They are part of the Personal Health Record Work Group supported by the Markle Foundation, what we have come up with as a starting point for this Personal Health Information Data Set. I am not going to read all these off to you. Instead, here in a moment, I am going to show you an example of what an XML format of this kind of information might look like, to give you a sense not only of the content of that kind of exchange, but also potentially of the format to facilitate ease of exchange.
So, what could the Personal Health Information Data Set achieve for the U.S. health care system while enabling patients to aggregate, integrate and share data across multiple providers and multiple systems enables greater consumerism resulting in greater cost management and health self-management, as I have mentioned, as well as enabling higher quality information to be available at the point of care. So, I think you see this theme recurring and I think that the benefits are potentially pretty straightforward.
There are a couple of steps, we believe, that must be taken in order to achieve this idea of Personal Health Information Data Set as potentially an interoperable mechanism for personal health records in order to maximize the potential benefits of personal health records and I will list them of here.
First of all, doing what we have been doing in the work group and that is defining a Personal Health Information Data Set. Secondly, to define a simple way in which that data set can be shared between systems and again I will share with you in a moment an example of a small XML file that can provide an example for how that kind of information can be shared between systems.
Thirdly, ensure that privacy safeguards are applied to these systems. Address the challenges of system authentication and individual authentication as individuals access those systems and incent and encourage organizations to share the data with consumer-driven systems. So, I have a sample of Personal Health Information Data Set in XML that I am going to show you.
I will reiterate sort of the perspective that David introduced to you that our work group is following. That is a very patient person centric perspective. We talked about the user of the personal health record being the person, the patient. Certainly, there are a number of beneficiaries, but just as the primary users of electronic medical records are care providers, nurses, physicians, et cetera, patients can potentially be beneficiaries certainly of the electronic medical record, so, too, can the other participants in the health care continuum be beneficiaries of the personal health record.
I would also say something briefly to the point about the skepticism that exists across our health care system in the U.S. about self-reported data. It is something that we spoke to briefly earlier, although, Ted, to your point, the subjective information that ends up in the health record provides certainly a large chunk of any health record and is most often the starting point for any health record on the individual.
So, I think that that is important to note and it is something that perhaps this committee could begin to think about a little bit more. How do we overcome the skepticism of health care professionals when it comes t o viewing electronically at least -- and I don't know why electronically should be any different than how we have used it off line, but it for some reason is and that is really what we are hearing. There is great skepticism of self-reported information; yet, that information is potentially so valuable.
So, again, I will just reiterate that point and hopefully it is something that we can as a group help to address.
This is a barely readable from any distance slide. So, I apologize, but this if you can read it, you can tell that this is an XML file. There are a number of nested fields here. This is taken actually from our Personal Health Information Data Set that we have so far defined as part of the work group initiative. You can see some of the elements that are listed here, personal attributes, such as contact information, emergency contact information, provider information, insurance information, as well as health care conditions, attributes of the health care conditions, medications, allergies, immunizations, procedures, laboratory procedures that have been performed, et cetera, I show only one of the nested sets of information here under medications as an example to show the different kinds of information on a medication that we would encourage being shared through this idea of a Personal Health Information Data Set and interoperability between systems.
So, I am certainly happy to answer any questions about this. This is my last slide. But just to reiterate sort of the point of the Personal Health Information Data Set work, we do believe that interoperability between systems can be facilitated potentially through the definition of a concise data set that does include the necessary information that in a patient centric way could help facilitate interoperability between systems and maximize the potential benefit for the patient of that interoperability.
So, I thank you.
DR. ZUBELDIA: Thank you.
MS. KEELER: My name is Joy Keeler. I am the associate vice chancellor at the University of Illinois. I believe I was asked to come here today to speak to you about a couple of particular aspects of our electronic health record implementation, as well as the personal health record and how we fit into that. One is strategically how the personal health record fits into our overall plan, as we continue to transform the medical center and roll the electronic health record out across the university and, hopefully, central Illinois.
Then also to talk about the positive and negative aspects of this data set that Phil just described and perhaps it would be appropriate to say some of the real world implications of such a data set and how it would impact our moving forward expeditiously.
What I would like to do very briefly is spend just about 60 seconds on our electronic health records so that it gives you a little bit of a feeling for what we have accomplished at the University of Illinois and I believe why Mary Jo may have invited us to come and talk to you here today and then talk about the strategic implications of the personal health record and the data set.
We are an urban medical center right outside of Chicago. We have six health sciences colleges affiliated with our group. We are the largest medical school in the country, have a very busy teaching hospital, ambulatory clinics, multiple sites. So, I don't think that we are necessarily unique, but just to give you a bit of a flavor, we are ordinary. We are owned by the State of Illinois. Rather interesting that John had to jump out at this stage but John actually has an appointment at the University of Illinois as well. He can read the minutes, though.
Our challenge when we set out on the initiative to develop an electronic health record was really not a technology project. There have been a few allusions this morning to this is a culture change that we are looking for and what we look at our organization as is somewhat of a microcosm of what we are trying to do on a more global national level. So, fundamentally when we set out on this in the 1995-1996 time frame. What we looked at was not a technology project but truly a culture change, where we were looking to change the way that our clinicians practice medicine, whether they are physicians, nurses, allied health specialists and to begin realizing patient safety through the implementation of the technology once they have been transformed.
Just to give you a little bit of a depth concept here, our electronic health record is heavily utilized at the medical center. We have not delivered paper to our clinic since 1999. So, the ambulatory record truly is electronic. On the inpatient side, I think we are about 70 percent of the way there. So, we do things like all of our progress notes, computerized physician order entry, medication administration, et cetera.
This is a bit of a pie chart just to give you a feeling for the types of clinicians that use the system and what you will take away is pretty much all of them. Ninety-seven percent of our attending physicians use the electronic health record; 98 percent of the nurses do as well. So, the take away is the clinical care team at the University of Illinois is on line.
So, just using that as our base, moving forward, the strategic direction that we are taking for the electronic health record and where we go next, because kind of the heavy lifting has been done. We have the right people at the table. We have the clinicians attention. We have them in front of the applications. So, our missions moving forward are very consistent with the medical center and the university to continue in the delivery of health care, to continue in our education undertakings, as well as research.
One small component of that is what we call our community strategy. You call it a personal health record and the personal health record as we see it as a part of that more broad message. So, again, I would ask you to, as I talk about the community strategy, think of the University of Illinois as a microcosm of the types of things that this committee is working on today.
What we hope to accomplish with our community strategy is basically to take our patients now to the next level of realizing the benefits in electronic health record, where we have begun to raise their knowledge level with the record today because it is an education tool while they are with their clinicians. We want to take that one step higher.
So, I think one of the questions you asked was an excellent one, where your question was, well, are there ways to begin taking components of the health record and tying them into the Internet or external sources. The answer from my perspective is you bet. So, in our electronic health record today where we have very traditional problem list, that our physicians and nurses work off with the patient. You can actually launch Internet searches off that problem list today. You can do the same thing out of the formulary for medications, the same thing off of rules that might interact or show interactions with other drugs and diet.
So, we need to introduce that same level of knowledge, if you will, to patients as well. The increase in the clinical information to our patients we view as really an increase in their responsibility of their care. In this country, I am not sure that we have necessarily embraced the care and documentation of our records the same way that we see in countries like the U.K., for example, where a patient has much more ownership, much more autonomy and responsibility in that record. I think it goes to some of the points David made about trust and will other clinicians trust documentation that they have not necessarily entered themselves. That is an education, a policy issue, I believe, nationally.
Ultimately this should improve the quality of care that patients receive when they are at health care organizations, not just the University of Illinois. Kind of an interesting anecdote, if I might. Our clinicians at the University of Illinois have signed documentation and actually have access to their own records and to have access to their family members' records as well.
We had a case about a year and a half ago where one of our nurses was at another health care organization in the Chicago area. Her husband had all types of -- I am not a clinician. So, I will stumble through the clinical description, but I think they thought he was having a heart attack and there were a series of tests that they wanted to perform. I believe it would have taken several hours to accomplish that. She jumped in and said, you know, we just had those tests in the last 30 days. If you give me access to the Internet, I can pull up all those results for you.
So, in very short order, the clinicians at this competitive organization were able to pull up our record under her oversight and those tests were not performed. They quickly ruled it out and it turned out not to be a cardiology issue at all.
So, it is nice to have substantive examples of the value we could bring. In terms of our strategy on the community front and how we plan to roll it out, the first step is to deliver a personal health record to our patients. We will take this in small steps. The first one is access to the organization, self-registration, submitting clinical information from other health care providers that they have seen and then expand that to a community model.
Someone mentioned the Marconi Project. I think that is an interesting example that will be more across the country. What we are looking at is how do we gain a consensus locally so that we have a constant patient population that will undoubtedly seek care at a handful of providers. Unfortunately, most of us are using a similar application vendor. So, some of the challenges of common data sets and definitions might be overcome.
But we hope to design a community model, where incentives are aligned so that they intent is in the best interest of the patient, not in capturing market share or maximizing profitability or any of those types of business incentives.
I think one of the keys in community strategy that could be duplicated in other areas is how we define success, how we measure success.
Our approach will be to start with something very straightforward, which brings immediate value to patients and doesn't take -- I think one of the speakers this morning talked about eight years to get to a common technology platform. Clearly, that would not be something to lead with. I think one of the first areas that should be discussed is how you actually go to that. Do you choose a patient population, such as a diabetic population or do you look for a thin layer of functionality to introduce more broadly across the community?
I certainly don't know the right answer, but I think those conversations need to be held. So, it is really a strategic one of broad versus deep as we begin to roll out. Then based on the feedback from that particular targeted segment, we will begin to consistently enhance the personal health record because their technology appetites will grow. The value will begin to be there and it is an exponential realization if history repeats itself with our physician and nurse implementation at the medical center.
So, as we add functionality participants, I think the next step is, again, what we talked about earlier, is to add knowledge to it and instead of constantly being a pull technology, a pull type of record, we then need to begin pushing information back out to patients on interventions and other things that they can do to improve their health and management of their record.
These activities should foster collaboration among the participants and at some point, we as a management group, we as a development group, should be able to stand back and it should largely grow on its own.
I will move over from that very brief description of the strategic approach to the minimum data set. This is a really challenging issue because this seems to be where we hit the wall as an industry. It is great if you can somehow get through the financing and the implementation and funding issues as an organization, but it seems like once we try to go outside our own boundaries, we hit the wall in terms of the ability to interface and really compare data.
I agree that the data set is essential. We need to define a minimum data set and come up with some common standards, but I believe those components should really be prioritized because if we try to make it too difficult, if we make the barriers to entry too great, then we will be right back inside our four walls again.
So, I would encourage in an undertaking such as this to really think hard, think very clearly about the components of the minimum data set and prioritize them. So, we make them as small as possible going into the initiative and then add on as we go.
Just as an example, positive patient identification, discrete data so that we can bring value to that personal health record from interface feeds from laboratory and radiology systems. Let's bring as much value to the record as we can out of the gate.
Then implement it, this type of an implementation approach would be designed to not encumber participation from other organizations. There are barriers to things like the Marconi Project. It is a wonderful idea, but you know what, there is not a lot of money in health care right now and the funding for the pilots and the scope and magnitude of the pilots, I don't think can be overlooked.
