[This Transcript is Unedited]
Millennium Knickerbocker Hotel
163 East Walton Place
Chicago, IL 60611
Proceedings By:
CASET Associates, Ltd.
10201 Lee Highway, Suite 160
Fairfax, Virginia 22030
(703) 352-0091
Agenda Item: Introductions and Opening Remarks - Mr. Rothstein
MR. ROTHSTEIN: Good morning, my name is Mark Rothstein and I'm director of the Institute for Bioethics Health Policy and Law at the University of Louisville School of Medicine and chair of the Subcommittee on Privacy and Confidentiality of the National Committee on Vital and Health Statistics. The NCVHS is a federal advisory committee consisting of private citizens that makes recommendations to the Secretary of HHS on matters of health information policy. On behalf of the subcommittee and staff I want to welcome you to today's hearing on national health information technology. We are being broadcast live over the internet and I want to welcome our internet listeners as well, I also want to apologize to our internet listeners for the technical difficulties that we had yesterday that may have limited your ability to follow our hearings.
We'll begin with introductions of the members of the subcommittee, staff, witnesses, and guests. Subcommittee members should disclose any conflicts of interest, others need not do so, I will begin by noting that I have no conflicts of interest. Simon?
DR. COHN: I'm Simon Cohn, I'm the associate executive director for health information policy for Kaiser Permanente and chair of the committee, I want to welcome our presenters who not been so long.
MR. HOUSTON: Good morning, I'm John Houston, I'm with the University of Pittsburgh Medical Center, I'm a member of the committee as well as this subcommittee and I have no conflicts.
DR. RIPPEN: Helga Rippen, staff, I'm at the Office of the Assistant Secretary for Planning and Evaluation, and no conflicts.
MR. SIMKO: Mike Simko with Walgreens.
MS. WINCKLER: Susan Winckler with the American Pharmacists Association.
MS. MCANDREW: Sue McAndrew with the Office for Civil Rights and privacy liaison to the subcommittee.
DR. TANG: Paul Tang, Palo Alto Medical Foundation, member of the subcommittee, no conflict.
MS. GREENBERG: I'm Marjorie Greenberg from the National Center for Health Statistics, CDC, and executive secretary to the committee. Welcome.
DR. HARDING: I'm Richard Harding, I'm the chair of neuropsychiatry at the University of South Carolina, member of the committee and subcommittee. I have no conflicts.
MS. BERNSTEIN: Maya Bernstein, I'm the privacy advocate of the Department of Health and Human Services in the Office of the Assistant Secretary for Planning and Evaluation and I'm the lead staff to this subcommittee.
MS. SQUIRE: My name is Marietta Squire and I'm staff to the subcommittee, I'm with CDC, NCHS.
PARTICIPANT: [Off microphone.]
MR. KIRSTEY(?): My name is Stuart Kirstey, I'm with Walgreens.
DR. STRAFFORD: My name is Craig Strafford, I'm an obstetrician and gynecologist with the American College of Obstetricians and Gynecologists.
MR. ROTHSTEIN: Thank you and welcome to all of you. Invited witnesses have been asked to limit their remarks to 15 minutes, after all the witnesses on a panel have testified we will have time for questions and discussion. Witnesses may submit additional written testimony to Marietta Squire within two weeks of the hearing. I would request that witnesses and guests turn off their cell phones and other electronic devices that could interrupt the hearing. Also because we are being broadcast over the internet and recorded for transcription we need to remember to speak clearly and into the microphones.
The hearings today represent the second day of the second series of our hearings on national health information technology. At our first round of hearings held in Washington on February 23rd and 24th we heard from experts on privacy and confidentiality as well as representatives of consumer organizations. These individuals explored the privacy and confidentiality issues raised by creating an interoperable system of comprehensive longitudinal electronic health records.
At this second round of hearings we are exploring these same issues but hearing from health care providers to get their perspectives. We plan to hold a third round of hearings in Washington, D.C., on June 7th and 8th to hear from health plans as well as health systems. Additional details about future hearings will be published in the Federal Register and on our website as soon as they have been finalized.
As we discussed yesterday electronic health records and a National Health Information Network hold out the promise of increasing the safety and efficiency of health care, lowering costs, and facilitating the treatment of those with cognitive or communication impairments. Even assuming these benefits, protecting patient's privacy and confidentiality in such a system represents a tremendous challenge. We hope that today's witnesses will help us to see ways to resolve and answer these challenges.
As I welcome our first panel this morning on pharmacy services let me alert members of the subcommittee as well as the witnesses that Dr. Riddle has been delayed, he's got a flight delay and we are expecting him probably in an hour or so but our plan will be to proceed with the first two witnesses and then begin our question and answer period with you and then we will pause when Dr. Riddle comes to have his testimony and then resume our question and answer. So I apologize for the interruption but that could not be avoided so our first witness is Michael Simko.
Agenda Item: Panel IV - Pharmacy Services - National Association of Chain Drug Stores - Mr. Simko
MR. SIMKO: Good morning. My name is Mike Simko, I'm the corporate manager of pharmacy health information technology for Walgreens. I've been a practicing pharmacist for 25 years and in addition I'm now co-chair of the NCPDP Workgroup 11 on e-prescribing standards. Speaking for the entire Walgreen company I want to thank the subcommittee for inviting us here to share our experiences, conclusions, and challenges that we've encountered over the years from our continuous efforts to help deploy electronic prescribing connectivity nationwide and improve the delivery of quality health care to patients.
Walgreens was founded in 1901, currently has over 4,700 locations in 45 states and Puerto Rico. Walgreens fills over one million prescriptions daily accounting for 14 percent of all retail prescriptions dispensed in the United States. We currently open a new pharmacy every day, actually one every 17 hours. Nearly 30 percent of our pharmacy locations are open 24 hours. Our company focus is pharmacy. Walgreens has a long and successful history of pioneering technology in the practice of pharmacy. All of our pharmacies are linked by satellite. Walgreens is the greatest user of satellite communication in American outside of the United States government. Our mission is to provide the highest quality pharmacy services and quality health care to our patients in the most efficient and cost beneficial manner.
Walgreens has long recognized the benefits of electronic prescribing. Nearly 15 years ago Walgreens initiated electronic communication between pharmacies and physician's offices utilizing an email like structure to message physicians for refill authorizations. Since that time Walgreens developed the system and marketed e-prescribing under the PreScribe trademark. The benefits of e-prescribing, such as complete patient prescription information, elimination of transcription and communication errors became immediately apparent. However, to drive increased utilization of e-prescribing by physicians there was a need for other pharmacy organizations to participate on a level playing field that guarantees the patient's freedom of choice in selecting their pharmacy, and that messaging must flow through a secure means of communication. We sold PreScribe software to Proxymed, a network aggregator. Today Walgreens communicates electronically in the sending of prescription renewal requests and receiving new medication orders from participating physicians.
Walgreens' electronic connectivity to physicians is through network aggregators such as Proxymed and SureScripts. These connections are made through a secure private data circuit utilizing encrypted messaging and standards to prevent altering transactions. Prescribers are given authorized identification and certification before any access to the network. Agreements between trading partners ensure only authorized access to transmit and receive communications between pharmacies and participating prescribers.
On the pharmacy side existing firewalls and data encryption ensure the security and confidentiality of patient information. In addition log files and audit trails exist. Access to patient information and system functionality enabled by sign-on/user ID to individuals with a valid authorization level.
The benefits of improved exchange of health care information are well known. There is a critical need to protect privacy with improved discovery and delivery of patient's medical records when they are needed, where they are needed, and only to authorized individuals who need them. The ability to locate patient records and delivery them securely will enable a number of improvements in health care, including the ability of authorized clinicians to access vital patient records in near real time in the event of an emergency, improving patient access to their own records, decrease the number of tests that need to be re-run because previous results cannot be found in a timely manner, lowering the risk of negative drug interactions, and safer delivery of medication orders to the pharmacy. Increasing the availability of information to authorized caregivers in a secure, accurate, and timely fashion is essential to improve the clinical care and provide a host of other benefits to the patient and the health system.
The connections between pharmacies and other entities must be secure utilizing SSL and VPN connections, private data circuits, and encrypted messaging. The continued better linking of patient records is essential to improving health care. There needs to be a method to correctly identify the correct patient records across many entities, labs, clinical systems, third party payers, and pharmacies. In order to effectively collect and transmit critical accurate data to support quality health care across various entities and properly link correct patient information may require a unique patient identifier. HIPAA compliance issues must be addressed to preserve and protect patient confidentiality. Each transaction is stamped with a system ID, sender, receiver, prescriber, DEA, and prescribing agent. All transactions are checked against network profiles. Transactions that fail authentication are rejected.
I've attached a diagram which shows the common architecture and infrastructure of the current messaging format. From the right, it's on the next page, from the right messages are sent to a central processor at the prescriber's practice, then routed through a secure connection to an aggregator, then sent to a pharmacy host system central server, from there dispersed to the correct targeted pharmacy.
A challenge in moving forward with an effective system that allows the interoperability between authorized providers regarding a patient's health care will be the authentication and level of information sharing. Indicators will need to be created and managed that adheres to HIPAA compliance standards allowing patients to authorize the movement and sharing of personal health information data among various entities. The dispersion of information between labs, prescriber systems, pharmacies and third party payers will need to be identified through standards development. Situations can and do arise where patients may selectively need to choose what information is shared and with what entities it can be shared.
In today's paper based world patients will often use multiple pharmacies to avoid incorporating “sensitive” medical information with their overall profile. In addition, patients often at times forego having a medication processed through their third party plan opting to pay cash to avoid discovery of that medication information being identified or chance discovery by their employer. These may include categories of medication that treat mental health or a sensitive disease state. Patients today at Walgreens, even though all our pharmacies are interconnected by satellite, have the ability to limit their profile to a single store not viewable by another Walgreen pharmacy. There is some reluctance in a significant patient population that resists sharing all information or being part of a mass data pool.
Recent adoption of NCPDP standards regarding medication history and compliance messaging from the pharmacy to the physician create new opportunities and challenges for pharmacy as it relates to security and HIPAA compliance. Bi-directional messaging between pharmacies and physicians means the delivery of information the physician did not previously access regarding a patient. Because of the number of prescriptions not covered by third party plans, prescriptions that patients opted to pay cash, worker compensation prescriptions and OTC medications, pharmacies possess a greater amount of medication history than may be provided by a PBM. In addition allergy and health condition information is routinely stored on pharmacy host systems. Pharmacies will need to address multiple types of data sets. The data sets needed to adjudicate claims for payment with payer groups do not need to contain the same level and type of information as data shared among prescribers and pharmacies. Clinical information will include different data fields and the extent of interoperable sharing of that information will need to be identified through standards and business partner agreements.
The patient information system will need to be dynamic, allowing patients to participate in managing information flow, and give participating entities a mechanism to identify specific information for sharing while protecting other information. Patients may opt in for complete sharing of information or opt in only for selective data allowed for sharing.
Preserving privacy is important to ensuring acceptance of the e-prescribing and electronic medical records systems along with its benefits. Patient health records should be left with the health care providers who created them. The architecture needed must support the linking of health records. The challenge to pharmacy is a unique patient and prescriber identifier system. The NCPDP provider ID is the current and standard process for enumeration and identification of pharmacies in use today and has extensive industry experience. The NCPDP standards do support the use of the NPI.
Adoption of NPI in e-prescribing should not be required until May 2007 deadline if there is adequate industry experience in the use of the NPI and acceptable business practices are available for distribution of the NPI file to the industry. Until that time the current identifiers should be supported. The e-prescribing industry will continue to use existing identifiers for business purposes that the NPI does not support such as transaction routing to specific locations.
To properly identify patients unique identification methodology must be employed. Today, name and birthday may identify patients, however this may not be enough. Going forward a Master Patient Index may need to be created. There has already been success today in moving information across various standards. There is a current and successful effort within HL7 and NCPDP to interface the two systems to allow seamless movement of clinical information from one format to another. At this continues to develop and become implemented more information about a particular patient will be available. Managing that information and ensuring HIPAA compliance procedures and patient confidentiality is protected. This will be a particular challenge to pharmacy as it deals with the assimilation of patient medication and health data from multiple providers. Furthermore, the growing challenge is the proper application and providing this information to other health care entities in a manner that does not violate HIPAA standards or wishes of the patient.
The COB, Coordination of Benefits, and SPOC, Single Point of Contact, efforts through CMS is another application of system integration that pharmacies will need to address multiple payers and providers for patient health care are electronically aligned.
Many challenges face pharmacy as e-health care continues to emerge. The protection and integration of patient information will need to be carefully addressed and evaluated to ensure the best of health care is provided while protection of patient confidentiality is upheld.
A large national database of patient information does not appear to be the answer. Patients are cautious of their health information being shared by entities they do not want to have access. Each provider entity should maintain their information and the interoperability of sharing that information will need to be included in provider agreements that include the patient's intentions.
Walgreens is profoundly appreciative of the opportunity to address these issues to the NCVHS subcommittee. We fully recognize the importance of this group's efforts and are willing to provide any assistance to promote the adoption of e-prescribing and resolution of any issues now and in the future. Thank you.
MR. ROTHSTEIN: Thank you for that very interesting testimony, I know we'll have many questions to ask you about Walgreen's practices, which we'll do in the time after all witnesses have testified. Now I'd like to recognize Susan Winckler.
Agenda Item: Panel IV - Pharmacy Services - American Pharmacists Association - Ms. Winckler
MS. WINCKLER: Good morning. I'm Susan Winckler, I'm vice president for policy and communications and staff council with the American Pharmacists Association. APhA is the first established and largest association of pharmacists in the U.S. and we represent pharmacists in all practice settings, whether it's a community, a hospital, a long term care facility, including those pharmacists in research and the payer community. Today my comments will focus primarily on those pharmacists who are involved in direct patient care and what it is that pharmacists are looking for, both the concerns and the suggestions they have as we move forward in this idea of an electronic health record.
I will focus my comments on three areas, specifically access, contribution, and integration, as the key elements of what pharmacists are looking for in their ability to both protect the information that they create but then also be able to access that information in an emerging environment.
I do have to say we appreciate the opportunity to be here and stress that again when we talk about access. A few years ago when we would talk about health information technology and electronic health records there was often, there was a chart that was often used that had health care providers in the center and pharmacy off to the side. I think we've learned since then that perhaps that's not where we should be but we should be in with the health care providers and understand that role. That's key to the first point this morning which is speaking to the idea of access.
As pharmacists it's helpful to have access to that information from the electronic health record, whether it's access to laboratory information about cholesterol testing, if a medication is working, if it's access to information about what's happening for a patient who uses Closapine(?) for example and there may be risks to the patient that we need to monitor laboratory wise. Many times the pharmacists today accesses that information either from the patient or by calling the laboratory or calling the physician and an electronic health record environment would help facilitate that.
We understand as well that access does not mean unfettered access by everyone and I know that the committee has spent a lot of time talking about those types of issues. From the pharmacist's perspective our access should be appropriate to our role in the health care system as the medication expert so there are some things that we would not need to access but as we try to discuss and define what are those things we do need to access what we need to keep in mind is the pharmacist's role to check for those drug interactions to see how the medication use is progressing, as well as the responsibility we have related to controlled substances and specifically watching for the abuse and diversion of controlled substances.
There are some situations where someone may request limited access to their information about the controlled substances that they're securing from a number of different pharmacies and it's not necessarily that they're concerned about privacy per se but they'd like not to get caught in their diversion activities. It's just a distinction that we have to watch for and make sure that the pharmacist is able to complete their responsibilities under the state practice acts as well as the controlled substance act as we keep that in mind.
We also have questions about access when it comes to the idea of the health care provider's access to information and payers access to information and here I'll echo what Mike just mentioned, that in some situations what the payer needs to document that care was provided, that medication was dispensed, that an intervention of the pharmacist was provided, does not need to be the full patient record and understanding of what happened. The challenge we face today is that the implementation of HIPAA and specifically the minimum necessary approach to that issue, at least in the pharmacy environment, has not resolved that problem and that we seem to be in a bit of a situation where if the payer says it's necessary it's necessary regardless of what others may say in that situation and so we still need to resolve some of those issues about what is the payer access to information and then distinguishing that from what is the access of those who are involved in direct patient care.
The second piece, and I should say access is of course contingent on the fact that those who are not involved in health care at all shouldn't have any access but I think we know that as the premise walking in today.
The second piece I'd like to discuss has to do with contribution and that's the idea that pharmacists do have information to contribute to these health records and to that broader health information network and so as we're looking at standards and structure for all of that to remember that not only is it the pharmacists needing to see information but the pharmacists may well be providing information that would be extraordinarily helpful to the patient's providers. One of the key things that's not seen today in most health records is why a patient stopped taking a medication and we can hypothesize, offer theories, but if you don't have any of that interaction from the patient which is something that the pharmacist can often secure and then document, if that's not contributed to the health record we have lost that opportunity.
The final piece I'll talk about has to do with integration and that's speaking, I think the pharmacist and pharmacy community has an advantage when we talk about electronic health records and expanding health information technology because most pharmacies today use computers, they have computerized patient profiles and although I do know a pharmacies I can point you to who don't they're very rare and we would have to drive a long way to find them but they do exist.
What we found from that is that we have integration in the community setting and we have the use of electronic health records in the hospital setting and in the long term care setting, and they're all different. And so among APhA's members there are profound difficulties in sharing the information among those systems. And so today you go from a system where we have fantastic communication capabilities as Mike talked about within Walgreens but if a patient at a Walgreen's pharmacy goes into a hospital and the hospital pharmacist calls a Walgreen's pharmacist to get that information they most likely have to communicate that over the telephone or maybe send a fax in the current system because they are so different.
So as we move forward the integration of those existing systems is essential and then understanding that there will be costs with changing those legacy systems but approaching it to make sure that we have integration among those systems and also some ability to make sure that the system that integrates all of that information also meets the needs for those different practice environments, that the needs for the providers in a long term care facility may be slightly different from those in a hospital, from those in a community health center or somewhere else, so there's some, we have a single structure or standards but also some adaptability for those different environments.
Integration should also consider one final point and that's the idea that I think we're selling ourselves short if we look to the idea of the electronic health record in a national health information structure that simply takes the information that's communicated today on paper and communicates that electronically. We have the opportunity to communicate additional information and to provide additional support to patient care and I'll speak to that specifically in the context of a prescription.
The written prescription today looks much the same as it did 100 years ago except that we have much more choice in the drugs that could be identified on that prescription but if you compare the paper prescriptions there's very little different. The challenge with that is that we know today that medications can do much more and so if we could provide more information it helps both the prescriber and the pharmacist and most importantly helps the patient, including something like the intended use of a medication, not a diagnosis but what is that medication being prescribed for, is it to manage pain or is it for an infection or is it for seizure control, providing that type of information helps us navigate things as basic as medication errors where you could stop a medication error if you know that the medication that's being prescribed is for a certain condition, it's a lot easier to catch that error because you won't confuse Celebrex and Celexa if you know what the intended use was. But as well it helps patients manage their therapy when you consider a patient facing five or six or seven prescription medications every morning, I think most of us just take those and may not understand what medication is for what condition and what they should expect.
So as we look to integration APhA urges the committee and as we move forward in this broader structure to consider not only making sure that the current systems are integrated but what are those steps that we can do to go beyond what's currently communicated and truly create a preferred future in this opportunity that is presented before us.
In conclusion we do thank you for the opportunity to be here this morning and look forward to the question and answer session, I know Mike and I acknowledged that we'll be on the hot seat for quite a while, that's alright. Thank you.
MR. ROTHSTEIN: Thank you for that very important testimony and your seats are being warmed as we speak as we're going to open the floor to questions and for those of you who weren't here at the start of the hearing Kenneth Riddle from the National Community Pharmacists Association has been delayed by air traffic and should be here I'm guessing within the next half hour or so but in advance of that we have some time for questions and I see one of my colleagues is prepared to start on that. Mr. Houston.
MR. HOUSTON: Thank you very much. Specifically I guess it's open to both of you but I know Susan spoke to the fact, to discuss access, and I think you indicated that pharmacists have the responsibility or at least have the desire to do such things as monitoring lab values and other types of information related to the patient and I guess that goes to whether the medication is effective or whether the patient is complying with the medication dosaging and things of that sort. I guess the question I have and being somewhat of a cynic and thinking about privacy and the thoughts of patients, why isn't that the physician or the clinician's role and I would suspect that some patients would find it offensive that a pharmacist or somebody in a pharmacy would have access to that type of information and be concerned that that really was a breach of privacy. And then I'd just like your input as to why, more input as to why that's important and why they shouldn't be concerned.
MS. WINCKLER: Sure. Well, if primary care providers had 48 hours in every day and could see all of the people I think we wouldn't perhaps face some of these issues but when you look at the health care team and have the pharmacist, the nurse, and the physician and obviously others contributing to that as well the pharmacist's role as the medication expert plays into some of that need to help monitor the patient progress in this area. What we've found in studies that we have done in research that a number of other groups have done, when you pair the patient with the pharmacist so the patient understands that I am entering this program to help improve my diabetes, or to lower my cholesterol, that these are the steps that will be taken. In some situations the cholesterol testing is actually conducted at the pharmacy, in other situations it's conducted elsewhere but the patient has said yes I want this information to be shared with my pharmacist.
So I guess to address your specific concern, what we're talking about is not Mike coming into a pharmacy where I work and I say boy, you're not doing very well on your cholesterol lowering medication, where did you have dinner last night, that's not at all the approach that we're talking about. And in fact it's part of the new Medicare drug benefit that there is a requirement that certain patients have what they call medication therapy management services available to help make sure that those drugs are used correctly but the patients opt in to those programs, what we're saying is we want to make sure that the pharmacist can get access to that information short of faxing, calling, and everything else if you have this structure available.
MR. HOUSTON: So if you're looking at specific architecture, without getting into technical details, what you're really saying though is that, then is that a patient would be able to opt in to a program where a pharmacist would be able to monitor a variety of lab values, test results, whatever, based upon the medications that the pharmacist is dispensing to the patient.
MS. WINCKLER: Or it may not be limited to the specific medications that the pharmacist who's working with you may have a patient who is enrolled in a program or chooses to enroll in a program to manage their diabetes and it's what access the information the pharmacists needs is predicted primarily by the disease state that you're evaluating, it also is influenced by the specific medications that they're taking but I wouldn't want the, the drug is not necessarily the trigger, it's the need for the pharmacist to help provide that additional support to the physicians and the others who are involved in the care of the patient.
MR. HOUSTON: Thank you.
MR. ROTHSTEIN: With the indulgence of my colleagues I'd like to follow-up on John's question, because I think it raises a very important issue. I think you make a good point and I would say a compelling point with regard to the benefits of an expanded role for pharmacists in the health care delivery process, I'm thinking in terms of pharmacogenomic information and other new technologies which will put a greater responsibility on pharmacists as not merely the dispensers of prescriptions meds. If that in fact is the new model that we're going to be moving toward I'm troubled by some of the testimony that we heard at our hearings in the fall on pharmaceutical marketing practices so it seems to me, and let me just tell you what we heard, we heard that it is common practice at some pharmaceutical, I'm sorry, some pharmacy chains to send product switching information that is paid for by pharmaceutical companies directly to patients that they have and receive payment and don't disclose this information, etc., etc., and --
MR. HOUSTON: Under the heading of --
MR. ROTHSTEIN: Under the heading of --
MR. HOUSTON: -- alternative therapy --
MR. ROTHSTEIN: -- patient information and education and not marketing --
MR. HOUSTON: -- disease management or alternative therapies, things like that.
MR. ROTHSTEIN: Thank you. So it seems to me that in this brave new world of pharmacy practice pharmacists can't have it both ways and they can't it seems to me engage in practices that would be of questionable ethics if engaged in by physicians and nurses and other health care practitioners and sort of say well we're more of a commercial entity dealing with these companies. So with that long, long introduction the question is would pharmacists be willing to accept greater regulation and limitations on their ability to do this kind of product information/education/marketing in exchange for a greater recognition of their role in the health care delivery process and access to patient health information because if they get, from a patient standpoint if they get more information that only facilitates their ability to do more of these kinds of practices.
