[This Transcript is Unedited]
Hubert Humphrey Building
200 Independence Avenue
Washington, D.C.
DR. COHN: I want to call this meeting to order.
This is the second day of meetings of the National Committee on Vital and Health Statistics. The national committee is the main public advisory committee to the U.S. Department of Health and Human Services on National Health Information Policy.
I am Simon Cohn. I am Associate Executive Director for Health Information Policy for Kaiser Permanente and Chair of the committee.
I want to welcome committee members, HHS staff and others here in person.
I also want to welcome those listening in on the internet, and I believe that we are on the internet at this point. Okay. Good.
Obviously, as always, I want to remind everyone to speak clearly and into the microphone, so the people on the internet can hear us.
Let’s have introductions around the table and then around the room.
For those on the national committee, I would ask if you have any conflicts of interest relating to any of the issues coming before us today, would you so please publicly indicate during your introduction.
I want to begin by observing that I have no conflicts of interest.
Marjorie.
MS. GREENBERG: Good morning. I am Marjorie Greenberg from the National Center for Health Statistics, CDC, and Executive Secretary to the committee.
MR. ROTHSTEIN: Mark Rothstein, University of Louisville, School of Medicine, member of the committee. No conflicts.
DR. WARREN: Judy Warren, University of Kansas, School of Nursing. Member of the committee. No conflicts.
MR. REYNOLDS: Harry Reynolds, Blue Cross Blue Shield of North Carolina. Member of the committee and no conflicts.
DR. TANG: Paul Tang. Palo Alto Medical Foundation. Member of the committee. No conflicts.
MR. HOUSTON: John Houston, University of Pittsburgh Medical Center, member of the committee. I have no conflicts.
DR. CARR: Justine Carr, Beth Israel Deaconess Medical Center, Boston. Member of the committee and no conflicts.
MR. LAND: Earl Lands(?), Executive Director of NASIS(?). Future member of the committee. No conflicts.
MS. TRUDEL: Karen Trudel, Centers for Medicare and Medicaid Services. Liaison to the Full Committee.
DR. SCANLON: Bill Scanlon, Health Policy R&D. Member of the Committee. No conflicts.
DR. STEUERLE: I am Gene Steuerle from the Urban Institute. No known conflicts. Member of the committee.
MS. MC CALL: Carol McCall with Humana. Member of the Committee. No known conflicts.
MR. HUNGATE: Bob Hungate. Physician Patient Partnerships for Health. Member of the Committee. No conflicts.
DR. FITZMAURICE: Michael Fitzmaurice. Agency for Healthcare Research and Quality. Liaison to the Committee and staff to the Subcommittee on Standards and Security.
DR. HUFF: Stan Huff with Intermountain Health Care and the University of Utah in Salt Lake City. Member of the Committee. No conflicts.
DR. STEINWACHS: Don Steinwachs, Johns Hopkins School of Public Health. Member of the Committee. No conflicts.
DR. STEINDEL: Steve Steindel, Centers for Disease Control and Prevention. Liaison to the Committee.
MR. BLAIR: Jeff Blair, Lovelace Clinic Foundation. Member of the committee, not aware of any conflicts.
MR. SCANLON: Good morning. Jim Scanlon, HHS Office of Planning and Evaluation. Executive Staff Director for the full Committee.
(Introductions around the room.)
DR. COHN: Okay. Well, I want to welcome everyone and good morning. Hopefully, everyone did well last night.
And a couple of items before we go into agenda review. I mean, first of all, I want to, again, acknowledge our retiring members, Bob Hungate, who, as we commented last night, may actually retire.
PARTICIPANT: I don’t believe it.
DR. COHN: Yes, I don’t - Yes -
PARTICIPANT: His wife was there -
DR. COHN: His wife seemed to indicate that he may - Yes.
And Stan Huff, who we’ll be calling back frequently as an expert witness and advisor.
Then do we have Russell Localio on the phone, also?
MR. LOCALIO: Yes, I am.
DR. COHN: Okay. Welcome. Good morning.
And, obviously, our other retiring member, Russell Localio, and we are obviously happy to have you on the phone this morning.
Now, the other item of business, I think with Bob Hungate retiring, obviously, the position of Chair of the Workgroup on Quality is vacant, and I am announcing the appointment of Justine Carr as the new workgroup chair. Justine, thank you. We look very much forward to your leadership in this area.
Justine, this also means, for better or for - I mean, we didn’t talk to you about this, but it also means you become -
PARTICIPANT: (Off mike).
DR. COHN: That’s right. No. It also means you become a member of the Executive Subcommittee. So we obviously welcome you to that also. So thank you and we’ll be working closely together.
DR. CARR: Thank you -
DR. COHN: Now, we obviously have a number of items for this morning.
The first item, and I actually see - just in time - we actually have the letter before us. There is one action item from yesterday that is a letter on National Provider Identifier, that I think maybe we’ll just - since we actually have it, we will take up as the first order of business.
From there, if you’ll remember, we were going to talk yesterday about sort of subcommittee and workgroup activities, issues, updates, cross-cutting issues, new work items, all of that, and we’ll begin the conversation about that right afterwards.
Now, I did notice this morning that we actually have no break. We will create a break after that conversation, which will occur probably a little bit right after 10, and then we will come back and have a conversation with Jodi Daniel, who’ll be briefing us on the Health Information Security Privacy Collaboration.
Following that, and we’ll obviously have some time for that conversation, we are looking forward to a presentation from Marjorie Greenberg and Steve Steindel on sort of recent international activities.
Once again, as you know, part of our responsibility really is to monitor international activities. Sometimes, we get so involved in just trying to help with the things going on in the United States that we forget that, and I think this will be sort of the beginning of more active conversations in this area.
Following that, we will have an update from the Board of Scientific Counselors, Bill Scanlon and Dr. Elo -
PARTICIPANT: She is not going to be here.
DR. COHN: Oh, she’s not? Okay. So Bill will be doing that.
And then we’ll spend a little time talking about future agendas and sort of learnings from the meeting and all of this as we wrap up by 12 noon.
Now, have I missed anything in this agenda list of items?
Okay. And, as I said, I am very comfortable that we will finish by 12 noon. So I don’t think there is a problem with that.
Agenda Item: Subcommittee Standards and Security – NPI, CHI and NDC, HIPAA Eighth Report
DR. COHN: Now, with that, let me turn it over and let’s welcome Harry Reynolds in person, rather than on the phone from yesterday.
Harry do you want to lead off and discuss this letter?
MR. REYNOLDS: Yes. This wasn’t discussed at all yesterday -
DR. COHN: No, the general topic was discussed. The general letter was discussed. I think there was a common view, at least I was hearing from the committee that there needed to be more in the letter in terms of more substantive recommendations and sort of stronger pieces, which I think the - at least from my understanding, the Standards and Security Subcommittee took under consideration -
MR. REYNOLDS: Yes, we did.
DR. COHN: - and added information to this.
MR. REYNOLDS: Yes, we did.
So I guess we would just - Probably the best thing to do is just read the letter - right? - and with the new inclusions.
Let’s just start from the top:
The National Committee on Vital and Health Statistics is responsible for monitoring the implementation of standard transactions, code sets and identifiers adopted pursuant to the Health Insurance Portability and Accountability Act of 1996 (HIPAA).
The committee has been tracking the implementation in the National Provider ID, NPI, and wishes to convey to you our preliminary observations on the industry’s progress toward meeting the compliance date, which is May 23, 2007, for most covered entities.
The committee has heard testimony on several occasions regarding the readiness of providers, plans, clearinghouses and the software vendors to support them to use the NPI in HIPAA transactions.
We have concluded that, while significant progress is being made toward compliance, some key activities may not be completed by the compliance date.
Providers must obtain an NPI and use it on HIPAA transactions by the compliance date.
To date, over 1.4 million NPIs have been issued, which the Centers for Medicare and Medicaid Services, CMS, estimates represents approximately 60 percent of the total provider universe.
However, few of the providers who have obtained NPIs have communicated there are NPIs to their health plans. Few providers have communicated their NPIs to the facilities where they practice and few are sending in PRIs in HIPAA transactions.
Many health plans and clearinghouses report that they are now able to accept transactions with either legacy identifiers or NPIs. However, most are still developing crosswalk logic to enable them to associate a provider’s NPI with a legacy identifier assigned to them in the plan’s processing systems. This is critical to assure accurate adjudication and payment as well as to connect the provider with his or her historical data.
The plan’s ability to complete their crosswalks is dependent on their having NPIs of their provider populations. Plans need a period of time to populate crosswalks with NPIs and to test the crosswalks prior to May 23, 2007, in order to accurately process claims and other HIPAA transactions after that date.
Therefore, providers who wait until close to the compliance date to obtain and use NPIs or whose software vendors wait until close to the compliance date to make changes to support using NPIs run the risk of having their transaction rejected and payment being delayed because their plans and clearinghouses will not recognize their NPIs.
The next is a new paragraph we added, based on your comments yesterday.
The plan specifically identified a critical need for access to data from CMS’s National Plan Provider Enumeration System, NPPES, database to populate and validate their crosswalks.
Prior to making NPPES data available, HHS must publish a Data Dissemination Notice in the Federal Register. The notice will communicate what data elements will be made public and the mechanisms by which the data will be accessible.
The fact that the notice has not yet been published, and, thus, NPPES data is not available is of vital concern with respect to plans’ ability to complete their crosswalks by the compliance date.
We recommend that HHS publish the Data Dissemination Notice at the earliest possible date and make NPPES data widely available as soon as possible thereafter.
Industry implementation efforts over the next few months will significantly impact compliance status as of May 23, 2007.
The NCVHS will hear additional testimony on this issue in January. We plan to obtain input from a variety of provider organizations and health plans as well as clearinghouses and software vendors and will provide more information to you at that time.
In the meantime, we urge HHS to closely monitor compliance activities and take action as needed to encourage compliance and early testing by all covered entities.
Floor is open for comments or questions.
MR. HOUSTON: I think the letter reads much better. There is a specific recommendation. It is something that is actionable. So I say that I think it looks good, and I have only one question and it is just not understanding the terminology.
Is a crosswalk something that is widely understood? Because that term is used throughout, and I wasn’t sure whether that is something that is jargon or whether it is something that people will understand what you are referring to when you use it in the letter.
MR. REYNOLDS: I would say that it is, but I’ll be happy to defer to anyone else who would - I believe everybody involved should be familiar.
MR. HOUSTON: I am satisfied. I just was wondering -
MR. REYNOLDS: No. No, no. No, and, again, I don’t want to be the only one that answers that.
DR. TANG: Well, just, I mean, I think it would be understood by those who need to.
One possible suggestion is that instead of the earliest possible date, maybe by the end of the year, something that would give - still give the plans enough time to do the crosswalk, and that sort of came up yesterday in terms of if it is as soon as possible or monitor. It is just not quite urgent enough.
MR. REYNOLDS: We had that discussion in the committee also. Anybody else on the committee want to make a comment?
Karen, you want to - Why don’t you - Do you want to comment on that?
MS. TRUDEL: The reason that I think we worded it this way was that the data cannot be made available until the Date of Dissemination Notice is published, and so if you put a date certain on when the data is available, that makes an assumption that the notice has been published prior to that.
MR. REYNOLDS: I think we pointed out that this is a definite issue and it needs to be dealt with -
DR. FITZMAURICE: I think crosswalk is probably explained in a sentence above that says, However, most are still developing crosswalk logic to enable them to associate a provider’s NPI with the legacy identifier. So I think crosswalk is explained there.
I would suggest that sentences below, The plans’ ability to complete their crosswalks is dependent upon their having the - and I would insert - accurate and validated NPIs of their provider populations.