Again, just as I stated in the strategy section of this talk, I think there should be a phased approach where we account for sophisticated future uses and not limit ourselves to simple things like positive patient identification and discrete data. But as we begin to define that data set, I think it is important to think about where we as a country are trying to guide ourselves. Things like computerized physician order entry may not be rampant today. In fact, it is very rare. But the minimum data set should at least account for where we want to be because in the next five years, hopefully, we will be in double digits in terms of the percent of our health care organizations using CPOE.
Again, I would encourage the use of the data set, but I would also prioritize it based on the value to who our end users are, not to us techos, who are defining what would be nice to have in an HL7 interface, but limit that minimum set to what is going to bring value. Don't make the hurdles too high.
Again, these are -- my next bullet point are really just some examples to things that I think would be considered low hanging fruit to consider in terms of value beyond positive patient identification, which is somewhat of a given. Lab and radiology, medications, both inpatient and ambulatory, as well as those which patients would enter themselves that they are taking over the counter. Payer information, narrative notes, these are all things that I think are valuable and should be distributed in a first phase.
At the same time, accommodating multiple data types in a common data set would be important as well because if we want to get to the point of really bringing value and really having as many clinicians viewing and utilizing the personal health record, as well as patients, there are like PAX(?) images, document images. Let's not limit this to just data that we can put in an HL7 stream.
Again, probably step back and make sure we talk to our target audiences and define what will drive their participation both on the patient side, as well as on the side of health care organizations, payers, employers, et cetera.
So, in summary, the personal health record is strategically very valuable to the University of Illinois as a next step. As we continue down our missions of providing care, education and research, the community strategy is a piece, but it is one that could truly feed into many others in terms of bioterrorism surveillance and other research types of initiatives. We will design the personal health record to be driven through value to the end users and keep in mind that that is the patient and the others will be feeding the record.
I probably said this about three times. So, it would be characteristic of me to continue reiterating it to make sure I have driven home the point that our incentives I don't believe are aligned today to necessarily foster the type of participation we want on anyone's part in the personal health record.
Finally, the minimum data set is essential but it should be practical for those of us who actually need to implement it.
Those are my comments for today. Thank you.
DR. ZUBELDIA: Thank you. I am sure we will have some questions after Ms. Pritts makes her presentation.
MS. PRITTS: Good afternoon.
First, I would like to thank you for the opportunity to testify before you today on the privacy aspects of the personal health record. In addition to working at Georgetown, I think that it is only in the interest of full disclosure that I also tell you that I was a former staff member of the Markle Privacy and Security Working Group. I did not in that capacity, however, address the personal health record in any fashion. So, what you are about to hear is pretty much my take on this as an academic.
I think one of the important things that when we are addressing the personal health record to know i s that it means a whole lot of different things to different people. When I was asked to address this topic, it was almost like wrestling with jello because I didn't know. Are we talking about the personal health record that is maintained by a commercial vendor site?
Are we talking about what is kind of billed as a personal health record that is maintained by a health care provider? There are insurance companies that have sites that look like personal health records. There are employers that are encouraging their employees to use health sites to monitor their own health.
I think that this is very common when you are dealing with anything in the electronic format. It has as many different permutations as you can possibly imagine. So, it is a little difficult to get a handle on it, but I think that there are some overarching issues that appear, regardless of the format or the structure that you are looking at.
To put it in the privacy perspective, you have to look at privacy as not only the person's ability to keep information away from you, but also their ability to control how the information is used and shared by what you might call secondary users or once they have given somebody authorized access to their health information, how is that person going to turn around and use it and share it? One of the issues I see that really presents itself with the personal health record as it is developing is that I think the patient perspectives on their ability to control their information is going to vary drastically depending on where it is maintained and the structure under which it is maintained and it is also going to not be what they are expecting.
When people hear personal, they think it is mine and I can't see under any of the possible structures that have been proposed for the personal health record where the information is truly owned by the patient. So, it goes to a matter of control and also a matter of how the patient is going to be able to control this information.
I am not saying that there is anything necessarily right or wrong here. It is just that patient expectations and how we bill things should match the reality of the situation. Those are questions that are going to have to be addressed as you move forward. So, there is a kind of -- I look at it as two core issues as a matter of practicality. How is the patient going to be able to control their own health information when we are talking about a health care system that is designed on sharing information across the boards? Also, what legal restrictions or protections are there on the information once the patient has given authorized access to their personal health record to people? Because that, again, is one of its big selling points is, you know, you can control who uses your health information.
That is only really true up to a certain point. What I did in my written testimony and what I propose to do here today is just examine very briefly two kinds of formats that have developed currently for personal health records. I am doing this because I keep thinking of unused videotape recorders and for us who have MACs, we also see this problem, which is that the best structure or what many people see as being the best product may not be what drives the market. What may drive the market is who is out there now and how much market share they have now.
What you have right now pretty much on the market are commercial vendors and health care providers are really kind of on the forefront at this moment. You also have some, well, health care providers like the VA, who are kind of a little bit of a hybrid.
I am going to turn first to the proprietary or commercial vendors because there are a lot of patients who are familiar with their products. They sell themselves as being very patient centric, enter your own health information. They tell the patient you can tell other people that they can enter health information on the site, but it is only the people who the patient gives the permission to, who can actually add information. So, it is very patient centric and it appears very patient controlled. The patient has access to the entire record. There is nothing that has been put on there that they are not going to see. So, this at first glance looks like a really patient centric record, but what you don't see on the privacy policies on these sites and what I think patients don't recognize is that once they give access to that information in their records, it just flows like any other health information through the health system.
So, once you open the door, that health information right now is -- the patient largely loses control over it. As I said, I am not saying that that is necessarily a bad thing. That is the way the health system works. But what patients think they are going to be able to do, which is to control their health information and what they are actually going to be able to do are quite likely to be too different things.
One of the contexts I see this as being a concern for people is as you have more centralization of the medical system. You have these large health care conglomerates and a person might say on a commercial side, I give access to my doctor to see this information and they might think, okay, now Dr. A has access to this information, but nobody else does. Once the doctor really gets that information, it is going to go -- he is probably going to enter it into his medical record and now it is in the system of this entire organization, which, again, is from a patient point of view, that does not give them a lot of control over and it is something that they need to be aware of.
But more disturbing from a -- when you are looking at a commercial vendor or proprietary vendor is the almost total lack of legal protections for the information that patients voluntarily store at these sites. Most of them are not covered by the HIPAA privacy regulations. The privacy regulations only cover health care providers, who engage in certain electronic transactions, health plans and health care clearinghouses.
So, many of these sites won't be covered by HIPAA at all. They are also for the most part not covered by state health privacy laws, with the very large exception of California. California defines for purposes of its Confidentiality of Medical Information Act a web site that stores information for access by the patient and by providers as a health care provider and it holds them to the same standards of use and disclosure as they hold a doctor or anybody else, who is a central repository of medical records.
But they are the exception and they certainly are not the rule. There is a certain amount of protection afforded to this medical information that is stored at commercial sites by the FTC Act, but that largely comes into how the site is promoting its service and if they are saying, we are going to keep this information private and we are going to keep it confidential and they don't, then the FTC can come in and say, well, you are in violation of the FTC Act because this is kind of like false advertising. But the FTC protection shouldn't be over relied on because even they are very limited in the protection that they can give to information once one of these sites goes out of business.
The poster child for this is the ToySmart.com situation and ToySmart.com, as you can probably tell by the name, sold toys. They collected a lot of information on the Internet about parents and children and children's names and children's birth dates and what their preferences were in toys and they promised on their site that they would never, ever disclose this information to a third party. That was true until they went bankrupt and then the only asset that they had that was valuable was their information.
So, like everything, in the Internet, they come and they go and it is a potential disaster waiting to happen because there just really are not adequate legal protections in place right now. I would sincerely hope that commercial vendors are not thought of a viable component of a national health information infrastructure, at least under current protections.
At kind of the other end of the continuum is right now would be information that is maintained by health care providers. It is at the other end of the continuum in a number of different ways. A lot of the information at these sites, which I believe Dr. Lansky referred to as gateway EMRs, gateways to EMRs, the data is primarily entered into the system by the provider and the patient has some access to it, but the providers have control over what access they have. Sometimes the patients are permitted to enter information also.
I was very pleased to hear Dr. Lansky say that he didn't see that this was truly a PHR because that was my own independent conclusion, that these should be seen more as interactive electronic medical records than personal health records because it is not the patient that is truly in control here. There is some possibility here for this type of record to be used as an access, a potential form of access for the patient.
As I am sure all of you know, the HIPAA privacy regulations require providers to give patients access to their own health records, but it is really unclear how this kind of a patient medical record that -- that their Personal Medical Record really fits in with HIPAA because it has kind of a limited amount of data. It may or may not be everything that the provider has. It is not clear whether when a patient logs on is the provider going to think that this is a formal request for access to my medical records because if it is, then they have to give the entire record.
That is not exactly how things are structured now. So, it is not a perfect fit and it is not clear how providers would convey this information to their patients if there is any information that they are not fully providing. So, you would have to almost a couple different mechanisms in place, which I think gets fairly confusing for consumers.
When you look at the other aspect of privacy, which is in a person's ability to kind of control disclosures and use or your legal protections are in force, obviously, most medical -- personal health records that are maintained on a health care provider site are going to have many more legal protections. They are going to be subject to the HIPAA privacy regs. I find it hard to envision a case where they wouldn't be. But, again, you will have within the system free flow of the information for treatment, payment and health care operations.
We are hoping that patients will when they receive their privacy notices under HIPAA be more aware of how this is actually going to work. But if you are not receiving the in formation, the notice, at the same time as you are entering your health data, there is also a potential to disconnect -- a potential disconnect there because even though you think, well, they should understand that they don't have that much control of their records because the doctor is entering the information and it is being maintained at this web site that is being run by a health care provider.
I think when HHS solicited comments through the privacy roles, they found that the overwhelming majority of the comments said what, we own that health information. So, patients right now think they own their medical records. That is something that you will have to deal with, whether it is in paper format or electronic format. That is not really going to change. There is still that opportunity for a very major disconnect in what patients expect and what the rules and practice actually are.
There was a third kind of structure for personal health records that I really didn't discuss in my written testimony, but which has been mentioned today , which is what I would call kind of like a decentralized structure for the personal health record, where people would be kind of pulling the information from different sites and that it wouldn't actually be stored necessarily in any one place. It is important to recognize that you can't assume HIPAA will protect all of that information because HIPAA is patchy in itself of who it covers.
You can have health care providers who can enter information into the system, who aren't covered under HIPAA if they don't accept health insurance, for example, which is not -- it is not common these days, but it is not uncommon either that more and more doctors are telling to the patients you deal with it. We are just going to bill you and you pay up front and you deal with the health insurance aspect of it.
So, again, even here there is a little bit of a disparity between what is envisioned and the protections that are actually in place for it. We don't have the legal set up right now to protect this information adequately really in a lot of the structures that have been proposed.
I was also asked to address how the minimum data set might fit in and, again, it is a kind of fuzzy concept at this point, but it seems like that it might be a very useful component in actually solving this problem of the amount of control patients have over their information when it is inside the health care system because what the minimum data set is it -- I look at it almost not as necessarily a personal health record. It was easier for me to address it within the current legal structure that exists and to me it looked more like, well, it is an agreement to a restricted electronic medical record.
