[This Transcript is Unedited]
Hubert H. Humphrey Building
Room 705A
200 Independence Avenue, SW
Washington, D.C.
DR. COHN: Good morning. Please be seated. I am going to call this meeting to order. This is the first day of two days of the meeting of the National Committee on Vital and Health Statistics. The National Committee is the public advisory committee of the U.S. Department of Health and Human Services.
Is this on?
Good morning, everyone. I guess this one is on. I guess we got a bad mike here. Anyway, good morning, everyone. I guess everyone can hear everyone now.
I want to call this meeting to order. This is the first day of two days of meetings of the National Committee on Vital and Health Statistics. The National Committee is the public advisory committee to the U.S. Department of Health and Human Services on national health information policy.
I am Simon Cohn. I am the Associate Executive Director for Health Information Policy for Kaiser Permanente, and chair of the committee. I want to welcome committee members, HHS staff and others here in person. I believe we will be having Dr. Elo arriving tomorrow, so we will welcome her at that point. We have a new liaison from the Board of Scientific Counselors, NCHS. Hopefully when she arrives, we will be able to welcome her.
Do you want to announce that today we will not be on the Internet, but I believe we will be on the Internet for the remainder of the week, which includes tomorrow's meetings as well as the Standards and Security post meetings, which will occur after this.
I want to remind everybody to speak clearly and into the microphone, so we can capture everybody's thoughts.
With that, let's have introductions around the table and then around the room. For those on the National Committee, I would ask if you have any conflicts of interest related to any of the issues coming before us today, would you so please publicly indicate during your introduction. I do want to begin by observing that I have no conflicts of interest today.
Marjorie?
MS. GREENBERG: Good morning. I am Marjorie Greenberg from the National Center for Health Statistics, CDC, and Executive Secretary to the committee.
DR. HOUSTON: Good morning. I am John Houston. I am a member of the committee, as well as the Subcommittee on Privacy. I am from the University of Pittsburgh Medical Center, and I have no conflicts.
DR. WARREN: I am Judy Warren from the University of Kansas School of Nursing, a member of the committee and a member of the Standards and Security Subcommittee, and I have no conflicts.
DR. REYNOLDS: Harry Reynolds, Blue Cross Blue Shield, North Carolina and a member of the committee, and no conflicts.
DR. TANG: Paul Tang, Palo Alto Medical Foundation, member of the committee, no conflicts.
MR. HUNGATE: Bob Hungate, Principal, Physician Patient Partnerships for Health, card-carrying member of Medicate, and only conflicted to that degree.
DR. STEINWACHS: So, Bob, do you have Part D coverage? I'm Don Steinwachs, Johns Hopkins University, member of the committee and no conflicts that I know of.
MR. LOCALIO: Russell Localio, University of Pennsylvania School of Medicine and a member of the committee. If I have a conflict, I'll announce it prior to asking any question. I don't know of one right yet.
MS. TRUDEL: Karen Trudel, Centers for Medicare and Medicaid Services, liaison to the committee.
MS. MC ANDREW: Sue McAndrew, Office for Civil Rights, privacy liaison to the committee.
DR. SCANLON: Bill Scanlon, Health Policy R&D, member of the committee, no conflicts.
MS. MC CALL: Carol McCall, Humana, member of the committee, no conflicts.
DR. CARR: Justine Carr, Beth Israel Deaconess Medical Center and member of the committee, no conflicts.
DR. STEUERLE: Gene Steuerle, member of the Subcommittee on Populations, no conflict.
DR. HUFF: Stan Huff with Intermountain Health Care and the University of Utah in Salt Lake City, no conflicts.
DR. STEINDEL: Steve Steindel, Centers for Disease Control and Prevention, liaison to the full committee.
MR. BLAIR: Jeff Blair, Director of Medical Informatics at Loveless Clinic Foundation. Yes, that is a change.
DR. ROTHSTEIN: Mark Rothstein, University of Louisville School of Medicine, member of the committee, no conflicts.
MR. J. SCANLON: Good morning. I am Jim Scanlon. I am the Executive Staff Director of the full committee, and I am with the Office of Planning and Evaluation here in HHS.
(Introductions around the room.)
DR. COHN: Welcome, everyone. I want to thank you for joining us. When I saw the snow coming down this morning early, I realized it might be a little trying for many people to get in here this morning, so I want to thank you for everyone being here in a prompt fashion.
Before we do agenda review, I do want to make a couple of comments. This is our first meeting for 2006. I think we have much to look forward to in 2006, but I want to take a minute to reflect back on 2005 and the events of 2005 in relationship to the National Committee.
I think 2005 as we look back on it has proved to be an interesting and exciting year for the committee. it is a year that has witnessed a major acceleration of activities and multiple new initiatives related to national health information policy and movements towards the National Health Information Infrastructure.
I think we all realize that the Katrina disaster, which was one of the headlines of 2005, had many outcomes. It was clearly a tragedy. It did open our eyes to the importance of improved infrastructure, including the National Health Information Infrastructure. We will talk about learning's from that tragedy tomorrow. I know Jim will be leading that conversation.
In addition in 2005, Secretary Levitt's 500-day plan was unveiled, which included as a centerpiece the next phase of the HHS health IT strategy. What we are seeing and participating in is an acceleration of activities and efforts to move health care into the information age, to transform the health care system and improve the health of all Americans. This is a vision we foresaw when we published our document, Information for Health in 2001.
This year's events have also included the establishment of America's health information community and its breakthrough groups. I am pleased that we have NCVHS members participating on the work groups and acting as liaisons from the NCVHS. I particularly want to note Mark Rothstein, who has participated on the surveillance work group, and John Paul Houston, who is on the EHR work group. Thank you for participating and serving as liaisons for that activity.
This year has also seen the strengthening of the Office of the National Coordinator, which now has a budget, key staff in place, and infrastructure contracts underway. As you all know, David Brailer will be joining us later today.
The executive subcommittee including Jim and Marjorie have been working with me on how we can best support and assist the Secretary and the Department going forward in this new environment. As we envisioned last year, our work is complementary to the other initiatives, and of course very much in support of the Secretary's 500-day plan and the President's ten-year HIT plan.
Additionally in 2005, the initial e-prescribing rule was released with significant input from NCVHS, and pilots will soon be starting. As 2006 begins, NCVHS will be providing ongoing advice and guidance to HHS related to versioning and maintenance updates and modification to this suite of standards. I know Karen Trudel will be providing us an update on e-prescribing during the morning's updates and presentations.
HIPAA regulations continue to be implemented and are moving, at least in my view, from implementation to stabilization. As 2006 begins, the committee is actively looking into issues related to optimization of the HIPAA regulations, and we will be talking about that a little later on this morning.
I should also note that 2006 marks the tenth anniversary of the passage of this landmark legislation. We think we will have some celebrations as the year progresses.
Additionally in 2005, the personal health dimension and PHR has received greater focus and attention. Our letter and report to the Secretary was released in September and is now being turned into a formal report. CMS additionally released an RFI on personal health records last fall, and the RFI responses were recently published. Again, I think Karen will be updating on that later on today.
Also in 2005, the Population Subcommittee released its report on eliminating health disparities, a report which is now available on the web, but which will soon be available in paper, hopefully in the next month or so. As we begin 2006, the committee continues to distinguish itself in work-related privacy and confidentiality of health care information, and is augmenting activities in relationship to quality and the NHII.
All in all, there is a lot going on related to national health information policy. Much progress has been made, with much more to do as we move into 2006. As I commented, it is an exciting and fast-moving time. I want to again acknowledge all of you for your hard work and dedication to the task.
I should also mention that because of the pace of events, the Executive Subcommittee has been considering whether to hold a full committee strategic planning retreat later on this year so we can all talk about future activities and work plans. This will be something we will be talking about later on today, and we want your input on this proposal.
With that, let's move into the agenda review. This morning begins with a Department update. Jim Scanlon, our Executive Director, will lead off, followed by Karen Trudel from CMS and Susan McAndrews from the Office for Civil Rights. This will be followed by a discussion of HIPAA return on investment. A letter is in your packet, but is being withdrawn as an action item for today's and tomorrow's meeting. But our co-chairs will be briefing the committee on issues involved in preparation for a letter coming forward in June.
After the morning break, David Brailer will be joining us for an update on the many new initiatives and contracts now underway. As I mentioned, before lunch we will be talking more about the strategic planning retreat and getting input from the full committee as we make final decisions about whether to do it, as well as how to structure it. This conversation can continue based on interest. We have provided what I would best describe as a working lunch to get additional feedback and input from all of you as you see fit.
After lunch, Mark Rothstein will discuss the status of work underway within the Subcommittee on Privacy and Confidentiality. A new report will hopefully come forward in June. This will be followed up by an IOM update on a report titled Performance Measurement: Accelerating Improvement.
After the adjournment of the plenary session at about 3 p.m., we will have meetings of the subcommittees and work groups. Different from previous meetings, we are staggering the work groups and subcommittee meetings so all committee members will have the opportunity, though are clearly not required, at least to be able to attend the various work groups and subcommittee meetings. Thus, after 3 o'clock, the Quality Workgroup will be meeting from three to five, the NHII Workgroup will be meeting from five to probably 5:45, and then tomorrow morning from eight a.m. to about ten a.m., the Population Subcommittee will be meeting. We have had the Privacy Subcommittee meeting previous to this meeting, and Standards and Security will be meeting as post meetings after the meetings adjourn tomorrow.
There will be dinner tonight for committee members and staff. We will take numbers after lunch in relation to the reservations.
With that, Dr. Elo has arrived, so we want to thank you for joining us. You are the new liaison from the Board of Scientific Counselors from the National Center for Health Statistics, and we want to welcome you. I understand you are a professor of sociology?
DR. ELO: Demography and sociology.
DR. COHN: From the University of Pennsylvania. I hope there is no conflict of interest.
DR. ELO: I hope not.
DR. COHN: Another representative from the University of Pennsylvania. But we welcome you. Thank you for joining us. We look forward to an update from you tomorrow about the work of the Board of Scientific Counselors. Thank you.
DR. ELO: Thank you.
DR. COHN: With that, Jim, why don't we let you lead off the updates?
Agenda Item: Update from the Department
MR. J. SCANLON: Thank you, Simon, and good morning, everyone. As Simon indicated as we begin calendar year 2006, a number of developments have occurred since we met in November. I am going to update you briefly on some of the areas related to health IT policy and population health statistics as well.
Let me start with the most recent development, which is the President's fiscal year 2007 budget. The budget, which was sent up just a few weeks ago earlier this month, again continues the effort to promote and accelerate electronic health records and health information technology in health care. It includes a budget of $169 million for health information technology, an increase of about $58 million over the current year, 2006.
Let me tell you a little bit more about the content. $116 million of the dollar amount is for the Office of the National Coordinator, information technology funding. It will support strategic planning, coordination, further analysis of technical, economic and other issues relating to adoption of health information technology.
The AHRQ continues its initiative with about $50 million. Here, part of the funding, $50 million at the Agency for Health Care Research and Quality, will support continued adoption, development and diffusion of information technology in a range of health care settings. Remember, the initial focus was on hospital care. The new emphasis will be on ambulatory care settings as well.