The reason I put that in is that it ties in with the next paragraph where they need access to the database to populate and validate their crosswalks.
MR. REYNOLDS: Where are you, Mike?
DR. FITZMAURICE: I’m in the sentence - one, two, three - about the fourth sentence down in the - one, two, three - fourth paragraph.
It starts off, The plans’ ability to complete their crosswalks is dependent upon their having the accurate and validated NPIs of their provider populations. I would insert accurate and validated.
MS. MC CALL: I would like to echo John’s comment. I think that the additional paragraph is fantastic. So on behalf of all health plans, we thank you.
I would also - for the second paragraph - suggest adding something at the end of the sentence, which makes, essentially, the purpose of this note complete. The sentence basically says, We have heard some things. We have made some conclusions, and, basically, finish it up to say, What is the consequence of not having these activities complete? So complete the thought to say something to the effect that we have concluded that while significant progress is being made toward compliance, some key activities may not be completed by the compliance date, which has a potential for disrupting or delaying payments to providers in certain circumstances. It completes the thought, and so it says, Okay. I guess I better keep reading, because something bad is going to happen. We don’t say what the -
MR. REYNOLDS: Okay. So you had which may disrupt?
MS. MC CALL: – which has a potential for - to disrupt or delay payments to providers in certain circumstances.
DR. COHN: Harry, are we ready for the next comment?
MR. REYNOLDS: Yes.
DR. COHN: Okay. Jim and then Steve and then Bill.
MR. SCANLON: A friendly amendment. I think the letter states the issue very clearly and suggests what can be done.
Just the third paragraph, last sentence there, can we indicate how - on what basis we are concluding this, However, few of the providers who have obtained - Can we say based on testimony or how do we know this is true? Based on testimony?
So the third paragraph -
MR. REYNOLDS: Yes, I think the WEEDIE(?) testimony covered that definitely.
MR. SCANLON: Yes. Yes -
MR. REYNOLDS: Okay. And which line is that in again, Jim?
MR. SCANLON: Third paragraph, last sentence, However, few of the providers -
PARTICIPANT: However, based on -
MR. SCANLON: Say based on testimony provided to the committee.
DR. STEINDEL: Carol, your modification - and you added the words, under certain circumstances. That immediately brings me back to why you added that sentence. What are the circumstances?
I would just end it before that clause.
MS. MC CALL: Yes. Okay -
(Several participants at once).
MR. REYNOLDS: So we are talking about a period after provider.
DR. STEINDEL: - it has the potential.
MS. MC CALL: Right.
DR. STEINDEL: - and that kind of covers -
MR. REYNOLDS: So it’ll read, after the - where the previous period was, it’ll read, which has the potential to disrupt or delay payments to providers, period.
DR. STEINDEL: Right.
MR. REYNOLDS: Any other comments?
DR. SCANLON: This is the concern I had yesterday. The last sentence, in terms of whether or not it is strong enough to assure that we are going to have compliance, and the subcommittee may have discussed this, but, again, the idea of sort of a period of monitoring followed by a period of contemplating actions, and then actions, all within a six-month time frame, seems unrealistic, in terms of achieving compliance, and that question would be whether a modification to say, HHS should take the actions to assure or encourage compliance. I mean, should we take the actions as regards as necessary to assure - encourage compliance? Take out the monitoring, because it implies delay, and you really don’t have the opportunity - You don’t have the luxury of delay at this point in time.
MR. BLAIR: That is a major change. I think we should determine whether we all feel comfortable with that.
DR. SCANLON: I understand it is a major change, and that is why I am saying that the subcommittee may discuss this and have good reasons for not -
MR. REYNOLDS: I’ll be happy to take that subject.
We heard testimony, and the testimony went as far as to recommend a transition period, that after May - It wasn’t going to be ready in May, and that there needed to be a transition period. Okay?
We felt that we were a little premature, at this point, going that far. That is why we have a hearing in January, and that is why we have said we will listen again, and, at that point, because I think the industry - If you were to listen to the WEEDIE testimony, the industry feels that it is already in big trouble, and it is already going to need some kind of an intervention, because it is not going to happen on May 23rd.
However, it was early enough in the process, and people getting their NPIs and people starting to come up to speed is progressing, and I think Karen would concur. The number of people getting their NPIs in the last two or three months is significantly different than the number of people that were getting their NPIs.
So we don’t want to yell wolf too fast. We don’t want to say stop, but we want to make it clear that HHS needs to look at this really hard and make sure that they are prepared to understand the details of this situation, so when we come back in February with input from CMS, with input from the industry and input from others, that we may recommend something different.
DR. SCANLON(?): See, I guess I interpret the letter very differently, particularly the last sentence. It is not sort of implying that we are going to have a transition period, in some respects, which is a capitulation saying we can’t do this.
I interpreted the last sentence as when you understand, in January or February, that people are not moving quickly enough, you warn them that they do need to move quickly enough to get - be in compliance by May.
And if - I mean, we talked about this yesterday. If you announce that you are not going to hold to the date, people immediately relax, and the idea would be not to say that we have any notion of not holding to the date, but to say, We need to begin immediately reminding people we are going to hold to the date. We need to tell the people that haven’t applied that they need to apply, and that they need to share the information with their plans.
I mean, this is the kind of thing where HHS, if they need to reach out to the provider community, they need to reach out now, if we think the May date is going to serious. Because what you are saying now is we are almost conceding that the May date is not serious.
MR. REYNOLDS: No. No, no.
DR. SCANLON(?): Well, and if we don’t, then I think HHS should be moving now to educate the provider community. We are serious about the May date. You better get moving, in terms of compliance.
MR. BLAIR: If this would be the only letter that we would be sending HHS, before May 23rd, I think I would probably agree with you.
We are in a process, and there is going to be another letter that’ll come out of the full committee in February, and, hopefully, things will improve between now and then, because if they don’t, that other letter would be a real challenging letter.
So I guess what I am indicating on this is that because I am viewing it as a process, I am really kind of weighing in with what Harry says, because CMS has heard all of the discussion, the testimony. They have heard our discussions. I think they fully understand how serious the situation is, and the letter, in my opinion, we are striking an appropriate balance, at this point in time, understanding that another letter will come forth at the end of February.
MS. GREENBERG: Well, I think I understand where you are all coming from, but maybe a compromise would just be to take out this business about monitoring and to say, In the meantime, we urge HHS take action, as needed, to strongly encourage compliance and early testing by all covered entities, and leave out the closely-monitored compliance activities, which I think I would agree with Bill, is kind of wishy-washy.
DR. SCANLON: It implies a delay, that you don’t have to do anything today to think about what -
MR. REYNOLDS: Bill, does that get closer to what you are talking about?
DR. SCANLON: That would be fine -
PARTICIPANT: A more active verb than -
MR. REYNOLDS: Steve.
DR. STEINDEL: Actually, I think we have heard that HHS is actually doing what this sentence says. They are monitoring it. We have actually had an update from Karen to show how accurately they are monitoring yesterday as to what is going on in this area. So they already are monitoring, and we already have evidence that they are taking and considering action by the paragraph that was added in this.
So if we want to make any modification to this and make it a little bit more strong, I would just say to continue closely monitoring, to indicate that they are doing it already, and not take it out completely.
DR. SCANLON: I think if we take out the monitoring and leave it for them to take necessary actions, they can include monitoring among the necessary actions that they think that they need to take. Just gives them a little extra push.
MS. MC CALL: Two things. I would concur with removing the words around monitoring, but I would also add something. We need them to take action, as needed, not only to encourage compliance, but to enable compliance, and that is, in effect, the paragraph that you added, that it is not just to go rah-rah.
MR. REYNOLDS: Enable?
PARTICIPANT: Enable.
MR. REYNOLDS: Any other comments?
DR. COHN: Well, not sure I understand. Would you read that sentence now?
MR. REYNOLDS: Yes, I sure -
DR. COHN: I am getting a little confused -
MR. REYNOLDS: I’ll read what I think -
DR. COHN: - about what that sentence looks like.
MR. REYNOLDS: I’ll read what I believe it is at the moment.
In the meantime, we urge HHS to take action, as needed, to enable compliance and early testing by all covered entities.
MS. GREENBERG: I think enable and encourage, or did you want enable instead of encourage?
MS. MC CALL: I had intended enable and encourage.
I do think that there is a certain amount of vocal encouragement of providers to do what they need to do. So -
MR. REYNOLDS: Okay. Any other comments?
Bill, thanks for that.
Paul.
DR. TANG: This may put a little bit more strength in it. So take the steps necessary to enable and to ensure that providers meet the published deadline.
MR. REYNOLDS: But that is not - That won’t get everybody where they need to be, because if a provider gets it on May 22nd, that doesn’t mean everybody is going to be okay.
DR. TANG: In time to meet the published deadline?
MR. REYNOLDS: That’s the tough part of this. Everybody can finish at the same time. Problem is, they are not all finished together. That’s the -
Any other -
DR. COHN: Well, Harry, would you do me a favor, once again, read what we have here -
MR. REYNOLDS: Yes, I will.
DR. COHN: - since I heard there was a further wordsmith after you read it the first time. So -
MR. REYNOLDS: Okay. Here we go: In the meantime, we urge HHS to take action, as needed, to enable and encourage compliance and early testing by all covered entities.
MS. GREENBERG(?): Yes, I like that. I like the enable.
MR. REYNOLDS: Are there any other comments on the letter?
We will get this adjusted, get a new copy out to everyone, so you can see it in finality, Simon. Is that what you want to do or you want to just approve the changes as submitted?
DR. COHN: I’d like us to be able to vote on this. I’m just - I am sort of trying to figure out whether the sentence makes total sense, at this point. So read it again. I mean, I apologize. Just - I’m trying to figure out what it means exactly. I mean, we have wordsmithed it to death now, and I am sort of getting a little more confused about - You know, it starts out, In the meantime - what exactly the words all mean. So read it again and then explain to me what it means.
MR. REYNOLDS: Wait a minute. This wasn’t my change.
DR. COHN: Okay. Well, somebody explain to me what it means.
MR. REYNOLDS: No, I will do that. Yes. Okay.
In the meantime, we urge HHS to take action, as needed, to enable and encourage compliance and early testing by all covered entities.
So what we are saying is we are saying we are going to hear testimony in January, and that is why we used, in the meantime. So between now and January or February, when you hear from us again, here is what we hope is going to happen. That’s why I think we had that in there.
I could comfortably just say, we urge, period, and whether it is in the meantime or not. I mean, that is a definitive statement, We urge that HHS do this. Cleaner.
MR. REYNOLDS: So I can justify in the meantime, but I think taking it out probably makes it more firm.
Yes, Marjorie.
MS. GREENBERG: I hate to do this, but it goes back to Paul’s a bit, but I wonder if it would read a little better, be a little stronger, it says, In the meantime, we urge HHS to take the necessary action to enable and encourage compliance and early testing by all covered entities. So whatever those actions are. As needed is a little wobbly also, I think.
MR. REYNOLDS: So take out, as needed.
MS. GREENBERG: But to say - You could just say, to take action or to take -
PARTICIPANT: The necessary action.
MS. GREENBERG: - the necessary action.
PARTICIPANT: The necessary action.
MS. GREENBERG: Maybe you could even just say to take action.
MR. REYNOLDS: All right. We are saying just take action - taking out as needed.
I’ll read it again: In the meantime, we urge HHS to take action to encourage - enable and encourage compliance and early testing by all covered entities.
PARTICIPANT: Good.
MS. GREENBERG: Yes. I like that.
You are not happy yet?
