[This Transcript is Unedited]
Hilton Embassy Row Hotel
2015 Massachusetts Avenue, N.W.
Washington, D.C.
TABLE OF CONTENTS
Agenda Item: Call to Order, Welcome and Introductions
DR. COHN: Okay. Well, good morning, everyone, and happy post-Thanksgiving. Please be seated. Okay. I want to call this meeting to order. This is the first day of two days of meetings of the National Committee on Vital and Health Statistics.
The National Committee is a statutory public advisory committee to the U.S. Department of Health and Human Services on national health information policy.
I am Simon Cohn. I’m Associate Executive Director for Kaiser Permanente and Chair of the Committee. I also want to welcome Committee members, HHS staff and others here in person and, of course, those calling in on the Internet.
Let’s have introductions around the table and then around the room. For those on the National Committee, I would ask if you have any conflicts of interest related to any issues coming before us today, would you so please publicly indicate during your introduction. I want to begin by observing that I have no conflicts of interest. Marjorie?
(Introductions around the room)
MS. GREENBERG: Good morning. I’m Marjorie Greenberg from the National Center for Health Statistics and Executive Secretary to the Committee.
DR. ROTHSTEIN: Mark Rothstein, University of Louisville School of Medicine, member of the Committee, no conflicts.
DR. WARREN: Judy Warren, University of Kansas School of Nursing, member of the Committee, no conflicts.
MR. REYNOLDS: Harry Reynolds, Blue Cross/Blue Shield, North Carolina, member of the Committee, no conflicts.
MR. HOUSTON: Good morning, John Houston, University of Pittsburgh Medical Center and a member of the Committee, and I don’t have any conflicts.
DR. TANG: Paul Tang, Palo Alto Medical Foundation, member of the Committee, no conflicts.
MR. LAND: Garland Land with NAPHSIS, member of the Committee, no conflicts.
DR. WILLIAM SCANLON: Bill Scanlon, Health Policy R&D, member of the Committee, no conflicts.
DR. CARR: Justine Carr, Beth Israel Deaconess Medical Center, member of the Committee and no conflicts.
DR. FRANCIS: Leslie Francis, University of Utah, member of the Committee and no conflicts.
DR. GREEN: Larry Green, University of Colorado, no conflicts.
DR. STEUERLE: Gene Steuerle, Urban Institute, member of the Committee, no conflicts.
DR. FITZMAURICE: Michael Fitzmaurice, Agency for Health Care Research and Quality, staff of the Subcommittee on Standards and Security, liaison to the Full Committee.
MR. BLAIR: Jeff Blair, Lovelace Clinic Foundation, member of the Committee, no conflicts.
DR. STEINDEL: Steve Steindel, Centers for Disease Control and Prevention, liaison to the Full Committee.
DR. SCANLON: Jim Scanlon, HHS, Office of Clinical Evaluation, Executive Staff Director for the Full Committee.
DR. HORLICK: Gail Horlick, Center for Disease Control and Prevention, staff to the Subcommittee on Privacy and Confidentiality.
MS. KAHN: Hettie Kahn, National Center for Health Statistics, CDC, staff to the Subcommittee on Privacy and Confidentiality.
MS. JACKSON: Debbie Jackson, National Center for Health Statistics, CDC, Committee staff.
DR. HEFFERNAN: Henry Heffernan, NIH.
DR. MCANDREW: Sue McAndrew, Office for Civil Rights.
DR. FRIEDMAN: Maria Friedman, RX Hub.
DR. RAYBURN: John Rayburn, Healthcare Leadership Council.
MS. GRANT: Erin Grant, Booze Allen Hamilton.
MS. DEWIRE: Sheila Dewire, American Ophametric Association.
MS. JONES: Katherine Jones, CDC, National Center for Health Statistics.
MS. BENNING: Denise Benning, Office of eHealth Standards and Services, CMS and lead staff to the Subcommittee on Standards and Security.
DR. RODY: Dan Rody, American Health Information Management Association.
MS. AMATAYAKUL: Margret Amatayakul, Contractor to the Ad Hoc Workgroup.
DR. COHN: Okay, well, welcome, everyone. Before we move into the agenda review, I want to make a couple of opening comments.
First of all, I do want to apologize to a number of you, and I actually share, I think, in some of the angst. I know that because of the holiday weekend this past weekend, many of you received your agenda books very late or, in some cases, not at all. So we do want to apologize for that. I think the good news is that the action item for today was actually emailed out a week before. So everyone has that and obviously has had time to consider it.
I guess there are some extra agenda books if people, I know, for example, Paul Tang doesn’t have one either, and surely if others don’t have one, we have copies for you.
Obviously, what we will do is to redouble our efforts to make sure these things get out in time. This was actually in time. It’s just that with the holiday week and offices being closed, I know that mine was sequestered somewhere in my administrative suites, but not anywhere close to me, unfortunately.
I will comment that we will also take particular care for the February meeting because I was just noting that the February meeting also occurs right after a holiday weekend. And so we’ll just make sure to get these things out in time so that we aren’t at risk for not having people have it. Anyway, we will deal with that and make sure it doesn’t happen again.
But beyond that, I actually do want to sort of begin by congratulating everybody on I think what’s been a very productive 2007, assuming, of course, you make it through the meeting today. From my view, it’s certainly hard to believe that we are at the last meeting of the year. Certainly so far this year, as I look at our work, we’ve been advising HHS and exceptionally on I think a variety of what I would describe as important and timely health information policy issues. And we reflect on them, I think we should be proud. In terms of HIPAA and HIPAA transaction, we sent letters and held hearings and advised on both the NPI which we’ll continue to monitor as well as the issue of moving to a more stable update process for the administrative and financial transactions, and I think you will remember the letter at the last meeting which talked about moving to a 5010 transaction. So I think, once again, moving forward and beginning to institutionalize the HIPAA update process now that we are ten years into HIPAA, five years into the actual implementation for administrative and financial transactions.
Now our Quality Workgroup has held hearings and came out with a report at the last meeting looking at the issue of quality measurement in what I would describe as a time of transition and recommending approaches that deal with both clinical and administrative data, and I think we’ll be looking at the best way to get that out into the public hopefully over the course of the meeting today and over the next couple of weeks so that actually does get published and out.
Privacy and Confidentiality has had two letters and has been obviously monitoring HIPAA privacy and confidentiality, and we’ll obviously be talking about the work that they’ve been doing on individual control, sensitive health information, accessible by the NHIN, Paul Tang’s term from the letter, which is, I think, an improvement over the previous title.
Populations and Don will actually be showing up, I think, around noon. We received an email from him that he just returned from Budapest about midnight last night. No comment.
But certainly this year they developed a letter on data linkages and federal databases and have obviously been doing more work planning for 2008, and we’ll look forward to sort of seeing where they are on that later on at this meeting.
Now finally, and we will be discussing this at length today and potentially tomorrow, is a report that we’re bringing forward for action at this meeting being brought forward by the Ad Hoc Workgroup on Uses of Health Information, a report on enhanced protections for uses of health data. As I look at this altogether, it actually speaks of a fair amount of work and advising that we’ve been doing for the Secretary and for HHS this year, and obviously from my view we have a lot to look forward and probably we will get busier as we move into 2008.
I should comment, and this is just reflecting on previous work that we’ve done, and I think Karen will eventually arrive and I know she’s been delayed at this point, will be, I think, also commenting on this one. CMS recently has announced that the ePrescribing standards that we were all involved with helping the Secretary and CMS identify for piloting are now at a stage where they’re moving into actual regulation, and I think that that’s an exciting development. Obviously, I think that we should be pleased to have been part of the effort to identify those standards. I think we do have to step back for a moment and realize that standards are critical and necessary, but probably not necessarily fully sufficient in the sense of more needs to be done to move ePrescribing forward. But certainly I think without the standards, we run the risk of basically stovepipe implementations, lack of interoperability, and I think we’ve done an exceptional job of providing that foundation, and it’s nice to see that work beginning to come to fruition.
I should also remind you of the fact that some of our other previous work, and I’m thinking of the NHIN privacy and confidentiality letter from last year as well as our work on functional requirements continues to be appreciated and used within HHS, was referenced by the Office of the National Coordinator in their recent request for proposals, and I know John Loontz will be talking about that tomorrow in terms of efforts. Jeff Blair, I know, is involved in one of those efforts in New Mexico.
But once again, these documents and, I think, our thinking is being referenced and utilized by HHS. So the hard work at the end of the day is worth it, and it is making an impact.
Today, we will be spending, as I’ve commented, considerable time talking about the work of the Workgroup on Uses of Health Information that is being brought forward by consideration. This work is undertaken at the request of the Department and the Office of the National Coordinator. Specifically, the work involves developing an overall conceptual and policy framework to balance risk, benefits, obligations and protections of various uses of health data. From there, the work also develops recommendations to HHS on needs for additional policy, guidance, regulation and public education related to expanded uses of health information in the context of developing nationwide health information network.
And, of course, I think as all of you will remember, this was done in the context with particular, I guess, emphasis or attention on uses of health data for quality measurement, reporting and improvement.
We brought this up earlier in June as work to be started. I want to thank obviously all of you – I mean, everyone who’s been involved which has been most of the Committee in one way or another. We held eight days of hearings. I want us to take a moment and sort of signal basically both Harry and Justine as having as the co-vice chairs as being critical – I think we should give them a round of applause for their efforts.
[Applause]
DR. COHN: For what’s been really, I think, a Herculean effort in a very short time span. Now I think we all see this as sort of phase one of this effort, and we’ll talk through today and tomorrow. But there will be – well, there are additional issues that I think we recognize that we have not – that need further investigation. Oh, yes, well, we’ll get to Margret A in just a second. We haven’t even voted on this thing yet. So, well, okay, I will turn around and I think we just need to acknowledge Margret A. without whom we would not be where we are with a document at this stage. We’ll give her a round of applause.
[Applause]
DR. COHN: Now I have someone to thank, Paul Tang, both for his participation on the Committee as well as his most recent editing, and you’ll see some of the fruits of that effort as we go further today. But also Bill Scanlon, Marc Overhage who’ll be calling in late on, Mark Rothstein and Kevin Vigilante. Kevin will also be calling in today, had to go out of town, I think, on some urgent business.
I obviously want to thank you all for spending a very busy and productive summer and fall. I don’t think we’re in quite winter yet, on this activity, and I think once again we’ve come up with, I think, a document we can be proud of.
I also should mention our liaison representatives and support. I know Steve Steindel, Mary Jo were involved, and I guess there’s a whole list actually, Mike Fitzmaurice, Debbie Jackson, people from Booz-Allen, including Erin Grant and Christine Martin Anderson who I don’t think is here today, and I’m sure I’m missing a variety of other people here. But let’s give them – we’ll reflect on them because they’re all listed in the back of the document.
But once again, I think we really want to thank everybody for I think what’s been a fairly sustained and focused effort. Obviously, I mentioned this both because I think we should be proud of the effort. Hopefully, as I said, as we look at it, we will think this document is worthy of being thoughtful word and being able to accept during our session today and tomorrow.
I also mentioned to you both because as an example of flexibility of the Committee, and I think we’ve talked about that over the years of way that we can rapidly mobilize to do something of importance for the department, and I think this is a good example. It’s also an example of ways that we can bring together, I think, a really unique competencies around population health, privacy and confidentiality standards and quality in sort of a rapid fashion to really sort of leverage all of the expertise that we have in the NCVHS.
Now with that, let me move on to the agenda review, and I think I’ve got it right here. This morning, we begin with Jim Scanlon, our Executive Director, who will be talking both about department update as well as, I think, reflecting some on the transition as we move into the end of the terms for a number of the Committee members, and I think he’ll be talking about next steps on that.