Under HIPAA you can reach agreements with your health care providers to restrict the amount of information that they will use for treatment, payment and health care operations purposes. So, it fits in the system that already exists and so there is a mechanism in place for protecting it and they would use it for certain purposes and, of course, there is also the mechanism for having larger degrees of health information for different purposes that way.
Here are the people I think should have access to this type of information and here are the people who should have access to my entire medical record. I suspect that the patients will really like that concept, that it may be met with great resistance from providers. I would hope that that were not so. But I see this as being a nice kind of compromise between the competing interest between doctors who want everything they can get their hands on and patients who don't want to give them anything.
And that is it.
DR. LUMPKIN: Thank you. I am sorry I missed what at least from the conversation I heard in the hall on the way in were some summarized as being some very excellent presentations and also very thought provoking on this particular issue.
At this time we have some time for questions from the committee to our panelists and discussions.
Mike, I cut you off at the last one. So, why don't you go first this time.
DR. FITZMAURICE: Thank you, John.
I have a question for Joy Keeler. You talked about the electronic patient record and you are 98 percent with the nurses. You are 90 something percent with the doctors. Who advises you on implementing that record? Do you have committees of patients, committees of staff physicians, committees of nurses? And how do we learn the lessons of things to avoid and things to do well in implementing a computer-based patient record?
MS. KEELER: Good questions. The first one is we really take great pride in being a clinician driven project, if you will, because when it started it really was an IT project and then over time we really tried to transform that and pull everyone in. So, it was largely physicians at the onset. That is how we built consensus and kind of how we drove it through the organization.
Then once we had a critical mass, then we began -- really, you would say we were already post-implementation. That is when we engaged heavily with nursing and ancillary health type people.
Then your second question was -- help me.
DR. FITZMAURICE: It was how do we learn the lessons that you learned and things to avoid and things to do well when you implement a computer-based patient record system? You have to choose one and then you have to implement it.
MS. KEELER: Right. One of the reasons we actually went with a vendor-based solution instead of building our own was for that very reason so that what we did accomplish -- and we weren't entirely sure we would, but luck would have it. We actually wanted to have something that would be recreatable and one of the initiatives that I am working on right now is an institute that would be part of the University of Illinois so that we could duplicate our initiatives in other places through the country.
DR. FITZMAURICE: Is anybody writing this up as a journal article on, boy, did we go wrong here and, boy, here is something we lucked into and did right and here is something we intended to do right and it did go right?
MS. KEELER: If I could have your business card, I will send you that at the end of the year. That is one of my projects that I will do this year is to really study that. We wrote a brief book on it last year called The Transformation of Health Care at the University of Illinois, but we need to do so in a much more serious way.
MR. BLAIR: What publication was that in?
MS. KEELER: We didn't publish it. It is internal.
MR. BLAIR: Could you make a copy of it available to the committee?
MS. KEELER: I could. It is really our journey. It is rather interesting. It was written by me and an individual at -- the primary vendor that we used, their chief engineering officer and we really got away from the product because it really has nothing to do with product.
DR. ZUBELDIA: This is fascinating because we have seen, for instance, the University of Illinois that has their own system and product even though through a vendor. We saw an XML representation of a personal health record and what is fascinating is the creation of multiple islands. I didn't hear anybody say we use certain standards for connectivity. I think it is absolutely essential that if you are going to transfer information between the electronic medical record and the personal health record, that you base it on standards, some open standards. I didn't hear that.
Maybe it is based on standards, but if we are going to have something that works nationally as part of a national health information infrastructure, I would like to hear what is the project or what are the plans to make it work nationally with standards for connectivity from both of you.
MR. MARSHALL: I can take a crack at that. It is the position of the personal health record Working Group that personal health record data should adhere to standards where possible and I will pick out a couple of examples. We believe that the data in a personal health record and personal health information data set should be codified in a way that is consistent with existing standards.
Those are evolving as you know, but we believe that they should adhere to that. Secondly, when it comes to the format of data exchange, I showed earlier an example of an XML format. XML unto itself, of course, is a growing standard and way for systems to electronically communicate. Having said that, the argument could be made that existing standards, such as HL7 would be a way for systems to communicate. I would submit that that may be true. However, HL7 being a very large and often complicated standard of exchange for health information may be burdensome to organizations who hold this kind of personal health information and would be inclined to participate in secure exchange of that information and they may find that particular standard burdensome.
So, I would submit that as one possibility.
MS. KEELER: HL7, any standard is a burden. HL7, I think that is probably one of the very few places that health information technology might actually be in front of other industries is in that particular standard and the ability to really tie together disparate systems. We have had it for awhile. We have had it for 10 or 12 years. So, while it is burdensome, it is there. It is defined and pretty much everybody uses it.
So, I guess I would submit -- I think it is a good place to start and we can define whatever the next one is once we get started. I think one of our challenges, though, as an industry is -- it was very well articulated in this exchange and that is while on one hand we want to have codified information that is comparable from Illinois, Florida, Massachusetts and California, you know, guys, we have to transform health care first. We first have to actually get those physicians to use the computer and I don't know, I couldn't have done it with any kind of a codified or structured clinical text. I put five or six examples out there and let clinicians choose which they are more comfortable with and over time, I believe both technology and the culture change, the willingness of our clinicians to change will guide us to a codified type of approach. I haven't seen one that I could do across an enterprise today.
So, while I agree with you, I think we get into some loose gravel once we get to the point of progress notes, discharge summaries, op reports, H&Ps. We can do that codified at a discrete data level, but once we get into the real narrative type of documentation, I don't think that exists today. Although it should be a goal.
MR. MARSHALL: I would say that I support that in large extent, that when it comes to specific information, such as problem lists, medications, immunizations, procedures, laboratory data that has been performed, that personal health record should adhere to structure of data where possible. Although narrative data, I agree with you, when shared, it will be difficult anytime soon, I think, to really make that practical, especially for providers.
DR. STEINDEL: Ms. Keeler, Kepa actually took part of my question with respect to standards, but there is a question I have regarding standards on what constitutes a personal health record, especially from a medical institution. I got the impression from your talk that you were probably creating what was called earlier a gateway system where you were going to allow people in the community access to their information in format.
If I am in correct, please correct me. But that is only part of my question because I was talking to a bunch of colleagues from medical institutions and one person said that we have a great personal health record. When the person comes in to the institution, we burn a mini CD with an HTLM version of their record and then we give it to them. That is their personal health record.
Another says when a person wants a copy of their information, we print it out and that is a personal health record. I think we first have to create a standard on what is a personal health record. That would be an important step forward from connecting for health and in this area. It isn't in the eyes of the beholder and I would like your comments on that and how the University of Illinois is approaching it and I think some of the implications of what constitutes a personal health record has implications on the privacy considerations. Once it is defined, then perhaps we can define the privacy of that information much better.
MS. KEELER: I guess on both -- on the first, the way we would define a personal health record, well, magnetic cards and burning CDs and printing out records, we don't define that as a personal health record as a part of our strategy. The very fundamental reason is you can't update them. They are dated. The minute you burn them, the minute you print them, the minute you swipe them, they are outdated and I think the value -- I am not certain of what the percentage, but it is certainly a diminished value, the minute that patient walks out the door.
So, our approach, you called it a gateway system, I am not sure I actually used that term, but the description of what we would see as our vision of a personal health record is a common server that we can contribute data to, the patient contributes data to, the health care organization down the street, the reference lab, the health department. The patient owns that.
But your second point is an important one and that is HIPAA, privacy. I think that is where we as a country really have some work to do in terms of educating our citizens on what to do with that information and what their responsibilities are and what cautions they need to take moving forward as well. But that should be earned by the person. That is their clinical information, not by the University of Illinois or Northwestern or Cook County or Georgetown. It is the patient's.
MS. PRITTS: My question is is the information that you have designated at the University of Illinois, you say the patient owns that. What does that mean, that the patient owns that information? They can tell you that you can't distribute that -- share that information with researchers or anybody?
MS. KEELER: Well, that is definitely true, but as it relates to the personal health record, the patients have to actually give it to -- it is the IRB actually oversees whether their information can be a part of a research study. So, yes, on that aspect. But as it relates to the personal health record, we have not finalized -- we are far from finalizing what data will be put out as a part of that health record. But that does belong to the patient.
You are the privacy expert. Does your medical record belong to you?
MS. PRITTS: No.
MS. KEELER: It doesn't?
MS. PRITTS: No.
MS. KEELER: So, if you go to a medical records department, you don't have the right to see your record?
DR. LUMPKIN: That is different.
MS. PRITTS: That is different, right. As a matter of -- you have a right to see it. You don't have a right to -- well, let back up and give a little background on this.
There is not a state in the nation now where a patient is the owner of a medical record. In every state in the nation, the provider owns the medical record. It is his property or her property or the organization's property. What that means as a practical matter is although -- and also in just about every state in the nation, we are going to ignore federal -- you know, HIPAA right now because we are just going to go on state property law.
The patient has a right to access the information in the record, but what they can't do is if you get in a fight with your doctor, you can't go in there and say I don't like you. You can't have my medical information anymore. Give it to me. I am leaving. You are not going to be able -- so physical or even the intellectual development of the notes or anything in that record, that belongs to the doctor.
Now, what HIPAA does is it doesn't change the ownership of the record at all. It just kind of codifies the person's right to see what is in the record and it gives some structure about how they can get that information. So, right now, the patient doesn't own it and they can't tell the provider what they can do with it and who they can share it with. Even under HIPAA when it comes into play, within the health care system context, treatment, payment and health care ops, there is implied consent that the provider can use that information for all of those purposes.
So, that is a very different structure than what we are talking about when we are talking about a personal health record that is controlled by the patient. I have concerns over that.
DR. HARDING: I wanted to bring up that issue of amending the record, patient's request to amend or append personal record. This happens, it has happened to me. And do you have in your system if a patient says, you know, I looked at my record and they are wrong. I didn't do that. Can they amend the record or append the record in your system?
MS. KEELER: Today, patients do not have access to make any changes like that. The only documented changes can be by a physician or a nurse and if they are made, they are basically redlined. It is all audited and the change is noted as a change and the original content is maintained.
DR. HARDING: So, nothing is changed without --
MS. KEELER: It is appended. Once it is authenticated, right.
DR. HARDING: Okay.
The other thing I was going to ask back aways, but 98 percent of your doctors are on electronic medical records. What are the other 2 percent doing and how would you characterize those 2 percent as far as demographics?
DR. LUMPKIN: And we want to know their names.
MS. KEELER: I know who they are. I wouldn't want this to be a part of public record.
No, we actually -- there are 20 who are not. There are 20 physicians out of those who provide care in our organization who are not direct -- who I wouldn't say are not actually active users. They won't document in the system. They will use information out of the system.
DR. HARDING: And they do so because of their lack of keyboarding experience or principle of some kind of what is their excuse?
MS. KEELER: I like to think of it as -- I don't think that the system, particularly supports their clinical practice well in terms of how they care for patients and how should or would document in an electronic system. I don't think we necessarily meet their needs well. We would slow them down. We would really slow them down. So, until the technology changes, I don't view them as not -- I don't think we have met their needs well.
DR. LUMPKIN: Now you know why she got a promotion.