DR. COHN: Well, I -
MR. REYNOLDS: Would there be any - Simon, you still -
DR. COHN: Well, what actions are we referring to, I guess is what - I guess the part that sort of is -
MR. REYNOLDS: Well, the first is the data dissemination. The second is the outreach. I mean, there’s plenty of things that have been clearly - and they were stated to the Secretary from WEEDIE’s(?) letter. WEEDIE sent their letter directly to the Secretary as well as testifying to us. I think there’s a body of work that is available on the steps that are issues and concerns right now. So that -
MS. GREENBERG: That’s why if you said the necessary action, it would refer up, I think, to this new paragraph, as well as - I don’t know if you have anything about outreach.
DR. COHN: I have actually really an odd question to ask of everybody. I mean, we are wordsmithing this sentence to death. I am sort of - once again - getting a little confused about - I hate to use the term action as a vague sort of thing, especially since we haven’t referenced - I mean, we are not going to start adding new paragraphs at this point talking about education, outreach, you know, on and on and on. I mean, it is a little late in the history of this letter to do that.
I guess the question is is what happens if we remove that whole sentence?
MS. GREENBERG: But, no, we can’t do that.
DR. COHN: Okay. So we can’t do that.
MS. GREENBERG: I know, that’s - my solution at this point, but I don’t think you can.
I think -
DR. COHN: Well, maybe it is okay.
MS. GREENBERG: We are very close.
DR. COHN: Yes, I mean -
MS. GREENBERG: Yes.
DR. COHN: Okay.
MR. BLAIR: You know, there is a certain reality here, and CMS is very, very highly motivated to make sure that this happens.
PARTICIPANT: And to get this letter out, I think.
MR. BLAIR: So I think that the message is here in the letter.
DR. COHN: Okay. Harry, one last read of this last sentence, and, then, hopefully, we’ll vote on it.
MS. GREENBERG(?): One last time with feeling.
MR. REYNOLDS: Let’s don’t set unrealistic expectations. I will read it again.
In the meantime, we encourage HHS -
PARTICIPANT: Urge.
MS. GREENBERG: Urge.
PARTICIPANT: Urge.
PARTICIPANT: Urge.
MS. GREENBERG: Not encourage.
MR. BLAIR: Urge.
MR. REYNOLDS: Oh, I’m sorry.
MR. BLAIR: Would you like me to read it, Harry?
MR. REYNOLDS: I am reading it the way I want it now. So -
In the meantime, we urge HHS to take action to enable and encourage compliance and early testing by all covered entities.
MR. BLAIR: That says it.
MS. GREENBERG: To take the necessary action -
MR. BLAIR: - put necessary in there.
MS. GREENBERG: Yes.
PARTICIPANT: and you said something that - in time -
MS. GREENBERG: No. Or the necessary actions.
MR. REYNOLDS: All right. Take the necessary actions. Okay.
MS. GREENBERG: Take the necessary actions.
MR. REYNOLDS: In the meantime, we urge HHS to take the necessary actions to enable and encourage compliance and early testing by all covered entities.
DR. COHN: Karen, does this make sense to you?
MS. TRUDEL: Yes.
DR. STEUERLE: I am going to move that we adopt this resolution -
MR. HOUSTON: And I’ll second it.
DR. STEUERLE: - and move on. Okay.
PARTICIPANT: Forty-five seconds.
PARTICIPANT: We’ve got a motion on the floor.
DR. COHN: Motion. Second?
PARTICIPANT: Second.
PARTICIPANT: Second.
DR. COHN: Okay. Discussion?
PARTICIPANT: I hope not. We just did.
DR. COHN: We just did. Okay.
All in favor.
(A chorus of ayes).
DR. COHN: Opposed?
Abstentions?
Okay. The letter is passed.
MR. REYNOLDS: It is much nicer to be on the phone with this group. You don’t have to watch the body language when you are on the phone.
MS. GREENBERG: You can be rolling your eyes on the phone.
DR. COHN: Okay. That actually is the final Action item for this meeting. So, Harry, thank you very much.
Boy, a little early in the morning for so much wordsmithing.
Agenda Item: Subcommittee and Workgroup - Any Additional Updates?
DR. COHN: With that, why don’t we move into a discussion, now, of - this is sort of a report out from the subcommittees and workgroups, discussion, obviously, of both current as well as planned work, as well as any observations you have about crosscutting issues that you sort of see coming forward.
I think, given the conversations we have been having with Populations and Quality, maybe we will start with Don, Populations, and then we’ll move to the Quality, at least to start with. Please.
Agenda Item: I. Subcommittee on Populations
DR. STEINWACHS: The Populations Subcommittee held a workshop. It now seems like ages ago. I am now trying to remember when it was. Gene?
MS. GREENBERG: September 18th and 19th.
DR. STEINWACHS: Oh, thank you, Marjorie.
Okay. And with the great help of Joan Turik, who is in Jim’s office in ASPI, to hear from a range of agencies inside and outside of HHS about data linkage, both what they are doing, what the opportunities, what the barriers and what the concerns are.
And so what we are in the process now of getting - We have the transcript. We are in the process of getting minutes, and we had a discussion at our meeting yesterday afternoon about to what extent we saw actionable items at this point in there, and so that discussion is really still ongoing, but let me just list for you some of the things that came up, some of the themes that came out of that.
One is the role of data centers, and NCHS has now developed an agreement with the Census to actually share their data centers, to expand that substantially, and I think should be congratulated for that.
At the same time, it was clearly pointed out that for most people to use a data center, in order to get at data that is not part of public-release tapes, such as if you want to do anything that was geographic in nature or you wanted to look at some of the minority groups and so on, you have to go relocate, generally, to some part of the country and stay in a hotel for a while, and if it is a graduate student doing it, it is probably not practical, and so there are some real barriers, and there may be some opportunities to try and overcome some of those, and we talked about some of those options, both at the workshop and at the meeting.
One of them is that there is some work underway to allow remote access to the data centers, so that you send your request in, it is looked at and then sent back out and you don’t have to physically be there.
Another issue - and Russell helped us think about this - is it is very clear that the different major data agencies - Census, Social Security, NCHS - have different rules and regulations, and I am not sure how much is legislation and how much it is the interpretation of the legislation into regulation that make it such that the standards that are being used for security differ and, therefore, create barriers, and when you link data, then, somehow, you now have two sets of standards there, and linked data sometimes just can’t be shared with anyone, other than the purpose for which it was linked.
We heard a lot about issues around states and the fact that each state, these days, takes independent action, and particularly with increased concern about privacy and security, states are raising the bar on many things, and we heard about this, too, and we had a joint meeting with the BSC, a real concern about mortality data, and that is another area where we may want to focus some attention about what are the opportunities to try and overcome these, and I am not going to take you into the suggestions at this point.
There was also a concern that in data sharing, even within government, where it is government agencies that are linking and sharing data, is that the time it takes to negotiate a new agreement takes months, and it seemed, at least within the government, maybe there is an opportunity to have more standardized data-sharing agreements. I don’t know. I am looking at Jim now, who knows all these things, I am sure.
MR. SCANLON: Well, we actually - we have a fair number of them -
DR. STEINWACHS: Okay. And so that did come up in some of these -
MR. SCANLON: Countervailing forces is what you heard at the meeting there. There’s the pressure to get more access to data -
DR. STEINWACHS: Yes.
MR. SCANLON: - for more and more use. At the same time, there is increased privacy and security concern. So there really is this continuing balance - So you sort of have to kind of -
MR. LOCALIO(?): Could you talk into the microphone, please?
MR. SCANLON: Yes. Just saying there are counter - I think what the committee heard at the hearing, and we certainly hear it everyday, and we have heard it at the committee here, there are countervailing forces at work here. There is tremendous pressure for more access and better access and prompter access for policy and program utility of the data, and we clearly want to move in that direction.
At the same time, both from the states, from other forces, there is clearly pressure to - not pressure, but reasonable concern about privacy, confidentiality and security.
So we heard from all the agencies, I think, Don, and the users of the data, how do you reconcile these? And that is certainly - Anything you can do in that area would be very helpful.
DR. STEINWACHS: And I think Gene particularly - and Gene and Nancy, along with Joan, are the ones who really shaped this agenda. You know, Gene keeps us thinking about where are the low-hanging fruit here, where there might be a chance to do something that could make it incremental, just as you are talking about.
Gene, do you want to say anything?
DR. STEUERLE: Well, this is only to reinforce what you are saying. I think one of the dilemmas for the subcommittee and the committee is what actions can we take to move along this agenda. I mean, it is clear that the merging of data would significantly enhance our ability to examine the various health outcomes to see how they vary across different parts of the population, to encourage a wider range of research, both within government and outside of government with potentially significant benefits for the public as a whole.
The dilemma, which Don has well expressed, is, in part, that there is really no one decision maker you can go to often for these things either. So we can write letters to the Secretary encouraging him to support, say, the efforts of Jim’s office and ASPI and other offices that might be attempting to do something here, but the question is how do you - Are there ways that we can actually see of breaking through a barrier? Can we actually identify a particular need that is significant enough that our letter might give Jim and others some ammunition when they go into the front to fight this stuff, but as I say -
DR. STEINWACHS: Thank you for the other - like Census and Social Security and IRS -
DR. STEUERLE: Yes. I think a big part of the dilemma is how to deal with the multiple decision-making apparatus. At some point, you get a secretary or a member of congress or somebody who is really interested. Sometimes that person, being at a high enough level, breaks through these barriers. So he basically says, I want something to happen. At that point, the lawyers say, Okay. We are going to try to minimize privacy concerns and maximize the public use of this data, but they are willing to sort of move towards a decision.
So that is - But this gets back to us. What do we recommend and how do we put this forward? Having identified needs and opportunities, still doesn’t quite tell us how to break through all the barriers.
DR. STEINWACHS: And I think, as Gene is saying, it might merit some discussion here about - Since this is an issue that cuts across the government and not just HHS, is what is the appropriate way to pursue some of those things that go outside of HHS?
So we are looking forward to taking some next steps on these that I think - at least my sense was - on the data centers. There may be some specific things that we’ll be coming forward with a letter, so that you would have something in the February meeting, and, then, we are also looking at next steps on some of these other items, which may be getting more information, in some cases.
The second area that we are pursuing is surge capacity, and -
DR. COHN: Don, can I just ask a question?
DR. STEINWACHS: Please. Yes.
DR. COHN: And this was actually just - and I - in these conversations, I don’t know whether we break in or let you present -
DR. STEINWACHS: Oh, please, please. Break in.
DR. COHN: But I guess I was struck, and maybe just ask potentially a naive question, which is I am sort of struck often how we have a Privacy Subcommittee that is obviously very concerned about privacy, and then we’ve got the Population Subcommittee that appears to be -
DR. STEINWACHS(?): In the public interest.
DR. COHN: Well, I don’t even know what words to use here.
MS. GREENBERG: Concerned about balance. They both want to balance.
DR. COHN: Well, I think, yes, and I guess I am - Maybe just to reframe the question, which I guess you are bringing up, which is are there ways to make the data more useable in the public interest while also ensuring privacy? And it seems to be that the way you frame it appears to be sort of it is either one or the other. So I am wondering - I mean, that may be jargon.
DR. STEINWACHS: That is my fault, because it is certainly not one or the other, and it is trying to weigh, and I think Gene has been eloquent a number of times reminding us that the error can be that you can infinitely increase security and confidentiality, but you have to recognize what you are not able to do, the information you are not able to get that can make a difference in people’s health, and so you have to then figure out how does the government weigh the value of the information, data linkages and so on, but, at the same time, recognizing there is some threat there. Even if it is all done by government employees, there is still conceivably some threat in this area.