Then from my own office, the Assistant Secretary for Planning and Evaluation, we are designated for four million dollars. We are asked to take on our traditional role of evaluation and economic analysis of electronic health record adoption and the economic factors that promote or hinder and influence health IT adoption in the U.S.
So again, that is the fiscal year '07 budget. The President sent that up earlier this month. In '06, the current fiscal year, we are continuing on some of these activities that we began as well.
Just a quick word about the population health area. In the President's budget, most of our major HHS statistical systems, the Health and Human Services statistical systems, are being funded at current levels, which is actually a major accomplishment, to protect and promote these core statistical systems, because most of the budgets were -- other than preparedness and pandemic flu, most of the other areas have not received large increases. So in a relatively restrained budget environment, protecting these core statistical systems is actually quite a priority and an accomplishment.
The AHIC briefly, David will talk more about this later today, but as you know, the AHIC, the American Health Information Community, has been meeting and is meeting later in March, March 7. They have established four working groups in the area that will report back at the March meeting. The working groups are looking at what possibilities there are for fairly quick breakthrough applications in several areas, and David will tell you more about that today.
More recently, within HHS and within the federal government, we have established an interdepartmental Council on Health Information Technology. This includes HHS agencies as well as the Defense Department, the VA, OMB, the Office of Personnel Management and so on. Again, this is the federal coordinating point for what breakthrough ideas might arise from the AHIC, or it will also serve as a policy coordination point among the federal agencies for what we may want to do on health information technology, electronic health record adoption and so on. Part of that group is an internal HHS group, so it will help HHS get our own policy coordination in order as well.
Again, on the population statistics side just briefly, there are a couple of areas. I will update you on where the Data Council is with some areas that it has established previously, but there is also, as I will talk tomorrow, some focus on the data and capabilities needed to support emergency preparedness, pandemic planning, what did we learn from the Katrina response, the Rita response and so on in these areas that we could do better in terms of health information technology, and data and statistics as well to support decision making and response.
A couple of updates from OMB. OMB has issued -- again, this is on the population statistics side -- guidance for statistical surveys, which is an update of previous guidance. It is also updating some of its statistical policy standards. We will be having a database of this at our Data Council meeting in February.
This is basically best practices for conducting federal surveys and statistical activities, things to consider, how to contract, response rates to look for, certain design features to look for, so it is basically a best practices document.
For those on the public health side, OMB has also issued a draft bulletin that sets out standards and best practices for risk assessments. A number of risk assessments are done in the environmental area, in the public health area, climate change and so on. This is a draft. Agencies are being asked to look at this and comment on it.
OMB has also asked the National Academy of Sciences to conduct a review, to establish a small panel and conduct a review of the draft, and HHS is among the several agencies that will be funding that activity at the National Academy of Sciences.
As I indicated at our last meeting, our Data Council has initiated a study of statistical standards, standards in our major data collection systems and statistical systems. I can brief the committee in more detail on this later, but the focus is on the content and code set standards as well as statistical standards. We are looking at first of all what is already available in terms of standards, what is being used in our major statistical systems. This would include not only the population-based surveys, the health interview surveys, for example, but the provider-based surveys and facility-based surveys as well, to what extent are we using standard classifications that have already been adopted for other purposes, and then we are looking for opportunities for integration or for what would be the payoff and what would be the pathway to including these standards down the orad in the surveys.
We are also considering, and this is an area I know the committee has been interested in and I think we just need final approval to begin this project, both the National Center for Health Statistics and others have asked us to begin looking at the potential of electronic health records for linkage and for utility in some of our surveys.
We have always had a policy and a practice of being able to link health care use data and other administrative data with our surveys when it was justified and under the right conditions, analytic purposes, for example, links with the Medicare data and Medicaid data, social security data and so on. This is done for statistical purposes and for policy research and evaluation. These are not administrative data sets.
But at any rate, we will be -- several agencies have asked, could we begin to look at probably through a workshop which the committee will be able to help us with. Really, we have to look at this in a fairly tough-minded way, not what might be available 20 years from now, but what is actually available now, how realistic is such a strategy, and what would be the pathway again to get there.
I know the committee has started this. I know you have looked at secondary uses of electronic health records, but we will be looking at it in a more formal way, and we will be asking the committee to help in terms of an expert workshop and panel and so on.
One more thing. In January we added at the request of the Secretary in our Minority Health office, we developed and added a web portal on minority data, race and ethnicity data, to our HHS website. This is part of the Data Council's statistics gateway. This is basically an entry to all of our agency statistics on the web.
This was announced at a Minority Health summit back in January, but what we did was just make it easier to access all of the race and ethnicity data that HHS has on the various agencies' websites. So it is a separate, Google-like, not quite at the standard of Google, but simplified, so you can search for specific groups, or you can use terminologies as well. We will be expanding that. I would regard it now as a kind of a test, so any advice you have about making it better, we would welcome.
The Data Council is looking at continuing efforts in four areas, and we have added a fifth. This again is mostly on population-based data. We are looking at what is the adequacy of the data in these areas and what are improvements that we could make, again given the budget climate, which is fairly restrained.
The first area is improving prescription drug use and expenditure data; I told you about that previously, a couple of projects underway. Health insurance data, this was a project that we started under our previous ASPE, Mike O'Grady. We are looking at the adequacy of health insurance coverage data in our major surveys, what accounts for the differences in the surveys, what accounts for the variations in the estimates and so on, and can we understand those better, and which data are more appropriate for various uses.
We are looking at state data on health policy, access to care utilization and health insurance. That is probably the least far along, I would say. And we are looking at the income and asset and related data that is collected in our major federal surveys as they relate to Health and Human Services policy. We don't make separate income estimates here in HHS, but we do use it as a variable to understand Health and Human Services issues.
Of course, there are efforts to improve race and ethnicity data. The portal was one of those. Now we have added a look at what can we do to improve data for public health emergency preparedness for measuring readiness, for measuring emergency preparedness in health care facilities and so on. That is at a fairly early stage, but we have had a couple of Data Council meetings where we looked at what did we learn in the data area, and what are ways of moving forward.
I'll stop there.
DR. COHN: We will hold questions for the moment. I want to welcome an honored guest, Winston Wilkenson. I am going to ask Susan to do a formal introduction for you, but I understand you are the new Director of Civil Rights for the Department. We are very pleased to have you join us today.
MR. WILKINSON: Thank you.
DR. COHN: As you probably know, the National Committee is the principal advisory committee to HHS on national health information policy, including privacy and confidentiality of health care information. We have had a long and very close relationship with the Office for Civil Rights around the implementation of the privacy rule, HIPAA. So we look forward to an ongoing close and collaborative relationship in that regard.
MR. WILKINSON: I look forward to working with you. Thank you.
DR. COHN: Susan, do you want to --
MS. MC ANDREW: I just wanted to give Winston an opportunity to come and meet with you. In December, Rick Campenelli left OCR to go full time into his job as counselor to the Secretary for Human Services. He had been dual tracking as director of OCR and as counselor for most of '05, and it was a tall order which he handled very well, but eventually decided to go full time as counselor.
At the same time, he made sure that OCR was well taken care of, and Winston joined us. This is actually his second tour of duty with OCR. He was a deputy director of the Office for Civil Rights back in 1988. He left Foggy Bottom here to go out to the clean air and snow slopes of Utah. Not exactly sure what lured him back, but we did have a little flurry of snow on the way in today, so maybe it will make him feel at home. But I did want to introduce you all to Winston and just have him say a few words to you, because I know that we will be working with you as he assumes the leadership of OCR. This will be a very important component of our work.
MR. WILKINSON: I am delighted to be here this morning. I have been on the Board about a month, month and a half, so the information curve is huge. I am learning a lot. I look forward to learning more about this group and working with you in the future. I hope no questions.
DR. COHN: No questions. I don't know if it is fair to have anybody ask any questions this early in your tenure. We are delighted to have you take the helm, and we look forward to a close and collaborative relationship. Hopefully you will soon learn, we do have a Privacy and Confidentiality Subcommittee that has been very active in terms of overseeing and providing advice and guidance on all the HIPAA work, of course recognizing that HIPAA is just one step in relationship to privacy and confidentiality of health care information.
I guess I would ask, do any members of the subcommittee have any questions of the committee?
MR. WILKINSON: I am going to be in and out this morning. I have kind of a busy schedule, so if you see me going in and out, forgive me.
MS. MC ANDREW: And Mark Rothstein is the chair of the Privacy and Confidentiality Subcommittee. You spent some time with Mark yesterday.
DR. ROTHSTEIN: Yes, so we look forward to working with you. Welcome.
MR. WILKINSON: Thank you.
MS. MC ANDREW: Should I go ahead and do the rest?
DR. COHN: Did you have anything more?
MR. J. SCANLON: No.
DR. COHN: We will just do the questions all at the end. Russ, did you have a question?
MR. LOCALIO: I'll wait until the end.
DR. COHN: Well, if it is for Winston, you probably ought to ask it now. No, you'll wait, okay. Susan, why don't you proceed?
MS. MC ANDREW: Just two brief items. One to update you on the status of the complaint system for HIPAA. We have as of the end of January received 17,656 complaints. Our closure rate is up to 71 percent.
We have worked a bit to refine the types of entities against whom complaints are filed. The top five continue to be private health care practices and general hospitals as the top two. That has not changed. We have combined several of the outpatient facility groups that were in our system into one grouping, so now outpatient facilities are the third most frequently complained against group.
We have also combined the various types of health plans from health insurance issuers and group health plans into one category. So health plans are the fourth most complained against entity. Pharmacies happily have fallen into fifth place. I'm sure that their drugstores are very happy now.
We are continuing to work on getting more finite information out of our data reporting system. There is a lot of data in there now, with 17,000 complaints. We want to make sure that we get the most information we can out of that system.
The types of issues, that hasn't changed. Impermissible uses and disclosures get the most complaints. Inadequate safeguards is the second most complained about group. Refusal or failure of the individual to access their records, to be able to access their records, is in third place. The minimum necessary standard and problems with defining that is the fourth area. Finally, the need for authorizations or the failure to have them when required to do so is the basis of the fifth area of complaint.
We have 285 referrals to the Department of Justice, and still no further information from the Department of Justice on the second HIPAA prosecution that was underway in Texas. They haven't done much since filing the complaint.
On the regulatory front, last week we issued in the Federal Register the final enforcement rule. This is a joint rule with CMS. It will cover enforcement procedures from the initiation of the complaint through the notice of determination for civil monetary penalty through the appeals process. So it finalizes all of that complaint processing and determination of when there is a CMP and what the appeal rights of entities are who have been issued a CMP. We have not issued our first CMP, so we haven't tested the waters yet.
The enforcement rule will become effective on March 16, and it will replace the interim final procedural enforcement process that is there. It also updates, makes minor changes in the OCR complaints rules, which have been in the privacy rule since 2000, and broadens those complaint processes so that they cover both the privacy rule and all the other regulations that are part of HIPAA that are enforced by CMS, the security rule and the transactions and code sets as well as the identifiers.
So that is the end of a long process, and we are very happy to have that suite of rules now totally in place. I think those are the major privacy events. I will turn the floor back over to Simon.