MS. WINCKLER: Right. From APhA's perspective we have addressed the same concerns because it was raised I think in 1998 is when we developed some guidelines for manufacturer participation in what was called patient incentive programs and where the association came out was if it's marketing, if it's saying this product is an alternative that you need to know about, that needs to be distinguished from the patient care environment and if there is any financial involvement from outside parties that that must be disclosed understanding that it does put, it creates a situation where you have a health care professional who could be perceived as misusing that position and that is what APhA and the pharmacists who came up with our policy specifically wanted to avoid. So we, the association supports that clear distinction and we would definitely be willing to explore whether it's explicit limits or understanding the distinction between those marketing activities and then those activities that are involved in patient care.
Now a challenge that comes in is that some would say that compliance work, so trying to improve patient compliance to medications, should fall on the marketing side and we would disagree, that compliance work, it does have a side effect that you get more prescriptions dispensed and so yes, there is a financial side to it but I guess it's hard to distinguish that compliance work with the reminder that I get from my dentist that I need to go in twice a year, which frankly is very helpful or I wouldn't get there. So yes, we would be absolutely willing to both share the information that we've developed that tries to distinguish this marketing from the direct patient care role and as necessary to make sure that those are, whether it's enforced or observed, however that happens, that the information we want pharmacists to be able to access is for their role as direct care providers, not for a role in marketing.
MR. ROTHSTEIN: So if you could make that information available to the subcommittee we would be very appreciative of that. What is the sort of current status of your position, so if I'm a pharmacist and I call and ask for an opinion as to this are you going to tell me that it's something that's frowned on, that advised against, that you view it as an association as being improper in some way or --
MS. WINCKLER: There are specific parameters if it were going to be conducted by the individual pharmacist and that includes disclosing to the patient any compensation structure, that any patient information would not be shared back with the funder or whatever is involved with that and that it should be identified as marketing. And then within all of that there's also the HIPAA compliance components of this as well but the association policy is based on those three important points of disclosure, distinguishing it as marketing and no sharing of information back for anyone outside of the treatment system.
MR. ROTHSTEIN: Thank you. Mr. Simko, would you like to respond to it?
MR. SIMKO: Sure. I fully agree with the APhA's stance and the points that Susan brought up, and can tell you that in the practice of our particular company that while there may be the opportunity for therapeutic interchange marketing to patients it's not done at any point of care and it's always done under the guise of that there's this other product available and there might be a desire for you to, well, let's work with your physician to switch, but none of that has to do with any marketing, it more has to do with cost effectiveness and more has to do with better coverage on a particular third party plan.
In the whole continuum of pharma and marketing much is done to the physician, in many cases the medication chosen in a particular course of therapy may have to do with the commercial a patient may have seen on the way to their physician's office, and in many cases the suggestion of medication comes from the patient based on advertising. Pharmacy at the point of care when we're delivering health care to patients, no advertising takes place, no switching takes place, no coercion to anything other then something that may be more cost effective to the patient if a particular third party plan that they may be covered by has multiple tier of co-pays or particular products are not covered. And patients trust pharmacists and rely on pharmacists and in many cases compel pharmacists to find that lower cost of therapy in many cases for them and that creates this bi-directional need for messaging back to physicians and prescribers so that the best course of therapy and the most effective course of therapy can be made for that particular patient.
MR. ROTHSTEIN: Thank you. Dr. Cohn.
DR. COHN: It's a pleasure seeing our presenters, again, I feel like we're back doing e-prescribing hearings. I'm actually going to stay away from the conversation that we just ran into and I think I need to actually recuse myself publicly in relationship to some of the medication therapy management service issues only because I sit on the CPT editorial panel and they've had to consider codes for medication therapy management services, so I will sort of publicly recuse myself from that.
I perhaps had a simpler set of questions and Mike I wanted to start with you relating to some comments you made relating to access by, I guess the practices relating to your database and pharmacist's knowledge of medications being prescribed within Walgreens. I think you had indicated in your testimony that depending on patient wishes medications might only be entered in a particular store or might be accessible over the entire network. Now the other setback, of course, as Susan sort of commented about issues relating to pharmacists needing to know about what medications a person is on, and of course the issues of fraud and abuse and everything else, I guess I'm curious about your experiences with that in Walgreens, what percentage of patients elect to have their medication history kept only within one store, are there issues that I think Susan has brought up that we should be concerned about there?
MR. SIMKO: Sure. The incidence of the population of patients that want to restrict their profile to a particular location is low and it's probably, I don't have the exact percent but I would say less then five. Many of those patients have very sensitive disease states, they may be HIV or some other issue that they do not want an entire corporation of pharmacies to have access to their patient information or medication history. So much of it is driven by not so much many patients over a lot of disease states, we've noticed that it's generally limited to some very sensitive disease states that a certain population of patients have and those seem to be the ones that want to limit to a particular pharmacy, to a particular location, to a particular practitioner at that store, that they don't want that information shared anywhere else.
The other part is people are nervous with more e-connectivity that information is now being shared to places they never intended it to be shared and there's a growing concern and we get questions from patients all the time, every day in stores, that does Walgreens sell information, do pharmacies sell this to manufacturers, is my data being sold somewhere else. The answer is no as far as Walgreens is concerned but nevertheless they just have this mistrust of identity theft and everything else that's taking place that they want to just locate their records in one particular place. But the incidence, the population of those patients is slow and is small.
DR. COHN: Susan do you have a comment? And then I'll ask a follow-up on this one.
MS. WINCKLER: It's something that we addressed as we were helping pharmacists prepare to implement the HIPAA privacy concerns where you have the opportunity for the patient to request restrictions on the disclosure on the data and what we had guided our members and other pharmacists to do is to assess that request and whether there was any conflicts between that request and their responsibilities to protect against diversion or pharmacy practice at concerns, so it sounds like the Walgreens system allows you to navigate some of those issues but I think it's something we have to keep an eye on because it could create barriers where we really need to share information, whether it's a fraud and abuse situation or a barrier where a patient chooses to get a sensitive medication at one place and separate that from their other therapy and the risk is not fraud and abuse but actually patient harm because of a conflict between those two medications.
DR. COHN: Well let me ask a follow-up on this one because I think it sort of goes to a comment that I made yesterday which is that with all of these sorts of interesting things that providers are doing now to help ensure privacy we run the risk of providers knowing less then payers about what's going on. And so once again I know some about e-prescribing and I know some about the pharmacy industry and so Mike you're in a situation where obviously you're the pharmacy, another pharmacy may not know about the information but in all likelihood the information will go up to a PBM, correct, and so they'll be the ones looking at diversion, they'll be the ones looking at possible unknown allergies or drug interactions, I mean somebody will be doing this, it just won't be you. Isn't that sort of what happens here?
MR. SIMKO: Well, again, the PBMs only know what they know and only get what's sent to them, and in many cases patients because of the type of medication or their choice do not always allow all their prescriptions to be processed through a PBM. So the pharmacy's depth of knowledge and breadth of medication is generally much larger then a PBMs and because when we do adjudicate a claim on a patient we do get DUR and information and medication information regarding a patient from a particular PBM if a DUR exists, if there's any drug interaction between what we're dispensing and what a patient may have processed through that PBM, even from another pharmacy, we get that information and we do our patient consultation with it. However we also have everything else the PBM does have and in many cases our pharmacy system, many pharmacy systems now keep track of other medication a patient may take from whatever source they get it from and they can just list that in our system, whether it's OTC, other prescriptions they may get from a mail order, wherever, that we can keep and we do do drug utilization review against those medications where a particular PBM may not have that information.
MS. WINCKLER: Actually what your question stimulated me to point out is that I guess we have to remember that even if we have an electronic health record and all this information we still have to talk to the patient because there will be situations and I'll give the example of the new Medicare Part D benefit where the payers benefit design is actually going to pose substantial limitations on what the payer knows about medication therapy and that's the reality that the new Medicare drug benefit will not pay for benzodiazepines or barbiturates, so those drugs will not be in the PBM record, they will only be at the pharmacy level because there's no reason for those claims to be filed with the payer and you will have that automatic distinction and separation of therapy in that environment. So I guess I would agree that we do have to be concerned about who has the information and who has the most information and maybe approach this in the realm that we should all assume none of us has the complete picture but where else do we need to look for the information.
MR. SIMKO: Also there's very limited if any PBM information regarding health conditions or allergies on a particular patient, most of that is all collected in the pharmacy system.
MR. ROTHSTEIN: Dr. Tang.
DR. TANG: I have several questions if I may. One, I want to step to their defense in terms of John's question, I think pharmacists play a crucial role in helping to prevent medication errors and informing clinicians in prescribing, and in particular I like your example of across the continuum of care and possibly one of the most, one of the biggest opportunities for help is in the long term care facilities where I think there's certainly there's multiple medications and a lot of less then desirable prescribing practices.
A question I'd have for your, when you talked about how critical the role of pharmacist is in the care situation, is there any distinction from what I might call a clinical pharmacist and one that may be in a dispensing role, like you might see in a retail pharmacy, so I'm used to working with Pharm.D's for example, whether it's in the hospital setting or the ambulatory care setting and a lot in the quality management and medication prescribing area, is that different, do you have a different role when you talk about access to labs and making sure that they're on the right thing and not getting into trouble. Is there a different role in different positions as a pharmacist?
MR. WINCKLER: There would be a different need for access to information but I wouldn't separate it out by where the pharmacist stands, it's the role that they're fulfilling, that you may if we used a Walgreens structure, I'll just use that as an example, they may want to in one facility have the pharmacist who's overseeing that order fulfillment side and the medication error observation in checking that process, and then the pharmacist who's engaged in their hospice practice or doing the medication therapy management for patients with diabetes. So there definitely will be a difference in the access that the pharmacist needs but you may also have the same pharmacist performing both of those functions depending on what it is that they are, what it is that they're doing that day and what role they are fulfilling.
As to the clinical versus the non-clinical side, all pharmacy graduates come out with their doctor of pharmacy, that's the core degree, and so are prepared to operate in this environment, it's just depending on how we deploy them. But I should say my use of Walgreens was hypothetical as an example.
MR. SIMKO: Mine isn't. To answer your question we actually do deploy clinical pharmacists in a variety of practice settings, both in the area of specialty pharmacy and we have dedicated patient care centers so for more complex or more involved type of medication management, disease state management we do have this core group of specialized individuals totally dedicated, they do not work in stores but totally dedicated to patient consultation and interaction based on disease states or based on certain medication therapy that that patient may be on.
DR. TANG: So would you expect in the Walgreens dispensing role to have the same kind of access to information that Susan talked about in terms of lab values and diagnoses and --
MR. SIMKO: To the extent that a pharmacist in front of a patient can give better advice, care, or determine when an alert occurs that perhaps this patient is not as compliant or because of an interaction of therapy this patient may be on that lab values are not coinciding with medication therapy what this pharmacist knows about this patient, and to the extent that certain disease states require the monitoring of lab values, certain drugs we dispense require the pharmacist to know and document particular lab values, then yes. Will they be intricate in every consultation? Probably not, but the fact that that information is there, updatable, gives that pharmacist just one more check, just one more level of being able to better help, better advise that particular patient, something that in the paper world today they're mainly blinded to.
DR. TANG: In the current Walgreens system since you described and it was very interesting to hear all of the information that you would have that exceeds that a PBM would have, are there audit trails so a patient could find out who looked at their medication history and to the extent you give diagnoses and so on and so forth, in the future perhaps lab tests?
MR. SIMKO: Within Walgreens it's a very closed system, their patient information does not get out anywhere else, however, if any notations were made to the patient's profile, to the patient information, our patients have access to their profile and to their patient information, they can monitor that. Anytime they want they can sign on, we give them PINs, we give them user IDs that's unique to them and they can monitor, they can track, they can update, they can add to their profile both the medication that they're taking and health conditions they have and they can view that if any other notations or changes were made to their profile along the way.
DR. TANG: Is there an audit trail to know who within Walgreens has looked at a file?
MR. SIMKO: Absolutely, yes, everything that's touched on a patient's profile is time stamped, user stamped, location stamped, that everyone knows who did what, who looked at what, when.
DR. TANG: So when a pharmacist or even the check-out person is accessing your record they are logging in every time?
MR. SIMKO: Absolutely.
DR. TANG: So you know it's that person?
MR. SIMKO: Right, and we know that who used it, who sold it, when it was sold, everything.
DR. TANG: Can I --
MR. ROTHSTEIN: They'll be a second round if there's time.
DR. TANG: Can I follow-up on the train of thought that you started, this is a little bit of a hot seat question, nothing better then personal experience to raise data points that you'd like to explore. This whole idea of how it is that someone well known to me received a solicitation for then a new brand drug as a potential replacement for a generic medication that this person received. What patient improvement program made that happen?
MR. SIMKO: Without knowing the particulars it would be hard to say but in some cases and by some payers and by some PBMs sometimes brand name medication is a preferred therapy over a particular generic if manufacturer dollar rebates were given to that particular PBM.
DR. TANG: And then so there's some financial incentive for the PBM --
MR. SIMKO: And the patient.
DR. TANG: And potentially the patient. Is there any to the pharmacy?
MR. SIMKO: I cannot say for sure, I can get you an answer to that but I don't want to comment without having absolute knowledge of that.
DR. TANG: So that trace was that information about the dispensation of that drug when back to the PBM who then turned around and used the contact information to create a mailing to the patient.
MR. SIMKO: Could have happened that way.
DR. TANG: And how would someone either be aware up front that this could happen to their data or opt out of that happening, or is that possible?
MR. SIMKO: Proactively today they probably don't know until it actually happens to them and I'm not sure if in particular their party plans or PBMs the patients are given any heads up that your medications may be marketed or information gathered about your particular medication therapy may be marketed, it doesn't happen from the Walgreen company.
MS. WINCKLER: They would likely need to opt out at the payer level if it's the PBM who's doing that because Walgreens submitted the information to get the claim paid, which the patient agreed to, and then it's how the payer uses that information, the challenges that most consumers would believe that it's the pharmacy who's doing it rather then the payer.
DR. TANG: So the follow-up just to figure out whether Walgreen has any financial dispensation for that transaction.
MR. SIMKO: Yeah, I can't answer that for sure, I would have to get back to you on that.
MR. ROTHSTEIN: Dr. Harding?
DR. HARDING: Well, I can follow-up on that question too but we'll drop that and go to something else for the present time. I just have two questions about two things that I always think are interesting. One is that on page six of your testimony you said that adoption of NPI, national patient identifier, in e-prescribing should be required, or should not be required until May 2007. Now is May 2007 some kind of a deadline, is that the compliance date where there's going to be --
MS. GREENBERG: My understanding that's the date that it will be, that's the implementation date that will be required but trading partners can agree on it being required earlier I believe.
DR. HARDING: But there's a still hold on the development of that.
DR. COHN: No, this is the provider, this is the provider identifier.
MS. GREENBERG: This is the national provider ID, I'm sorry, I didn't understand.
DR. HARDING: That's my question, the individual national patient identifier is what, okay, skip that, let's move on.
MR. ROTHSTEIN: I would ask everyone to not speak at the same time, we need to get this transcribed and so forth. So Richard?
DR. HARDING: Just a quick, yesterday we had American Hospital Association and some others here and they were saying that there is in the minimum necessary field very little argument between providers and payers as to what is minimally necessary. Is that the case in pharmaceutical activities? Do you get into discussions with the payer as to what is minimally necessary for them to pay you? Do they accept your statement of what is minimally necessary or do they ask for a lot more then that?
MR. SIMKO: There's generally a set of, a code set when we're adjudicating a particular claim and that code set is generally the same across the predominant amount of payers, however, with that being said at particular times payers may then say in order for you to get reimbursement we're also going to require you send this data field, this data field, and this data field. It hasn't been problematic yet as far as how much information they want because generally it's just, they want drug, day supply, patient, that kind of information. The concern though is as this amount of information pharmacies receive is going to grow and get bigger and pharmacies will have more of this information assimilated from various providers then the opportunity on the payer/PBM side will be we know you have it and now we want it and in order for you to get paid X give it to us, otherwise it's going to be X minus and those are concerns of ours.
DR. HARDING: But at the present time that is not happening but there is that potential as the question implies.
MR. SIMKO: Yes, exactly.
DR. HARDING: Thank you. Anything?
MS. WINCKLER: And I think I just echo, I think there's a fair amount of concern that there is, today we seem to be working from that minimum necessary dataset but it's not established as clearly in the pharmacy environment and particularly according to the NCPDP telecommunication standard as it is in other environments.
DR. HARDING: Thank you.
MR. ROTHSTEIN: Ms. Bernstein.
MS. BERNSTEIN: Thank you, Mr. Chairman. I just wanted to clarify something in Mr. Simko's testimony, at the bottom of page five you mention that, it says patients may opt in for complete sharing of information or opt in only for selective data, and I wonder if the National Association of Chain Drug Stores or Walgreens in particular advocates an opt in system which for privacy people it's a term of art meaning that the default would be not to completely share information and that it would be, it would behoove the patient to decide whether or not more sharing would be done. Is that what was intended or --
MR. SIMKO: What some of the concern today is that right now it's almost like all or nothing as compared sharing information or not. We understand that if patients may have a particular information they don't want anybody to know about, particular pharmacy where they had that medication fulfilled at, they may just opt out and then it just kind of takes out everything and have none of their information shared versus is there a way they can opt in but just selectively maybe not share in every single medication that they're taking, and is it better that they can do that versus all in or none at all.
MS. BERNSTEIN: What I'm asking is is the position of your organization, either of your organizations that the policy should be that there will not be sharing unless the patient affirmatively decides to allow it, or is the default, I presume the default is more likely that the information will be shared unless the patient opts out, unless they say that we don't want it. But opt in would imply that the default is we don't share unless the patient says it's okay which is different then, do you see what I'm saying?
MR. SIMKO: And I believe it's opt in, I'm sorry, they opt out, right, so the information is shared.
MS. BERNSTEIN: Thank you.
MR. ROTHSTEIN: I have a question that follows up on that and that is we have heard certainly at our last hearing that one of the options for protecting patient privacy would be to sort of have special rules for certain very sensitive medical conditions such as mental illness or HIV and so forth in terms of the medication record itself. But clearly if that's the way one were going on this you'd have to include pharmacy as well because if you have a prescription for Prozac you don't need much diagnostic information. So my question is given that in your judgment how feasible would that be to have special rules, and I don't know what those rules would be, for different kinds of prescription meds?
MR. SIMKO: Pharmacy systems are extremely sophisticated and growing even more sophisticated and building a system where we could identify a class of drugs and then prevent that certain class, those certain medications, from behaving or acting or being shared or moving like other medications is not that difficult and something that we could easily do in the interests of making sure the rest of the information is made available, so it's very feasible today --
MR. ROTHSTEIN: So you do think that's feasible.
MR. SIMKO: Absolutely.
MS. WINCKLER: And the only challenge I'd raise from the practitioner perspective is deciding what conditions meet that of protection, I mean about eight months ago it might have been a certain condition for me that now I can't hide but I could have hidden eight months ago. And also I think it raises a question just from a if I'm trying to access this information and I shouldn't is it easier for me to get into when I know it's all collected in one place and that the example, some pharmacies if you use the drug example and trying to protect against diversion they have the option of either keeping all of the schedule two controlled substances in one place or dispersing them throughout their inventory, they often choose to disperse it throughout the inventory because then if someone breaks in and wants to steal them they have to work harder to find it. And I don't know if that creates situations here if you designate that information as particularly sensitive do you also flag it as the gold mine for the people who are seeking it.
MR. ROTHSTEIN: Well, thank you for that answer, I see that Dr. Riddle has joined us and welcome, we have had testimony from your colleagues on the panel and we're sort of mid way in the question and answer session, so we're going to take a pause in the questioning and allow you to give your testimony and then we'll resume the questioning and I'm sure they'll be some for you as well.
Agenda Item: Panel IV - Pharmacy Services - National Community Pharmacists Association - Mr. Riddle
DR. RIDDLE: No problem, I'm confident that my colleagues Michael Simko and Susan Winckler have probably done a great job in answering questions thus far. I do apologize for the lateness, there were flight delays coming out of D.C.
Again, good morning, my name is Dr. Kenneth Riddle, I'm a pharmacist and the assistant director for professional affairs for the National Community Pharmacists Association, or NCPA, and we're located in Alexandria, Virginia, and again I thank you for the opportunity to testify today on the subject of privacy and health information technology.
A bit of background about the organization, NCPA is a 108 year old organization which represents the nation's community pharmacists, including owners of nearly 24,000 pharmacies which make up a 42 percent retail marketplace and the 60,000 pharmacists that work in this independent or community setting. And again these independently owned pharmacies generate $78 billion dollars yearly and fill nearly half of all prescriptions.
Statistically currently in the United States there are 57,208 pharmacies and there is at least one pharmacy in every county just to give you an idea of how many pharmacies are in the country and the makeup of these include independent, chain, supermarkets, and your traditional mass merchandiser pharmacies. And the tasks performed regularly in these community pharmacies highlight why the transmission of EHR into an interoperable network within ten years is of not only interest but importance to our community pharmacists.
Currently when community pharmacists are educated they go a minimum of six years of education and the curriculum includes pharmacy sciences, pharmacy practices, drug and disease state management courses, as well as the matriculation through clerkships, internships, and externships, and then upon that completion that have to have a national licensing exam. Once they've been licensed nationally then they have to continue education through courses that are provided annually just to show the degree of education that the community pharmacist undergoes. So once they become a pharmacist as one of the most accessible health care professionals community pharmacists are a patient resource of sorts for information, this information runs a large gambit, it includes Medicare and Medicaid and private insurance information, as well as information on over the counter and prescription medications.
Also pharmacists are used as a resource in engaging patients to become more proactive in the treatment of their personal health care and an example of this is the 19,000 of 24,000 independent pharmacies that have enlisted and solicited at least one customer to be involved in the Community Care Rx drug benefit program within Medicare program.
So currently community pharmacists are engaged in a list of daily activities on the front line which include reviewing patient medication profiles, answering questions and concerns, as well as making referrals and recommendations and according to the 2004 Pfizer Digest on average pharmacists speak with other health care professionals at least seven times a day. So that again shows you the scope of communication that takes place within the profession of pharmacy and it's also important to note that a community pharmacy has been a profession that has been highly computerized for over 20 years now with the processing and transaction of insurance claims, and community pharmacies transmit hundreds of real time electronic processing transactions daily for these insurance claims, additionally pharmacies have embraced electronic transmission of new prescriptions and refill prescriptions through electronic prescribing between pharmacies and physicians and NCPA is currently a part of this process through a company by the name of SureScripts.
So as you can see our industry is excited about, and I'm sure it is an iteration of what my colleagues have spoken of, we're excited about the advent of electronic health records and the possibilities on the horizon for electronic prescribing. However, with the inception of a plan to adopt a widespread use of interoperation EHR within ten years there are naturally some questions and concerns that we do have.
Currently when a pharmacist reviews a prescription the information that they have may be incomplete and that oftentimes results in the patient not receiving the maximum benefit of the value of the medication that they're coming to receive. Or it can also result in a difficulty translating the prescription. So EHR has the potential to allow pharmacists to review comprehensive patient profiles in efforts to prevent both drug/drug and drug/food interactions. These records could also assist in the management of both disease states and medication therapy regimens based on readily available medical histories. Also these medical histories would include drug allergies and concurrent disease states. Such databases could also aid in the identification of subsequent reduction for prescription fraud and reducing illicit drug use, it could also support the prevention of duplicate therapy and reduced non-compliance amongst patients and both of these are implicated in the increasing rise of health care costs.
So again there are several questions that concern community pharmacists in regards to EHR run the gambit and are comprised of subjects such as privacy, naturally, confidentiality, security, accessibility, as well as operational procedures and the cost of the assumption of a project such as this. And with the initiation of HIPAA, as we all know Health Information Portability and Assurance Act of 1996, security and confidentiality have been highlighted to be priorities and are of paramount importance to community pharmacists.
As mentioned earlier pharmacists transmit hundreds of prescription claims daily and as these claims are transmitted for adjudication, approval, and eventual payment these companies responsible for routing the claim to the appropriate payer and the pharmacy benefit manager, or PBM, commonly pull de-identified information for the purposes of reselling that information and we see that regularly. Several pharmacists have no control and others don't even know that this takes place. So pharmacies must be assured that if they ask to transmit patient information to the EHR collection point that the information that they transmit is secure and will not be used for commercial interests without consent of the transmitting pharmacy.