MR. SCANLON: And I think, Simon, they’re - the witnesses at the workshop -
DR. STEUERLE: They are the third part of this triangle perhaps we haven’t emphasized enough, and that is resources. So, sometimes, there is a way to get around the problem. So, for instance, if Jim has this great data set that is linked and you can’t let outsiders use it, he could hire 100 people from outside, in theory -
PARTICIPANT: And deputize them.
DR. STEUERLE: But, for practical reasons, a lot of internal resources, and often including the internal resources of the staff, often including literally things like slots - You know, sometimes offices are limited more by slots than they are by dollars. In fact, that happens quite often in government, because of - So there are a lot of Catch 22s to this. So sometimes you find ways around the problem.
It is not just the privacy issue - It is also linking up to the - Even if you find a way around the issue that gets around the privacy concerns - or the confidentiality concerns is probably a better way to say it - you still sometimes have other constraints such as resource constraints that prevent you from doing some - opportunities or you go to certain agencies, like Census, whose mission often is largely defined by - Congress puts a huge push on them to do counts of the population. So they’ll spend billions of extra dollars to minutely improve some count of the population, while ignoring some data merge that we might think might have infinitely greater value, but that is not in their - If you want to, it is not in their set of things that they are trying to maximize or IRS is often the same issue. The IRS doesn’t deal with health. So the internal people in IRS say, Well, that is great, but you spend these staff resources on tax compliance and not on what you could get out of the health data.
DR. COHN: Sure.
Mark, did you want to comment?
MR. ROTHSTEIN: Yes, I wanted to comment on this one particular issue, actually a slightly different take on this, and this comes under the heading of joint projects.
We sometimes think of privacy concerns of the population in monolithic terms. It turns out that different subpopulations within the population have very different views about privacy and confidentiality based on religious, cultural, all sorts of reasons, and we have never had the luxury of pursuing that, and I think, as a joint project, at some point in time, I would like to work with the Populations group and try to flesh out some of these issues, particularly with regard to data usage.
One of the issues that you frequently hear about is concerns about group-based harms, where even if you de-identify the information, in the sense that you take off the personal identifiers, so long as you identify the gender, the ethnicity, whatever of the group that you are studying - this comes up a lot in genetic research - members of a group who aren’t even in the study can be adversely effected, and think, looking to the future, this would be an area where the two subcommittees could work together.
MR. LOCALIO: Could I just make one comment, based on what Mark said, and that is that we had a series of hearings, I think it was three years ago -
PARTICIPANT: Can you speak up?
MR. LOCALIO: - in San Francisco, and I am not sure who was there, but one of the issues that came up was related to this question of what you do about small subgroups of people, and when we asked, the concern was that small groups ought to be able to - were desperately in need of information about their own health statuses because of the variability of health status across subgroups, but they also felt that they ought to be able to participate in the decision as to the degree of identifiability of their information for use in - this was based on surveys - for use of surveys. So I think, Mark, your proposal is consistent with what we heard previously.
MR. ROTHSTEIN: Thank you, Russ.
DR. STEINWACHS: Let me take you to the second area.
Yes, Jeff. I am sorry.
MR. BLAIR: Yes. Maybe you were planning on including this anyway, but just to sort of build upon Mark’s suggestion that there be joint consideration of where the public divides might be in terms of privacy issues, we know that they are, a lot of them, and we have had a lot of difficulty in being able to reconcile them, and, Mark, you mentioned ethnicity, which, obviously, is one potential area, but the other one that is often mentioned is economic level, income level. So I would hope that that would also be included in the joint study area, too, and any other areas that might be generating differentiations on privacy attitudes.
DR. STEINWACHS: Um-hum. Very good.
The second area is the committee’s interest in surge capacity.
Yes. I am sorry, Steve.
DR. STEINDEL: I would just like to ask both if the two subcommittees meet together, I think - We have been focusing on where, you know, differences between subgroups and everything, but I also think there is another aspect, and that is when. What issues are we looking at that we actually need to start applying these types of discriminators, because I think it does vary in terms of the when as well as the where.
DR. STEINWACHS: Let me just make another side comment. I don’t have an answer, but I think we need to discuss that.
The other is that the data-linkage area is an area in which there is a lot of overlapping interest with the BSC, and so we see this as an area in which there would be joint activity there, too.
Bill and I are supposed to do a presentation on the workshop at the January meeting of the BSC, and I am sure it will engender discussion around this, and so I think this is a great time to think about this question of joint activities.
At least from my point of view, we were sort of expecting that the BSC might have some members who were particularly interested in getting more involved in data linkages and actually come to our meetings and participate, in addition to being part of the BSC, and that we need to think through what that collaboration is, but certainly get them to react to possibly letters and recommendations we might be thinking about bringing back to the committee, but, Simon, I think it would be good, at some point, sort of maybe to talk more about how do we make a productive collaboration between the two areas - the two groups.
Let me take you on to surge capacity. I can see this is a tough topic to get to, I can tell here.
Bill did explain to me that we did wipe out the surge capacity in American hospitals over the 1990s and into the 2000s. So we know we have taken care of it, in the sense of creating the problem.
PARTICIPANT: Creating the problem.
DR. STEINWACHS: The issue here - and I’ll ask Bill to talk about it - is much more focused on the measurement of how do you measure surge capacity, and our understanding is, within the government and maybe also in the private sector, there have been different kinds of approaches being used. There is not a consistent approach.
And then the question is how do you get the data, and there have been some efforts in some areas to try and begin to get some data. NCHS has done some of this, but when you think of it from the point of view of preparedness, if there is a pandemic flu, other things, we don’t have, currently, it seems, a way to consistently talk about surge capacity and to say that we have the information needed.
We are proposing to do a half day hearing on November - I am sorry - on February 14th. So the second day.
DR. SCANLON(?): Valentine’s Day.
DR. STEINWACHS: Valentine’s Day.
There was some discussion of the symbolism that went with that, but I don’t remember now what that discussion was, but -
Bill, would you like to say a few words?
DR. SCANLON: Well, I think this is an area where we haven’t paid much attention as a society, in part, because we took it for granted that there was enough access built into the healthcare system that we didn’t really need to worry about surge, and even though, when you look at the total amount we are spending on healthcare, it is hard to say we’ve got more efficient, we probably have gotten more efficient. We have eliminated a lot of the capacity, and it now becomes a much greater concern.
As we have explored this on an informal basis, we find that it is kind of many people’s sort of views that they are widely divergent. I mean, so what we want to do, in this first session, is to bring together people from a variety of agencies that are looking at it from their perspective and see how they have defined the problem and see if we can come to some kind of common definition that maybe involves multiple aspects that different people have done - have included, and, then, explore the issue of data, and how we can build an adequate database for surge capacity.
We need to think about this, I think, differently than we do with a lot of other data, because there is both an interest in knowing what surge capacity is like, sort of at a point in time. Then, there is the issue of knowing what surge capacity is in real time, that when a crisis occurs what do you know about sort of resources that you have available, resources that can be redeployed, so that you can actually deal with this, because this is not just a question of every community is going to have all the capacity that they are going to need to deal with any emergency that is possible. It’s gotta be something where the department has got plans for deployment, and so that - we want to sort of explore both of those aspects.
DR. STEINDEL: Bill, I’d like to ask you when you are going to explore the issues that are involved around surge capacity?
Generally speaking, when people talk about surge capacity, they talk about add more - add more beds, add more docs, whatever - but I wrote about this in the ‘90s when I was doing laboratory quality and we were looking at emergency department turnaround times, and there was a just very recent article on this in one of the throw-aways.
One of the problems with the surge-capacity system is efficiency. Are you going to explore that as well?
And to give you what was published recently, I forget where the hospital was located, but they were having a tremendous problem with response times in the emergency department and turning back ambulance runs, and so they decided, Well, we’ll add 40 more beds to the emergency department, increase our physician staff and this will all go away.
Within three months, they were actually turning away more ambulances, and it had nothing to do with the amount of space they had. It was the way they were handling patients in the emergency department, and they brought in a doc from someplace else who was familiar with this, who revised the whole triage system, and, now, they have a tremendous amount of capacity. So I was wondering if you would explore that as well?
DR. SCANLON: We are definitely going to explore this issue, and part of it is an issue of defining what the - sort of the service is that you were looking at, and then determining efficiency, because there’s - really, there are two components that we need to be concerned about.
The services that we measure on a daily basis, because we see so many coming through in emergency room or so many being hospitalized and we count it as a service.
Then the surge capacity is actually another service. It is the ability to be able to deal with something that you don’t know is going to show up, but when it shows up you can deal with it.
We want both of them to be delivered efficiently, and the problem we have is - right now - is that we focus only on those tangible services that are delivered at a point in time, and it is very easy for us to focus on them and to say, How can I save sort of resources in terms of delivering them? We might lose sort of this other sort of capacity.
And I agree with you completely. I mean, reengineering of the processes is something that - I mean, we are now starting to pay more attention to, and sort of more hospitals, and not just their emergency rooms, but in all aspects of their service delivery, focusing on what you can do to reengineering, and that’s gotta be part of this discussion as well.
MR. SCANLON: Well, I would just - This would be immensely - Some analysis and a sophisticated look in this area would be immensely helpful to the department and to the community generally, and there are - The IOM just - as you know - just finished an expert-panel study. They focused on emergency capacity, generally.
This is a little more focused, and there are a couple of places that have tried to set - You are right, Bill. I think the first issue was what does preparedness mean? Then you can look at data and do people agree on what it means?
And there is this issue of the relationship among being able to - It is a distributional sort of an issue of capacity. It is not just having your hospital extremely capable.
The diversion issue is less of an issue nowadays. So it is not completely solved. These are other issues, and it should be an all-hazards approach, not just pandemic or not just -
DR. SCANLON: It goes beyond the emergency room, in terms of the capacity to deal with people when they become inpatients, because that is as much of a concern, and, often, the driving force behind the diversions is the fact that the emergency room is filled because -
MR. SCANLON: I already told GAO - They were looking at data, looking at this as well, and I told them that the committee might be looking at least that aspect, in the future as well. So it would be immensely helpful.
DR. STEINWACHS: I also wanted to thank Jim again. Within his office, Doug - and I am forgetting Doug’s last name -
MR. SCANLON: Benny(?).
DR. STEINWACHS: Benny?
MR. SCANLON: Yes.
DR. STEINWACHS: Yes. Is working with us on this and is helping shape the workshops, and it is much appreciated, very much appreciated.
DR. COHN: Mark, and then Jeff, and, then, we will, hopefully, wrap this piece up.
MR. ROTHSTEIN: I just want to mention that the Biosurveillance Working Group of AHIC has been working on this issue for most of the last year and has just completed a report to AHIC setting forth the data-collection methods specifically geared toward surge capacity and how are we going to measure respirators’ use and availability and how are we going to measure, in real time, bed availability and so forth. So I would recommend that you coordinate with AHIC on this.
MR. BLAIR: There’s been some recent studies and articles that have been pointing out the - at the same time, that more and more urban hospitals are being closed. Matter of fact, I understand New York City, either yesterday or today, announced additional municipal hospitals being closed.
At the same time that that is occurring, there is a counter trend that is occurring where many private hospitals that are in metropolitan area have been aggressively opening up new hospitals in suburbs, and so, as you take a look at surge capacity, I don’t know if you can, but, certainly, it has to be broader than just urban areas. It may have to be metropolitan areas, and, as you do so, and you look at surge capacity, it is also going to probably mean the transportation to where the hospitals might be, now that they are shifting.
DR. STEINWACHS: A very good point.