DR. DEERING: I have a couple of comments. One is the general observation and here is the full disclaimer, I am a participant in the Medical Records Working Group, but my comment is partly a reflection of discussions that I have heard as part of that group and partly a reflection of discussions among those who have been following the issue of a personal health record. That is a certain tension between those that think it is very important to talk about the personal health record as an it, somehow, somewhere.
Those who in the direction that, in fact, the group is now going and in Phil's presentation sort of underscores, where you talk about the contents and you talk about the functionality and you leave the it of the structure as an open ended question in order to advance the work on the issues that have to be addressed.
I do think that actually that has sort of come out of your discussion, too, when you see sort of it is the information elements which are useful to you. It is not the concept of a personal health record data set. It is the specific elements. But let me just make another comment while I have the mike, which is -- and it was emphasized again when you mentioned, you know, the appending and the redlining.
Those of us who have worked with paper documents and I can't tell you how many versions that NHII report went through. I mean, we all know about what is called version control and I think you also raise that record. You know, let's say you do have whatever the it is of your patient record, but you let it go. Immediately the record that you have let go, which now is housed within your provider, who you chose to share it with, is Version 1 or 11 or whatever it was, but as soon as you go onto update your personally controlled record, information that you have shared is already ipso facto, as out of date as the burned CD or the print copies.
So, again, I just want to leave that out there , this issue of version control. It has both privacy implications and implications for accuracy and the sharing of information.
DR. LUMPKIN: Although -- I am going to turn it over to Kepa to answer that -- that is also true of my pilot, but I still use it because it has utility.
MS. KEELER: But you have the option to sync it up, right?
DR. LUMPKIN: Well, no, but I think that that is obviously the challenge, as we look at version control. If we think about what we have seen earlier today, you know, if, in fact, the Os are -- the oughts or whatever we call this decade is the decade of the wireless and as time goes on, the connectivity issues make some of these problems less of an obstacle.
Joy and then we are going to go to Kepa and then we are going to take Kepa's last provocative question because I have heard a preview of that and we are going to take our break.
MS. PRITTS: I would just very briefly like to address the structure issue because the way that the health privacy laws today exist at both the state and federal level, the structure of the record is what controls what degree of privacy the record actually has. So, you can't really evaluate what -- you can't just look at the data elements and say, yes, this information will be protected or it won't without knowing how it is structured because, for instance, in the Federal Privacy Rules if the record is held by a provider or if that is the structure you decide that there are going to be kind of data silos at different providers and we are going to call those a personal health records, then that data is going to be protected, but if -- that was why I had the example. If it is at a commercial vendor, which is a very different structure, it is not.
DR. LUMPKIN: Let me challenge you, though. If we could ask that you would think about this a little bit and submit to us some suggestions because while there are limitations the way the regulations are, the reasons why those things are in regulations and not in law is because they can be changed. One of the roles of our committee is to review the issue of how privacy -- the regulations are being implemented and make recommendations to the department on subsequent changes in the future.
I don't think we have time to go over those today but I think we would be very willing through their privacy subcommittee, as well as this committee to synthesize that and make some recommendations to the department on how to cover what appears to be a very important loophole in privacy protection.
MS. PRITTS: But they can't because Congress kind of hogtied HHS on this one with a limited delegation of authority and the way the law is written.
DR. LUMPKIN: Okay.
MR. BLAIR: We can also make recommendations to Congress, too.
DR. LUMPKIN: Yes, we can. I think that is one of our charges. Particularly in relationship to HIPAA, I think we are charged on an annual basis to give a report to Congress on implementation. So, we have a voice and we would like to speak with the wisdom of your voice.
MS. PRITTS: Okay.
DR. LUMPKIN: Kepa.
DR. ZUBELDIA: We have been talking about this personal health record and how the patient would share it with multiple providers and get information from multiple providers into my own personal health record and then I can share around and put it in sync with John's palm pilot, but to make that work, I would like to hear your thoughts, Ms. Pritts, on individual identifiers and how would they help or create a problem. Where are we with individual identifiers? Isn't that a necessary component?
MS. PRITTS: I do not -- I think that there are technical questions as to whether that is a necessary component or not and I think that you will have -- you will receive different answers on that question depending on you ask. Personally I felt qualified to say the following, which is it is still a very hot button issue and would have to be addressed with the utmost diplomacy because particularly in today's climate, when you have John Poindexter heading an agency called the -- what is it -- the Total Access to Information or something of that nature -- Total Information Access. And in a climate like this to say and by the way we want to give you an individual identifier for your health information and it is going to follow you from birth to death and when you think of the people it could affect or you think of the kind of information it can have -- you know, we all make mistakes when we are 20 that we just as soon not have a centralized -- not identified or readily available to everybody.
MS. BICKFORD: Carol Bickford, the American Nurses Association.
The presentations I have heard this afternoon are talking about the personal health record and I didn't hear any mention of the ASTME-31 standard work that came out about personal health records and web. Do we have any insight on that and how it is being applied?
MR. MARSHALL: Yes, I was a participant in the ASTM process, E31.29, I think is what it was. And we did take advantage of that definition of a personal health record as a starting point for the work group and I am not sure that that particular standard per se was fully adopted through the ASTM. Perhaps Mary Jo, you may have some more information on that. I don't think that it was fully pursued.
DR. DEERING: I don't believe so and to the best of my recollection it, although it is in the ASTM standards area, it is more about ethics and practices than it is about standards for information transmission or components like that. It is more an ethical standard than -- but, yes, indeed, we have heard a little bit about it. I don't think it has gone any further.
MR. MARSHALL: Mr. Wygeman(?), I think, is perhaps going to be a participant later. He may have some more information on that.
DR. FITZMAURICE: On this one, there is a standard E13-84 that contains the elements and then a categorization of those elements in electronic patient record that might be useful.
DR. LUMPKIN: Okay. We are going to take a 15 minute break. Thank you to the panel, by the way, and, again, I apologize for being called out.
DR. LUMPKIN: We are going to move to the final panel for the day.
Ed, do you want to introduce yourself?
MR. HAMMOND: My name is Ed Hammond. Actually, I am here representing the Markle Foundation and the project Connected for Health. Just to make sure that the biases are laid open, too, I am currently the president of the American Informatics Association and I have been chair of HL7 on two different occasions and I am currently vice chair of the technical steering committee of HL7.
DR. LUMPKIN: Thank you.
MR. HAMMOND: I didn't know whether I was the interceptor or the interceptee in the fourth quarter of last night's game.
Gary, you want to introduce yourself and then we will start off with Ed.
MR. CHRISTOPHERSON: I am Gary Christopherson. I am the senior advisor of the undersecretary for health for the Veterans Health Administration and formerly the chief information officer for the Veterans Health Administration.
DR. LUMPKIN: And another for this committee.
MR. CHRISTOPHERSON: Yes, somebody who has been here before.
DR. LUMPKIN: Ed.
MR. HAMMOND: Thank you. I must say that I am particularly delighted at the topic of the conversation. I guess in some of my wildest dreams in earlier years I would not have ever thought that we would be talking about a personal health record at this particular level, at this particular time. And I am glad that has happening.
So, what I would like to do is to share with you some of the thoughts and some of the activities of the Connected for Health collaborative enterprise. First of all, sharing with you the vision itself, providers responsible for population health and consumers, three stakeholder groups, three groups that in my vision of what we are talking about, each have some form of electronic record associated with them, but to make sure that these important groups of people will have ready access to timely relevant, reliable, secure health care information through an interconnected electronic health information infrastructure to drive better health and health care. Those are pretty much thoughts that it would be difficult perhaps to argue with but contained within the words of this, I think, is much of what we are all about.
Connected for Health basically has set up with three goals. The first is accelerating the rate of adoption of clinical data standards. The second is sharing some of the best practices for secure private transmission of medical information. And in the third, which would be of interest to this group is understanding what consumers need and what they expect from an interconnected electronic health information system.
Connected for Health is set up in three groups with a steering group and, again, I think one of the things that excited me about the possibility of working with this organization is the fact that they really are touching on critical pieces in which we have to, I think, accomplish some degree of success if we are to accomplish success overall. There is a steering group that brings in some very important decision makers and influences in health care that endorsed the activities of the groups themselves.
The group that I chair is the data standards working group. I will talk a little bit more about it, but the other two pieces of this, and you have heard from them as well, the privacy and security working group and the personal health working group -- the data standards working group has as its goals to identifying calls to be created, the necessary standards and definition to enable to movement of data and knowledge, the improving of health care and to accelerate the adoption of data standards.
I am moving these very rapidly to get to what I really want to say. The three groups of the data standards, the working group itself has a consensus committee and this is the group that has the group that has the responsibility of identifying some of the standards that exist or are in progress of being developed or need to be influenced to be developed. Then the implementation committee that tries to get the adoption and the implementation of the standards that we are talking about and the policy committee that is trying to influence the different agencies and groups that ultimately make the decisions as to whether they will use standards or not.
I think it is important to recognize the importance of the connectivity for these three groups. If you on the receiving end of a use of a standard, you don't know whether the standard works or doesn't work because the standard isn't correct or whether the vendors haven't implemented it correctly or whether it simply hasn't been put into a system that is able to interface appropriately with the standards.
So, it is very important that we look at the adoption and the correctness of the adoption itself. The whole concept of certification is one of those words that almost is second to the unique identifier to the controversy that it aroused among the community when you start talking about this.
So, what are some of the issues that will influence a little bit of what I want to talk about today. Well, first of all, the data standards working group itself has not specifically focused on the standards for the personal health record. The reason we haven't done that is because to some extent we think data is data. So, the standards that apply generally to wherever you are sending data from one place to another increases -- it requires an understanding of the data itself to make it sure that when you see this thing everybody understands exactly what it is that are in the rules for moving that to one place or the other. So, it hasn't been important up until now to really have that.
On Thursday of this week, January the 30th, the three groups are going to meet together for the first time and begin to share cross information. I think that will be probably a very stimulating and very exciting discussion because I think coming at this from different directions will start at least at some different points and then will arrive at a compromise position itself.
The question that has already been addressed by a number of the speakers and by you as well is what is the model for the personal health record and what is this interaction with the electronic health record looked like and when we are talking about standards, I will present to you a few very primitive views of what that interaction might be and then finally the question of what additional work must be done to meet the needs of the personal health record and I will address that topic as well.
One of the things that we did in the data standards working group and particularly the consensus committee of that group was look at some of the existing standards and see if any of them had reached the point of maturity and acceptability that we felt that these standards could be endorsed and moved forward. For our reference information model, which really is the fundamental building block -- this is the model that everything else can ultimately refer back to. So that when you are talking to any other kind of group, this provides a point of commonality of understanding how we go down the different pathways as we view the electronic health record, which is the ultimate holy grail of what we really are trying to accomplish in whatever form it is.
Our belief is that the HL7 reference information model now has reached the point of stability and acceptance throughout the industry and, in fact, throughout the world, that this is a standard that we recommended. Data tap is another important component of this in which again the way in which we express things in a way and the way in which we share things is common. Again, we think the Version 3 data taps from HL7 have reached degree of maturity and are moving forward. Terminology is an interesting problem, one which I think hasn't been solved, hasn't solved and I think that this is probably had more to do with our lack of progress in a number of the areas than anything else. In spite of the fact that there are several hundred terminologies currently available to us, we still have to use manually, but it decreases the level of understanding.
