[This Transcript is Unedited]
Hubert H. Humphrey Building
200 Independence Avenue, SW
Washington, D.C.
Agenda Item: Welcome
MR. ROTHSTEIN: I am Mark Rothstein, Chair of the Subcommittee on Privacy and Confidentiality of the National Committee on Vital and Health Statistics. This is our Subcommittee working session to discuss matters that are currently pending or will be pending before the Committee. We will have brief introductions now.
(Introductions)
Agenda item: Follow Up Discussion of April 17th Hearing on “Consumer Controls for Sensitive Health Records”
MR. ROTHSTEIN: Today I want to do two main things. First of all let me say that our FERPA letters are in your briefing books so we will take those up tomorrow. The main purpose of today’s discussion is to talk about the issue of consumer controls for sensitive health records. When we finish that I am going to talk about our fall hearing schedule and get a sense of what issues we should tackle next.
My hope is, depending on how we resolve here today, that maybe we can have a letter issued for September. Who knows?
MR. REYNOLDS: I think it is also going to be very important that the Committee have some position to help the other committee we are involved in which is the “Secondary Uses” because obviously this whole idea of where the person stands – the whole word “secondary” says that the person has to have some idea of what that means. I think it will be great input.
MR. ROTHSTEIN: This is stuff as everybody knows, is so closely related.
MR. REYNOLDS: There is no separation.
DR. TANG: It is interesting that there is one solution for our work, secondary use work, CPS work, the AHIC-CE work, and that is the thing that we have all been saying – now they just said in the AHIC hearing – if we just treat all the people who have access to it as accountable and responsible, that would almost end this discussion.
MR. REYNOLDS: I think it ends half of it.
MR. ROTHSTEIN: I think it ends part of it.
DR. TANG: Speak more.
MR. ROTHSTEIN: What it ends is what we talked about in our covered entity letter, but it still doesn’t deal with the issue that there is some information in health records that patients view as very sensitive and they don’t want disclosed basically at anybody.
MR. REYNOLDS: Where I would go is obviously if you make everybody a philosophically covered entity. That says if they have it they will protect it but you still have the other discussion of do I concur that they have it as a person. Do I want – in other words, if you said that that was the only answer then everybody could get all the data because they are covered and they are suppose to protect it.
DR. TANG: No. There is the minimum necessary provision as a covered entity. So it is not as if as a covered entity I need your consent to do virtually everything except treat you.
MR. REYNOLDS: A treatment payment healthcare operation.
DR. TANG: Web MD is not part of TPO. So if they have some request for your data I am going to have to ask you.
MR. REYNOLDS: That is what we were saying. Just listening to your words you basically said, all we do it make these people covered entities and it is fine.
DR. TANG: Which is possible.
MR. REYNOLDS: You still added some kind of consent.
DR. TANG: Which covered entities need to have except for TPO.
MR. ROTHSTEIN: But I am concerned about the “T”.
DR. TANG: The “T”. The treatment. Why?
DR. FRANCIS: It may even be that people don’t want information sharing those ways. If they don’t want information shared from those ways then they ought to be able to say that.
DR. TANG: Let me just test it. What is an example of something where you do not want an information –
MR. ROTHSTEIN: Okay. I sprain my ankle today or brake my ankle and I am being seen by an orthopedics and that orthopedics does not need to see my mental health records.
DR. TANG: Did your orthopedics ask for your mental health record?
MR. ROTHSTEIN: No, but he asked for my medical records and under current treatment categories everything could go.
DR. TANG: They could go but they don’t have to go. There is nothing in HIPAA that says – and this does follow state law -- we could not release your mental health records to an orthopod who asked for –
MR. ROTHSTEIN: No, the orthopod would ask for my medical records because maybe the orthopod wants to know if I have allergies or if I am hypertensive, whatever, and asks for my medical records and unless we figure out some way to isolate certain sensitive information; STD’s, mental health, substance abuse, et cetera, then the stuff that customarily goes –
DR. TANG: Okay. What customarily goes in your example does not include mental health records.
MR. ROTHSTEIN: I disagree with that Paul. You are making an assumption that all mental health stuff is as a result of psychiatric or psychology visits – I would say that the majority of that comes from primary care docs who patients say, doc, I am really nervous now because of blah, blah, blah,. The doctor writes a prescription for Valium or something. There is no way now of isolating that information.
DR. TANG: Okay. Let us continue with this. If the covered entity orthopod has that information how can that cause you harm if they are governed and they comply –
MR. ROTHSTEIN: Because I don’t want them to get it. He has no reason to see that.
DR. TANG: But he can’t do anything with it outside of treating your –
MR. ROTHSTEIN: There is an element of, I would argue, intrinsic harm quite apart from whether I am going to lose my insurance or my job or whether I have any sort of tangible thing that happens to me. Patients, in my judgment, have a right to certainly as to not medically relevant sensitive information, make a call as to whether they think everybody ought to get it or anyone who is treating somebody. Keep in mind the example that we are talking about deals with my current health status. But with the NHIN and the ability to aggregate historical stuff as well, now we are talking about things that could go back many years – I was treated for STD, I was treated for substance abuse, whatever, if that is not somehow filtered by whatever means we decide on then that is part of my medical record that is going to go out.
MS. BERNSTEIN: I Am Maya Bernstein. I am lead staff to the Subcommittee.
MS. MC ANDREW: Sue McAndrew, Office for Civil Rights, liaison to the Subcommittee.
MR. REYNOLDS: I try to think of things as an implementer. That is my day job. I think there is a couple of things. I don’t think covered entities is going to fly for everybody because it has restrictions that a lot of people are not going to be able to follow. It is a term of art that people absolutely run from – I mean hysterical. Whatever comes out we will say that you have got to protect it and you have got to some other things but I don’t think you are going to be called a “covered entity”. So now you have got this other group of people.
The other thing that you have. Everybody knows I have had a number of surgeries recently. I was signing something at Duke before I had my knee done and I went all the way down this thing and then on number ten it says that they could use the material from the surgery for this and that for research and further tests. I said what if I crossed of that last one. I personally did not care but what if I did cross off that last one? The person dealing with me was just mortified that I had that question.
MS. BERNSTEIN: Because they did not know how to answer it – right?
MR. REYNOLDS: Right. So if I would say that I am fine with everything that we are talking about – moving my stuff around and everything else – and I am actually fine not necessarily parson things out of mine. But if I want to say that I don’t want it sent to a research company that I don’t know who they are who what they do – I don’t care if you say that they are protected, I want to have some idea that is going on.
As I sent as an implementer of systems in hospitals and at Blue Cross, I am sitting here going wow, what kind of crap are you pulling off. I am more interested in the pragmatic approach to whatever we decide. I can actually debate both sides of this equally hard but when you actually said, okay, good. Everybody has done the rhetoric – how do we actually do this because the NHIN is going a thousand miles an hour, the HIE’s are going a thousand miles an hour, and the problem with technology – we look at it everyday we turn on the news – the problem with technology is that it is there.
Let’s go back to Mark’s comment – a lot of what happens now is somebody doesn’t copy the whole medical record cause wow, you might not want to copy the whole medical record and send it to somebody. If it is there electronically the last thing you would want to do is go look at it and parse something out to send it to someone else. You just hit the button and there goes the data.
I am in to it from a standpoint of somebody needs to help me figure out how it works and what is a description of how it works is what we are not getting to because if we don’t get to that at some point then it is going to be left in the eye of the beholder and some of the beholder’s are not necessarily of equal stature and thought process and money to protect it and everything else that we all have going on to do that.
That is why I am still pushing. That is the same thing on the Quality – the new workgroup that we have. What can your data be used for from a quality standpoint? What I have read as a layman now, quality is anything somebody wants to decide that it is. It is different than covered entity -- it is not a term of art. It is not a term of art that you can say I understand the definition. That is why we have kind of come up with this idea of uses of data – forget “secondary” because secondary kind of says – if I were a researcher then what is my primary use? Research. To the patient it is not secondary it is still use so that is why we started playing with those words so that we have the real debate because I know we are going to look at quality but it is the same for every piece of data you got whether it is quality or not. Whether it is some other research or some other this and being I technology there are so many switches out there that this data is going through that even if you call them “covered entity” or “somebody special”, this is a bunch of techies. Just like the internet – this is a bunch of techies shooting your stuff around and so that is where I am coming from.
If we get to a point where we talk about the real “how” – then that kind of is to me the bottom line where I am willing to sign off. If you can’t tell me “how” then you did not understand it. If you can’t tell me how you would want me to make it less then you have not really thought the whole thing through. That is where I was going with your thing.
I think part of it no question, is everybody has to be covered. We have said that how many times in letters and everything else. Everybody who touches your data has got to have some kind of stake in the game but then these business arrangements that are going on right now are pretty scary because anybody can hook to anybody electronically now because of the internet. The internet has basically upped the ante to me, not because I am afraid or not afraid of the internet but because technology used to be a speed bump.
I have made a number of speeches – five years ago you did not have to worry about anything changing because technology was enough of a speed bump and in some cases a wall, that you could not get past it. Now – it is like driving in the soft flats – it is wide open, you can go as fast as you want to, you can drive as recklessly as you want to and you can not care where you are going. You can head in any direction going full speed.
That is where I a trying to go, Paul, what I think is going to be really helpful to me and a lot of people is to really have that debate because if we buy at some point that you should parse it and we say that people should be covered – how does that work? If you don’t get the degree of parsing in because everybody that is going to build the system – we all know – if you don’t build the parsing in it doesn’t get parsed. It is sent as a whole package. I am coming from a little different world than a lot of you, so I am looking at it from the standpoint of somebody gives me that requirement of the NHIN – let’s just say that – Jeff and I talk a lot because he is now heading up that HIE so we talk a lot – so somebody sends me that requirement – I am going to ask them those same questions.
The country is handing us this thing called “NHIN” and it is handing us this thing called “Quality” and it is handing us this thing called “Privacy” – they are no longer separate subjects. It is still how in the end how does it work. Once you tell me how it works then I will tell you whether you debated it enough because if I can ask you five more questions and you can’t answer them then how is it going to work and how are you as an individual regardless of what you believe, and again everybody around the rooms believes differently, regardless of how you believe how are we going to explain it?
I got a letter the other day. One of the Blue’s is offering personal health records. They sent a letter to their members. I thought it was an incredibly well written letter. So I am trying to get a lot of these things to say, what are you really saying. In the end it is what do we say to the people and how do we allow parsing because as soon as we fix the other – I think we are probably in a little better shape.
MR. ROTHSTEIN: I just want to add one thing Paul to my sense of the reason why we need to segregate some information - it is not just this abstraction that we are fostering privacy. I think there is a real public health issue here and there is lots of literature in the public health world that people will forego, delay, abandon treatment for mental illness, STD’s, anything that has a stigma attached to it if they have no confidence that they can control that information.
In the paper world, the unconnected world, I could go to a STD clinic or maybe went to my college health service or something to be treated for an STD. Now the electronic interconnected world – doesn’t matter where I go because presumably all of that stuff is going to be connected. Unless there is some sort of way that patients can have confidence that treatment for their most sensitive sort of conditions, drug problems or what have you, is not going to be routinely disclosed to every subsequent requester – then I worry about people saying – you wanted a tangible – I think that is the tangible side.
MR. REYNOLDS: One other thing that we have experienced. We had gotten away from being a government contractor now we are back doing some government business – if the government, for example, through any of the government programs required the reporting of things then that means that almost anything that entity does will have that same kind of reporting involved. You are not going to have two systems. You are not going to have two totally different approaches; one where I report to the government and one where I don’t necessarily. As more and more business becomes government related and the government may require some of this reporting –
MS. BERNSTEIN: Can you give an example, Harry, of the kind of reporting you are talking about?
MR. REYNOLDS: Let’s use Marks as an example. If that clinic also sees government patients that are covered by Medicare and so on and has to report certain things –
MS. BERNSTEIN: -- to the government.
MR. REYNOLDS: As part of the program –
MS. BERNSTEIN: -- government employees.