Let me just make one last comment, and, then - a very short one. Something else that we had discussed as a possible agenda item for the Population Subcommittee, and we talked about it a little bit the last time we met, but haven’t talked about it more, and that was the thought of thinking about an update on the vision for health statistics in the 21st Century, and I think that still - at least to me - has appeal, and, at the time we discussed it, committee members thought that it did.
So I see that as a possibility still sitting out there. There is less sense of urgency. At the same time, it has been about five years now, and it is probably a good point to try and look at to see are we making progress and are there things in that framework as we have made progress on NHII and - that ought to reflect maybe a little different view in terms of where we are and where we are going, and so both of those - Thank you.
DR. COHN: Thank you. Very interesting, and, I think, useful conversation.
Justine, do you want to -
DR. CARR: I’d be happy to.
DR. COHN: - talk about quality?
DR. CARR: Right. Thank you.
Agenda Item: II. Workgroup on Quality
DR. CARR: I think it is fair to say the quality landscape has undergone a very rapid evolution, and I think back to three years ago, my first Quality Workgroup meeting, when we were talking about the IOM crossing the quality chasm, highlighting the importance of safe, effective, efficient, patient-centered timely and equitable care.
In 2004, the Quality Workgroup held hearings where we explored a broad spectrum of issues ranging from the macro of what is quality to the micro of which data element might be captured on a claims attachment.
At that time, we also addressed the fact that - whether we should be focusing on administrative data sets or electronic health record.
And in 2005, we held further hearings, where - what we have summarized before, but, again, linking to what you say, Don, we revisited the focus of the vision of the 21st Century and found it very helpful, but a key question that we concluded after the 2005 hearings was where are the gaps?
Now, interestingly, I have just been sort of compiling - having raised the question of where are the gaps, in 2005, over the course of 2005, the following initiatives came forward, Bridges to Excellence on community healthcare, Ambulatory Quality Alliance, CMS Roadmap to Excellence, IOM Performance Measurement Report, the appointment of AHIC, as well as the Quality Workgroup, cochaired by Caroline Clancey(?), the Executive Order for Transparency, Quality and Standards, the IOM Report on P4P and the Secretary defining as a priority that consumers have sufficient awareness of cost and quality care to make informed healthcare decisions. That is in one year that happened, since our last hearing.
PARTICIPANT: Well, look what you made happen -
DR. CARR: Hey, we are good, you know?
So the fact of the matter - the reason I think one of the challenges of the Quality Workgroup has been this eruption and explosion and tremendous progress and synchronization of national thought about quality, and I think a key question for us is to understand where we fit in with this.
I will say that, interestingly, the current approach, in terms of having measurable quality, is still very much - I have to concede to Marjorie, the administrative data set is here probably to stay for a while, and AHRQ has spent the last year working, or actually even last summer, refining administrative data set with composite measures for quality and safety that can be used not just for internal performance improvement, but for transparency and also for populations reporting in the national report.
We made the progress of the present-on-admission flag for inpatient ICD-9 codes, and that is underway as we speak.
We have also begun thinking about moving elements of the electronic health record - lab values - pharmacy - to enhance the administrative data set.
So I think the question is what - where are the gaps? So you have to revisit that question. They are not where we thought they were a year ago.
I think two things that have come up are sort of what are the clinical questions, and, then, what are the infrastructure questions? I think Steve raised the question yesterday, as we talk about decision support, how are we thinking about it in terms of how we are building the electronic health record, and, then -
So I think that we are in the process of trying to understand where we fit in, the expertise of this committee and the value we can bring to this national discussion and initiative.
AHIC has been very busy. I mean, they have generated a lot of information. Carolyn is cochairing the AHIC Quality Committee. So one of the first orders of business is to - Simon is going to coordinate with Carolyn to have an understanding of what role we can play.
Mary Bath, our liaison from AHRQ, has asked specifically that we can help with holding hearings on these composite measures to get feedback on how they are playing out.
In addition, AHRQ has just completed - there is a RAND report commissioned by AHRQ addressing the community market, I think, for these quality indicators, assessing them on importance, usability, scientific soundness and feasibility.
So I think that what we will sort out in the next, hopefully, few weeks, months, not too much longer, is the role we should play, and it may well be that since the national agenda is well covered by premier experts in the field, our role might be to keep going on the building blocks, whether it be the building blocks in the infrastructure of NHIN or whether it is the building blocks of how do you tell the story of quality? What data elements do you use? How do you blend them with that, and not - and, again, quality for performance improvement, for transparency and also for the individual, the consumer, the community at large to be able to make - understand this information in consumer-friendly language in order to achieve the Secretary’s goal of being able to make informed decision making.
So I think with that - Oh, I’d just like to go back to our - as Carol pointed out yesterday at the close - one of our concluding statements in our February 2006 report said the following, which I think holds true right now, the committee’s most important contribution may lie in providing the context or container for the work now underway on quality in HIT.
Two key areas stand out as important dimensions of health information policy in which needed activity is not taking place.
Number one, understanding what it would take to measure, assess and improve quality at a population health level, and, number two, understanding what it would mean to have a personcentric approach and how that links to population health.
So I think we have been on the right track, and I think we need to just understand how we can add value and not redundancy to the dialogues underway.
DR. TANG: Thanks, Justine, for really an excellent summary of the quality landscape, and, just as you point out, the amount that has been done and published and recommended in the past year has been phenomenal. So, in a sense, we almost have a different surge problem. We have a surge problem of quality measures. So one possibility is that NCVHS can leapfrog to the next policy.
Now, it has already been pointed out by the IOM study, where it said we need to standardize and consolidate our quality measures, and even recommended the creation - I forgot the name of the entity within HHS, I think, to do that standardization.
And the other point I remember is Secretary Levitt, in one of the AHIC meetings mentioned that one of his mistakes as governor was to have 116 quality measures.
PARTICIPANT: Too many.
DR. TANG: Too many.
From a provider point of view, yes, be careful what you ask for. Yes, they wanted the pay-for-performance, but, then, when you open the door and you have 1,000 measures, you almost need an FTE per quality measure - I mean, quality set measures from each of your plans to be able to deal with it, because of the lack of standardization.
So I wonder if we might act along the lines of what the IOM recommended in harmonizing what you want to do as part of care; i.e., what measures do you need to do to support clinical decision support, which influences the physician behavior, then use those same measures and the same meaning in your quality metric definitions, and -
PARTICIPANT: (Off mike) - always?
DR. TANG: It isn’t - Well, you try to make it - That is what the harmonization process is about.
So many of these measures do not automatically fall out of coded information in the EHR, unless you design and make it so. So that kind of harmonization is sort of a next step, and maybe this committee can help sort of at least discuss that and sort of raise that issue, and others may carry that forward.
DR. CARR: May I respond?
I mean, as I look back at the work that has been done, I think we are more harmonized than we were before, even the work of AHRQ, in taking an array of safety indicators and putting it together to tell a safety story or even in cardiac care, we are no longer just reporting on were lipids measured, but what were the results, and that tells a story about cardiac care.
So I think that you are right, that we have just been inundated, and we see it all the time with our board of trustees, where you report out each of the individual measures. They are like what have I learned from this?
And so to really tell a story of cardiac care in this setting is good, fair, excellent, and diabetes care, and I think if we learn well how to integrate the myriad of data elements that we have to tell a story that is understandable and that resonates with progress and outcomes, we will then move on to other clinical scenarios with the lessons learned.
MR. LOCALIO: This is Russell. This may be the last time I can contribute to the meeting, but about 12 years ago, I wrote an editorial called, A Report Card on Report Cards, in which I raised a number of technical issues about reporting.
To the best of my knowledge, none of my - have been answered in the intervening 12 years. A lot still depends on the kind of patients you take care of, and if you take care of patients who are sick to begin with and who come from a somewhat desperate home situation -
DR. COHN: Russ, would you do us -
MR. LOCALIO: - no one can really do too much about this.
So I know there’s been a lot of activity in this area, but, still, I feel the fundamental problems have not been answered, and I would hope that the committee could inject some wisdom into that at some time.
DR. COHN: Russ, having not read your document, could you do us a favor and perhaps email us -
MR. LOCALIO: Oh, what I had to say has been said by others before, and I just tried to summarize it there in a minute that there’s - certainly, there has been an enormous amount of work on this on measures, but they are still fraught with problems, because of the difficulty in standardizing the populations that are served.
DR. COHN: Ah, it goes back to risk adjustment.
MR. LOCALIO: Yes.
DR. COHN: I remember that conversation.
Well, said.
Bob, do you have a comment?
MR. HUNGATE: Yes, I want to follow up on Paul’s comments and emphasize the consumer empowerment piece of the HHS equation of our own assignment, because the focus currently in a lot of the indicator and discussion areas is on place and not on the specific disease treatment, not the specific things that are involved that the patient must make decisions on, and the disease-management function is alive and well in a lot of places.
Now, it may be that the approaches are different from one another of those companies and that their way of measuring differs. It seems to me that, then, becomes a problem -
VOICE: Please pardon the interruption. Your conference contains less than three participants at this time. If you would like to continue, press star 1 now or the conference will be terminated.
MR. HUNGATE: All right. We’ll continue.
The problem for the patient is sorting out the multiple sources of information that come out, which lack authority, but are convincing by their presentation, and so I think maybe picking some of these disease-management kind of places and trying to assess whether there are commonalities of measurement appearing which will help that or whether that means, as you suggest - which I think it probably does, but, then, that is an area of standards that hasn’t even been thought about, and it does get to the risk-adjusting, assessing the individual as part of the population and vice versa.
And I don’t know how that gets addressed within the spectrum of this committee, but I think it is going to be something that is working down the path, and it is around the consumer empowerment, because the consumer is having a hard time grappling with this information overload and doesn’t know what to trust.
DR. TANG: I want to raise two other policy things for -
DR. COHN: Okay. And, then, we are going to need to take a break relatively soon. So - That’s fine. I mean, I think we are - I mean, obviously, these conversations are open-ended conversations. We don’t come to an answer. This is more input for the workgroup for the subcommittees.
DR. TANG: So one of the topics, really, is a bridge between Quality and Populations.
In the old days, the quality - you get these numbers, and the complaint as well, My patients are sicker.
So, then, we -
PARTICIPANT: Aren’t they, Paul?
DR. TANG: So, then, we sort of work on those things, and, then, now, it is the -
Well, those actually aren’t my patients.
PARTICIPANT: They are sicker until they come to Paul. Then, they are -
DR. TANG: Thank you, John.
So there is another policy issue of - and then there is the, Oh, well, this score is for your capitated patients with that plan versus all your -
I wonder if there is another sort of leap frog, an that is to go to sort of population quality measures, just to - you know, it is your panel.
So, for example, the way we internally measure our quality is if you have been seen in primary care, then you are our patient. So we’ll figure out how to allocate you to the right physician - and, by the way, we report physician scores on our internet, available to everybody.
But the argument of, Oh, you know, oh, that was a December and we didn’t have enough - Just if you have touched us within the past two years, then, you are our responsibility, which invokes an outreach responsibility as well, which plays into the whole quality measure of your practice, which includes a population, and that is just another really big step forward, but far more healthy than the - go back to the, you know, my patients are sicker. Oh, that’s not my patient. Oh, I didn’t have enough time with that - all of those things. It would be another major advance.
And, then, the final sort of policy thing, and we have talked about this before, it is just the whole focus on administrative data versus clinical data, because that is another big -
DR. STEINWACHS: Simon.
DR. COHN: Yes. Please remember you are breaking into your break at this point. So - but -
DR. STEINWACHS: You mean John Paul is going to start shooting at me with the -
PARTICIPANT: No, no. It is not your break. It is our break -
DR. STEINWACHS: I thought it was just my break, and the rest of you had to stay here.