DR. COHN: Thank you. Do you want to go, or should we take questions for a couple of minutes? Do you have a preference on that?
MS. TRUDEL: Let me just add a little bit to what Sue just said about the enforcement rule. We hadn't either of us prepared a lengthy presentation on what is in it. We will just open that to the group, if either the full committee or any of the subcommittees would be interested in having a deeper presentation on what the enforcement process now looks like, the different levels of appeals, how we count violations, how we determine the amount of a penalty, we can try to work that into the committee's future schedule.
DR. COHN: I think everybody is nodding their head on that.
MS. TRUDEL: Okay, we'll take care of that jointly. I just want to report on a number of things. Actually, Simon, you added a few to my to-do list.
DR. COHN: My apologies.
MS. TRUDEL: No. Let me start talking about e-prescribing. I think everyone is aware that the four pilots have been awarded, and they are moving forward. The groups will be making presentations on how their individual programs are going to work. Each of the grantees will be doing presentations for the Subcommittee on Standards and Security at the Friday session.
We again acknowledge the significant assistance that we have gotten from our colleagues at AHRQ, particularly Dr. John White. He has been absolutely wonderful in getting these pilots up and running. In fact, AHRQ is providing the substructure and processes around which the grantees can get together periodically, talk about best practices, compare notes, make sure that everyone is on the same page. That first discussion has already taken place, facilitated by AHRQ.
The next thing I wanted to discuss was the personal health record, request for information. As you mentioned, Simon, we did publish a compilation of the responses we got from industry to the request for information.
Again, to refresh your memories, what we were asking the industry to tell us is what they thought CMS' role should be in encouraging, facilitating the standing up and use of personal health records. One of the overarching themes that I would say jumped out at us, which was not at all surprising to me, was that they wanted us not to build a Medicare stovepipe. They didn't want us to build a PHR that only had Medicare beneficiaries' data in it, that only had Medicare data in it, that had different standards and different requirements than would be available for the industry as a whole.
We have taken that to heart. Some of the particular comments that we received were that CMS should facilitate and contribute data to PHRs, that we should do that obviously at the patient's authorization, and we should be mindful of privacy and security concerns with respect to any vendors to which we are providing data. They also suggested that we should not establish our own certification criteria for PHR software or vendors, that we should not establish our own standards for PHR content, vocabulary, messaging, et cetera. Instead, they very strongly suggested that CMS bring its voice to the table in the standard bodies and the certification processes that are already underway, that are trying to get their arms around this.
It also suggested that CMS had a very strong role to play in terms of education, and that we should use the communication mechanisms that we already have with Medicare beneficiaries and with partners who communicate with Medicare beneficiaries to make sure that we help to convey the benefits of using and having a personal health record, and what that can do to the changes in outcomes and quality of care for patients.
So essentially, that summary is available on our website. Our next step is to develop an action plan that will help us to step forward and begin to implement that vision. That is still under internal review, but we expect to have that posted on our website probably within the next month or so.
So we are indeed moving forward, and are working very, very closely with the consumer empowerment group of the AHIC to make sure that whatever we do is in concert with the way both the Department and the industry are moving.
Let me turn to the national provider identifier. First, some enumeration statistics. As of last week, I think we have enumerated almost 330,000 providers. About 280,000 of those are individuals, the rest, roughly 50,000, are organizations. So we are continuing to make progress in that area.
The paper that describes how Medicare is going to enumerate subparts of organizational providers, which is something that was of a great deal of interest to the health care community, was posted on our website early this month. Information on EFI, which is basically the bulk enumeration of providers, the first round of information of that has already been published on our website. We expect to have more specifics very shortly, and to start doing this electronic file interchange bulk enumeration late in this spring.
The data dissemination Federal Register notice is the one thing that we have not published at this point. It is targeted for publication of March or April.
The claim attachment rule, update on that. The comment period closed on January 23. We received 111 comments, which does not seem like much, but some of them were quite voluminous and extremely technical. We are working as usual with the standards developing organizations to help us with the technical issues that specifically relate to the standards. That is somewhat complicated by the fact that we had to tease out which ones go to HL-7 and which hones in to X-12. We are nearing the completion of that process, so we should be able to fan out the comments to the appropriate organizations. While we are waiting for their feedback, we will then look at the comments that are related to more policy issues, broader issues.
Let me talk a little bit about the actual Medicare implementation of statistics, which I usually do a report on for the remittance advice, which is the 835 transaction. We now have 96 percent of the receivers in production in HIPAA compliant format. We are at the point now where we are beginning to think about lifting the contingency, and as we did with the claim transaction, before we get to that point we are doing some fact finding to figure out who are the people who are not compliant, why are they still not in production, what can we do about it, how would cutting off the contingency influence them, and what should the timing be.
So that process of fact finding is underway. We will have to look at that before we make a decision of at what point we do lift the contingency.
With respect to the coordination of benefits transaction, the 837 outbound, we are moving receivers from our legacy systems onto the new coordination of benefits contractor for Medicare. That contractor's processes are HIPAA compliant. We have 569 receivers that we still have not moved. We have moved about 20 over in the last month, so that is a process that we are chipping away at.
MR. BLAIR: Could you clarify receivers?
MS. TRUDEL: Receivers, these are insurance companies who are receiving HIPAA compliant coordination of benefits transactions. They may be private insurance companies, they may be state Medicaid plans.
The number of non-HIPAA compliant transaction claims that we are rejecting is on average holding steady at between 1,000 and 2,000 a week. It has been as high as 9,000, it has been as low as 300, but we aren't seeing any disturbing increases in that respect. The number that I think we are the most proud of is that the number of eligibility queries and responses that we have been able to respond to in real time last week topped a million. So from my perspective, that is really significant, that that is what HIPAA is all about.
These are pieces of information that either providers didn't have at all, or that they had to have somebody calling on the phone and waiting to hear a verbal response for. So I think this is an indication that people really do understand what is going on here and what is available to them, and are making use of it. We are very proud of that.
I think that is all I have to report. Thank you.
DR. COHN: Karen, thank you, great progress. We appreciate it. Time for questions and discussions.
MR. BLAIR: Congratulations, Karen. With these achievements, this may be too early, but as I am listening to the fact that so many of the HIPAA transactions are now being implemented, are we getting close to a point where we can have some measure of the return on our investment from the CMS standpoint and the benefits we are getting from this evolution to health information technology?
MS. TRUDEL: I think that we can respond in terms of the numbers, how phone inquiries are going down from providers with respect to eligibility queries. There are a few very measurable pieces of data.
I think a lot of the return on investment that is a little bit less easy to quantify is the effectiveness and efficiency, process efficiency measures that are happening at the provider sites. I don't have any insight into that right now, but I think that is where we need to go to measure where the true return on investment is.
MR. BLAIR: I would agree with you. However, if it is simply a matter of maybe looking at the volume and the number of claims or eligibility inquiries between this year when we have been automated versus previously, it is just a matter of harvesting the cost of handling that volume. Maybe it is low-hanging fruit, where we could show some real return on investment. Is there anything in the works during the next three, six, nine months, even at a general level? I'm just trying to measure that.
While I totally agree with you that we want to look at the larger ROI from the private sector, if these numbers are not that hard to get within CMS, at least we could show that we are getting ROI at the federal government level.
MS. TRUDEL: I think we would be happy to collect any data that you are interested in. I'm not sure that it tells the whole story. I think we know obviously how many transactions we are processing. I don't think that it can be said that every transaction that we process means one fewer phone call. I'm not sure that every time a provider submitted a claim without having the eligibility information, that there was a negative impact to that.
So I think there are some connections that aren't quite clear in my mind, but if there are additional discussions that are going to occur in the subcommittee, I know Maria can help facilitate bringing that information back to us, and we would be glad to gather any information that we can.
DR. TANG: I have a question for Susan. On the HIPAA complaints, you said there were 17,000 and 71 percent have been closed. When they are closed, are you finding that the complaint is generally justified, and it is a question of those top four categories? Do the complaints pan out? When you say closed, then the provider agrees for example to make some sort of change?
MS. MC ANDREW: There is still a variety of reasons for closure, including some that are closed without investigation because they turned out to be non-jurisdictional, or the complaint itself did not state an activity that would if proven be a violation of the privacy rule. So we still have a fair number of non-jurisdictional or administrative type closures.
The other closures however where there has been an investigation are closed because the entity has taken some corrective action to make sure that if it is a matter of access that the individual had access, if that showed a systemic problem, that they have changed their policies and procedures to make sure that everyone knows what the access rules are. So it can be either an individual type corrective action or a systemic corrective action.
We are attempting to quantify this coming year the number of closures that do result in some policy change or some more systemic change. So we will have a better handle on how many of the complaints actually do result in broader improvements.
DR. TANG: So how are we using these statistics? For example, are we looking for a decrease in the complaints as a measure of success? Or if the rate of complaints stays the same, do we contemplate increasing the education or finding some way to improve upon the situation?
MS. MC ANDREW: I think that first of all, we are looking at the complaints and the individual opportunities for education and corrective action and technical assistance to the provider and the plan communities.
I don't know that you can directly measure success off of the numbers. I think we are interested in our closure rates largely to know that we have gotten into that complaint and have seen what it is about, and have made sure that the outcome is correct. So that is what we are looking for in terms of the closure rates.
DR. TANG: So I guess in your announcement of the ten-year anniversary of HIPAA, I wonder if there is some way that we need to think about, is the state of information privacy better off ten years from now. If we can't use these quantitative measures, is there a survey we can use? I have a sense as a practitioner, but it seems like we do want to know what the impact is, and if it is either unchanged or worse, we want to be able to address that.
DR. COHN: I see you are looking at me as you say that. I would charge the privacy and confidentiality work group to begin to think about that. I think you are asking exactly the right question.
Mark, I think you have a question?
DR. ROTHSTEIN: I want to first answer Paul's observation and then get to my question.
DR. COHN: He was probably looking at you and not me.
DR. ROTHSTEIN: I think the answer is more complicated than just looking at HIPAA data. I am often asked what has HIPAA accomplished. I think it is very difficult to measure that, because I think many of the benefits of HIPAA are outside of the enforcement or regulatory process.
I think the biggest benefit of HIPAA is, it has changed the ethic of both providers and patients. They appreciate the importance of privacy more. It would take a lot of research to find out whether there has been a decrease in elevator talk, and there has been a decrease in waiting room consultations and so on. But I do think that what was often just an abstract ethical principle has now been brought to the fore, both for providers and for patients. So how to measure that is kind of difficult.
My question for Sue picks up on Paul's, and it is a two-part question. Many of the complaints in the old days, two years ago, were found to be facially defective because they alleged unlawful conduct by non-covered entities or clearly demonstrated a misunderstanding of the parameters of the privacy rule. So my question is, have you over time been able to track whether that figure of facially invalid complaints has been declining, as one would expect, as people become more familiar with the privacy rule?
Related to that is the second question, and that is, how are you using that information as part of a feedback loop, not for necessarily individual providers or covered entities, but in terms of general outreach and education? So for the defective complaints, how does this indicate what we need to do in terms of public education? And for the ones where after investigation there is some merit, how does that influence the outreach and education that is directed toward covered entities?
