[THIS TRANSCRIPT IS UNEDITED]
List of Participants:
David Korn, M.D.
David Witter
Robert A. Hiatt, M.D., Ph.D.
Elizabeth Andrews, Ph.D.
Steven B. Thacker, M.D.
Verla S. Neslund
Joseph A. Reid, Ph.D.
John Poundstone, M.D.
David Fleming, M.D.
John E. Hartwig
Michael Diegel
Alfred Buck, M.D.
Bill Mahon
F. M. Broadaway
J. Michael Hamilton
Cary Sennett
TABLE OF CONTENTS
Page
Call To Order: Robert Gellman 1
Research Issues
David Korn, M.D. 5
David Witter 8
Robert A. Hiatt, M.D. 12
Elizabeth Andrews, Ph.D. 15
J. Michael Hamilton, M.D. 19
Public Health Issues
John Poundstone, M.D. 110
David Fleming, M.D. 111
Steven Thacker, M.D. 115
Public Comments 235
P R O C E E D I N G S (9:05 a.m.)
DR. GELLMAN: If everyone finds their seat, so we'll begin. I'm going to start with a short explanatory statement, so everybody starts from the same page.
This is a meeting of the Subcommittee on Confidentiality and Privacy of the National Committee on Vital and Health Statistics, an advisory committee in the Department of Health and Human Services. The committee itself is chaired by Don Detmer from the University of Virginia. I am Bob Gellman, and I am chairing the subcommittee.
Under the administrative simplification title of the Health Insurance Portability Act, the Kennedy-Kassebaum bill, the Secretary of HHS is required to make recommendations to the Congress on health confidentiality legislation. The committee will be making recommendations to the Secretary sometime before that, probably in late spring. The committee decided to establish a subcommittee on confidentiality and privacy, and we decided to hold a series of hearings. This is the first of six days of hearings that will be held this month and next. The hearings will form the basis for the committee's recommendations to the Secretary, and then for the Secretary's recommendations to the Congress.
The purpose of the hearings is to explore in detail the options, choices and tradeoffs that are inherent in any health privacy legislation. I would hope to focus on specific alternatives, and get more into the details than you would normally expect to find at a Washington hearing. We will be looking at some of the existing legislative proposals. We will be looking at the consequences for patients and for record keepers, of any kind of new privacy rules that are being developed, and we will be looking especially at how legislation operates in the real world.
We intend to cover the full range of fair information practices issues, including patient's rights, limits on use and disclosure of information, health identification numbers, pre-emption of state laws and privacy-enhancing technologies when available, sometimes known as PETs -- privacy-enhancing technologies.
This isn't going to be, I hope, your classic hearing, where witnesses come in and read long statements. We want to have as much discussion as possible. We structured these two days of hearings with one panel in the morning and one in the afternoon, so that we can have as much time for discussion as possible.
We have told the witnesses that they have no more than five minutes to make a statement, and I will be ruthless in cutting them off, so we have time to discuss.
Administratively, the next hearing of course is tomorrow. After that, the other hearing dates are February 3 and 4, February 18 and 19. Exactly what subjects and what order we will be considering the issues in the future is still a little uncertain. Tomorrow's hearing -- this afternoon we are going to be dealing with public health issues. Tomorrow's hearing will deal with health oversight issues. We had hoped to deal with law enforcement issues in the afternoon tomorrow, but that could not be arranged people we were trying to do this all over the Christmas holidays, when people weren't around. So the afternoon will be a little bit of a shorter hearing, continuing on with the health oversight, and it may not go as long as originally scheduled.
We will make announcements about further hearings and witnesses when they are available, and the information hopefully will be available through the committee's Web site, although there is no guarantee it will actually get there in time.
We do have an opportunity today for public comments at the end of the day. There is a sign-up sheet over at the sign-in table, for people that want to make comments. We will deal with that at the end of the day.
I think to begin with, I am going to ask all the people up here to introduce themselves, and then perhaps go around the room and ask everyone else to do the same.
Marjorie, would you like to start?
DR. GREENBERG: I am Marjorie Greenberg, National Center for Health Statistics. I am the acting executive secretary on the committee.
DR. SCANLON: I am Jim Scanlon from the Office of the Assistant Secretary for Planning and Evaluation in HHS. I am the executive staff director for the committee.
DR. FANNING: I am John Fanning from the same office. I staff this committee.
DR. GELLMAN: I am still Bob Gellman, and I am otherwise a privacy and information policy consultant in Washington.
DR. FRAWLEY: Kathleen Frawley.
DR. HARDING: Richard Harding. I am a psychiatrist in South Carolina.
DR. WARD: Elizabeth Ward. I am with the Washington State Department of Health.
DR. SCHWARTZ: Harvey Schwartz from the Agency for Health Care Policy and Research, and I am the agency's liaison to the committee.
DR. GELLMAN: Why don't we hold off on witnesses, and start with the audience?
(Whereupon, audience introductions were performed.)
DR. GELLMAN: Let's begin with our first panel of witnesses. I think just to make it easier, I'll ask you each to introduce yourselves and explain your professional affiliations. Perhaps we will begin with Dr. Kern.
DR. KORN: Thank you. I am David Korn, professor of pathology, and immediate past vice president of Stanford University, and dean of the medical school there. I am currently on sabbatical at Stanford, where I have an appointment at the AAMC as distinguished scholar in residence.
The AAMC is very aware of the gravity of the task with which your committee is charged, but does not have a formal policy on these matters. Therefore, the testimony that I and my colleague, David Witter, will give are personal opinions and not official policy of the AAMC.
The difficult challenge before this committee is to find a point of balance that will enable to us to enhance the security of confidential medical information and reduce the probability of its misuse, without substantially impairing the access and communication that are essential to the effective delivery of medical care, the efficient functioning of the health care delivery system and the pace of biomedical and health services research. That is a very tall order.
It would be comforting to develop foolproof mechanisms that could assure the absolute security of such information of all kinds, at all sites, and of whatever derivation. But given the requirements for access and communication in the real worlds of medical care and biomedical research, such levels of security in my judgment are fanciful. More realistic would be to develop the best security mechanisms feasible from a cost benefit perspective, and couple that effort with effective measures to prohibit the discriminatory misuse of such information by employers, insurance companies or others.
Unfortunately, we as a society have not succeeded in reaching that objective. In the absence of such effective measures, much effort is directed toward restricting the creation and accessibility of information, and building firewalls to insure its confidentiality.
With respect to medical information created in research, perhaps nowhere is the conjunction of extraordinary promise, deep-seated public concern and regulatory challenge exhibited more vividly than in the current debate about the nature of the informed consent process that should guide genetic testing in the use of human tissue and research.
Recommendations from many committees that have studied these issues to date come down in my view too heavily on the side of private interests at the expense of public benefit, and suffer from inadequate input from a broadly based scientific community.
I think the deliberations to date have been defective in two major areas. First, they have failed to distinguish between genetic testing, which I think should be defined narrowly and raises considerations of definition and appropriate informed consent, and genetic information that can be obtained and inferred from a myriad of clinical research sources, and raises concerns of privacy and protection of confidentiality.
Secondly, it has been too readily accepted that genetic information is unique and different in kind from all other private, sensitive and often predictive information that may exist in the medical record. To the contrary, I believe the difference is not so much qualitative as one of degree, and the distinction is important in devising appropriate and workable mechanisms for protecting confidentiality.