Just one thing that has intrigued me, and I don’t know whether Justine and others agree, but it strikes me we talk about the challenges of the future are chronic-disease care. Chronic disease is a long-term proposition, and almost all the quality measures I think of are much more cross sectional, point in time, and an interesting sort of issue is how do you grapple with talking about my care over months, years, and how good is that quality, and even more important, probably, in the long term, is the question of - if you could do that - is what quality variations make a difference? Is it the maximum and worse quality? Is it the average quality? But we don’t have a conceptualization yet of that, and it just seemed to me might be something, again, that the Quality committee might think about.
DR. COHN: Yes, Gene, final comment.
DR. STEUERLE: Very quick, and, Justine, you don’t need to react, but you mentioned that so many organizations are already making recommendations. I just wonder if there might be a role for your committee - since, again, the National Committee on Vital and Health Statistics is so good at convening people and holding hearings - is actually to track the recommendations and what worked and what didn’t, as opposed to this - trying to come up with a new set.
DR. CARR: Right. Thanks.
DR. HOUSTON(?): I have one comment -
DR. COHN: Please.
DR. HOUSTON(?): I think there is a unique opportunity. I think there is really a renewed interest in - by the insurers in looking at chronic - quality in chronic care, and I think there might be some real opportunities just because of where the insurers are going aggressively now in that regard to try to look at how you partner with the insurance industry to get chronic-care quality measures.
Might be helpful to have - bring them in to talk about that. It seems, really, now, that that seems to be, thematically, something that is really - you see in the industry that you didn’t see two, three, five years ago.
MS. MC CALL: Yes, I can confirm that, and so where a lot of payers are going is, in fact, looking at chronic disease as essentially the public-health issue for the 21st Century is the way that we think about it, and so it takes - it is a fundamentally different shift in role and approach.
DR. COHN: Yes.
Okay. Well, once again, knowing that we are - we could keep going forever, I’d actually like to give everybody a break at this point. Why don’t we take about a 15-minute break? We’ll come back at 10:20 and have some presentations and discussion on other topics, and, then, sort of finish up this sort of - before noon.
(Break).
Agenda Item: Health Information Security and Privacy Collaboration (HISPC) Briefing http://www.rti.org/
DR. COHN: We are very pleased to have Jodi Daniel joining us. Jodi is one of the Directors from the Office of the National Coordinator.
We are, obviously, very pleased to have you here to give us a briefing on the Health Information Security and Privacy Collaboration, which, hopefully, is coming up with -
It is just called the Privacy and Security Collaboration, at this point, isn’t it?
MS. DANIEL: Yes.
DR. COHN: So, anyway, obviously, we are looking forward to a briefing, and, hopefully, we’ll have a couple of minutes to talk and ask questions and to sort of discuss what is going on, and the next steps.
MS. DANIEL: Sure.
DR. COHN: Well, thank you.
MS. DANIEL: And given the conversation I know you all had with Rob Kolodner yesterday, I know a couple of other questions came up about related activities. So I am going to give an update on where things are on the HISPC Project, and, then, I’ll just explain how some other activities that - related to privacy and security - will relate to that work, and, hopefully, address some of the questions that came up yesterday, but would be happy to take questions afterward.
Just by way of background - I’m sure everybody here already knows all of this, but I’ll just give the 30-second update. This was a contract that was awarded to RTI International in September of 2005. It is comanaged and cofunded by ONC and AHRQ. It is actually an AHRQ contract, but we have been comanaging and cofunding it with them.
The RTI has been subcontracting with experts, including the National Governors Association, who, obviously, provides their expertise on working with states, and, then, they have contracted - subcontracted with 34 states and territories to actually do the detailed work in looking at privacy and security policies, practices and underlying laws.
The purpose of this, initially, and still, is to identify those business practices and policies related to privacy and security of health information and any underlying state laws that may be the reason for those policies and practices or not, and then to identify those that will effect electronic health information exchange.
So what we are trying to do here is look at variations in practices, policies and laws and look at where there might be some best practices and where there might be some challenges to - for those practices and policies and laws and how they might interfere with or interact with electronic health information exchange.
Where there are challenges caused by those variations or caused by particular policies or practices, we have asked the states to propose solutions to those issues, as well as detailed implementation plans for how to address those solutions. So we are trying to both identify what some of the problems are, identify what the existing practices are, identifying some best practices, as well as trying to come up with some concrete ways of addressing those issues.
Another really important goal of this project was to engage some of the states on health-information exchange efforts. There are many states that have done a lot in electronic health information exchange, and there are some that are just starting to think about it, and this was really an opportunity to engage the states as well as the various stakeholders within the state on some of these really fundamental issues that come up in every discussion about electronic health information exchange and to try to really bring all the stakeholders to the table, so there are requirements to include the government folks, the public-health folks in the governor’s office and folks like that as well as various different kinds of providers, insurers, consumers and the like, so to really try to get a broad array of stakeholders to the table to work on both identifying the issues and identifying solutions and implementation plans.
The work is at a state level, but we also have regional and national meetings in order to encourage discussions among the states and to help them to learn from each other and identify where there really are cross-cutting issues that they need to work through together, rather than just within their state.
As far as where we are today, all of the states that are participating had submitted interim assessments of variation to RTI on November 6th. Those are now being reviewed by their technical advisory panel, these experts that they have been subcontracting with, as well as folks within RTI themselves, to try to analyze those reports. They are interim reports. There are still opportunities to identify some more practices to refine some of their work based on the discussions at regional meetings and the like.
The state work groups were asked to look at 18 different scenarios in order to try to identify the practices and policies that currently exist regarding privacy and security covering various topic areas of treatment, payment, public health, prescription drugs, law enforcement, employee health, research and the like. So they were given sort of a broad array of scenarios to spark their thinking and to drill down on what some of the practices and policies were.
Some of the states actually created some additional scenarios. They felt that they didn’t quite represent the issues that they wanted to take on, and they went further than they were asked to do and really targeted it to their own needs as well, which is very encouraging. They have really taken ownership of their own work and tried to make it as meaningful to their state as possible in their own unique situations.
The summary from RTI about the interim assessments to HHS, to AHRQ and ONC, is due to us on December 30th of 2006.
The most recent activity that has been going on is we had a series of regional meetings across the country. We had 10 regional meetings in all different parts of the country, and we invited not only the representatives from the 34 HISPC states, we also invited representatives through their state governor’s office for other states that were not either able to or did not choose to participate in this project.
The thought was there were some states that really did have some companion work going on or wanted to take this work on some time in the future or were starting to think about these issues, and we wanted to make sure that they had the opportunity to learn from the states that are part of this project as well and make it as collaborative as possible.
There were nine additional states that did attend those meetings. So we had a total of 43 states and territories that participated in the regional meetings.
Some of the key issues that have been raised during the assessment of variation were in three areas, in practice issues, trust issues and legal issues.
Some of the interesting practice issues, people kept saying over and over again, in a paper world that they often rely on human judgment. They look at things on a case-by-case basis. They know the person who is asking for the data, based on - particularly in smaller communities or regional areas, and so they know that they can trust who that person is who is asking for it and that what they are asking for is reasonable, and that was something they found to be a challenge in trying to convert to an electronic world. How do you deal with the fact that you have - you don’t have that personal human judgment necessarily imbedded into it and it just poses some challenges. That was one issue.
A lot of - I would say every meeting that they had, issues came up about patient consent or authorization. Obviously, states use those terms to mean different things, both in procedures as well as in state laws on those topics, because different organizations have different policies on consent - when consent is needed, how you get consent, how often you get consent, for what reasons, et cetera - for sharing of information and for use of information, there were a lot of reconsenting going on. Every time somebody would ask for something new, if it was going to a different organization, they’d have to get a new consent, because that organization had a different consent procedure and the like.
So the variation in consent procedures was an issue that came up over and over again, and this is not necessarily in the HIPAA world of authorization, but just a lot of providers who would want consent to disclose information, either because their state law required it or because their organization required it or they just felt it was the right thing to do, even if it wasn’t required by federal law or state law.
There were also a lot of comments about problems related to or challenges related to variations in how patients are identified. People have different ways of doing this - and I would say pretty much across the board in all of the regional meetings, folks were asking - were saying that this was a challenge, how to identify individuals for purposes of sharing information.
And the last one on the practice issues was variations in security measures. People had different approaches or organizations had different approaches to authentication, authorization, role-based access and things like that, and those were identified as some issues as well.
With respect to trust issues, there were - This kind of goes back to the comment I said before about the different types of consents. Everybody had their own data-sharing policies and practices and their own approach, their own forms they wanted filled out and things like that, and they didn’t necessarily - these were written oftentimes by their lawyers or their privacy officers, and they didn’t necessarily - One organization wouldn’t necessarily accept that the other organization had the right policies in place, and they would want their own form signed and things like that, so some concerns about the variations in the different data sharing protections and policies.
There were some concerns raised about competitive use of medical data, that if an organization had access to a list of cancer patients, for instance, they might - and they’re setting up a new cancer wing, they might try to target market to those folks. There were some concerns there about a particular organization giving out the names of all their patients and their conditions, even for purposes of just clinical treatment, for fear that it would be used for other purposes, and just some general mistrust about how another organization who they didn’t know might be using the information, and whether or not they would be using it in a way that was acceptable to the organization who was sharing that information with them. So just general - the same kinds of big conceptual privacy and security issues we hear about all the time and the different practices the different organizations have, which is important that they get to have their own approaches and that they could protect the information in a way they feel is best for the organization, but it does pose these challenges when they are sharing information and everyone - all the different entities have different ways of protecting the data and different policies in place.
Some of the - and then the third area was legal issues, over and over again, concerns about either misinterpretations or varying interpretations of HIPAA. So there were some - lots of organizations that were taking very conservative interpretations of HIPAA, which we have heard about over and over again, but just got some more confirmation about that in, I would say, every regional meeting, and then also because of the flexibility in HIPAA, there are obviously different ways that people are implementing those requirements, and that is posing challenges.
One of the areas that came up over and over again was minimum necessary, because the organization, as folks know here, can make their own determinations and are required to make their own determinations of what is minimally necessary for a particular purpose, and because all the organizations make their own determinations, it was posing challenges, because they didn’t know what information - They had difficulty in sharing information, particularly if they were sharing information through a network or otherwise, and each organization had different minimum-necessary policies. They didn’t know if they were going to get all the information they thought they needed or if they were sending more information than was really required and things like that. So that came up pretty frequently in the meetings that we had.
There was still the fears of liability for enforcement or for publicity that they violated the privacy rules, you know, we hear that and that sort of leads to some of the conservative interpretations.
And then there were some interesting things where folks would blame HIPAA for their policies and practices when there was no basis under HIPAA. So, for instance, a lot of -
PARTICIPANT: We never heard this one.
MS. DANIEL: Never heard that before.
A lot of entities were saying that they had to get consent for treatment - to disclose information for treatment purposes. I heard this over and over again, and the rules couldn’t be clearer that consent is not required to disclose information for treatment purposes. Yet, some folks did this because of state law. Some folks did this because they thought it was - The doctor thought, for instance, that it was the right policy, but some entities were saying, No, no, no. That is required by HIPAA. We have to do that.
So I think some of the benefit here is there is some opportunity for education and for - still for clearing up some misconceptions as to what is required and where the practices are based on an organization’s policy and not necessarily because there is a legal mandate to do so.
As well, not only would HIPAA come up in all these meetings, but state laws come up in every single meeting that we had.