MR. REYOLDS: Philosophically but remember that a lot of these little places that we are talking about don’t have two systems and sixteen ways of doing business, Medicare, Medicaid, -- they don’t necessarily have six different reporting staff. All I am saying is as we talk about bio-surveillance, as we get more and more about what is normal, what has to be there in place – I am not saying it is real but these are the things that you have to keep in mind because once somebody has to report it for somebody – I sat in for 15 minutes – the chart that showed up there a little bit ago was this is all the stuff – this is all the quality stuff that they have to report from one place to all the different entities that they deal with. Some are asking different questions.
We are all sitting here and remember I am co-chairing Standards, if we are trying to figure out a way that each of you that are in institutions could one way send a record so that it had all the right data in it – whether you are sending it to anybody in this room, that is a good administrative way to go and it is a good savings but it also starts to break down the delineation between private and government and on and on, especially as we bring smaller and smaller entities that aren’t all the big players who are used to parsing, into the mix and then electronic is electronic and a record is a record and quality information is quality information and it starts to lose it’s sensitivity for the spirit of standards – again, I am not trying to argue one way or the other, it is just a reality of working with these smaller entities. We work with a lot of single doctor offices that have a software – I gave a speech not too long ago and I listed the first three pages of software vendors that our physicians use in North Carolina and I told the people in the room to put your hand up when you recognize one – when there is a name that I say that you recognize put your hand up -- fourth page, single spaced.
So as we talk about this becoming electronic and little vendor A and little vendor B doing something – boy, data is data and it sure isn’t going to be parsed like all of us sitting in our big conference rooms and say we are really going to look at this differently. The electronics allow everybody to play and all the data to play. That is a filter I am trying to put on it as I think about it because the actual real implementation of what we say is going to decide whether or not that person actually has any rights that are actually executed and not defended later, but whether or not people actually implement systems that can work.
MR. ROTHSTEIN: Let me see if I can summarize the question we have on the table. From the e-mails that have been exchanged and you probably should have received all of these. If you need copies we will get them for you. There is an e-mail from me, there is one from Leslie -- our differences are not relevant at the moment – in which we support the idea of consumer control to some degree.
Harry, I think, is orally on the record as supporting that in principle. Paul’s e mail, which John has basically signed onto, proposes to adopt the Indiana model that we heard from in April where you are basically in or you are out. There is no degree of consumer control over what is in the record.
The question arises as to whether there is any way to reconcile these two different positions. I think—John is not here and I don’t know whether this is the case but it may be the case knowing John’s concern and even the one he put in the letter – that he is concerned with emergencies. He mentioned in his letter ICU, AD access, I think if we have a break the glass feature where you can get access to that information in emergency – a more complete record – that might bring him on board. I don’t know because he is not here. I am just mentioning that but I don’t – of course I don’t know what Simon’s view is – but I don’t know Paul, whether there is some area where we could bridge the gap between your view, the everything view –
DR. TANG: If you read my letter I don’t think that is what it says.
MR. ROTHSTEIN: I am sorry then. I mischaracterized it.
DR. TANG: Just reread it.
(Subcommittee reads Dr. Tang’s letter).
MR. ROTHSTEIN: Even though you say earlier – in point number two, it would be good to find a way to mask the data from universal access – the recommendation that you have at the end says, adopt the IMPC privacy policies as a baseline and then just sort of monitor what is going on.
DR. TANG: Where are you reading that?
MR. ROTHSTEIN: I am on page two under your recommendation. So I went by your recommendation as opposed to your discussion.
DR. TANG: What I heard Terry say is there is the policy level and then there is the implementation level. That is what I heard his two halves were. I agree with that. If it were affordable to have the magic of all worlds I think we could do that but with the second part with what is practical and affordable, I would suggest it is something like number two which is you mask sections because it is relatively easy for the physician to deal with that.
I can as your orthopod, for example, I can deal with that I am not getting either the sexual history or the mental history when I am fixing your ankle. I can deal with that even as an internist. I think with regard to number three – where I think I had the flags – as an internist I do have to have an awareness that if I do want to get more information that may be relevant I should ask you today.
I can’t deal with its some – it can be different every single person – I can’t deal with that.
MR. ROTHSTEIN: Paul, in my e mail I say basically that. I am not advocating sort of line item veto for patients – I’m advocating certain areas that –
DR. TANG: Do you agree with number two?
MR. ROTHSTEIN: Yes.
DR. TANG: I would say, at baseline – I used the word baseline – I think their baseline is probably a good thing to start with.
MR. ROTHSTEIN: But their baseline means everything.
DR. FRANCIS: I sort of think there are different roles here. You are starting with an implementation baseline which is that everything is in. I start back a level and I want to ask what the goals are that design on me. It seems to me that one goal is clearly what you have here in one, the need for reliable – actually I would not say complete – I would say reliable and relevant information. We could bracket what complete is. I think we could agree on that goal. I think we could also agree that patient’s needs for privacy should be respected. Then the question is to figure out what implementation strategy best realizes those goals. Whether it is setting the default position as everything goes in. Whether it is structuring – you pull certain elements of data and that is what everybody gets. Where it is something with a break the glass feature – those are different ways to try to do it.
As I see it I think people are pretty well agreed on some of the special areas but then what gets really tricky is you can’t separate that out by providers. You can’t just put all the psychiatrist records in one place because people don’t go to psychiatrist for mental health treatment in so many cases.
MS. BERNSTEIN: The other thing I remember they said in their testimony – the Indiana folks, was there is whole kinds of data that they don’t put in because they can’t figure out how to – so they don’t even have a lot of psychiatric records or mental health records. On the one hand has advantages maybe, if you can think of it that way for privacy, but has disadvantages in terms of health care of an individual and their ability to take advantage of all – if you think there are lots of advantages to these systems that there is a whole class of people who don’t get those advantages because that group has not figured out how to deal with the issue that we are talking about so they just leave those records out.
MR. REYNOLDS: Right but the model already excludes them. We originally said it is all in or all out. Well, they exclude certain things that are all in. We are using a lot of words and I think we are not necessarily disagreeing but we have got to come up with some idea as to what is the general agreement as to what things are okay and then what categories are not okay? Mark, I have heard you use the term several times, there are some things. As soon as we start debating a list of some things then I think you move off –
MR. ROTHSTEIN: I am ready to –
MR. REYNOLDS: What I am saying is once you pick it, if you can’t sit and explain it to your grandmother then I don’t think we implement the NHIN across the country in some kind of a reasonable way that people are get it, understand it, and we really did what we need to do. On the other hand, if you have multiple categories and Paul sitting there as a doctor says, data has not been given to me – then you have got the right to either break the glass if you have an emergency situation or you ask the question and if they won’t answer the question then you may not treat them. But if we don’t make it simple, again, I really go back to if we don’t make it simple what do we really do?
DR. TANG: Can I just put up a straw proposal based on this? I am agreeing with what Leslie said by saying point one. That is the philosophy – this is what we need to do in order to take care of patients and respect their privacy. From the implementation point of view I pointed out number four, which is how Indiana did it with the proviso that Maya just said. My proposal would be that it would be for that more explicit – which fits your diagram which is number two, and that we mask certain sections and we enumerate those sections so I can explain it to your grandmother and even you, Harry, and that those be mental health, substance abuse and sexual activity – which were explicitly discussed at the testimony in a very compelling way.
Let me just put as one of those three boxes underneath that you drew, those three sections and then here other people’s suggestion for more than that. We could say, domestic violence – no, those are the three sections that I heard about so let’s put those there and then see if there are any that need to be added or edited and see if we can find the compromise.
MR. REYNOLDS: That is what Mark putting up there. If we don’t put this up on the board then we are philosophy disagreeing but we sure not getting any closer to discussing it.
MS. BERNSTEIN: Should we read what is on the board for the record?
MR. ROTHSTEIN: Yes. For the record our five possibilities for separate information; mental health, substance abuse, reproductive health, domestic violence and sensitive social history. Which for example would include misattributed paternity – you go and see a generic counselor and you mention that my social father is really not my biological father because my mother had an affair with the milkman.
DR. TANG: My hesitation, as I started to articulate your number four, domestic violence, is I think not knowing is potentially harmful to the victim. I am open to hearing other ways but one of our biggest problems is not enough people know what is going on in the home so your orthopod that is fixing your bones of this person that has been beaten needs to know this so he or she can alert the authorities. That is the kind of thing that is going through my mind. I think that is one of the most sensitive but under-reported and under-treated and under-recognized and under-dealt with.
DR. FRANCIS: Sure and if you included – I’m assuming you are including domestic violence, elder abuse, child abuse, and abuse of people with disabilities. I want to say yes and no to what you said because let us take elder abuse. It can easily be the case that an older person has seen a physician who1makes a note about worries that the person is being abused. One of the primary reasons that older people don’t end up getting all kinds of social services, and I would include health care services, is precisely that they are worried that reports of abuse will end up not related to saving homes.
So I would have Mark’s kind of worry about if there were a worry about elder abuse, an important assay might be –
DR. TANG: Who is worried about that?
DR. FRANCIS: Older people are often worried that because of concerns that they can no longer care for themselves or a relative is abusing them, they won’t be able to stay in the homes. SO it is not at all improbable that they will shut the door to social services workers, they won’t go see doctors, they would rather stay in their home and be abused.
DR. TANG: I’m not sure that we all agree that that is a good thing.
DR. FRANCIS: I don’t think it is a good thing at all. But the worse thing is to have them stay in their home, be abused and see no one. The next best thing is to see them stay in their home and access the kinds of social services that can help reduce or protect them against abuse and that is certainly a possibility. If they are afraid that any time there is a suspicion of abuse the record gets passed along, there are risks that elder people will not go see health care providers. You can talk to folks in aging services. I don’t know where I would put it, questions about competence, which are medically relevant, but which might –
MS. BERNSTEIN: Have legal consequences.
DR. FRANCIS: Yes.
DR. TANG: I guess we have to figure out what –
DR. FRANCIS: I just wasn’t sure, but I think the domestic violence area is – some states you have to report a gunshot would and things like that. Some states require reporting on domestic violence. Other states don’t. It is more common that they would require a report of elder abuse.
[Dr. Houston arrives.]
DR. HOUSTON: I am John Houston, University of Pittsburgh Medical Center, member of the Subcommittee.
DR. FRANCIS: I just single that out as something if you are dealing with somebody who is losing capacity and there is a lot of suspicion, it could be just disastrous.
MS. BERNSTEIN: Before we go on, could I just remind folks about the issue that we have talked about with respect to domestic violence, which may be different from other types of abuse that you arte talking about. The concern of many domestic violence victims is not that the abuse itself will be discovered, but that their location, their address or where they are staying, will be discovered by their abuser, by its being recorded in the record. Then the abuser would be able to find them if they flee. SO the fact that you have demographic information in the record – name, address, age, that sort of thing – it is not the treatment record that the person is usually concerned about in terms of spousal abuse or a boyfriend or whatever, that sort of thing, but just the fact that somebody could discover where they are, where they are being treated and so forth. Abusers come in every sort of form, so they could be law enforcement officers, they can work in hospitals, they can work in social services and so forth, and people are concerned about location information. Information on elder abuse of child abuse or whatever, the content of the information might be an issue more than in spousal abuse.
DR. TANG: I can see how it cuts both ways. I am trying to make sure that the social worker does find out this information, instead of its being sequestered from the record, and perhaps the compromise is that when there is information that is being masked that there is a flag. Then that causes a break-the-glass. So I know which hospital workers, social worker, whatever broke the glass to know that at least that leaves a trail if we are going to find some mischief going on and have that information.
MS. BERNSTEIN: What about Mark’s proposal from the meeting that you don’t get a notice that there is psychiatric data missing. You get a general notice that says there might be psychiatric data --
MR. ROTHSTEIN: Sensitive information missing which means it is one of these five categories.