In conjunction to that it's another concern that community pharmacy, we're asking who will be charged to transmit this information to the EHR collection point. And as we mentioned the benefits of EHR are obvious for looking at a comprehensive review of the patient's medication history but along with that we have to take into account issues of possible discrimination and prejudices, an example would be an employer refusing to hire a potential applicant for a position because he has access to the patient's record that indicates the patient has been using methadone for the treatment of previous heroin addiction.
In addition the parameters of accessibility are of extreme importance to community pharmacists. The number of patients that pharmacists see daily and the activities that take place, it is important and it is necessary for pharmacies to have access to electronic health care record transmission, not only access but access to retrieve and if necessary add pertinent information to these records. Other questions include how will measures used to prevent inappropriate entities from having access to E HR allow patients and the patient's care givers to have access to EHR without impeding a firewall to them. Also how will health care providers ourselves be given to access to EHR and finally whether there would be a charge to the health care provider to access such a record for transmission.
And with the day to day operational procedures associated with EHR several areas come to interest to community pharmacies and these include the standard operational procedures. Currently in pharmacy there are uniform data fields that are filled out when a patient presents information to the pharmacy and this is so that there can be a consistent level of information that is transmitted for claims and from pharmacy to pharmacy if the patient chooses to use the network of pharmacies that are available. So with this we would really like to know what data fields will be required to be included in the EHR, when a patient presents their health information what will be the necessary fields that have to be filled out in that information for it to be consistent amongst others that are going to be transmitting these records as well as how will record duplication be prevented and addressed, for instance if I am a junior how will it be ensured that the information will not be misconstrued or erroneously used to prescribe me medication.
In conjunction who is liable for the transmission of records that are intercepted or the databases that are hacked into, as well as what is the anticipated time to transmit and receive an electronic health care record. Currently on the forefront of community pharmacies time is an issue, several pharmacists may not even have the opportunity to take lunch breaks because of the amount of claims that are processed, the amount of prescriptions that are filled, the amount of counseling that is currently taking place on the front line and with the advent of the baby boomers increasing this time factor will become more severe and so we really would like to know how much time will it take to transmit and to receive such a claim.
In addition to these procedural questions community pharmacists are interested in the infrastructure, which is explanation of how these claims will be transmitted, will it be via one pipeline, meaning the information will be transmitted from one pharmacy and through that same pipeline be received to that pharmacy, or will it be via two pipelines, in that information will be transmitted from pipeline A and the information of reception, will it be received from pipeline B, again will there be one pipeline or will there be simultaneous pipelines going back and forth for the information.
In conclusion, community pharmacists come in contact with a vast amount of patient health information as well as a large number of patients daily. These interactions, coupled with the use of computerized processes position community pharmacists to be a significant contributor to the compiling of information for electronic health record transmission. Although advantageous EHR transmission involving community pharmacists raises questions about privacy and confidentiality, security, liability, accessibility, and cost and reimbursement. Community pharmacists are looking forward to working with you to provide the input that will assist in resolving some of the unanswered questions associated with EHR.
Thank you.
MR. ROTHSTEIN: Thank you very much, I appreciate your rushing to be here and join us. We'll now resume our questioning and allow you to comment as well, I think we were up to Dr. Rippen.
DR. RIPPEN: Thank you all, I appreciate the very important role of the pharmacists in the delivery of health care and that the movement toward an electronic health records and their operability may provide additional tools and capabilities for everyone in health care. But yesterday we also heard about some of the exquisite sensitivities that consumers have with regarding sharing any very sensitive information, even as it relates to the medications and we also see in the press at least that there are now certain pharmacists that may now refuse to provide, dispense certain drugs, such as contraception. What do you think the implications of those trends may be on consumer view of allowing pharmacists for example to access actually more information?
MS. WINCKLER: Let me address the conscious issue first and just say how it's addressed in the majority of situations, it's that if the pharmacist chooses not to participate in a certain activity they opt out but have set up a system so the patient is served and there's no conflict between the two, so the pharmacist steps away, the patient is served, and the patient may not even know that the pharmacist chose not to participate in that activity. And that's what happens in, as we try to track it statistically, in the majority of situations where we have problem is where that seamless transition doesn't occur and so we have, APhA specifically has worked on this issue for a long time and I know many employers have set up a system where they know of those situations where the pharmacist is opting out and have set up the alternative system.
It does raise a question for individual consumers and at some level also raises the understanding that at the pharmacy they are dealing with a health care professional and that they're getting something, that something more is happening then just that medication being provided. As we move to the electronic health record and perhaps more information I think it's incumbent on our profession to help consumers understand why a pharmacist might need access to that information and how the pharmacist would use that information and to, I don't know if we want to say the word police but to better help the members of our profession understand the responsibilities that come with the access to that information and the vast majority of pharmacists understand that but we do have others who we have to reach to help them understand that with additional access comes additional responsibility and be prepared to deliver on that or we will run into the consumer side where the consumer says no I don't want the pharmacist to have access to that designated information.
MR. SIMKO: Susan is quite correct and in Walgreens there is a very, very detailed structured set of procedures that if a particular pharmacist for any reason has trouble fulfilling a medication order there is an exact plan to follow, we have enough resources available that in most cases the patient never knows, but even if they did they never suffer any inconvenience, they will get their prescription, they will get their medication.
Regarding the other part about the increased amount of information available to the pharmacist, the vast majority of the public holds pharmacists quite high in trust and being able to provide objective information to the patient. In many cases they look at the pharmacist as kind of the validation that this particular therapy is good, I trust this, the pharmacist didn't initiate the therapy, a prescriber did, but they're a kind of a validation point because this is the person they know, this is the person they have access to, this is the pharmacist they see all the time and they look that this pharmacist can better answer my questions the more information they have. So I don't feel, see, anticipate, experienced any reluctance on the part of a patient in that the pharmacist has more information to better inform them versus less information.
DR. RIDDLE: I concur and I would like to reiterate the points of my colleagues that currently as well as in most of our chains, independents as well, have a relationship with many of the patients as well as a relationship with the profession to remain integritous(?) and oftentimes if there is a refusal to fill as has been spoken before it takes place before the patient is even aware of that issue. And again if there is a refusal it is mandated that they refer that patient to another pharmacist who will fill that prescription.
DR. RIPPEN: And just one follow on question if I may, you had said that you allowed consumers to have access to the information, how many I would say people have taken you up on that and what has been the general response?
MR. SIMKO: I couldn't give you the numbers, I could make those available to you but it's in the millions and the one trend I can tell you that, probably over 60 percent of the updates to patient profiles, medication history, allergies, health conditions, anything that they want to add that they think the pharmacy should know about them is done by the patient on their own with their access versus informing the pharmacy staff at the store or over the phone. Patients really like to feel they participate and they really like to feel like they have ownership of their information and just the fact that they can check it, we see the hits on a particular patient's profile, that we know that they're in there, many times they do nothing, they're just checking, and that gives them a tremendous comfort level, the fact that they can monitor this, but even the fact that they can update it really gives them control and I think as patients become more technologically sophisticated that's an important part that they play.
MR. ROTHSTEIN: We have time for a short second round of questioning. Mr. Houston.
MR. HOUSTON: Thank you. It was interesting, Dr. Riddle indicated that the typical pharmacist speaks to somebody, a clinician, seven times a day, which I think is very interesting, I think it goes towards the need to integrate as best as possible between the systems, between the providers and the pharmacists. But I do have a very specific question, in Michael Simko's testimony he indicated the fact that there was a need to develop a unique, or to require a unique patient identifier which there is a somewhat of a bias against I guess, right now at least at the federal level, but at the same time Kenneth Riddle spoke of the fact that a lot of pharmacists are using technology developed by SureScripts to communicate between providers and pharmacies. And I guess the question is, on one hand it seems as though there are effective mechanisms to link providers and pharmacists and I would think in that realm also patients, and that would speak to the need, to the fact that there is a system that works today, but yet I'm hearing on the other hand that there is a desire or a need to have a common patient identifier and I'd just like people to sort of speak to that issue.
MR. SIMKO: I don't think they're necessarily in conflict, the two, there's the today and then there's the growing need of tomorrow, and today we have various types of identifiers in place that do work. I think as interoperability grows, deepens, and becomes more integrated with a variety of other systems, hospitals, labs, whatever, over a various amount of language type communications, HL7, NCPDP Script, whatever is out there, that there's going to be a growing need to have some unique identifier for that patient so that we know it's that patient, it's that history and it's correct and it matches to where it needs to match to. Today we have processes that work and I just think that as things grow, as this becomes a bigger more deepening part of health care, and the other part to remember is that the regulations that are being formulated to affect Medicare Part D are in name only, they're going to affect every single patient in this country because physicians are not implementing a Medicare Part D system, they're going to electronic medical records, it's for the world --
MR. HOUSTON: From a pharmacy perspective is this, on a scale of one to ten, is this a ten, is this a two, is it a three or a five --
MR. SIMKO: 15 or 20 or 30 or 100.
DR. TANG: What was the scale to represent?
MR. HOUSTON: One to ten and he said 15, 20, the scale being 10 being most important, one being least important, having an NPI, in terms of having a common patient identifier.
MR. SIMKO: Today the need isn't very strong and I don't think anybody yet can put their finger on exactly when and how much and when that's going to occur, I think it needs to be on the horizon, I think it needs to be thought about and I think it needs to be kept at least in thought that at some point we may have to have something uniquely for a particular patient, especially as the population, the input, the amount of provider input continues to grow. We already see the coming need for an NPI, national provider identifier for physicians and prescribers, I think the same is going to hold true for patients.
DR. TANG: Can I ask just a brief --
MR. ROTHSTEIN: You're only one away.
DR. TANG: The follow-up question to that is do you have any sense of what percent of the transactions involve either duplicate numbers for a single patient or potential conflicts? I mean do you know order of magnitude what the scope of the problem is in terms of problems with identifying patients accurately?
MR. SIMKO: Can you clarify --
DR. TANG: So is it five percent, three percent of the patients you have problems, you either have two numbers for one patient or you have multiple patients having, you have a problem matching a patient to that person's profile uniquely.
MR. SIMKO: I would say at least 25 to 30 percent that there's the variation of how patients are registered or how they appear that may cause duplication, all the way to how birthdates are entered in a clinical system versus how they may be entered in a pharmacy system, don't necessarily electronically connect these two properly so you will get redundant and duplicate patient registrations, profiles, and information and the risk to all that is if you don't know to integrate them then you've blinded yourself to a certain amount of information.
MS. GREENBERG: With the indulgent of the chair I just want to ask a short line of questioning that probably is more relevant to some of the other subcommittees of the national committee but it has a privacy implication --
MR. ROTHSTEIN: We have a captive panel.
MS. GREENBERG: Well, I was stimulated by the testimony an hour ago or so or more about Mike and Susan and particularly something in Susan's testimony and it kind of follows along the line of the very first question that John asked. And that is you spoke in terms of the need, at least in circumstances where the pharmacist is involved in the kind of disease management or medication management team type of delivery of clinical services to understand not just the health condition or the diagnosis for which the medication is being prescribed but its intended use, and in particular the intended outcomes, what types of outcomes you might be trying to achieve so that you can help track those. And I wondered if in thinking about the type of that whole line of query and I think we might want to bring you back for discussions, for example of the Quality Workgroup which is looking at the type of information needed to do, to monitor quality of care, about the need for more structured or any information and also more structure information on functional status and functioning.
Because as you indicate it's often not to maybe cure a health condition or remove a health condition but to improve a person's level of functioning and as we've identified in other work of the committee this is not currently even well collected information in health care records and I'm sure certainly not in your records. Have your associations given any thought to this and would you be interested in engaging in further discussion on this?
MS. WINCKLER: From APhA's perspective absolutely, it's one of the things that is seen as most important for our practitioners, that they have a better understanding of that intended use or what is the, not end point but maybe the goal, because it's hard to help motivate a patient if neither the patient nor the pharmacist has a good idea of where they're headed. And you can get some of that information from the prescriber but in the current system it takes a lot of time and sometimes is very challenging to do, so yes, we'd be very interested in that and have done a fair amount of work in trying to articulate what's the most important information to have both on the prescription and then on the prescription label to help patients take better control of how they use that medication and the result that they should get.
MS. GREENBERG: I'm also thinking that from the point of view of your interaction with the patient, their improvement in functioning in some goal area is probably more important to them then what their particular diagnosis is.
MS. WINCKLER: Right, I think it's from the patient perspective why I'm taking this may have nothing to do with the technical diagnosis, that's not what they care about, they want to know what they can expect and what they should be watching for and how it will change their daily life.
DR. COHN: I guess I was put off a little bit with Marjorie's question because I actually had thought she was asking you whether or not you wanted, were willing to enter that information or that type of information in your own encounter and I wasn't sure, and you seemed to answer it as though yes we're happy to get that information.
MS. GREENBERG: Well, I wondered both ways, whether that's, both whether you are looking to get the information on the prescription as to what the functional outcome, or the expected outcomes are, what's trying to be achieved, what the goal of therapy is, and also to be able to feed back if you're in a situation where you're part of that disease management, what types of goals are being achieved from that point of view, therapeutic goals.
MS. WINCKLER: Right, and so I was speaking it from the context, what is that additional information that would be helpful from the prescriber that then helps guide the feedback that's provided from the pharmacist and the patient so you have, you start to have that information accessible to health care professionals who are gathering it in the first place.
MR. SIMKO: From the Walgreen's perspective we'd be absolutely, think it's a great idea, to participate in anything like that and we're willing to and in fact today we're already building internally systems where we're thinking of giving patients, physicians, pharmacists, the ability to at every encounter that they're going to put notes on this patient's profile so that the follow-up can be shared by the person's prescriber, the pharmacy and the patient, and in addition to that with the advent of electronic prescribing and the sharing of electronic medical records the pharmacist will be better informed to know exactly that okay, you're taking this medication for a particular purpose and is the great encourager of that patient that you're taking this drug to treat a disease, maybe these other drugs help you perform better, function better, better quality of life and all those together need to be critically managed and monitored. I think the pharmacist is an excellent place to do that and so much so that we recognize that and we're absolutely willing to go forward with that and participate and return any time that you would have us back.
DR. RIDDLE: In addition it's almost a natural progression of what's taking place currently, I spoke about in the testimony that there's current dialogue within the health care profession inter-professionally between providers and care givers and prescribers and dispensers and counselors and so with the way things are being practiced now it's a natural evolution with the vehicle of the EHR transmission through an interoperable network for pharmacists to have access to that information as well as dialogue with physicians or other concerns or recommendations, or even referrals to clinicians and providers.
MR. ROTHSTEIN: Dr. Tang has the final question.
DR. TANG: So just to make explicit on this last exchange, I can see the value in pharmacists having more information and being part of the team taking care of the patient, I'd love to get like the refill data from you or anything that you glean from the patient, are there impediments for the provider, the clinician provider to getting information from the pharmacies that you may have in your database?
MS. WINCKLER: Today or under the future we're talking about? I think today the challenge is finding a way to communicate that back to the involved prescribers in the best way.
DR. TANG: I'm talking about policy wise, I know in the past pharmacies have said well there may be a privacy problem but in today's world with HIPAA protection and if the technical and standard impediments were removed are there any problems with Walgreens sharing back your dispensing history, OTC, those things?
MR. SIMKO: No and in fact being the co-chair of NCPDP I can even address that we've just approved standardization that pharmacies can and will be sending back compliance information, fill history, so any particular medication you write, not only when we filled it but if the patient picked it up and we'll tell you when they didn't. So that structure is being built today, standards were approved, the various network aggregators will near future be able to handle that bi-directional messaging so that physicians with systems will know that patients are compliant, we'll update your medical records for you so that when you're reviewing that particular patient you'll know not only they got this medication but they got it at the correct intervals, they got it at the correct time, or when they didn't get it.
DR. TANG: If I could turn this one to a different party, the payer, the PBM in your situation, how much information is transferred to the PBM and how much is being requested and how much in your mind may cross the minimum necessary, because I think you addressed that in your testimony.
MR. SIMKO: Yeah, with the PBM it's whenever we adjudicate the claim is when they know the patient got --
DR. TANG: But do they know more things, like you now have patients entering diagnoses and other things --
MR. SIMKO: Not today, they just know the minimal amount of information necessary to adjudicate.
DR. TANG: They aren't requesting additional information.
MR. SIMKO: Not yet.
MR. ROTHSTEIN: Dr. Riddle, you wanted to comment?
DR. RIDDLE: Yes, there was an interjection to the comment before concerning communication between the physicians and the pharmacists, currently pharmacists are mandated by various laws through various states of pharmacy to already compile the information that physicians may request so when it comes to assimilating that to a new process for EHR transmission it really shouldn't be extremely difficult for pharmacists because for years we've been tracking all the necessary information that has been mandated and regulated by the various state boards of pharmacy.
MR. ROTHSTEIN: Well, thank you all for your testimony and it was quite interesting and helpful to us. We will take a break now until 11:10 and at that time we will move to Panel V on primary care providers.
[Brief break.]
MR. ROTHSTEIN: Good morning, we are back with the hearing of the Subcommittee on Privacy and Confidentiality of the National Committee on Vital and Health Statistics, day two of our hearings on National Health Information Network. And we're pleased to welcome our panel members from Panel V, primary care providers, thank you for being with us and we'll go in alphabetical order so if you are ready to proceed we're happy to here from Laurie Badzek.
Agenda Item: Panel V - Primary Care Providers - American Nurses Association - Ms. Badzek
MS. BADZEK: Good morning and thank you for having me. I represent the American Nurses Association which is a broad nursing organization that represents 2.7 million nurses in the United States in a variety of practice settings at a variety of levels. Our nursing workforce is currently facing a shortage, that shortage may have an impact on the work that nurses do related to the work that you are planning for them and I'll discuss that further. ANA has been working very hard to develop mechanisms to both increase the number of nurses and to bring nurses back who have left the setting which have also added to the shortage.
Nurses since the beginning of time, since even before Florence Nightingale have been concerned with issues of patient ethics and patient confidentiality, it does play a large part of our role in our work and I will discuss that with you more in detail as well. Nurses are often the voice of the patient, especially our vulnerable patients, and we are currently the most trusted profession as indicated by public polls, we were unseated for a few years following 9/11 by firemen and policemen and we were happy to allow them to step to the forefront and obviously they are right at the top with us as well but we have regained our status as the most trusted profession.
In 1995 ANA did develop two position statements related to positions of computerized patient records, I reviewed those position statements before coming here today, much of the information in those position statements is still accurate, those statements came from the Computer Based Patient Record Institute and although that information is valid it's still not yet universally adopted because of the concerns and issues related to technology, cost of technology, and changes in technology which have kept many institutions from developing computerized patient records within those settings.
Obviously electronic health records and then more broadly the National Health Information Network create the use of new processes and new technologies that nurses need to work with within the health care setting and from the broad perspective of nursing probably the most important thing that we see related to your work and the biggest concerns we have actually deal with the system itself. Nurses have long been working within systems that are pieced together not well and not well thought out. In terms of establishing the network I believe that it starts here with your work and the very first thing that nurses and that the public will be looking for is the specified purpose of development of a national network and hopefully that will be well defined, and then how that system is going to be supported and supportive of the work of taking care of patients will be important.
Other questions that nursing is concerned about and that need to be addressed is the cost of the system, how will the cost be borne out and will it be passed on to patients, will it actually impact the health care setting where nurses practice. Again, nursing has long been subject to the cuts of health care and so if money is required to go somewhere else then does that mean that there is less resources for nursing to actually do the work. And again, these are things that are just questions that hopefully will be answered prior to the institution of any national network. So again, those costs are important.
How will this network cross state boundaries? Nursing practice is bound by licensure laws and is subject to licensure discipline within state boundaries and there are many issues in nursing currently related to crossing boundaries and interstate licensure and the impact of what happens if there are breaches within this network, how will nurses be impacted by failures or deficits in the system and again, there have been many system issues for which nurses have been personally attempted to be held liable, many times they have shown that it is a system error but this is one more system that if it's not well planned out, well defined, and well understood that would cause complications and then ultimately might impact quality care.
Other issues, those revolving around the accuracy of data, I was here briefly yesterday and I think those were articulated fairly well by one of the speakers. I mean if the data isn't accurate, if the data isn't up to date, if there aren't mechanisms for that then the system has no value because if it's not accurate data then no one, including the nurse, is going to rely on it. So what mechanisms will be in place for accuracy and then how will we show that this actually promotes quality care, nursing has now moved to what is called an evidence based practice, we use the evidence from the clinical setting to show what it is that we do works, to show that the care that we are providing is actually quality care and actually is improving the outcomes for patients, and so how will this system allow us to continue to work and to show that what we are doing is evidence based.
The overall system must also account for technology changes and deficits and currently that is a problem with some of the system now. As I talk to nurses across the country I mean we still have nurses who are working in paper records, we have nurses who are working in very big systems that have very well defined patient records that are computerized, we have nurses working in the VA where there is already a system in place from my understanding of just talking to nurses related to a patient dataset that is a computer dataset. So we have a variety and again, to be effective the system must have an overall positive impact both on cost and quality as we start to move towards looking at a national system.
Nursing is all about the commitment to the patient and these are some of the fundamental values related to patient care that nurses look at. We are committed to patients, to the right to self determination, we're committed to the uniqueness of individuals, we help to resolve conflicts of interest, we provide for collaborative efforts when it comes to taking care of our patients, and we promote the interests of the patients and advocate for the patients.
One of the primary roles defined by nursing and by the public is that the nurse is there to advocate for the patient. And as we look at what is one of our primary things we have to be able to help our patients, one, to understand the system, they have to have knowledge and they have to have access. And actually just moving to computerized medical records has created some problems for access for patients. If you think about a patient who wants to look at their file or look at their record, it becomes much more difficult when it's on a computer then just physically carrying the paper into the room, and then there are delays in terms of well we have to print this off and then how do we get it printed off.
And so again, and there are many issues that have crossed time and legally have been out there, who owns the record, who's the keeper of the record, and so as you develop a national system again these questions are going to arise, does the national system now hold the record and the keeper of the record and yet the patient is still the person who owns the information but how do they access it and how do nurses allow them to access it, all become issues that still need to be answered.
Also the system needs to be trusted. Health care and in particular nursing and medicine are based on trust and if patients don't trust us they're not going to give us the information and then the information won't be in the record and the record won't be accurate. So again, the system is based on trust and so can this system be trusted and then much of it is going to be an educational factor, you're going to have to educate patients as well as nurses about the system, the purpose of the system and then how the system works to benefit and increase quality care.
Questions related to conflict that come up is there's always the patient who doesn't want to participate and will they be penalized, they don't want their information houses in some national setting and how will we deal with that, will someone actually be penalized because they don't want a national record. And again, some of this could be education, nursing per se has not debated the national record and therefore we can't say that we are against it, in fact I would say that nursing would probably be in favor of a record if it could be shown that it had a strong purpose and that it would benefit quality.
In terms of transportability, currently we have a lot of settings that are sort of already behind the eight ball, where you have settings where in fact you have vulnerable populations in rural settings, I mean there are already issues related to technology and technology transference. I mean not to long ago I was in a rural setting where they were dealing with a very old computer and they could not accept information that had been put on to a new computer, so again, we have these technological issues that already occur right now and how will we deal with those issues. Again, technology, there are problems, deficits, and errors that occur, even in typing information into the network, again, what are the protections.
The commitment of the nurse to duties, again we have nursing is set out in a manner that there's accountability and responsibility, nurses also delegate information and receive information back from those they've delegated to. There's issues of competence and then improvement in the health care environment.
Primarily one of the biggest concerns that I hear from nurses related to confidentiality and patient records is the password problem and this may seem like a very small thing but at the same time as we move to yet another network, another series of protections need to be put in place, I've talked to nurses who have up to ten passwords for a variety of different systems and what happens to passwords when they're changed, when they're lost, what happens to information, these are all concerns that nurses have about what they're entering into the record. Also nurses are fully aware that somebody else controls their password so when it needs to be changed, what is happening, who can get in and make changes to records, and now you're going to layer it one further, it's hard enough for people to have trust within their own system and now we're going to have to have trust in a system that goes even further.