Now Karen Trudel is next on the agenda, but I think she’s been detained, and we will either squeeze her in today or tomorrow sometime as is appropriate and works for her and the schedule of the Committee.
Following the morning break, we will begin a discussion of the report that I’ve just been discussing at length, and obviously this will be bought forward as an action item for this meeting. Now I should comment, and I’ll mention this again when we get into the document, I think the ground rules for that conversation will be that we obviously gratefully accept wordsmithing, but would prefer to be done off line. However, there is obviously a line between wordsmithing and content, and what we want to do is to make sure that we are surfacing and reconciling any content issues we have with all of this. And so, as we go through it from section to section, once again, I mean, Margret, I, Justine, Harry will take wordsmithing things off line. But if you think you have an issue or concern about how this is worded that bears on content, we do really need to surface that today.
Now after lunch we will be probably continuing for a little bit on the report, and from there then moving into the discussion of the privacy and confidentiality document on individual control, sensitive health information which will be more of a discussion item being brought forward to help advise the Subcommittee in their meetings from four to six this afternoon and hopefully will come forward as an action item for our February meeting.
At three o’clock, we are pleased to have a briefing on an invitational meeting sponsored by the Robert Graham Center which was on harmonizing primary care standards. This was supported by ARC. Larry Green was one of the – was described as principals on this, and I think you’re the one actually putting together the various discussions and producing the document. I did notice I think you’re not presenting, however. You preferred not to present. But I’m sure Larry will be making comments. We have Bob Phillips and Michael Klinkman presenting to give us sort of an overview of that work because I think it is germaine and relevant to the work of the Full Committee. I should also mention that Marjorie presented there, and obviously we want to thank you for presenting the National Committee at that session.
Before our break outs, we will discuss plans for Wednesday. I do, however, want to remind everybody that we are scheduled to adjourn at 2:45 tomorrow – actually three, somewhere between 2:45 and 3:00 tomorrow, so just to keep that in mind as you make your travel plans and other plans for tomorrow.
Now with that, why don’t I – oh, actually, yes, we do have a dinner. That was actually going to be my final comment. We have a dinner tonight which is going to be about 6:30 at a place called Lauriol Plaza which I actually know where it is, although I don’t exactly know how to walk from here to there. But I am told it’s five to six blocks away. So either it’s a short cab ride or a nice walk which we’ll probably need by about six o’clock this evening.
It is sort of Central American and Mexican cuisine as how best I would describe it both having looked at the menu and actually it was highly recommended by our staff, and I think they’ve been very good so far, I mean, with some of the other restaurants we’ve gone to over the last while. Anyway, that’s the plan for the evening. I think we do need a number from the Committee of those who would likely be joining us for dinner. Maybe at this point we’ll just have you raise your hand if you’re interested in coming and staff obviously also. Okay, okay, well, with all of that being handled at this point, let me turn it over to Jim Scanlon for a department update. And Jim, thank you.
Agenda Item: Department Update – Data Council
DR. J. SCANLON: Thank you, Simon and good morning, everyone.
Let me say I want to update the Committee on a couple developments that have occurred since we met in September, and they deal with sort of the policy priorities, legislative developments, where we are with our budget which kind of affects all of our planning and projects, and then I’ll talk a little bit about our transition in terms of new members for the next few months.
So let me start. I think I’ve left out your place, and I’m not going to go through these. But is this working all right? Is that better? At any rate, I’ve left before you at your places and I’m not going to go through this, the revised HHS priorities for – these are really policy priorities. They’re nine areas ranging from health insurance coverage, value driven healthcare information technology, personalized health care prevention and preparedness.
Again, these are the nine priorities that the leadership of the department is spending most of its time on and probably for the remainder of this term as well, these are the areas that will get most attention. And I think you’ll see that virtually every one of them is reliant both on data and on information technology and health information technology, and one of them involves health information technology per se, the Secretary’s initiative.
I’ve also left before you the update of the department’s strategic plan. This was just went through all of the review process and is now on the web. So it’s official. Basically, four overall goals, and you’ll see a number of objectives. This is the strategic plan for the next five years. And, again, these are at the policy and strategic plan level. These are the activities that will be receiving the attention of agency heads and HHS leadership in the months ahead. That’s not to diminish all of the other activities that HHS carries out in terms of program operations, but in terms of new policy and new areas, these are the ones that will receive the Secretary’s attention.
And, again, I think much of what the NCVHS is involved in supports these either directly in the health IT area and indirectly in terms of data and other areas. On the legislative front, there are – I think everyone thought we might have some further developments. This will be a short report. There were several health IT bills, as you know, introduced and being considered in the 110th Congress. An example was the Wired for Health Care Act in the Senate which would codify the Office of the National Coordinator, the AHIC and a public/private partnership, and it would establish a number of grant and loan programs. There are a number of privacy concerns have been raised, as you’re aware of. There are other bills as well. I don’t think anyone expects that anything will occur between now and the end of the first session, but HIT would be expected to be a priority in the second session of the 110th Congress.
Similarly, on the budget, again we were hoping that we would have a full budget for Fiscal Year ’08 and I could talk a little bit about priorities and plans and where we were with investments. But at the moment we have a continuing resolution through the middle of December. So our rules basically are that we have to spend no more than at a pro rated basis as we did last year. So we can’t really start any new projects, and the picture is still somewhat murky in terms of what the actual amounts will be for health IT as well as for some of our population health data. I think we’re all hoping that we’ll have a level of resources at least at the ’07 level and even some breathing room for new activities. But we just won’t know and possibly won’t know until February as last year. So we just have to proceed week to week and month to month.
Our Data Council actually has been reviewing where we are, what will be the budget impact on our Fiscal Year ’08 statistical activities and health IT activities. But again, we’re sort of looking at various contingencies depending on where the budget levels come out. But we, again, it’s a little difficult without some finality to the budget to know where we’re coming out. And on the ’09 budget is under development, and the budget proposal for ’09 is being developed now. And, again, the Data Council has taken a very active role there. It has looked at all of the proposals that the agencies are putting forward relating to health IT and statistics and the population data and actually made some recommendations to fill in gaps and keep everything on it sound and sound footing. But again, basically it’s a question mark until we get a budget for the remainder of the year.
There are some specific activities I wanted to bring to the Committee’s attention. The Data Council in December will be looking at several assessments on follow up on Hurricane Katrina evacuees. We have a study that HHS has supported at Harvard Medical School that’s following – this is Ron Kessler’s study. They’re following up a sample of Katrina evacuees over a long period of time. Ron will be briefing the Data Council on where things stand there with that group. We have some other studies that our agencies have done and others have done looking at where are we almost two years later. And similarly, the Data Council had a previous meeting in November, looked at and is continuing to look at what are the capabilities of our agencies for state and local data. This comes up particularly in the context of state health reform, you know, a number of states are coming forward with their own health reform programs. Many of them have approached HHS for data and assistance. So we’re looking at what capabilities we have and, again, we’re looking at gaps and where we might put some resources when they become available hopefully this year.
And a couple other things I wanted to follow up on. You’ll remember that we had a workshop at the National Center for Health Statistics earlier this year, and we were looking at what is the potential of electronic health records for in this case it was public health statistics. And, again, this falls into the secondary uses category broadly. But here, we were looking specifically at what is the current penetration and capability of electronic health records in health care settings that might provide a basis for at least partially supporting the national statistics and state and local statistics.
And I think we found that the penetration at the moment at any rate was too low and not systematic enough in terms of EHR adoption to support national sampling. On the other hand, there were clearly instances of deep and rich electronic health record information. So the question came up, well, how can we move forward in this area. I think the thinking was, and several of you were there obviously, we might proceed with some pilots where such systems did exist and sort of model through how would we use that kind of information, what would be the options when the adoption is on a broader scale.
So we’re thinking of what exactly could we look at in ’08. The National Library of Medicine has offered some of its grantees as a possibility. Obviously, around the table several of your organizations have well established electronic health record systems that could help here as well. But we’re open to some ideas as a follow up.
I think I mentioned at the last meeting some of the projects we just started at the end of the last fiscal year. A survey of preparedness in emergency departments. We’re doing this through the National Center for Health Statistics Emergency Department Survey. I think I mentioned that we had just begun just really at the end of September an evaluation or assessment of electronic personal health records in Medicare pilots both on the fee for service side and in a project with ARC on the health plan side. So these are just getting started. It took a while to get things going. So we’ll probably be asking the Committee for some advice as we move along. But, again, these are Medicare pilots, and we’re trying to do a good evaluation.
We also initiated an assessment of the health IT capabilities and information exchange in the health safety net, particularly the Community Health Centers and primary care, and that’s now got started as well. We are thinking of some new possibilities. Agencies have approached us. Others have approached us both on the population side and the health IT side. I’ll mention these only with the caveat that obviously the resources would have to be available for us to undertake any of these.
But one request we received is that we look at the capability available to HHS for modeling health and human services modeling. As you know, we support several models at HHS where we contract for models. There are not many of them, but I think we – the issue’s come up, and we thought we might, if possible resources available, we’d look at what’s the current capabilities state of the art, and where would we want to go.
Secondly, this is very interesting. You recall that the Secretary announced within the month a planned demonstration program of electronic health records in an ambulatory setting, and this is projected. It would be a five-year demo. I think the Secretary announced it at the AHIC and other places as well. We’ve been asked, my office particularly, has been asked to assist with an evaluation of sort of the valuation site of that demo. So we’re working with CMS and others now in terms of what the possibilities might be.
We’re also thinking of revisiting the state of the art in how you measure the health and economic impact of illness. You’re all familiar with all of the studies that have been done. Folks take one diagnosis whether it’s heart disease or cancer and then try to look at what the economic and the health impact on society and the economy is. They often tend to amount to so much that they almost approach the gross national product each one of them. So that’s obviously not when you look across those, and I think our interest is not on individual disorders. It’s looking at across what’s the total burden and impact on society and the economy. I think we’re going to try to look at what’s the current state of the art, and is there a way of looking across these in an integrative way and trying to get it within some control measures in terms of national health accounts and other areas so we really understand in a more realistic way what the burden might be.
We have another interesting project that we were approached by the VA and the VA has asked if we could help with a pilot and evaluation that would involve information exchange between the VA and veterans who are transitioning to outside the military system and the VA system and who might be going to private sector sources for health care, and could we – there are some demos already between the DOD and the VA and the Indian Health Service who are looking at transitions to the private sector as well for health information exchange.
And then finally in a way related to that, we were looking at – the issue’s come up several times now. Is it possible to look at some of the electronic health record systems and repositories that people believe are available in the private sector, and is it possible to be able to use some of those for certain public health activities including drug safety monitoring.
This was actually in the FDA Reauthorization Act, but in other areas as well. So this would involve, if we could again resources to begin looking in this direction, not just the public reporting systems, but in terms of the health plan and health system repositories and data resources. Is there a possible way to look at data. Folks use the term data mining. Actually, it’s somewhat different than that. But what potential do they have to provide systematic information after the drug is approved, for example, on drug safety, on some other public health issues as well.
So that’s kind of where we are. It’s an ambitious plate of planning. But, again, none of this will happen until we are clear about the budget. Questions on that, and then we’ll talk a little bit about transition to new members.
DR. GREEN: Jim, could you say a little more about this five-year EHR demonstration in ambulatory settings?