MS. BERNSTEIN: -- reproductive health data missing. Just be aware that you might not be getting something in one of those categories so be diligent. You don’t know which category it is. It could be nothing. Every patient you have the same notice. Some information of the following types might be missing from your record. And when you go to break the glass there might be nothing there.
MR. ROTHSTEIN: No, what I suggested was like a check box on some people’s record, a flag, if you will, that say at patient request certain information has been withheld. The physician doesn’t know in what category it is, so you would never sort of break the glass and find nothing. You might break the glass and find nothing that is relevant, that is going to help you, but only certain people who elected to opt some of their material into the sensitive file would have a flag.
DR. TANG: SO the flag means there is information present in some sensitive area, so that if you do break the glass you will find something.
MS. BERNSTEIN: That is right. I misstated – and it might not be relevant.
DR. FRANCIS: There is another way to do it, which is to have the default position be that for everyone certain categories are present and certain categories of information are absent.
MR. REYNOLDS:: Absent or masked?
DR. FRANCIS: Masked. You only get it if it is an emergency situation and there is a need to know. Otherwise, if there is a red flag for ten percent of the records, I worry that glass-breaking would become routine in most cases. I don’t know. A different way to do it – and if you routinely mask those and then you don’t mask out of those, however, the fact that a prescription – there is a way to know what the prescription is but know that if somebody puts in a prescription then –
MR. ROTHSTEIN: You would still have decision support.
DR. FRANCIS: Yes, and people are protected against medication interactions with that. Then it would simply be part of good medical practice as it is today, I think, when physicians think there is reason for concern that some of this might be relevant –
MR. ROTHSTEIN: Harry was next.
MR. REYNOLDS: I think we have the provider who did the service, who got the drugs, you have lab results, you have other things. SO you can say that you have it broken down and you have blocked it. But you can have a random lab test or a random prescription or anything else that many of them would not be masked under some of this – let’s go with the –
MR. ROTHSTEIN: HMV.
MR. REYNOLDS: Any of it – the domestic violence, any of it. In other words, the point is this. Once somebody goes to see somebody, tests and everything are being done by disparate organizations. Let’s use your example of demographics. Making sure that demographics don’t get there when a lab is doing the billing or somebody is doing the billing – they are going to have to have something – so all of a sudden when somebody goes in for care it goes like that, pow, these days. It is being sent to the labs, it is being sent out to this and that, so the data is flowing around. But when we talk about the record, let’s be careful not to talk about that one person controls the record, they don’t. You have the centralizing, you have the federated models, and the federated model is going to say my data is going to be wherever it is and when you want to get my data you are pulling it to go. SO I ask us all to be very careful as we do this.
This is great. If I were sitting here talking about the VA – great lists, very different model where you get someone seeing six doctors, that are using six different labs, that are using this for this, and you have a pharmacy PVM and you have everything else going on. O all I’m saying to you, as you think about it, make sure that we keep that in mind because the federated model makes the idea of your health record a dramatically different chap than if I am only seeing a certain entity, like if I am in the VA or I am in somewhere else. That is a whole different deal because it is a single system, single sets of data, single this and single that and some other things.
So as we do this let’s make sure that we add that one more filter to the debate. Does it work in a federated model and what would be the restrictions in a federated model and how does that really work?
MR. ROTHSTEIN: May I ask a different question that will govern this? That is, at what level of specificity should we make our recommendation to the Secretary? I think this is very important. It seems to me that our discussion about, for example, domestic violence, is very interesting, but it seems to me that the Secretary would not want to design or make recommendations about a system for the entire country dealing with that issue without hearing from social workers, without hearing from AARP, without having a whole big thing.
So why should we, on the basis of incomplete information, sort of lock in a position of recommending or not recommending, for example, domestic violence? Would it be better, and we might achieve more consensus not only in the subcommittee but thinking to the full committee, if we just agreed on a framework and we agreed – there are certain issues we are going to have to deal with. One is whether everyone’s stuff is masked or only people who elect to have it masked, and what is more complicated and so on and practical to do? But I am questioning whether we need to get into the nitty gritty of what we mean by all these things when we might just say, for example, we believe there are certain sensitive areas that for public health and privacy reasons need to be treated separately in the following way. And these areas may include the following and blah, blah, blah.
MR. REYNOLDS: So you don’t misunderstand, the only reason I am forcing these two things is that it forces a discussion. In no way should we go to that level of a recommendation. But it forces the discussion about the reality of what is going to happen and the reality of what it is, because right now we are agreeing to disagree on words. This gives you a different context as another filter to look at it. Not necessarily that we would go there, stay there, or even list those factors. I am just trying to force some real discussion, not a philosophical agreement or disagreement, a real discussion and then you can go back to write the letter that says, okay, we can all go there because we know how we got there.
DR. FRANCIS: I think unless we could actually work out what a model for one of those would look like – something that says while we need to protect patient privacy on these things, and we also need to have good medical records for doctors on these things, we might as well say nothing.
MR. ROTHSTEIN: I am not suggesting that. What I am suggesting is that suppose we adopted for discussion purposes the model that the patient can elect to mask certain things. We recommend that patients be allowed to mask certain things and the masking should not be line item. It is categorical. And we think a starting point would be to consider the following five categories ro six categories or maybe more, maybe less. But that approach.
MR. REYNOLDS: And I would say a structured set of things. You have a reason to go there, because it has to be something --
MR. HOUSTON: The machine can do.
MR. REYNOLDS: It can’t be something. It has to be a structured set. So we may not list it, but there has got to be a clear list.
MR. ROTHSTEIN: We are going to recommend that the ultimate decision include a clear list but maybe we are not going to make that list.
DR. FRANCIS: I think we should have some starter categories.
MR. REYNOLDS: Yes, here are some categories.
DR. FRANCIS: I think we should add – I don’t know what you really mean by reproductive health. I don’t know whetehr rape has anything to do with reproductive health.
MR. ROTHSTEIN: Social history?
DR. FRANCIS: Maybe.
MR. ROTHSTEIN: We can put another list of some of the things that we think should be specially treated.
DR. FRANCIS: It is a diagnosis of dementia that I’m concerned about.
MR. ROTHSTEIN: Sue, you looked like you were having some heartburn earlier?
MS. MC ANDREW: In terms of your structure?
MR. ROTHSTEIN: In terms of the suggestion of what we might out in the recommendation to the Secretary.
MS. MC ANDREW: I was just trying to tease out some of the operational issues related to this structure, and to the extent – are you conceiving of individual – you have these sensitive buckets and they all have a label, and the individual gets to mask the bucket and it is their election to mask or not?
MR. ROTHSETIN: Right.
MS. MC ANDREW: But their choice is because you don’t want o go to a line item – it’s an all or nothing.
DR. TANG: Or nothing masked.
MR. ROTHSTEIN: With a category.
MS. MC ANDREW: SO they cannot say my treating team needs this data to treat me, but if I release it to my treating team then I have to release it to my dentist.
MR. ROTHSTEIN: Speaking for myself, what I would say is there are some providers you would want to release sensitive information to, but releasing or unmasking certain things with regard to one provider does not unmask to all providers.
MS. MC ANDREW: So now I not only get to mask the data but I get to identify as to whom it is masked. It is not all or nothing.
MR. ROTHSTEIN: Right.
MS. MC AMDREW: And how do I know those people?
MR. ROTHSTEIN: We might have, as the default, that your reproductive history is masked, but when you see your ob-gyn you give them some sort of code or consent and that is unmasked for them, but it is not unmasked for your dentist.
MS. MC ANDREW: But it is an unmasking that I can affirmatively grant to somebody else that is different and more limited than a breaking the glass, emergency access.
MS. BERNSTEIN: That is not breaking the glass; that is giving consent.
MS. MC ANDREW: I am just trying to figure out what you are conceiving as the rules of the road with respect to consumer control over their sensitive data. And do they have – who they can grant access to other than nobody except in an emergency.
DR. TANG: It is easier to just pick up on what you said, reacting to her break the glass, that is an easier way to implement it than to prospectively say, well, I am going to change dentists and I had better tell the central agency – instead she goes to the dentist and say I’d like you to have this information and here is the way you can get it. And that dentist breaks the glass, gives the reason, whatever. Then there is no central authority.
MS. BERNSTEIN: Now I think we are mixing metaphors. When we say breaking the glass, the way I conceive of what you are talking about as break the glass is that the patient is unavailable to give consent in any way. The patient is incompetent, the patient is unconscious, whatever reason the patient cannot give consent.
This is the way I think of it. There are other ways you might get to the record. You can get there with the patient’s consent. What Sue is describing, in my view, is that the patient consents by giving you the code or by whatever it is that enables the physician or telling the physician what the history its – any of those thing that the patient can do is not breaking the glass. Breaking the glass is doing something on the part of the physician without consent.
MR. REYNOLDS: Only for purposes of discussion.
MS. BERNSTEIN: Yes, I just don’t want to mix up the possible models.
MR. REYNOLDS: In Sue’s case, if I went in and I was going to see a doctor and I could give them a PIN that would allow them to get all my information, I can change that PIN whenever I want to. SO if I gave it to them today and I decided they don’t get to keep it, I change the PIN, just like you do with your ATM cards.
Second, the idea of break the glass is, if somebody needs to do that, if they put their doctor number in and they put a PIN in that is given to the doctors, that breaks the glass. So to me, if you look it that way you have a little more structure. So you are allowed to break the glass as a physician in a life-saving situation and you basically put your number on the line there. You basically say I’m in, I’m busting the glass, just like if you walked in this building and hit the fire alarm and you stay there you had better have a good reason. There had better be some smoke somewhere.
MS. BERNSTEIN: Or you might have two PINs, the one that indicates that the patient consented and gave it to them, and one that opens the file.
MR. REYNOLDS: I guess that is what I am saying. Those would be examples of how using – if I need money and I couldn’t get out of this building I could give you my ATM card and a PIN and you could go get it. Then I may call, knowing it’s you, I may call right away and change the PIN. In other words, use philosophies and theories of the way we tend to do our lives.
MR. HOUSTON: There is a lot of design and a lot of consideration that needs to be considered. I mean, there are a lot of things to be considered here. I will give you an example of one of the considerations I think really people are forgetting. You say I can give you a PIN and take it away. You can ook at it once. But the reality is, once a provider provides care, they sure as heck want to build a document that has the information they use for the basis of their decisions. SO yes, you are giving access – that person is giving access to their record so the person breaking the glass can get to their record – but the reality is if I am a provider, once I provide that care I want an historic record of all the information I had access to because I don’t want somebody coming back later. I think we have to be very careful about the ramifications of this because I was hearing discussion about having a one-time PIN and you can give it and take it away. Those are things that scare me. And I think we need to be very conscious of those types of considerations.
DR. FRANCIS: And the question or one of the question that raises is if the physician has the PIN, is that access on a read-only basis or is that download capacity? Because once it’s downloaded the genie is out of the bottle.
MR. HOUSTON: That is my point. If I am a physician providing care I darn well want to be able to download it and frankly update it or at least make my records current so if somebody downloads my records in the future on a break-the-glass that is contains the treatment I just provided, because it very well could be meaningful in other situations.
MR. ROTHSTEIN: And just to follow up on that, there are all these liability issues, if what they did is not in the record somewhere. But it could be in a masked record, right? So in other words, I am the gynecologist and my patient gives me access to reproductive health history. The stuff that I do is now added to that masked record and I am thinking if she releases it to a second gynecologist for a second opinion, they are going to get the record and what I have done as well. Right?
MR. HOUSTON: I would think so, yes.
MS. BRNSTEIN: And it would also be – when electronic records are created you have a history of when they were changed, too. SO it should not be at all difficult, if the physician has provided it on a re-open basis, it would not be at all difficult in a malpractice suit to print out exactly what the physician saw –
MR. HOUSTON: I will tell you right now it is not that easy. Let’s assume you have a record retention law that only requires somebody to keep records for a certain period of time and they decide to discard at the end of that time, and then a suit comes up afterwards.
MS. BERNSTEIN: But that is not different with paper or electronic records.