I heard of a problem that a nurse was relating to me related to technology concerns where a drive was changed. Now the information is still on the old drive and her question was how was that going to be technologically be destroyed, that information was there since it's now on a new system. And she couldn't get an answer to that question. Now mind you it's a system question but the fact that she couldn't get an answer raised a concern for her because she didn't know how the outsourced technology people were dealing with that drive and so these are questions as well, and I'm not a tech person so I mean there are probably better tech people here then I am, but she never got an answer to that question and so she asked it to me, should I be concerned. So again, we have issues related to our technology that we need to talk about.
I've already mentioned the licensure and accountability at the state level, the question is now will we have a federal level of accountability as we got to a national system that nurses will need to be concerned about and be educated about. And there are already questions about records crossing state lines, currently even as of just a couple of weeks ago there was a question about is the practice occurring, where the nurses or where the patient is, well now that we're going to have national records I mean is the practice occurring in cyberspace, I mean where is practice actually occurring.
Other issues, if this information is to be networked where within the network will be able to draw from these document, what information will be able to get, and then will the system require more energy then it will actually give back, in other words if it's going to take us five years to get everybody up and on speed with this network and with the costs associated with it and the learning curve associated, five years from now technology will have changed, will we be starting all over again. I mean these are concerns, nurses are already dealing with technology changes every day and there's new equipment, there's new beds, and is this one more thing that's going to take more time and then what will be the benefit, will this really benefit patient care at the bedside.
And again will this system support evidence based practice, which is one area where I think there's a big plus, I mean nurses believe that if information is networked then they can more easily show that information actually does add to practice, and again, that's a piece of research, being able to access large datasets is often seen as a plus but yet there are risks associated with that in terms of protections for patients.
Commitment to the profession, nurses as a whole are not only committed to patients and to systems where they work and their own personal accountability, but there is commitment on the part of the profession, nursing believes in working from a team situation. Often things that are occurring actually in our setting now, the HIPAA concerns, the confidentiality protections that are currently in place have actually put some constraints on nursing practice and have actually changed much of the way that nurses share information. Let me give you an example so that that comes a little bit closer to you.
It used to be that typically in an ICU setting nurses would tape their report prior to the close of shift, the other nurses coming on would go in and listen to that report. But what HIPAA did was say well you don't need to have that information because you're only caring for two out of the 15 patients so you can really only listen to the information on your patients. So now nurses must individually pass report in most settings versus sharing report within an entire unit, so in other words instead of hearing about 15 or 20 patients you only hear about the two or three that you're actually taking care of. In some ways that's been good, in other ways it's not good, but again, these are changes that nurses have passed on that don't necessarily benefit their time and don't necessarily benefit what they see as unit practice and this is typical in many settings now.
I guess the final question that I'd like to pose is again, will a greater good come from the network. Obviously less paper is better, nurses are big environmentalists, we would be happy to have less paper and have a cleaner environment. But obviously technology brings other questions and information, will nurses be able to get the information they need, when they need it, will it easily be located, will the information be subject to misuse, will it identify risks, bad genes, family histories, things that could actually be used against patients. Will the technology actually benefit the patients in a big way and obviously there's some example of how technology has truly benefited nursing, the cyber libraries that are available to nurses on the units are just wonderful, everything is on MedLine and nursing units actually have access to this information. Websites like nichepeg(?) are wonderful places, sources of information for nurses, and for patients as well, nurses have the ability to pull up documents like family history document from the Surgeon General's website, these things have all added, this technology has all added to nursing practice and actually made it better. And so as we move to some type of National Health Information Network with patient medical records, again, will that technology add to and improve nursing practice because that is what we are concerned about.
Thank you.
MR. ROTHSTEIN: Thank you very much and we'll have questions at the end of the presentation by all the panel members. Our next witness is Dr. Darryl Beehler.
Agenda Item: Panel V - Primary Care Providers - American Osteopathic Association - Dr. Beehler
DR. BEEHLER: Good morning, my name is Darryl Beehler, I'm a D.O., I'm board certified in family practice emergency medicine, quality assurance utilization review. Presently I'm medical director and a staff physician in the emergency department at Douglas Coney(?) Hospital in Alexandria, Minnesota. In a prior life I was medical director of a for profit HMO in Arizona and therefore I have had the opportunity to have first hand knowledge of both sides, or I should say several sides of the street of health care and the agendas that go along with those.
On behalf of the AOA I'd like to thank Chairman Rothstein and the subcommittee members for the opportunity to provide testimony on potential privacy and confidentiality issues raised by the development, adoption, and implementation of widespread interoperable electronic health records, and the National Health Information Network.
Founded in 1987 the American Osteopathic Association represents more then 54,000 osteopathic physicians practicing in 23 specialties and subspecialties. The AOA is committed to advancing the development and utilization of information technology to improve the quality and efficiency of the health care delivery system. We believe that health information technology if properly developed and effectively implemented in close conjunction with the physician community and other stakeholders offers great promise.
The rapid developments in medical informatics is changing the face of the health care delivery system. The AOA commends the National Committee on Vital and Health statistics for its effort to gather important information from various stakeholders regarding the development of the National Health Information Network. It is imperative that technological advances occur through a deliberative process in which physicians and other interested parties are able to provide input and ultimately shape the end product.
The AOA is involved in the U.S. Department of Health and Human Services work to develop the NHIN. To assist the process the AOA and many of our osteopathic specialty organizations have joined the Physicians' Electronic Health Record Coalition, known as PEHRC. PEHRC is a coalition of more then 20 physician organizations dedicated to assisting physicians, particularly physicians in small and medium sized ambulatory care medical practices to acquire and to use affordable standards based electronic health records and health information technology to improve quality, enhance patient safety, and increase efficiency. The AOA remains committed to achieving these goals.
Several years ago the AOA formed a technical advisory committee known as TAC, this was to support the development and adoption of electronic health records and health information technology, and to counsel and advise the association's strategic use of advanced information system technology with the goal of enhancing the effectiveness of osteopathic physicians in the delivery of patient care and promoting public health. The TAC, which I have the pleasure of chairing, represents a cross section of osteopathic physicians involved in application of technology to the practice of medicine.
Robert Juhasz, D.O., past president of the Ohio Osteopathic Association and a member of the AOA's Council on Federal Health Programs, participated in a panel discussion with President Bush on January 27th in Cleveland, Ohio. Dr. Juhasz shared with the President details on how the adoption of new technologies is improving the quality and effectiveness of care in his practice at the Cleveland Clinic Foundation. Dr. Juhasz explained that the Cleveland Clinic Foundation's secured electronic patient portal, MyChart, patients may receive test results and their doctor's recommendations, schedule appointments, request prescription refills, be empowered to better understand their health care needs when they have greater access to great portions of their health information through a secure, encrypted, web based site.
The philosophy of osteopathic medicine is that the physician in coordination with the patient acts as a teacher to help patients take more responsibility for their own well being, to maintain their health and to change unhealthy patterns. Osteopathic physicians assist patients in developing attitudes and lifestyles that do not just fight illness but help prevent it. Preventative physical examinations, screening services, and patient education all contribute to improving patient's quality of care and health. Health information technology has a tremendous potential to improve the interaction between the patient and physician.
The foundations of the patient/physician relationship are trust and transparency. Therefore the development the development and implementation of a National Health Information Network must enhance, not hinder, this relationship. Special attention must be given to the impact the network will have on the patient/physician relationship and security of patient information. The benefit of health information technology and the patient data contained therein must balance potential benefits against the potential misuse of patient data in violation of the patient's privacy.
In July 2004 the AOA issued guiding principles on e-prescribing, including safety, privacy, transparency, design, integration, scalability, and timing. We believe these general principles also apply to the development of the National Health Information Network.
Safety, one comprehensive intact system is needed to hold all the clinical information on an individual creating a safety net. This can lower adverse affects and increase the overall safety of a patient's encounter.
Privacy, information on patient's information should be current, comprehensive, and compliant with HIPAA, and must never be used for unintended activities such as those not directly related to patient care.
Transparency, third party involvement must be transparent and disclosed.
Design, financial interests should not dictate the design of the system, in other words all drugs should be available. Standards must require fail safe in any system to prevent the introduction of new health care errors.
Integration, systems should be proven and should integrate with existing health care technology and the existing workflow, in other words downloading the patient data from previous electronic medical records.
Scalability, any standards should be broad based and applicable to all health care delivery systems.
Timing, these standards should be placed at the earliest possible date to allow software vendors and practitioners adequate time to become compliant with said standards and perform all necessary testing prior to the implementation.
In addition to these principles we recommend that your committee explore the following issues as they relate to patient control of data, patient interaction with the health care system and physicians, and the security of patient data.
The increased storage and transmittal of private health data and associated materials places confidential documents at greater risk of misuse. What authentication and encryption measures can be taken to ensure a secure network?
The administration advocates that the development of personal health records. If patients will possess a portion or all of their medical records how will they be assured that they will have the most current information available to them from all of their health care providers? How will the data be synchronized and how will the data on the personal health record be identified and tracked?
Computers cannot solve all patient safety issues. The development and implementation of the National Health Information Network must take into account that a keystroke and other errors are growing problems in health information technology and e-prescribing. As more messaging and sharing of patient's health information takes place via computer network the risk of misinterpreting information increases.
As technology becomes more prevalent in health care patients need to be a vested partner with their physicians to understand both the benefits and the risks of the systems. Will physicians be responsible for informing every patient or will public awareness campaigns be implemented to help ease the transitional patient education process?
Trust between a physician and a patient is paramount. While a National Health Information Network can be a valuable tool it must not create undue external influences over clinical decision making processes which could undermine the patient's best interests.
The variable presence of health information technology and electronic health records in the current United States market is a concern. The price, the measure of quality, the benefits, and the usage vary greatly within the health care community, particularly in physician's practices. Interoperability and consistency is a key when trying to promote an integrated national system, those who may not have current uniformity with other physicians in the part of the state, the town, or even the health system in which they practice.
The AOA believes that the widespread adoption of health information technologies, such as electronic medical records and electronic prescribing, has the potential to reduce medical errors, enhance quality, and improve the efficiency of providing medical care. Furthermore the AOA believes that these technologies are capable of reducing the costs of providing health care.
The AOA supports efforts to ensure that all patient populations, especially those in rural and underserved communities, benefit from this effort. To foster adoption in all practice settings the AOA supports public and private programs that provide needed technical and financial support to implement new technologies.
Advancement in the health information technology development and implementation should not come at the cost of patient privacy, confidentiality and the patient/ physician relationship. Furthermore the privacy data should be protected to foster the ability of physicians to provide the care that they deem appropriate in conjunction with the patient.
Once again thank you for the opportunity to testify today. The American Osteopathic Association remains committed to advancing health information technology utilization and is happy to provide any assistance to the subcommittee as you move forward in your deliberations on this very important topic.
MR. ROTHSTEIN: Thank you Dr. Beehler for that fine testimony and we'll have questions after the end of the presentations. I'm pleased to now recognize Dr. Hale.
Agenda Item: Panel V - Primary Care Providers - American College of Physicians - Dr. Hale
DR. HALE: Hi. I'm here representing American College of Physicians, thank you very much for inviting us to speak on this important topic. American College of Physicians is very, very interested in this area for a number of reasons, number one for the care of patients and quality of care, use of evidence based medicine and making that assessable to patient care. We're also tremendously interested in education, education not only physicians but patients as well. And we're also interested in developing stronger and more useful relationships, those relationships can be from the patient and physician working closer together, having more information, but also with our colleagues, we've become more and more separated from the pharmacists and the nurses and the other colleagues that we work with and we feel the information technology really can give us benefits.
But it's a benefit risk kind of thing and physicians are pretty comfortable with that, that's how we make our decisions, every time we have to decide on something in giving care to a patient we have to say what are the benefits and what are the risks, and feel confident that those benefits outweigh the risks. And I think that's one of the challenges of health information technology is to lower the risk and increase the benefits so that we can optimize patient care.
American College of Physicians has over 100,000 internists and medical students in its membership and in January of 2005 ACP submitted a comment letter to ONCHIT about the RFI on the National Health Information Network and also participated with a collaborative with a number of organizations which is in the written report on this topic as well. And many of the points that I'm going to bring up today were included in those letters.
We feel that the NHIN should consist of a carefully planned network that meets society's requirements of the widespread adoption of a formal set of technical components that are standardized with standards and methodologies and have explicit policies for their use and governance to protect both patients, physicians, and everyone involved in the health care process. We feel this is really centered around patient care and that all of these designs should be centered with the patient as the center. There's a lot of things involved in patient care that can be improved by the use of information technology, this diagram just shows a number of those issues that can be addressed, but they're very complex and in order to have the relationships necessary to improve these processes we have to have the protections with the patient and the other people involved in the patient care as the center and that information protected so that we can share information safety.
We feel that there should be a fostering of the trusted environment and one of the really key roles in doing this is going to be the need for a very extensive educational program. I think one of the challenges now is that there's so much misunderstanding over what these health information networks can be and how that information can be protected and we feel that not only patients but clinicians and everyone else needs to have a much better understanding about what the technology is and what the benefits and risks of these technologies are so that they can make informed discussions and be more involved in the process.
We feel that there should be information, information should be steward by patients and physicians working together and that we need to act as stewards to protect this information. And that patients and physicians work together to control the access, patients have the ultimate decision on who has access to their information but physicians and patients need to work together to decide on what information should be shared and what are the benefits and risks of use of that information.
We feel that there should be a voluntary decision and there is significant concern that by having a have and have not kind of world people may feel pressured in sharing their information and in the past we've seen that with the use of the release forms for information to insurers. A lot of times patients don't even read these forms and go ahead and sign off to share their information because they feel they don't have a choice. So I think we need to work harder to try and help people realize that they do have a choice but they need to sit and the physicians and the patients and those involved in care need to talk about what the risks and benefits of those choices are.
We feel that patients need to have a very strong role in the control of their health information but it needs to be clearly defined. Patients need to be able to choose whether or not to participate in sharing the information but they need to be educated so that it's a very informed choice. They need to be able to exercise their rights under HIPAA and they need to have control over who has access to the records, not only the entire record but the key parts of their record, improved access of control compared to what they've had in the past. They need to know and be able to ask whose accessed their information and for what purposes and they also need to be able to review and request changes to that information when it's incorrect. They need to be able to get copies of their information when necessary and they need to be able to reliably and securely share the information between institutions and providers when necessary to improve their care.
But there's some key other elements to this, once a patient's consent has been granted for the information access the information has to be shared efficiently and also in a trusted environment. And there's a lot of concern in the physician community about the speed of access, as you build more controls for the protection of information how do we keep the benefit of the access of the information so it can be available to take good care of patients. We're also concerned about emergency situations where we need to be sure that we have clearly outlined rules and regulations to protect those situations so we can access information to care for patients in emergency situations where patients may not be able to give their permission, or in cases where it's unclear who is speaking for the patient, such as in pediatric cases and other situations.
We feel the clinician and the patient must have the authority over the access of information and how it's used. Physicians are responsible for maintaining the accuracy of the patient medical information and should work closely with patients to make sure that that information is correct. There's a tremendous advantage in health information systems to improve on this because there's a lot of difficulty and trouble with accuracy at this point in time.
We also need to protect the information from corruption and also from loss, these are both physical loss and also loss when transferred from place to place. And we need to be able to review with patients their information and negotiate when they feel that this information is not accurate and make corrections when necessary. We feel that if we developed these roles better and if there was support to develop these roles better in the patient physician relationship then there would be an enhancement of this relationship and we could as physicians give better care.
Physicians and patients should control the access to the information in the networks in other ways. One of the concerns physicians have is as we build these regional networks there's multi-stakeholder collaboratives that are being built and they have health plans and government and patients and physicians and a lot of different stakeholders involved in these networks. We feel strongly that the patients and physicians should be the ones who make the decision on how the information is used in these aggregated networks so that they can be used for the purpose of improving quality of health care as the number one priority and that there should be transparency in every case on how information is used.
In terms of authorized access to information we feel that the information network is going to end up being a collective network of networks, that there will be in some cases in rural environments like where I'm from in the Adirondacks, it may be most appropriate to have a clinical database for a region where all the information is aggregated. But that's not realistic for the entire network and we're going to have to be able to link these networks together. And ACP feels that there's going to need to be a very well built record locater service to provide this service because the technology that we have now makes it very difficult to match up records and it's labor intensive when there's errors and that can obstruct the care of patients. We feel that the collaborative will need to be a multi-stakeholder collaborative that's regional or non-geographic, non-geographic sub-network level in order to build this record locater service, and that the record locater service should be based on open standards that's set by a standards and policy entity.
We feel that the subcomponents of this system would be the linking of records via registry of names and record location information and sharing among users participating in the system. But by being able to build the record locater system on the sub-network level it would be possible to make decisions on sharing of individual parts of information rather then having to send aggregate large amounts of information to everyone, and that it would enhance the ability to choose to what kind of information should be shared and to give better protection for sensitive information where only certain providers should be accessing the information.
In terms of the privacy and security principles, we feel that the privacy and security principles outlined by the Connecting for Health Initiative spell out what ACP supports. And that is in terms of confidentiality, materials existing within the system should only be disclosed to those who have authority to access that information and there should be significant authentication systems in place to make sure that only authorized individuals are able to access the information and that there's auditing to make sure that everyone, all the access to the information is tacked and is compliant with policy guidelines.
We feel that it's very important that the integrity of information also be defended against lost or unauthorized use and that again, every alteration and change in information is logged and documented and that there should be non-repudiation when we're sending information across networks between hospital systems and providers, it's going to be very, very important to have some sort of method of non-repudiation so that we can have confidence that information is accurate and has not changed during the transport between the two systems.
In terms of wired security, we feel that there should be physical and other mechanisms in place to defend this system from eavesdropping, copying, or other interception of information and that the information should be encrypted. We think that there should also be mechanisms in place to ensure the delivery of information and that there should be notification of delivery between entities. The simplest example is that when I do a prescription there should be notification back to me that the pharmacy received that information.
We think there should be perimeter security with required authorization and credentials and an auditing program so that anyone who's actually accessing the information systems to work on these systems also are tracked and authorized for the levels of access they have. And we think there should be content security, restricting what can be done with the data even by authorized personnel. And we feel that physical access to the equipment should also be protected but that access to the physical equipment doesn't give you full access to all the information, that there are obviously levels of access.
We think the data integration from disparate sources results in a challenge and that there's going to need to be models developed in how we handle this information. There's a new kind of record that we're dealing with and I think it's very difficult to deal with this kind of record for physicians, there's a lot of discussion on how we're going to handle the responsibilities of information that comes from another source, if we don't agree with the problem list who's in charge of changing that if we have a community record. We have to address error correction, who's going to be in charge of error correction, reconciliation and conflicting data. I think these are challenges that we will find benefits out of having the information but these will be some of the challenges that we'll have to face and they're going to be time consuming and difficult.
When multiple physicians and clinicians care for a patient and there's multiple complex problems there's going to be the necessity for new models for who's going to be responsible for maintaining these records and sharing the information. And also what information do you share to other providers.
And then also we're going to need responsibilities on how we're going to search, obtain, and review and validate information that comes in from other resources and how we're going to handle that in our electronic health records. How do we bring that information in, how do we validate that the information was not altered and came from a source that was trusted, and how do we also make sure that it's transmitted in the same form in the same language between systems.
Finally ACP recommends the consideration of a unique patient identifier, we feel that this can strongly improve patient care, we feel that it's going to be difficult to have the kind of efficiency with patient care that we feel will improve patient care without it. We feel that there needs to be federal privacy protections to prevent any access to this information and it shouldn't be based on the Social Security Number. But we feel that it should not be put aside, it should be considered because in order to have quick access of information and be sure that you don't have to lose the time that's going to be necessary to match up records this kind of thing is going to be important when we're taking care of patients that may be moving between systems.
Thank you very much, I appreciate the change to be here.
MR. ROTHSTEIN: Thank you very much for that very comprehensive and thoughtful testimony, we're now ready to proceed with our questions, we'll answer your last slide with a yes we do have questions and first Mr. Houston has a question.
MR. HOUSTON: Thank you, a couple questions and one to Darryl. In your testimony you talked about implicit to it that you're wanting to have implemented within small and medium size ambulatory care medical practices having EHRs, I mean I'm assuming that's sort of the assumption, that it really is important. Has your organization done any cost estimates as to what the impact on a per physician or per physician practice basis would be?
DR. BEEHLER: As you talk about cost per patient, cost per doctor, cost per practice, you get involved with a wide variety of who's saying what, when and how for what purpose. Probably the best number that I heard was the lowest amount was about $9,000 dollars a year per physician every year in a small three man or four man practice. I think that came from the lowest number that we could get out of any kind of bidder through the academy. Then when you go into the cost really of implementing it there was an issue one time that I became very upset with when there was a term being thrown around free is not cheap enough for doctors, that just burns me because it's not the truth, free is not free is really the truth because when you give somebody a software to implement an electronic health record that's only a small portion of the cost. So when they throw that around it's something that is divisive, class warfare, and doesn't help anybody. We have a lot of issues.
I don't believe any physician group in a three man group, a four man group, a four person group I should say, is going to benefit financially from electronic health record, quality is going to benefit, sharing that information that you know about the patient with somebody else is going to benefit, but the actual, the buyer of the service, the implementer of the service is never going to benefit.
MR. HOUSTON: So the bottom line to the practice isn't really there.
DR. BEEHLER: You're not going to benefit, cost savings is not there to the small group.
MR. HOUSTON: That's important, thank you. And I had one other question also, different lines. There's been a lot of tension regarding patient access and control, actually patient control over electronic health information and we heard it today, heard it earlier, heard it yesterday. One of the statements you made in your testimony is that there's a need or desire to have the most currently available information from all health care providers available in this record and so your testimony is sort of in one way sort of towards an extreme which is that there isn't a lot of patient control over access, or maybe I'm misinterpreting that. I mean at least your testimony sort of speak to the fact that you want to have all this information readily available to all physicians in order to serve the patient whereas we hear a lot of comments to the opposite which is there's a lot of concern from patients that they don't necessarily want, or they want to have control over their information. Am I misinterpreting what your testimony is?
DR. BEEHLER: No, there's a definite juxtaposition here. When I was a family doc in a small town of central Minnesota I took care of the full practice of medicine, surgery, obstetrics, everything in a small town. The thing that shocked me is I had no sexual transmitted diseases in my small town, it was amazing but I had all the other towns around me had sexually transmitted diseases. And then when I'd talk with my colleagues they were taking care of my patients with sexually transmitted diseases because they went out of town for their treatment, that privacy treatment, they didn't want other people to know about it. We have to have that information all in one chart, how do we protect it, how do we do it, do we put a disclaimer on every electronic health record that this is probably an incomplete record, we put a disclaimer on all of them because we know there are certain things that are not going to be on the charts and for the belief that it's going to be complete. I think what I believe is that the patients should be able to see their entire record, the patient should be able to see the entire record, and I think their primary care physician should be able to see their entire record but I don't believe that the physical therapist should be able to see the entire record or a lot of other people that you refer sections of health care to.
MR. HOUSTON: But as opposed to the patient having, it sounds like you're not really giving, you're not advocating the patient having, him or herself having a lot of control necessarily over what goes into the record though.
DR. BEEHLER: No, I don't think they should have control over it, I think they can comment on, I think the same way that when I get a record, a nursing assessment of a patient is in difference to my assessment, I make a note that I disagree with the assessment and here's the reason why, and I think the patient should have the same right on their electronic health record, that if I see a patient whose got this and this and this I put it down, the patient disagrees with me, the patient should have a right to add a comment in that they disagree with the input.
MR. ROTHSTEIN: I'd like to ask Dr. Hale to comment on that because that answer as I see it seems to conflict with your statement on page two, am I correct?
DR. HALE: I don't think they actually conflict, I think the issue is that part of the thing we're dealing with is a lack of communication and education and our point is, ACP point of view is that we really haven't had the time in our patient visits to sit down with patients, there hasn't been educational programs for patients so that they can sit down with this and discuss the risks and benefits of sharing information. In my experience with my patients, I have a small EMR in my practice, if I sit down and talk to them and want to share information and explain to them why it hasn't been an issue of them wanting to restrict the access to care givers when the purpose is clear. So I think we can meet the same goal that the information is accessible for physicians when they're taking care and clinicians taking care of patients without heavy restrictions but the thing that's limiting us is this lack of understanding and lack of communication and the fact that physicians and patients don't have the time and opportunity to sit down and discuss these issues.