Let me in the time I have try to offer a few specific recommendations to illustrate these points. First, much more careful attention has to be paid to the definition of terms to avoid confusion and unintended consequences. In the context of contemporary biology, terms like genetic research, genetic sample and genetic test are exceedingly broad and so inconclusive and imprecise that it is inadvisable to attempt to use them as the basis for new research guidelines and regulations.
Genetic testing appropriately defined should unarguably meet a high standard in informed consent. However, the definitions proposed are far too over-reaching and should be narrowed to focus on the purpose of the study, rather than the kinds of research methodologies that are used.
Research studies on human tissues removed for medical reasons ordinarily should not be defined as genetic tests, even if they involve information of gene structure and function. Moreover, the results of such studies should never be considered diagnostic and not be entered in the medical record nor communicated to the tissue source.
Everybody agrees that the informed consent protocols used for research on human tissue specimens must be strengthened. However, I believe that research on coded samples that are linkable to patient sources should continue to be eligible for approval under a general informed consent mechanism, under specific circumstances that I will address in a moment.
DR. GELLMAN: Dr. Korn, I have to ask you to stop there. We'll come back to some of those issues later. Mr. Witter, do you have a separate statement?
MR. WITTER: Yes, I do. I am David Witter. I am director of the clinical administrative data service at the Association of American Medical Colleges. The clinical administrative data service, or CADS, is an online data services that uses non-identifiable information from participating teaching hospitals to track and assess clinical outcomes and care processes. The resulting information is to track patient outcomes and other types of health services research and to support policy analysis at the association.
CADS was developed over a six-year period by the Academic Medical Center Consortium, and was merged into the AAMC in 1996. From 1990 to '96, I was president of that consortium and directed the development of this database. Prior to joining the consortium, I spent 17 years at the Oregon Health Sciences University in a number of positions, including hospital CEO, interim university president and director of the biomedical information communication center.
I am pleased to have this opportunity to meet with the subcommittee this morning, as you begin to formalize recommendations on the standards with respect to privacy of individually identifiable health information.
As Dr. Korn indicated, medical schools, teaching hospitals and their faculty share two major principles with regard to the responsibility with which your committee has been tasked. First, they are committed to improving the health of individuals in their community, and second, we are committed to improving the means by which we care for patients today and in the future. As part of that commitment, we endeavor to provide the highest quality care, based on the latest available knowledge in a manner that respects the dignity of the individual and the privacy and coal fired power plant of the information about a specific individual's condition.
The commitment to improving treatment and diagnosis covers a broad array of activities. On the one hand, health care providers want to better understand the roles of genes and molecules in the functioning of the human body. At the same time, they need to improve their knowledge about the epidemiology of disease, the efficacy of alternative treatment therapies, and the most efficient means by which to provide health care services.
In developing your recommendations for Congress, I would hope that you would consider some of the following issues. First, medical information that records that can be linked to the individual should not be disclosed unless the individual has given consent for the release of that information, or unless there are compelling reasons to believe that releasing such information would be in the public interest.
Second, in order to allow for the continued development of clinical, epidemiological and health services research, your recommendation should assure the continued availability of medical information that covers the broad spectrum of health experiences for all patients.
Analysis of this information is crucial in order to better understand disease processes, health care delivery practices, health care outcomes and the quality and efficiency of health care. It is also important as a key piece of accreditation processes.
The benefits of these activities to the public is of sufficient import that future proposals to safeguard individual privacy must not place a barrier to the continued accessibility of medical information for these purposes.
Third, there are a variety of mechanisms that have evolved over time to help protect the privacy of individually identifiable patient information. They include policies and standards for the use of identifiable data in clinical trials and other research processes that are under the authority of institutional review boards.
Second, there are practices for encoding and encrypting identifying numbers when data is included in research studies, databases maintained by the various states, and private research organizations. There are also techniques for limiting access to specific kinds of information by further coding it, converting it or other obscuring techniques.
Fourth, your recommendations must also make a clear distinction between non-identifiable health information and protected health information. Your recommendations need to specify that the use of non-identifiable patient data and the lawful disclosure of protected patient data do not expose individuals and organizations to liability.
Fifth, some of the terminology included in legislation considered by Congress last year needs to be revised to include the full spectrum of organizations involved in research-related activities and that require the use of medical information. For example, independent research organizations such as Rand, The Research Triangle Institute and a variety of clinical trials research organizations are involved in the same kinds of research activities that are conducted at many medical schools and teaching hospitals.
DR. GELLMAN: I'm going to have to interrupt you there. Thank you. Let me just say that everybody's statement will be made a part of the record. If people have supplied a copy of their statement in electronic form, it will be put up on our Web site, along with the transcript hopefully of today's hearing and all the other hearings.
Dr. Hiatt, would you like to go on?
DR. HIATT: My name is Robert Hiatt. I am speaking to you as chair of the policy committee for the American College of Epidemiology, which is an organization which represents 850 professional practicing epidemiologists. I am also assistant director for epidemiology at the Division of Research at Kaiser Permanente in California, and director of prevention sciences at the Northern California Cancer Center. I have personally spent most of my career working with public domain research and medical records, using epidemiologic methods.
My information speaks to some of the potential impact of new measures to protect privacy in the conduct of research in the public interest. The scientific basis for public health epidemiology, which affects the lives of millions of American citizens every day, requires readily available access to health-related databases and medical records. Increasing levels of restriction based on concerns of confidentiality have already been put in place by institutional review boards around the country to insure proper use of human subjects and the protection of their privacy.
We heartily endorse the legitimacy of these concerns about confidentiality and medical records. The public health community has worked hard to comply with these laws and regulations over the years, and stands behind the principles involved.
However, these efforts have already made the work of epidemiologists more cumbersome and costly. In the interest of protecting the public health, we must be sure that these concerns do not inhibit the access to medical records for important bona fide research. We trust that this is the intent of Subsection 11-78B of the Kennedy-Kassebaum bill.
The use of medical records for public health research is critical to a broad range of studies that are conducted in the public interest. Epidemiologists use information from individual records, together with many other individual records to form scientifically sound conclusions about groups. In analyzing, presenting and publishing these data, individual names and identities are of course not revealed. The responsibility for insuring privacy is rested with institutional review boards, and the investigators, when medical record review, not contact with human subjects, is required.
In many if not most epidemiologic studies, there are hundreds if not frequently thousands of subjects who provide data for analysis. Additional large numbers of records are reviewed for persons who turn out not to be appropriate for final analysis. Thus, a requirement for instance to obtain permission to review medical records from each individual would introduce an unacceptable amount of non-respondent bias into these types of retrospective investigations, as well as prohibitive in expense and time.
If people are given the option of withholding information, they may do so without consideration of the public benefit being forfeited. Without even representation from all members of society, epidemiologic investigations would not be population-based, and their relevance to public health would be severely compromised.
Furthermore, many epidemiologic studies are federally funded. The consequences of expensive requirements to increase confidentiality could make it nearly impossible to conduct research on which sound public policy is based. Threat to privacy from such studies over the years has been small, whereas the benefits to public health have been large.
Some examples are included in my longer statement, and perhaps we can get to those in future discussion.
DR. GELLMAN: Thank you. Dr. Andrews.