MR. HOUSTON: I disagree, because if it is a paper record and there is an issue, you fax those paper records to me –
MS. BERNSTEIN: If I am not required to keep them after fifteen years and I destroy them –
MR. HOUSTON: But different providers keep them different periods of time and there might be reasons why you keep a record longer or someone rely more or less, state laws may different. I am just saying every provider, most providers would say that they want to have control of the data they use in order to deliver care. Not to say they cannot get it form somewhere else, but once they have delivered care and they have relied on data, they want to have that as part of their permanent record in the event there are questions or in the event there is a peer review or whatever might happen.
MR. ROTHSTEIN: Are you saying we cannot do that within this broad framework we are talking about?
MR. HOUSTON: I have heard on a number of occasions this morning, and I don’t mean to get into design, but people talk about a read-only, downloadable, this or that and I am just concerned about that as a concept because I think there are a lot of pitfalls to that. AS we are making broad recommendations, and I think we should stay in the broad recommendations rather than drilling down –
MR. REYNOLDS: We are making a discussion; we are not making recommendations.
MR. HOUSTON: But I am just saying that if we do make recommendations that are broad recommendations, my point is that we have to be thoughtful about these types of things.
MR. REYNOLDS: That was our whole discussion before you got here.
DR. FRANCIS: Another goal, when we were thinking about physicians delivering care, another goal might be protecting them against litigation.
DR. TANG: Just to put my vote out on the floor, I would agree with this at the conceptual level – masking certain sections, and those are fine sections for me if you end up with sections in parentheses, examples.
MS. BERNSTEIN: Is there anything missing, do you think?
DR. TANG: I don’t have anything right now.
MR. HOUSTON: I believe there needs to be a category for genetic information.
DR. TANG: That is a very good category. So at the patient’s election a way to mask certain sensitive information such as those in those categories and that when the patient elects to do so, I think is what Mark said, a flag would be put up so the physician knows there is something there. The physician may break the glass – the counter example is, let’s say I don’t have any of those things that I want hidden, it will be unmasked if there is no flag, because I have not decided to opt out.
I understand this is probably not the way most people would think of it, but the three implications of break-the-glass from our point of view – one is that it is a reminder to the user who is about to look at that information, hey, remember this is sort of sensitive information, so make a deliberate decision to look or not to look. The second one is that it does give emergency access because you may need it and that is your situation you described. And the third implication is that automatically the privacy officer will be notified. So when we say break the glass, which is why I think Sue’s example could fit those three very nicely, that is what it means to me. That is part of the implementation part.
MR. ROTHSTEIN: Before you leave I have one more question for you.
DR. TANG: One more thing, you said John signed on to my e-mail. I am going to give John my proxy in my absence.
MR. ROTHSETIN: Good. But I have a question for you. Structurally, if you cannot come back –
DR. TANG: I am coming back at two.
MR. ROTHSTEIN: Then I will hold the question.
The question was, assuming we have this agreement at this general level, do we need to hear from any more witnesses and have ore hearings before we try to put something together in terms of a letter? We can think about that and where we go with this.
MR. REYNOLDS: I would add one other thing to what you said – and play off John’s comment. Once a physician receives that information, then they are allowed to do business as they would normally do business. I am playing off your comment, John. In other words, if you tell me, as a doctor, if you come to me to get treatment, and you give me the record, then I am allowed to use the record in my normal business process to protect myself – I am a covered entity so I have to protect you – you gave it to me. Remember, as this changes and there are laws and everything else and there is data retention and everything else that goes on, we have to, at some point, allow the physician who we have trusted to give the care to be able to do what they have to do.
MR. ROTHSTEIN: My question for you, Harry, on that is the information you have added to this protected category, that is still protected, though. So you are my psychiatrist and I release my mental health stuff. But the fact that it is now a course of business record, that doesn’t mean that what you add or the whole file will now we automatically released to my dentist.
MR. REYNOLDS: No, which is one of the reasons if we have the two different categories – in other words, if our normal thought process is, again not designing, just talking, if our normal process is the base record goes minus those things, then that should be the practice we all buy into under the NHIN. SO John is in a hospital and they are referring patients –
MR. ROTHSTEIN: But the information you add would then be treated as additional masked information.
MR. REYNOLDS: Which everything they are already doing is going to be treated that way because they are already sending stuff to the NHIN and if I am up here in Washington, and I have been to John’s hospital recently, and now their federated model goes to find me, it is going to find me in John’s institution and it is going to send the top record. Unless I said send everything it is going to send only the stuff that is not masked. Then I would have to say wheterh they could have more. All I am saying is that, at some point, we have to allow the physicians and hospitals to do what they do.
MS. BERNSTEIN: In the kind of thing that Jon or Harry or whatever was talking about, could that be satisfied with access that I would call read and append? You can’t change anything that is already there. You can add to the end, which is a very typical geeky computer thing. If you are a physician you add to the end of the record. That is what you normaly do. You don’t change anything that is already there and you can read whatever has been there n the day you saw it. So what Leslie was talking about, that you have a growing log of everything that happened in that record with chronological dates. On any date I can recreate the record as it was on that day and I can see who appended what.
MR. HOUSTON: Within the facility or in NHIN? My thought is this –
MS. BERNSTEIN: It can be recreated.
MR. HOUSTON: The NHIN is always read only. Every facility participating would contribute, in the federated model, to a record that is established about a patient, or would serve uip records that would be available by the patient. So if I am a provider and there are ten other providers out there who are part of the NHIN or whatever, when I went out and made a call for records, everybody could respond back about with the records they have about a particular patient that meet certain criteria. But those records would then come to me an my records that I generate because of that encounter could also be served up and accessible if that patient went somewhere else. SO it si always a matter of your creating your own record for the encounters you have provided care for, but then you are also taking records from other providers to supplement the records to supplement the care that you have provided. SO I never see the NHIN as being something that you modify records for the NHIN. You simply have your own records that will be available by the NHIN.
MR. REYNOLDS: But you’re saying read. You are still going to create a record in your name that has all the data that came in.
MS. BERNSTEIN: But in the Indiana model that is not what they do. IN the Indiana model they are keeping the records for everybody who is in there.
MR. HOUSTON: Typical medical records process in a hospital would say that you have the part of the record you generated at the facility itself, and then you have the portion of the record that is retrieved from other sources. It is faxed, records that were brought in, images created somewhere else. They are treated differently. They are all part of the record, but those records that are in some way from a third party source are I want to call them almost reference material. They are part of the patient record. They are referred to, they explain things, but they would never be modified. They would be there for reference or for evidence of the fact that somebody may have relied on them.
MS. BERNSTEIN: According to Paul your own record would never be modified either.
MR. HOUSTON: Sure it would be. When you come into our facility and you get treated, your record grows.
MS. BERNSTEIN: Yes, grows, but it doesn’t change.
MR. HOUSTON: Yes, you never delete – Paul is talking about an error in the record. Somebody does not go in and delete the fact that medication was given. If they realize the medication was a different dosage than what they give, some kind of notation is made in the record saying there was an error in the documentation of the medication that was given.
MS. BERNSTEIN: Right and it is added to the bottom.
Whatever it is there is a notation made that is later made and it is clear that it is later made.
MR. HOUSTON: But documents coming in from third party sources are treated differently.
MS. BERNSTEIN: In what way?
MR. HOUSTON: You would never modify or append a record form a third party source. What you do is when you provide treatment, the treatment you provide is documented in your own record.
MR. ROTHSTEIN: I am confused. I was okay until about90 seconds ago. SO I come into your hospital –
MR. HOUSTON: You walk in with records in your hand from your physician.
MR. ROTHSTEIN: Okay, and your people are going to do certain things, maybe in reliance on the MRI I had yesterday. And they will be treated differently somehow?
MR. HOUSTON: We would bring those records in, we would import them into our record. We are electronic so we would scan them into our record, but they would always be considered to be third party records.
MS< BERNSTEIN: What is the import then? What does it mean to treat them as third party records? How is that different than your own records? What would you do with them?
MR. HOUSTON: First of all, there are two important reasons. There is a trust level when you are dealing with internal versus external records. It just happens. You may ask for a test to be rerun because you don’t quite trust the result or because you are suspicious of something or you don’t believe they looked at the right thing. But w always recognize that as being a record from another source other than a UPMC facility. It is documented separately. It is identified as being a separate part of the record. It is referenced within our electronic record, but you won’t see a lab value within a table of lab values. You won’t see a physician order a note or something within a panel of one of the screens. You will see it as a document that is scanned in and is simply appended or noted.
MR. REYNOLDS: It is a static document.
MR. HOUSTON: And they are treated differently. I can tell you right now, gee, I reran that test because I just didn’t trust it coming from this other hospital. I didn’t like the fidelity of the image. I didn’t like the reading. A great example is radiology reports. If you get the report and not the image, they will go run the image.
DR. FRANCIS: What I don’t understand is what the significance is of what you are saying. You are just pointing out that electronic records can do this.
MR. HOUSTON: My point all along has been that – all I was trying to make the point all along is when you rely upon a record you want to make sure that you have that data – providers always want to have that data within their –
MS. BERNSTEIN: We are just talking about storage now, really. You are just talking about where it is stored.
MR. HOUSTON: My point is, I don’t think providers are going to be willing to look at a federated model and go back an recreate a document years later because what happens to the data is the data still there, is there some issue?
MR. ROTHSTEIN: I have a question. Before you came in, I interpreted your e-mail as stating that your primary concern in this area was emergency departments, ICUs getting access to the complete record in an emergency.
MR. HOUSTON: Absolutely.
MR. ROTHSTEIN: Okay, from our discussion of the break-the-glass feature which we had earlier, would that satisfy your concerns? Or do you still have some other concerns that were not addressed by that?
MR. HOUSTON: I believe that emergency situations are the case where there is the most compelling argument to have break the glass. Whatever you need to have you need to have. I think we heard that from emergency room physicians who testified. We are talking even on the mental health side.
MR. ROTHSTEIN: I understand that. What I am saying is if we made a recommendation to go to this system that Paul described before he left, and it has a break-the-glass feature, would that satisfy your concerns. Or was there something else that we haven’t done? Your concern was emergency access to the complete record. I think we have satisfied that. Tell me if there is something that we haven’t done?
MR. HOUSTON: We were on another tangent here, I think. I think the break the glass meets by concern about care in emergent situations.
MR. ROTHSTEIN: Are there other issues that we haven’t gotten to that you have concerns about under what Paul described before he left as what he thought our consensus was?
MR. HOUSTON: I am not sure I understand.
MR. ROTHSTEIN: DO you want me to go through those points?
MR. HOUSTON: I am trying to come up to speed.
MR. ROTHSTEIN: I think he said the fault is that the record is comprehensive unless the patient identifies certain pre-selected areas, such as the six that we have there, in which case all of the information from that area would be blocked.
MR. REYNOLDS: Block says you may never get it. Masked says you don’t see it but if somebody says oyu can see it, it comes right back.
MR. ROTHSTEIN: People in Denmark use block –
MR. REYNOLDS: That is an aggressive statement.
MR. ROTHSTEIN: SO this stuff, at the patient’s election, would be masked. In the event that the patient opted to mask one or more areas there would be a flag and the flag indicates that the patient has elected to mask certain information. Then the doc could ask the patient more questions or would you release whatever.
MR. HOUSTON: What happens if they are incapacitated?
MS. BERNSTEIN: That is what we are talking about.
MR. HOUSTON: SO as long as the patient has their mental faculties and they saw there was a masking of something, they would have to ask the patient for the information. I think that is reasonable.
Then if something was there that was relevant and the patient said no, then the physician, as a defense, if there is an issue regarding quality of care or inappropriate treatment or whatever –
MR. ROTHSTEIN: Not to make my task any more difficult, but just thinking about unusual situations, suppose you have a patient who elects that they don’t want any more treatment. They may have some terminal diagnosis, right? And they say I don’t want any more treatment and they refuse medical care, maybe they have a bracelet or whatever. That would include, maybe from their perspective, don’t look at my masked information because I don’t want you to use it anyhow. In other words, could you have a sign, in effect a do not unmask directive, to docs?