MR. ROTHSTEIN: Okay, we've got Dr. Cohn and then Ms. Greenberg and Dr. Tang.
DR. COHN: Actually this is really meant to be a follow-on, obviously thank you all for some very good testimony, and Patricia welcome back, I remember I think the last time you were here --
DR. HALE: E-prescribing.
DR. COHN: It was e-prescribing but I think you were actually having problems with your electronic health record at that point too as I remember so I'm glad it's all working again.
I guess the question I'd have and Patricia I'm asking you only because I think representing the ACP you've obviously thought through I think some of this issue about patient control of information and I think you were just beginning to talk about that issue of time spent talking to the patient about information and once again I'm still trying to figure out exactly how this is all going to work but one could imagine that there might be many occasions where you have to talk to the patient before you get permission to access the information as well as also when you're done with the visit what permission can I make available to others so it's sort of in many visits you'd have to have sort of a dual set of conversations.
And I guess I'm just trying to thing from your perspective as well as ACPs what additional resources would you need to make that happen, I mean do you need additional staff, do you need additional hours in the week, we heard earlier about the pharmacists giving up lunch hours, how did you see this happen in a realistic paradigm I guess what would really work given that I think what I'm hearing is sort of this implicit view that you have and I think also ACP is that if patients are well educated and really can be talked to that of course they will allow all this information to be available so we will get to the paradigm that Darryl was talking about which I think I'm hearing from you.
DR. HALE: I think I understand your question and it's actually part of a very larger issue which is our reimbursement methodology. We believe, ACP believes, and I'm not trying to bring in a different platform but it is relevant, we strongly believe that reimbursement should be tied around patient care and quality of care and not how many minutes you're in the room or how many clicks you have on a form or what kind of procedures that you do. And right now it is a system that's got two difficult things that can't be balanced, on the one hand we have tremendously useful information systems to bring information in, we have the ability to take better care of patients, share information between clinicians, on the other hand our reimbursement system does not allow us to sit down and sit with our patients for the length of time to talk about disease management, to bring clinicians together in patient care, and to spend the time to talk to them about the sharing of their information.
Now ACP certainly supports the HIPAA regulations that say for patient care there should not be restrictions on the information and also we strongly which is in our testimony that patients should be able to request changes in their information, but that the physician should be deciding on what information is in there so that it's accurate for patient care. So we do believe that those things need to be protected and the information needs to be available but I don't think that this perceived gap between patients and physician's views on the access of information is insurmountable if there was the time and the availability of clinicians to sit with their patients and spend more time in patient care.
DR. COHN: Can I ask a follow-up on that one? And Patricia I appreciate it, I think what I'm hearing from you is that, I mean depending on what one does with privacy obviously and all of this there are obviously financial implications and certainly, I mean whatever we do in whatever letter we send I think we sort of need to observe, I mean once again I obviously think of all the payers and it's Medicare and CMS as a payer as well as obviously private payers but depending on what road is taken there may actually be need for additional reimbursement to handle societal decisions on this. I think that's what I'm hearing from you.
DR. HALE: Yes, and to your point earlier about what are the costs, every part of the office is affected and we saw that with implementation of HIPAA, in my small rural practice having a patient come in and being properly educated on protection of their health care information, to do it properly they need to be given the information but someone needs to explain it to them. And in the past we really haven't, I think no one has really been able to spend the time and energy in the past to protect information and as I said before we've seen that happen in the past with insurance forms, insurance information, we just sort of, the form came in and we sent the information out and patients really didn't understand how much of their information was automatically being sent. They now are concerned about it thinking that it's in electronic form but it's really no different then what's been happening all along, now everyone's thinking well maybe we should be spending more time on the issue.
But it is going to be time consuming, questions for a nurse, to have a privacy officer who's usually in a small office, one of your nurses to be able to talk to the patients, and to really take care of a patient I should be doing it, I should be sitting down and talking to them about what information is going to be shared, it's just very hard to do that and get through my quality indicators of when their hemoglobin A1C was done and going through their test results and then the test results aren't in the chart so I have to go out and find them and all those other issues, write out a prescription, etc., etc.
MS. BERNSTEIN: If I could just follow-up sort of on the same topic, aside from the issue of whether the physician in the office has the time to actually sit down with the patient, and ideally as you said in an ideal world a physician would be able to sit down and have a dialogue with a patient about what's happening with their records, I'm not sure whether it's realistic, I guess my question is how savvy are physicians about what's really happening with all the data that they collect and share, do they know what's happening with the information at the insurers or pharmacies or PBMs, we heard about marketing today, we heard about what pharmacies are doing, we heard about all kinds of different kind of sharing, hospitals, labs, you talked about having a privacy officer but in a small office that's probably unrealistic, it's probably unrealistic for the doctor, who is --
DR. HALE: That's exactly, at the beginning I wanted to talk about the educational part, I think that is incredibly important and something that is going to require a tremendous amount of resources to educate not just the patients but clinicians as well, we as clinicians need to understand how the information is handled, what information we're sharing and how, and we need to be, in order to be able to have an educated discussion on our part as well as on the patient's part. And I think there's a tremendous amount of education that needs to be done on both sides.
MS. BERNSTEIN: I have regularly conversations with my primary care provider about this, she knows what I do for a living, I do privacy policy and I've been seeing her for a long time so we've had this series of conversations but she's usually asking me, what is I that's happening with all this information rather then the other way around and I'm pretty sure that's a pretty unusual circumstance given that there's six minutes per patient or whatever. How realistic is it that there will be time for this kind of education or this kind of added --
DR. HALE: well, one of the benefits of having evidence based medicine accessible and educational programs accessible, one of the big goals is that I won't have to be spending as much time trying to dig through 20 journals to try and stay up on things that I can't possibly stay up on and some of that time could be used for spending time thinking about management of patients and education and getting other kinds of education on how I take care of patients. So I think there is potential, again it's one of those risk benefits and how do we handle the issue but if we were able to have the resources and build a system where evidence based medical tools were there for me and my patient care from day to day I wouldn't be so concerned about trying to read every single journal article that I might come up on something in two months time and use that time to learn more about the system that I'm using this new paradigm of a different way of taking care of patients.
MS. GREENBERG: You may have responded to this but I'm not quite sure, it goes back to the questioning that Dr. Cohn and others were following on, the extent of agreement here or disagreement, I don't think we need to put it in those terms but as I read Dr. Hale's testimony here under patient control of information I also was wondering, you mentioned patients must be able to choose whether or not to participate in sharing personally identifiable information and exercise their rights under the Health Insurance Portability and Accountability Act, etc., and it wasn't clear to me whether the American College of Physicians' position is in support of the balance there that has been struck by the HIPAA privacy rule where there are disclosures allowed without consent or written consent or without written authorization, or whether in fact your position was that the current privacy rules allow for more sharing of information without explicit authorization or consent then you would support.
DR. HALE: To clarify that, I believe the ACP's position is in support of the present HIPAA guidelines. We clearly believe there are settings where you aren't always going to be able to get full disclosure from patients, emergency settings, and that there should be, although should have a right in the decision of what information should be shared again, we need to be able to educate them. If a patient chooses to not have a portion of their chart by HIPAA regulations sent to another physician they have a right to request that. Now when that happens to me in my practice I say to them you absolutely have this right of not disclosing of this information but here's the consequences and here's the risk and benefit and in practice I don't find that to be a difficult issue because when you explain to a patient that gee, if I don't tell the cardiologist that you're on a medication for anti-depression, an antidepressant for your depression, that may influence the medication he gives you and cause you harm, the patients oh, okay, well they see the right of doing that. To summarize, ACP does support the HIPAA regulations the way they stand and feels that they do work.
MS. GREENBERG: Thank you. That was actually a question I had I must say when I read the collaborative response because it seemed to be an absolute statement about patient's right to control all of their information which is somewhat in conflict with the HIPAA privacy rule.
DR. HALE: Well, I think the reason, the point that we're trying to make is not so much on that issue of sharing information between a physician and physician, I think we're even more concerned about where the information goes outside of that relationship, that's the big one that we're talking about. When we're making National Health Information Networks and we're aggregating information and we're profiling patients, one of big concerns is does that mean patients may be selected out of health plans, I mean there's a lot of risk here that we feel physicians and patients need to be sitting at the table to help with those tough decisions. That's really what those statements were directed towards, not so much a concern that we need to have, more patients need more control on that sharing of information between clinicians.
MS. GREENBERG: But the HIPAA privacy rules also allow release of identifiable information for public health purposes, for research with IRB approval, so there are waives or exceptions beyond just sharing --
DR. HALE: And our statement is that we feel that physicians and patients should be, that those are important things to be done but the physicians and patients should be involved in those decisions and they should be transparent in the use of that information.
MS. GREENBERG: But you are in support of the current privacy rule.
DR. HALE: Yes, but the current privacy rule does not designate who makes the decision in my understanding, there's much more authority here then me so educate me if I'm wrong, but it doesn't say who sits at the table and makes the decision of whether that choice for that release of that information fits that guideline of use and is the proper use of the information. If I'm in a regional network in the Adirondacks and I have a regional clinical data repository and there's a request by the health department or anyone else, or a research organizations would be an even better choice because it would be a little grayer, that they want some specific type of information. Well, we have to have, what we're saying is that patients and physicians should be sitting at that table in the decision if that meets the recommendation of appropriate use of that information and that that should not be made without the input of physicians at the table and patients, they should be the primary deciders for that, not necessarily a collaborative of other individuals without that input.
DR. BEEHLER: The question about the data for public health or for experimentation purposes, do you believe that an individual should give up the right for individually identified data to go to that, to experimental purposes? I believe that summary data can be helpful for whether it's diabetes management or whatever, heart disease or whatever, summary data can be use for experimental things but shouldn't an individual patient have a right if they're going to have an electronic health record, personal health record, if anybody is going to have any personal identifiable data to go out that they should have transparency to say yes or no?
MS. GREENBERG: Well, actually I'm not one of the testifiers and I'm just trying --
DR. BEEHLER: I'm just trying to understand the question here.
MR. ROTHSTEIN: Well, generally speaking the rule is that if it's research it requires specific authorization but I believe Marjorie was talking about the situations, the unusual situations where an IRB can waive individual authorization if there are various criteria satisfied such as minimal risk and so forth.
MS. GREENBERG: And in public health there's also if it's required by state law regulation --
MR. ROTHSTEIN: There's broad public health provision and many others, law enforcement and so forth.
MS. GREENBERG: Because we've had, I mean we have had testimony I think at the last hearing that said that they felt that the privacy rules had gone, should require more consent or more authorization then they currently do and I think it's useful to know where groups stand on that particularly --
DR. HALE: Fortunately IRB boards are made up often of physicians and patients.
MR. ROTHSTEIN: Dr. Tang.
DR. TANG: Thank you. Pat, I appreciate both your testimony in terms of focusing on the collaborative response and also the College's important participation in that because I think that process is a good process. An interesting thing where the ACP seems to be a little divergent with the collaborative response and invite your comment on it because it came up just with the last session that the pharmacists were saying, were certainly intimating that a unique health identifier for individuals would be a good thing and one of the representatives said that they had as much as 25 to 30 percent of their, 25 to 30 percent problem with correctly identifying or accurately identifying a patient and matching it to their profile in Walgreens. And I notice that the College has decided in your last paragraph to say that you would advocate for a voluntary unique health identifier. Can you provide some background on that rationale?
DR. HALE: Yeah, I'd be glad to, that was actually as you can imagine a very lengthy discussion within the College and was slightly in not direct contrast with the collaborative response because we negotiated for wording that allowed for any identifier to be used. The reason that this has come up within, we have an informatics subcommittee that has a lot of people who work in information systems all over the country and there was tremendous support within that group that a unique patient identifier would enhance the quality of care that we can give because of the complexity of matching patients and the errors in the systems to do that, very same thing that the pharmacists are talking about. It's wonderful to say that you can do a five or seven match, item match and be able to transfer the records but in real time when you're taking care of a patient that takes time.
And those actually, some of those issues were why we in our region in the Adirondacks decided to do a central clinical data repository with an NPI because in order to access a patient's record fast and efficient and in an emergency situation, in an emergency room, and in office, those errors can become obstructionary because when there's an error and a mismatch that takes human intervention to fix that match. And that means information that's not accessible for some period of time if at all.
So it's a significant problem in health information systems because of little issues about the difference of proprietary systems and how they actually list. Exactly what was said earlier, I was shaking my head up and down because that's exactly the same, how do you even do a birthday, simple things that we take for granted differ between proprietary systems and we don't have, we're not going to have an open source system running the entire network, that is also why we recommend the RLS as a measure to try, as at least a measure to try to move forward in having a system set up for rapid identification of patients so that care can be given. If I'm sitting in a situation and I want to take care of a patient --
DR. COHN: Patricia, RLS --
DR. HALE: RLS was for the record locating system, I'm sorry. If I'm sitting in my office in Ft. Edward and a patient comes in and I want to access information, or in the emergency room in my hospital, I need to have that information usually very rapidly in order to take care of that patient. But in the setting where I need a record say from Albany Med for a patient who was there a couple of weeks ago then it's not as big an issue to have that information and if you had to cross match them it wouldn't be quite as big an issue. But there's still going to be settings where a patient of mine ends up in the emergency room at Albany Med and needs care and that care could be compromised because of that matching process not being able to pull the record from my system.
DR. HARDING: Ms. Badzek, I was impressed with your testimony and I work in a moderate size hospital, 1,000 beds and so forth, and we've been rolling in an electronic medical record and so forth and the nurses of course are always the canaries in the mine shaft of getting that brought in. And I was impressed with your testimony that a great deal of time and effort has to go into inputting the electronic medical record and I just got kind of a sinking feeling listening to you in that I had the feeling like a lot goes into that and not a lot is shared, that is that it becomes a silo and that the physicians and others are not taking as much out as is put in. And some of that I'm sure is Joint Commission requirements and so forth but I really have concerns that these electronic records are going to be huge data storage but not used appropriately or as thoroughly as we all hope they will be and that communication is decreasing between professionals in hospitals because of them, because of the time commitments that go into it. I know I have colleagues at the VA who say they sit in front of a computer three hours a day, three hours a day in front of a computer. Now some of that time they sit an talk to patients and type while they're talking but three hours every day into that, and I'm not critical of the VA system, it's a wonderful system and it has lots of information, is it worth it.
MS. BADZEK: Well, I think that's one of the questions and I'm in 100 percent agreement with you that much of the information that goes in currently from what I hear from nurses, of course I'm like in the tower and they're out there and they're sharing information with me, is that much of what goes in is not utilized and that there is a lot of repetition going on and that much of their time that they could be with patients is required to input. And then of course there's fears associated with inputting, mistyping, you can't hurry, you can't check the wrong box, so then there is a delay associated to some degree with fear because they don't work as quickly as they could, because they know that this is permanent once they push the enter key that's the final go round, or then there needs to be a correction which takes even more time. I think significantly, I've recently been in a number of hospitals and there are nurses sitting in front of computer screens at any given point in time --
DR. HARDING: And not with patients.
MS. BADZEK: And not with patients.
DR. HARDING: And not talking to the doctors.
MS. BADZEK: Exactly, exactly, and then there's right now currently because we don't have a system per se in every setting I go in it's different, some are entering into PDAs and then that's being downloaded, so communication is in terms of talking, sharing information, is decreasing.
DR. HARDING: Correct.
MR. ROTHSTEIN: Well, I will ask the final question of the morning and follow-up on Richard's point which I think is an important one. Our hearings today and our entire series of hearings have not been about electronic health records but a National Health Information Network, a network of electronic health records. And so the issue is not so much whether an electronic health record would be beneficial to clinicians or to patients in individual health care decisions, let's assume that is the case. We're concerned with the privacy ramifications of an integrated interoperable comprehensive system and personally I want to be convinced that the privacy risks are outweighed by the benefits to patients and their treating health care providers by an integrated national system that we are in the process of developing. And so I'd like to ask all of you from your experience what do you, what benefits do you anticipate for yourself and for your patients in not the EHR but an NHIN?
MS. BADZEK: Well, I think I mentioned earlier that I think the biggest area, and I know this has come up from the other presenters as well, is in the evidence based practice piece, the access to what is the best way to actually take care of someone, what is proven based upon care we've previously given as the best way or the best method to carry out care and being able to rapidly pull that up from a national system --
MR. ROTHSTEIN: But you wouldn't necessarily need individual medical histories to get that right?
MS. BADZEK: That's right, so that's one thing. The other thing is we have some prime examples of data that actually is wonderful if the patient can carry it with them or it's readily accessible and the Schiavo case has highlighted that and in several states now we have ways that we have physician's orders for life sustaining treatment within state groups where there's a document that actually travels with the patient. If that information was readily available to be pulled up, emergency settings as well as units within hospitals caring for individual patients who had that type of information, I think it was mentioned here when you're talking about children and it also goes true for the elderly, if people who can't speak for themselves, who is it, is that in the record, and then are the desires of someone that were there when they were able, when they were capacitated, actually recorded.
These are some areas where I think it would be very helpful to have a national system because you never know where the person is going to end up at the time that that information is needed. So I think there are a number of things, but again, what is the accuracy of the information, I mean we go back to again this weighing the benefits, the local information where the person was yesterday is probably the most accurate, is what's been transferred to a national system the most accurate information.
MR. ROTHSTEIN: Okay, Dr. Hale?
DR. HALE: I'd like to just give an example of a personal experience to kind of put it in perspective. I had a patient who went in the hospital for hip surgery and was transferred following hospitalization to a rehabilitation center out of the area. He had multiple medical problems and cardiac problems, was on lipid lowering agents and some other medications. When he was hospitalized the formulary in the hospital was different then the outpatient setting so his medications were changed. He was transferred to a different facility with a different formulary and his medications were changed yet again. And then he was discharged back to me, he came in to see me about, I was not notified of when he was discharged because I didn't have a unified system to know that so he didn't end up coming in to see me for about two weeks.
When he came in he was complaining of abdominal pain and nausea and vomiting and when I worked through the entire history what had happened was he was taking too high dose lipid lowering agents and it causes significant hepatitis. And that is to me a perfect example of a situation where there could have been multiple interventions to prevent that from happening. If there had been communication between the facilities on the medications, the admission medications of the patient, that could have prevented the discharge medications from being in conflict with what he already had at home. If the pharmacist had been able to be in communication with the system the pharmacist would have had that information and known not to have duplicate medications given in community setting, he was actually staying with a community member so he ended up using a different pharmacy too. And then I could have known that the patient was discharged and been able to have certainly seen him sooner which would have helped and also been able to see the medications, if they'd been in a unified community medical record.
So that's a personal example of a common problem that we see in medicine, it's one of the more common adverse drug events that we see that's not just a high cost to the system but causes significant harm to patients. And having that aggregated information shared between individuals will make a huge difference for all the clinicians involved in care.
DR. BEEHLER: The National Health Information Network structure, whatever we want to call it, I think is important because it sets up standards and if we're going to be anywhere in this process we have to have the same language of what's going on when and how. We have to make sure that the patient carried with them information, we don't know what version that's in, is it Word-7 or Word-12 or what Word, what the version is. And so we have to have some kind of an ability to make sure we've got an understandable, a really reproducible reliable system and I think national has to be that way.
I think our evidence based medicine, we've been doing evidence based medicine for years and years and years, we call it sharing best practices, whatever. But I think with a national system we're going to get everybody to do the best stuff sooner, I think that's the whole idea is so we can get the latest and the best to the most people in a timely fashion rather then 16 years to get things changed.
I do believe that this minimum, the minimum we need to do is we need to get at least a CCR up and running right now, the continuity care record I think is something that's so important, it hasn't been mentioned here yet I don't believe, but I think it's a logical step --
MR. ROTHSTEIN: We did talk about that yesterday.
DR. BEEHLER: I really support that because that would take care of the lipid lowering agents, a lot of others, so you get this sharing of information, especially when people go from provider to provider, physician to physician, facility to facility, there is a continuity of care snapshot in time of what's happening today and that's what gives us, we will get somewhere somehow.
As I started looking into electronic health records the technology system seemed so simple, seemed so beautiful, seemed so logical, why can't we get it done tomorrow. Then as we get all the tentacles involved and exposed it's going to be a process I think of tremendous conflict and hidden agendas, motivations, pay for performance, is it lowering costs or is it improving quality, we've got the payers versus the providers, we got all these other agendas going on but we need something for the patients now, right now, and basically we can't do them any harm. I think whatever we do we first do no harm.
MR. ROTHSTEIN: Well, thank you for your answer to that question and for your testimony this morning, we appreciate it, it was very helpful to us. And for those of you on the internet as well as those present let me announce what our schedule is going to be. We're going to take a ten to 15 minute break in which we get our lunch wherever it may be hiding and then we're going to resume our hearing in the sense that we will have a working lunch with a subcommittee discussion of our future plans and that will take us through until 1:30 and then we will have Panel VI on specialty care. So we'll be back in about 15 minutes. Thank you.
Agenda Item: June Hearing Discussion - Mr. Rothstein
MR. ROTHSTEIN: Okay, we are back on the record with our working lunch of the Subcommittee on Privacy and Confidentiality. The purpose of our discussion this afternoon is to plan our June hearing and also to talk about some other issues. Let me see if I can summarize our discussions yesterday with regard to the June meeting.
We were talking about changing the structure of the June meeting so that we would have witnesses from two different groups of entities. The first one would be health systems so we were interested in getting testimony from people who had experience with electronic health record systems, not just EHRs but systems. So we were going to hear from hopefully the VA, the Department of Defense, perhaps people representing other large clinics, Mayo Clinic, Cleveland Clinic and so forth, and maybe even some international witnesses who could talk to us about electronic networks in the UK or Australia or other countries.
In addition to that we talked yesterday about substituting or deferring hearing from the IT experts to a fourth hearing and hearing instead from health plans which we have not heard from yet. So in other words we would hear from Blue Cross and we'd hear from Humana and some of the other large health plans that we need to get their perspectives from.
What I would propose and we can discuss this of course is we have two days of hearings scheduled for June 7th and 8th, my recommendation would be to have a morning and afternoon session hearing from the health systems people and a morning session, a half day on hearing from the health plans because there are fewer that we need to hear from, we could have that say two panels with health plans. The reason for that is there is a meeting of the NCVHS Executive Subcommittee which we are hoping can start after lunch on June 8th and then continue for a half day on June 9th. So that would be, let me just put on the table that plan and we can discuss it. Paul?
DR. TANG: What occurred to me based on particularly the pharmacy session this morning is how big a role PBMs have. I didn't think of them as payers, should have but didn't until they made those statements but to them basically for them to get their payment they feel just like patients feel they have to sign on the dotted line, they feel that they must give them everything that they ask for. It was very clear when I asked well have we passed the minimum necessary and the response almost seemed like not yet. So I'm very concerned about the transmission of data from pharmacists, a provider, to the payer, PBM.
MR. ROTHSTEIN: How about if we include PBMs, perhaps a panel of them, in the health plans segment?
DR. TANG: And that would be great. The only other --
MR. ROTHSTEIN: Yeah, well how many are we talking, we're talking maybe two or three witnesses? That's all.
DR. TANG: The only other comment is it's also become clear that I think we talked about control of the information and the minimum necessary, I think actually one of the biggest concerns that patients have is at the payer/employer level because that's where discrimination can take place that would disadvantage an individual. So I'm thinking that we may want to make sure, and that doesn't say a half a day wouldn't do it but I want to make sure that we do cover that side of the house in terms of privacy and confidentiality.
MR. ROTHSTEIN: Could you explain a little bit more what you mean? I don't know who you're talking about when you say employer. Are you talking about the employer of the patient or the employer of the providers?
DR. TANG: The employer of the patient, in other words the people who pay for care, people have either an incentive or an obligation to transmit information to get the payment, whether that's a pharmacist or the patient getting a payment for their professional services and that's a point where there may be tension between what you would like to disclose, what's the minimum necessary, and may be beyond that.
MR. ROTHSTEIN: So in other words you're interested in probing the question of how much PHI is sent to the payers in employer sponsored group health plans.