DR. SCANLON: Well, I can say, Larry, only what the Secretary’s already announced. But this would be, and I should probably get you a good summary in the press release. But just earlier this month, Karen, you probably know more than I do. But this would be a, I think, 1200 ambulatory care practice, small and mid-size ambulatory care practices would be part of a fairly structured pilot and evaluation. There would be a comparison group. Now again, it’s not clear what capabilities the ambulatory care office would have to have. Obviously, some sort of EHR capability. But the look would be what are the – can you compare ambulatory care offices with EHRs to a comparison group. Can you measure improvements in quality and outcomes and probably efficiencies as well. I think it’s envisioned as a five-year pilot, fairly large as pilots go, and there is some an evaluation site at any rate. There would be some fairly structured evaluation so that we knew what measures we were trying to look at, what measures we were trying to influence, and have sufficient size so that we could detect differences.
It’s only in the planning stages as I recall. It probably wouldn’t get started and there wouldn’t be much more detail til the spring. And, again, obviously this is a budget issue as well. But it would be within the context of the Medicare demo program, and I can provide the Committee with a little – with as much as we have on it so far.
DR. FRANCIS: I had a question about state initiatives. As I understand it, there are a number of states on Massachusetts, Maine, I think, is the leader in this, that have been trying to get cost data – actual cost data so people can compare in state level reforms, and they haven’t been able to get CMS data. I may be wrong about that. But they can only get private care data.
DR. SCANLON: Well, I think that the issue may be physician specific data, and that’s still, as you know, in the courts. Some states require in their states that individual physician specific information be available and posted. That was challenged in the courts. And now I’m not a lawyer, but as I understand it now, it is still in the courts and under appeal whether or not that information could be made available.
CMS was approached to make that data available, but again it was challenged in the courts. And I just don’t have – we don’t have any way of predicting how that will come out. But obviously that would be a critical part. I mean obviously institutional care, you know, quality measures and cost measures for institutional care are important. That’s where most of the money goes. But this would be the ambulatory side. And if this information – and this is part of the Secretary’s value driven health initiative as well, you know, the assumption that if folks, decision makers knew what the quality and cost options and outcomes were, they could make more informed decisions. But we’re in the courts at the moment. Marjorie.
MS. GREENBERG: Thank you, Jim. So many interesting things that we could have a second advisory committee of things and work on some of them, not that I’m volunteering you all. But particularly since Don is not here yet, I can certainly volunteer him.
I was really interested in the study you mentioned on the economic impact of illness, and I assume disability as well. Would that be included for CDC and NHS in particular have done quite a bit of work related to burden of disease and summary measures and all of that. And I think that I assume you are going to have a population focus on that.
DR. SCANLON: Exactly.
MS. GREENBERG: So that would, I think, really – I know the Population Subcommittee has a list of things that it’s looking at for the future. But I would really encourage you to involve them and discuss it with them.
DR. SCANLON: Oh, absolutely. And I think we’re trying to – we’ll start out as we normally do with kind of what’s literature review and state of the art and what are people doing now. But from what I gather, and I’m not an expert here, the cost of illness and burden of illness state of the art have gotten to a point where it was largely disease specific, and everyone approached it in a certain way, and it was actually the way that Dorothy Rice sort of got started in the ‘70s. So we’re a little – and we’re looking more at a comparative approach as well and how does it fit into at least in the cost side of – how does it fit into a national health account, or when you control for what you think the total expenditures are, how does it all come out.
And we’d actually like – I think we’d actually like to look at what are we getting out of the inputs as well, but that may be the next step.
DR. STEUERLE: Just to add on to Marjorie’s comment, it seems to me that the Population Subcommittee is very interested, as you know, in integrated data sets and the accommodation of social security record which would give you earnings background of the person combined with Medicare records combined with DI records would be a tremendous source of information for examining not only sort of in the broad sense what’s going on. But to the extent you could do it and you could follow what I consider one of the really big issues which is sort of these – I’m sure it’s disease specific, but it’s almost like issue specific movements. Like all of a sudden, you see huge amounts of money moving into some particular type of health care. You know, who’s actually getting it. You know, I think an integrated data set could give you tremendous leverage in answering those questions.
DR. SCANLON: And there is other work – and, again, we just don’t know. There’s been talk about this for quite a while now. But the department, HHS mostly, has asked the National Academy of Sciences to put together a panel to look at – you’ve heard this before, national health accounts. And what this tries to do in economic terms, Gene, this is familiar to you, and other sectors do this.
You can literally try to analyze the sectors so that you can see what the inputs to that activity are, and what the outputs are, and now again it’s often reduced to dollar terms, but it doesn’t have to be, and then actually look at sort of what’s going in and what input’s connected with that output. Tremendous data needs, as you can imagine, in this area, but there is at least a group looking at that now, and we’ll see how far they get.
Then again I’m going to focus on process. Obviously, we’re not discussing individual members or cases or anything like this. But as you all know, as of December we have – my count was about, we will have six members, and I might even be short there, whose terms will expire of the Full Committee. Now we will ask you all, and there is within the department the process has been underway for a little while now to find new members, and a package will be making its way to the Secretary – seven. So we will and process wise we will be asking all of you to – we have the authority to extend to all of you whose term’s expiring for six months which would take us through June, I believe. So I think we will be asking all of you if you’re willing to – beginning of June - to see what the exact date was – to stay with the Committee until then probably another couple months during the transition.
We’ve gotten some good nominations for new members. But again it’s hard to predict what the outcome will be. Sometimes in the process of proposing members, other names come up. In general, the Secretary has followed our recommendations. But we’ve certainly had other names introduced.
The department always looks at geographic diversity and other diversity. So it’s a little hard to predict what the outcome will be. But we do have some good nominees. It just takes a while to get this through the process. So I think, number one, we’ll hope you’ll be willing to stay on beyond that term for probably until June, it would be. And if individuals have any questions, please see Marjorie or me as well.
In terms of reappointments, the department generally doesn’t make routine reappointments. I think we found that out the last couple times, though just as a rule they want to give most folks the chance to serve. So we always provide the full slate of current members when we submit the package to the Secretary, but probably can’t routinely make reappointments. It just generally doesn’t happen.
So process wise, I think that’s kind of where we stand. Marjorie, want to add anything more?
MS. GREENBERG: Well, just that, you know, first of all, if you’re not willing to serve through June 1st let us know. I think we probably already submitted – yes, we have. But you know, you’re not required to. In summary, unfortunately we cannot extend you beyond six months. This is new in the last year or two. It used to be we could extend people until they were replaced. So that means we really need to get going on the nomination packages so that we won’t have a period in which we don’t have any members, you know, or don’t have half of our members which because we won’t be meeting in June until after all these positions, these terms expire.
As you also probably realize, we will be needing to look for a new chair as well. So we’d welcome – we attempted a lifetime appointment for Simon. He’s as close as we’ve ever come. But even that won’t fly. So we’d welcome, you know, your suggestions of either current or other members or others who might be able to step into those big shoes. And if you are really interested in serving another term, even though as Jim said we can’t guarantee it and we know we couldn’t reappoint everybody, you should let one of us know.
And then if you think of people who are – know of people who you think would be good members, I think you’re probably the best judge of that, having seen what it was like to serve. And just one other thing. As you’re all meeting as subcommittees and workgroups over the next two days, particularly as you identify your work plans for the next few years, if you see certain areas of expertise just even coming out of what we’ve talked about this morning but really you see that you’re lacking or will lack when somebody goes off the Committee, let us know that, too.
DR. COHN: And I guess I should sort of jump in on this one. Obviously, I asked Jim and Marjorie to talk about this a little bit just because I was getting a lot of questions like what happens. So at least now you know what you’re going to be doing for the next six or eight months.
I will be mobilizing the Executive Subcommittee to begin to sort of have conversations around what are described as transition planning, and obviously the intent here is to make sure that as we move into new members and the transition that the Committee remains vital, strong and active and the traditions continue. So we’ll be asking for their assistance and help on that as well as if all of you have ideas about how we can best ensure that since there’s going to be, as I said, a thoroughly – yeah, there’s going to be a lot of members sort of transitioning over a relatively short period of time.
I would also, I think, ask the Subcommittee and workgroups, and we’ll talk about it as you meet in your workgroups and subcommittees, as you begin to look at your work plans over the next while to sort of judge what you think you can get done over the next February and maybe a little beyond with the idea being that it probably isn’t a very nice thing to do to be in the middle of a project, bring a finished report to a group that hasn’t been part of the report generation.
And so everyone just needs to be mindful of that sort of process step as we go forward. Now John Paul, I see you have a question.
MR. HOUSTON: I do have a question. When, in June is the timing for reappointment.
MS. GREENBERG: Well, right now I think all these appointments end on December 1st. So we can, you know, a few days from now. So that’s why we’ve already processed the extensions. But that means we can only extend people who haven’t been reappointed for a maximum of 180 days, I believe.
MR. HOUSTON: The reason why I bring that up is that we have future meetings on February 21 and then June 17 and 18 which means they fall outside of –
MS. GREENBERG: June 17 and 18 is already past that time. Now is it possible that we could get an exception for just that meeting, or we could certainly bring chairs maybe back, you know, in their private capacity. We’ve done that before if a report or something is going to be presented. So we have ways to bring people in. But I think they probably would not be voting members unless we were actually able to extend people’s date of that meeting. I mean, we could think of moving that meeting to the end of May, I guess.
MR. HOUSTON: I’m just – practically speaking, I think there’s a number of things that need to get wrapped up. I know there are privacy letter and things like that. I mean, I assume we’re going to get that done in February, but –
MS. GREENBERG: Well, February’s not a problem.
MR. HOUSTON: I understand that. But I’m just thinking –
MS. GREENBERG: You all are going to be extended. That’s –
MR. HOUSTON: I’m verbalizing it past February because, you know, if it doesn’t get done in February, that’s really the last meeting where there’s going to be a group of people here who are coming off the committee, and I’m just
MS. GREENBERG: Let us look into this issue of June 1st versus June 17th because we have always traditionally met in June, and this is a little unusual that these appointments were December 1st. Usually, they’re like June to June or something. I don’t exactly know how that is. It just happened.
MR. HOUSTON: They were just assigned, I think, on those dates.
MS. GREENBERG: It was after the November meeting, obviously. But so we’ll look into that. I mean, one possibility is to try to move this meeting to the end of May, the June meeting, or see if we can at least extend people through the June 17th meeting. We’ll look into that.
MR. HOUSTON: Yes, I think the other thing, too, I know we want to try to finish things up. But I think probably get some collective wisdom from the people who are leaving on what the future agenda needs to be. I know in privacy, we’re sort of cleaning up some stuff. But, you know, if Marc’s not going to be here past June, I think there’s a lot of things that –
MS. GREENBERG: And he’s served two terms. So that’s a reasonable assumption, yeah. Okay, well, it’s good. I mean there’s nothing like a deadline, you know, to spur you on.
MR. HOUSTON: It makes voting quicker.
MS. GREENBERG: I understood it –
DR. COHN: Of course, some people may decide to filibuster, though, too.
MS. GREENBERG: I will only tell you just, you know, this is the mother in me. But having now worked with this Committee, I guess, since 1982, it’s always painful when people go off the Committee and particularly the Chairs of either the Full Committee or the Subcommittees. But we have been now in existence almost 60 years, and we’ve survived. So it’s what I think keeps the Committee vital.
But the other good news is that since we will be observing our 60th anniversary in 2009, we will certainly bring you all back for that, and we should really start thinking about – I know it’s hard for those of you who are going off the Committee to think about helping us plan this celebration. But I’d say if you can pull off the Ad Hoc reports you have, this celebration will be a piece of cake.
But we really should plan something for the 60th, and I think we should start talking about that. And, of course, we will invite all of you back.
I just want to say one other thing on the previous subject, and that is that I meant to mention that I think the Board of Scientific Counselors of NCHS would be very interested in that, you know, cost and burden and all that study as well, and particularly it’s now chaired by an economist who was liaison to this Committee. She’s a demographer? Okay, actually the previous – you’re right. The previous liaison was an economist. But in any event, I think they would be interested as we look at joint projects. You’re right about that. But I think they may have at least one economist on their board, more than one.