MS. MC ANDREW: Other than observing that the rate of closures for jurisdictional cases, investigated cases, has increased, we haven't -- it would be an interesting run that we can try to do off the data to see how that correlates with new complaints. We can see the trend going in that direction. Some of that however is finally investigating cases that we have had in our inventory for the last year.
So it would be an interesting data run and something that we can look into, to see how that breakout is going over time for new incoming cases.
On the other question, in terms of having found how we are using the data to guide outreach and education activities, that is something that we have had a couple of conversations with John, about the data. Right now, the types of programmatic data that we can get out of our system isn't that good for making those kinds of decisions. So we are working with our data people to see if we can do better programmatic type searches and compilations and aggregations to get that kind of outreach guidance.
Right now, the system was built and operates very well in terms of managing the claims process and looking at administrative back door kinds of functions and comparing our regions and making sure all of that flow is there. But in terms of generating good data for programmatic decisions, the system is a little less successful about that. So we need some retooling.
DR. STEINWACHS: I was just wondering, you mentioned that there were continuing complaints about lack of access to medical records. I was wondering if you could characterize in any way what the kinds of problems are, whether it is the fact that someone will not let you have your record, or the cost or other factors make it difficult or prohibitive in some way.
MS. MC ANDREW: It s all aspects of our access requirements. Most of it I would say is that the individual feels that they have made a request to see their records or to get a copy of their records, and the entity has not responded, or has denied them access for impermissible reasons. We still occasionally get the complaint that a copy of the records was denied by the provider because the individual hadn't paid.
DR. STEINWACHS: Paid for the service or paid for the record?
MS. MC ANDREW: Paid for the service. We have --
DR. STEINWACHS: I'm trying to figure out how to populate my PHR, you see.
MS. MC ANDREW: We have had some complaints more recently that go to the reasonableness of the fee that is being charged for the copy, and some complaints that they can't afford the $50 charge.
MS. MC CALL: The $50 charge for?
MS. MC ANDREW: The copy of the record.
MS. MC CALL: Wow.
DR. STEINWACHS: Carol is thinking of a new market here.
DR. COHN: I guess I should ask, Susan, is this for copying costs?
MS. MC ANDREW: Yes. There are still disputes in terms of whether -- the rule only allows the provider to charge copying costs. So there are a variety of processes, including per page fees or other types of fee arrangements which can result from the individual's perspective in unreasonable charges. There is also a continuing problem in terms of some friction between the privacy rule's copying only cost requirement and some state fee structures, which allow for other types of basic charges, and then a separable copying fee, ten dollars in research and retrieval, those kinds of issues.
DR. STEINWACHS: So just to understand, a basic charge might be to charge something to retrieve the record or something like that, and then you on top of that load copying charges for each of the pages.
MS. MC ANDREW: Right, and the privacy rule would say that that search and retrieval and refiling charge is not allowed.
DR. STEINWACHS: Not allowed, okay.
MS. MC ANDREW: It is not allowed. It is only the copying. But that still may be embedded in some carryover from pre-privacy rule state practices.
DR. CARR: I would like to go back to what Mark was saying in terms of appreciating the impact on confidentiality for the patients. It occurs to me that JCHO has very specific measures when they look at acute care facilities about whether confidentiality is being provided in terms of areas to speak and records and so on. I just wonder if there isn't any trended data from early when they introduced these measures to performance today which might give us some sense of compliance within hospitals.
DR. COHN: Anything more?
DR. CARR: No, but I appreciate Mark's point very much, that that is a huge impact, and that is a cultural change, and it is palpably different in patient care settings. We haven't thought about it in a quantifiable way, but I do think JCHO compliance might actually tell a story.
DR. HOUSTON: Not my main question, but I still wanted to ask a question regarding the copying fees and the like. I think I heard you say HIPAA does not allow providers to charge for somebody to be able to access their medical record.
MS. MC ANDREW: For just the inspection of the record, no.
DR. HOUSTON: Right. If a covered entity decides it wants to -- that the most convenient way for it to provide access would be through copying the record, that would still preclude them from charging the patient. Am I hearing there are covered entities that are using the need to retrieve and copy as the basis for providing access? Or am I misunderstanding this?
MS. MC ANDREW: No, I think it is just that it is not atypical for providers to have been operating under a state fee structure, state law fee structure, that included administrative activities, including retrieving the file, selecting out the portions that needed to be accessed by the individual, and refiling the material. They had in the past been allowed under state law to charge for those retrieval services, as well as charging for copying. Under some fee structures, those may actually be bundled charges, others break them out separately.
DR. HOUSTON: So there could be a possibility that a patient could ask simply to access the record for the purpose of the review under HIPAA and still end up having a charge. Is that fair to infer from what you just said?
MS. MC ANDREW: Right, and should we get a complaint like that, we would look at the provider's fee structure and determine whether or not they are operating under a fee structure that includes impermissible charges.
DR. HOUSTON: So you are saying OCR's position is that they would not be permitted to charge?
MS. MC ANDREW: They would not be permitted to charge for anything other than costs related to copying.
DR. HOUSTON: Even if the copying was their mechanism for providing access? I know a lot of providers are unwilling to provider the original record to the patient, for fear that the patient could destroy, damage, mark up the original record.
PARTICIPANT: I'm hearing that they can.
DR. HOUSTON: They what?
PARTICIPANT: That they can in fact charge if access ends up being defined in their eyes as, I've got to make a copy. Then they would end up being able to charge.
DR. HOUSTON: It is the provider's convenience to make a copy versus providing the original.
MS. MC ANDREW: The fee structure goes, if the individual has asked to obtain a copy.
DR. HOUSTON: So if the provider simply provides a copy as its way of providing access, they could not charge?
MS. MC ANDREW: No. If you have decided, either I can't let this individual have the original, or sit in a room with the original unsupervised, so I am going to make a copy and let them sit in the room and doodle on the copy, then that is not a copying charge.
DR. HOUSTON: I have another question.
DR. COHN: That was your warmup.
DR. HOUSTON: With the announcement of the final enforcement rule, as well as the fact that it has been a number of years since the privacy rule has -- the compliance period has passed, is OCR going to change its enforcement tone or the tone of the way it is enforcing the rule? Is there any plans to become more aggressive about the way it is enforced? I know a lot of it is intended to be a collaborative effort with the provider, and where there is an issue to work with the provider in good faith, as trying to address any issues. It becomes a closed issue as long as that collaboration seems to occur. Is there any change, or any thoughts of OCR on changing the tone of the way it is going to enforce?
MS. MC ANDREW: I think at the present, we do not intend to change our enforcement priorities. We will continue to engage in voluntary compliance with the provider. I think that has proven to be a very efficient way of getting problems corrected. We are still getting good cooperation from plans and providers about the individual complaints.
We are looking at the enforcement rule as having the apparatus there now firmly in place. Should we need to use the civil monetary penalty authority as a way of getting compliance, but I don't think we intend to -- now that that rule is in place, to alter our priorities and decide, now we are going to be bad cop. I think we are very serious and we give a lot of attention to our complaints and take very seriously our enforcement activities. I think we just feel that voluntary compliance is the most effective way of making sure that the privacy rule gets embedded as a part of everyday practice, and that we continue to move the cultural shift over. I think that voluntary compliance does that a lot better than the fear factor.
MR. LOCALIO: Jim, you mentioned among other things that HHS is going to look at the potential of linkage of surveys with electronic health record data, and there is going to be a workshop as a tough-minded way of looking at the problem. Is that -- ?
MR. J. SCANLON: Yes.
MR. LOCALIO: So my question is first of all, are you going to look at the issue of linkage or on the adequacy of the health record as a substitute or supplement for survey information? Will the workshop have a formal or informal participation with NCVHS? Is there going to be a report to NCVHS? Will this involve registry data, Vista, Veterans Administration, Medicare Part D or electronic prescribing?
MR. J. SCANLON: Et cetera, yes. I might take the Fifth Amendment on that. No, actually this is a proposal of several of our agencies. This is anonymized data for the most part. This is for policy research and evaluation. This is four our statistical systems.
I think the concept is that -- and there is a history to this. I remember when HIPAA was passed all those ten years ago, everyone thought we wouldn't have to do surveys anymore, because this was such a wonderful -- and everyone knows it takes ten years to get claims data to the point where -- not anymore, but it took vital statistics probably 50 years to get to the point where you could actually reach the quality and standardization that you could use it. HIPAA, it didn't take so long.
But at any rate, we want to have a group of folks to understand what the needs are, who understand capabilities. We are looking at to what extent our provider-based surveys could use this information. I think down the road we would look at to what extent our population-based surveys, if there were records to link to, this could serve as a resource as well.
In terms of the design of the workshop, it is just a concept at this stage. I think what we would do, I have to get approval for funding, is really what I am trying to say, which I should get shortly, and when I do, the plan is to have the NCVHS help us plan who should be there and what the content would be. Whether there is a report or not, I'm not sure, but I think we are trying to get people to start thinking about this, and basically look at it in a sophisticated way, based on real capabilities and real needs, not cheerleading and not what people think they have, and not virtual capabilities; real capabilities, and what is the time line, what can you realistically expect.
We need to do this, anyway. We have always had as a strategy in our surveys and statistical activities, for example, that we would augment or link our survey population-based data with records, administrative data and other things, anonymized for analysis when it was necessary to do so. Otherwise, you spend a lot of money and a lot of effort trying to do separate surveys, and they don't really work out well.
So we have long had that as a standard element of our data policy, our statistical policy. This is the logical next step. We moved into claims data, we moved into other administrative data, and now to the extent that electronic health records will be at the point where they can provide on a large scale high quality standardized accurate data to supplement what might be needed in surveys, I think we would. It may be quite down the road, but at least our agencies want to start taking a look at it.
DR. COHN: Jim, I think it is an important question, and I thank you for bringing it up, to a point where it is not finalized for certain.
We have two other questions, and then we have to turn to the next topic. I saw other hands up here, but there will be lots of conversation with Jim Scanlon between now and tomorrow at adjournment. The next one is Gene, and then Paul, you have the last question, and then we will move to the next topic.
DR. STEUERLE: I am going to speak a little bit without a license here, because this is not my field at all, privacy. I get the feeling at the National Committee on Vital and Health Statistics at times where we are fairly narrowly focused on the privacy and confidentiality issues and how they might be affecting the population if we went to vital and health statistics. So we focus in narrowly. We have always picked a little on Susan and said, you've got a little bit of HIPAA data, and John, Paul and I a few times have said, can you give it to us this way or slice it this way.
But rather than go into that part of the subject, it seems to me there is this broader issue. I feel like I don't -- as an economist at least, I don't feel like I have a story on whether the privacy and confidentiality issues are net a plus or a minus for society. We have HIPAA, it looks like maybe it has created a better culture, that is a plus. But I'm sure I hear at least anecdotal stories from providers that there is a real cost to what is going on. I don't even have a survey of providers that is telling me what are some of these costs, what do they think it is.
Now, mind you, what I am thinking about in trying to put something together, when you think about doing a cost-benefit analysis on an environmental issue, there is really no way to get a full bottom line quantitative measure, but it doesn't mean you don't still go out and try to gather the information, even if qualitative, or other little debates that maybe don't even belong in this committee.