DR. TANG: Because if you read between the lines when patients say they want control of information I think that's because they have a lack of understanding and a fear of where their information is going and so in lieu of understanding what's happening and for what reason they're saying well I'd like to make sure I maintain control, when as Pat was saying most patients by surveys again also would like their information to be widely shared among providers so that they can receive safe, high quality care.
MR. ROTHSTEIN: Well, I'm happy to add that dimension but I would respectfully take issue with the point that patients are being sort of unreasonable in, or mistaken in thinking that their information is not going to everybody under the sun when the fact of the matter is their information can be going to everybody under the sun and we talked about this yesterday with the notion of compelled authorizations. So if you want a job your employer can say I want to see all your medical records --
DR. TANG: I think we're saying the same thing so I don't know that you're taking exception --
MR. ROTHSTEIN: No, I think you were talking about employers as payers --
DR. TANG: Anyone for which you depend on in the system that we have getting either reimbursement or payment for you feel I think an implicit obligation to supply information whether or not that is beyond minimum necessary in order to do the payment function. And so I'm thinking that our policy recommendations may actually deal very strongly with that interface between whether it's the pharmacists provider or the physician provider and the payer.
DR. COHN: Paul, sorry you weren't here yesterday, I think Mark was making the point that yes there's payment relationships such as you're describing but there are also these issues about well geez, to get employed you have to sign a sheet that allows an employer to get all of your information or if you want to get insurance you have to release all of your information, and I think that's where Mark was going to at least in his comment yesterday. And I think some of that may be useful for us to look at, what I was going to say in terms of employer though is to me that there's, and I'm a little concerned if we start wandering off too far in this area, I don't know where we're getting because I don't know what we're asking, but certainly there's an issue called self funded, self funded issues where the employer really is the payer for health care and I think we've heard from them before and obviously they're adjudicators, there's typical middle people that sort of protect things but maybe hearing from them again might be a useful thing to hear. But I think Mark you bring up a very good question, the issue from yesterday, and I'd like to get somebody in here to talk to us a little bit about all of these maybe non-payment disclosures but sort of these issues of well geez, if we had an NHII and people start signing on the dotted line and you're an insurance company or you're a whatever, I mean what is that going to really mean in the future which I think is really the issue you were bringing up.
MR. ROTHSTEIN: Yeah, well actually we did have somebody --
MS. GREENBERG: Did we have a panel with employers?
MR. ROTHSTEIN: Well, not last month in January, and I was the witness, it was wonderful testimony but not memorable testimony.
MR. HOUSTON: There was a lady who represented I think it was some type of meat packing company, was that Wisconsin?
MR. ROTHSTEIN: No, there were other people as well, it was a whole half day of people on that. We had a gentlemen who was a representative of the Work Place Rights Institute, Lou Maltby(?), we had people from the Society of Human Resource Management, and several other witnesses addressing this particular concern.
MS. GREENBERG: Maybe even employer help clinics?
MR. ROTHSTEIN: We can check who all the witnesses were but precisely Simon to take up that question and that was just used as sort of an example of how compelled authorizations result and lots of stuff --
DR. COHN: And I think we will apologize, I know John Paul wasn't there, this was, even though I know Paul reviewed all the testimony he wasn't there physically, I was on the conference call as best I could hear and so obviously we just need to go back and review the testimony.
MS. BERNSTEIN: Can I just ask, Dr. Tang, were you talking about the concern on the part of patients that the information in their medical record might be used to discriminate against them by an employer because the employer is not the plan itself but because they're paying or cosponsoring an insurance plan, that they get their insurance through their employer, you're talking about that relationship? Or were you really talking more about when an employer is actually the plan?
DR. TANG: In this case I'm talking about when the employer is the plan so they're self insured, so they are entitled to that information, there should be a firewall between the people who --
MR. ROTHSTEIN: In theory there is.
DR. TANG: Correct, but it strikes me that we've spent perhaps a disproportionate amount of time on the provider side when actually that's where probably patients want information to flow to, and we may need to spend more, that's my sole point, may want to spent more time on the places where information flows and perhaps too much which is actually maybe the source of patient's fears and concerns and the motivator for their need for control. I'm just saying that that might be where we spend our policy time.
MR. ROTHSTEIN: And in fact even for non-self insured employers TPAs are often under pressure from employers to identify sort of the high cost users and that's quite common, I get reports of that.
MS. BERNSTEIN: That's the point I was trying to make, there's other sorts of discrimination.
MR. ROTHSTEIN: So we'll look into seeing if we can --
DR. TANG: It's not so much just the employer, it's just delving down a little bit on the policies that could make use of data in aggregate or identifiable that they're entitled to so that we can have better transparency about what's going on and perhaps develop policy recommendations that say what filters should be applied because I think because of that obligation to payers, or at least the perceived obligations, there's fairly free flow of information from the professional side, whether it's the pharmacist like we heard this morning, or the provider or even the patient --
MR. ROTHSTEIN: The only thing that I would say and I appreciate your concern about this and I'm very concerned is that the farther we get from the treatment relationship the more complicated it is to resolve the problems that we identify and the less claim NCVHS has that it's somehow within our jurisdiction. So in other words many people are concerned that they won't be able to get life insurance or disability insurance or you name it because their records are so comprehensive and they may have to sign an authorization if they want to apply for this and we don't have the wherewithal to get to sort of the substantive question of whether a disability insurance company or a long term care insurance company should have minimum necessary requirements over what they get their hands on, that's the only issue I would have. I don't think you can solve the problem of health privacy without taking a look at all these things but the farther we get from our core mission the harder it is for us to act.
DR. TANG: It's along the lines that Marjorie was asking about, what's in HIPAA and what's allowable without disclosure and clearly payers and clearinghouses are one of those just blanket and then we apply this concept of minimum necessary of all the places, as again, as I look at what's in the patient's mind where we might want to be more concrete, we as society and perhaps we as policy advisors, might be more concrete about the criteria for minimum necessary for that interface.
MR. ROTHSTEIN: I think it's a wonderful idea and I've actually strongly supported that over the years, I mean pre-HIPAA, I would just add parenthetically that my position is that not only should we apply some version of the minimum necessary standard for payment but we ought to apply a standard of in the least identifiable form. Because if I'm a payer all that I need to know is that patient 12345 who was entitled to health care benefits was seen in some place and the treatment was reasonable. I don't need to know who that is and yet they all get individually identifiable information and they have a right to that, I mean do they really need that. some employers actually over the last ten or 15 years have experimented with the idea of taking out individual identifiers, that is names, and substituting sort of an internal company health care ID number that would be secured somewhere but that concept has really never gone anywhere.
MS. BERNSTEIN: We did hear from the various consumer organizations at the last hearing which might cover some of the issues, I mean I don't know if they specifically at that hearing addressed the issues that you're concerned about today but we can certainly go back to them and ask them to supplement what they've talked to us about and they would cover things like the ability of consumers to get bank loans or other kinds of insurance and so forth that might be at risk because of discrimination of the sort that you're talking about. I don't know if that's, trying to figure out who would be able to give us information about the kind of thing that you're trying to get at. The plans, they're the ones who want the information, they're not the ones concerned about on the other side.
MR. ROTHSTEIN: Well, I think we've heard the concerns, now the question is I would like to hear from the plans their rationale or justification for why they need so much information and whether they would be amenable to some sort of idea to limit the amount of information they got.
MR. HOUSTON: I'm thinking as I'm going to be speaking here, sort of a spin off to some of the discussion is that CMS has broad access rights to patient information records as part of its oversight responsibilities, I know they came into our shop one time and said hey, we want to look at all these patient records and we said they're not the patients and they said so what, we want to make sure that you're charging us what you're charging other patients for. And I guess, as sort of part of the discussion about payers are we going to, should we be thinking about governmental rights because as a provider I'm going to start thinking geez, now they start tapping into my information systems without me even knowing about it in order to do an audit without me ever having, them never having come onsite and can they take all this data and they went to the provider and payer, process services, and me never know what's going on. Is that something that needs to be explored or am I doing, or am I asking a question I shouldn't ask?
MR. ROTHSTEIN: No, I think you're asking a good question but I think one of the things that we need to be thinking about is when we're talking about NHIN it's tempting to sort of revisit all the issues involving HIPAA that we went through already, I mean you could think of --
MR. HOUSTON: Well, this is a little bit different though because if we have a fully operational, fully functional NHIN it doesn't give, there isn't the capacity of a governmental agency potentially to step in and say okay, I'm just going to go look at it, and as part of my oversight responsibility and rights and I'm going to start to look at your data online and I can get to it. It's not HIPAA, it's now this --
MR. ROTHSTEIN: What I'm saying is it's now also possible if we have an NHIN for the policy to say this victim of sexual abuse, her perpetrator had a sort of a very unusual MO and therefore we want to query the medical records of all the women in a particular area to see if there are any other hospital visits where they had the same sort of physical trauma and that of course raises all sorts of privacy questions about people who never filed a police report and now they're dragged into a criminal investigation. But that's a law enforcement issue that is not, there's no end to where we could be exploring this.
MR. HOUSTON: It is interesting, there are types of occurrences whether they be a law enforcement event and the type you described or a oversight like I described where the institution would typically want to know and have a right to know that that type of investigation, we'll just say it's an investigation, is occurring, or that that type of inquiry is occurring. And I think it's absolutely 100 percent reasonable and I can see where this --
MR. ROTHSTEIN: You're talking about the institution like the hospital.
MR. HOUSTON: The hospital knowing that somebody is looking at its records like in that realm based upon, and maybe it's an investigation by law enforcement and it's probably a pretty good example of why we would want to know that, obviously CMS oversight would be another reason. But it could also be county health officials looking for disease surveillance or doing something else, we might want to know whether they're looking at us to see if maybe they're suspecting we have a higher incident rate or mortality rate for some reason, I'm just, I think when there's some specter there that the organization may have done something wrong or at least there's an inquiry to see if they have done something wrong or there's something out of the norm that the institution is going to want to know it. And I think that, I don't know how this, I know this sort of spun off the discussions we had but it just immediately --
MR. ROTHSTEIN: Well, my answer to your question was not that what you're saying is not important and not that it's not relevant, all that I'm saying is there are so many potential issues for us to explore that we'd never get finished our work and as I, and maybe we should have this ongoing process but I think the department is expecting that we're going to actually produce a recommendation within, by the end of the year certainly and at least in broad terms make recommendations on privacy issues.
MR. HOUSTON: But let me say this and I'll say my last piece here and then I'll be done with it. I do believe though that there is a not insubstantial portion of our patient population who looks at those types of inquiries as being, I don't want to say inappropriate but that they're against them, I remember when we were going through, CMS came in and said we want to look at all these records and I was talking to one of the attorneys for CMS and said my first impression is that boy, I wouldn't want somebody looking at my records if I'm not receiving services from CMS and I was going through this and the attorney said you know I don't disagree with you. And my point only is that I'm thinking of things for which there is a potential reasonable sensitivity of patients and as that being an inhibitor or something that's going to get in the way of us trying to further the NHIN, that's my only point.
MR. ROTHSTEIN: How about this suggestion, we are going to have undoubtedly a fourth hearing and we're going to talk about that in a minute about possible times for that, in which we were going to consider the issues of possible research that we need going along with Marjorie's suggestion yesterday, as well as sort of exploring options with IT experts, is it feasible to do X, Y, or Z, and what would it entail and how much burden would it put on whatever. And perhaps our letter to the secretary whenever we get around to doing it should include a list of areas where we think research is very important as well as a list of other areas that we think are important that we will continue to hold hearings and monitor and so forth in the future but going back to my original point I think we need to take a sort of a general stand on the issue of NHIN and identify for the secretary what the major issues we have identified from our series of hearings, that's my point.
MR. HOUSTON: Then I would think that it might be also helpful to simply put this as a bullet point of something to ensure that it's considered.
MR. ROTHSTEIN: We can have a whole arsenal of bullet points. Maya?
MS. BERNSTEIN: Well, I was sort of going to press you a little bit to see if I was understanding your point although now you say you're satisfied, but whether you were trying to get at the idea that even in those places where HIPAA, with a HIPAA rule already has a settled policy that we might not want to revisit where the specific advent of NHIN might change the abilities of a population to get information and so forth, so for example in your law enforcement example the idea that there's an integrated network nationally makes it lots easier for law enforcement to develop leads for example then just walking into the local hospital and finding out if there's somebody with a particular injury, those things that are directly related to --
MR. HOUSTON: The issue that's probably more meaningful as it relates to my CMS example, I as a hospital attorney would want to know if there is some inquiry by CMS into our charging practices and that they were investigating, reviewing patient records to ensure that they're fair, we would like to know that that's going on and my point is is that --
MS. BERNSTEIN: I have no doubt that you'd want to know that, I can tell you law enforcement and other investigators will not want you to know because you can jeopardize their investigation or cover evidence and so forth.
MR. HOUSTON: But typically in a subpoena or the like they'll tell you, or a search warrant, that you're not supposed to disclose and we work very closely with law enforcement, that's rarely a problem. But we would want to know and I think the NHIN, my only point though is that the NHIN does give in theory the capacity and HIPAA supports this for a governmental agency to have access to a hospital's records and my point is is that we may not necessarily unless we really, I guess we could log the heck out of things and see geez, why is CMS looking at 2,000 records, we would want to know that prior to the time that it occurs and we would probably want to be actively participating in any inquiry.
MS. BERNSTEIN: But that's my point is that NHIN makes the ability of law enforcement or other investigators, it allows them to do investigations without you knowing it, which is something that is not necessarily contemplated directly by the rule as it exists now, that there are changes because of the technology --
MR. HOUSTON: I think this allows you to do that.
MS. BERNSTEIN: I'm saying, it allows them to do that but my point is there's a concept in practically obscure, right, the idea that if records are on paper and they are dispersed throughout the country you have to go county to county and look at every kind of record to actually find it. But with the advent of NHIN you can sit down at a computer remotely and look at all the records from New York to California and that is something that's not, that may add new issues that are not specifically dealt with and there might be things that we want to --
MS. MCANDREW: I would clarify that in one respect, in John's case, for all of these, from the HIPAA privacy perspective these are all permissive disclosures so in fact they cannot go on without the provider's permission, now it can go on without the individual permission --
MR. HOUSTON: Absolutely.
MS. MCANDREW: -- and so if you're talking about whether the entity itself --
MR. HOUSTON: It's actually not permissive disclosure because as soon as we questioned why CMS would want to see patient records for patients unrelated, were not, the services weren't being paid by CMS they said you have a legal obligation to provide an opinion of counsel and to which we said great.
MS. MCANDREW: To the extent they have other legal compulsions to make you agree to that but as far as the privacy rule is concerned you can say no and you can take your lumps.
MR. ROTHSTEIN: Okay, I'm going to make a sort of a decision that we need to move on, we've got less then ten minutes and there are a couple of issues that we need to discuss. Yesterday we talked about the desirability of scheduling a conference call to talk about the contents of our June hearing so my question to the members of the subcommittee is given our discussion yesterday and today do you want to have that conference call take place before or after Maya puts together kind of a tentative list of the people that we're trying to contact?
MR. HOUSTON: I think it's a two step process, I think you want to have sort of what's, put the agendas to writing tentatively as to what we think we want to hear and then we can before we actually go out and try to put a contact group together why don't we have a conference call and talk about who we might try to pursue.
MR. ROTHSTEIN: Okay, so how about if we do this, we will get the summary of the meeting put together and separately we will have a summary of the people that we've identified as potential sources and institutions and once that's done then we'll schedule a conference call to talk about specifics, who and how many and what. And so the question is how long do you think it's going to take to get a, not necessarily a summary of this whole meeting but some sort of written document that --
MS. BERNSTEIN: Of just the plans for June --
MR. ROTHSTEIN: Exactly, that we talked about yesterday.
MS. BERNSTEIN: A week.
MR. ROTHSTEIN: So how about if we then adopt the following plan --
MS. BERNSTEIN: Is that reasonable?
MR. ROTHSTEIN: That's fine, so today's the 31st, let's suppose that we all get the information back by Monday the 11th which would be like ten days instead of a week and then I'll ask Marietta to circulate calendars --
MR. HOUSTON: Do we have our calendars out? I mean can we talk --
MR. ROTHSTEIN: Well, I think it's easier just to do it by --
MS. BERNSTEIN: We have missing members today.
MR. ROTHSTEIN: yeah, we're missing Harry, so I'll ask Marietta if this is okay to circulate calendars for beginning Monday, April 11th through the end of April so that we can have, what, that will give us three weeks to have a one hour conference call --
MR. HOUSTON: I was going to say, we should do a one hour --
MR. ROTHSTEIN: We're trying to schedule a one hour conference call some time the last three weeks --
MR. HOUSTON: We're all joking because we think three weeks is probably to wide of a slot, I mean I would think we should try to shoot for the 11th, the week of the 11th if possible unless there's some --
MR. ROTHSTEIN: Well, I'm going to be away three of those five days and somebody else may be away two of those five days.
MS. GREENBERG: What days are we discussing?
MS. BERNSTEIN: The 11th of April through the end of the month.
MR. ROTHSTEIN: So that's the plan. Simon?
DR. COHN: I'm absolutely fine with that if it can be schedule, I guess the other question is how much of this can be handled via email and I guess I would be hopeful that a lot of this might be able to be handled by communications back and forth where we identify possible candidates, questions that maybe haven't been asked.
MS. GREENBERG: What time on the 11th?
MR. ROTHSTEIN: No, no, starting the, between the 11th and end of the, between then and the end of the month --
MS. BERNSTEIN: Finding a time for a conference call during that time. And if before that time if anyone has particular ideas just please send them to me because as you know not being a health person I'm learning all, if you have contacts or you have particular organizations that you know will be able to be helpful to the subcommittee please just let me know.
MR. HOUSTON: I think it's also the reason why we have con calls so we can start to seed those names once we get your list I'll be, I think we can do that, we can hopefully start to flesh in the list.
MS. BERNSTEIN: Before we leave the June if you're going to move on to the next one --
MR. ROTHSTEIN: Moving to July so you --
MS. BERNSTEIN: June, I'm in June still, you talked about the plans and PBMs and so forth, we made very quick mention of international stuff, can we talk a little bit more about that just for a moment?
MR. ROTHSTEIN: Sure, just to go back to what we talked about yesterday we wanted to explore the experiences of other countries using integrated health networks so we thought that maybe we would explore what the UK has done and Australia has done, possibly Sweden, and we'd take a look at some other countries that are perhaps ahead of us in this technology.
MS. BERNSTEIN: I'm just wondering, I got that part, where you want to fit them in since you were already talking about having set up panels for PBMs, during that June, do you expect to be able to fit them in during that June hearing?
MR. ROTHSTEIN: If we do a whole day on the 7th dealing with health systems we will have an opportunity to have four panels, one of those four panels will be an international panel, that was my thinking.
MS. BERNSTEIN: Four panels on one day?
MR. ROTHSTEIN: Yeah, two in the morning, two in the afternoon. So if we did that we could have one of the four would be international and then on the next day where the PBMs fit in is we would have two panels on health plans and one of those would include PBMs. Marjorie?
MS. GREENBERG: I just wanted to note that if we have in the past and not completely have full memory as to exactly how we did it, we have had some presentations around the NHII from people in the UK and even Australia, but we do have very limited ability to actually travel people internationally and so I wanted to make that clear, I mean we can, we have some ability to travel people within the United States who are unable to cover their travel if under exceptional circumstances but we really don't have an international travel budget.
MR. HOUSTON: We can go to Australia.
MS. GREENBERG: That can be a challenge.
MR. ROTHSTEIN: Point well taken, we were thinking of for example Don Detner(?) to talk about UK --
MS. GREENBERG: We can bring him up from Charlottesville.
MS. BERNSTEIN: Can we bring people from Canada? Because I know people in Canada who are experts on international stuff, I don't know if in particular health care but I think we might be able to get somebody --
MR. ROTHSTEIN: Well we traveled somebody from Canada at the last hearing. But yeah, we're not going to bring anybody from Australia but there may well be people here who are experts.
MS. GREENBERG: I just didn't want to raise unrealistic expectations.
MR. ROTHSTEIN: Absolutely.
MS. DOZIER-PEEPLES: I know we heard from Canada and they were talking about the French system as well and I'd like to just suggest that to the extent we can get more capitalistic rather then socialistic systems to testify about how they handle this it might be more informative. I mean both is good but then when you've got societies that have a socialized health care system don't have the discriminatory practices against individuals because they can't, I mean the system is more protective then ours and so I think the privacy issues are different in a more capitalistic system then they are in a socialistic system.
DR. COHN: And you're thinking of which countries?
MS. DOZIER-PEEPLES: Well, like Canada, I mean I don't think a lot of that applies because it's more protective, because the economic system is set up differently so you're not economically --
MR. ROTHSTEIN: No, the question was what countries do you want to hear from?
MS. DOZIER-PEEPLES: Well, I'm not sure, I mean I don't know, I don't know which ones to suggest to you unfortunately, I just thought that I think it would be more helpful if we had something that had an economy that was a little bit more --
MS. BERNSTEIN: I'll see if I can track some of that down during the next week, talk to some of the contact that I have about who might be experts and with respect, and keep in mind that point and just come back to the committee with some information about that.
MR. ROTHSTEIN: Okay, let me move forward to our last item of business and that is planning for hearing number four which we talked about yesterday to some degree and to repeat, to deal with the issue of research, what do we need to know and maybe who ought to be doing the research to find it out for us and what relevance does it have to NHIN as well as the IT issues and who are the major experts on systems design and we need to, we talked yesterday about putting together at some point a kind of a query list so that they wouldn't just give presentations but we could ask them is it possible to do this, is it possible to do this, what are the problems in doing that and so on. And that would be hearing number four, I'll defer for a moment when we're going to be hearing number five. The question is whether July is a possible time to have hearing number four and so assuming that it's no major problem I'll ask Marietta if she would at the same time she circulates the inquiries for the conference call to send out a calendar for July and see when people are available for a two day hearing in July and if that doesn't work then we'll maybe then go to August. But I'd like to do it in July if possible because we already have an executive subcommittee meeting in August scheduled.
MS. BERNSTEIN: Could we do it in conjunction with that meeting? Are there significant technologists in the Bay area that --
MR. ROTHSTEIN: I would assume so.
MS. BERNSTEIN: Is it possible on the schedule to combine that hearing if there are, if there's a significant technologist community there that would not have to travel if we're already there.
[Multiple speakers.]
MR. ROTHSTEIN: We are going to be in San Francisco on the 15th I believe, right Marjorie?
MS. GREENBERG: The 15th of August, the 15th, 16th, and if you're on the NHII Workgroup the 17th and 18th --
MR. ROTHSTEIN: So is there --
MS. GREENBERG: Let me alert people to that possibility now that we've confirmed the 15th and 16th for the executive subcommittee, we're polling for the NHII Workgroup the 18th and 19th.
MR. ROTHSTEIN: But that might be a problem because there's overlap right between Privacy and Confidentiality and the Workgroup?
MS. GREENBERG: Yes, you were thinking of having --
MR. ROTHSTEIN: We were thinking of maybe having a Privacy meeting in San Francisco.
MS. GREENBERG: I don't think you can do that at the same time as the NHII Workgroup. You can just go for broke and try for Friday I suppose, or a day and a half for each, you'll have to talk to the chair of the NHII Workgroup on your left.
MR. ROTHSTEIN: We were talking about scheduling the fourth hearing in San Francisco after the executive Committee Retreat but the NHII Workgroup is doing that right?
MS. GREENBERG: We're polling for that.
DR. COHN: We're polling for that.
MR. ROTHSTEIN: Okay, how about if we do it this way, if it doesn't work out, if there are people on, well, second crack at that is if the Workgroup has some problems meeting then maybe then we can poll our people to see if we can substitute Privacy and Confidentiality.
MS. GREENBERG: Or we could have a day and a half for each, just take up the whole week. It's the week of August 15th.
MS. BERNSTEIN: Another possibility, is there significant overlap between the research component of the hearings you want to have and the IT component, if there's not we could have a one day in July on research and the one day on IT where the IT people are and we wouldn't have to take up the whole week with a two day, we would have time to do that if that's acceptable.
MS. GREENBERG: I think a compelling reason would be if there are people on the West Coast that you feel you would benefit from being in this other venue and if that were the case you could hear from some people in July who are most East Coast located and other people, it's a possibility.