DR. ANDREWS: Thanks very much for the opportunity to address this committee. I chair the Committee on Data Privacy of the International Society for Pharmacoepidemiology, or ISPE. It is in that capacity that I am addressing you. I am also the director of epidemiology for Glaxo Wellcome and an adjunct associate professor of epidemiology at the University of North Carolina School of Public Health.
Our society is a nonprofit international professional membership organization dedicated to promoting pharmacoepidemiology, the science which applies epidemiological approaches to studying the use, effectiveness, value and safety of pharmaceuticals. Our particular subcommittee is addressing data privacy as it relates to drug safety.
The organization ISPE includes over 1100 members from 45 countries. The largest proportion of our membership represents academic institutions, followed by industry, government and other professionals.
Let me describe the rationale for our research and two of our main concerns with current legislative proposals. At the time a medicine is first introduced into the marketplace, there generally has been only limited opportunity to observe rare adverse drug reactions. Premarketing trials are experimental. In order to minimize undue risk to the patients and maximize efficiency, trials usually include a limited number of patients for a relatively short time under optimal clinical practice. Usually patients receive only the drug under study. Once the drug is in the marketplace, it can be used by patients with other medical problems and who may be taking other medications, some of which could result in dangerous interactions.
In addition, the medication may be taken by special populations such as pregnant women, children and the elderly, who may not have been well represented in these trials. Regulatory agencies report adverse experiences through the post-marketing spontaneous adverse experience reporting system. However, that system captures only a small fraction of total events and cannot estimate rates of events.
In order to protect the public from either unnecessary harm from a previously unknown but serious toxicity, or from possible over reaction to a safety signal that may be spurious, it is essential to better evaluate drugs and quantify medication safety.
We can only accomplish this research with continued availability of large-linked databases. Often, our studies are conducted in databases that included coded data on diagnosis, prescribed medications and other health information. While the data are not directly identifiable, they will almost certainly be encoded, but still potentially identifiable.
This is important for retrieving additional information if it becomes necessary for identification of a long-term health risk or if important safety information needs to be validated against original medical records.
Under the proposed legislation, these databases could be considered protected health information because of the presence of the code that could be used to link back to an identifier.
We agree that safeguards are needed to protect the actual linkage. The key to decoding the data must not be available to those conducting the health research or the health plan operations. Those safeguards exist now for most data resources and should be in place for all.
If these databases are considered protected health information, then some legislative proposals would require specific and unambiguous authorization or consent for each use or disclosure. Our studies often require data from files years after the medical events in question, years after patients have left a particular health plan, and sometimes after patients have died. Requiring authorization for each research use is simply not feasible.
Use of encoded or encrypted databases should not be considered protected health information, and should be exempt from requirements for authorization. From studies that do require some limited access to protected health information such as case control studies that use medical records to identify cases, a new restriction that would require specific authorization for each use of data would create impediments to drug safety studies. For these studies, IRB approval under existing regulations should be sufficient.
Let me summarize a few points. Pharmacoepidemiology studies are observational, not experimental. The researcher almost never needs to know the identity of the study subject. Safeguards are needed around the linkage process. The linkage capability must be maintained. Research questions that might require access to persons' health information cannot be anticipated at the time individuals provide initial authorization for the use of their health records.
We are concerned that studies of importance to public health simply could not be done under some of the legislative proposals. I likewise have examples I would love to discuss with the committee. I look forward to providing additional written comments from our subcommittee.
Thank you very much.
DR. GELLMAN: Thank you. Dr. Hamilton.
DR. HAMILTON: I am Michael Hamilton, the chief of the clinical investigation section for the adult oncology service at the National Cancer Institute at Bethesda. I was chairman of the NCI institutional review board from 1991 to 1994. I come representing the NCI and the National Institutes of Health, but I am not a spokesman for them.
A couple of the other speakers have touched on the issue that clinical research is an essential aspect of health care. To accomplish good research, patient records with good patient identifiers must be available to researchers, both in general demographic or epidemiologic studies and specific individual records have to be available to assay the participation in a particular clinical trial. Yet I guess what this committee is involved in is how are those records, both the research of the clinical records themselves and the research records protected from additional use or misuse without specific patient release or patient consent.
I think it is important to point out that there are clear benefits from research. I will keep my examples to the areas that I know, cancer. From the '70s and '80s, when 53 percent of patients died after a diagnosis of cancer, it has now dropped in the mid-90s to 42 to 45 percent. So research has yielded headway, both from the introduction of new agents -- I guess one of the best known recently would be paclataxol or taxol, and in this past year ten new drugs were approved by the FDA for use in cancer.
Demographic data has helped define disease incidents, risk groups, the etiologic agents involved, but not without having to involve oneself in potentially controversial aspects identifying racial groups. There is a study in this week's New England Journal that shows the lack of correlation between abortion and breast cancer, so one obviously has to delve into very personal aspects of a person's past medical history.
Symptom control, including the use of morphine for pain control, involves for investigators both risk for involvement with the Drug Enforcement Agency, and of course we are hearing from the Supreme Court what the other extreme of that can involve. And then genetics screening, as a couple of people have mentioned, opens a clear understanding of the molecular basis of disease, but at the same time opens a number of ethical issues in identifying a patient's individual risk, not predicting that a patient will get a disease, but an increased risk. By implication then, family members, sometimes by implication as families are studied, there is a five percent incidence of non-paternity, which opens up a whole other basket of ethical issues.
There are clearly a wide range of people who need access to research charts with patient identifiers, including the investigators themselves, the data abstracters, data entry clerks, with a wide range of education and understanding of the ethical issues. These are often handled with -- of course, patients have consent to participate in clinical research. There are locked records that maintained and password protected databases, but it isn't clear that one can ever completely protect a record from intentional fraud or intentional misuse.
One can regulate the degrees of certainty that one has to have to have consent and have protection, and one can review and try to identify unintentional misuse. But scoundrels can never be legislated away in records. Unless one closes down all access to all records to all purposes, one can't protect everybody against all bad things that can happen.
DR. GELLMAN: Thank you. Thank you all. That is a pretty good start.
Let me begin. I want to get into this issue of the use of identifiable records and research. I have been working on health confidentiality legislation off and on for almost 20 years. There is a really strong undercurrent of opposition to letting researchers get access to identifiable records. It comes back again and again. Legislative proposals that floated around in the last Congress took a variety of positions on that.
So I want to challenge you to make a good clear statement of why research needs records; why can't you do research on records that have been totally stripped of identifiers. Can you provide examples of research that has been conducted, things that people will be familiar with, that could not have been conducted without the availability of identifiable records?
DR. ANDREWS: I'll start with one example. We learned about the association of maternal use of DES or diethylstilbestrol and vaginal cancer in the offspring only through availability of these mothers' records, records from decades prior to the detection of cancer. There was no way people could have identified this risk years prior to obtain consent.
Another recent example from last week's JAMA was of a study conducted in a database in New Jersey. It found a gross under-use of beta blockers in the elderly, following myocardial infarction. Only 21 percent of people who most cardiology professionals would have said should have received beta blockers received them. There was a 43 percent increase in mortality over two years as a result of this inappropriate under-use of beta blockers.
This kind of information is absolutely essential with large numbers over a long period of time. The ability to go back to the medical record is critical to validate medical conditions and to be assured that the data are of quality for research.