MR. HOUSTON: There is a moral issue there.
DR. FRANCIS: There are a couple of tough questions there, I think. One is, I take it that when we talk about consent, we intend to include appropriate surrogate consent. But then there is the question about the directives. I actually think you described the situation of a patient who is refusing aggressive care is not refusing all care.
MR. REYNOLDS: Not necessarily.
DR. FRANCIS: Typically, the patient would continue to have –
MR. ROTHSTEIN: But suppose they bring somebody in who is unconscious –
MS. BERNSTEIN: With DNR tattooed on their chest.
MR. ROTHSTEIN: Yes, they don’t want any care and they don’t want you to unmask the record.
DR. FRANCIS: That would be a question about whether you could do it by advance directive. Here would be an example that I don’t think is totally farfetched. Someone who is no hospice is refusing aggressive chemotherapy, but who is continuing to get oxycotin and has a relative who diverts the oxycotin prescription. That is abuse. It seems to me that knowledge of that – I might very easily not consent to further treatment, but it could be very important to have the oxycotin prescription known to providers, or a history that my relative has been ripping them off.
MR. ROTHSTEIN: But that would have to be reported anyhow under some state law.
DR. FRANCIS: But still the abuse question would be reportable, but the question about whether that is going to be included in the medical record is a different question. Those are real cases. I know lots of cases of oxycotin diversion.
MR. REYNOLDS: I guess my feeling would be I am not sure that is an issue. The reason I say that is if a person comes in and it is life-threatening, that would be the only break-the-glass theory. SO if it is not life-threatening, then the mask –
MR. HOUSTON: The person is incapacitated. Does that mean it is life-threatening?
MS. BERNSTEIN: Someone could be incompetent mentally and other wise be generally healthy and come in for something where the person’s variance(?) is not available or whatever.
MR. HOUSTON: But in that particular case, it is not life threatening, I would argue the break the glass also applies. In an emergent situation – it does not have to be life-threatening, but it can be something that necessitates immediate attention.
MR. REYNOLDS: A person is thrust upon a health cre professional, then back to my earlier point, the health cre professional needs to do his job. If the person is incapacitated, nobody with them, or anything else, they are going to do their job.
MS. BERNSTEIN: But if it is a broken arm that needs immediate treatment, and the person is not competent, that is one thing.
MR. REYNOLDS: I think we are going way too far to the dark side. Of the discussion, earlier you were trying to talk to us about not being overly specific.
MR. ROTHSTEIN: I would never include that.
MR. REYNOLDS: But the reason I am challenging back is, like anything we try to do that is this complicated, there are five ro ten or fifteen things over here that we cannot do, but that is not going to move us forward. Then what it does is elevate the emotion and then we have a harder time coming back together. That is all I am saying. It is all thrown out on the table here – there are real things on both sides and I think if we start bringing them back in again that is when we start separating again.
MR. ROTHSTEIN: I certainly don’t want to undo what seems to be agreed on. Another question is we haven’t discussed at all today the CCR/CCD and whether that has any role in what we are recommending.
MR. HOUSTON: What is CCR?
MR. ROTHSTEIN: Continuity of care – we talked about that to some degree –
MR. REYNOLDS: My feeling is you basically, whatever one of those is picked, we just discussed how you are going to have to have things set up in whatever record that is so that you can parse categories, whatever those categories end up being, whether it is one, two, three, four, five or ten. So as those things go, our recommendation is whichever record is established, whatever one is selected for the NHIN, which HITSB and others are probably gong to be the ones to pick that, it would need to have that capability.
MR. HOUSTON: The CCR has medications and stuff like that in it, correct? So in theory there is a bunch of things in there that would still show up as being –
DR. FRANCIS: They don’t have to because they can be masked if they are mental health.
MR. REYNOLDS: That is my point.
DR. FRANCIS: They are masked but they show up on when thee are actions or decision support screens.
MR. HOUSTON: That is where I am going with this. What I thought Mark saying was the CCR – is it implicated by what we are talking about. The point being just that, that there are going to be things on the CCR that would fall into those six categories and they would be relevant. If they are not there they are going to be missing from something else.
MR. ROTHSTEIN: Do we need, in our letter, to expressly discuss that issue? Or should we just leave it out?
MR. REYNOLDS: We need to say there are possible candidates for a standard record out there. This needs to be laid over top of them to make sure that this capability can be adhered to o whatever is picked by HITSB or anyone else. IN other words, we are saying that this is a requirement. To me the CCR, the CCD is a package of data. Whether you pick one or the other, it is a package of data. Now whether or not that package of data can be parsed in any way will be decided at the end, not necessarily what the data elements are. That is where I think we are going.
MR. HOUSTON: You say a package that can be parsed. Does that mean that the CCR is this monolithic thing that comes as one package and there is no ability to differentiate elements within the package?
MR. REYNOLDS: I am sure there is. It is seventeen different categories and I think the top five or six categories are the ones that are predominantly used, but I haven’t mapped those categories and exactly what is in those categories and data pieces to this.
MR. HOUSTON: My point is more basic. When I get a CCR – I ask for the CCR and I get the CCR or is it –
MS. BERNSTEIN: It looks like this. There is an example in your folder.
MR. HOUSTON: But my point again, when I ask for the CCR, is there a CCR or are there components of CCR which would then, to Marks’ point, have the ability to say that is a drug associated or a test associated with metal health or substance abuse or whatever. It is not part of the CCR unless expressly authorized or called out for. Do you see where I am going? Is that what you are asking, Mark?
MR. ROTHSTEIN: I am trying to get the relationship between the two so we can make a sound recommendation that is integrated.
MR. REYNOLDS: In the first place, you won't get one. You'll get it from every provider. You will get a federated model. You will get that same data from everybody. If you set that up as your package to move things, you will get it from -- if you send a message out onto the NHIN, you get it from everybody.
But your question, John, if you look at these in your blue folder, it breaks them down into things like the patient and who is the patient seen by and what is the subjective information and what is the objective exam and what are the vital signs. In other words, these are what I call indexes. That is how you can go into a record, by these categories.
So what I am saying, Mark, back to your point, whatever they select, if you can't go into that record with these categories, it won't work.
MR. HOUSTON: When you say it doesn't work, --
MR. REYNOLDS: If you just have a whole list of -- let's just go with drugs or primary care doctor's notes, and those are not identified in a way that you could mask -- if you got a list of drugs and there are 40 drugs that somebody has been taking, and this is not unfiltered, it is laid over top of them, so that number three is not shown anymore and number nine is not shown anymore and number 15 is not shown anymore, then guess what? You won't have any of this, you will have the whole record.
So that is why this is so important. What we are doing right now is really important, because people are out picking standards. The problem with the standard, if a standard doesn't have the rules and everything that you have got to think about how you are going to do the data, then I promise you, the standards are going to be hard to work with. You are going to have to go in and add things to it, and you are going to have to add things to it and you are going to tear it apart in different ways.
So it is almost like if whatever they had aligned a little more to that thinking and took these other elements and fit it under that thinking, possibly. I'm not recommending that; I'm just talking from a designer standpoint.
MR. ROTHSTEIN: In other words, the way I look at the CCR, CCD, it is sort of like the executive summary of a medical record. Anything that we operate like a system that we place over the full file, we are also placing over the subset of file, that is, the CCR, CCD.
MR. REYNOLDS: I don't think it is an executive summary.
MR. ROTHSTEIN: Isn't it information distilled from the full record?
MR. HOUSTON: CCR, sure, it has to be.
MR. REYNOLDS: But again, remember, if you are seeing six doctors, you are getting six different ones.
MR. HOUSTON: Each provider provides their own --
MR. REYNOLDS: Yes, so when we say executive summary, that is usually brought together in one place. Remember, the federated model says, everybody that's got a record, I am going to get a record from them, and if it is in the format of a CCR, if it is in a format of the CCD or whatever you want to call it, --
MR. ROTHSTEIN: So there really isn't a CCR; there are CCRs.
MR. HOUSTON: Each provider has a CCR.
DR. FRANCIS: If you look at the summary, it is over in additional comments. There was a discussion of something sensitive, the patient is exposed when a victim of rape.
MR. REYNOLDS: It appears his child was beat up.
DR. FRANCIS: Yes, right. Then unless there is a way to filter this, if this just blanks those into the record, and there is a whole list of these that go that are completely searchable, then what you have got there is --
MR. REYNOLDS: That is why this is so important. This is why the whole discussion has all of a sudden gotten a lot more rhetoric about it. If you don't have that to start from, if you don't start from what you are thinking about as the ways you want the patient to decide what does or doesn't happen, or everybody to see what does or doesn't happen, then everything you build after that actually will be going in 180 degree opposite of what we need to do.
So that is why this is like paramount now, because standards are flying out like crazy. They are setting up standards committees to do things and so on.
Sue, you haven't commented much. This is a new world, too. What do you think?
MS. MC ANDREW: I think you need to be clear in your head that your whole context of conversation here is treatment, and you are not debating any other type of use of this information, which is going to raise a whole other set of parameters and concerns and balances.
MR. ROTHSTEIN: In our June 2006 letter we actually did refer to that. But that is a good point, too.
MS. MC ANDREW: I think it is going to be much trickier than you believe, than this conversation reflects, about what information you are going to be putting into these sensitive masked buckets, particularly on subsequent treatment encounters, where provider two is given access to the unmasked data that was given to provider one.
MR. HOUSTON: Can I make a statement about that real quick? Going back to medical records, typically when a medical record is forwarded to another institution, you don't forward another institution's medical records to them. So they would forward information that was generated at their institution. They may reference the fact that they relied on other materials from other institutions, but they would not forward materials, medical records information, that they were provided either by the patient or by the institution.
MR. REYNOLDS: That is the way you guys do business.
MR. HOUSTON: Yes, that is what most providers do. I don't know if that affects what you are saying about the fact that you were getting information that was given to one provider that is sensitive that is now going to another provider. I don't know if that affects -- or we have to make a provision for that type of a process.
MS. MC ANDREW: Well, it seems to me one may wind up basically thinking how that process works now in an NHIN; does it essentially replicate that process, because whoever is asking you for the information is also asking the people that gave you the information that you relied on.
MR. HOUSTON: That is more reason, by the way, why we shouldn't be giving that information out, but you should be relying on the source materials from somewhere else.
MS. MC ANDREW: And why everyone is responding the same way, although you may have information from another network.
MR. HOUSTON: That should be part of the rules of the road, though.
MS. MC ANDREW: Again, it is important to talk about this in terms of treatment and access issues, where you would come out differently on that, because the individual has the right to that information.
The other thing is, it is going to be very tricky, particularly when you get into drugs and things like that, certainly when you get into genetic information about trying to come up with a reasonable bucket to allow the masking, because genetic information, the way it is currently being defined, you are talking about family history.
MR. ROTHSTEIN: I would have a narrow definition of genetic information such as genetic test results.
MS. MC ANDREW: But you need to be aware
MS. BERNSTEIN: Are you saying tricky because it falls into more than one category, or for some other reason?
MS. MC ANDREW: It is going to be tricky because we are probably on the cusp at least in HIPAA of getting the GINA bill definition of what genetic information is.
MR. ROTHSTEIN: The civil rights definition may be too broad for a medication definition.
MS. MC ANDREW: But it is going to be our medical definition.
MR. HOUSTON: When is that supposed to arrive?
MR. ROTHSTEIN: As soon as Congress votes on it.
MS. BERNSTEIN: According to the wisdom of the Congress.
MS. MC ANDREW: Through the House, staff is cobbling out compromises in the Senate. If we get it, we get it. But it has a very broad definition of what genetic information is, and that will become the HIPAA definition of genetic information.
MR. ROTHSTEIN: That's all right, that doesn't bother me, because a lot of what GINA calls genetic information, we are going to have here under sensitive social -- father died of Huntington's disease, that would be genetic information under GINA, but we would still capture it here.