DR. COHN: [Comment off microphone.] -- 12 different times and there may be a case to be made for trying to figure out some way collaboratively since it may be for example that NHII may talk about, may wind up talking about some aspects of privacy which might make it, might make a lot of sense.
MR. ROTHSTEIN: Well, how about if we do it this way, we'll ask Marietta to circulate July and August scheduled for people, Simon and I and Marjorie will try to work out whatever schedule accommodates those.
MS. BERNSTEIN: And again, if you have particular ideas about who might be organizations or witnesses for that hearing, in particular if they're in the San Francisco, where they are, because if they're in the San Francisco area that would make a difference to our scheduling.
MR. HOUSTON: We were talking about that might extend into August would be the developers meeting?
MR. ROTHSTEIN: Yes, if we can't schedule it.
MR. HOUSTON: Okay, that's actually a good place for it because there's a lot of software development going on in that area.
DR. TANG: Your objective for that when you say IT you actually mean the querying things out of a mining a database versus the wires and the machines that get the information around.
MR. ROTHSTEIN: Well, we're going to ask people questions like how would you, would it be possible to have different access rules for different kinds of information, would it be possible to, what's involved in controlling patient --
DR. TANG: That's more of an application provider versus a technology --
MR. HOUSTON: Absolutely but there are a number, I can think of a number of software development, a number of health care software houses out of that area as well as people like HP that probably have broad based experience, even though they're not necessarily a software developer per se they probably have a fairly robust --
MR. ROTHSTEIN: IBM is doing a lot of work in that area, there are lots of companies that do --
MR. HOUSTON: But in San Francisco, I'm just thinking of, I can think of a number of companies that are software companies out of that area.
MR. ROTHSTEIN: I'm using IT in a very sloppy way.
Okay, are there any other questions or comments before we move to the next panel? Okay, thank you, and I would ask the witnesses on Panel VI, Dr. Stafford, oh, Dr. Strafford, I'm sorry, and Dr. Keaton. Thank you for joining us, appreciate your coming to share your thoughts on this subject with us and we'll go as we've been in alphabetical order so we'd ask Dr. Keaton to begin.
Agenda Item: Panel VI - Specialists - American College of Emergency Physicians - Dr. Keaton
DR. KEATON: Thank you. First I'll apologize for not being here and known to you earlier enough to get a printed card or to get my specific qualifications in the materials that were passed out, I'll just tell you briefly that first and foremost I'm a practicing emergency physician, have been for the last 25 years. I was practicing at 1:00 this morning in fact as I finished up with a shift that I traded to free up to come here but I think this was very important, that indeed the viewpoint of a practicing doc be here. In addition to that I wear a number of other hats that may be useful to the committee as we try to work through what is a very thorny problem.
I'm in an urban trauma center, a teaching environment, 100,000 adult visits a year. We see and I personally know the frustrations of not having the data that you need and the data that makes a difference between life and death. If we have a chance I'll share a story from the, well, from a HIPAA standpoint that happened recently, we won't tell you how recently.
I'm also core faculty in emergency medicine residency training program, I'm the professor of clinical emergency medicine at the Northeastern Ohio University's College of Medicine, and I direct our emergency medical informatics program at Summa Health System. I chair continuing medical education for the entire enterprise and I'm here representing the American College of Emergency Physicians where I'm the vice president of their board of directors.
Wearing even another hat I'm on the board of the e-Health Initiative and I'm on the steering committee for Connecting for Health. So there's a number of different viewpoints these comments come from but primarily take them as a doc who's in the pits taking care of patients on a very, very regular basis and on that behalf I want to thank you from the American College of Emergency Physicians for asking us to participate and address this subcommittee.
ACEP is a national medical specialty society with 23,000 members, we're dedicated to improving the quality of emergency care through continuing education, research, public education. If you look at the CDC's estimates for 2003 the emergency departments in this country took care of 114 million patients, all ages, all types, undifferentiated acute medical and trauma problems, in rural, urban and suburban settings, 24 hours a day, seven days a week, 365 days a year. We're always there.
Due to the very nature of emergency care it's often delivered without the benefit of a patient's vital past medical information. Nevertheless emergency care providers perform admirably as a safety net for this country's health care system which is chronically over crowded and chronically poorly supported. The emergency department serves many roles in our health care system. As the interface between the inpatient and the outpatient worlds we provide acute episodic care for patients who either have no access to their primary care, either because they're not in their home area or because they don't have that access, and we also provide care for those who are acutely ill or become acutely injured. We're experts at acute diagnosis and stabilization and we're also a vital link in the public health network.
One common thread that runs through all of these roles is our lack of a stable patient population and our lack of longitudinal data on large numbers of our patients. Many factors including our mobile society, the lack of inpatient capacity that results in frequent ambulance diversions, the provision of specialty services that take patients by helicopters from well outside their normal areas, and changing managed care referral patterns all result in patients ending up at someplace other then their home hospital's emergency department. As a specialty center we see that even more then most.
I've often described my job in the ED as being like an air traffic controller at O'Hare during a snow storm, the difference is that not every plane is on my radar screen and the planes that are there don't necessarily provide accurate information in terms of their altitude, their speed or their direction that they're headed in. It's a good day for me if all the planes stay in the air and no one crashes but it's certainly not the ideal and that ideal I think we can get closer and closer to if we bring the right information to the right docs at the time we're trying to take care of the patients. The emergency department is one of the most complex and challenging practice environments in all of medicine. Clearly all patients will benefit from improved health care information technology but I believe none will benefit as much as those cared for in emergency situations.
The overriding reason that we're looking to create a National Health Information Network and electronic health records is to improve the quality, efficiency, and safety of health care for all Americans. Protecting the confidential patient information has to be a high priority, the challenge is balancing the needs for timely data availability against the desires by some to access the data for nefarious purposes. When the NHII exists breaches of security will be inevitable. Many have pointed to the financial industry as an example of what a secure system should look like, however, if you look at the 2001 Evans Data polls roughly 27 percent of developers surveyed in that banking and financial services industry say that they had experienced security breaches in the prior year, that's 27 percent experienced something. According to the New York Times nearly ten million people were victims of identity theft in a recent 12 month period, the costs for that were quite remarkable. Placing a cost on the loss of confidential patient data will be very difficult although I have no doubt that our friends in the plaintiffs department find a way to do so. The greatest cost however will be incurred if we fail to implement the NHII strategy or surround it with so many security measures so as to make it unusable by patients and practicing clinicians like me.
The American College of Emergency Physicians appreciates the opportunity to provide this committee with our comments regarding privacy and confidentiality safeguards that might be considered as part of an implementation strategy. Emergency physicians are patient advocates dedicated to providing quality patient care and protecting the public's health will protecting the sanctity of every patient's health information. We are concerned however that certain unintended consequences of privacy measures might dangerously impede our ability to deliver the best possible emergency medical care and I want to address you from the, not the 30,000 foot or the 50,000 foot level but from the ground where we spend our time.
We believe that network operations should be consistent with current HIPAA guidelines, they've worked reasonably well for us, and they should include provisions to facilitate access to continuing care in emergency situations. I will say parenthetically that they've worked well for us because of the emergency situation exceptions in HIPAA.
The remainder of my comments will focus on several privacy and confidentiality principles that we believe are critical to implementation of data systems that will allow us to provide the highest quality care to the millions and millions of patients who seek care in our departments every year. I will stress that these principles focus on your charge which is to address issues of privacy and confidentiality and are by no means a complete listing of our concerns regarding the NHII or NHIN as a whole. We did do a response to the request for information and if you're interested I'll be happy to make that available to you, we also participated in the collaborative response.
Number one, optimal management of emergency cases requires rapid, and I underline rapid, access to patient data. Speed and reliability are crucial, if the system is not fast and always available it will not meet the needs of clinicians and patients. Emergency medicine held a consensus conference in 2004 that was published in the Journal of the Society of Academic Emergency Medicine. In a quote from that electronic clinical records should be released immediately upon the certification of a clinician that there is an immediate clinical need for the release of those records. The issues of security, identification, and authentication should facilitate that process, not hinder it.
Number two, the assumption must be made that a patient who is unable to give permission for data access would have done so had they been able to do just that. Our patients can't always provide permission, the sickest ones more often then not. Given the nature of emergency medicine cumbersome or onerous authorization requirements must be avoided, moreover it's vitally important that we have a break the glass policy so we can authorize emergency clinicians to quickly gain access to critical information when time is of the absolute essence. This doctrine presumes that consent would be given by a patient if they were able to do so.
Number three, optimal patient management of emergency cases requires access to complete patient data. Clinicians must be able to trust that the data that they're viewing is complete and truthful. A single data point or a set of data points obtained at a single point in time is like looking at a still photograph or a single frame in a movie. When we look at a movie we are presented with sufficient frames per second to enable the brain to interpret the individual images as a continuous action. Editing a movie, leaving frames out, leaving stuff on the cutting floor, that changes significant portions and can lead viewers to reach incorrect or differing conclusions. In a similar way viewing incomplete data portrayed as complete can cause the clinicians to reach unjustified and potentially dangerous conclusions. If known data is not accessible for any reason the information system must call this gap to the clinician's attention in a very conspicuous manner. We need to know that this is not complete, whether it's that one of the data sources is down, whether it's that as I'll mention in a second the patient has refused to allow you to have data, we need to know that it's not complete otherwise the assumption or the belief is that we're getting complete data.
Number four, emergency physicians must be notified when a patient refuses permission to provide access to some or all of their data. Most of the models enable patients to direct that pointers to some or all of their data not be included in a central database. While ACEP does not disagree with a patient's right to withhold information no matter how potentially damaging that might be to them we believe it's critical that the treating physician be notified that the data being viewed is incomplete. Such refusal alters the point of truth and it requires the emergency physician to look at the data differently.
Number five, public health needs including syndromic surveillance require reliable access to population based data. Access to this data must be assured. Secondary use of this data from the National Health Information Network should support improvements in public health through surveillance, benchmarking, and public policy initiatives. Critical de-identified public health data must be made available to maximize the effectiveness of surveillance systems with or without the patient's permission. Imagine what happens if the index case on a smallpox or SARS or another episode refused to allow their data to be part of a surveillance network and we didn't have that index case and that head start. Also once a risk is identified there must be a link back from the de-identified data to the index case for their protection and for the protection of the public as a whole.
Here's where we get into the nitty gritty, some patients will refuse permission to access their data because they plan to injure themselves or injure others. We must provide provisions for allowing access to critical data to protect the patient and society from the harm that could reasonably expect it to occur if critical data were not disclosed. This is a difficult problem, probably well beyond the scope of this committee, likely would require legislative action.
Emergency patients are a subset of society as a whole and society as a whole has good people and it has some not so good people. Some have ulterior motives for coming to the emergency department, these may include illegal and dangerous drug seeking behaviors, they may include terrorist activities, they may include personal injuries that took place, imagine the patient that comes in with a radiation related injury, we send them out without that surveillance or information so that they can have their dirty bomb weeks or days later, those type of things we need to be able to provide some protections for. Other patients may represent a threat to themselves or others due to psychiatric conditions and toxicants or criminal activity.
And finally number seven, while not strictly under the purview of this committee we would like to stress the fact that consideration must be given to the potential tort liability risks inherent to creation of this network. That in and of itself could shut the whole thing down in terms of people not being willing to participate. Two major legal impediments that we see, first involves the liability for breaches of security, if you have no system you have no breaches, you have no risk, but the danger to society as we see it is substantial. The other involves liability for failure to notice or correctly interpret issues hidden in the vast volume of newly available results of tests that were not necessarily ordered by the clinicians that's involved. Imagine being sent to the New York Public Library and being held responsible for something that's buried in one of those volumes that you didn't read and being told that you really should have read it. Patients have thousands and thousands and thousands of pages of data that will become available and we have to find some way to reasonably deal with that.
Once again thanks for providing the opportunity to address the areas of concern to emergency physicians and the patients we serve. At this point I'll entertain any questions or move to the next presentation.
MR. ROTHSTEIN: Thank you, you've certainly given us a lot to think about, and we're going to be doing that and listening to Dr. Strafford at the same time.
DR. STRAFFORD: Good afternoon, I'm Craig Strafford, as I said this morning in the introduction I'm an obstetrician gynecologist, I have practiced OB-GYN for 30 years. What I would like to do in my remarks is give you a little bit of orientation about what I do, what the American College of Obstetricians and Gynecologists are about, give you some examples from the system in which I work which is entirely paperless, and then I do have a handout, has that been distributed? Okay, and then basically it's the last five slides that are the meat of what I would like to say and give to the committee and having listened to all the other testimony today I think that there are some nuances on what has been produced before in terms of testimony but basically you'll hear some themes that have been expressed previously.
The American College of Obstetricians and Gynecologists has 35,000 fellows, we do not have any idea how many fellows are using electronic medical records or electronic health records in their practices. As to the number of women served approximately 95 percent of OB-GYN, of physicians practicing obstetrics and gynecology are fellows of the college, so with a high degree of probability if a woman has seen an obstetrician gynecologist in this country she has been cared for by one of the fellows. ACOG is organized to foster and stimulate improvements in all aspects of women's care, to establish and maintain standards for practice, and to promote professional education and promote patient education.
I've color coded the slides green for OB-GYN and blue for Holzer Clinic. There are four issues of concern to the American College as we knew that this opportunity for presentation was coming up. One is the political agendas in patient privacy. In the state of Kansas there is an attorney general who wanted to have from the information system all of the names of all of the women who had sought pregnancy termination and I think one of the safeguards that would need to be in the system would be if there was political sensitive information in a patient's health care record and a system had the ability to index all of those patients how would that patient privacy be protected.
A second area for concern with the American College is adolescents. Adolescents do not always have their priorities straightened around and they do some experimentation with life and part of that can be the adolescent afraid that she may have acquired a sexually transmitted disease. We want to encourage the young woman to come in for care and not have the divulgence of her fear be a barrier to her seeking health care service, so that if we had an electronic medical record that was in a database that that index could be penetrated how would that woman feel secure about seeking anonymous care.
Another major area of concern for fellows within the college is the cost of the implementation or the starting or the adoption of an electronic health record and one of the presenters this morning, the gentlemen from the American Osteopathic Association speculated $9,000 dollars. I think that as he said was the low end, I think the high end is much, much higher then that, maybe three or four times that.
PARTICIPANT: [Comment off microphone.]
DR. STRAFFORD: Yes, he did say per year. In large hospital systems there is often more of a motivation to have an electronic record because of the interaction of multiple providers, lab and x-ray, as I'll say in a few minutes that's what we have at Holzer Clinic three to five person practices which are the majority of the practices in this country would not necessarily have the resources to commit to the implementation of a record and part of what I'll say at this point and then reinforce later is there needs to be a cost benefit gain for the practice in order to make the investment. It does clearly afford us the opportunity to provide better patient care but it may not be better enough to afford the expense.
And then as has been alluded to several times the pay for performance piece, if we're going to look at payment reimbursements to providers based on meeting criteria for care and that is in the, that is more readily determined by an electronic database then it is by a graphite and cellulose paper and pencil, it may be to the disadvantage of a provider not to be able to demonstrate their proficiencies of care. So that may be a motivation for them to invest in an electronic medical record but here again the cost may be prohibitive.
Let me tell you a little bit about Holzer Clinic, Holzer Clinic is in the central part of Southeastern Ohio, we have eight sites of operation in Ohio and West Virginia, we are 100 miles north to south and 100 miles east to west. We have about 470,000 patient visits a year, we have about half of our patients are Medicare and Medicaid so that if you look at our gross production, our gross revenue from our gross production is about 54 percent of our billed charges, that then is our revenue base against which all of our expenses are put. We have at the present time 174 providers, 127 physicians and 47 mid-level providers.
In your handout it says annual cost, this is a cost, the $6.4 million dollars is the actual investment that we've made in our electronic medical record in the last four years and these are the categories of expense, there is some programmed expense in this list for the rest of 2005 but that lets the committee see the categories in which we've made investment and some sense of the handle of that, some sense of the size of it. In addition to this we think we've spent about $350,000 dollars to actually specifically meet the HIPAA requirements.
We compared ourselves to other industries, this slide was actually developed by our IT people and was presented to the clinic's board of directors to help justify the expense and try to compare us to other industries. We are at 4.1 percent at present and we will be at 5.5 with projected expansions of our systems and system enhancements that we've already, for which we've already contracted.
To give you a very brief history, the organization made a commitment in 1992 to adopt an electronic medical record. At that time we converted from a dictation system for all of our clinical notes into using a computer based system. From that we then, that was the electronic conversion, we then phased into that a lab ordering system and a lab reporting system, the idea being that you can order the, the lab ordering component is not yet there, I am still circling desired laboratory studies on a sheet handing it to a patient and she is taking that to the lab but the reporting of the lab comes back to me electronically as soon as it is available. The same is true for radiology, we are still ordering diagnostic services on a piece of paper but the report comes back on the system.
We are fully integrated within our entire service area and I personally have not used a paper record for anything this year, there are people within our organization who have not used a paper record for the last six months. We have mandated ourselves that no one in our system will use a paper record after July the 1st of this year.
And I need to confess and add something here, our system crashed on Monday and you're smiling, there was not a smile in our organization, it is absolutely totally devastating, we couldn't do anything and we just really were paralyzed, that's the third system crash we've had in two weeks because our IT people are trying to interface a lot of the expansions that we had, for which we had contracted and it's one of those, and I think when possibly to leap ahead of what you as a committee will hear, when you talk to your vendors they tend to promise a great, great deal but the actual reality of using it, and our system is not particularly big, I mean 400,000, 500,000 patient visits a year and 100 miles east to west and north to south, I mean this is not a big system but it is a system upon which we have become completely dependent.
Now some of these philosophical points you've heard before, the electronic medical record or health record can replace a paper record, we do achieve some real increased functionality, results reporting, dictating, structured notes, prescription writing, test ordering, charge capture, coding, scanning and tasking. Tasking is something that is working out extremely well for us right now and that is if a patient calls in for a prescription renewal it is tasked to me, it shows up on a memo on the computer on my desk, I can then go into the patient's chart and see if her request is appropriate and then can task back to the pharmacy to refill the prescription. That is a big savings, you don't have to pull the chart, you don't have to wait to get the chart, you can just take care of it right then and there.
I am horrifically concerned that the IT department wants us to use templates and I think, for patient encounters, and I am afraid that templates fantastically bulk up the chart with not specific patient information and Brian talked a moment ago about having information and its validity to work with, you get all of this garbage and I say that respectfully about review of systems and past medical history and social and family history that is in there in terms of coding requirements for reimbursement, adds very little if any useful information as you are trying to scan back through that chart when that lady shows up with an acute care situation and you've got all this material to wade through to try to find the significant aspects of her most recent or a recent health care encounter.
No one who has presented thus far has talked about what is a medical record, in my experience a medical record is simply a diary of the patient's health care encounters and into which is layered periodically reports about lab and x-ray or consultations. In our system we scan in information from outside providers and then our medical records department is a library of all of this information that's simply filed by the patient's name or some identifying number.
I would argue that if we're going to have the benefit of an electronic health record we have to find a way to go in and mine the data out of that information, to look for the ability to initiative preventive services, to look for the ability to initiate disease prevention, in other words at one point I went to our medical records people a couple years ago and I said, and I'm not really sure that we're doing mammograms appropriately on our patients, do we have any idea how many over 40 year old women who come to us for care regardless of the reason but how many of them have had mammograms. So they pulled 1,000 charts and when I was on call I would sit and go through a couple hundred of them at a time just trying to do a stroke count, did or did she not have a mammogram.
With an electronic medical record we ought to be able to do that very efficiently, now whether that violates the patient's privacy, does the woman want to know that she has not had a mammogram, does a man want to know he has or hasn't had a PSA or a colonoscopy or a 65 year old person with emphysema, have they or have they not had an influenza shot or a pneumonia shot. It gives us the ability to help the patients be more healthy but is that a violation of her privacy, it's not, but that's what an electronic medical record might be able to do if we got the system aligned. Right now all we have is a very elaborate, very expensive and somewhat more efficient medical record but it's not a lot different then the paper record we've used for the first 25 years I was in the group.
The potential advantages we've actually talked about, the item on here is a reference to what we're all about and that is the adoption of an electronic medical record has been declared to be a national priority. The annual cost commitment for Holzer Clinic right now is running about a million dollars a year, I don't know that we can demonstrate the savings, we have stopped some of the vans that ran records back and forth between our facilities and the medical records department is down in personnel because we don't have people filing the notes or the lab on the charts anymore but then we've contrasted that by adding some more expensive people in information technology.
I think the patient care benefits could be absolutely priceless in terms of the avoidance of medication interactions, undesirable ones, and finding who needs a screening study of some kind that they haven't had. But I think the affordability in particular will impact how rapidly the systems are adopted.
We have three areas of concern with our medical record and external sites of health care service at present and I'll go through these individually. Event logging versus auditing, we are very much prepared to look where are there breaches of our system, we are not prepared to do a periodic assessment of our system to just see if there are any breaches. And I was trying to think of a good way to analogize this for the committee, my wife and I have a small dairy goat herd, okay, we have built appropriate fence to try to keep our nannies where they're supposed to be and our fail safe is every night when we go to bring them back from the outer pastures to the barn if all the nannies show up then we figure there are no holes in the fences. Now Sunday morning, Easter Sunday morning we were out repairing a hole in the fence, it's not what we wanted to do on Easter morning but it was the reality of have a hole in the fence and you've got to fix it.
I think the comparison here is if we have requirements with electronic medical records where we look at logging events then that's a matter of which nanny didn't come back. If we've got the regular audit then I would have to walk the fence line every day, I don't have time to walk the fence line every day and I think that as we look at the design of systems we need to be sure, or as sure we can or it would be a recommendation and a plea that we design systems that look at reasonable fences, things happen to fences and when there is a breach in the fence then you go fix the fence but you don't want to have to walk the fence line every day.
I apologize if the analogy is far fetched.
Another problem we have is with the Ohio Board of Pharmacy. They currently require two or more forms of user identification for an electronically transmitted prescription. They don't require two forms of verification if you hand the patient a written prescription. We think that this is a commitment on the part of the Ohio Board of Pharmacy to develop a fail safe, they're trying to protect, I understand they're trying to protect, but their system is burdensome. Here again, it's walling the fence line instead of looking where the hole in the fence is.
We also with a computer generated paper prescription the Ohio Board of Pharmacy currently requires us to circulate that piece of paper back to the prescriber and have the prescriber write their name on it and then hand it back to the patient. We think that this is onerous inefficiency, our IT people would like to use a facsimile signature, an electronic signature if you would, and we just think that the $25,000 dollar cost on there is what it would cost us in printers alone in our system, let alone all the time and inefficiencies, time lost and inefficiencies in circulating the printed prescription back to the physician for the physician signature.
One other aspect that has been alluded to earlier is that every once in a while a patient will want to produce a prescription for themselves that did not necessarily come from one of our providers so we think that whatever system is constructed in the future will have to have some kind of safeguard so we can see when we've got a forged prescription. Patients also want to manipulate their data in terms of worker's compensation.
Privacy is a vital issue, I think that we certainly have a number of policies and procedures within our organization to protect the patient's privacy. We think that manual systems are sometimes difficult to secure, if a chart is left out on a counter, a desk top, it's open to be read by other people. We think they're very difficult to audit, the corollary to that is that we think the electronic systems, given some of the problems that we've been talking about today, given an intention or an unintentional breach of the electronic system we think they're actually more secure then the paper system and they certainly could be a lot easier to audit. We think that there are significant benefits with implementing an electronic system if we can avoid unnecessary obstacles.
Individual health care information by and large is private information that no one else wants to see. I think we all have individual health record, there's probably not much interest in any of us looking at anybody else's health record in this room unless, from the American College of Obstetricians and Gynecologist's point of view, unless you've had a pregnancy termination and someone wants to embarrass you with that, or if you've had a sexually transmitted disease and someone wants to embarrass you with that. But by and large if we're building a system we don't necessarily need to worry that the kinds of things that Brian and his colleagues would look at in the emergency room is information we'd want them to have. There is far more likelihood that someone would want to come in and steal financial information rather then patient specific information.