I understand there is still this debate on whether -- when they give blood tests, because of confidentiality they don't do AIDS testing unless you ask for it. There is at least some debate whether there are a few hundred or a few thousand people who are dying because that information isn't automatically generated, like other disease information when you give blood tests. So there is just a lot of confidentiality and privacy issues -- again, I am speaking without a license -- that might be out there. I don't have a sense that we are gathering information on it, outside of looking narrowly at an administrative process under a law written by Congress, primarily in response to some complaints by the public, which is worth doing.
So I am raising the broad issue without knowing where to go with it, and whether that is an issue for the National Committee on Vital and Health Statistics.
DR. COHN: I think Mark wants to respond. You may actually end up joining another subcommittee. You better be careful.
DR. ROTHSTEIN: Just very briefly, I agree with everything you said. The NCVHS sent a letter to the Secretary at least two, maybe three years ago, specifically asking that a research program be undertaken by the Department to probe those sorts of questions and to try to get a sense of what effects if any HIPAA was having, and that has not been implemented yet. But we all do support that.
DR. STEUERLE: It is more than HIPAA.
DR. ROTHSTEIN: I understand, yes. But privacy in general.
DR. COHN: A good question, thoughtful. Paul, the last question, and then we will move on to the next set of issues.
DR. TANG: Susan, I understand that HIPAA permits a patient to request their information in electronic form if that is feasible and practical for the organization. If a state law were to prohibit transmission of information specifically in electronic form, do you think that that would be in conflict with HIPAA's rights for patients, or do you think HIPAA would supersede that kind of law? So the state law is not mandating the electronic transmission, but it prohibits providers from transmitting or providing access to certain information by a patient if done in an electronic form?
MS. MC ANDREW: Off the top of my head, I would probably say no, as long as the right of access is honored, as opposed to the form of the right of access. Then I think HIPAA is served and is not in conflict with the state law. So if you can get 90 percent of your records electronically because they are in electronic form, you have to get the other portion of it on paper, because I can't give it to you electronically.
DR. TANG: So if the information is available and feasible to communicate to a patient electronically, but a state law prohibits that transmission only in electronic form, not in paper, would that be in conflict with HIPAA?
DR. HOUSTON: No, if it is related to a privacy issue, then the more stringent state law -- if the basis is privacy, I would think HIPAA says the state law would be more stringent and would apply. So I think in that particular case, state law would govern the manner of disclosure. Again, if it is privacy related.
MS. MC ANDREW: I don't think it necessarily would be a conflict with HIPAA, as long as the individual could get access to that information.
DR. TANG: On paper.
MS. MC ANDREW: On paper or through some other form. I don't think we would necessarily say that that state law is in conflict simply because it governs the form that that access has to take.
DR. COHN: Sorry, Paul. I think Paul was trying to construct a legal argument.
We need to move on to the next agenda item, but I want to thank everyone for what I think has been a very interesting update. Susan, thank you for joining us. Thank you for introducing your new boss, and we look forward to working closely with him. Karen, we are delighted and very excited about the progress being made in both HIPAA and e-prescribing.
Jim, I think knowing that the details are still to be worked out, I think the committee has for awhile now been talking about this issue of connecting the NHII to population health. What you are describing is actually a focused look at that, so we certainly applaud that activity. I think I speak for the committee that we would be happy to help in any way we can as you move forward with that proposal.
Now, with that I am going to turn it over to Harry to talk a little bit about some issues relating to HIPAA ROI. As I said in the introductions, the actual letter itself has been withdrawn for the moment, but Harry may comment about that further. I think that may have been my fault, but I think the issue is still very much alive and will likely come back to us in June. Harry?
Agenda Item: Subcommittee on Standards and Security Letter - HIPAA ROI
DR. REYNOLDS: In the spirit of teaming, this is a full committee recommendation. A couple of things. Thanks for the announcement that today it has been ten years since HIPAA occurred, and now we can remember when we actually started twitching. Having been involved with that for this long, I couldn't exactly get that date clear, but now I have it.
The letter in Tab 3 that we submitted to you we had prepared as a committee, and we had then taken on the recommendations, of which there are six, to the Executive Committee.
We have recently withdrawn the letter. There are a couple of things. One, we had planned to come in today and add an introductory paragraph to each one of these that would more or less explain what was going on, but we did have six key areas that we wanted to focus on. So we worked on that some.
But as we got further into it, I think one of the things that the ten-year announcement today reminds us all of is, we have been at this for ten years, and what is the ROI and what does it really mean, and how do all the pieces fit together, and what is really happening. So there is a lot of stuff that has been implemented. So I think we all would congratulate everybody that has presented to us, as far as what we have seen, the fact that there are things that are implemented.
However, we have picked six key items that we feel still are considerations, that need to be dealt with further. We also owe a yearly report on HIPAA to Congress and others. So what we have decided to do in withdrawing this letter is put together more of a holistic view of where it stands, including HIPAA ROI.
We also -- and this may be helpful maybe to other committees -- one of the things that we feel that we fell short of is, if you take the recommendations one, two and three, the first word is encourage. That is not necessarily an actionable position to take. So as we enter some of these, what could be considered more controversial subjects and more controversial situations, we feel that as a committee we need to do a little more diligence and seek counsel from all the right players to make sure that we make actionable recommendations, and that those recommendations truly do make a difference.
So in one way, shame on us for putting the Executive Committee through this, but I hope that you will congratulate our effort and the fact that we want to make a difference. I think that is what this whole committee sits around the table to do rather than be able to check off another activity. We really want to make sure that we take this subject and we do something that we all as a committee can bring forward and recommend, and we hope that each of you would walk out feeling that we made some recommendations that were different.
I don't believe what you will see later will eliminate some of these issues. These issues are definitely prominent issues. I think Karen touched on one perfectly today. There is more activity on these eligibilities, but is that just somebody checking somebody's eligibility, or is it really making a difference in those provider sites in reducing costs and reducing phone calls back and forth and so on.
So statistics are one thing. Results are what I think we are all after, especially as you start looking at return on investment. So the number of transactions is important, but the actual outcome to the health industry is the other thing that I think is really key as we look at it.
So we plan to -- probably around the June time frame when we all get together again, you will see us coming back here with probably a fuller report and a different-looking letter, and more actionable recommendations that we feel can really help the Secretary take a look at some of the things that need to occur, rather than just encouraging him to accept that this is an issue, or accept that there are further things that need to occur. So that is the reason that we are doing this.
Simon, unless you or Jeff want to add anything else, we can open it for any questions from the floor. But that is about all I would need to say initially.
MR. BLAIR: Well said, Harry.
MS. MC CALL: I applaud the tack that you are taking right here. Thinking about not only taking a more active than passive role in terms of the words and the specific recommendations, I would also make a friendly suggestion of not only talking about the ROI and what has been achieved, but also looking forward and creating something that says this is a very important foundation. Not everything that is needed out of this has been done. I think it is important to be pithy and insightful about what has been achieved so far, but there is a sea change, and this is an important foundational pillar. To call that out in very specific ways I think is really valuable, especially on an anniversary.
DR. SCANLON: I do also concur in terms of the idea of being more aggressive about the recommendations. I think they will be very positive.
I would like to focus on -- there was a sentence about the inability of the testifiers to demonstrate a positive rate of return to this point. I guess I have concerns about how exactly we express that. There is a question of one, how hard are you looking for positive returns, and two, even if you are looking very hard, there is a question of, can you really identify them when there are many things changing.
In the ten years that HIPAA has existed, certainly the practices of the insurance industry have shifted a number of times, and the practices of providers in response have also had to shift. So there is a question of, as your activities are changing, are you able to isolate and say this is what the impact has been, if it hadn't been for this we would have done these things in a different way, it would have had this kind of cost.
In the best of worlds, even if we were to take Gene seriously in trying to measure this, it would be hard to do. The question is, has anyone come anywhere close. I think it is a question of, yes, this is their testimony, but how do we interpret it, what do we say about it.
DR. REYNOLDS: Bill, I think that is the reason I used the word story rather than just a list of six recommendations. This has been a ten-year journey. It has been a ten-year journey with many moving pieces. It is a ten-year journey that if you stand here and look back ten years, you see one thing. If you stand here and realize the change that may drive it, and you also take a look at, as Carol put, going forward, I think we have got a lot of lessons learned throughout this process. Some of those lessons learned are good, and some of those lessons learned need some work. So I would concur with your comment.
DR. CARR: We talked about this in a conference call, the fact that in the quality group we had heard from John Halamka about the return on investment in Massachusetts. So we could go back and seek his experience, if only to identify a best practice, opportunities for other states to follow.
DR. TANG: I also think the tack you are proposing is a good one, and we should be more proactive in our recommendations.
One question is whether you consider it within the scope of this RIO discussion to also do, even if it is qualitative assessment or rendering of lessons learned about the method by which HIPAA had put forth, whether it is in standard setting or -- probably the privacy area is not within your scope, but there is a way that HIPAA put these standards into place, and was that a useful one, or what are the lessons learned from that.
MR. BLAIR: I'd like to expand slightly on the observation that was made just a moment ago that return on investment may not be broad enough to be appropriate to represent what we want to measure.
One of the things is that a lot of the health plans and providers and clearinghouses that were covered entities did not enter this process of implementing the HIPAA transaction standards with the idea that they had a choice. It was a Congressional law and a regulation, and therefore there are many folks that went through this process, well meaning, trying to do the best they could, trying to comply with government regulations. That is the key word. Their focus and their attitude was complying with federal regulations. They felt it was a good thing. There should be some benefits, but it wasn't as if the chief financial officer of the entity had a choice of different projects or initiatives to invest it, and they wound up doing baseline and benchmark estimates of what they are investing in this area, and then they made a choice from which they then would have the information to measure on return on investment.
So many of the folks who testified to us -- and I think even right now today, they don't have the benchmark data to give us a return on investment. That was lacking. It isn't saying that there wasn't a positive return on investment, but they didn't enter the process with the idea of comparing this project with other projects, so they didn't gather the data to measure it.
So maybe as this opportunity to redo the letter, we look at it a little bit more broadly and not limit it to a label of saying that we are just measuring return on investment. Maybe it is that we are winding up seeing whether the benefits justified the investment. If you move to the word benefits you get a little bit broader, you give folks the opportunity to point out other related benefits that may even be subjective, but that are still considered positive or valued. So that is my suggestion.
DR. COHN: Well, Jeff, obviously the Subcommittee on Standards and Security will have a chance to opine on this as they take it back. Karen has a comment. I want to give everybody break here in just a second, so Karen, we will let yours be the last comment and then we will wrap up and give everybody a ten-minute break.
MS. TRUDEL: Just very quickly, I wanted to follow up on Carol's point, because I think it is very well taken, to think about the future and moving on.
One of the things that I think is really important is looking at how the standards for the administrative transactions can coexist in a provider setting through practice management software, which many small practices have now, and electronic health record software, which many small practices do not yet have. They need to be able to talk to each other while we are building more silos.
DR. COHN: Right, that is another part of secondary uses of data, you are absolutely right.