DR. GELLMAN: Let me follow up with the DES example, because that is a study that I think entered popular knowledge.
Suppose there were a requirement that you had to get consent from all the patients before you could look at their records. How would that specifically have impacted the study? How would you go about getting consent? What would have been the consequences for the research if you were required to get patient approval?
DR. ANDREWS: There would have been an unknowable amount of bias, because only some of the women would have still been available to obtain consent from.z
DR. GELLMAN: Anybody else?
DR. HIATT: Recently in -- this is an example from our own research group. We studied the relationship of sigmoidoscopy screening to colon cancer mortality. I think the committee and those concerned with this issue have to understand that yes, at some point the analysis of epidemiologic data can be done without individual identifiers. But constructing the database does require linkages that require these individual identifiers.
DR. GELLMAN: Can you explain the kinds of linkages you are talking about?
DR. HIATT: Yes, I can. I was going to use this example to do that.
This was what was called a case control study. In this study, individual records that contained information about screening with sigmoidoscopy screening, had to be linked with cancer outcomes. So these cancer outcomes came from SEER registry -- this is the NCI-maintained national registry on cancer outcomes. So this linkage occurred through individual identifiable information.
Now, this study then examined medical records without the permission of the individuals, because there was no -- some of these individuals had died, some of them would be difficult to identify, having left the health plan, et cetera.
What was found, just to put it in the public domain, was a very strong protective effect of this type of screening. It was such that as much as 50 percent of colorectal cancer mortality can be expected to be achieved if this is accepted widely around the country.
This evidence was strong enough that it changed the U.S. preventive services task force's recommendations for colorectal screening. So a study that involved the review of about 1500 medical records was critical to obtain information linked to other records that had this important public health impact.
DR. GELLMAN: Dr. Hamilton.
DR. HAMILTON: There are also examples where one has to have access either to an employee's records. As an example, an old study with coke oven workers in the processing of coal -- not just that somebody worked in the steel mills, or with the coke ovens, but where they were on the coke ovens, people on top versus on the side to help -- the people on the top had the highest risk for lung cancer and head and neck cancer, and they obviously had the most exposure. So the one would have to have access -- it was not just the fact of what they did for a living, but where they were and how long they were there. Records with correlations with economic status, which might be as simple as a zip code identifier, but might delve into more precise information about a patient's income or other aspects of health care.
One needs to know then how you can tie those things together from a health record to other non-health identifiers.
DR. GELLMAN: Dr. Korn?
DR. KORN: The whole history of medicine has been pursued through pathological studies that have defined diseases. In defining these categories of diseases, different kinds of cancers, different kinds of hepatitis, kidney diseases, lung diseases, whatever you want, the value of the pathologic study can only be maximized by correlating it with the natural history of the disease that occurs in a population of patients that have pathological findings of common sorts.
In order to do that, you constantly have to be able to get back to the patient chart to determine things like follow-up, survival, response to therapy, recurrences and on and on and on. There is no other way to build that knowledge base.
Let me give you an example. A very difficult problem today in medicine is to understand how to deal with very early breast cancer or prostate cancer, in order to include both genders, that are picked up by very sensitive detection techniques, mammography in the case of breast cancer, PSA or biopsy in the case of the prostate.
In both instances, lesions that would never have been detected clinically because of their minute size are able to be picked up and examined pathologically. When one examines these things pathologically, one is unable to determine the biological aggressiveness of the lesion from our current knowledge of looking at pathologic specimens by the technologies available.
That means that one is facing constantly, with very high prevalence diseases, issues of how aggressively to deal with these quote tumors, of which one has really no firm knowledge as a population, as to which one is need to be aggressively treated and which ones could literally be ignored.
If for example I were to take a collection of 300 minimal breast lesions that were excised by mammographic findings, and find for example that there was a subset that had a particular pattern of genetic change, -- I don't know who these patients are, I don't want to know who they are, their names are irrelevant.
But let's say that I find 50 of these 300 specimens have a common pattern of genetic change that distinguishes them from the other 250. On the one hand, that is an interesting observation, but one doesn't really know if it means anything biologically to the public health.
But if I then could get back to the patient charts, or have the information given to me from the patient charts, that said that those 50 women all died within five years of miserably aggressive metastatic breast cancer, whereas in the other population of 250, that pattern was very minimal, you would immediately have a marker that could begin to segregate these previously undifferentiable lesions and say that when this pattern is found, these people really are at risk for very bad disease, and we need aggressive treatment on them, and the others perhaps not.
That is just an example of where --
DR. GELLMAN: Let me ask, suppose we ask patients up front whether they were willing to make their records available for medical research, and you have medical records with labels, and one would say this is available for research, and the next one would say, it is not. What would be the consequences for research if that were done?
DR. KORN: Well, I'm not an epidemiologist, and we have got some very distinguished ones at this table. But I think that the benefit of an unrestricted database of medical records, whether they are pathological specimens or charts or whatever, are that you avoid the unrecognizable bias that will come into this by not knowing whether those who said no are in fact severely distorting the findings that you are going to get from looking at those who said yes, or vice versa.
Perhaps the epidemiologists --
DR. HIATT: Yes, Dr. Korn of course is right. This comes under the rubric of respondent bias when epidemiologists talk about. But just think how you feel when you get a call from some marketing firm at night while you are eating dinner? What do you do? Well, you might answer the questions, but you might hang up. The people that hang up are different from the people that answer the questions.
In order to make valid conclusions about the whole public, one needs to have an even representation, a true sample of the population in order to make conclusions. We run this all the time when we ask for permission for direct patient contact. It is a critical issue for epidemiologists to minimize the amount of non-response in order to have valid conclusions.
We would have concerns about how this would affect public interest research, because of that.
MR. WITTER: Another example drawing from not so much clinical care, but health services research, is that over the last five years, I was involved in one of the investigators with a stroke prevention port that was funded by HCPR. The goal of that project was to try to better understand how to prevent subsequent strokes from patients who have already had them, or similar kinds of events.
Now, what we did in that particular situation is, we needed to better understand, because nobody had studied the problem, how patients felt about alternative stroke therapies, were they willing to modify their lifestyles, were they willing to deal with the discipline of taking drugs that could potentially be very risky.
In order to do that, what we did was to use encrypted data from administrative databases to identify patients. Then working through their providers, that is, their physicians and the hospitals that cared for them, we obtained their consents about whether we could interview them. But we needed to be able as part of that -- and use the consent process -- again, these are all activities that are under standards set by IRBs within the organizations that were involved, and then able to contact those patients.
But we nevertheless were also concerned about the respondent bias kinds of issues, because we knew that we were of course missing patients who died because we couldn't get consent. We also were -- if patients refused, we had to go to great lengths to try to ascertain whether or not the population of patients that were willing to be interviewed were different than that population of patients that were not.
DR. GELLMAN: Let me try another tack here.
DR. HAMILTON: Can I add one aspect about the -- the problem with the blanket consent is that it also from the other extreme becomes totally meaningless, because there are certain areas of research that absolutely should not be done without specific consent and counselling, and the fact that a patient says my records can be used for research not otherwise ascribed, and assign that. It does not mean that investigation can go ahead and do a family linkage study and whatnot without explaining the ethical risk and the risk of knowledge to those patients, so that it would be research upon the one hand and meaningless on the other.