DR. TANG: Just a follow up to Marjorie’s mention about deadlines that we should heed our own advice like the NPI.
MS. GREENBERG: Is this physician heal thyself?
DR. COHN: Okay. Well, with that, as I said, there will be additional conversations, both formal as well as informal about the transition. But I wanted to make sure that everybody, as I said, had a view of all this as well as to mark your calendars as we move into next year and obviously don’t assume that you’re, as I said, transitioning off starting in four days or some such
Now, with that actually, Karen Trudel, welcome, pleased to have you join us. And obviously, I know you have an update from CMS, and happy post-Thanksgiving.
MS. TRUDEL: Thank you. I’m going to start by talking about the NPI – I mean, not the NPI, the ePrescribing because there’s a lot going on there, and then I’ll move to the NPI and some less interesting things.
I believe there was some mention made about the proposed rule for the additionally prescribing standards having been published on November 16th. The comment period will end then on January 15th, and we’re proposing a one-year implementation period. The publication for the final rule is, again, to be determined after we see the nature of the comments that we have to deal with and how long it will take to process a final rule through.
Anyone who looked at the report to Congress will not be surprised at what we’re proposing. We’re proposing the adoption of standards for the formulary and benefits and medication history standards which the pilots indicated were definitely ready for implementation, and the formulary which actually carries information from the plan to the prescriber so that they can see what’s on formulary.
It is intended to help make economic decisions at the point of prescribing from the research that we’ve seen will hopefully increase generic uptake and, as a result, both save money and improve patient compliance.
The medication history information which goes, again, from the plan to the prescriber will give the prescriber information about what other medications have been prescribed for that patient which obviously is, we feel, is going to make a huge difference in terms of adverse drug events.
We’re requesting comments on the RX Fill standard which actually would send a message from the pharmacy back to the physician indicating that the prescription had been picked up. The pilot showed that the standard itself worked, and that it carried the information very well.
There seemed to be some question about whether there was a business case for it, whether physicians actually wanted the information, what they would do with it if they had it, and whether indeed they would wind up being inundated with messages and not be able to actually sift through them and figure out what to do with them. So we’re soliciting comment on that. We’re not proposing it as a standard.
We’re also proposing retiring the first version of the script standard that we adopted in 2005 which is version 5.0, and we would move forward to use version 8.1 as the sole standard. At this point, 8.1 is available for voluntary use. We would make it mandatory, and we’re again soliciting comment on that.
We’re also proposing the use of the NPI to identify providers in ePrescribing transactions that aren’t HIPAA transactions. They already need to use the NPI in HIPAA transactions, but we would move this over so that the provider’s identification in, for instance, the script standard would also be required to be the NPI.
Some additional ePrescribing activities that are going on, the issues related to ePrescribing for controlled substances which this Committee is well aware of are beginning to gain some interest. The Senate Committee on Judiciary is going to hold a hearing next week called Electronic Prescribing of Controlled Substances addressing health care and law enforcement priorities, and this is a result of some interest in particular by Senator Whitehouse and others on the Committee. CMS will be testifying. DEA will be testifying, and some industry groups will also testify about the need to address the concerns of the DEA in terms of diversion and the requirements of health care in terms of moving ePrescribing forward and the barriers that not being able to ePrescribe controlled substances could potentially raise so that that will occur next week.
Also, at the AHIC meeting earlier this month, there was a great deal of interest in ePrescribing, and Scott Serota of Blue Cross/Blue Shield Association moved to have the Committee make a recommendation to the Secretary that ePrescribing should be made mandatory under Medicare.
The workgroup on electronic health records is at this time developing a proposed recommendation letter. The AHIC will meet in public conference call tomorrow to discuss the letter and to presumably vote whether to move it forward or not, and they would be making mandatory, ePrescribing mandatory as a condition of participating for physicians, participating in the Medicare program.
It also contains some other recommendations, and the letter has undergone a number of iterations as you can imagine. And so at this point I think it’s still in a state of flux, and we’ll see what it actually looks like when it hits the air waves tomorrow.
But there has been discussion about issues relating to the DEA. There have been discussions related to the fact that making ePrescribing mandatory for physicians can create unintended consequences if the pharmacies are not all able to conduct ePrescribing as well. And so those are some of the things that the members have been discussing. So stay tuned. That will be tomorrow.
Some other ePrescribing miscellaneous issues. Much as we love to publish regulations and recommend standards, we realize that that’s only a part of what our job is in trying to move ePrescribing along. And we have at CMS developed a roadmap where we’ve identified some of the key drivers. We’re looking at defining the value proposition for ePrescribing, addressing interoperability and work flow issues, defining and reaching what people call the tipping point, and talks about how CMS is going to support these key drivers by data gathering, research, provider education, standards and certification and leveraging industry partnerships.
So we’ve got our roadmap, and we’re beginning to move down that road looking for partnerships, those within the department and outside, looking to pilots and new standards, ways to educate providers about ePrescribing, looking at our own program authorities and what we can do within Medicare Part D. So that is a larger part of our strategy which sometimes we tend to think is only publishing proposals for new standards.
Let me move on to the NPI. As you know, the Mary 23rd, 2008 deadline for implementation of the NPI is quickly approaching, and for Medicare at least we’re seeing a steady increase in compliance. We’re seeing many more claims with NPIs on them. We’re seeing that we can match those NPIs to our legacy files and process the claims.
And in an effort to continue to move in that direction, we will begin on January 1st to reject institutional claims, Medicare Part A claims that do not have an NPI on them. And then on March 1st, we will begin to reject professional claims, Part B claims, with no NPIs. And we’ve been very closely week by week actually looking at our statistics at the number of claims that have NPIs, at our match rates, at the problems we’ve been trying to address some of the confusion that providers have had where they’ve been matching the wrong NPI to the wrong person, and we believe we’re making really good progress. These are activities that will take us one step closer to full compliance in May.
And then I’d like to talk about HIPAA security for a moment. We have begun to be more proactive in our enforcement approach, and we have recently contracted with PriceWaterhouseCoopers to help us do security on its end reviews. We will be doing those this year, and we will be targeting covered entities where a complaint exists. So we won’t be just doing random audit. We’ll be going out to covered entities where there is a complaint, and in some cases we will be reviewing their corrective action plan to make sure that it’s really doing what it needs to do. In other cases where there are complaints that haven’t been resolved yet, we will go out and do fact finding to actually assist us in assessing and resolving the complaint and determining what corrective action will be needed.
We also hope to use these audits, and we will be working very closely with our colleagues in OCR. We’ll be working also to come up with some lessons learned from these processes that we can actually put out on our website which is something that OCR is already doing with their actions that will help us educate covered entities by saying this is a problem, this is what someone did to fix the problem to provide vignettes, if you will, of compliant situations. And this is something that we’ve been hearing from our industry contacts is very much needed and will be very, very helpful.
That’s all I have. I’d be glad to take questions.
DR. COHN: Jeff and then John Paul.
MR. BLAIR: Thank you, Karen, and actually ePrescribing has really moved pretty quickly in spite of the fact that most of us who were in it always felt like it wasn’t moving quickly enough. The area – there’s one piece in what you briefed us on that I don’t quite understand, and maybe you could help us understand that a little better.
I had understood that one of the reasons that the Justice Department did not –- was wary of ePrescribing was because it needed data for its court cases, and if it didn’t have nonrepudiation in there, that would be an area where it was concerned. Fill status notification, however, I had understood that a number of people in the Justice Department felt like, gee, with the fill status notification in there, they can prove that the prescription was actually dispensed. It was filled, and that would give them their legal justification.
I noticed that on the tests, it passed all of the pilot tests. So to wind up saying that now we’re going to check it for business justification and notification, that confuses me because the justification as I saw it never was business. It was to provide the legal annotation for the Justice Department. So from the fact that that is not in there seems, at least on the surface, contradictory to our efforts to try to get controlled substances, including ePrescribing, and satisfy the Justice Department. So I’m confused that the criteria will be a business justification rather than a legal one.
MS. TRUDEL: Actually, it’s interesting that you made that point, Jeff, because there had been some discussions with the DEA about whether the fill status transaction could provide some additional audit capability because it does prove that the prescription has been picked up. But what it does not do is prove that the physician who allegedly wrote the prescription actually did write it. The fill status is – it’s not a totally mitigating factor. It simply proves that someone picked it up.
So I think, and I don’t want to speak for the DEA, but I do know that they do have concerns about not being able to have an actual signature to rely on particularly when they’re prosecuting cases of diversion and trying to prove who did or who did not actually sign the prescription in the first place.
When we talked to industry about the fill status, what we heard was that it has a lot of potential, that pharmacies would perhaps have to do some restructuring of their business flows because there’s a question of when do you count something as picked up or not picked up. Do you send a message that something was picked up, or do you send a message when it wasn’t picked up. Is it an opt in or an opt out kind of thing.
MR. BLAIR: Okay, okay.
MS. TRUDEL: And what we heard from some practitioners is that if you send me a response every time my patient picks up a prescription, it’s like alert overload, and I don’t know how to make useful information of that. I can’t turn it into usable knowledge. So there is some question again about, and we’re hoping that we hear this in the comments, perhaps the intended recipients will say it’s useful to me but only when something isn’t picked up, or it’s useful to me to know that it has been picked up. We may get some comments from law enforcement saying, yes, we think it’s a good tool. And so we’re looking into all of those things. But we really didn’t want to jump into proposing the standard when we weren’t sure how it was supposed to work. So essentially that’s the rationale.
MR. BLAIR: Thank you for the clarification.
DR. COHN: John Paul.
MR. HOUSTON: As a – being responsible for information security for an extremely large health system, I’m very interested in your comment about PriceWaterhouse being engaged to do audits. No, no, we don’t. But and we’re already required to go through a lot of different audits frankly, whether it be on the financial side or because we’re SOX compliant, things like.
And the reason why I’m couching these terms, is there an audit plan being established as part of this audit process, and will it be made available because I’ll sort of play my hand out here and say that most of us covered entities would love to see an audit plan so we understand the type of information that might be asked as well as what the standards are because that level of transparency probably makes it easier on you, and it also makes it easier on covered entities that really in good faith want to comply to have all our ducks in a row.
Now I understand the security rules are supposed to provide all of us all that guidance. But the reality is, it doesn’t.
MS. TRUDEL: Excellent point. I’ll take that back. One of the things that we’re working on and we’re in the middle of developing the security plan, audit plan at this point is how tailored each one might be to the specifics of the organization that we’re going in to audit, and we’re still having discussions about that.
But to the extent that we have something that we can publish and share, your point’s well taken, and I’m mindful of the fact that the 32 or 42 criteria that the OAG was looking at in the Piedmont audit have been disseminated widely and appear to be useful to people.
MR. HOUSTON: And I would think that, you know, obviously these audits are going to be based on specific issues, compliance issues related to the security rule. And so even if PWC went in or you went in and said we’re going to look at this particular area, I think that could all roll up into an overall audit plan that you might choose to only execute pieces of it in an individual covered entity, but would be a great roadmap for covered entities to take on the whole and say, okay, where are gaps overall because when the Piedmont audit, you know, information about the Piedmont audit came out, one of the things I had my organization do was to look at the payment information being asked of and I said do we have any gaps based on what was going on at Piedmont just because we thought that’s a good barometer.
And you know, that served us well, and I think a lot of covered entities that want to in good faith comply and say the more information we have, the more transparent it is, the more structured it is, the easier it will be for us to ensure that we do comply. And then when you walk in the door, it can as much be we can provide you the information that we’ve already compiled because we want to have that information gathered anyways.