Sanctions we feel should be severe for violations, for deliberate violations or breaches, and that the regulatory statutes should be achievable and doable without being burdensome. That point I think has been made by virtually every presenter.
The government regulatory and accreditation agencies, I mean that's why this committee is meeting, it lags it just a bit behind some other industries, we think there are efficiencies to be gained. The comment about data silos has come up several times, we have tried very hard not to have data silos within our organization but it takes quite a bit of information technology to get the radiology reports, the lab reports, the scanned in outside reports, EKG reports and the encounter notes all together in one record because those are all different systems. Our main facility in Gallipolis which was the original Holzer Clinic is physically attached to Holzer Medical Center which is a not for profit community hospital and we have struggled to be able to get our information to go across in a seamless way. The best we've been able to come up with right now is a go out and reenter the system with another set of passwords in order to be able to get the information back and forth. And our colleagues in the emergency room want clinical information and then we on the clinic side want to find out what's happened to the patients in the emergency facilities and right now the best we can do is a double password, go out of one system and into the hospital system and back and forth.
What should be ACOG's role in the future? ACOG is a national organization which is encouraging the development of data systems, we would plead for the systems to be intra-operatory, that the systems be all able to speak to each other, I think you've already noted that. We would also plead to have a basic standard format of system so that there can be appropriate interaction between systems. In obstetric and gynecology one area in particular where we need to have two systems talk to each other is the prenatal care of a patient which is almost always conducted in an outpatient setting, and then when the patient enters labor and delivery we need all that information including any recent pelvic ultrasounds or non-stress parts on part of the fetal heart rate monitoring. And patients of course enter labor and delivery at all hours of the day and night and a ready exchange of information is highly desirable, a standardized system would facilitate that.
Again, making the same plea in a different way, right now we have lots of independent providers developing lots of unique systems, the systems don't talk to each other, we need to be able to have the systems in a standardized format and also interoperative. Again, we would plead for standards that are developed by the users, by the interested parties, and by all stakeholders, we think the standards should be uniform and I would also plead for whatever correction, modification, change to the system that the ability to change the system is plastic and fluid enough so that we don't get locked in. I know Dr. Cohn has worked with CPT and the RUC(?) and PEAK(?) and all of those kinds of things and we struggle with trying to come from the Harvard based resource value units into new modern procedures. Whatever our IT system is we want to avoid that kind of entrapment in “the Harvard system.”
Recommendations would be for the development, we are very positive about the development of electronic medical records. We think that the privacy issue can be handled with adequate sanctions against careless or intentional dissemination of information, we think that any system can be penetrated and beat, what we're trying to do is to put up reasonable fencing, back to the goat analogy, to keep the girls in the pasture, we're not building a stone wall, we're just putting up field fence but every once in a while you get a hole in it. And then in the interoperability piece is just desperately important.
And finally in conclusion we think that the electronic medical record can certainly afford better patient care, we are fearful about new rules and regulations, I think physicians feel burdened with rules and regulations now, physicians should see the changes as positive. The physicians should also see the changes as affordable. Various presenters have talked about the cost, the quality and the access to the system, those are the three key components.
And finally in absolute conclusion the American College of Obstetricians and Gynecologists very much appreciates the opportunity to have made these comments and we would very much like to participate in future specific sessions where either the standard of care and/or specific issues of patient privacy are being addressed. I thank you for your attention.
MR. ROTHSTEIN: Thank you, Dr. Strafford, appreciate your comments and we'll go to the question session in just a few minutes. I want to note for the record that the American Academy of Pediatrics was not able to have a representative here this afternoon, they were scheduled to be on this panel, but they did submit a written statement and I'd like to for the record and for those on the internet summarize some of the key provisions of what the Academy said.
This statement is submitted on behalf of the American Academy of Pediatrics, an organization of 60,000 primary care pediatricians, pediatric medical specialists and surgical specialists who are dedicated to the health, safety, and well being of infants, children, adolescents, and young adults. Our statement is premised on the critical importance of advocating for the design of improved health care systems to prevent medical errors while still protecting patient privacy.
Most pediatricians practice in small office settings and have limited technology resources to implement multiple interfaces and authentication systems. There is a critical need for a single national system of provider and practice authentication and there are opportunities to leverage the DEA registration process for this purpose. There is an important need for a single method for secure authenticated encrypted data transport that can serve the needs of multiple data types such as immunizations, laboratory results, prescriptions, and health record summaries and multiple interoperability partners such as public health departments, school systems, laboratories, pharmacies, other primary care providers, emergency departments, and hospitals.
Appropriate privacy and access controls must travel with the data and electronic or digital signatures must also travel with the data in an interoperable framework where legal signature authentication is persistent after the data is received. Data sharing and data transport will also require national standards for authentication of users and verification of access rights and must support audit tools.
National standards should also provide a governance process for data stewardship, e.g., RIOs managed the dissemination of data to research organizations. The use of medical records data for practice profiling and quality improvement must be transparent to providers. There is an urgent need to move towards a single technology, the Academy notes there is much to be learned from experiences in Europe with the Public Health Information Network. Whatever standard is adopted for the NHIN it is critical that all interoperability partners including practitioners, EHR vendors, laboratories, pharmacies and health departments receive incentives to convert to a single common standard mode of data transport.
Pediatricians receiving data from the NHIN must have confidence that they know the source of the data that information has not been altered or disclosed during transport and that signatures can convey non-repudiation of the data that has been shared.
Finally the American Academy of Pediatrics believes that a uniform national patient identifier is necessary to allow interoperability via the National Health Information Network. We would encourage the creation of a unique national patient identifier as originally specified under HIPAA. This is particularly important for pediatrics in which patients frequently present with no name (in the case of a newborn) or with changing names (which may or may not match that of the parents). The American Academy of Pediatrics recognizes the controversy surrounding the issue of a national patient identifier and recommends that use of such an identifier be restricted to communications covered by the HIPAA privacy rule. In the absence of uniform national patient identifier alternative methods must provide multiple identifiers needed to correctly link child health records and include provisions for correctly documenting adolescent privacy rights and changing parental or other custodial relationships.
The AAP feels there are substantial benefits from an NHIN that reaches the offices of pediatricians. Management of obesity will be improved if the growth data can be shared. Recognition of developmental disabilities and provision of services to children with disabilities can be improved through coordination of care and sharing of diagnostics and therapeutic plans. Immunization rates can be improved by sharing data as children move to new locations and sources of care. The management of ADHD can be advanced by improved communication of treatment monitoring and improved ease of continuing long term medication. Communication of medications and test results between primary care pediatricians and specialists or emergency departments can prevent duplication of services and help to prevent risks to patient safety.
So those are some of the points that the American Academy of Pediatrics made, I think in some respects they highlight or reinforce that both of you made.
So the floor is now open for questions from subcommittee members. Dr. Tang.
DR. TANG: I want to thank all the testifiers, I think it was really good testimony and a lot of concrete as you were saying at the ground floor kind of observations and recommendations so I really appreciate that. I have one question for you Brian, on number six, that you may need, and I don't know who the you was, you may need to overrule the patient's refusal to provide information and the example you gave was a terrorist. Was is the doctor needing access to some information or a surveillance trying to get access to some information?
DR. KEATON: Those I would refer more to the individual patient encounter. I mean the toughest patients for us to deal with now are the psychiatric patients, the determination whether somebody is capable of making informed decisions or whether we need to intervene and basically what we call pink slip and take away their right to make those choices and act on their behalf. The current regs within HIPAA provide wide latitude for issues of national security and issues of public health and I think we need to maintain the types of protections that are there and understand that oftentimes the overwhelming public need is greater then the individual's right to privacy. I bring the terrorism example, the SARS example, the issues that we have with certain communicable diseases, certainly as we start looking at other possibilities in a more and more dangerous world the people that spend more time interacting with the people capable of some of these acts are emergency workers, whether they're emergency physicians, the EMS workers, police, etc., we need to be able to protect as best we can, and it's a slippery slope.
DR. TANG: One question related to this panel --
MS. BERNSTEIN: Could I follow-up on that particular point really quick? I wanted to know whether you were concerned in respect to those kinds of things, people who are dangerous either to themselves or others, has your organization taken the position that you want the information to be available for the protection of the patient or the immediate physicians, the setting in which the patient is being treated? Or are you talking about affirmatively being able to disclose to not just public health but law enforcement and so forth without a request?
DR. KEATON: There are already, there's clear law in most states protecting the safety of emergency care workers so from that standpoint if somebody is a direct threat to me I as a citizen, not as a physician, have the right to seek protection so from that standpoint it's not as big an issue. The bigger issue, a common occurrence, a patient is very intoxicated, insists on leaving my department and is going to get into a car and drive. Am I obligated to protect the public by calling the police and stopping that patient or am I obligated to let the patient go out and kills somebody or kill themselves? And there are many different opinions on that all the way across the board and many different legal rulings. The practical approach is I would much rather have to face a jury for having stopped somebody from hurting themselves or somebody else then to face a jury for having let that person leave and kill an innocent person but there is no good law for that. Now you take that many steps further and say okay, now we're looking at somebody who's making a dirty bomb and has presented to my emergency department with a radiation related complaint, am I obligated to let the appropriate authorities know that.
MS. BERNSTEIN: Yeah, I guess I was asking more about you have the situation where you're treating somebody who has an ulcer because they happen to tell you that they've been developed an ulcer because they've been embezzling from their employer, something like that, where there's a crime being committed but it's not --
DR. KEATON: The place that we have traditionally drawn the line and this is not College policy, this is more from an ethical standpoint then anything else, the place that you draw the line has primarily been the physical welfare.
DR. TANG: This panels title is specialist and we heard one before for primary care physicians and both of your illustrations were very cogent, your six steps and the prenatal care and so on and so forth. And then I took a step back and looked at these points and I was finding that I don't see how any of them don't apply to primary care and I just wanted to get your impression of that.
DR. STRAFFORD: I think they certainly do apply to primary care.
DR. KEATON: The difference in my setting is the norm in my world is chaos as opposed to the routine visit that most primary care folks have. The patient that I took care of the other day, great example, we're a regional trauma center, they fly me in a 67 year old man who was driving on a country road, no real reason to have an accident, he hit a tree. He was combative at the scene, the helicopter arrives, they paralyzed and inibated(?) him to make his transport. So he arrives to me as an unknown entity and I'm unable to get any information from him, I know nothing about him. I do have a driver's license so I could get identifying data potentially through a regional registry. His blood pressure is 70 over 40, he's in atrial fibrillation which is an irregular heart rate at about 160 beats per minute.
Now I've got a bunch of question, this guy was acting goofy, he's been in a car accident, did he have a heart attack that caused the accident, did he have this fast rhythm that caused the accident, is this an old rhythm and is he on cummiden(?) as a blood thinner which is going to complicate whatever is going on inside of his head, I don't know his med list and I've got all of these questions and each one of these problems leads me down a line of therapy that will kill him if I pick the wrong line and I don't even have an old EKG to know whether he's had this before. Those are the situations we face every day, I mean just to get some of that basic, the continuity of care record would be a wonderful start just to get some of these basic pieces of information on these critical patients could make dramatic differences.
MR. ROTHSTEIN: Dr. Cohn.
DR. COHN: Thank you both for some very good testimony, I mean Brian I guess I should start off by disclosing that I am also a fellow of the American College of Emergency Physicians and practiced emergency medicine for many years, I was actually speaking yesterday about issues relating to lack of information in the emergency department.
DR. KEATON: I spent more time looking for data then I do for anything.
DR. COHN: Well, trying to look through it once you have it which is the other thing. Now having said that though I'm looking through all of this and obviously our responsibility is to try to make recommendations to the secretary relating to privacy and the NHII and probably also that slippery area between privacy and security. And I was looking at your actual testimony rather then the points you were making in your comments about well, in the financial sector 27 percent of the respondents had breaches of security in 2001 and yet at the same time you're saying well geez, if we don't do an NHII we risk public safety and personal safety. I'm also looking at Craig's comments where he's saying that we can make an EHR or an NHII that is more secure then the paper record. Now I do know that there probably are not 27 percent breaches around the country in the paper record currently but I don't, this is sort of a tough one to figure out where the right balance is on all of this, I mean you don't want more security, are you expecting to tolerate this level of breach? Where's the balance here from your view and also Craig?
DR. KEATON: I would suggest in an electronic record you're able to identify the breaches. I would just think back to any medical records department, any physician's office where you've got stacks and stacks of records and the person who is working the desk up front wants to know what's going on with her neighbor and then she goes and looks at the record and nobody's the wiser. But in an electronic environment there's a logging function that says hey, there was somebody in this record that didn't have the right to be there and it's identified as a breach. The breaches that take place in paper records every day are phenomenal, we just don't know about them or count them.
DR. STRAFFORD: And I think that was exactly the point I was trying to make and I agreed with the presenter this morning from the pharmacy industry, I think we want to know when someone has done something that they shouldn't do and the electronic record will allow you to do that and will allow you to know when someone has been into somebody else's record. My please was that we would not be forced to routinely “walk the fence line” to see if there are any holes in the fence, I think that is a burdensome task to put on an over burdened health care delivery system, my plea was to just make it a rule that you shouldn't go where you don't need to be and that if you do there are consequences rather then force us to run a check all the time to try to figure out whose been in Brian's record or has Brian been in mine.
DR. COHN: And Brian, I guess I would just follow-up with the question, you mentioned about basically so many security measures as to make things unusable, what is your view about too many things to make it unusable?
DR. KEATON: There are a number of frustrations, auto sign out, I'm in an emergency department and the IT standard which is based on a number of lawyer's interpretations of a number of different laws says that systems have to sign off with three minutes of inactivity. It takes me three and a half minutes on a phone call to the OB-GYN when I just called Craig and I look back and everything I was working on is gone, that's one. I've spent time doing a number of different activities and find out that because I'm multitasking I didn't finish an activity or sign it out or close it out in a prescribed period of time and it's gone. That's just the auto log out.
There are a number of different places where you have 14 different systems and 14 different passwords and you're trying to remember which is which and which one has changed and which one is updated and you're doing that all at a critical time. There are a number of different things from a security standpoint that can really muck up my world in terms of trying to be efficient and take care of patients. My plea is that we don't add to that complexity. I think there's ways technologically to get by a lot of this, unfortunately they cost a lot of money or they cost of lot of political capital to accomplish and even a single sign in, there's a number of different functionalities that would deal with that particular problem that I identified. We can make a long list of the other frustrations in the real world.
MR. ROTHSTEIN: Dr. Harding.
DR. HARDING: In the last group I was asking about the electronic medical record in a hospital, you've developed a paperless medical record --
DR. STRAFFORD: Correct, both hospital and clinic.
DR. HARDING: In your system, it's a closed system.
DR. STRAFFORD: It is.
DR. HARDING: Okay, what would be the benefit would you see of being able to plug that system into the big system, that is the National Health Information Network? Would it help you? Would it cause more problems then it would help? What would be your reaction to that because you've developed a very good system, if you go into the big system what do you see as the good news or the bad news?
DR. STRAFFORD: Let me answer that question by saying before we developed our system we made a deliberate decision to own all of our own hardware and software because we were afraid to be in the big system and we knew we could have a better chance to control the information in a wholly owned system, not one that was out on the internet. And I actually asked that question of our IT people Monday or Tuesday when I was trying to put this presentation together, we still feel that we would be very much afraid of a system that, I mean you can hack into our system, I could bring our system up right here, right now, if we needed to. The model that I've seen that really works fantastically well is for a time I was on the group and faculty practice advisory committee to the AMA and we had a group of individuals, vendors come in and demonstrate electronic medical record systems and the one the U.S. military has is phenomenal, just phenomenal, and it looked like it was safe and secure and could get the information shipped around quickly. And I also just confessed to you that our system crashed four times in the last three weeks and was down all of Monday and part of Tuesday. We're afraid --
DR. HARDING: Afraid to get on the big system.
DR. STRAFFORD: Yes.
DR. HARDING: Okay, and who's liable for the crash by the way if the patient had a bad outcome, secondary, not being able to access that information?
DR. STRAFFORD: Oh, I am sure that the providing physician would be the culpable party and then there would be a hand wringing like I'm doing right now under the table and anguishing, and I don't know that that's been tested, we haven't been to court yet on any allegations of unwanted outcome and produced a paperless medical record yet, that will be in our future at some point I'm afraid.
DR. HARDING: And your back up is --
DR. STRAFFORD: We'd print it out.
DR. HARDING: You can print it out?
DR. STRAFFORD: Yes, we can print out my office notes ten years back. When I bring the patient's chart up on my computer at the office I can look back ten years, all of her encounters in her chart. But that's only a standard medical record in a different format, what I want to do is I want to find out, in terms of OB-GYN I want to know how many urinary tract infections has that lady had in the last three years, is she now someone that I should refer to urology, I want those patient management tools that I'm not, that I don't have yet. But I think the system has the capability of doing that.
DR. HARDING: Dr. Keaton, any comment on that?
DR. KEATON: I think what the bottom line comes, are we talking about being able to bring up text records or are we trying to bring up discreet data points. Text records are difficult to search but easy to read, requires my brain power to figure out which ones I need. Discreet data points allow data transmission, I mean in my perfect world when a patient would register the data that's known about that patient in my institution, in a regional registry, or a national registry depending on the scope that you needed, would pre-populate the chart that I open up. Even better for the ambulatory patient or the patient whose in critical it would pre-populate a chart that would be opened in front of the patient and they could themselves look at and say yes this is accurate, no it's not here's where there's an issue, I mean that to me would be perfect, it would save a lot of the up front time and we can focus on what's the true problem now, that's one part.
The second part that discreet data points gives you is a much easier time doing surveillance. I'll give you an example, you look at pharmacy surveillance on anti-diarrheal and anti-nausea medicines, combine that with school absences, combine that with emergency department presenting complaints or discharge diagnosis consistent, combine that with the zip code of the patient who presented to the emergency department with that complaint, drop over the top of that a water district or sewer district overlay map and drop over that the rainfall data. And you find out that in Washington, D.C., there was a sewer line that was broken and there were a lot of people in the Rock Creek area that were getting sick. That was done by the Washington Hospital Center who have the biggest Microsoft database of patient data anywhere in the world but it's within a single hospital network. Those are the type of things that suddenly become possible when you have the data and you do the surveillance.
MR. ROTHSTEIN: I have a question for each of you, first Dr. Strafford, have any of your patients asked to have information about their health not kept in the record or limitations placed on the disclosure of that information to people who are asking for information from their record?
DR. STRAFFORD: The answer to both questions is yes. A further clarification, we live in a small community, since it is widely known that the entire medical record is secure in an electronic format, since that has been known no patient has requested that I not put in her record that she's having a test, screen for HIV, whereas in the past the patient has said I don't want that in my record because I know it will end up in the record room and somebody will read it. So actually that's a benefit.
As to patients saying that they don't want something in there my response to the patient is I certainly understand, I will respect your request, why are you asking or what is your concern. There is some obligation to put, I mean I feel like I have an obligation to accurately document the patient's medical condition so I think you run a fine line on this. Dr. Harding in psychiatry probably deals with this, our psychiatrists simply don't have anything in the patient's medical record, it says patient was seen.
MR. ROTHSTEIN: And actually there are many state laws that make it unlawful for you not to include all the information in the medical record. Yet if it goes in and you get a third party request, let's say an employer or a life insurance company, whatever, and you send the whole thing there may be information that has no relevance to what they're considering the person for and yet be very sensitive and we're trying to wrestle with the idea of how do we protect the medical uses but also protect the privacy from especially non-medical uses.
DR. STRAFFORD: Mark, a year ago if a patient's insurer asked for a copy of a record and it said all patient care I would check with the patient and see does she want all patient care or she just want her gynecologic record. Now I don't recall that we've had that request since we've been in a paperless system but I'll be very interested, I'll ask when I go back and see how we handle that because we could transmit the entire record, I think what we're doing right now is probably printing it off in paper and sending it to them but it brings up a very interesting point because you could send, just with a push of a button you could send all the lab, all the x-ray, everything.
MR. ROTHSTEIN: Right, and I think that's one of the privacy concerns that we heard from the consumers last time.
The question for Dr. Keaton is we hear you about your need for information to treat patients in emergencies and I'm trying to also work through if there's a way that would satisfy your needs but also deal with the issues of patients who want to not have everything accessible to everybody. So I have several, three quick options for you and see what you think of these where emergency department personnel, there's sort of like an emergency override where you would have access to a layer of information or a level of information that would not be accessible to sort of the routine office visit. I assume that would be okay with you.
DR. KEATON: That would be the break the glass approach.
MR. ROTHSTEIN: Right. Second would be where you have access to a CCR but not the whole detailed information.
DR. KEATON: That would probably be best, I mean the CCR has the information that I primarily need, I don't want ten years worth of office notices.
MR. ROTHSTEIN: Exactly, or 30 year old information that has no relevance. And I suppose the least desirable but, well, I don't want to categorize it, records available to you with a flag if there's something that has been deleted by the patient, a notation that there's some sensitive information that is not there.
DR. KEATON: I would agree, I think it's important that we know that a record is not complete. The other place that that falls in is if we're using a federated model like has been proposed for the NHII and one or more of the data sources that are known to exist are offline for some reason, I need to be notified that I'm not getting a complete record, for whatever reason.
MR. ROTHSTEIN: Thank you, that's helpful. Dr. Tang had a question.
DR. TANG: Brian you made an interesting comment about how HIPAA was working fine for you and the additional phrase was that partly because of the emergency exception. So outside of the infrequent case where there's a patient who is not able to provide the consent needed how have you taken advantageous of the emergency exclusions of HIPAA in order to render your care?
DR. KEATON: Personally I probably haven't. As a part of a system working with the public health folks and syndromic surveillance and some of the other stuff that we've done there are a number of ways that data is looked at that probably would not pass the test if it was being looked at from a pure research standpoint, if it was being looked at from a number of different ways. There's a lot of data that floats through in the name of security and in the name of public health that needs to be looked at but wouldn't necessarily be available without those exceptions.
DR. TANG: But those are more public health I think.
DR. KEATON: But we are the front end of public health, I mean most of that data comes from my department.
MR. ROTHSTEIN: Any other questions for this panel? Maya?
MS. BERNSTEIN: I just wanted to clarify something that Dr. Keaton said in his testimony, yesterday we heard testimony from I can't remember exactly who it was that physicians generally never assume that the data that they have in the record is complete or that the labs are accurate and so forth, that they really have to, and not being a health care provider, that they really have to take their own history where possible and do their own labs and they do them over every time just to make sure that the current ones are accurate no matter what it says in the records. But you sort of testified that unless the document that you would have from the electronic record has a notation or that somehow you're notified that the record is not complete or not accurate that you're going to assume that it is complete. Is there something about a change in practice or something about the electronic record that makes that different then what we heard yesterday or am I just --
DR. KEATON: At some point you have to assume a point of truth, at some point you have to take those individual frames of the movie and put them together into a continuous action. The better and the more numbers of points that you have in there the better you're able to put those frames together and see a clear picture. The concern that is raised when you know that there's data missing is that raises your awareness as to the possibility that what you're seeing isn't really true. It raises my concerns even greater when I know that that data is not there because a patient refuses to allow it to be there. The most common occurrence in my department is that patient is drug seeking, that patient is involved in whether you want to call it shopping or other activities, that patient is in my department because they were thrown out of the emergency department across the street because they had punched out a nurse, I mean there's a lot of things where suddenly when somebody says no you can't get my medical records it kind of raises your awareness that you need to look further, you need to at least take what you're told with a grain of salt.
MR. ROTHSTEIN: Well, I want to thank both of you for your testimony, I think its been very helpful to us. I think the witnesses that we heard from both days were exceptional and so I want to thank mostly in abstentia the witnesses who testified this morning and yesterday, it's been very, very informative and I want to thank Maya for her great work in helping to line up the panels over the last two days and Kathleen Fyffe --
MS. BERNSTEIN: Michelle Williamson as well.
MR. ROTHSTEIN: Michelle as well, and I want to thank --
MS. BERNSTEIN: Mary Jo Deering, I mean there's a group of staff that helped me because this was my first hearing as lead staff --
MR. ROTHSTEIN: -- thank the staff for excellent logistical support and we are adjourned.
[Whereupon at 2:55 p.m. the meeting was adjourned.]