I am going to give everybody a ten-minute break at this point. I do want to recognize that as we talk about this ten-year anniversary of HIPAA, knowing that this is going to be going back, knowing that one of our statutory requirements every year is to do an annual report on HIPAA administration, we are going to have to think a little bit about how we -- do we do one report this year, do we do multiple pieces that together form a report. I know there is going to be a big story on privacy and confidentiality. We are going to have to think about whether we wait for everything to come together, or whether we subdivide them with different time frames and different pieces coming out. There are a number of different ways we can go forward on this one, as a big report either together or in separate pieces, we just have a letter in June with a bigger report in September. These are things that we will need to think about over the next couple of days. September was the last report last year, so June would not be inappropriate. But on the other hand, privacy may not have a chance to catch up on that one if we try to go for a June report. So I am just trying to think if there are ways to try to make that happen.
Now, having said that, why don't we take a ten-minute break. We will come together right at 11 o'clock and then to our next session.
(Brief recess.)
DR. COHN: This is our second morning session. I want to welcome David Brailer. David, thank you very much for joining us. We are delighted about the progress that your department is making, as well as the exciting new initiatives and activities underway. Thank you for joining us to help update and brief the committee.
DR. BRAILER: Thank you. I appreciate the ongoing support and leadership of NCVHS and all of you as individuals, and opinion leaders and people that can influence the health care market.
Recently we have been communicating to the public and to the industry that we have most of the pieces in place now that will represent the vehicle by which our health information technology plans become manifest. I would like to review those with you briefly. I would say most of this will be a review of things you already know, but I will do it from the perspective of creating a context so the pieces fit together, so you can see maybe the whole vehicle as opposed to the parts.
We viewed our challenge being creating the conditions in a marketplace where these technologies that we believe are so important would come to be made available widely, without the requirement for mandates or conditions of participation. At the same time, we recognized that there were many long term pieces that needed to be developed, but we couldn't wait for those long term pieces to be put in place in a normal, orderly form before we would start assessing the issues of when the doctors use these life-saving tools in their practices.
Therefore, we developed a process that has both long term efforts that are underway as well as short term efforts superimposed on them. The long term efforts you know quite well. They are to set the foundations for the industry's capacity to have a set of standards. You have talked about that, we have talked about that.
I am happy to report to you that our health information technology standards panel, organized by ANSE, is now underway. It has had its third meeting of its board, and the whole year's efforts are planned, and it is operating on schedule with respect to our contract with it, to begin assessing and laying out a road map for standards in the U.S.
Again, I want to emphasize, in the end we want to see a single coherent set of standards come from this. I want to recognize that this effort of harmonizing what is otherwise a very unwieldy set of standards and standards development mechanisms requires patience, it requires time, and it requires some degree of collaboration in the industry to decide to change its practices. There is no shortage of people that have other, more aggressive ideas about how to create a unified set of standards in the U.S. This approach that is more voluntary, that brings together the best of everyone's efforts and allows them to be linked as opposed to creating something more top down, is starting to succeed and is worth a substantial effort before we take further steps.
Our certification process, again, setting a long term foundation for better information in the marketplace, creating the tools for us to have more objective reference points for policies, is underway. I think it is a landmark organization.
We now have the ambulatory EHR certification criteria out. We will have the first found of certification results in the ambulatory space by June. We have now started the certification commission on inpatient EHR certification, and within this calendar year they will start on network architecture certification. So that is really moving along very well.
Our health information security and privacy collaboration, which is not here to tinker around with privacy issues that are maybe left over from the past, but to begin redefining the paradigm for privacy in the digital era of medicine, is underway. The RFP that asks each state to participate in this, so we create a new leadership group that brings together federal and state leaders around privacy and security is nearly complete. We should be awarding the contracts to each state for their own designees to participate within the next 60 days.
But this is an effort again that is long term. We will not have the results of what it takes to develop the privacy and security policies to protect health information as it becomes completely interoperable for a long period of time. These long term efforts as supplemented by our new effort that you have heard described here, to have an objective assessment of how well we are going with adoption, from this new adoption review panel, are things that we started. These were the first efforts that we developed in the office, because we knew that if we didn't develop ways of making the health information industry more coherent, more organized, more able to work within the boundaries of rational constraints, that we would not be able to begin moving the process forward. You have heard about these a lot, I won't dwell on these.
But superimposed on that, over the past 90 days we have unveiled these so-called breakthroughs. These are being developed with the American Health Information Community, who I would consider your first cousin, not your sibling, in terms of helping us guide the process through the Department's policy machinery.
These breakthroughs are envisioned as things that could happen within a relatively short period of time, a year, or perhaps two years or three years, very finite, very specific. If you think about these breakthroughs, they represent things that in the end we should be able to determine if they occurred or not.
We laid out things that are quite visible, medication history for each American, an online registration summary that allows you to have the ability to share your demographic and insurance information with those that you want it to be shared with, secure messaging between doctors and patients, the ability for us to have a universal portable lab information, and then finally, biosurveillance methods that allow us to collect data at the federal, state and local level simultaneously with a very low lag time, i.e., 24 hours from the event occurring.
These are things that came from many different breakthroughs. What they all shared in common were the things that had relevance and value to a specific stakeholder group. They gave us leverage points for going forward. They in their own right are not the universe of health information. They in their own right are good starting points. But the polarity that they create is conflict with the long term infrastructure. There is no question that the priority that we might have for standards in the U.S. might not include for example something that is in the realm of secure messaging. I'm not saying that because I am signalling you that that is a concern, I'm using that as a hypothetical. Likewise with other breakthroughs.
Yet, for us to titrate those breakthroughs with the standards that we need, we have to adjust the agenda of the standards panel to prioritize those breakthroughs. Likewise the architecture and certification and adoption evaluation, to make sure if we say that we are going to deliver a medication history, we have to measure ourselves objectively to know whether that was an empty promise or something we delivered on.
So the polarities of managing those short term breakthroughs against the longer term infrastructures really become the device of progress. What I mean by that is that we are both able to focus on things that give a short term value, so we are held accountable, so we can't make ten-year promises and then tell people in ten years we will get to the real implementation details, that it is apparent on a weekly or monthly basis whether or not progress is being made. Yet, those breakthroughs fit within a broader context, so they are not incoherent, one-up exercises that might lead to a narrow victory with nothing that goes further.
In an ideal world, the U.S. might have had the long term infrastructure in place a decade ago. I don't say that to criticize anything that has been done in the past. I just recognize that this would be a lot easier if we were here talking only about how do we start focusing our health information machinery on breakthroughs that the American public can benefit from. We don't have that luxury, and so we have to do both. This mechanism, this vehicle of being able to manage the polarities between short term needs and long term coherence is what the American Health Information Community is focused on, it is what my office is focused on, and it is what a new group that we have created called the Interagency Health IT Policy Council is focused on. This is a group of federal leaders that could come from more than 25 agencies whose purpose is to receive the agenda and to begin asking themselves what does it take in terms of changes in federal policy to make these things come about, and to hold the agencies accountable for the changes they commit to make.
So that machinery is new. It is about 30 days old, but it has been meeting regularly and intensively in fact, in anticipation of the recommendations that will be coming from the American Health Information Community within 60 days about the particular policy changes needed for the breakthroughs to come into being.
So this is largely putting our cards out. There aren't a lot of other things that we are planning in terms of our machinery to accomplish both short term results and long term breakthroughs to be played. We are now in a period of not discovery or not deployment, but implementation, of getting the breakthrough work groups to own their topic, to begin having them transmit their recommendations to the federal agencies, and we stay on top of those changes, to be able to make sure that our goals for standards or for certification or for architectures are being played out as we expect.
The implementation oversight task has become very much the predominant mode of the Office of the National Coordinator, to insure that we are not living only in the world of vision, but that we are able to make sure that our tasks on a daily basis are linked to those visions. It has been a substantial change in what we do on a daily basis in that office, a substantial change in how we interact with agencies, how we interact with those in the private sector, because we mean business and we are here to get this done. So far, I want to tell you that we have had wonderful, wonderful cooperation from federal agencies, from states, from private sector entities.
I expect that there will be some pretty tough tasks that come out of the AHIC recommendations. My view is that health IT has so much support and such unanimity around the belief that it has transformative value, that if the things that need to be done were easy, it would have been done long ago. So the things that are going to be called for to make for example a medication history widely available or to make any of the other breakthroughs occur, or to make some of the long term changes that the infrastructure calls for, are going to be hard. They will require some difficult decisions. They will require changes in what has been done or what might have been done in the past. But that is where we are in terms of now being poised to determine what it takes to get the job done, and how it is that we will make sure that the commitment and the promise is followed through.
So I hope that NCVHS will continue to help us accomplish this goal. I see you very much linked in to how the long term infrastructures are being played out. They very much are manifesting the agenda that NCVHS has had for at least a decade. But I hope you will be very closely linked to the Health Information Technology Standards Panel, to create a vessel by which its recommendations cannot just be made in a uniform way out to industry, but in a specific way into government through your analysis.
I hope that you will be involved with our architecture projects, to begin helping us discover what are the lessons learned -- it is premature at this point, but in months, the lessons learned and what the findings are that will help us guide architecture deployment in the United States. I certainly hope that you will stay primarily involved with our health information security and privacy collaboration, because it will begin within months producing some very hard-hitting and insightful recommendations about how do we begin anticipating a digital era with these policies.
So there is a lot to do. I appreciate very much you all being very involved with this. I am very proud to be implementing the agenda that most of you have called for for a period of time.
With that, let me stop and thank you again. I'll be happy to respond to any comments or questions.
DR. COHN: Thank you very much.
DR. ROTHSTEIN: Thank you, David. I have a question relating to the relationship between the NCVHS and the architecture group in particular. We hope to have at our June meeting the final report of the Subcommittee on Privacy and Confidentiality regarding the NHIN and privacy and confidentiality issues.
Several of our recommendations will deal specifically with the kinds of privacy and security measures that will need to be embedded in the architecture of the NHIN. Hypothetically, let's assume that we have this letter out in June, and that you and the Secretary find merit in some of these recommendations. How does that then get worked into the activities of the architecture groups?
DR. BRAILER: It is a good question, Mark. Let me tell you my initial thoughts about the process, without commenting on the substance. I hope that we can talk as a group about the process.
The goal of the first round of contracts for the NHIN is to raise questions. We are funding prototypes and experiments, not with the goal of being able to advance the implementation of health information exchange on its own merits, but to be able to precipitate the questions about what are the public interests and architecture as they become deployed on a private sector basis.
So it is possible that the place for those recommendations that you will precipitate to be fed into may not be into this one-year round of contractors developing prototypes, but into the review of that. Our expectation is that we will take the output of the one-year contracts as well as other things that we have discovered, for example, from our own health IT privacy and security collaboration, and to feed those into a new round of bigger prototypes, more communities, more aggressive implementation.
So I hope we can find ways to put them into use right away, but again, in the end what we are asking them to do is just turn over the designs, architectural plans. Then we are going to have a very detailed process of review. I hope therefore it is a two-way street, so that we can have in common to present to you their plans, so you can, rather than just giving us your recommendations in a vacuum and give us the so-what about, we heard them say this and here is what we were thinking, and therefore here is how we would either change what we said or change what they are seeing.