MS. TRUDEL: Okay. You make a good point. Thank you.
DR. COHN: Okay, Gene?
DR. STEUERLE: Karen, I was also very interested in this real approach to ePrescribing. Way back when I was asked to join this Committee, I was asked to think about incentives and might try to jump start, at least move along this whole area.
And I’ve often thought that financial incentives should be considered, and I’m just curious whether this group has considered financial versus regulatory approaches such as deciding that where there’s ePrescribing that meets certain minimum standards that Medicare would pay something more than it would where there was not such ePrescribing as opposed to just sort of a blanket regulatory approach.
And the related question to this is my guess is that no matter how you set up whatever rules or regulations on this right now, a year or two from now there’s going to be some new, improved set you would like to implement. But now you’re going to have to deal with whether people have set up systems according to your old rules and regulations, and whether they will then fight against the add-ons and how one thinks about those future transactions and how to deal with them because I’m not sure they’re going to be coming along.
MS. TRUDEL: I know the workgroup has discussed the issue of financial incentives, and in at least one iteration of the letter that I have seen, that is a corollary regulation for consideration. In every version I’ve seen, the main recommendation is to move forward to request legislative authority to make ePrescribing mandatory in Medicare. But this was one of the corollary discussions that’s very definitely in the workgroup’s mind.
As far as incorporating later advancements, we’re already coordinating with the CCHIT to move any subsequent Part D standards into the ambulatory EHR criteria for the next CCHIT turn of the crank as the Secretary’s called it.
DR. COHN: And Karen, thank you for that actually that final bit of clarification because I was actually going to ask – my understanding that CMS actually didn’t have the regulatory, the legislative authority to actually do the things that were being suggested. And I think the fact that you’re describing that the recommendation would be basically that HHS encourage the legislative branch to give it the regulatory authority is obviously a very different conversation than just necessarily go forward, and that is a correct – my statements are correct.
MS. TRUDEL: Right.
DR. COHN: Okay. Michael.
DR. FITZMAURICE: Two questions, both of them may be correct. Under HIPAA, there are long lags in updating the transaction that could set standards. How will the electronic prescribing standards be changed by regulation, for example, prior authorization or this fill status, how do we add something, how do we change it? Does it have to go through the same regulatory process that we do for HIPAA.
MS. TRUDEL: That’s a two-pronged answer because some of the standards under ePrescribing are also HIPAA standards. Those are required to go through the HIPAA update because they apply to the industry as a whole and not just Medicare Part D. So the eligibility transaction is a HIPAA standard and has to go through that process.
The scripts standard is not which is why we were able to move forward with the voluntary adoption of the backwards compatible version 8.1. The formulary standard is likewise a stand alone NCPDP. It is not a HIPAA standard. The medication history standard that we’re proposing is part of the script standard and is therefore not a HIPAA standard.
If we move forward with a prior authorization standard, that would have the HIPAA overlap, and we would need to work with that. So that is an issue that we will be grappling with for some time until we get everything synced up and hopefully get a better way to move forward on the HIPAA modifications area.
DR. STEUERLE: Good answer. Second question. Under the President’s Executive Order of August 22nd, federal agencies’ interoperability standards, those that are recognized by the Secretary of the HHS must be adopted by federal agencies. The HHS Secretary is expected to recognize 303 use case domain interoperability standards in December with a January 1st compliance date.
Within CMS, is this part of OESS’s responsibility, and then what is CMS doing to prepare for these health data standards. The rest of the agencies would like to know what’s going to be expected.
MS. TRUDEL: We basically have been working with the remaining, the other department agencies with the Office of the National Coordinator to develop whatever roadmaps are necessary to move forward. I think it’s called a Green Plan, and ONC has the responsibility to coordinate. Each agency needs to figure out what these standards mean to them. It’s very different for CMS to look at standards than it is for IHS, the Indian Health Service to look at them because the Indian Health Service actually has electronic health record technology. They run facilities. And so this means something very different for them than it does for CMS where we’re mostly looking at this in terms of our contracted health care, our Part D and Part C plans.
So we basically are looking at these just like everybody else and trying to figure out what we need to do to get there.
DR. STEUERLE: So your office will be the point person for CMS on this?
MS. TRUDEL: We coordinate with the department, right.
DR. COHN: Bill, you have a comment that I didn’t –
DR. WILLIAM SCANLON: It was a comment on Gene and it was kind of a question on why Gene’s comment is probably an issue of language, and it’s this rule of regulation and incentive, and I think that one of the things that we sometimes do which is unfortunate is we refer to what Medicare is doing as regulation because that’s the legal construct. But the reality is that what they’re doing is they’re specifying the purchasing requirement. In order to be sort of a Medicare provider, you have to the following. But being a Medicare provider is not a requirement. It’s a voluntary thing that I want to be a Medicare provider.
In some respects, the incentive is that if to be a Medicare provider you have to do X, and I want to be a Medicare provider, then I’m going to do it. And I think in particular we want to think about incentives other than financial ones because of the whole issue of do we have enough money in this system or not, or if we answer that with sort of saying that we do have enough money in the system, then the question is spending it more wisely. And the more wisely part may come through specifying here’s the services that we want, and we’re not going to pay unless we get those services.
DR. STEUERLE: Or you can pay less for the services you don’t get.
DR. WILLIAM SCANLON: Right.
DR. COHN: Well said. Now Judy and then Paul, and then we’re going to give everybody a break.
DR. WARREN: I actually have two questions. One is about the infamous signature for DEA. Every time we hear information about this, I keep thinking what I’d really like to see is someone writing up why a wet signature is any more important than an electronic one, and look at it. This time you brought up the fact of the legal or the tort representation of the signature as well as one for following whether or not medication is being diverted, et cetera.
So I’m wondering if in either the AHIC deliberations or these meetings that you’re talking about if one of the byproducts could be maybe just a quick description of dual electronic signatures legally stand for things, why is a wet signature superior to one, or are we just looking at outdated laws? I mean, so I think that might help us move forward because I keep hearing the same question coming up for the last three years that we’ve been working on this.
MS. TRUDEL: You’re absolutely right, and there are other areas of industry and even health care and government where there has been a move away from actual pen and ink signatures. There are two aspects to the issue. There’s the question about whether you can put compensating controls in place that will prevent diversion. And then there’s the question of if diversion occurs how does the lack of a pen and paper signature affect the prosecution and the legal aspects of that.
So I really think there are two, those two things are really different. Are you trying to avoid diversion, or are you trying to address the legal aspects of it, and I think the requirements are different.
DR. WARREN: Because I think until we get either some harmonization between those requirements or at least a better understanding of when one comes into play and the other one does, we’re probably always going to be stick in this discussion.
The second question I had is you were talking about looking at the business of some of the standards on ePrescribing, on whether or not the prescribers would know what to do with the information. Is there any effort being done to solicit what patients think the business case is of this data? I mean, it just seems to me when you were talking about it, it was something I hadn’t thought about before is we’re only looking at one side of the business case. We’re not looking at the patient’s side of the business case of whether or not they find that information to be valuable to them as their physician or nurse practitioner or whoever is caring for them.
MS. TRUDEL: That’s a good point, and I suppose we’ll what we get back in the comment process. It is a public comment process, and we may get some groups representing patient organizations providing us with feedback.
I have heard anecdotally that some patients may feel that that’s an invasion of their privacy, that their physician doesn’t have a need to know whether they picked that prescription up or not, or whether they ever even put it in to be filled in the first place.
DR. WARREN: And are your comments mainly about the fill status notification, that people are wondering if that’s where the business case?
MS. TRUDEL: Yeah, I didn’t get a sense that even with the pilots there was any concern about the business case for formulary and medication history. But, of course, you know, we’ll get comments that completely cover the map.
DR. WARREN: Thank you.
DR. COHN: Paul, last question.
DR. TANG: That was a very helpful update, Karen. Thank you. NCVHS had a role in providing input on the ERX standard. Might NCVHS have a useful role, given this new recommendation about mandating that electronic prescribing be used, would NCVHS have a role in providing input on the desirability of that policy that accompanies the ERX standards.
MS. TRUDEL: I’m going to punt on that one, Paul, because it’s a recommendation from another HHS advisory committee, and how the advisory committees link together in interfaces is always something that I find perplexing as well.
DR. COHN: Well, Paul, you asked a good final question, and I think Karen actually has given you I think a very reasonable answer on that one.
Without trying to in any way further discuss it, I think we’re running a little bit late. But I think obviously we’ll make up time as we go through the day. First of all, I want to thank Karen for her presentation. Obviously, Jim, I’m sorry that we thank him that he’s not sitting here any longer.
I’m going to suggest we take about a ten-minute break, and then we’ll start talking about the report for today.
[Break]
DR. COHN: Okay, why don’t we get started. Will everyone please be seated.
Now the topic of the next section or next session anyway is basically to discuss a report being brought forward by the Ad Hoc Workgroup on Electronic Health Information entitled Enhanced Protections for Uses of the Health Data.
I think we will spend -- we will certainly go up to lunch and maybe even beyond lunch a little bit going through this. We have talked about it during my introductory remarks, and I obviously want to thank everyone again for their participation and involvement.
The one thing I neglected to comment on and I did want to mention before we started going through the document has to do with our public comment period, and I think that this has turned out to be a very useful thing. It’s something we did with the NHIN functional requirements last year.
I just want to mention to everyone that obviously in addition to our almost 60 testifiers, eight days of hearings, and testimony that we took on this topic and admittedly this is a controversial area that we went into, we actually produced a draft report that we circulated publicly in mid-October and from there actually held another open conference call, took additional testimony, both written and verbal, received somewhere around 1,000 comments from a wide variety of stakeholders and individuals, all of whom I want to thank publicly. And I think the input and comments have actually helped make the document much better.
Now you all received a copy of this document about ten days ago. I’m hoping that you’ve had a chance to review it, and indeed as we go through the document which we’ll be going from sort of section to section reviewing, it’s really with the assumption you have reviewed it. I know we’ve received at least one sort of redlined version. That was from Paul which I want to again thank, and we will show you some additional wording changes in certain areas that I think identified through Paul’s effort that needed further clarification and tightening.
But as I said, beyond that what we’re really primarily interested in is content and to make sure that people are okay with the content knowing that we can handle offline wordsmith issues like the wrong comma, the wrong word. As we read through this one, we discover sometimes that it’s a passive tense, and it needs to be the active. So there are things that we can handle offline even after passage of the report.
Now as I said, I’m going to actually turn it over to Harry and Justine. But I think the intent here will be to go through section by section to get comment and go from there. And I guess, Harry, do you have any other comments before we get started?
MR. REYNOLDS: No. Justine’s going to start.
DR. COHN: Okay, Justine, you’ll lead off here.
DR. CARR: Great. I want to again thank the Committee, the workgroup, the staff writer. This was a tremendous effort that was very impressive to me.
Before we start, I want to give you an overview just briefly if you’ll bear with me. I think since we last met, one of the major changes in the document is the inclusion of the guiding principles for making recommendations. And I’d like to just –
DR. COHN: Page?
DR. CARR: I’m sorry, on page 17. Even let me back up for a minute and say I want you to also pay attention to the fact that the title is called enhanced protections for uses of health data: a stewardship framework, and I think that that is a very important change and focus. It’s not a change, but it’s a focus of what we’re trying to do. So this is about stewardship. And as we pulled our information together, we used these guiding principles. So just to briefly read them, protections should maintain and strengthen individuals’ health information privacy, number one.
Number two, enable improvements in the health of Americans and the health care delivery system of the nation.
Number three, facilitate uses of electronic health information. Four, increase the clarity and uniform understanding of laws and regulations pertaining to privacy and security of health information. Five, build upon existing legislation, regulations whenever possible. And six, not result in undue administrative burden.