There are a patchwork of state laws on privacy and security, as everyone knows, and they have been developed over time. So there are - Some state laws, they might overlap with each other, and there was confusion about how certain state laws would interact. The state laws were spread out through lots of different titles within the code. So people didn’t necessarily know where to look for the requirements for privacy protections, and some of the privacy protections in state laws were antiquated and they were based - They were passed decades ago and didn’t necessarily make sense in an electronic world. So all of those issues were coming up at a state level.
Consistently, we heard about the consent laws in various states for sensitive information, and almost every state has some state law providing extra protection for sensitive information, and there was a lot of confusion of if you need to get consent to disclose information about HIV status, well, does that mean you basically can’t disclose anything about a patient with HIV, who is HIV positive, because the clinical notes, the lab tests, the drugs that they are taking, so many different things could give an indication that they are HIV positive and where are the boundaries of that? So those were challenges that folks identified, and then the variation were challenges folks identified.
There are actually some states that, even though they were focusing on variations, some of them have already started to think about solutions, and there are some states that were saying they really wanted to work together with other states to think through are there ways that we can make these more consistent across state lines, not necessarily get rid of the state laws, but, if there are states that have similar types of laws, how can we make them more consistent, so that there isn’t an issue of sharing information across state lines. So that came up in a couple of places as well, as they started thinking about, Well, what could we do about this?
And then we also heard about some other federal laws like CLEA(?) and FURPA(?), the same ones that come up, and folks were saying that those were posing some challenges. They didn’t necessarily know how to apply those. Same kinds of things as HIPAA. There was confusion about them. There was confusion about how they interacted with other laws and things like that. So we heard the whole gamut of state and federal laws and challenges, nothing too new here, but it was definitely interesting to have the folks at the grassroots level, the ground level telling us that, Yes, we are hearing this consistently over and over again, and then trying to figure out, Well, what do we do next now? Is it about education? Is it trying to harmonize state laws? Is there some way of working to come up with common practices in a region? If they are sharing information through a network, what are the best ways of handling some of these, and so those are the discussions they are just starting on now, as they move into the solutions phase of their state projects.
Some other things that came up, there were comments over and over again about we are doing this at a state level and we are bringing the right stakeholders together, and it has been really helpful to identify who the right people are and to start building those bridges and those collaborative relationships, but there was a real desire and need to start crossing those state lines, and we saw that in the regional meetings. It was really quite wonderful. They were just chomping at the bit to find out what the other states were doing and how do you deal with this issue, and in Wyoming they don’t have tertiary-care hospitals, so all of their patients are going out of state, and, Well, in Colorado, how do you deal with this, because once our patients come back we need to get the information back to our doctors.
So there was a lot of exchange and it was a really nice opportunity for the states to identify who their counterparts were in other states and start building those bridges and those collaborative arrangements. They also asked - We heard over and over again that they are asking for help in doing that as well.
And I am going to talk a little bit about the state alliance, because that is actually one way that we think we can help bridge that interstate collaboration.
Just to finish up, I wanted to give you some dates that we have as far as some of the deliverables that we are anticipating, so you know what is coming down the pike.
Like I said, we’ve gotten - RTI has gotten the interim assessment of variation, which we should see at the end of December.
The interim reports of solutions are due by the states in a couple of weeks, in mid-December.
The implementation plans, the interim implementation plans are due mid-January, and, then, the - We do not intend - Those are just interim reports and RTI will work with the states to try to help them figure out where there might be holes and how to hone those and help them in doing their work.
The real meat is going to be in March, when we are getting the final assessment and analysis of solutions and the final implementation plans.
There is a national meeting where we are going to bring all of the states together. We’ll also be open to the public. Anybody who wants to attend can attend those meetings and hear the discussion. That will be March 5th and 6th, and it will be in the D.C. area. I think it is a hotel in Bethesda. I don’t have the details of it yet, but it will be in the D.C. area, and RTI will then follow up and do a nationwide summary looking across all of the state solutions and implementation plans and try and analyze that information and come up with some information about where there are similarities, differences, where different states can learn from each other and where we might be able to glean some knowledge for nationwide policy as well, based on the work that the states were doing.
The one thing I want to say about some of these dates is that we actually - we have been talking to RTI. They have heard from some of the states that because of some of the tight deadlines and the holidays, they want to really be able to capitalize on the networks that they have set up, and there have been some concerns about the dates, and they have asked us if there might be an opportunity to give a little bit more time on some of those dates, so that the states have an opportunity to really do the best job they can in coming up with the solutions. So we are still in discussions there. Just wanted to let you know. I am giving you the dates - they may slip a little bit - so that we can make sure that we get good products back from all of the states and that they have the opportunity to do the work as best they can, and RTI is the best opportunity to analyze that work. So I may have updated dates for you next time.
That was sort of the HISPC summary on where we are and where we are going, but I wanted to just sort of address some of this. What are we going to do with some of this work and some of that interstate collaboration discussion?
We have recently signed a contract with the National Governors Association Center for Best Practices to establish a state-level health ID decision body that will address these interstate issues. So the goal here is to have state-level decision makers who are on a steering committee, the State Alliance for E Health, and that will really take on some of these challenging issues and try to come up with recommendations for all of the states.
The State Alliance - the Steering Committee will meet quarterly. It’ll be made up of sitting governors, legislators, attorneys general, I think state CIOs. It is all state-elected officials that would be on this steering committee.
Again, these meetings will be open to the public, and the first one is going to be January 26th. I think that date is actually set, and they’ll also have a Technical Advisory Committee that will be non-voting members, but that will sit at the table with them and provide them some guidance advice and give them some technical expertise as they are deliberating on some of these issues. So we wanted to make sure that it was folks that had the authority to actually make decisions for their states, as well as some folks who have a little bit more technical expertise who can work with them as they are making those decisions.
There will be three task forces, sort of like the AHIC and the workgroups for NCVHS and your subcommittee, that will report up to the Steering Committee of the State Alliance.
The three task forces are really based on a lot of the issues that we are hearing that really require state-level activity and state-level collaboration.
The first is privacy and security, and the question I have had is, Well, how does this relate to the HISPC Project? Isn’t that what the HISPC folks are doing?
The HISPC projects are really state by state, and there are opportunities for collaboration and discussion among the states, but they are really for the states to look at - look within their own house and figure out what it is that they’ve got going on and what it is that they really need to do. Do they want to bring all of their state laws into one part of the code, which was a recommendation one of them - one state was actually toying with? Are there things within their own state that they want to do? Are there things within their own organizations or regions that they think should be implemented at a state level?
But, like I said, there are constantly questions and comments and issues that are coming up where they say, We really need to work this out with other states. We don’t want to develop this in isolation, but this would only work if we can talk to the other three states that we commonly share information with or with all the states across the country.
So the Privacy and Security Task Force of the State Alliance will really take on those issues. As issues come up through the HISPC Project, we would feed those to this task force, so that they can deliberate on how do we address these across states, not just within states. So we are looking at that as sort of a next phase as we look at interstate collaboration on privacy and security issues, and that task force will meet monthly.
The second task force is focusing on what we are calling practice-in-medicine issues.
So these issues are things that we have heard from discussions here, from discussions at AHIC, from our own work at ONC, that are issues that are state-level issues, but that people keep raising when we talk about electronic health information exchange.
Just a couple of examples of some of the issues this group might take on. The first is licensure issues. We have heard over and over again that the varying state licensure practices and policies and the time it takes for licensure really does pose challenges to telehealth, to secure messaging across state lines, et cetera. So that is one of the issues that we have suggested that they take on is looking at state licensure and whether or not there are solutions either through reciprocity or some kind of streamlined licensure approach or some way to address some of those challenges that we have been hearing, and there are some folks who are already working on some of these issues, medical boards and the - I can’t remember the name of the organization that - the state collaborative organization for medical boards, but there are some folks who have already been thinking about this, and we would like them to collaborate with those organizations to address this issue.
CLEA, again, their state CLEA laws, not just the federal CLEA law that we have heard are challenges to sharing of health information with various providers and with patients, and then liability issues which come up over and over again. So those are the kinds of things that group would take on.
The third group - and that group will also meet monthly. The third group is look at the state role in health information exchange.
We have recently, at OMC, had a contract with AHEMA(?) and they have been working with nine states that have fairly advanced electronic health information exchange activities to identify some issues - best practices and the like - for state health information exchange.
They also have identified some areas where the state really - they are issues for the state to take on, like what is the role of Medicaid? Are there - What is the role of public health in state health information exchange and the like.
So this group, because it is a state-level group, would take some of the work again coming out of this AHEMA project and look at where can a state make some progress in order to facilitate these activities in health information exchange at a state and regional level.
That workgroup will only meet quarterly for the first year, although I think the plan is that if we renewed the contract that they would also meet monthly once they get up and running.
We have asked NGA, in setting this up, to work very closely and coordinate with other organizations that work at a state level. For example, the National Council for State Legislators - which is an incredibly important group of folks, if legislative suggestions are made for state laws - the National Association of Attorneys General, the National Association of Insurance Commissioners, the National Association of State CIOs.
So they have already reached out to all of these organizations and we’ll be working collaboratively with these organizations in both making sure that the right information is being presented, the right people are at the table, and in helping to disseminate some of the recommendations that come out of the State Alliance.
The way this is structured, it is now - it is a one-year contract with an option to renew for two years - two additional years and the expectation is like the AHIC, that if this is successful, it would continue - they would come up with a plan to continue operating after those three years lapse, if, in fact, there are still issues that they need to work on or believe would be valuable to continue the organization going.
And the last related activity I wanted to mention is the Confidentiality, Privacy and Security Workgroup of the AHIC, of the American Health Information Community. Again, another group that we have working on privacy and security issues.
This was really formed in response to a recommendation from three of our other workgroups at the AHIC, the Consumer Empowerment Workgroup, the Chronic Care Workgroup and the Electronic Health Record Workgroup.
They kept - as they were trying to deliberate about the various issues related to the breakthrough areas that they were working on, the privacy and security issues kept coming up, and the same issues were coming up across these workgroups. So they recommended that a separate workgroup be formed and that it focus exclusively on these issues as they relate to the breakthroughs, and we have an AHIC member - an NCVHS member who sits on that subgroup as well to make sure that we are coordinating - John Houston - to make sure that we are coordinating with the work that you are doing, and that we are not - I’m sorry?
PARTICIPANT: (Off mike).
MS. DANIEL: - to make sure that we are coordinating with the work that is going on here and that we are not duplicating efforts that are going on in this advisory committee.
The group was formed in late summer. The first issue that they have taken on is patient identity proofing, and they are expected to have recommendations at the January 23rd, AHIC meeting. So you can look forward to that.
The goal here is that this group will basically be recommending policies to feed into current and future federal activities, particularly related to the breakthroughs, so this could be in contracts that we are doing or some pilots or demonstrations that we might be supporting, and we would ask that those - through those different mechanisms that they follow the recommendations, if they are accepted by the AHIC.
We are currently working on a prioritization process for the next set of issues. Once we get past patient identity proofing - and we have been working with the workgroup members to identify where we should go next as far as priorities - we are trying to, within the issue areas, identify specific issues that need to be addressed, so that we can prioritize within an issue area, not to say we are going to take on authentication, but what about authentication can we really tackle and succeed on? And our intent is to have a hearing on whatever the workgroup decides to be the next issue early next year.
All of these activities are really linked and complimentary. The CPS Workgroup is really looking at federal or nationwide issues. The HISPC Project is looking at state-by-state issues, and, then, the State Alliance is looking at sort of cross-state issues.
So while there’s a lot of similar types of discussions that are going on, they are really operating at different levels, and what - I am involved in all of them. So what our intention is is that, as an issue comes up, if an issue comes up in, for instance, the AHIC Workgroup, that is a really a state-level issue, well, we would bring that to the State Alliance and say, Hey, is this something that you can work on and take on? It is something that has been identified at the national level as an issue that states could look at, or vice versa, and, as I had mentioned, with the HIPC Project, as cross state issues are coming up, we would bring that to the State Alliance.