MR. HOUSTON: Why would that be considered genetic information?
MR. ROTHSTEIN: Because it is information about genetic risks.
MR. HOUSTON: I would argue that almost any disease, many diseases, some of whom were stigmatizing others, there is a genetic marker for, or will potentially be a genetic marker for. It can be anything from skin cancer to lung cancer to this cancer, that cancer.
MS. BERNSTEIN: Right, and if your father is not the father you thought he was --
MR. HOUSTON: You are talking about a diagnosis there, which is different, or a cause of death which is different.
MS. MC ANDREW: The current definition is any medical condition of a family member that is being used to diagnose you. The medical conditions attached to family members are not conditioned on there being a genetic marker.
MS. BERNSTEIN: Right. The fact that my mother has high cholesterol and my father had heart disease puts me at high risk, that is genetic information, whether or not there is a gene test associated with it.
MR. HOUSTON: It is dangerous to sit around and try to differentiate genetic information.
MS. MC ANDREW: If you are trying to identify and mask genetic information as a category, you are masking almost the entire medical record.
MR. HOUSTON: Your medical history now becomes --
MS. BERNSTEIN: Just because they call it genetic doesn't mean it is still not family history like we have always thought of it.
MR. HOUSTON: My point is that if you define what is the family history as being genetic information by law, you are going to --
MS. BERNSTEIN: It depends on what the law does with the genetic information.
MR. ROTHSTEIN: It makes certain uses of family history.
MR. REYNOLDS: We referenced earlier -- Paul referenced the Indiana model. Either you are all in or you are all out. If you look at the real heart of these discussions and everything we are getting to, unless we are really clear on what everybody is going to do across the board, it is either all in or all out. I'm telling you, it gets real difficult as you go, and the definitions are changing.
Again, we are trying to look at this stuff ten years out or 15 years out. We are not looking at tomorrow morning. So that is why this is a tough deal. We have got to have the courage to stay with it.
DR. FRANCIS: Part of the appeal to me is that you start with a framework of certain types of information that are in and certain types that are in but masked, is exactly that problem. I don't fully know the basis of continuity of care records. If they are simply reports of visits, then it doesn't work that way. But if what is in the record are things like, every time there is a blood pressure reading it goes in, every time there are vital signs it goes in, every time there is a lab result it goes in, every time there is a prescription it goes in. So you have a list of data elements that just automatically get in.
Then the random, father was questioned about bruises, never goes in because it is not in one of those fields. I could be talked out of it, but I have become pretty well convinced that that is the only initial structure that could work in a way that you don't get all the random stuff.
The other way would be, you simply decide that certain visits do not get included. That again is very mechanical. But that has the disadvantage that you are going to have to increase the primary care visits, and you are also going to have to include medication if you go to see a mental health professional.
MR. ROTHSTEIN: I think we need to take a break for all sorts of reasons. We will break for 15 minutes.
(Brief recess.)
MR. ROTHSTEIN: The next thing we need to think about is going forward in drafting this letter. I think we have got enough information to come up with a draft.
MS. BERNSTEIN: To determine that we do not need any further hearings and so forth?
MR. ROTHSTEIN: I think that is right. But my question is about the timing. From what you know, Harry, Sue, anybody, is a September letter -- would that be considered timely enough to get these ideas into the pipeline? We are not missing the train, are we?
MS. MC ANDREW: I don't think you are missing the AHIC train. The group is doing -- I think they are still on the entity question.
MR. ROTHSTEIN: Right.
MS. MC ANDREW: So we may assume their next set of recommendations will be going to the AHIC in general.
MR. REYNOLDS: And you say October because that is when we are going forward, we are trying to get ready with the secondary issues, so they can go into AHIC in October.
MS. BERNSTEIN: But they meet every two months, right?
MS. MC ANDREW: Every quarter, I think.
DR. FRANCIS: They just met, right?
MS. MC ANDREW: Right.
DR. FRANCIS: The reason I wondered about the train already having left is this privacy policy framework.
MR. ROTHSTEIN: But it is vapor ware.
MS. BERNSTEIN: Well, framework has another meaning, too. My view of that is that it originated with the CPS work group as a starting point for the work group to look into issues and somehow, I'm not sure exactly how, morphed into an announcement at the May meeting. It characterized it in a funny way, actually. We were on a pretty good track, and then they went off into cyberspace and God help them, they got atomized.
MS. MC ANDREW: The next AHIC meeting is at the end of August.
MS. BERNSTEIN: Really? At the end of August?
MS. MC ANDREW: August 31 I have on my calendar. I'm sorry, July 31.
MR. ROTHSTEIN: So Sue, would you like to go off the record for your answer? Seriously.
MS. MC ANDREW: No. I don't control their calendar.
MR. ROTHSTEIN: When you say the AHIC train, are you saying there is an ONC train?
MS. BERNSTEIN: An OCR train?
MR. REYNOLDS: There are RFIs on the street right now for health information exchanges.
MS. MC ANDREW: But there are lots of people in this little pile-up. The AHIC is pressing to maintain their -- gateway role to this whole thing. ONC however and AHRQ within the Department, they are blossoming through contracts a lot of piloting and testing and prototyping. Much of that is going on its own track. They are supposed to be flexible in their prototyping to accommodate future policy calls. So in theory, this is not too late even for that prototyping test.
But in terms of the track, there is a Departmental track for this to have an impact in terms of what ONC, AHRQ and others want to see in the testing and the piloting that goes on as well as the official recommendations that are coming up through the AHIC.
DR. FRANCIS: What is the structure of the piloting? What I am asking actually is, when you talk about piloting, are the structures that are being piloted ones that would make it harder or easier to do something like that?
MS. MC ANDREW: They are supposed to be open ended enough to accommodate something like that.
DR. FRANCIS: That is what they are supposed to be.
MS. BERNSTEIN: But they just put them on the street, so we have no idea what they are going to do.
MS. BERNSTEIN: To the extent anyone paid attention to the demos that were put out in the fall, it was then going through those, selecting some and then taking them to the next stage of actual operational level architect language. They are still just prototypes of repeating models. They are just proving theories, or disproving.
One would like to think, but I don't think it is true, that there are all these RIOs and networks that are blossoming out there. You get competing stories in terms of, all of this is taking off in the private sector and we are too late to influence it, versus, the adoption rate is still pathetically low.
MR. REYNOLDS: There is no business model.
MS. BERNSTEIN: The world isn't going to be done in three months.
MR. REYNOLDS: I would like to go off the record.
MR. ROTHSTEIN: Could we go off the record, please?
(Comments off the record.)
MR. HOUSTON: I know in Pennsylvania substance abuse and mental health specifically require additional restrictions already. So I can imagine some of these forming around what state laws currently require now.
But having said that, I agree with Harry. I don't think there is a business model yet. I think it is true that there is not the traction that people would like you to believe.
MR. ROTHSTEIN: Do we know whether our proposal for masking substance abuse records would satisfy the substance abuse treatment regs?
MS. BERNSTEIN: I do not know the answer to that. Sara would, but she is not with us.
MR. ROTHSTEIN: It says separate, but this is not separate.
MR. ROTHSTEIN: It could be.
MS. BERNSTEIN: There are other requirements besides separate, though.
MS. MC ANDREW: I think the only question would be whether -- I don't think they have like a break the glass emergency access permission.
MR. ROTHSTEIN: Right. Would you run that past Sara?
MS. BERNSTEIN: Yes.
MS. MC ANDREW: So there might be a whole different set of controls in how they operate that would be different than one would assume.
MR. ROTHSTEIN: Right, so we are going to have to also build in not just federal law, but also state law. Suppose there is a state law that makes HIV information absolutely not disclosable and so forth. Then the break the glass feature still couldn't reveal that, right?
DR. FRANCIS: How does the substance abuse work with the prescription information?
MS. BERNSTEIN: I don't know the answer to that.
DR. FRANCIS: Would it be in the notion of decision support?
MR. HOUSTON: I suspect that the substance abuse issues that we are talking about are peoples' treatment for or diagnosis of or something other than simply the fact that they have been prescribed a bunch of medications.
DR. FRANCIS: I was interested in a substance abuse treatment record that involved a prescription, e.g., methadone.
MS. BERNSTEIN: But what about that? A substance abuse treatment record that is covered has to be in a specialty practice, a substance abuse treatment specialty, and separated.
DR. FRANCIS: Yes. Suppose you had something like that and it included a prescription for methadone?
MR. HOUSTON: But methadone is not only used for substance abuse.
MS. BERNSTEIN: But there is a good chance it is.
DR. FRANCIS: What I was just questioning was, another part of the proposal was that there would be decision support with respect to prescription interactions. I just wanted to know how that would work with substance abuse records.
MR. REYNOLDS: That's a good point.
MS. BERNSTEIN: I don't know how the decision support part would work, but what I do know is, if the methadone prescription, if there is a notation of it in the internist's record, it is not protected.
DR. FRANCIS: Right, I know that. I am just simply pointing out that one of the things that -- if we wanted good decision tools for prescriptions, that is an issue.
MS. MC ANDREW: In a way, I think the SAMHSA issues become more concerns of those facilities that are covered, and whether or not because of the SAMHSA rules would they be able to part of the network. Or do they have to remain out because the network can't accommodate their confidentiality.
MS. BERNSTEIN: One of the issues that we talked about the day of the hearing and even before that when we were planning the hearing was whether -- for example, in the HIPAA rule there is a similar provision; you have to be a mental health provider and you have to have the record segregated somehow. It is a similar, although it is a more narrow record that is covered. Whether that makes sense to have the protection be that narrow in sensitive records or whether a record of mental health treatment or substance abuse treatment in an internist's record should also be protected. So that is how the discussion was originally --
MR. ROTHSTEIN: I want to focus on the committee's plan for this. Let's suppose that three weeks from now, we have a draft for you. Suppose we got something out by early or mid July. Do you think the best approach would be to schedule a series of conference calls?
DR. FRANCIS: In theory it has to go then to the full committee, right?
MR. ROTHSTEIN: Of course, yes, by September.
DR. FRANCIS: And the full committee meeting is September 27-28? Do I have that right?
MR. REYNOLDS: Mark, again, whatever we start putting together will be useful, with everything else that we are doing.
MR. ROTHSTEIN: The meeting is -- I have the NCVHS meeting the 25th and 26th, Tuesday and Wednesday, September.
So in thinking about setting up our fall schedule, we could do one of two things. We could take on other topics, or we could say this is so important, what we would like to do is have a hearing and focus on substance abuse, and get people talking about the regs and how it might affect them, and have mental health people, have domestic violence people, get the AARP people, the social workers, the geriatricians and so forth. That is another option.
If we did that, I think it would be helpful to the ultimate decision makings, because we maybe then will have a followup letter, here is some further detail on what we recommended, sort of like what we are doing now. We started with a framework last year.
MR. REYNOLDS: Could I add some others?
MR. ROTHSTEIN: Yes, please.
MR. REYNOLDS: I think we would definitely want to hear from some of the HIEs. We are focusing on these five, but we have got to focus on whether or not people could ever pull this off.
MS. BERNSTEIN: It is frustrating to me that if we focus on whether the technologists can do what we want the policy to do instead of what the policy is, we will never get to the policy. My sense is that eventually the technologists will be able to do it, eventually.
MR. REYNOLDS: That would be an opinion.
MR. ROTHSTEIN: The people I talked to said, we can do anything we want, as long as you have got enough money.
MR. REYNOLDS: Wait, I'm not relinquishing the floor yet. I defer to a number of you in your day jobs. I have a day job also. That day job is doing this, and been doing it for 30 years. So I have designed every kind of system that you can think of that has to do with health care.
The problem is that if you don't keep that as a filter, we are playing games. When we talk about a federated model, we can't group this industry up to do NPI. We can't just pick numbers and implement them, and not do them in five year periods.