And developing these, borrowing heavily from Minnesota helped us to balance the diversity of input that we heard. And so just to again frame what did we do, we began with HIPAA. HIPAA was our first giant step towards stewardship, and it is the cornerstone of this report.
We strengthened some dimensions of HIPAA, the accountability, the chain of trust agreement. We strengthened transparency, notice of privacy, clarity and education for the community, strengthened security.
So in addition to strengthening, we want to expand because we know that not everybody is a covered entity. And so even though we have great things within HIPAA, if you’re not a covered entity, they don’t apply. So we’re looking to expand that
We’re also looking that in the interim or when we have non-covered entities that they have additional protections on their health information including authorization. So we’re strengthening, we’re expanding, and then we’re introducing because HIPAA doesn’t really talk in contemporary terms about data quality, data integrity and oversight of uses of data. And so we have introduced those elements.
Using all my adjective words, we also want to explore something that was specifically excluded from HIPAA, and that is de-identified data. You heard a lot about that, and we felt we had some ideas about it. But thanks in part to the feedback that we got on the October 31st posting, we realized there’s a lot we don’t yet understand about de-identified data. And so that’s on our list of something important, but something that we want to explore.
So with that overview, I’ll now go back to the organization of the letter. Any questions about that? Okay. I think that we’re not going to do high level. I’ll read through the title. So our introduction just talks about the purpose and scope of this report we’ve discussed at our previous meeting.
The next section is on terminology where we make clear that –
DR. COHN: Justine, did you want to go over the whole section, or do you want to go by section by section and ask people for input?
DR. CARR: Okay, right, right. Got ahead of myself.
DR. COHN: Okay. That’s fine.
DR. CARR: The purpose and scope. In the absence of reading it, were there any questions or concerns about purpose and scope? Hearing none, oh, sorry.
DR. FITZMAURICE: On line 94, you talk about electronically available health data, and not only claims data. Are we concerned about how they’re available, that is, they’re available to a covered entity, are they available from a non-covered entity. Are they available on a website, or does it matter. Are we concerned about all data that passes electronically.
DR. CARR: Are --
DR. FITZMAURICE: My concern is are they available. If they’re already restricted in somewhat like being covered by HIPAA, are we less concerned than data that aren’t covered by HIPAA but available for anybody to access and see. Is there a qualification on this?
DR. CARR: I think we’ll reflect on that. I think the point of this paragraph was simply to say what’s new and different. We’re not just talking about claims any more. We’re talking about very rich data that is available electronic. It’s simply setting the stage. So I think you’ll see that we get into this in much greater detail. Are there other questions or comments? Hearing none, we will move to terminology.
And under terminology, we have two subsections. The first is entitled secondary use of health data, and it is in this paragraph that we record the NCVHS position that we don’t want to use the term secondary use of data for all the reasons outlined. Are there any questions or comments about that.
Moving on, the next is terms describing health data. Now you’ll see Margret’s done a great job. Actually you won’t see because we distributed the glossary. Margret has developed a glossary with the relevant terms used in this and related documents.
However, we wanted to highlight four of them, and those are protected health information, individually identifiable health information, personal health information or data, and HIPAA de-identified health information. So each of those terms is defined. We felt they were important enough to the document to have them not in the glossary. John?
MR. HOUSTON: One thing I thought was odd was that on the fourth definition I read through it, you’re using HIPAA de-identified health information and HIPAA de-identified health data. Why isn’t we just standardize on one phase to describe it and then replace it throughout the document so it’s just –
DR. CARR: Yes, thank you for that. We’ll do that. My only comment, too, was that we might move individually identified health data, health information in front of protected health information so that it’s understandable.
So we then just have an outline of the report. Are there questions? Okay, hearing none, we’ll move on now to report background.
And the subsections of the report background include one, our coverage of the topic. In other words, the history of – well, let me just take it one at a time. NCVHS coverage of the topic, and this includes the work that NCVHS has done through the years on topics related to uses of health data. Are there any questions or comments on that section?
All right, continuing, on report background, the next section talks about NCVHS process and how we met and took testimony. Any questions or comments.
Moving on, now we have – having completed report background, we’re now on to major themes from testimony about uses of health data. And here, we have one, two, three, okay, we have about several major themes.
The first one is the benefits from uses of health data enabled by health information technology and health information exchange and the outline includes the benefits that occur at the point of care, the benefits that accrue for quality measurement reporting and improvement, and benefits for clinical and population research and benefits for disease control and prevention.
I think Paul had a couple of benefits here that we found helpful. Yes, Mike?
DR. FITZMAURICE: We may be missing one benefit that I would suggest we add, and that is for the person to have control over their healthiness, that is, they can use for their education, for their monitoring their own healthiness. So I’d like a personal health record would help them.
DR. CARR: All right. Other comments on Mike’s suggestion? So the recommendation was that we add another example of personal wellness. So it would be a benefit from uses of health data enabled by HIT and HIE is personal wellness as in personal health records.
DR. FITZMAURICE: If I understand my own healthiness, my own conditions and what the Internet, what the literature says about it, I’m better able to control things that influence my healthiness, my health habits, for example. And if I know what my blood pressure is, in other words, I can access it and I can see it, that reinforces my good health habits, so I benefit from that. If I never see it except to go to the doctor’s office, I know your blood pressure’s a little bit lower this one.
DR. CARR: So you’re saying in a personal health record where you can have your blood pressure over time, you can see a trend, and Steve has –
DR. FITZMAURICE: All I’m saying is this is a benefit.
DR. STEINDEL: But I think we have to look at the overriding title, and that’s themes from testimony, and I don’t recall how much testimony we actually heard on that. Obviously, it’s a benefit that we’re all well aware of. We’ve written a report on that.
DR. CARR: Right, right. What I’m going to do is put an asterisk there and ask for us to come back to that unless there are additional comments. Marjorie?
MS. GREENBERG: Well, I think we always – these reports always involve what you hear in testimony and what this illustrious committee brings to the discussion, et cetera, and I think personal wellness or however you want to phrase it, is really an important element, and I would encourage you to include it.
DR. CARR: Yes. I think what I’m trying to think through is the title being health information technology, health information exchange. And so I was just trying to tie it back to that. Yes?
DR. DEERING: I’m Mary Jo Deering. I think that perhaps this personal health management covers all of the above.
DR. CARR: Okay.
DR. DEERING: And it’s wellness, prevention, financial records under NHSA, and that exactly is the HIT value.
DR. CARR: I like that.
DR. COHN: Yes, and it sounds like we’re talking about one sentence basically, something on that line.
DR. CARR: Yes. Thank you, Mike, for bringing that up. Gene?
DR. STEUERLE: A voice awakes sometimes in these documents. We hardly use language like research and I know things that for instance like clinical population research can be strengthened. For researchers, it’s immediately intuitive why that’s so important. But believe me, it’s not for a lot of policymakers.
And I don’t know whether you have time or you want to do this. But can you fit in, for instance, I think it really – for instance, it’s been modeling for some time that HIT or information might help us detect or even solve problems like why is autism increased or if HIV’s increasing in certain parts of the country more quickly than others, if we have early warning signals are just examples, you know, such things just help improve, might make it very clear to people like the Secretary that we’re talking about lives being saved or being much better and make explicit what all of us knows is implicit.
DR. CARR: Thanks, Gene, and that has been our – we found that to be very useful, and I’m going to ask you to develop an example that we can include under this section.
DR. STEUERLE: Okay.
DR. CARR: Are there any other – oh, yes. Donald?
DR. LAND: Just a minor point, but disease, control and prevention, maybe to be more complete would be to include surveillance. It’s part of control and prevention, but you might just add that one word.
DR. CARR: Yes. So it would be disease, surveillance, control and prevention. Any further comment on that? Okay, hearing none, I think we will now move on – so that was the first major theme, benefits. Now we’re moving on to the theme potential harm from uses of health data enabled by HIT and HIE, and I’ll just give you the headlines.
They include erosion of trust, compromise to health care when individuals not trusting, and risk of discrimination and personal embarrassment. So, yes, Leslie?
DR. FRANCIS: The discrimination one is individualized. And one point, and I don’t know whether this was in the testimony, but at one point that was distinguished between discrimination against an individual and risks of groups stigmatization which was relevant when you have de-identified data sets.
For example, if the data suggests that immigrants are more likely to have a certain kind of disease or something, and I don’t know if that came out as a theme. But it was at one point in the report.
DR. CARR: Right. So I’ll comment on that and invite others. One is first on line 354 it should say risk of discrimination, and that was a recommendation. And then with regard to stigma of a particular group, I think there were two parts to that. We’ve addressed the concern that misinformation would be generated about a group by amplifying the importance of structure and rules for data aggregation, data integrity and quality so that the information could not be – so you would avoid the risk of using fractured information to draw an incorrect conclusion.
Now you’re raising a risk that is actually is not limited to health information exchange. It’s true in research, in publications, throughout medical and health fields that when a condition is associated with a group, and I’m not sure that that is unique to this focus, and so I invite other comments. John, you had your hand raised?
MR. HOUSTON: Yes, this is more of a generalized comment throughout the comment, but I first noticed it in this section, and it relates to the examples. I’m a little concerned that some of the examples either seem to be weak or are almost things you would put in the text of the document.
DR. CARR: Okay.
MR. HOUSTON: Or on point, and I mean I can – I don’t want to keep bringing them up.
DR. CARR: Right.
MR. HOUSTON: But it really seems like the document, other than examples, is really good. But when you get to some of the examples, I say, geez, it’s either a really bad example or it just doesn’t need to be there.
DR. CARR: John, that’s a very helpful recommendation. Would you note on your copy which are the examples that you think should be strengthened and/or deleted.
MR. HOUSTON: Sure, I’d be happy to, and again some of them by the way, too, are also almost repetitive just in the text.
DR. CARR: Okay.
MR. HOUSTON: And in other cases, I’m not sure necessarily whether examples are really just intended to be part of the body. So I don’t want to keep bringing it up, but I also know that –
DR. CARR: Right. You know, as we’re going through, if you could just make a note of that and perhaps there’ll be a time at the end we could get a little summary of here are the examples that added value and here are the ones that –
MR. HOUSTON: As we’re going through it, I’ll mark mine up more completely and give it to you.
DR. CARR: Thank you. Marjorie.
MS. GREENBERG: Yes, I really had the same reaction.
DR. CARR: Okay.
MS. GREENBERG: Some cases I thought well now this example is really helpful, and in others I thought it’s kind of a strange one. And I must say this one here on the bottom of page nine was in the latter category because I felt like – I mean, what you don’t want an example to do is make someone think of something else. And what I thought of here is I’d be less concerned if my personal condition was being exposed than why didn’t they publish this sooner before I ended up knowing this, having this –
DR. CARR: Okay. So my question then is do you think any example is necessary or a different example or no example?
MS. GREENBERG: It’s hard to say, but this one –
DR. VIGILANTE: The point is well made. It’s not a complex concept. So the examples of the most useful ones. It’s really not clear what you’re talking about and needs an example. In this case, I think it’s almost intuitive.
DR. COHN: That’s you, Kevin, Right?
DR.VIGILANTE: Yes, I’m sorry, yes.
DR. CARR: Hi, Kevin.
DR. COHN: Thank you for joining us.
DR. VIGILANTE: Yes, I was on at 1:10, but I didn’t want to interrupt.
DR. CARR: Right. So –
DR. COHN: All right, hang up for just a second so Kevin can introduce himself. Kevin, do you have any conflicts for the issues today?
DR. VIGILANTE: No, I do not.
DR. COHN: Okay.
DR. CARR: Is there anyone else on the line? Okay. Yes, Marc.