They may also raise issues that are federal issues or nationwide issues that are really problems that are not things that effect their state work, but aren’t things that they could deal with at a state level, and, again, we’d bring that back to some of the federal projects and processes that we have.
So we are looking at these as very linked and very complimentary, and what we intend is that some of the policies that are coming out of these different processes could help to shape future activities that we are doing, the future work at NHIN, future standards work, so that we are addressing some of the policy issues and making sure that they are considered when technology issues, when standards issues, when architecture issues are being discussed, because those policy questions keep coming up in those discussions as well.
So that is basically the end of my prepared remarks. I hope that helped clarify some of the questions that came up yesterday, as well as some of the - where we are on the HISPC Project, and I’d be happy to answer any questions.
MR. ROTHSTEIN: Just a little background for the committee members and for the record.
In November of 2004, Dr. Brailer(?) appeared before our full committee meeting and asked the NCVHS if we would undertake a comprehensive study of the privacy and confidentiality issues surrounding the NHIN, and because of the importance of this issue, we, of course, said yes and dropped all of our other things and spent the next 18 months working on this.
After we had been working over a year - and this would be - we had hearings in all of 2005 and were trying to sort of tie things together in early 2006 - we met again with Dr. Brailer, as we had on a regular basis, and the suggestion was that ONC needed our recommendations right away, and, therefore, that we had to stop fooling around and reach consensus where we could and get our recommendations to the Secretary, which we did in June of this year.
And the recommendations - there are about two dozen of them, and I just want to focus on two categories of recommendations without going into any specifics.
Number one is what I would consider foundational privacy issues for the NHIN. In other words, does an individual have any ability or right to be outside of the system to deny their permission for the electronic interchange of the record? So that is one group of privacy issues.
And the other group of key privacy issues were the issues that were essential to build into the architecture of the NHIN before it started, because if we didn’t have that capacity built in, as reflected in much of the testimony that we heard, and, in fact, even consulting with the various contractors, then, it would be either prohibitively expensive, or, indeed, impossible to do it after the fact.
So it seems that these are - the two classes are among the most important things that needed to be resolved right away, and it has been six months since our recommendations were submitted. It has been two years since we were asked for the recommendations, and not only do I know - I don’t really care that there’s not been a response, but I have seen no indication that the issues are being discussed or considered by any of the groups that you have mentioned, and I have no confidence that they are going to be taken up in a timely manner where they can be integrated into the NHIN.
MS. DANIEL: I’ll make a couple of comments about that.
One, we do have a copy of the letter that you all worked very hard on and -
MR. ROTHSTEIN: I can supply you with an additional one.
MS. DANIEL: And we appreciate all the hard work that NCVHS has done on that issue, and it has been very helpful for us.
A couple of things I - It has been received by the Secretary’s Office. I don’t have - as far as the response, I don’t know what the status of that is.
A couple of things that I wanted to say, you mentioned both these foundational issues and the architecture issues.
The CPS Workgroup actually has circulated a copy of that letter amongst the members, the cochairs had asked to do that, so that the recommendations that came from this group can be considered with respect to the work that the CPS Workgroup is doing.
Some of the issues that have been raised - like consumer opt in and opt out - are some of the issues that are being discussed right now for - as far as what to prioritize in what we are doing. So it is in the workgroup - in the CPS Workgroup members’ minds. It is something that we are thinking about with respect to some of these issues that AHIC is looking at.
With respect to the architecture issues, we are - and I am not the expert on the MHIN work, so I’ll just make that disclaimer, but I’ll tell you my perspective of where things are, which is we have four contractors that are working on prototypes right now, and those contracts were let in the fall of last year. So they have been going on for a little bit over a year now.
Those are - they are prototypes. The goal was really to get a bunch of people to start thinking about this and come up with ideas for how can we do this and demonstrate that they are workable.
There will be follow-on work to this. These are - we are going to have a wealth of different ideas. There are policy issues that are coming up that they don’t want to touch, but they have to figure out what to do with to develop the architecture that are coming up in those discussions, and they did have a forum to discuss some of the security issues that were coming up and how do we deal with those in an architecture context.
We anticipate that there will be next steps beyond the prototypes in looking at architecture and design for an NHIN. So -
MR. ROTHSTEIN: There is no discussion among those contractors about the privacy issues. They are considering security issues, but they are not considering privacy issues that we specifically distinguished and that were a part of our recommendations. So that is one of the troubling aspects of this.
MS. DANIEL: I honestly can’t talk to what the contractors are thinking or talking about, because I am not directly involved in the NHIN projects, but, like I said, there will - we will have - those contracts began almost a year before the recommendation letter came out, and we do intend to have follow on work and we are considering all of the different recommendations and policy inputs in future work that we are doing. So that is what I can say on that.
MR. HOUSTON: Hi, Jodi.
MS. DANIEL: Hi.
MR. HOUSTON: Just to follow up on Mark’s comment, because I did have a rather good dialogue with Paul Feldman, I guess last week or the week before about - specifically about the letter, some of what I thought were real important points for the CPS - to bring up, but I wanted to - that is just a side comment, but I really do agree with Mark. It is really vital that we delve into some of the issues that we identified, because I think they are timely, and I think they have to be addressed in order for all of this to succeed, and some of them are real weighty issues and still need a resolution, and so - and towards that end, I guess, one of my thoughts is what is the role of NCVHS? Are there issues that should be - I don’t want to say punted to the NCVHS Privacy - but are there things that we should think about concentrating on that tie in and that can be reasonably addressed through our workgroup, or our subcommittee, I should say, and I’d be interested in that type of feedback, because, obviously, we all want to work together and meet some common goals and objectives, and if we can be doing things that are complimentary that you want us to do, then I think we want to hear them.
But a couple of questions I had about some of the state-law-related activities that are going on, when they are looking through state laws, are they also looking at administrative rules and court opinions regarding interpretation of state laws? Because this has been an issue, I know, in the State of Pennsylvania that you go to different parts of the state and they actually interpret laws differently, whether you are in the east or in the west, and at the county level.
Has there been any attempt to try to assess some of those interpretations in interstate - in trust state variations?
MS. DANIEL: Yes. The answer to that - really, it depends on the state. Each of the states are required to have a legal working group that looks at where are there laws and - which would include interpretations of laws, court decisions that are dictating the practices and policies that people have or their misinterpretations of those laws or varied interpretations of those laws that are dictating policies and practices. So those could come up by the legal working group as reasons for variation.
We have not specifically said, in looking at your laws you have to look not only at legislation and regulations, but also at court decisions. We haven’t been that explicit, so it would depend on the state and their legal working group.
Where there are intra-state variation, I would assume that that would come up through their legal working group if there are known differences in their interpretations of those laws, but I don’t have specific answers to - I haven’t heard specific states tell us that.
At the regional meetings, the conversations were fairly high level, so, hopefully, we would get that kind of detail in the reports that we get back from them.
MR. HOUSTON: Because I think it will be an issue that is going to - either we have to identify them now or there are going to be issues later when we try to operationalize some of these things. So -
MS. DANIEL: It is a good point, and, actually, on the State Alliance, we specifically ask that they include state attorneys general for that reason, because we wanted to make sure they weren’t just looking at the regulations and legislation, but they are also looking at the court opinions and interpretations of those laws.
So I am guessing that it’ll come up in some states and probably not all through the HISPC project, but, hopefully, the AG’s will bring up those issues at the State Alliance level.
MR. HOUSTON: Right.
Another question that I have, too, is knowing that a lot of states now are also at the point of adopting their own identity-theft-related statutes, is there any push back at the state level or any renewed hesitancy to try to align state laws because of - Each state seems to be going at some of the identity-theft issues a little differently, and I guess maybe it is more of a comment than a question, but is that - are you seeing that this is causing problems with trying to come up with consistency and review the state laws to understand where their differences lie?
MS. DANIEL: I haven’t heard anything specifically related to the identify-theft laws.
There were a couple of states, though, that have identified needs for common laws or model laws on particular issues that are coming up. I didn’t hear, necessarily, identify theft as - called out, but there are some states - I know actually Florida has involved in KESEL(?) the National Council for Commissioners for Uniform State Laws - I think I said that right - in their workgroups to - I think in their legal working group, as they are looking at laws, and saying, Is this an area that we might be able to work with other states on model legislation?
MR. HOUSTON: Right.
MS. DANIEL: But I don’t know if identity theft is one of the issues that they have brought up or not - identity-theft legislation.
MR. HOUSTON: And the last point is just a comment. You identified that a lot of people seem to be misinterpreting HIPAA, and I would just like to confirm. It seems to be that is - I spend probably more time trying to clarify what HIPAA means and what you can and can’t do, whether it be within my institution or when I work with other institutions.
I think that is a huge issue that is going to be ongoing, and I think one of the things that maybe needs to occur out of this effort is also looking at some model forms and consents that maybe can be used on an interstate basis, where you say, Okay. This consent form can be widely applied or this authorization form can be widely applied across states, or even if you had to tailor certain ones to specific states because of specific state legislation allowing institutions to feel comfortable that there is a model set of documents that can be used to facilitate exchange of information and participation in a variety of things, because, again, it is the dueling forms, you know, the hospital says, I am unwilling to accept anything other than my form with my stamp at the top.
MS. DANIEL: Right.
MR. HOUSTON: And that is, I think, because the vacuum is that there isn’t anything out there that says, This is the model, and it is a - maybe it is a model of Pennsylvania or Florida or wherever, but even at that level, if people saw that and said, Yes, we agree that this is a form that is consistent with state law and is reasonable and consistent with HIPAA, then people might be more willing to play in the sandbox and then participate, and it might remove some barriers. So -
MS. DANIEL: It is a good idea, and I don’t know if that will come up in their suggestions for solutions or not, but there were - Like I said, lots of states were raising issues of the dueling forms, and, No, no, no. My lawyer told me I have to use this form. That is the only one that has been approved for our organization, and that is something that has been identified as a huge challenge.
DR. TANG: I want to thank you, Jodi, for your very clear presentation. It really helped separate the different perspectives of the group, so I appreciate that.
And I also understand how, at the regional meetings, all of the people in the trenches dealing with issues that John raised really want to get the darn thing solved, so they can exchange - and particularly across state barriers, and particularly in the State Alliance, the one with the decision makers that you talked about.
Many of the differences that states have, of course, are deliberate. So what mechanisms do you have to create alignment of these interests across the state barriers, since they arose, many, intentionally?
One of the original bills - the original 4157 - had granted the Secretary some authority to be able to sort of harmonize this stuff or at least make it uniform if the results of the study show that this was interfering with the exchange of information. That - well, both that provision and then the bill has sort of gone away. So that doesn’t leave the statutory ability to unify these things or make them uniform. What other mechanisms do we have available to try to get over these barriers?
MS. DANIEL: It is a very good question. You made some comment about how many of these varying state laws are very deliberate, and we actually, over and over again, heard - RTI had asked the states to identify where there are barriers to electronic health information exchange, and some of the states reacted very negatively to that. They said, This may interfere with electronic health information exchange, but it is deliberate. It is to protect patients, and we want it, and so we don’t consider that a barrier. We consider that a positive, not a negative, and so it is an interesting question.
The National Governors Association, they have done this before on other topics, where they have pulled together sort of this decision-making body, which obviously isn’t going to have 50 states sitting on it, but the goal is to have rotating membership, so that they’ll constantly change the states that are involved, and, hopefully, with all the