DR. GELLMAN: Let me ask about researcher record -- are there any examples where researchers have obtained identifiable patient records and used them inappropriately? Is there a way for the profession to discipline people who may have violated the terms under which they got access? Is this an area in which there is a serious problem that needs some kind of a response?
DR. HIATT: Again, from personal experience, everybody that works in the research units that I have been associated with agrees, by signing a confidentiality statement, that they will maintain expected levels of confidentiality dealing with medical records.
But as Dr. Hamilton points out, one can't legislate away scoundrels. So it is possible that somebody could violate that if they were of that kind of mind.
I am aware of no examples of that in 25 years of working in my field. So I would have to conclude that that is certainly possible.
DR. KORN: I have been thinking deeply about this, because I come at it from the pathology archival tissue resource perspective. But in a general sense, it seems to me that the critical need is to be sure that any institution that supports research has the tightest possible security on the linkers that form the key to getting from unidentified materials used in research to getting follow-up information on those particular individuals when necessary for whatever the research process.
In that way, one would never be looking at identified information. Now, the implementation of something like that, I think is not trivial. I couldn't sit here and describe a scheme to do it off the top of my head. But I think that the need for linkage is so prevalent -- it is not 100 percent; there are some things that you can do anonymously, but they are not common. Much more common is the need for data that can be tracked back for follow-up of one kind or anotherup of one kind or another.
I think the critical thing is to embrace this material with a protection, so that it is held in confidence, it is not easily accessible in terms of people randomly get into name-identified materials, but to try to go to the extreme of saying that everything has to be unlinkable I think would be exceedingly deleterious to research, of a whole variety.
DR. HAMILTON: And research is reviewed by a jury type system. That is, institutional review boards of peers, including ethicists, non-medical people, physicians and PhDs who understand all the aspects of the research, not just once, but on an annual basis or more often, depending on the aspect of the research, if it is possible for somebody to misuse research and publish it. But that usually will come back to haunt that person. Just as any physician can misuse the knowledge of the intimate aspects of a person's life that he or she will gain, any researcher can. But almost none will. There is that one or two who will, and something happens to them eventually.
DR. ANDREWS: I also am not aware of any breaches of confidentiality from these kinds of studies. In many circumstances, it is a third party that maintains the key for the linkage; the researcher generally has no desire, interest or need for the identifiers. Just the linkage process needs to be protected.
Regarding code of conduct, our professional society last year adopted a good epidemiology practice set of guidelines, that is not very specific on this point, but it does say that anyone in a research situation does need to sign a pledge of confidentiality if they do have access to identifying information
We are also embarking on a process to develop a code of conduct for our field, feeling that that would be helpful to have that laid out explicitly.
DR. HARDING: A couple of questions. One is the idea of -- do you think that private research should be subject to the same standards as federally funded research?
DR. HAMILTON: Drug company research? Is that what you mean by private research?
DR. HARDING: Yes, sir, or managed care kind of research, that type of thing. Is that the same issue that we are dealing with here, or is it more complicated or less so?
DR. HAMILTON: I think the guidelines apply to all research, for instance, the kind of federal regulations, 45, 46, says, applies basically to all research and aspects of patient consent and that kind of thing. And institutional review boards will hold a drug company to the same standard that they will hold NIH-sponsored research.
DR. HARDING: WE have a subcommittee in this committee on special populations. Do you think that some records should be treated more carefully than others? Are there special situations?
DR. HIATT: Let me respond to both of your questions. I just want to refer to the Bennett bill, where the term health information trustee is introduced, HIT. I think that in most cases, there will be an HIT that holds the data. I think whether the interest or the research question or the funding comes from private industry or public domain, the HIT is still to be held to the same code of behavior.
I think this is a very tricky one, the second question, for special populations, because it involves both the kind of cases that Dr. Korn is mentioning, for individuals characterized by genetic differences, maybe people that are HIV positive, maybe different race-ethnic groups.
The levels of concern that society has for special populations changes over time. Therefore, if you were to set up special levels of -- require special levels of confidentiality for special groups, and that changed over time, it would add an additional level of complexity.
My thinking is not fully mature on this, but I think I agree with Dr. Korn that -- or maybe it was Dr. Witter, who said that these types of information should all be treated in the same way. They should be treated with due attention to confidentiality, but not to be treated special.
DR. ANDREWS: I would have a particular concern about treating those specially. Often those are the populations for which we need the most information. To create an extra hurdle might keep us from learning what we most need to know.
An example would be the use of antiretrovirals in pregnancy. Critically important that we have as much information as possible to learn about the protective effects of antiretrovirals given during pregnancy, to prevent maternal-fetal HIV transmission. Nevertheless, there is an unknown risk of teratogenicity of antiretrovirals.
At Glaxo Wellcome, we collaborate with a multi-industry effort to create a pregnancy registry that monitors women inadvertently or intentionally exposed to antiretrovirals during pregnancy, and contact physicians after delivery to learn about pregnancy outcomes.
Some kind of code is maintained during the pregnancy, to enable the registry to re-establish link with the physician, who can then identify the patient and provide information about the pregnancy outcome. Without the ability to do that, we would have very little information about safety of these drugs during pregnancy.
That bit of information that is used to link my be chart number, which can only be used by the practicing physician to link back to the identity of the mother. But that information is maintained by registry for the duration of the study, and then is deleted as soon as information is complete.
DR. HAMILTON: I think the gist of the discussion is how does one protect patient records with patient identifiers from misuse by researchers or other research modes. But there is also the protection of research records from alternate use or misuse. So the fact that somebody has participated in a research study and may be at increased risk for a particular disease has been identified affects their employability and insurability.
In some ways, I think there does need to be a particular protection of research records when the tool is purely research. If I take part in a colon cancer risk and a potential marker is found and I am positive, I would hate that to have been -- say I can't get health information forever, when it is not even documented yet, or when it goes on to be documented, that it is a useful marker.
DR. HARDING: Or life insurance.
DR. HAMILTON: Or life insurance; any of the above, right.
DR. GELLMAN: Everybody I think has talked about encryption in some way or another. What if the statute said all research had to be done with encryption, no identifiers anywhere, everything had to be linked? What would be the consequences of that? Would that work? Clearly it would work in some cases. Could it work across the board?
DR. KORN: With the opportunity through some mechanism to get back to information is needed. Linkable, is that what you mean?
DR. GELLMAN: Well, you have to tell me where you see the pressures coming from, what is possible.
DR. KORN: I said before, I think that from my experience, that all research can be done with materials that do not have identifiers on it. But I think that most of it needs to be linkable. The vast majority of it needs to be linkable, through some secure linkage point, an escrow agent who holds the linkage in trust or something like that
But you can't make the material totally unlinkable, because you then destroy its utility badly.
DR. GELLMAN: If there were greater requirements for encryption or anonymization of records, what kind of facilities would be needed to support that?
DR. KORN: Excuse me. In the work that I have been involved in for the last year, anonymization is not an acceptable term, in the context I am talking about, because it means that you do something to a chart or a slide or a tissue or whatever that makes it impossible for anybody ever to link back.
So anonymization is anonymity, and anonymity I think we all agree, as a rule will not work. That is how the term is being used. Linkability.
DR. GELLMAN: To the extent to which records need to be linked and to the extent that you are dealing with some kind of encryption -- I am assuming, just for our purposes of argument, some kind of encryption requirement, given the state of medical records in this country, and medical information, some of it is in paper, some of it is on computer, it is all disparate, how would you support that kind of a requirement? Is it possible to do, given the state of medical records today in this country?