DR. ROTHSTEIN: I want to go back to the point that Leslie made a few minutes ago, and that is about the importance of mentioning potential risks of de-identified information.
In the document, there are several places where it recommends additional protections for de-identified information. We say that business associates even if they use the information in de-identified form have to comply with the HIPAA requirements, and it has to be in et cetera, et cetera, et cetera.
And therefore, I think it’s important for us to make the case as to why there are risks even associated with de-identified information, and one of the ones that we heard testimony about the risk of group based harms. We heard others as well, the ease of re-identification, et cetera.
But I think this would be a good place to add the group based harm.
DR. FRANCIS: Can I follow up on that. Just remember that this is about secondary uses of someone’s health data, and that’s why it’s different from just the general research question.
DR. CARR: Any other comments?
DR. COHN: Are there additional comments on this particular point? Mike, on this particular point?
DR. CARR: On group risk of group based harms?
DR. COHN: On the group based harms. Can we come to resolution on that one.
DR. FITZMAURICE: No, not on group based harm.
DR. COHN: Okay. So I just want to make sure we’re – because we talked about this one. I actually sort of agree. I think there needs to be something in here that will – I guess we need to figure out how that gets written. Margret, is there something you can –
MS. AMATAYAKUL: We had some language before. We had some previous language that we took out. So we can bring that back and rework that.
DR. COHN: Okay, and maybe we can ask Mark and Leslie to review it for –
DR. CARR: And also an example. Okay. To see what I think an example would be helpful. Now, Mike, you had a question?
DR. FITZMAURICE: Yes, I wanted to go back to the two examples on page nine. It’s one of the things about the examples that kind of grates a little bit, it’s like I’m standing in a grocery line is that words like there may be surprise and concern, or providers may become suspicious of what other uses can be made. It’s the becomes suspicious. It’s the emotional words as opposed to – D
DR. CARR: Right. Emotionally laden adjectives. We’ve all agreed to take it out. So I think we’re done with that. Other comments? We’re a potential for harm – yes?
DR. COHN: And I guess I should sort of comment. I think what I’m sensing is that there’s going to be enough changes here that what we’re going to do is to come back with a redlined version showing all of the changes, recognizing that we’re not going to go through all the things that you’ve already accepted. Is everybody okay with that? So we’ll have a version that will have all of this new stuff in it.
DR. CARR: Okay. Continuing on the major themes, we talked about benefits. We talked about risks, potential harms. We’re now onto another theme which was HIPAA privacy and security rules. And here, we talk about what’s covered by HIPAA and what is not, what is a covered entity, who is a business associate. John?
MR. HOUSTON: I will, even though I said I wasn’t going to comment about examples, I think here’s a couple cases, though, where I think these types of things that are examples are more I think appropriate simply in the body of this document.
DR. CARR: Incorporate them into the body and not have them as examples? That’s what you’re saying?
MR. HOUSTON: Yes.
DR. CARR: So that’s the HISPC and business associate contracts and their lack of specificity and business and agents. Okay, so not have them as examples.
MR. HOUSTON: And to a specific point on line 380 which starts with “HIPAA covered entities do not include organizations and their agency perform function involving protected health information on behalf of covered entities.” I think it would be more appropriate to say HIPAA does not directly cover or apply to organizations, and their agency may perform functions involving protected health information on behalf of a covered entity.
DR. CARR: Okay. Could you forward that on to Margret?
MR. HOUSTON: Yes.
MS. GREENBERG: John Paul and I seem to be like a team here, but what he says triggers my thoughts. But the one thing that I think, though, is positive about interest versus the examples and italics, it really helps the readability.
DR. CARR: Yes.
MS. GREENBERG: This is a dense report. I’m not saying that as a criticism.
DR. CARR: Yes, it is.
MS. GREENBERG: There’s just a lot of content here, and I do think that kind of does help with the readability when it’s appropriate.
DR. CARR: So we agree that it adds value and how it’s configured will work off line? Are there other comments on HIPAA privacy and security rule. Mike?
DR. FITZMAURICE: In reading through the top example around line 380, vague statements such as, well, I’m wondering if you say such as permitted by law to really parse that out, you’d have to make a lawyer out of all of the patients and explain it.
And it leads to a general statement that it’s really the covered entity that’s responsible for this chain of use of data through business associates. And probably somewhere along the line we should say the Secretary should remind covered entities that they are responsible for this, that the responsibility comes back to them. And if it’s a lot of work to follow this daisy chain, that’s what’s required by the law is to do it. That’s where their responsibility lies.
MR. HOUSTON: Mike I think you’ll see that in our recommendations.
DR. CARR: Yes. Again, as we’re going through, as you can see, I’m trying to keep us on case, and if you have something that you feel is valuable wordsmithing and you write down, give it to us at the end. We’ll be working on this probably for the rest of the day.
Okay, any other comments on HIPAA privacy and security? Seeing none, we’ll move on to importance of health data stewardship. And here, we have some definitions of stewardship, and we introduce the concept and talk about what was in the privacy rule. Are there comments on this section?
Okay, seeing no hands and hearing no voices, we’ll move on to – yes?
DR. FITZMAURICE: Just a suggestion that the paragraph beginning on line 345 that it might contain a footnote or a reference. It says there has long been legitimate concerns that personal health information has been used to make decisions that adversely affect the individual as an implied benefits coverage. There must be an article that says something like that. That would add legitimacy to our saying it’s legitimate.
DR. CARR: What line?
DR. FITZMAURICE: Line 345.
DR. COHN: Go back a couple, right?
DR. FITZMAURICE: Whoops, did I – oh, I have these out of order. All right, I’ll just turn this in, and you can see it on my handwritten stuff.
DR. CARR: That would be great. I’d appreciate that. Okay, importance of health data stewardship. Any comments? Okay. We’ll now move on. This section now talks about specific uses of health data, and we begin with uses of health data for treatment, payment and health care operations as permitted under HIPAA, and it’s basically a description of what’s already permitted. John?
DR. VIGILANTE: The second line where it says when providing access to the individual, should that be providing care to the individual?
DR. CARR: What line are you talking about, Kevin?
DR. VIGILANTE: I’m not sure if I have the same one. In mine, it’s 479, but it may be a different number. But it says HIPAA –
DR. CARR: Wait, yes.
DR. VIGILANTE: -- covered entities to use and disclose protected health information without authorization from the individual when providing access to the individual.
DR. CARR: Yes.
DR. VIGILANTE: Or do I have an earlier copy?
DR. CARR: No, no, you’re right. I’m looking at that. Privacy rule permits covered entities to use and disclose protected health information without authorization from the individual when providing access to the individual. What does that mean?
DR. COHN: Why don’t you simply strike when providing access to individuals.
DR. CARR: It’s line 478. Line 478 reads the HIPAA privacy rule permits covered entities to use and disclose protected health information without authorization from the individual.
DR. VIGILANTE: The phrase “when providing access” didn’t make sense to me. It probably should be “providing care,” I would imagine.
DR. CARR: Margaret will answer.
MS. AMATAYAKUL: This is a statement that is a list of things that comes from the regulations. So maybe it would benefit from having some numbers on there. They’re not exact quotations, but it’s an enumeration of when you don’t need an authorization. So it’s when you’re providing access to the information to the individual for treatment, payment, operations, incident to, et cetera.
MR. HOUSTON: It might mean that you need a colon there.
DR. STEUERLE: Just a colon instead of a semicolon.
MR. HOUSTON: Colon after individual and between when, maybe when is one of the enumerations.
DR. CARR: Okay. So it sounds like we need either citations or quotations to make it clear that we’re – yes.
DR. COHN: I think Kevin’s point, if you take out the word “when providing access to individuals,” if you take that out, that’s what HIPAA really says.
DR. VIGILANTE: Yes.
DR. CARR: Yes. Okay.
DR. VIGILANTE: Yes, otherwise it’s confusing.
DR. CARR: Right. That line, so the recommendation is to strike “when providing access to the individual.” So Margret, can you just look at that and see if that compromises the –
DR. CARR: We’re going to move on from punctuation. John?
MR. HOUSTON: Yes, there were two separate sentences in this section that I had concerns about.
DR. CARR: Okay, what line?
MR. HOUSTON: The first one starts on 503, and the second one starts on 531. The one on 503 says the area of health cooperation was observed to be broad in scope and not well understood by individuals.
And then the one on 531 says use of health data for quality improvement while permitted under HIPAA in identifiable form are not well known or understood by individuals. They’re both sort of dangling thoughts, and I guess when I read HIPAA, even though I know HIPAA, I’m not sure how much clearer you can get it for one thing. And then later on this letter, you talk about trying to further enumerate what would be acceptable health care operations purposes, and that concerns me greatly because if we try to enumerate too much, there’s too many cases where we didn’t think of the enormous amount of –
DR. CARR: Your time ran out.
MR. HOUSTON: Under health care operations, and I just – I’m not sure you can make it any clearer, and if you try to be more clear or more specific, I think you may jeopardize the uses, the secondary uses, I know I’m not supposed to call it that, that are bona fide and are necessary within a hospital environment. It is a complex concept, and I don’t know how much clearer you make it.
DR. CARR: Harry?
MR. REYNOLDS: Clear to who? Everybody that – I mean, the people and the entities that are related to HIPAA might get it. But do the individuals get it.
DR. CARR: I think these comments are foreshadowing a later recommendation around transparency, and I think – just let me finish. That the issue is not, you know, that there are a lot of uses and they’re undoubtedly referenced somewhere in the NPP. But in general, there’s a need for education around uses and benefits. I think –
MR. HOUSTON: But I believe there was some recommendation or something later that spoke to further clarifying or defining quality improvement or health care operations. I forget which one, and when we get it, maybe I can point it out.
It just concerns me that if you put too much definition around these concepts, I think we’re going to find more things to fall out than was ever intended, and that could jeopardize a lot of what are reasonable and bona fide purposes. So I’m just cautioning. This concept scares me a little bit.
DR. CARR: Kevin, is that you?
DR. VIGILANTE: I was just going to say that, you know, this is just an apparent description of the themes that we heard. And I would say that or it’s fair to say that one of the themes that emerged is that some of these nuances are not well understood at least by individuals as opposed to groups. I would just say that they’re reserved reward and scope are often not well understood, and I think that covers a multitude of things.
DR. CARR: Okay. Simon? I think, yes, these are very helpful because you’re right. Some of this is covered over, and we probably need to punch it out a little more clearly or tighten it up and not be too prescriptive where we’re not being asked to be too prescriptive.
DR. FRANCIS: The “who” there is really patients, right? So you might want to put in not well understood by patients.
DR. VIGILANTE: It could also be providers, and I think a lot of people still grapple with the nuance understanding of HIPAA even though it’s been around for a while.
MR. HOUSTON: I did find a reference in line 1245, and I apologize for getting out of order a little bit, but it is relevant here. It says NCVHS was asked by ONC to consider whether there were or should be boundaries around what quality activities are included in HIPAA’s definition of health care operations and which may be outside of that definition and may call for greater choice by individuals whose data are included.
I think it goes to my concern that you might create a boundary that was not intended and could really be problematic for trying to carry out the bona fide –
DR. CARR: Right. And so that was teeing up the recommendation, and as you’ll see as Harry will get to recommendation 7.1, it basically says that data uses for quality measurement, reporting and improvement, and we’re changing that word from “are” to “remain” within the scope of health care operations. But thank you for pointing that out. Let’s note it, and then let’s make when we get to that line that we have tied out all of these foreshadowing’s.
Okay, so we were talking about specific uses of health data, uses for treatment, payment and health care operations. Are there other comments on that section? All right, we’ll move on now to uses of health data for quality measurement, reporting and improvement, and this identifies – it talks about the benefits of quality measurement, the challenges and organizations that link health data have an important role in promoting quality but must not violate trust. So pharmacy benefit manager issues are raised there. Are there questions or comments about this section on uses of data for quality measurement and reporting? Okay.