A number of things are happening now and I show you my optimism of this by changing the wording here from a "no" to an "in progress." I think this is something that we are making progress are and we will see something as well. Clinical documents, again, without spending a lot of time and addressing this particular issue, but this is beginning to have some structure now so that documents have form and referability and authorship, the data and things of that nature that has been standardized, then I think at least for the next few years, is going to be an important of both the personal health record, as well as the sharing of information in a number of different kinds of settings.
Clinical templates are just beginning now to be defined. I think that within 2003 we will begin to see some definition to this and there are a number of ways of looking at clinical templates. One simple way of looking at them is an opportunity of defining complex clinical objects so that there is structure that is built in to the object itself so they can't be decomposed and have an understanding of what it is that we are looking at, the pieces of it itself.
In all of these areas, HL7 is doing some work and the committee itself has endorsed the work of HL7 in those areas. In terms of data interchange, again, there are several operable standards that have been endorsed by the group itself. For transactions, we have endorsed the X12N. Obviously, it made sense to do so since NCVHS has done such a long time ago. This still continues to be the appropriate standard for that.
HL7 for the clinical data interchange and dot com for images. There is increasing cooperation among those groups in terms of moving those efforts forward. Implementation manuals, not so much a standard but certainly part of the way of expressing the particular rules for two groups that are talking to each other. My first introduction to implementation standards and the value of these was the CDC project of the emergency data set that -- is an implementation standard that said precisely what we are going to exchange between two groups doing this. Immunization has followed this. Health care surveillance has followed these rules now and it is the kind of thing that I think we probably need some form of that for the personal health record itself.
The business rules are agreements that in effect represent the data that is to be exchanged and things of this nature. Decision support rules, again, within HL7 environment, a number of groups that is working on this along with clinical guidelines, the GLF(?) group, the JIM(?) group, the Prodigy group, a group from the U.K. called the Virtual Medical record. The group has come together and the -- syntax and are beginning to harmonize the differences in the different approaches and really beginning to move ahead in creating languages for the creation of decision rules and for the exchange of that information.
So, again, we are making progress and we have supported this activity within HL7 itself. Identifiers, very clearly, this is a key component whether you are talking about physicians, whether you are talking about facilities, employers, health care plans or people, is an important component of what we are talking about.
Tool sets, there is beginning to be an increasing activity, but if we are talking about the public health record, which would be used by a wide set of people, I think it is extremely important to recognize the fact that we need to make the tool sets available at low or no cost to these groups to move ahead in the clinical guidelines and we will talk specifically about how some of these apply to the health care setting itself.
Reusable components is another term for the clinical context object working group as part of HL7 and these are the reusable components that provide connectivity between modules. My vision of the ultimate system really consists of a set of reusable components that could be put together to build a small system or a middle size system or a complex system. And I think with the standards that make those fit together and flow is a good way of building a broad enterprise from the national level, whether it is a small unit to the largest unit, bringing those together.
In terms of the data elements activities here, what I am really talking about are everything up to minimal data sets work, which I don't particularly think is expressive of what we really are talking about, but essentially what we are talking about here is trying to create a well-defined master set of data elements so that the definition and the terminology associated as well as the data taps are defined and that a particular group of people electronically specify which of those data elements are part of the system.
So, dealing with the problems with the personal health record of creating those minimum data sets would be derived from that set. Disease registries, I was delighted that Kaiser just announced the release of their disease registries. This month's Medicare Care magazine has published in it about 50 or 60 disease registries and the beautiful part about disease registries as standards is one, they identify the data elements that you are talking about and the terminology for those, but also you can build in the quality indexes for what you are talking about.
So, using these as national standards, I think, will help promote what is important for different diseases, as well as to help us evaluate the other kinds of things. Educational components again we will comment about those briefly in terms of the personal health record, but in images with -- moving ahead, those have been following the security. One comment I would make as it relates to the personal health record, too, is HL7 has been working on standards of trusted end-to-end information flow, which means you are not only interested in one step of moving this information from A to B, but trying to define the rules that managing control that information for the rest of that time.
Now, focusing specifically on the personal health record itself, I like the suggestion that the only use of the electronic health record is going to be the person. If you recognize that, then I think that helps you understand to a great extent what the content of that record should be and it largely should be all the things that have value to the person to permit them to accept the individual responsibility for their own care.
I have maintained my own personal health record since the 1990s. I did it as much as anything for protection and nobody else has the data in their health care system. The people that are taking care of me don't know what I know within my own personal health record, except when I go back and suggest that they take a look at this and do something about some of these sorts of things, too.
I might also mention that when I was in the Navy a few years ago, I carried my personal health record because the only proof to getting the shots from the Navy was proving it on a piece of paper that you really had that shot before. Otherwise, you have got it and that is one piece of paper I never lost. I carried it with me in my wallet and I can tell you that there was major value for that.
It is interesting, as you get older, you view a lot of these problems very differently than you did in younger life. Enough things have happened to me now, I am beginning to pick up a medication here and a medication there. Worrying about some of the things that I need to do and I really think that I am increasingly in a position to worry more about my own health care than anybody else. I need data to do that. So, I think that putting this stuff together is something that is going to be very, very important to me.
One of the things that we may have sounded like we are talking about with a personal health record is that we are talking just about data. That absolutely isn't true. We are talking about a number of other kinds of things. At a minimum, it is going to keep me from missing as many appointments as I miss. And it is going to manage my scheduling. It is going to tell me when I need to get tests. It really is going to help manage my health care life itself, as well as providing data to help me make those kinds of decisions.
I need a little more knowledge about certain kinds of things and I know a number of you have heard me say this, but I have always been impressed with women's magazine has a section on health care, that I would love to deliver electronically as part of anybody's personal health record. It is unbelievable that they could take The New England Journal of Medicine and in a few paragraphs provide something that is understandable by a lay person and have meaning and influencing behavior as part of that. I think that is part of it.
Our information displays aren't going to be the same kind of displays that we see in a clinic or a hospital information system. I think these are going to be driven by query, by personal preferences and behavioral needs and we will need standards that address those kinds of issues.
-- of data, I thought that was a very interesting kind of discussion, but we have picked up data from patients for a long time now, electronically using, for example, glucose measurements of some of those, follow-up on treatment and some of those kinds of things, information about how often you are having headaches.
There are a number of things that come back and then finally the major issue is patient control release. Now, I have got three slides and I am going to go through these quickly as well. Basically, all I am going to say here is that data floor -- and the kinds of standards that I have already been talking about, I think, should be obvious on the standards that we can use to accommodate this.
Some of these are going to be clinical in nature. Some of these are going to be the reimbursement part of this and I think there is going to be a subscription service that is going to provide a number of things. The CDC may send information to me as a push, send that information to tell me to start worrying about mosquitoes in Durham, North Carolina, in the summertime because of the outbreak of certain diseases. I may get something from the FDA. I may get something from other government groups, but there may be some commercial groups that are providing information for me and others. So, I think that is going to be one of the inputs that we need to be able to deal with from this.
Interestingly enough, and I almost wished in some ways I hadn't done this, but where is the personal health record going to reside? It is clear that there is a notion that this is on your home computer, but interestingly enough, some of the people that we have talked to, there are people that trust the security of a clinic more than they trust the security of their home computer. So, I am not really sure that I wouldn't be as comfortable putting all my health information on the computer that all my kids and all my grandkids and everybody else plays with. So, those kind of things -- and, again, for lots of reasons, we may find clinics offering a service of having your own honest personal health records, the same way that we view it, but providing that as a service, a recruit service, perhaps, as you will, on their computer system that has all the privacy and security kinds of things in place that you have on your own computer and there are commercial services that probably will provide this as well.
So, I think there may be a number of different places that happens.
The second part is data flow itself from the personal health record to the rest of the system itself. Here, again, I think we are controlling -- we are talking about control output, but, again, I would stress that in terms of all the things that we want to get from the electronic health record, the personal health record is not going to be the source of all of those. I think we really need to be very careful of how we structure it. There is going to be key and very important components coming from this and I think those are the kinds of things that will be controlled 100 percent by the patient.
The third responsibility or the third area of interest is personal control and monitoring of data access and to me this is the interaction with the so-called population record itself. Access through summary, aggregated personal health record, but the person themself controls a list of permitted access by names of persons, groups or facilities. So, as the person, I can say these are the people. I can say a doctor and nobody else can see this or I can say this doctor and the group practice with which that doctor is associated or the clinic or a number of other different kinds of things, but I totally control that and it is dynamic. I can change my mind. I can go back and forth with this.
There is an access log that I can access at any point of time, as well as setting up some profile rules where if there is anything strange that happens, there is a message sent to me that says you might want to just look at your access to see what is happening. So, there are some other standards that we are talking about as well.
Person guidelines, I think the piece of this, if you wanted to give some instructions to a person that says you are going to take a new drug, what should you do. I was prescribed a new drug by my doctor. If I had only depended on what the doctor told me, I would have gotten into trouble. This doctor is a very, very good friend and that may have been the problem. The doctor knew me well enough that he probably didn't want to maybe insult me by telling me all this other stuff or thinking I knew that and everything else, too.
So, I went back and found out some of the interactions that I wasn't aware of, sort of mentioned that before, but there are a number of things of that nature, I think, that we might want to give a person a guideline for doing. How do you make a choice? What is realistic. Do I pick the least expensive drug on the market? Do I go for something in the middle? What difference is that going to make to me? What are some of the factors for that?
So, a lot of things like that. How often should I be tested for different kinds of things? If I read the newspaper, I get confused because what is good today is bad tomorrow. You know, it is really, really confusing unless there is some way of helping to understand this. Then the most important thing to me is what does this really mean to me. If I have got this diagnosis or this risk factor or those other kinds of things, what does it mean to me?
Can I go scuba diving because I now have been diagnosed with -- I mean, I can lie and get to go dive, but does that make any kind of sense from a medical perspective and that is the kind of stuff that I want to know as well. So, I need some education about all of this, the significance of the disease, what can I do? Does it make sense for me to go play tennis when the temperature is 98 degrees or some things of that nature?
These are real stories. I mean, these are things that I simply need to know for my own self. So, closing out, establishing standards for the personal health record, reference information model is okay. Data taps are okay. Terminology needs some work and not only do we need work in making sure that we have the clinical terms themselves, but we need to understand how to manage those clinical terms with patients, with persons.
I don't think we change the terminology. I think we use the same terminology because ultimately I am going to listen to a doctor use those same words. So, it is a combination of using the kinds of words that are used in the clinical terminology, as well as some meaning of some of those, too. The data element definition, data set specifications, there is work on that. Clinical documents, I think, we used the standard infrastructure for that, but we need expanded content, clinical templates. We need to understand the kind of objects that we are packing for personal use. The data interchange we need use cases. We need trigger events and we need new messages.
One of the things that somebody commented on is the complexity and the size of the HL7 standard itself for data interchange. The comment that I would make is what we really need to do is to specifically make sure that the messages that we need to send the data, to create the personal health record are part of what exists within HL7.
The interaction between the CDC and HL7 started with the people that were working on the immunization project came and said we have a couple of data elements that we need to send in HL7 messages and they don't exist. Can you accommodate them?
The answer was "yes." Within three months or so, those were part of an HL7 message. The patient data standard group now is identifying information that they need to monitor patient safety. Those do not explicitly exist as unique messages within HL7. So, we need a group of people that understand the HL7 standard itself, but more importantly understand the message needs to sit down and define those components.