So we will receive those. I do expect them to be meritorious based on the long history of accomplishment here. But I hope that you will be more interactive with us in being able to dialogue this. My assumption here is that none of us know how this should work. It is too complicated, it is too new. We want to leave 2006 or early 2007 with a pretty good idea at a high level about what it takes to make this work in the United States. That is where that will get filtered in.
DR. ROTHSTEIN: So I hear you to be saying -- and I am comforted by this, and I think the subcommittee members will be as well -- that we should not be overly concerned that the subcommittee and the full NCVHS and these four architecture groups, at least with respect to privacy issues, are seemingly working on parallel tracks, but not interacting with each other, because there will be an opportunity at the end, before the next stage, to integrate their ideas, our ideas, your ideas and so forth.
DR. BRAILER: Absolutely. This is a one-year period of performance.
I'll tell you why we have done this project this way. I'll do that by comparing it with electronic health records. We are able to have a very reasoned, very fact-based discussion about security and privacy and electronic health records or decision support or standards. Why? Because there is a very large body of knowledge that is bounded by the reality of the products that have been built, the research that has been done, the experts that have been created by our very large industry around electronic health records.
We are not able to do that with architectures, because we have never done it before. There is not a class of experts on the topic, there is not a group of companies or doctors or hospitals that have real world experience with this. We are trying to create that practical experience through these projects so that we can have something meaningful.
I have noted on several occasions that when people talk about what an electronic health record should do, they come down to very, very precise and specific features and functions. When they talk about architectures, it is quite unbounded and quite hypothetical. So we are trying to use this to anchor it down to reality.
Therefore, by definition we are trying to set the stage for the real dialogue that you are anticipating in the period after this first round of contracts. No decisions are going to be made. Again, this is really a way of creating the fodder for discussion that leads to decisions. So I think the timing is quite good.
I should also note that our health information privacy and security collaboration is essentially playing a role not unlike what you just described that the committee does with respect to those architectures. The architecture will be fed over to them to review it from the point of view of the normative ideas they have brought forward from their own expiration about privacy and security. So there would be a perfect opportunity for your recommendations to be able to get filtered into that process as well. I think the timing is frankly quite good.
DR. HOUSTON: You mentioned twice in your last comment to Mark about your collaboration or initiatives related to privacy and security. I would be interested in getting a sense of what they are and how it is structured today.
DR. BRAILER: Sure. Let me start with who it is. Our contractor for this is RTI, but like all of the efforts that we have created, the contractor is really there to orchestrate a public process on our behalf. We are not treating the contractors like a typical federal contractor, where they go off and do the work for the government and then they come back and deliver it to us and there is no public review. We are trying to create institutional processes where they haven't existed in the past.
The participants of this, when the HISPC, the Health Information Security and Privacy Collaboration, come to be, will be a representative, a designee from up to 40 states in the United States. We made that assumption based on both budget tradeoffs and number of states that we felt would participate.
There is an RFP that is out. Most states have either submitted their proposals or are coming down to the final wire of doing that. The recipients of that will be given a small subcontract to develop their own internal process, and then to bring that to the national process.
So we will have 40 state leaders designed by their governor and by the qualifications of their review process, joined with a number of federal or national experts in the topic. We will then begin this process of saying what does the world of security and privacy need to look like if we have digital health information, what is the status of security and privacy rules today, and what needs to change to close that gap, but also talk about the process, is this a process where the federal government should act, is this a process where we should continue this federal floor and state superseding rule, or is it a process where states should begin harmonizing at the state level, not unlike we have done with e-commerce sales taxes. So they are asking both content and process questions.
DR. HOUSTON: I knew about the RFP. I wasn't sure how it linked in that. That is very helpful, thank you.
DR. BRAILER: In the end, we hope this group will have some legs that will inform a steering committee, that it will not be a one-up process for this specific contract, but that there will be a new vehicle to begin a federal dialogue. I mean federal in the Federalist sense, state and federal, about security and privacy that can carry us several years into the future.
Again, the reason we did this is, we explored all the different mechanisms for bringing the right parties together to talk about this. We couldn't find the institution that we could say, go do this. So like certification and others, we have had to create our own tools so we can go about building the ship here.
DR. REYNOLDS: David, how are you doing?
DR. BRAILER: Good, how are you doing?
DR. REYNOLDS: Good. I am amazed at the energy that you guys have been able to create around the country as I go to all these different meetings. I think it is well done.
DR. BRAILER: I am amazed by it, too, so don't give us too much credit. People are listening.
DR. REYNOLDS: On certification, I think one of the things that I have seen as a benefit, one of the things that we continue to have to deal with is adoption. That is one of the big things that you have. You look at e-prescribing or you look at any of these other things, then you spend time back in our home state, and we talk to individual doctors who are about to try to write checks and do certain things and say, am I picking the right one, is this going to last, are they going to be there tomorrow morning, what is the deal, and is it going to continue to be viable.
So as we look at the standards, one of the things -- a question I have, and we are working through a lot of HIPAA issues, as the certification goes on, I haven't necessarily seen enough of the detail to know, when you look at some of these other HIPAA transactions, and we just had a discussion on this before you came in, like the eligibility and claim status and those things, as the industry and government build this framework, then the more of those that can be moved into this certification process, not maybe to the detail level, but to the base level, I think it starts delivering a package -- especially if you step back and look at the individual doctor, starts delivering a package where they would know that they would be HIPAA compliant, they would know that they would be architecture compliant, they would know that they would have some privacy things built in, they would know that they would have all the base things.
We just talked about the ten-year anniversary of HIPAA. So as this starts to become mainstream, the more of this in my opinion -- and I know the certification process has to be careful not to get too Draconian or have way too many things in it, but I think the more of these things that are already in tool sets for a lot of people can be picked up and plugged in there, starting to deliver to the individual doctor, and all of us are still interested in driving this to the local bottom line in the rural areas and everywhere else, would really be helpful.
So I would love any comments that you would have on that.
DR. BRAILER: We have viewed certification as an absolute necessary entry point for government policy. It really is a rare three-hit wonder, meaning that it accomplishes three separate and distinct goals, which is pretty unusual, if you think about the world of creating institutions and process.
The first is, in a very selfish way, if I ask lawyers in this Department or lawyers in Treasury or lawyers in Commerce or lawyers on the Hill for each different committee to write something that helps foster IT adoption, the first thing they would have to do is tell the world what they are talking about. They would each figure out some way to describe an electronic health record or some other technology, and we would have the first self-inflicted wound occur. Everybody describes it differently, and that creates arbitrary policies, it creates policies with no strategic synergy and worse, for the private sector decision maker it creates a huge amount of risk.
So some Congressional bill in the future might say you can do this because we define it this way, but some federal executive rule says you can't. So from the point of view of just having clean and scientifically derived determinations about what are we talking about, rather than lawyerizing these we felt that certification was necessary.
You saw that in our proposed Stark rule, where we said -- and it was still lawyerly and convoluted, we can never get away from that in government, but largely speaking if it is a certified technology it has certain benefits. It begins to allow this modularity and policy that makes it a lot easier to tell people what we are talking about.
The second piece you have described is, it is a risk reducer to the private sector buyer. We have a market that is highly asymmetric. Vendors know a lot more about their technologies, their functions and features, the performance of that vendor, their historical delivery rate, their viability, than the buyer can ever know. So this asymmetry is bad for buyers, but I have also argued to the technology industry, it is bad for sellers.
We have demanded the industry suppress by a negative business case, we know, but on top of that, it is suppressed by risk aversion that is based in reality of being afraid of what they get. So certification doesn't change the whole landscape, but it does help take away product risk. And that itself, buys us demand basis points at no cost to taxpayers, at no cost to health plans, at no cost to anybody.
The third piece it gave us is a reference point for private policies. If you are talking about pay for performance and there is a health IT kicker in it, you can talk about health IT using these objective reference points. If you are talking about some kind of a loan or a demand or a grant or some kind of a requirement that is part of a new network, again there is a reference point. So it is a win for everybody. Capital markets benefit from it, vendors benefit from it, doctors benefit from it, health plans and the government. That is the reason we see something like certification in many other industries.
The way it works, as you know, it has three core features for the ambulatory record: privacy and security features, decision support features and data sharing features. Those are represented to be the three minimum set of things that are required, the three aspects of consumer benefit that had to be part of our policy: privacy and security to protect confidentiality, data sharing to allow portability, and decision support that will deliver the promise of health status improvement.
Our view was, simply put, if it didn't have one of those sets of features, it probably was a suboptimal solution, given where we are in our state of development.
But your question says, what about all the other things? We have required all of our contractors, including certification, to incorporate the use case from the breakthrough into their future work. So we have identified a medication history. They are now at work figuring out how an EHR participate in a medication history. It is not clear, because that may not be a feature of an electronic health record. It may be a feature of the network, because the data doesn't reside necessarily in the electronic health record. In fact, it is a data needer as opposed to a data supplier.
A good example is secure messaging. More or less, the statement that will be made through that certification process and that use case is, secure messaging has got to be part of the minimal set, not in the current round, but in the next year and the next year after that.
The same thing with the registration summary. We clearly have our eye on eligibility and enrollment data, to simplify that process and bring the promise that we have sought for 15 years, ten years, into that. That breakthrough will get put through certification at some point over the course of the next year.
So these are how we are starting to guide a process of raising the minimum bar by which over time electronic health records have to become increasingly featured to be considered minimally valuable. That is a process that -- we are not telling the contractor how to do that work; we trust their effort to bring in public dialogue. As a checkpoint, we are going to filter it through the American Health Information Community anyway for its own public dialogue. But that is how we are going about the process.
DR. STEUERLE: David, again, congratulations on your very fine work today. Also, thank you for your very kind comments about the committee. I have a quick statement on that, and then a question.
The statement is, I really hope as we go along that you will continue to advise us on how we can best use our resources to complement what you are doing. There must be areas where we have more overlap and areas where we have less overlap, areas where we can fill in the breach more than perhaps we do. I think that should be an ongoing discussion. Mark raised it with respect to a few things, but I hope you will feel very free to criticize us in a positive way, saying if you used your resources this way I think it might produce more output, even as good as the things you are doing are.
The question I have for you is whether there is any effort on your part or within your groups to raise some of the incentive issues that you and I have talked about, even on a policy level. You don't have to answer what those would be, but I keep wondering if for instance there aren't ways down the road, maybe not too far down the road, to suggest something like a variation in Medicare payments, depending upon vendors, providers, whatever, doing certain things with the way they submit their requests, or whether they have an electronic health record or whether they do e-prescribing or some variation on payment. It doesn't have to be higher or lower, I'm not quite sure how to play that out, but I am wondering if you have some group thinking about some of these potential policy ways of adding one more lever to the ones you have.
DR. BRAILER: Gene, it's a great question. I will comment first on your comment. I think simply put, the more your work groups and your committees align themselves with the dimensions of our long term infrastructure, so you can create receptor sites, where our standards efforts, our architecture efforts, privacy and security, find their own independent way into government thinking, other than through our contracting mechanisms, I think it is a win for everyone.