MR. WITTER: I guess my simple answer to that is yes, because that is in fact how the data service I work with runs, which is that we get information directly from provider organizations. Those provider organizations, we put the responsibility on them of scrambling, encrypting, obscuring the identification numbers in ways that we don't want to know who those patients are. We want to be able to deal with them just as records, not by knowing what those identities are. And there are multiple techniques for being able to do that, it seems to me from what the rest of the panel is saying, is also available in supporting the research activities as well.
What is key however to this whole process is that while we are using these data mostly for process improvement and variations kinds of studies, if we needed to go back, we could go back to that provider organization that gave us that information and said, here is the record number you gave us, which is an encrypted number, and they could then track back that patient.
But the responsibility is for them, in effect, in the role as health information trustee, because they are the one that has the provider-patient relationship for being able to follow up and deal with that. So we would never want to deal with the patient directly, outside of the context of working through the provider, because that is where the relationship is.
DR. KORN: But it is costly to do that. I think you might explain to the committee how you actually do purge these records.
MR. WITTER: What has to happen is that the provider organization has to write some kind of computer program or routine that scrambles those numbers or encrypts them in a consistent way. We insist that they scramble those numbers consistently over time, so that we can track patients over time, if there are multiple records.
DR. GELLMAN: Does that enable you to link records between institutions?
MR. WITTER: No, it does not, because each institution scrambles their records of their numbers in a way that is known only to them.
DR. GELLMAN: So that means that some of the linkages that might be significant in some cases can't be made?
MR. WITTER: That is correct. If there were patients that were moving between providers, we could not identify those. So in effect, we are missing some available information. But for 99 percent of the purposes for which we use this data, that is a very acceptable limitation.
DR. GELLMAN: Let me follow up on this for a minute. You said for the purposes for which you use the data.
MR. WITTER: Yes.
DR. GELLMAN: Do you define your universe of research in some relatively narrow way, compared to the universe of research done elsewhere?
MR. WITTER: Yes. The scope of the activities we are involved with are quality improvement activities, outcomes research, variations analysis, resource utilization, comparative kinds of data that are used in accreditation processes, both by the joint commission and NCQA kinds of things.
DR. HIATT: I think encryption does achieve something, but not quite an all-or-none situation. What it does is, it transfers the problem to a smaller number of people. You can set up systems, the complexity of which will vary, and the costs of which will vary, which will limit the access to individual data to a smaller number of people. Therefore, you reduce the risk of scoundrels. I like that word.
So I think that is possible, but the issue is still there. You still have somebody that has to deal with individual data, and individual data is still being used to link records for medical purposes.
I would add some more detail to something that was just said. Anonymity I think is also referred to -- another term is blinded unlinked studies. These do have a purpose from time to time. I think actually, the CDC used this method to come up with seroprevalence data for AIDS. What they did was require -- they obtained blood samples from various sources around the country that had individual identifiers completely removed by the time they got them. So they were blinded to who they were, and they were unlinkable.
Then they could say, okay, here is an unbiased sample of serum on which we can do HIV testing, and they were able to determine the prevalence of HIV in our population around the country through that mechanism. They didn't have to go back to it. They didn't want the responsibility of knowing who was HIV positive, and having to go to that individual. That was judged as ethical and useful data to the public health. Blinded unlinked was the term that was used there.
DR. GELLMAN: Now, of the three bills on Capitol Hill in the last Congress, two of them basically provided that non-identifier records were unregulated. One of them provided that non-identifiable records may in fact still be subject to regulation, and still be subject to patient consent.
So at least in terms of proposed legislation, there is not a unanimity. In other words, there is some opinion in one of the bills that there is still a privacy interest in non-identifiable records.
DR. ANDREWS: I would like to get back to the issue of encryption. I think that encryption is fascinating, and may be a solution at some point in the future, when the appropriate technologies can be more accessible.
I worry about studies that require participation from large numbers of clinicians, who may not have access to the sophisticated technology, who may have to rely on their own systems for tracking patients and being able to do the linkage.
So I am not sure, I think the technology may be available to large health maintenance organizations and other large plans, but perhaps not to studies that look at very rare conditions and involve participation by many clinicians.
DR. GELLMAN: So as more records become computerized more uniformly across the country, it may support more of this activity.
DR. ANDREWS: Possibly.
DR. HIATT: Certainly, when one is involved in a clinical trial where a physician is seeing patients or seeing the effects or the side effects of a particular new agent, there can't be anonymity, because one knows whose one's patients are.
But in the submission of that information to either a central receiving facility or to bodies that audit the trial, the data can be coded, but there still has to be linkage, in part to determine the reliability of the data. One has to be able to go back and say, we think these data are missing, go find them in the chart. So obviously, the researcher has to be able to tie that linkage.
Ultimately, if that link is there, even if the data are sent coded, it is the same thing as having them anonymous. If somebody wanted -- or an insurance company said, I demand to know which patients have this thing, that of course in a court setting would be turned over. So linkability is the same as having the information available, if somebody is willing to pursue it.
Also, there are special circumstances. The family linkage studies are an example, especially in rare disease, where if there are only eight or ten families in this country with a particular disease and an article was published on them, those families will be able to identify themselves, and they can see the case where somebody's father really wasn't who he thought it was, unless -- and researchers have done that -- they change the pedigrees, which is another ethical issue. Do you falsify data to cause anonymity? The IRBs in most cases have said yes, it is better to falsify some of the information, as long as you don't change the basic data, so that the families can identify themselves.
One other point in the anonymous studies, where you look at seroprevalence or whatnot. If it is done on a small enough group, or a clearly identifiable enough group, if you just do a drug use study in a particular school, that may be the same thing as having anonymous data also, because you could say that 15 percent of the people at Sidwell Friends School use heroin. Then it certainly affects the reputation of the school. But then if you have any identifiers like racial or gender, you can begin to pick out some of the people who are those users. So it is anonymous data, but it really isn't.
DR. GELLMAN: Let me turn to some other issues. I want to talk about what health research really is. Look at the three bills that float around. The bills I am talking about, these numbers are all from the last Congress, H.R. 435, the Bennett bill is S.1360, and the McDermott bill is 3482.
They are definitions of what is research. They all regulate researcher access. One of them defines research as a biomedical epidemiological or health services research, or statistics project, or research project on behavioral, social factors affecting health.
Another bill defines -- so in other words, it tries to put some substantive limits here. Another bill defines a researcher as a person conducting a systematic investigation, a research development testing or evaluation to develop or contribute to scientific or medical knowledge.
So here we have a process definition. There are no real substantive bounds in terms of what is research, as in the first definition. The third bill says it is all up to the IRB. IRBs decide what medical research is, because all the bills use IRBs, in what is a relatively familiar process today.
What do you think of the definitions? We need some kind of definition. What makes most sense to you? What works, what doesn't work? Are there any problems with these different approaches?
I am not trying to get into the specific wordsmithing of a definition, but just these three separate approaches. Do you have a preference? Is there something you like, something you don't like?
DR. HIATT: First of all, why do you need the definition?