MR. ROTHSTEIN: The question here then, is it still logical in your recommendation that we move ahead with the September letter even before bringing in the --
MR. REYNOLDS: No, I'm not stopping you. The reason I am putting it in is, part of trying to drive policy is understanding the practical limitations so that they don't trip you up after you send the policy in. I'm just as comfortable in policy as the other, but if we just focus on what substance abuse we want out there, -- I'll tell you, one thing that is moving quickly, different than my earlier statement, HITSPE and other people like that are looking to pick standards very quickly. If we don't have this discussion on some of these things so that we can help drive some of that discussion, if the wrong records get picked, if the wrong packages get picked, there is no technology that can fix it.
Back to John's earlier statement about a static document. He gets a lot of stuff. We all scan stuff. You get it in, if it becomes a static document you can't do a lot with it. But these other things are not static documents, these other standards that are going on out there.
I guess where I am going, and I am on all the different committees, standards, secondary use, privacy, fine, I'm seeing the whole picture. Some of you are better at each one, but I am living the whole picture. The point is, if we don't get this right and we don't get this holistically then the rest of it really starts to fall apart. Or being a technologist, it goes back very simply to all in or all out, have a nice day.
MR. HOUSTON: I have a concern. I think we can't be naive as to how we look at making the recommendations. I think it is naive to think that we are going to get a quick change in state laws. I think it is naive to think that we are going to get a quick change in federal law, if ever, which means that whether the technology on the surface would seem to be able to support the things that we want to do, we can't allow that to govern.
First of all, it is amazing what technology can do if people decide they need to do it. I am always amazed by what people end up doing that they said was not doable. I think this is a lot of programming, but this is infinitely doable, setting these things in place that we are talking about.
MR. REYNOLDS: Setting these types of things in place.
MR. HOUSTON: Absolutely. It could become a fairly exotic infrastructure, but it is one for which you deal with in other issues like banking that are much more involved.
So the point being, I think we need to be driven by what -- if we try to set a standard that is consistent with state and federal laws, knowing that there is a variation in state laws, I think we are going to find out it is going to be more demanding than what we had ever envisioned, and we will probably need the criteria that this subcommittee would probably put in place -- you can imagine what some of these state laws require in some of these areas.
So my point being is, it might be good to take a step back and try to understand the federal and state law framework and try to understand whether somebody has done a highest common denominator assessment of these different types of information demand, and see whether from that we could maybe try to come up with a consensus as to an approach.
DR. FRANCIS: Probably the one where you are going to find state law will be the genetic information.
MR. HOUSTON: I think there have been studies done of all of the -- the AHIC stuff, I just saw that all come out.
MR. ROTHSTEIN: You mean the RTI?
DR. FRANCIS: That is actually not a list of what the state laws are. That put people together to look to see whether they incorporated that in their decision making on the test cases.
MS. BERNSTEIN: I was with John until you got to the last point about going back to state and federal law. Earlier you said state and federal law is very complicated. We can't be naive about it, but we can't get to a place where we promulgate all of it because it is too complicated.
MR. HOUSTON: No, that isn't what I said. I apologize. What I was saying is, don't think we will ever displace it. My point is that there is a lot of variation, but I suspect at some point if we picked a fairly high standard to encompass everything in all these areas, would that satisfy the committee's variation in opinion as to how to treat this information.
If we look at all the state laws, if we wanted to have commonality because we were having this Nationwide Health Information Network, here is what we would be required to do, if we were to try to set a standard that is high enough for everybody to participate without changes in laws. We may find that --
MS. BERNSTEIN: A high enough standard or a low enough standard?
MR. HOUSTON: A high enough standard. Some states are probably silent as to these things. In other cases they may address all of them. It would be interesting to find out whether anybody has looked to see what the highest standard is in these different areas. The reason why I say that is, we are not going to get these state laws changed.
MR. ROTHSTEIN: But if we put together a system that is flexible enough to let the states that may have some special law go forward, as long as it doesn't conflict with the state law, and the is will enable the providers to comply with that, I think that is good.
MR. HOUSTON: My concern though is that we have an interstate movement of records issue.
MS. BERNSTEIN: In what way?
MR. HOUSTON: In what way? I have got a cancer center in Steubenville. My main cancer center is in Pennsylvania. Ohio and Pennsylvania have different laws. Now, where is the site of that patient's care?
MS. BERNSTEIN: It is a conflict of laws issue.
MR. HOUSTON: It is not even a -- it is a conflict of laws issue. By the way, that patient has also been seen in my Pittsburgh facility and my Steubenville facility. Their treatment is being done at both facilities. They might come to my Pittsburgh facility to get diagnosed. We may develop a treatment plan in Pittsburgh.
MS. BERNSTEIN: All you are saying is that the state laws are different and you have to accommodate that in the record.
DR. FRANCIS: You must made a very interesting argument that I can see showing up on radar screens very soon about the question of federal pre-emption, putting together a federal statutory scheme that would pre-empt, and with respect to health records is going to make it a whole lot harder for states to have more stringent standards.
MR. ROTHSTEIN: I want to wrap up this discussion.
MS. BERNSTEIN: I wanted to make a point about what John was saying, which is, the analysis you are asking for is a multi-million dollar long term analysis. It is incredibly complicated to find out what each state is doing. Every state is doing something different. I tried one small piece of it once with Bob Gelman on a contract when I wasn't in the government, and it was incredibly complicated. Some of the law firms are spending a lot of money doing it.
MR. HOUSTON: Wasn't there a law firm that did it once?
MR. ROTHSTEIN: Yes, I remember.
MS. BERNSTEIN: They did a piece of that kind of thing, but you are talking about a pre-emption analysis, which is incredibly complicated. They are all orthogonal.
MR. HOUSTON: I think your point is, we are never going to have federal pre-emptions. That is the hot potato nobody wants to touch.
DR. FRANCIS: I'll be very shocked, if it is really a health information network and state standards are --
MR. HOUSTON: I'd love to see it. I advocate it, but I'm not sure how practical that is going to be.
DR. FRANCIS: I just think it is on the horizon.
MS. BERNSTEIN: I don't want to express any comment about education that, but I do want to respond to what Harry was saying before about policy versus figuring out a technologist can do, what we ask them to do.
Right now, we have a bunch of health information exchanges that are cropping up that don't have -- either like Indiana or other types of exchanges or business models that are coming up that are not including all this kind of stuff that we are thinking about all the time, because they are not being asked to. There is no reason for them to do it.
But to me, if you don't get a policy in place, nobody is going to start thinking about doing that. Policy is hard and squishy and a lot of gray, and nobody wants to touch it because it is hard and squishy and has a lot of gray. But without trying to nail down the policy, which I think this group is spending a lot of time ruminating over it, which is great, if we don't get a policy, we are never going to get anybody to try the technology.
MR. HOUSTON: Then to Mark's point and everybody else's point about timing, we might as well do the full monte and say we should be pushing a letter out for September, because it is going to take a lot of time to try to get it right.
MS. BERNSTEIN: We can get a preliminary letter the same way and then build on it.
DR. FRANCIS: That is what I think we should do.
MR. HOUSTON: But the point being, if it is that hard nobody is ready to have something fast anyway.
MS. BERNSTEIN: I agree with that. That is why I think you can take it on in that sense. Nothing is going to be a done deal by September.
MR. HOUSTON: Individual hospitals, substance abuse, we have gone through great pains to deal with how to segment our record substance abuse information, our electronic medical record, to satisfy our state laws. We are in our results a de facto RIO, because we have got 19 hospitals and we have got an electronic medical record system, probably about two-thirds of that.
We have actually gone through the evaluation in setting up the deal with a lot of different sensitive data types. There are people thinking a about them. I think part of the problem is that that there has to be sophistication of thought. As you get more systems that start to deal with it, I think there has to be --
MR. ROTHSTEIN: We are going to resume this discussion at two. But I just want to say that I think there are two different elements. I appreciate the discussion reinforcing this. One is the policy, the conceptual level. I think that we can get that out and ought to get that out in September.
Keep in mind, we have been working on this for two and a half years, these sorts of issues. It is astonishing to me, the amount of progress that we have made on this in terms of having --
MS. BERNSTEIN: We?
MR. ROTHSTEIN: The subcommittee and to a lesser extent the full committee, in having a real convergence of views. I think we need to recognize that there are going to be people who have philosophical issues with what we are presenting, but they are also going to have practical issues. To the extent that we can drill down at further hearings and make more detailed recommendations to the Secretary about each one of these, --
MR. HOUSTON: Can I ask a question? You are wanting to put together -- I hate to use the word philosophical letter, but put together a benchmark letter that says, here is a benchmark for the way these things should be handled.
MR. ROTHSTEIN: Here are the concerns that we have. We want doctors to get as much information as they need to treat, but we are also concerned about not dissuading people from seeking treatment because of privacy issues. Here is how in general we have attempted to strike the balance. Then put this at this framework.
MR. HOUSTON: That sounds good.
(The meeting recessed for lunch at 12:10 p.m., to reconvene at 2:10 p.m.)
A F T E R N O O N S E S S I O N (2:10 p.m.)
MR. ROTHSTEIN: I think there are two things that we have left to do today, and they shouldn't take that long. This morning we agreed to draft a letter to the Secretary on the issue of patient control of sensitive information. It will be circulated by mid July, and we are going to have lots of work to do on it after that.
But what we need to do is try to figure out when we should arrange our next batch of conference calls to discuss the letter, so that is one thing. The other thing that we need to do is to plan our fall hearings where we are going to go into some of the issues in more depth.
So Simon, what we decided in addition to the letter, which we hope to get to the full committee for the September 25 meeting, we are going to be setting out in that letter our recommendations in a conceptual sense.
What we want to do after that is follow up by going into more detail. So for example, we are going to recommend that there be special treatment of substance abuse information. But that raises all sorts of issues in terms of the operational stage about the interworkings with the SAMHSA regs and all sorts of particular things. We agreed that the more information we could obtain on the specifics of each of these areas and other things that we are working on, the more useful it would be to the Secretary.
So that is the plan for the fall. At the moment, I think it is probably premature to come up with any schedule for letter writing, because we don't know where this is going to take us yet. How many hearings do you think we would need? Maybe a half a day on each topic?
DR. COHN: Mark, could I ask an odd question?
MR. ROTHSTEIN: Yes.
DR. COHN: I realize you are jumping into the problem areas here, but I just wanted to make sure, I wasn't clear what is the conceptual agreement that you are going to be proposing for September? Just give it to me at a very high level.
MR. ROTHSTEIN: I will be happy to give it to you at a high level. A patient can elect to have certain areas, not items, but areas of his or her health record masked. These are the areas that we are currently working with. The result would be that the information would not be accessible to providers without additional consent from the individual, except with the following two exceptions.
One, there is a break the glass feature for emergency situations when you can't get consent. Number two, if the individual has elected to mask a certain field or more than one field, there will be a flag on the file that says, patient has masked certain information, but not identify what category the information is from. However, there would still be decision support that would go through the masked information for drug interactions, for prescribing, stuff like that.
So that is basically the approach that we are recommending. But we want to in the hearings try to learn as much as we can about the specific areas. I think that would be very helpful.
DR. COHN: Thank you for clarifying that.
MR. ROTHSTEIN: If you remember, two and a half years ago when we first started down this path, we were like six different -- there was just total disagreement about where we ought to be going and why and how and everything. Over this period of time, I am just extraordinarily pleased and grateful that the subcommittee at least and hopefully the committee as well, has reached a pretty strong consensus on what we need to be doing.
It is not going to be easy. It is going to be difficult, contentious, complicated. There are lots of problems, but I think they are problems that are worth trying to solve.
DR. COHN: Just to make sure I understand, basically the high level agreement is that for some certain set of specific issues, people can mask that information. We haven't exactly figured out what those issues are, but there is a starter set you have up there, right? But this is not meant to be open ended, you can mask everything.
MR. ROTHSTEIN: No.
MR. REYNOLDS: We call it structured.
MR. ROTHSTEIN: You only have those choices, because that is what we identified as sensitive information. We can't say I want my cataract surgery masked. That is not going to happen.