I think the same thing is really true with the personal health record itself. So, reusable components, we need some more work on that. Business rules, we need work. Decision support, we need content. What kind of rules do I want to put on a patient's -- the personal health record itself. Clinical guidelines, we need consumer orientation of clinical guidelines. We need knowledge and education documents and enhanced descripters. There is very little activity on this.
Then, finally, we need some of the specifications for the personal health record, including content, architecture definitions that you have heard about already, some of the linkage rules, tool sets for data input, improved search engines and recognizing what the interaction from the person perspective is going to be with this.
Content quality indicators, standardized queries, disease specific frequently asked questions, disease registries for consumers and then finally health goals for consumers themselves. So, I think most of the standards that we need to get started currently exist and are usable with a little bit of input from the consumer community and then I think from there, we will learn and move ahead.
Thank you very much.
MR. CHRISTOPHERSON: Let me try and walk down this road a slightly different way. Where I come from here, I come from the perspective of where I think we need to go and try to weave a lot of these themes together into a coherent package. Those people who know me well know that I am not a very patient person when it comes to getting things done. So, my job more than anything else is to try and drive to conclusion.
How to get there and take standards along the way. Let me set some context here. The first place is to remember, by the way, that personal health records should not be something we do in isolation. It is part of a larger enterprise here.
Some of you have seen this before. This is a slide that we have used to start a dialogue between the Institute of Medicine, Kaiser Permanente, VA and a number of other organizations, October 2001. The challenge we laid out, that we are saying is, gee, how would we get to a paperless record, which is what the IOM had recommended twice and how would we get there by the end of the decade; in this case 2010.
We tried to do it in a very simple kind of way. We said, well, you know, you would need communication standards, you would need data standards and you need some model health information systems out there. If you had those things and you got them in the next two or three years and then you start getting the adoption process going, you might make it by 2010 with an aggressive kind of fashion.
So, I took that and I said, well, okay, let's try to take that one step further. Now let's try to apply it to what we are trying to do here today. I will argue, by the way, that the same goal of getting a paperless -- with IOM and to electronic health record is the same goal we still have to meet here, that a personal health record kind of approach that doesn't have that will fall far short of our expectations and our desires and in terms of achieving quality outcome, satisfaction, et cetera. So, in order to get there, not only would you need the data and communications standards of the model systems, but we actually need to figure out what those personal health record systems really are.
I will come back and talk about what I think they might be. I will share Ed's view, by the way, that I don't think we are in light years different place for what we need for data and communication standards for the personal health record than we need for the rest of the system. In fact, I would argue we don't. Clearly, making life more understandable, we probably do. We need a lot in that area. But that is not really quite where the standards area is going to be.
This is my let's get sober about and serious about what this is really about. If you are really going to try a and change how we do health in the United States, you had better get used to what it talks about we are trying to do. You are taking about 280 million people. You are talking about hundreds of thousands of health personnel. You are talking about many different kinds of payers. You are talking about many different government agencies. You are talking about the scope of where we are going to be doing this; everywhere from hospitals and clinics to home, work place, on the highway, anyplace the person goes; nursing homes, domiciliaries. You can keep going from there, by the way, as well; hospices and a few other places there.
If you are going to do what we are talking about trying to do, you ultimately are going to need a system that has a high level of functionality. We can talk about minimum data sets, but if you really want to do what all of you have in the back of your minds, it is a lot more a level of functionality than we are talking about sometimes.
The data element, if you start to look across these multiple settings are many and many are complex there as well. Just in case, by the way, if we think about what we are trying to accomplish here, we are really trying to impact and change one-sixth of the national health economy
-- excuse me -- national economy.
This is a slide we use to sort of describe -- healthy people, by the way, is sort of our push to try and make this all happen, using VA as one of the leverage points there. This creates sort of a trail of a health system, as we would sort of see it and using somewhat the VA model, but look at Kaiser and a whole lot of other folks out there as well. What it really says here is that whatever you are going to be doing, you are going to have, you know, some health provider applications. You are going to have some databases. You are going to hook into some financial systems. You are going to have some registration.
You are going to have some of those ancillary systems down there, blood, scheduling, radiology, pharmacy labs. That is really the cornerstone because that is what the data is that really encompasses a total health experience of an individual there.
We in our particular case are trying to push saying we ought to have a lot more of those models out there. We are obviously using VA as one of the examples. If we can do it, anybody should be able to do this kind of thing. It is really quite simple, more or less.
That is not enough. Now we are starting to say but that is all one and we have done that, lots have done it for a good number of years. But now we are trying to reach out to the person and to reach out to the person, we are sort of working the world of the e-communications and transactions.
By the way, it is not just information. It is not just from record. It is going to be more than that before we are all said and done. My healthy people, which I am going to come to and spend a few more seconds on is really what we believe is that sort of portal, that link between whatever the health care organization is and what is happening outside the health care organization. That may be relating to other outside health organizations or maybe relating to the person, the individual, as well.
One thing I will keep driving home and you will see as a theme throughout the rest of the presentation is you will see lots of little "s's." Those are standards and those are all the different kinds of places we need to think about having standards in place for this to work. To the extent to which those standards are not there, going back to Ed's sort of walking through all those different areas, we will not succeed to the extent which we would like to succeed.
So, I want to go a little further. So, we really have focused on the personal health record, really that kind of portion up there. That is the portion where the person really now comes into play and really starts to take control. There are lots of different formats. We were referring here to a web site, a virtual health record, trusted information, self-reported information. Links to other health providers is what that vehicle up there ought to try and do. Actually, I will argue it should do a lot more than that as well.
Then we start to recharacterize this a little bit more and saying you still have to have this basic core health information system sitting out there that you are going to be able to tap into because that is where the record really is there. But now we start to look at, well, how might this model begin to work and we have heard some conversations earlier today about some ways of thinking about it. We have talked about ASPs. We have talked about health care providers. There has been an illusion to sort of the health in a box kind of thing on your desktop there.
People are trying to figure out, well, is it Model A, Model B or Model C and the answer is all of the above. There is no one model that is going to work for everybody. A person who is an Alzheimer's patient or late stage, early stage, is very different than a teenager, very different than a 25 year old, very different than a 45 or 50 year old or some of the older folks, who have a lot of records and a lot of time spent digging over records there.
So, we really want to have available a number of different approaches, which all work together and, by the way, have standards for how they communicate with each other there. So, you can envision this kind of model that very well I may have on my desktop my version of Microsoft Office Suite, only in this case it is going to My Health Suite. In that health suite is a lot of different kinds of tools. I may choose only to use a couple of them. I may only choose to use the Word document. I may only choose to use half of what is in the Word application. But that is my choice.
But if I want to go all the way, the tools are sitting on my desktop to enable that to occur. I may decide to go to an ASP, a web site. I may be able to go to an AOL type kind of organization out there, who I trust. There are different levels of trust about what we do with stuff.
If you think about the amount of sort of private information you and I are passing everyday onto people who want to buy stuff from -- how many of you use Amazon.com? They know a lot about you. They even know more everyday about you, including your credit card numbers, by the way, and a few other kinds of things as well.
The point is that is not bad if we could figure out smart ways to try and do it in terms of privacy. As the person who was sitting in this chair a few minutes ago said, there are some tricky issues. It is getting tougher and tougher to protect privacy in certain ways, easier in some others as well there.
So, again, it could be health in a box in a PC, could be a web site run by a health care provider, run by an ASP, run by a health bolt type organization, whose only job is to do sort of like your banking, your safety deposit box kind of thing. It could be a government agency. Probably going to be some combination of them, but they all want to be doing it on a standards kind of basis of structure.
So, again, like I say, here are some of the models there. All of them work and there are some attempts out there right now to try these different models at different levels of I think to excess. In the case of the Veterans Health Administration, we clearly are putting in place under my healthy vet one of these mechanisms to do that. We will be giving people the option to use us. We will also be giving people the option if you want to go someplace else, tell us where you want to go and where you want the record and relationships get built up there as we are trying to do there as well.
I will come back, by the way, to the point that was very important to the personal health records group is the question of who is the user and that point was well debated and a point should never be lose and the reason why at the end of the day we said the person is the user and the only user is because everybody else is tangential to that effort from the point of view of the personal health record. Different in the electronic health record. For this everything else is tangential and supportive of and therefore there are other people who may have an interest, but there is only one user who tries to control the game.
Now, we get into the issue of whether you call this a personal health record, a personal health system, whatever you want to call this thing there. We have to start talking about what things ought to be inside this box that are really going to make this work well. It isn't just my self-entered information. I may choose in my particular case to make that the only thing there but it isn't the only capability we ought to have there.
If you really want to talk a full experience of really helping the consumer to be empowered and the consumer to really have control over their life, you are talking about all these kinds of things before we are all going to be said and done. Self-entered information, obviously. Access to the health care record of your primary provider. There are lots of issues there.
Access to all health provider records. It adds another challenge to the whole kinds of things there. Making appointments, checking appointments, confirming appointments, billing script, paying co-pays, participating in peer groups, support groups. One of the major things the Internet has brought to us today is an ability for you to hook up with a bunch of other folks who have a common interest to help each other out.
By the way, if you want to get a little more sophisticated, we add in an expert, who knows a little bit more there and helps that group work itself and keep itself from getting into some difficulty there. I have seen trusted health information. Gee, how many times does somebody ask you a question or does your doctor say something and you sort of go to the web and say I really want to know about this.
Then you spend the next 20 minutes trying to figure out who is the trusted source of information that you really are willing to trust or not there? Is it Web M.D.? Is it Mayo Clinic? Is it, you know, HHS? Is it VA? Is it -- and the answer is we need to have a number of those different sources out there, by the way, hopefully all sharing the same information and not telling different stories because those of us who are around there and we say something like osteoporosis, we will hit about 12 different web sites before we are all said and done and see whether or not they conflict or not.
Health decision support, gee, I have got to figure some things out there. I would like to get some advice about trying to do that. Clinical reminders, other things like that. Health self-assessments, there is some work being done in this area to look at what we can do in terms of doing health self-assessments.
When it is useful to me, I could do a health risk appraisal, figure out what is going on out there, look where my risk factors are. I may choose to intervene without any further attention. If I have a good relation with my health care provider, I might want to share that information. I might want to have a team up with that provider, all kinds of nice interesting things to try and do.
If I am in the home and I am in a situation where I am being monitored, say for glucose, blood pressure, whatever, whatever, wouldn't it be nice if there was a vehicle to bring that information in and make it available to my provider.
Another piece of the puzzle, input from medical devices, other kinds of things. Messaging with the health provider. I hate to say it but we are getting there. It ain't easy to do but the idea of being able to message with your health care provider is coming. We need to figure out how to do it. It is a whole new set of rules about how it works. There are a huge number of fears on both sides of the equation on how to do this thing.
Diagnostic and therapeutic tools, you haven't looked at the web sites enough, you haven't begun to figure out that as time goes on, that more and more diagnostic tools ask these four or five, six questions, what do I think I have got. Same thing on the therapeutic side. You have this situation. Here are the five alternative therapies.