DR. GELLMAN: Well, if a piece of legislation is going to say, we are going to allow health researchers to get access to records, you've got to say who a health researcher is, in some fashion. You've got to have some limits on it. Otherwise, anyone who walks in off the street and says, hi, I'm a health researcher can read Elizabeth Taylor's medical record.
DR. HIATT: I think you are going to have t make a distinction. Getting into definitions is a long and tedious process. But one distinction you are going to have to make is the certification issue versus the definition of research.
I think if you came up with a definition of medical research, which we could probably do, given enough time to suit the committee, you would then have within that rubric individuals that were certified in some way, and those that weren't.
DR. GELLMAN: You are talking about having people designated somehow as qualified researchers generically, as opposed to for a particular type of activity that they are engaged in, particular need?
DR. HIATT: Well, for instance, physicians have certain certifications. Society expects a physician to have certain qualifications in order to carry on those duties that are attributable to them.
Do you need the same thing for a medical researcher?
DR. GELLMAN: You tell me.
DR. HIATT: Currently those things don't -- there is no researcher card that people carry. They come from a lot of different places. Dr. Korn has a better way to approach this.
DR. KORN: No, I don't know that. If you permit, let me just make a comment about confidentiality that will come back to this point.
I think that three things are needed to buttress the confidentiality, the protection of confidentiality of medical information, and try to reduce some of the burdens on the research process that will be imposed in the absence of such.
One of them is, I think central to this is that institutions who are conducting research should have to have a confidentiality policy in force in order to be as part of the human subjects assurance, maybe. In that policy, there should be explicit address of securing the confidentiality of medical information created in research that could deal with the linkages that we have been talking about, the security of these linkages, and it could also speak to who has access to that information.
That de facto, in a way, could embrace a population of people who are authorized researchers within a given institution. I don't know how to do this globally. But at Stanford Medical School, for example, we could tell you who the researchers are that should have access to information, and who are the people walking in off the street who wouldn't qualify.
But I think it could be done through an institution policy, if that were a requirement. I think the second piece of that is that institutions should be protected from being forced to disclose medical information created in research.
I think medical information created in research should be blanketed by some kind of a protection through statute, that makes it inaccessible to anybody -- insurance companies or anybody else.
DR. GELLMAN: Let's come back to that point later. I want to try and stick with this question of what is research. Are you suggesting some kind of licensing system for researchers?
DR. KORN: No. I think that institutions know who their researchers are. I don't think it is an issue. I personally don't think it is an issue.
DR. GELLMAN: But in terms of an institution saying that Dr. A can get access to records for a particular study is fine, that there ought to be those kinds of controls. Looking at this from the legislative point of view, when you say that records can be used for health research, what is it we are talking about, and how do we decide -- let me get more specific.
There is all kinds of research. There are all kinds of activities that go on that look like research. Dr. Harding kind of got at this a little bit. How do we distinguish -- do we need to distinguish between epidemiological research, outcomes research, cost containment activities, public health investigations, quality assurance, utilization review, peer review?
All of these activities have some quality of research to them at some level. Do we treat them all the same? Are there distinctions to be made?
DR. HIATT: I don't think that is as fruitful an avenue to pursue as who is the person. You could define research broadly or specifically and you could still have a broad spectrum of individuals who were pursuing this -- research is the discovery of new knowledge in a very broad sense, and that can occur in a broad range of fields, and the rubrics will change over time. You can have a broad range of individuals with different levels of training and capability and intent, who are pursuing knowledge in these areas.
So I think it is actually going to come back to who is allowed access to information. It might be that it is for institutions or for groups where there are recognized confidentiality agreements, or some sort of certification. I notice the Bennett bill again, in Section 204 mentions certification and certifiability as those who are going to get access to data. So somebody on the legislative side is already thinking about this, and I wonder if there is anything that can be clarified from that side that we could speak to. That is, do you know what they are talking about in the Bennett bill when they say certification?
DR. GELLMAN: Well, that section I think has to do with creating a facility under which information from a variety of sources can be basically passed through, and identifiers can be removed and the information passed on. So I don't think that that by itself -- that would clearly be useful in some context.
But what you have all said already is that having totally non-identifiable, unlinkable records creates problems for research. So that kind of certification provision doesn't really address the issue.
I think the problem of a definition of health research, what is the universe, -- if we are going to have a health confidentiality bill, and have an exception to the general principle of confidentiality for health researchers, we need to say who they are. There are exceptions in all the legislation for lots of people.
This afternoon we are going to talk about -- the same question is going to come up: what is public health, and how do we set bounds on who do we allow to have this special privilege of getting access to records without the consent of the patient?
MR. WITTER: I guess in my mind's eye, I think of health research in that long list of things that you read. So it includes cost effectiveness and quality assurance and a lot of those kinds of things.
A lot of the research that my colleagues here are involved with is research that are separately funded projects that are under the auspices of an IRB, and those kinds of things. There is a lot of other research in that long list of things that represents research activities that may be undertaken by provider organizations to try to figure out how to be more efficient and improve outcomes, those kinds of things, and similarly, by employers, by health plans and so on.
So I think part of the question here is, what is the analogous entities that are involved, say, to an IRB when you have research going on in those other kinds of organizations.
DR. GELLMAN: Well, there isn't one, I suspect, for at least some of those activities. If an HMO or a hospital is doing some kind of internal management study, that may well be the same thing as research. Does it have to go through an IRB? Should it have to go through an IRB?
MR. WITTER: That is a debate that in terms of the organizations that we have worked with, and we have basically come to the position that we need to be treating the information in a confidential way that protects the identity of the individual. But many of those activities that are involved in the operation of providing care have not typically been under the IRB's jurisdiction, because they are really controlled under many of -- the licensing of the hospital or the state laws that deal with quality assurance activities or the accreditation processes.
DR. GELLMAN: But is that a functional equivalent of an IRB? Where you have a detailed case by case review of each proposed project, as opposed to just saying, we determined on our own that this meets the statutory standard for quality assurance, so we are going to go ahead and do it. Are we creating a circumstance here, or potentially creating a circumstance here, in which we have a bunch of similarly situated activities going on, some are subject to this kind of regulation and some aren't. Does that make any sense?
DR. KORN: I'm not sure there is any regulation of management initiated studies of this sort that David Witter is talking about, are you? You don't have to get any approval from anybody, do you?
DR. GELLMAN: But that may be totally indistinguishable from research that is being conducted by someone who walks in from outside. It is the same activity, it is the same use of patient records without consent. Should it be subject to the same kind of control?
DR. KORN: It is interesting, now that raise it, fascinating. If a faculty member wanted to do a piece of health services research involving patient charts or whatever, that person would have to go through an IRB in order to get permission to do it. But if the management decided to review the charts, they would not.
You are absolutely right, it is a fascinating point.
DR. HAMILTON: Well, I'm sure that Congress looks at its own regulations before they write new definitions and whatnot. But research is defined in the Code of Federal Regulations, Title 45, Part 46, review in human subjects research and protection of human subjects, with specific examples of what is not included or what is not covered by this research, including review of deceased records, or records of deceased patients, that is.
Existing material, for instance, a pathological survey, where you are just looking at blocks of the last couple of hundred people that had breast cancer, doesn't need to have IRB review. But if you then wanted to go back and find something in the clinical chart, that would. But just reviewing blocks for a particular marker or a particular histologic finding wouldn't.