We don't want to build a process that is slavishly dependent on federal executive authority, that just goes off and does what we want it to do. We want it to have public legitimacy in its own right. That is why we have required them to have a FACA-like public process for everything they do, and we are reality checking it with the AHIC.
But I think here, there is a very long term, very expert driven process. I mean expert in terms of understanding the nuances of health information, that only this group can bring. So I hope you will regularly begin taking up the cause of listening to our contractors and helping legitimize their findings where you agree with them.
The only caveat I would add to that is, we didn't require in our contract for them to go beyond talking to the AHIC. So we will work with you and them to find the right ways to make sure that they get before you the appropriate times without stretching the budgets in a way that causes them undue duress.
I think that is a great win. We have talked about this with Simon and others for quite awhile, and I don't think this is in the day to day lineup and focus of what the American Health Information Community thinks about. I think they are thinking about the breakthroughs very much and about the transformational aspects of the consumer and doctor experience. I think in terms of the hows and whats which occur more here, I think it is a very natural way to partner.
So I hope we can really talk more about how to make that something functional.
In terms of the question on the center, it should not be a big surprise that the guy put in charge of health IT being an economist doesn't think about this. I spend a lot of time thinking about it. There is a group in my office who do think about this. They go beyond my office into Treasury, into various federal agencies, CMS, et cetera.
I think it is fair to say that even despite the prohibition on thinking about federal spending in this topic, it was in the executive order, there has been a large number of discussions about this topic. But I think it is becoming more and more clear that we have incredibly limited authority to take on this new challenge based on the statutory guidance that various agencies do. I don't think it is believed to be in the purview of various agencies to look at tax issues, or to look at payment differentials.
Health IT lives in a very precarious land. It is not regarded as a clinical technology, such that a national coverage decision or some kind of a more clinical patient beneficial technological process is done. But nor is it office equipment that would be deemed as part of the practice overhead and part of the costs that are fixed in the practice.
So I think in the absence of reclassifying health IT as a clinical technology, which I think would come with its own perils, we have to begin legitimizing the economic treatment of these publicly beneficial private investments that are not necessarily patient operative.
So I think that the barrier is going to be what authorities we have to do that, more than any other single thing. We have got lots of ideas about pay for use, pay for performance differentials, things like the Stark exception, other things. I don't think it is a deficit of ideas. I think it is a deficit of authority and will at this point. But I am very encouraged that more and more interest that gets focused on this translates into more and more expectation of how we are actually going to get the work done. I hope you will keep talking about.
DR. COHN: David, do you have time for a last question?
DR. BRAILER: Yes.
DR. TANG: David, congratulations.
DR. BRAILER: Thanks, Paul.
DR. TANG: And also the helpful framework you have put around the activities you have. You have addressed a lot of the long term infrastructure needs like the way you elegantly had CCHIT address the definition and the product qualification, addressing standards and privacy.
Is there a strategy for addressing the implementation effectiveness? The recent articles call that to mind, like the pediatrics article about how people and the expertise needed to implement these complex systems can interact and sometimes interfere with the benefits that we want to achieve. Is there a way that we can either assess the effectiveness of implementation or address the workforce capabilities to implement these systems?
DR. BRAILER: Paul, I think characteristically you have put your finger on the weak link of this whole exercise. Not only evaluating implementation efficacy, but being able to find the human assets and knowledge base throughout the United States to allow this clinical transformation to occur, is obviously the biggest challenge. It is the rate-limiting step.
We have been able to take some of the human dependencies out of the future plan. I'll give you a big example. Interoperability has the benefit of patient portability, but it also gives us the ability to reduce the complexity in the human knowledge labor requirements of implementing an EHR. If they are interoperable, you don't need 300 hours of an expert and interfaces between Metatech and Cerner or whatever it might be to get it up and running.
I think there are many companies that recognize that even though those might be lines of business for them, they are hardly what I would call high margin and fruitful forms of revenue to the company. They are more as a cost of business that is just there.
Interoperability lets us scale the capacity of the industry dramatically in the out years, where the human capacity to implement is a rate limiting step. We don't have the equivalent for how to shrink wrap the cultural exchange and the clinical transformation that occurs. I think too often, doctors still are in a belief that these software technologies are downloaded and implemented, and they are up and running.
In fact, one of my worries about certification is that it makes it even more apparently trustworthy to those who think it is a software implementation in its own right. But I worry behind that about where does the know-how come from. We have been looking more closely at bachelor and nurse level and physician level informatics training, and they are not producing the output fast enough for the level of uptake.
So this is by far the rate limiting step. It is the biggest risk factor in terms of whether or not something beneficial comes out the other end. It clearly is something that in the end matters to the ultimate value, because we are not in this for IT implementation's sake. We are in it to produce better outcomes.
I don't have an easy answer to it. This has been something that we said is a long term challenge, and we will take this up when we get the basic tools underway, which is about now. There is Congressional interest in this. Some others like yourself, have looked at this in more detail, but clearly this is going to require a significant challenge. I certainly hope that NCVHS will participate in this and help shake what it takes to have the asset not just in place in aggregate in the United States, but in the zip codes where two and one person doctor practices are that need the help, and how can we think about changing the dynamics of this kind of an implementation, so it is easier to do and requires less help.
So I wish I had an answer, but it is something that is now ready for significant attention.
MR. BLAIR: I think that all of us that are a part of the community that believes in the value of health information technology to improve the quality of care and medical errors and the efficacy of health care, we all feel this so strongly, that it is almost intuitive to us. We all tend to wind up looking at the impediments and trying to move things forward, and we support each other. We are really a very strong, broad community trying to move things forward. Thank goodness, it appears as if there is some bipartisan support now in moving things forward.
The piece that hasn't been clear to me, maybe you have addressed this, it would be good if you have, and if you haven't, I would like to suggest that you consider it in some way. A lot of these initiatives have benefits we intuitively know are there, but we are moving quickly. We have asked for federal leadership and coordination, and we have it, and Congress has moved things forward.
The industry in many of these cases, whether it is complying with standards, complying with HIPAA privacy regs, being able to move to health information exchange and looking at all of these initiatives, there is this idea that they have to do this for various purposes. In many cases, they don't take the time to do the benchmarks, to wind up saying what is health care costing today, in a manner where we can show quantitatively return on investments for each of these steps.
Like for example, medication history, or for example the return on investments for being able to automate health claims and eligibility and enrollment pieces, and the pieces on the standards harmonization, and the pieces on the National Health Information Network. Is it correct that that is going to be nationwide, the National Health Information Network?
DR. BRAILER: That is the title, yes.
MR. BLAIR: Great. So I am offering this, and I am requesting this, because I know that two or three years down the road, this is a large movement, there is going to be faltering steps as we go forth. We are going to find new impediments, we are going to find new difficulties. There are going to be people who are going to complain as they go through this transition.
If we could have the data to show quantitatively how each of these initiatives are showing some form of return on investment, or if we can't get down to that specific, some other measurable benefit to carry us through the difficult times that may appear two years, three years, four years down the pike, to show that these initiatives are paying off, that would be so helpful.
So have you already begun to address that, or is that something that you are considering?
DR. BRAILER: I wrote a policy finding for the White House before I actually took this job about health IT and the federal government's interest. I will at least tell you some of my background thinking, because I consider it part of the endemic landscape of this problem.
We have a classic network externality problem here that influences the sense of the business case, or the return. People have focused often on the misalignment of benefits, i.e., doctors invest and health plans get the benefit.
I view it differently as an economist. The issue isn't who invests and who benefits. All the money spent in health care comes from consumers and all the value accrues back to them. The question is, whose hands does it go through, and which is more efficient and able to deliver consumer value back.
So I don't quibble with that aggregate finding, because I recognize that when people do accounting analysis, they don't think like economists, and thank God, because most companies would be bankrupt if they thought that way.
But what I do recognize is that the other issue is one that you are asking about predominates, which is, there is no benefit to someone who is doing health information exchange if everyone else is not doing it as well. That is the network trough that we are in, where the stable thing to do is to not do it. The person who bought the first fax machine, let's ask ourselves, had to be crazy. Who did they think they were going to communicate with? But the brilliant person who bought the last one for $69 was interoperable with everybody else because they already did it. Being able to drive that network trough to a point where it becomes -- I'll use Malcolm's term, a tipping point, but economically where the market is catalyzing itself and reinforcing that behavior, is really what we are trying to get to.
I think there is a legitimate role of government action where there is a social benefit at the end of a network externality. We are in the trough right now.
Now let me superimpose the other part of your question on it. How do we get out of the trough? Well, we didn't buy our way out of it. We are not spending tons of money to buy our way out of it. We are not regulating our way out of it. That is a common way, when there is something that is a benefit, but people are not doing it because no one is willing to be the first mover.
We are psyching ourselves out of it. I think unlike previous health IT psych ops, we have a lot of resonance with the public. It is the reason governors are interested in and members of Congress are reinforcing it. People begin now to get it and see that there is something real here that affects their lives.
But that inevitably sows the seeds of the flip side of the hype cycle, which is, people will say it didn't live up to its promise. It was overhyped. One of the things that I have been cautious to do is not be the chief orchestrator of hype, such that it gets to the point where it is at a fervent boil and it disappoints. In fact, I have cautioned Congress and cautioned state, RIOs and other parties to not become, if I can quote Alan Greenspan, irrationally exuberant about this topic. It is inevitably going to happen.
Our work is focused, Jeff, on how is it that whenever the peak goes up and the flip side goes down, that that piece of incremental achievement, where there is work going on that gets masked out of the psych pieces, that really making real progress comes through.
So that is what we are focused on. I hope that we have got the catalytic energy here to get out of the trough. If we get the market to a 35 percent or maybe 40 percent adoption rate, I think we have got a fighting chance to really begin flipping the dynamics of the market where if you are a primary care doctor, you just simply want your specialist or your hospital to be online, too. We focus on the hardest part of the problem, primary care doctors, because I believe they are the flipping point that starts shifting the behavior of everybody else, but they are probably the hardest piece to access in terms of their dynamics and their economics.
So we are underway at it. If we had more tools in our armamentarium, would it be easier? Yes, but a lot of these tools come with a cost. Regulation has a cost. It might get us out of the trough, but look what it does whenever we try to get to the other side, which is ride the downhill curve of voluntary adoption. It forces peoples' hands. It is something that I think has a lot of attendant costs in terms of how we lock in what we are doing and don't let it progress and innovate. Buying our way through it comes with other kinds of costs.
So there is not a right answer, but I think here we are creating the seeds of our own problems in the future. I am going to leave it to groups like you to help manage that. Let's be very honest. National coordinators will come and go. I hope we will have one over the course of decades. But it is groups like yours who represent public legitimacy, who can find a reasoned way to say what should be done and what should not be done, what is right and what is wrong, what is hype and what is real, is what really matters here.
So in the end, I hope you all don't give up constantly being in the leadership and the role of the educator and the truth teller that help us understand what it takes to get the job done.
With that, I am getting the high sign that I am now late for a speech that there are a thousand people waiting for me to give. So let me go hype them and leave you guys. Thanks a lot.
DR. COHN: David, thank you very much. Do you need to talk before the break or do you want to go after?
MS. GREENBERG: Yes, I think we should. Going from the lofty t