MR. REYNOLDS: We are clearly trying to identify the granularity, not let granularity be in the eye of the beholder.
DR. COHN: I just wanted to make sure that this wasn't the beginning of a hundred topics.
MR. REYNOLDS: No, no.
MR. ROTHSTEIN: The other thing that we need to do is schedule hearings. The question would be, can we get to some level of specifics on that, such as what hearings on what topics and who do you want to hear from. We are not going to be meeting in person again until September. We are going to have to have those hearings in the works.
It seems to me that with any luck, we will have the draft out by mid July. I would like to schedule initially two two-hour conference calls for us to revise and thrash out the particulars on the draft letter. That probably should take us until Labor Day to resolve. Then we can start planning a couple of hearings, maybe two hearings in September and two in October.
MS. BERNSTEIN: That is unlikely.
MR. ROTHSTEIN: Unlikely?
MS. BERNSTEIN: The Jewish holidays are in the middle of all that. And there is a full committee hearing.
(Discussion of the record regarding future meeting arrangements.)
MR. ROTHSTEIN: What I would like to do in the last 45 minutes or so is to go through the major principles that we talked about and see whether we think we need any more input and so on.
One question I had for Harry. Harry made the point before lunch about the need to run this framework past the IT experts, the technical people, like how would you do this, and what is the most practical framework. At what stage, Harry, do you think we ought to do this? In other words, should we do these subject areas and then have the IT guys come in last? Should we have them come in first? Should we have them at each of these hearings? What is your suggestion?
MR. REYNOLDS: I wasn't necessarily talking about the IT guys. I was talking about the HIE people. In other words, for some reason Indiana chose not to do this.
DR. COHN: I think their view is, if you don't want it to go through, don't put it in.
MR. REYNOLDS: I agree.
MS. BERNSTEIN: Their technology is 20 years old.
MR. REYNOLDS: Yes, but if you are going to change it, you're going to change 20 years worth of work.
DR. COHN: I think you do need to hear from people, I don't know whether it is HIE or software developers or a combination of A, B and C.
The devil was in the detail on all of this stuff. I guess it is a question of how much detail we want to get. I am reminded that when you look at HIPAA, don't say you can't put mental health in. It is more like, all mental health has extra protections. What they say is, X note, there is a civic note, there is identifiable that you can put your arms around that is protected. Others enjoy the regular HIPAA protections. Am I saying that correctly?
MR. REYNOLDS: Yes.
DR. COHN: On that you can probably put your arms around. It gets a little harder when these 12 ICD codes and these 13 procedures and these 25 medications --
MR. ROTHSTEIN: That's right. For example, under --
MS. BERNSTEIN: If there are codes for them, it is easy. You know which ones they are and can identify them.
MR. ROTHSTEIN: I'm not prejudging how we are going to come down on this, but I would say that we should not be wed to the psychotherapy notes exception under HIPAA, because I think it is overly restrictive. It has to be developed by a mental health professional under the psychotherapy exemption, where I think we want to have more general coverage and so forth. But that is the kind of issue we need to pursue.
MR. REYNOLDS: Somebody like WebMD, somebody like some of the HIEs, anybody else that has got --
DR. COHN: The first question is, can a software vendor who is selling electronic health records or quasi-health records or whatever screen this stuff out from going to the HIE. The second question is, can the HIE even manage and screen this stuff.
MR. ROTHSTEIN: Should we hear from the prototype developers?
MR. REYNOLDS: No.
DR. COHN: Which prototypes?
MR. ROTHSTEIN: The prototype developers.
MR. REYNOLDS: You mean the consortia?
MR. ROTHSTEIN: Yes.
MR. REYNOLDS: I don't think they want anywhere near this.
DR. COHN: The new contracts they might.
MR. REYNOLDS: The new contracts. You said before initial.
MR. ROTHSTEIN: Right.
MR. REYNOLDS: No. That would be my feeling. We heard a lot from them, and I don't think we got anywhere near this kind of level.
MR. ROTHSTEIN: They do have a degree of expertise.
MR. REYNOLDS: I don't have a problem with them as entities.
MR. ROTHSTEIN: Right, not talking about what they did.
MR. REYNOLDS: Then I'm okay with that.
MR. ROTHSTEIN: I don't want to talk about their framework.
MR. REYNOLDS: The other thing you talked about this morning, which would be another group that fits in with this, you have got CCR out there, you have got CCD out there, you have got some of those other ones. As people are looking at setting standards and trying to figure out how this data is going to flow, how well do those kind of things adapt to this kind of an idea.
We have a copy in our packet of the top five or six areas of the CCR. If you look at that and how it is structured, and then you start thinking about what we drew on the board, if those records aren't set up in a way that you can parse this kind of stuff out, then basically you have got a package that you are delivering all this data back and forth, whatever one you pick, it doesn't matter. But can you parse it out that way or not?
DR. COHN: This is a reasonable area to explore, but certainly dealing with this on a provider basis rather than on a field basis, record in, record out, that sort of thing, as opposed to this sentence in, this sentence out.
MR. ROTHSTEIN: We rejected the line item approach.
DR. FRANCIS: We also worried about the whole provider in and out. If the basic goal is the treatment, and there are whole chunks of visits to different providers.
DR. COHN: Psychiatry and Gyn from this list might be pretty sparse.
DR. FRANCIS: There are some pretty important things. Suppose you leave out any visits to a gynecologist. You don't know if somebody is on birth control. Then isn't that silly, because if the same prescriptions came from a family practice doc, they would be in.
DR. COHN: As I say, I am completely comfortable with the principle. We are digging one level below and trying to figure out what makes sense.
MR. ROTHSTEIN: We are actually two levels below. We set out more or less in the June last year letter the framework or principles. Then hopefully by the September 2007 letter we are going to set out another level down. Then at some point, December, February, whenever we can get finished, we will be able to get out a third level down to more specificity.
What about in each of the various categories? Maybe you can give us some guidance on who to line up. Mental health, we have heard from some of them already.
MR. HOUSTON: Do you want to hear from health care NIT then?
MS. BERNSTEIN: If you want to hear from mental health providers that are in communities or in different kinds of settings, you want to talk to MSW types who have a different kind of clientele, I would think, and have a different kind of practice, but are mental health professionals. There are people we haven't talked to.
MR. REYNOLDS: What are we going to ask them? Let's talk about the questions. When you bring somebody in the room and say, here is what I want to hear from you. I think you said eloquently in the thing from Kolodner. We heard from zillions, to quote, zillions of people. What is the differentiating question?
MR. ROTHSTEIN: Here is what I would like, for example. In the mental health, I would like to hear from primary care docs, and ask them about the type of mental health information that is routinely stored in their file, the kinds of garden variety moderate kinds of mental health conditions that are treated by primary care docs, and ask them about what effect it would have on their practice, how hard it would be to separately code information
within a visit.
So I go for my annual checkup to my internist, and he asks me all sorts of things, some of which may be on that list, and lots of things which wouldn't be on that list. Now the question is, what new burdens are we going to be placing on my doc and his staff to put this information into the shape that we want.
MR. HOUSTON: You were saying primary care in this case, but that is just one class. Is there a reason why -- I'm assuming you want to hear from other non-primary care people also.
MR. ROTHSTEIN: Yes. But the point is that mental health information is dealt with by more than simply psychiatrists.
MR. HOUSTON: Understood. It is handled differently in each case. I would suggest that there is also another view, not just primary care, but you also have to deal with mental health in an acute care setting, in a hospital, because many times people come in with some type of a condition and have a psychiatric consult, or there is a tier two issues which is psychiatric issues. The mother that gives birth and has serious postpartum depression, and she is in the hospital because she just gave birth, and then there are issues. As well as the fact that you see enormous numbers of psychiatric consults that occur. I know that at UPMC, a patient in a psychiatric facility may get transferred to one of the acute care facilities because they have some other medical problem. So what they are doing is, they are treating the patient or medical problem who has got serious mental health issues.
The reason why I bring it up in that context is, you want to talk about both data sharing as well as how data is segregated. I think there is also value in looking at the IT side of things.
MS. BERNSTEIN: Do you think there is a value in this group looking at the IT stuff?
MR. HOUSTON: In the earlier discussion there was a concern about what the systems can currently do. I'm not always convinced, and I have said it before, that we should tell them what needs to be done. But it might also be helpful to understand what the state of the technology is today. We might find that the state of the technology is much further than we expected on the EHR side.
DR. FRANCIS: We could probably find out pretty readily that they can design a separate field. You can have a separate information field. The hard questions are how the decision gets made to put the information there. That is the hard question. One way to do that is to have either the facility or the primary care physician do it. So that is Mark's question about the burden.
The other question would be to have the software do it. That is much harder.
MR. HOUSTON: It is not necessarily much harder. It depends on the context. The system I work for owns a company that makes psychiatric EHR software. It is one of the companies that we run. There are other systems out there for an acute care setting that might handle psychiatric information differently and segregate it differently. I'm just saying, there is an opportunity, if we wanted to delve into what is the current state of the technology. I'm not saying we have to.
MS. BERNSTEIN: My question is, is the current state of the technology really that relevant to the policy that is going to be implemented over the next two years, five years, whatever? By then, they will be looking at something different.
MR. HOUSTON: I'll answer your question. I think there is a value in one sense, because the state of the technology may also be a surrogate for asking a question of what do the 50 state laws require us to do. If a software vendor wants to do business in all 50 states, and they have to develop their software in a manner that will allow them to meet their customers' requirements in all 50 states, which will be meeting regulatory compliance, it might be a surrogate for asking the question about what is the standard.
MS. BERNSTEIN: But we are not recommending anything like that.
MR. REYNOLDS: We keep getting pushed on by the technologies. I want to be real clear in what I am saying, because I am not going to back off this. That is, this technology or that technology, we don't understand the requirements of what we are trying to put together. We are building the picture of a ten to 15 year Nationwide Health Information Network, how data flows around it and everything else.
Part of technology is not the technology itself. It is how you think about the requirements that you are going to ask everybody to align to. That category is requirements. If you don't take the whole spectrum into play -- and I keep hearing everybody try to shove technology; technology is not the hardware.
So I am not going to relinquish the discussion of the fact that if we don't have a structure and we don't think through how everybody would use it -- let's remember NPI. We can't get this industry to group up to pick numbers. We are going to try to get this industry to group up. I think your point is great, how do we capture the data, what packages are we putting in. If you don't have that as a filter, then you are not really thinking about how it can or can't work or will or won't work. I'm not designing the detail of it, I'm designing the understanding of it.
So this is a privacy committee, but more and more, we have all said, you cannot separate these discussions.
DR. FRANCIS: I think we really do need to think through -- we need to be assured that the kind of thing we are thinking about is doable. We don't have to propose a specific way of doing that. I absolutely agree, we have to hear from the --
MR. ROTHSTEIN: And we don't need to hear what existing systems are capable of doing today. We need to hear from people who have some degree of foresight, who can say, we are not there now, but within the next two or three years when X, Y or Z happens, then we are likely to be able to do it. Or, we can do this so long as we have got data in such-and-such form.
MR. HOUSTON: You're talking about the IT vendor side?
MR. ROTHSTEIN: Yes.
MR. REYNOLDS: I'm not even there.
MR. ROTHSTEIN: What I want to hear from the docs is, what would it mean to -- the primary care docs, I'm not talking about mental health stuff -- what would it mean to your practice if you -- let's say you are going to use some natural language software that is going to convert certain words into mental health -- automatically earmark them for the mental health file as opposed to the blood pressure. Is it going to slow you down? Are you going to have to hire more staff? Are you going to have to think about -- would you tend to compartmentalize your examinations sticking in these terms? You have got a patient for their annual physical, and now you have to know, I've got to store the mental stuff and the substance abuse stuff separately from the hypertension. Now I am going to start structuring my examination differently in terms of separately -- I don't know.
MS. BERNSTEIN: Mark, do you know any doctor if you asked that question, could really answer it? They are not going to know until they have seen the software.
<