We kid in our discussions, the clinical visit of the future sounds a lot more like the following where an enlightened patient comes in. The doctor says I have looked at your chart. I think this is the diagnosis I have got here. The patient says I am not sure that is really true. I have looked at the same information. I think it is one of either three possible diagnoses and I think this is the more probable one. The doctor says why because, of course, I didn't tell you about this information. Let me share my other three medical records and my personal information.
The doctor says, well, you know, as a matter of fact, you are right. It is that. So, given that, here is a recommended therapy we are going to start on patients. I am not so sure about that. The patient says, you know, I was looking at the same thing last night and I thought there were actually four alternative therapies, one behavioral, one medication, one surgical and by the way, there is an NIH clinical trial available right now that seems to hit right exactly at what I am looking at.
The world is going to be a very interesting place in the days ahead. Genetic information, imagine having genetic information to throw against this whole pocket as well. Reminders, just checking in. Alzheimer's patients, are they still at home or are they not?
Safety, cross checking medications and stuff like that as well. Again, we looked at this issue here. We think that there is a lot of future models needed to develop the full range. Availability of very early in the direction here, affordability. We have got a big problem on the affordability side.
Everybody ought to have one. We haven't figured out the model. Are we going to go open source, provide subsidies to people who can't afford it. We have to figure that part out there. Standardization of the systems there. A person's commitment. What do they really want? Different people, different needs, different plays.
Standards, standards, standards, standards, standards and we have talked about that. We are pushing very hard in this area. My healthy vet, my healthy people is our example to try and push that into that bubble and get people out there. We are going to push the vendors as well. We figure this is part some folks may want to talk about, something that should be available to those folks who really can't afford anything else there or part of the standards efforts. We will keep pushing that area. We are going to try and lead by example and nudge other folks as well there.
Adopting standards, we and HHS and DOD are adopting a suite of standards in the public sector, try and push it out to the private sector as well as part of sort of tipping point. Acquiring licenses, nudges, new starts.
In the end the bottom line is they are just beginning to emerge. Much work likes ahead for us there. Success will depend upon whether or not we adopt standards or not and success will really depend upon whether or not we can put together these sort of series of tools that really do work together and give a level of functionality and remembering by the way the patient of tomorrow, the person of tomorrow is going to be a very complex individual with different needs and we have got to give them all the tools they may want to use and then let them mature into it.
DR. LUMPKIN: Gary, I am sorry I missed part of your presentation --
MR. CHRISTOPHERSON: The good part, by the way.
DR. LUMPKIN: But do you think that we need standards.
MR. CHRISTOPHERSON: Would you like me to blow it up a little bigger?
Yes, sometimes you have got to sort of keep pounding it home. A little subliminals.
DR. LUMPKIN: Yes, I picked that up real quick.
Questions for either of the two presenters?
MR. HUNGATE: I want to ask you to comment a nd give me some feedback on something. I come from a quality improvement model of looking at things. So, I think about this and say there is a structure process and outcome involved in here somewhere. The outcome we want is health. The structure involves a patient and a provider.
The process has a lot of ramifications and it seems to me that I could argue that the data requirements for the personal health record and the electronic medical record are identical. The only change is who the process manager is, the patient or the provider.
So, I am drawn to a characterization of the personal health record as the process management for the patient and the electronic medical record as the process management tool for the providing system. They are going to need to wash across information-wise, it seems to me. That is where the standard has been.
The thing that I haven't heard in the discussion today of the information system is that I know that as a patient, I am part of an ongoing clinical trial that my personal physician is engaged in to see whether what the media person told him about the pharmaceutical is correct in terms of what happens to me.
I know that in the system that data doesn't get collected. So, I am part of a not knowledge-based building clinical trial. I wonder if the personal health record isn't a way that we could begin to change that and make the information base for patient management a little deeper. That is the thing I wanted to ask for comment on.
MR. CHRISTOPHERSON: In the first place, it is a perfectly legitimate view to say in many ways in an ideal situation, we are really talking about just two views of the same data, which is the person's view and the provider's view. Any given stage at which there is an interaction to try and improve health, the information is there to support that effort there as well.
I think what you are looking at here is in a personal health record -- I am sort of squeezing out times where the personal health record system, to almost a personal health system is actually where we are almost getting ourselves toward on which the record is a key -- main underlying factor there. It is when all these tools come together. It is bringing in, for example, a wide range of information. It is an in credible power that you start to bring to bear.
When you think about what at least is successful health, you are talking about behavioral change. You are talking about some cases of medical intervention. Could be surgical. Could be medical, medication, could be whatever. It is that combination there. We know very little about how all these things play together.
Nor do we know how to titrate the system so as to say, you know, for this patient behavioral change is exactly the right thing. They are ready for it. They can do it. They can drop the salt. They can, you know, whatever, whatever. This one, not a chance in hell. I mean, we are going to have to do a medication intervention. There is just no way this person will change or at least not at this point in their lives.
Maybe after a heart attack they will change and in which case they will be a lot -- maybe a little late but we will work through there. So, I think it is -- these will become sort of a confluence of a body of information, whose job it is to really help us together to do that. It also brings family into play. It brings the work place potentially -- it brings whoever needs to be there controlled by the person who comes into play.
MR. HAMMOND: I agree with everything he said. Let me address the other piece of what I heard you ask about, too. Obviously, we are focusing on standards and not some of the detail, but one of the kinds of things that I view the input from the patient going back to the physician is exactly the kind of data that you are talking about. You listen to friends talk and you hear a lot more information about reactions to drugs and reactions to treatment and I am not going back anymore and those are the kinds of things that we think are a valuable source and particularly patient safety, for example, of trying to get the patients to provide this kind of information and feedback into the system.
So, I think that very definitely the reason that that link exists is to capture the kind of data that you are pointing out has a great deal of value.
MR. HAYWOOD: To take that a little further just for clarification on my purposes, with that level of detail are you anticipating that an individual would put in their particular risk factor or demographics and be able to have an interchange with their provider to know for that individual what the outcome would be if they choose to have that served at their particular institution? Would it be to that level of decision making by PHR systems so that I can make a knowledge-based determination as to whether or not to have a CABG(?) at that particular institution or go somewhere else for a CABG or -- on that level of detail?
MR. CHRISTOPHERSON: I am going back to where CMS is coming from. If you look at where CMS would like to go, where they want to read, be able to take clinical information and translate it into quality kind of information, help make informed decisions as part of the person, then the answer is "yes," because, for example, you may be going down the path of saying here are my alternative therapies. Here is a therapy of choice.
Okay. Of the five providers that are in the area that I am interested in looking at here, here are the five providers and here is the message in terms of how they do on quality and outcomes. That may very well judge saying it is okay, here is the decision of what I am going to have done. Here is a decision about where I want to have it done.
Yes, I just decided that love you as a primary care physician, but don't like the hospital you are associated with or the surgeon you are associated with. I want to go across the street and the answer that is a part of -- I mean, if you started to look at the power of the information we are putting on the table -- by the way, the key for us as to how to put it in a form that basically everybody can understand, that is a pretty interesting challenge, by the way, because we have got lots of different people and lots of different places in terms of education and understanding -- or interest. Some, by the way, couldn't care less about that.
There are lots of people in America, who won't care anything about what you are talking about. Maybe a little when they get sick or a family member gets sick. I remember going home to the family and telling them that I had a health problem and all of the sudden within 48 hours, yes, I was up on the web site, did you know about the following -- you know, it is like all of the sudden the -- so, the key is have it ready so that when you get to that point you don't have to look around for it. It is just there.
You have one URL, one favorite place to go, wherever it is there and it is there already or your tool helps you get there. That is what I talked about the issue of the health in the box. That may be the tool that says here is how I get out there and find the answer to that question, including making that choice.
DR. HARDING: You kind of started brushing up against my question, which is we talked today some about cognitive capacity of people and that I am sure in the VA system it is from 150 to 75 IQ and so forth. Then some people have an interest and some people don't.
Do you have thoughts about what percentage of people would really take advantage of this and what percentage would just say what? And how we could have a personal health information record for everyone without anybody putting any effort into it as opposed to those who compulsively put effort into it or is that what we are looking for?
MR. CHRISTOPHERSON: I think the difference is the view -- the view is give people the full capability. Let them use what they need to use. The better you make it, the more likely they are going to use it there. Be positioned there so that when they do need it -- the interest today may be as I said earlier is maybe close to zero. Two days from now I may have a very high level of interest there. I would like to not be shopping around trying to find it when the time comes in terms of using the tool there.
I think in terms of cognitive abilities, we have got them all over the place there and that is why -- we clearly ought to try and make this as accessible as possible. There will be some interesting challenges how to take the language we use in the medical record into something that is even halfway understandable by the average citizen, let alone someone who is cognitively impaired.
I was watching a movie the other night about an Alzheimer's patient and watching -- and if we go through the progression an Alzheimer's patient goes through, you would like to think at that point they are fairly highly motivated and then life gets more complicated and the question is how could you think about tools and we are trying to look at that about the tools that would help the stroke victim, whatever. So, wherever they are, be ready for them. Give them as much as they want and can use and don't worry about whether they only use a 10th of it at any given point in time or it has just been sitting there on the shelf, like my mother probably would do and sitting there waiting until that right moment comes.
MR. HAMMOND: Just two quick additions to that, the cognitive piece of this. We did some work in the 1980s dealing with a group of people that were a poor clinic. We found out that dealing with them with voice input, so we did an automated medical record and anything in written form was total failure. Actually, voice was very, very successful. So, I think we have to make sure that there are multiple modalities in what we are doing here.
The other comment is I think that the interest of people was a function of education but also -- different people are interested in different things. The younger people may very well be interested in that kind of exercise, dietary programs and total focus on these older people may be interested in a disease. So, I think with education and proper focus, I can get out of it what I want.
Then I think that we will find an increasing use of the personal health record.
MR. CHRISTOPHERSON: There is a huge other part of the world out there. There are public health nurses. There are family members, kids, as friends, neighbors. I mean, there are a lot of other folks around. It isn't usually dependent upon one single individual. That is much more the folks who could potentially help.
There are dangers by the way in that as well, which is the issue of how do you protect privacy of somebody who is cognitively not quite where you would like them to be because they also are potential victims and for the elder population, which we have seen a lot of issues. As people get older and the scams and the other kinds of stuff like that, that is -- there are a lot of challenges. How do you protect somebody when you are giving them this much power?
DR. ZUBELDIA: I want to go back to the standards because something has been brewing here that I think we need to talk about. Obviously we need a standard for the transmission of the electronic medical record. It seems to me like we would also need a standard for the medical record itself, electronic health record itself, otherwise the transmission would be very difficult even with a transmission standard.
That is where the vocabularies fit in. But, Gary, in one of your examples you said that the patient goes to a doctor and says and by the way here are the three other pieces of my record that you need to be aware of. I think that is a concept that has been bouncing around the entire day essentially is that for privacy reasons or for whatever other reasons, you may want to segregate your record into pieces. When you segregate the record into pieces, there is bound to be inconsistencies among the pieces or even contradictions among the pieces.
Your psychiatry record may have the whole story, but in your general medical record, you have a milder life, right? Is there a standard or is anybody working on a standard to reconcile those differences?
MR. CHRISTOPHERSON: This has been one of our tougher areas here because the way that this has all been envisioned to date, at least in our discussion -- we have been wrestling with that issue big time in VA. The general view we have got is you have the right to not share your medical record from a facility, but you don't have the right to break up in pieces. We have to figure out -- we wanted to throw the whole record together. I mean, that has been a traditional battle between the mental health side of life and the regular physical health part of life there.