DR. COHN: Yes, John Paul, you had the same issue in this section as you did in the other section.
MR. HOUSTON: Yes, but I don’t think I need to restate –
DR. COHN: Okay, I just wanted to make sure that Margret has it.
DR. CARR: You got that, Margret? Thank you. All right, we are now moving on to the next use of health data which is uses of health data in research. John?
MR. HOUSTON: Sorry for monopolizing this, but on 573, it talks about research studies. You have evolution of quality improvement and the research they may violate the HIPAA privacy rule. I’m not sure whether that’s the case as much as it might violate the Common Rule because the HIPAA really does defer to the IRB’s structure and the Common Rule to govern the oversee research. So I think you have a problem with the Common Rule.
DR. COHN: Could we say and/or the Common Rule?
MR. HOUSTON: I think it’s the Common Rule, though.
DR. FRANCIS: It is the Common Rule.
DR. TANG: But the privacy rule says that it would be – it needs to go through the research pool if it’s going to be research.
DR. COHN: The microphone, please.
DR. TANG: In some sense, HIPAA is deferring to the Common Rule. But if you try to “escape” it through the operation –
DR. COHN: Then maybe we should say both. It violates the Common Rule which would in turn or just however you want to word it. But people who look at that who understand the balance and will say that’s wrong. So we want to be clear.
DR. CARR: Okay, I had some wordsmithing on this as well which is on line 576, for example, a review of cases for quality assurance may reveal that administration of a new drug, and then I just change it here to say is causing previously – oh, I can’t read my writing, but unanticipated consequences, and that public safety necessitates publication of the information even though it was not originally collected under IRB oversight. Is that helpful? Very lengthy flight down from Boston last night. For example, a review of cases for quality assurance may reveal that administration of a new drug is causing previously something about unanticipated consequences and public safety necessitates publication of the information even though it was not originally collected under IRB oversight. We’ve heard a little bit about that, the VIOXX risk and so I just feel that to John’s point, really punching this out to a very real life experience, and we actually – there’s been a whole issue with a protein and cardiac surgery now, you know, that’s coming out of exactly these kinds of evaluations. So I think giving it a little more texture if you permit me some wordsmithing there. Are there other comments or questions about uses of health data in research?
DR. DEERING: Justine?
DR. CARR: Yes, Mary Jo.
DR. DEERING: Actually, it’s just a simple request, and I’m happy to work with someone on it to add some sort of an opening sentence to this section because we’re jumping directly into the issue of research regulations. It leads the reader to anticipate that that’s the sole thing. So I think it’s a simple thing of just leading off the section.
DR. CARR: That’s great. Did someone just join us? No? Or they hung up. Kevin, are you gone?
DR. VIGILANTE: I’m still here.
DR. CARR: All right, other comments on research? Hearing none, we’ll move on to uses of health data for public health. Any comments on this section?
DR. VIGILANTE: I have one. I can’t see the hands.
DR. CARR: Yes, Kevin, go ahead.
DR. VIGILANTE: So it’s really just a construction issue. So one 602, 603, the example needs to be – it’s sort of an awkward construction of things. Many individuals are unaware of requiring reporting. Others are aware to the extent that they may see the caregiver under a false name to avoid consequences of reporting. I think it just needs to be reframed as –
DR. CARR: Right, we will do that.
DR. VIGILANTE: And then a new paragraph begins because then you sort of launch into what the CDC is doing.
DR. CARR: Okay, we’ll incorporate that. Other questions about public health? Michael?
DR. FITZMAURICE: I would also suggest a public health operations efficiency. Often you have scarce money for public health, and so you use this health data to decide where you put your money, what services you provide to the people, and that’s an important use of data for public health. You’re making presentations to a budget committee, you need to put money here because it has a greater effect on the population than putting money over here. You bolster your arguments for data.
DR. CARR: Thank you. Leslie?
DR. FRANCIS: This may be more than you can do. But there are real differences between the kind of surveillance collecting it for public health where we’re worried about disease spread and where we’re worried about interventions to help people take better care of themselves like the diabetes one. And this doesn’t separate that out. I don’t know whether it should or how it could.
DR. CARR: I think we can incorporate that. That’s a good comment. And Michael, if you have language that you’d like about your comment about the efficiency and operations budgetary allocations, that would be helpful.
DR. LAND: The example bio sense may or may not be the best. As I understand, bio sense is under considerable reconsideration right now, and I don’t know if it’s actually going to be going forward as an example like this.
DR. CARR: Does he have an alternative?
DR. LAND: I don’t have the answer to that.
DR. CARR: Do you have any alternative recommendation or example for here?
DR. LAND: Not at the moment.
DR. CARR: Steve?
DR. STEINDEL: I think it should remain. It’s a specific example at a point in time. And while Garland is quite correct that the program as conceived of today may not move forward, I suspect what might move forward is going to move forward in a similar fashion.
DR. CARR: That type of surveillance, yes, and I think –
DR. VIGILANTE: Probably right. It’s very likely to have natural disease surveillance.
DR. CARR: And I think that when we had discussions about this, a point was raised that this is different from the traditional public health reporting of existing disease, and it’s more on the surveillance information. So we’ll work with that and take your point into consideration. Are there other comments on public health? Moving on, using public data involves information change. This really ended up being only two paragraphs and an example. But I would say it represents about 500 hours of discussion.
I think it was raised – actually AMIA raised it in their meeting in June about commercial uses, and we talked about it in our meeting in October about when there is monetary exchange, is that necessarily undesirable. And so we’ve summarized it somewhat here, and I think we later point to the fact that we need more attention on it.
The example here, John, yes? Yes, did I miss that? Oh, that’s right, sorry.
MR. HOUSTON: There’s a new second paragraph.
DR. CARR: That’s right. Paul made some significant improvements to this. I’ll read as it appears on the screen. These privacy protections are not – well, I think I better read both paragraphs. So the topic is uses of health data involving monetary exchange.
First paragraph, an increasing concern relates to the sale of data where financial benefit accrues to someone other than the individual who is the source of the data. HIPAA requires an authorization for any use by covered entities of protected health information or marketing except if the communication is face to face by the covered entity to an individual or if it is in the form of a promotional gift of nominal value provided by the covered entity, and the other citations. That could maybe be two sentence.
HIPAA also specifies that if marketing involves direct or indirect remuneration to the covered entity from a third party, the authorization must state that such remuneration is involved. These privacy protections are not available to individuals when dealing with organizations that are not HIPAA covered entities or that de-identified protected health information or for selling it. There is a need for sustainable business models to maintain and use data for patient care, research, public health, personal health records and other expected purposes. If other unanticipated uses of personal health information are not disclosed to individuals, they may cease to trust the system which would potentially harm patient care and other beneficial uses of health information.
Paul, did you want to comment on that?
DR. VIGILANTE: I think that’s fair.
DR. CARR: Yes, what you did was very helpful and helps us focus. Okay. Marjorie?
MS. GREENBERG: This may be wordsmithing. And if so, don’t worry about it. But to me, in this example, I think the first sentence, I would take off that last phrase because it’s confusing as to whether there’s actually advertising in the EHR or what.
I would just say an individual may benefit from a provider using a EHR. In turn, the provider may be able to give better care to an individual by using an EHR. But when the EHR vendor mines the data to supply advertising to the provider book, blah, blah, because that is, EHR being subsidized through the use of advertising, I found quite confusing as to what you meant by that.
DR. VIGILANTE: Yes, I agree.
DR. CARR: Oh, yes, you’re right.
MR. HOUSTON: Do you want me to read an alternative?
DR. CARR: Do you want to – I have it here. Do you want to read that? I’ll read it. So the example then as revised by Paul’s recommendation to say an individual may benefit from a provider using an EHR. However, the provider’s use of an EHR may be subsidized by the use of advertising to the physician. Alternatively if the EHR vendor mines the data to supply advertising to sell products directly to the individual or to sell information to a third party for other uses, the individual’s trust in the provider may erode and concerns about privacy increase.
DR. VIGILANTE: I think the phase about advertising detracts from the main – it’s really about the mining of the data and getting right to that without that intermediate sentence or phrase, I think, gives it greater impact.
DR. CARR: So Mary Jo?
DR. DEERING: And my question was not seeing it and only hearing you read it, it sounded like the second – I didn’t know what to make of the second sentence. I didn’t know if it was a statement of approval, but it began with the word however.
DR. CARR: Yes, provided use of an EHR –
DR. DEERING: So I wasn’t –
DR. VIGILANTE: Let’s take it out.
DR. COHN: Yes, and I actually – this is one where actually I think Marjorie clarified it better. I guess I’m sort of thrown off by the word alternatively which I’m not quite sure what to make of that transition through there. I actually think that with the changes that Marjorie was suggesting here, it actually comes away as being a relatively compelling example.
DR. CARR: So Simon, if we took out the word alternatively, then it would be – I’ll read it again. An individual may benefit from a provider using an EHR. However, the provider’s use of an EHR may be subsidized by the use of advertising to the physician. If the EHR vendor mines the data to supply advertising to sell products directly to the individual or to sell information to a third party for other uses, the individual’s trust in the provider may erode and concerns about privacy increase.
Yes, Jeff?
MR. BLAIR: Maybe there’s an example of this somewhere. I’ve just never known of this. So I’ve known of areas where advertising might be included, but it isn’t the EHR vendor. So I don’t mind if it’s used as an example, but I think there should be something to say like if this occurs rather than because it almost implies that it is occurring.
DR. FITZMAURICE: And it could also be illegal. How does an EHR vendor get access to this protected health information.
DR. CARR: Business associate?
DR. FITZMAURICE: It’s still illegal.
DR. COHN: Why don’t you let Margret talk?
MS. AMATAYAKUL: We actually have a specific example of a vendor that is doing this today. I didn’t cite that vendor. I don’t know whether it’s appropriate to do so. But –
DR. COHN: Now is it a vendor of EHR systems?
MS. AMATAYAKUL: Yes.
DR. COHN: Or is it –
MS. AMATAYAKUL: Two vendors.
MR. BLAIR: So there’s two examples of something like this has happened. Then I’d like to know is it where it’s a stand alone, or is it an ASP model where it’s a service that’s being provided.
MS. AMATAYAKUL: An ASP, I believe.
MR. BLAIR: That’s exactly what I was thinking, and that can give – the way it’s worded it gives a very different impression because I think most people think of EHR vendors as ones that provide software as opposed to those that provide a service. And so I think that I have no problem with your including the example. But let’s either add that it’s a service as opposed to just a generic term vendor and maybe indicate that is not common.
DR. COHN: Jeff, if I may jump in, but is the word vendor the one that’s bothering you, and would you rather have that maybe be like service provider?
MR. BLAIR: Yes, thank you.
DR. CARR: All right, I saw a number of hands. Harry?
MR. REYNOLDS: Yes, again, as we go through this and as we get deeper and deeper in the document and start zeroing on certain things, one of the key points that this is continuing to show that there are people outside of the HIPAA world right now, whether it’s services, whether it’s vendors, whether it’s these other things, they are in free space in many cases. And so we’ve got to be – we’ve just got to keep that message. So remember to keep – every once in a while keep looking back at the guiding principles because those are the things that we have to keep that consistent message throughout this.
I’m not picking on anything that anyone just said or anybody’s going to say in the future. I’m just saying that’s the one thing that we continue to hear clearly, and that’s why we want to – there may not be as many examples as people would want, but there is a group of people out there that are non-covered who are offering services in today’s world that are outside the stream of what we want to protect.
DR. CARR: John Paul?
<