We are going to face a couple of challenges before we are all done yet here in terms of whether you can do that. I think the sense we are going right now is that mental health part of the record goes in as well, unless there is an awfully powerful -- protecting the person, some very honest and open kind of way to try and do that. But we have to run it through that system there.
But I think what you are looking at when you start to walk down this road of trying to put that information -- there are ways you do it now. Classic case, VA and DOD, we now have brought across from DOD records on about 2 million service members and our clinicians, when they open up the clinic, they hit that remote data button there. They can now see records up to 2 million veterans if they want to if they need to in terms of that if that is one of their patients there.
There are lots of ways to get this done. We are going to also explore on the exchange of data over time goes -- where they were just talking about something as simple as a text document. That is all it is. You can't compute on it. You can't sort on it, but you can at least see it.
DR. FITZMAURICE: Quick question. We have had several people talk about personal health records but only one of them admitted constructing one and using it and that is you, Ed. I am curious to know do you keep your medical information on a computer, do you keep it in paper form, do you talk it into a tape recorder, all three of them?
MR. HAMMOND: I actually keep it on a computer and it is really just a database and I really keep only data. I mean, I keep weights, blood pressure, laboratory tests and things of that nature. So, I keep it purely as data. It isn't my vision of a personal health record, but certainly it serves its purpose with me.
I graph some of the data, interestingly enough, because I worry about trends.
DR. LUMPKIN: How often do you back that up?
MR. HAMMOND: It is actually backed not, thank goodness, because I have somebody who backs it up for me. So, it is backed up routinely. I mean, weekly and monthly and so it is well protected.
MR. CHRISTOPHERSON: But you are bringing up an extremely important point, which is whatever is going to be in place because of the value of the information means you also figure out this tool, whether it is a provider or whether it is on a desk top, what is the automatic back up there. Now pick up this thing and walk over to that little fire safe or wherever you store stuff that is a lot safer than that computer there and put it away somewhere because this is going to become very valuable information as time goes on.
DR. DEERING: This is a question for Ed and then maybe in all of your presentation you sort of got to it and I just missed it, but what I would like to do is take Phil Marshall's presentation and he, too, glossed over too rapidly the very specific components of this minimum whatever we call it and I would like to ask you as one of the fathers of all of the standards work that is going on very specifically to that minimum data set. You may not remember all the components, but they are the sort of key ones. Can you tell us how close we are within existing standards work to having standardized most of the elements or any of the elements in the, quote, minimum core data set?
MR. HAMMOND: I would have to look at that to do that. There are two issues. This almost has implications to your question, too, Kepa, as well, I think, in terms of what we standardize on it as well.
What I think that we need to do is to understand all the choices. So, part of what I am doing is saying there is a complete definition of all the potential for inclusion in the database itself. It is clear by your face I am not answering your question. So, ask me again. I didn't hear well enough.
DR. DEERING: Well, let's say there were -- I haven't counted them -- 50 or 60 specific elements in his list and maybe you would have to go home and take a look at it. Then it would be really a very practical question. How many of those are -- for how many of those do we already have standards or how many of those I have covered in HL7 or any one of the existing standards. Which ones are the outliers if we really did want to look at those as a core set and not only what work needs to be done but where would we add them to. You know, who is working most closely --
MR. HAMMOND: That is a slightly different question. Nobody really has started standardization of defining data elements. One of the things that I would say to you is there are standards with a capital S and standards with a little s. And standards with a capital S follows a prescribed procedure. Other kinds of things are more -- I mean, for example, terminology to us in the standards world are not standards. They are controlled terminologies or controlled vocabularies and they change instantly in time. Data elements will follow a similar kind of thing of changing over time.
A number of organizations have the data elements defined in what they use within their systems. At Duke, I have a set of data elements that are what we use within our system and the key here is that if you use a data element and I use the same data element, they have to be the same. We have not yet established in the United States that repository that lets us do that. I think that is one of the things that the Connected for Health group is talking about now is moving toward establishing that master repository so that if I am going to do a patient's name, I do it exactly the same way. I know the first name, the last name and if you have got five names, I know how to handle that.
If you have got a prefix or a suffix, I know how to handle that. So, the answer to your question, it is extremely important. It is an area that we are moving and as long as everybody uses the same data element, we begin to address the issue that you are talking about. I think the standards will define things clearly to the point of where if I moved it from me to you, you know what it is.
The other pieces that Gary addressed in the answer to that question I think are a lot more complicated and take a longer time to be able to arrive at a conclusion of what we will permit.
MR. CHRISTOPHERSON: I was just doing a quick glance back at the list he had up in there. I mean, demographics we just talked about as a matter of fact. We are getting close to that. Some of the health informatics plus Connected for Health are both driving toward similar kinds of things there.
Insurance provider information, I mean, the answer is, I guess, Medicare drives us down in the direction -- or something like that. The answer is not quite there. Contact information, I am not quite sure what that exactly means. Current conditions, diagnoses of severity, probably, that is something coming into play there.
Medications, not quite, but that is one there is a huge effort we are involved with with FDA and others in terms of CDC, in terms of drug reference terminologies there, test results. LOINC is something which we have all agreed to go with there. Allergies, immunizations, I am not so sure --
MR. HAMMOND: I think that is part of the same set that are being defined by CDC and by others, too, but, again, it gets very interesting because the patient safety group, the word "allergy" isn't the word they want. They want a terminology for adverse events. That is a little bit different.
We actually can give you -- I have got a set of these data elements that I have mapped out at Duke and I have mapped them for 1500 as well as the UB-82, UB-92 now and into other groups. Some of these actually are defined within HL7 itself for special kinds of elements. But demographics go on forever. I mean, do you think the pet that you have should be a demographic item? Should you ask a patient the pet? Well, 90 percent of the people probably would say no until they started thinking about the fact that that is a very important thing to have.
So, again, two comments, one of which is at Duke we try to put 16 clinics together and we ask of them to indicate the demographic data that they collected. It was a sparse matrix. It went this way. On a second look, it wasn't quite as sparse as it looked. They called it differently and sometimes they stored it -- they recorded it differently and those kinds of things.
So, that is where the standardization has got to come in, is the consistency in what we call it, how we record it itself and then it is trivial -- if I have an electronic way of finding out what you collect and what you don't collect, then if I have something I need in our exchange, I can come back and petition to you to create a business case for you adding that to your collection and ultimately I will our systems will be designed in such a way that this becomes a dynamic process.
The AMA actually did a delphi study five years ago in which they defined hundreds of data elements that I have a copy of as well. It would be worth looking at and seeing what the conclusion is. So, the superset, there is very little penalty of having anything and everything in that superset because I only use what I want to use from that.
MR. CHRISTOPHERSON: We are going -- if we are serious about doing the personal health record or personal health system or whatever we want to call this thing down the road, we are not going to be able to wait for standards to be in place. The answer is the standards will come as they come and it will get better and better and better and the information will get better, the more usable and more shareable, the more exchangeable and this kind of thing. We have to be ready to go today with something no more than in quotes a text document, an image, a whatever. The things that we already know today, how to essentially share and by the way is no worse than the paper record today.
So, I think we have to be careful -- here is where we want to get to, we have at least probably ten years ahead of us before we are going to be there and there are areas that we are going to be talking about we haven't really begun to touch. We have 20 areas that we have now opened the door up and say we need to work there and they are everywhere from just about at the edge of the threshold to, well, somebody better get started on this because we haven't done anything on it yet.
So, that is what lies ahead of us and, by the way, if you wait ten years, then we will have another ten years to get to that point. So, we just need to get started, start rolling forward. It will get better and better.
DR. ZUBELDIA: I think what Mary Jo has asked about is how close are we to that minimum data set today. I will give you a little anecdote from a meeting I was in a couple weeks ago. There was this provider that buddy system, commercial system, and it didn't have a field for religious preference. So, they put the religious preference in the allergist field and they ended up with patients that were allergic to Catholics and allergic to Baptists and so on.
In the minimum data set, there are some things that are very common and there are some things that maybe are not all that common. How close are we today? This is just perhaps a gut feeling or perhaps you have done some study. I don't know.
MR. HAMMOND: There is no such thing as a uniform national minimal data set. Data sets exist only for a particular purpose and a particular business agreement. Now, there are a number of very workable minimum data sets for a fixed purpose. CDC has minimal data sets for what they require in some of the immunization reporting on this. They have it for emergency data set and they have created one just recently for the health surveillance.
I surmise that CMS has minimal data sets and that is what I have got to send them on the data that I sent them with the forms -- that is not very dynamic and hope he gets a lot more fix than it is, but the bulk of that, except for claims attachment is part of that. So, there are a number of these. The problem is nobody has conceived of the concept of a minimum data set for health in general and there may not be one.
DR. ZUBELDIA: Has anybody looked at the recommendations from NCVHS on a minimum data set?
MR. HAMMOND: Yes, but, again, I think it depends on the proposed purpose of that minimum data set. Clearly, there are people that think it would have five items in it if you are looking at demographics, just enough to identify the person. But if you are talking about health care, I think you are talking about something that will never get resolved without a business agreement for minimal data set.
MR. CHRISTOPHERSON: I am going to come back to the point is I think we are going to spend far too much time worrying about the minimum data sets. The minimum data set to me very honestly is the ability to move an image from one place to the next, that is readable and understandable by the person at the other end who can do it. That is a minimum data set. Once you cross that line, it gets better and it gets better and it gets better and it will change and it gets better. But I think we will lose ourselves if we start getting this idea that somehow we can't start until we get the minimum data set or somehow -- because it just won't sit there. I mean, if you go back to the list of things here, this is just ever-changing, ever-growing, going to get better, ever-greening kind of effort. Just accept that as the case and let's start beginning to make this thing work.
Look at all the roles of technology, what we have done to date there. I mean, look at the first computers and the first word processors, the first thing we started to do around there, they were pretty minimalist and pretty unsophisticated. But the answer is they got us started and then we kept getting better and kept making more demands and they kept getting improved product.
DR. ZUBELDIA: But most of them will use ASCII.
MR. CHRISTOPHERSON: See, I would argue that right now we actually do have -- if you are asking me are we better than the, quotes, just putting the image of PDF file or whatever across or a J peg file across, we are light years better than that. I mean, we have got agreements that are about to come out the front door on lab. We are probably not that terribly far away in pharmacy. We know how to -- we have got a basic set there. My answer is we have got enough to get started.
DR. ZUBELDIA: So, going back to my question, are we there today?
MR. CHRISTOPHERSON: We can get started. The answer is could we do a personal health record today, yes.
MR. HAMMOND: I agree with the answer, that we have enough to get started, yes.
DR. LUMPKIN: That might be a good place to end.
I would like to thank this panel. As always, your presentations are thought provoking. With the high note that we actually can do it, we appreciate that.
For the members of the committee, we will be adjourning. We will have a -- we will reconvene tomorrow at 8:30 in the morning and Richard will not be here.
We will be working on our hearing for March and we should have a date for that available very soon, but it looks like mid-March.
Okay. We will see you all in the morning. Everybody have a good evening.
[Whereupon, at 5:00 p.m., the meeting was recessed, to reconvene at 8:30 a.m., the following morning, Tuesday, January 28, 2003.]