So there is a list of specific things that one doesn't need IRB review for, and then everything else is included in that. So the definition was already written once a few years ago, as far as what research is and what is covered by at least IRB regulations and human subject protection.
DR. GELLMAN: Well, true, but those rules are not necessarily -- are perhaps old, and don't necessarily reflect that a lot of these activities are going on, cost containment activities and outcomes research are basically relatively newly established forms of activity that may not -- they may not match up well with old existing regulations. I think one of the questions is, how far do we -- how do we make these distinctions.
Let me make the complicated question even more complicated. We are talking about perhaps -- at least there is in legislation there is the proposal of special rules, liberal rules, for access to medical records by researchers. Now, we can't quite figure out who we are talking about when we say researchers. Now we have a circumstance where we have the same individual. On Monday, the individual gets access to a record as a provider. On Tuesday, he is a peer reviewer. On Thursday he is a biomedical researcher. The next day he is an administrator. You've got the same people performing different kinds of functions, and getting access to the same records.
How do we manage all of that? Do any of these distinctions make any sense anymore? Is it possible to write legislation to distinguish between all of these activities or are they all the same thing?
DR. HIATT: I don't know how far this extends, but in my own case, in our own case, where I do research within a health clinic, it is true that some days I will go to a record as a provider and some days I'll go to a record as a researcher, and it wouldn't be too far to expand that to -- I could go to it as an administrator.
Now, I have signed a confidentiality statement that I consider covers all of my activities. And everybody else that I work with is in that category. So whether it is for quality assurance, which has been a traditional sort of medical function, or some sort of re-engineering or continuous quality improvement type of activity, where there is not a formal hypothesis or evaluation involved, or whether it is, the same confidentiality requirement holds.
Now, that may just be a particular situation characteristic of integrated health plans. But it doesn't -- the patient record is protected in that situation by the confidentiality agreement signed by those that have access to records.
DR. GELLMAN: Well, I appreciate that. But in terms of looking at legislation that establishes rules, that is not a sufficient level of regulation or level of control. You've got to say, who can do what when, you've got to establish rules, and yes, you may also have people making agreements or being made aware of legislative restrictions with serious criminal penalties and civil penalties for violation. But just having people sign a piece of paper that says I agree to -- you obviously recognize that that by itself isn't enough. It is an element, clearly, but it is not enough.
DR. KORN: It is my reading of at least the Bennett bill that those kinds of managerial projects, management projects, if we can call them that, are specifically exempted or accepted, whatever the correct verb is, from the authorization procedures by requiring that each plan or each employer is running their own self-insured plan or whatever, would get from the patient an enrollment, which reads to me like a very general authorization for releasing the information for the management purposes, for audit and billing and finance and surveillance and those kinds of oversight functions.
That is how I read the Bennett bill.
DR. GELLMAN: Well, perhaps that is one way to read it. I'm not sure that is the only way to read it. If you are asking patients for authorizations for all those things, some patients may say no.
DR. KORN: I don't think they would get enrolled if they said no.
DR. GELLMAN: Then why ask patients for their authorization when they don't have a right to say no?
DR. KORN: Well, the Bennett bill is silent on that.
DR. GELLMAN: The kind of bill with which I am quite familiar has a somewhat different approach, but it and the Bennett bill do have some similar limitations on internal use with a word formula. It basically says that records can be used essentially within the institution for a purpose that is basically directly related to the purpose for which the function is carried on, and basically is a very vague word formula. It is not clear to what extent things like management studies -- I'm not saying that they are not covered, but it is not entirely clear from this general standard of whether all of those kinds of activities necessarily follow or not.
So I don't think it is quite as simple as you suggest, that the patient has signed an authorization for all of those functions. It is possible they may be asked, but it is also true that in the Bennett bill, there is a provision that says you can't deny someone treatment if they refuse to sign an authorization for another purpose. The question is, how far does that extend to? It is clear that a patient may have to sign an authorization under the Bennett bill so that the hospital or doctor can get paid, but beyond that, that is less clear. So I'm not sure that that by itself provides much of an answer here.
I think perhaps at this point we will take a short break, and reconvene in ten minutes. Thank you.
(Brief recess.)
DR. GELLMAN: We will reconvene. Kathleen has a couple of comments.
DR. FRAWLEY: One of the things that I am concerned about when we are talking about health services research is the fact that a lot of the research that goes on still requires actual patient medical records. Some of the research that Mr. Witter was describing, some things we can use databases and pull data in that fashion, but there is still an awful lot of research that still goes on every day in this country when someone in the medical records department says, I would like to see the last 25 cases of this particular diagnosis group, or we would like to review the last 100 patients who presented with these demographics and this disease condition.
In a lot of organizations, there is not an IRB process, because it is not federally funded. There is a lot of research that goes on at the community level. We are not talking academic medical centers or federally funded programs.
I would just like to get some sense from the witnesses what recommendations they have. We want to encourage obviously research. There is a lot of public benefit. But on the other hand, how do you break down the problem that we face, the IRB process and that type of research that is covered under the Code of Federal Regulations, versus the type of research that may be going on in the local community hospital, where there is no IRB, it is not federally funded, a physician is interested in a particular disease process. Any recommendations how you approach that?
DR. KORN: Is there any reason why any institution that contains medical information should not have to have an analogous process of an IRB to review and approve access to medical information?
DR. FRAWLEY: Would you recommend that? There are a lot of organizations that do not have IRBs in place.
DR. KORN: I see no reason why there shouldn't be a uniform policy. I don't see why an institution that does the same accessing of medical records for some research purpose that is not federally funded should have a different process than those who are federally funded. I don't see the logic there.
MR. WITTER: To maybe take a slightly different tack than Dr. Korn, Dr. Hiatt indicated that in any given week, he is going to be playing multiple roles. He can be the provider, he can be doing a quality assurance activity and so on.
The accreditation standards for the joint commission require that institutions, any accredited hospital, have policies in place with respect to how they are going to manage confidential information. So those 25 records that somebody might want to be reviewing, they could be reviewing in the context of a quality assurance study or wanting to learn more about a particular condition or whatever. So they are subject to policies in that context.
For hospitals to be paid by Medicare, they have got to meet certain standards already for conditions of participation. Being an accredited hospital provides them a way to do that, rather than having to comply specifically with other federal processes.
But it seems to me there is an umbrella there in which those activities are covered, so that they don't have to have an IRB under the current processes, but they have to have some assurances regarding confidentiality.
In the end, it really is, what is that individual, that physician or whatever who is reviewing those records, going to be doing with that information. Are they going to be disclosing it to other people? Are they going to be rolling it into processes that need to occur with respect to accreditation, or those kinds of things?
DR. FRAWLEY: So basically you are recommending that in situations that -- it is the organization's responsibility?
MR. WITTER: It is the organization's responsibility now for them to be accredited or for them to meet conditions of participation to receive payments under Medicare.
Now, the vehicles by which somebody would want to make a complaint or something for a violation, I just don't recall offhand.
DR. GELLMAN: Could I follow up on that? I don't mean to put you on the spot, Dr. Andrews, but you do have an affiliation with a private company. Does Glaxo have an IRB or some kind of mechanism of that sort? Is that something that private companies should have to comply with in the same fashion?
DR. ANDREWS: I don't think we have an actual company IRB. Most of the research that we conduct is conducted under FDA regulations and with institutional IRBs, and is conducted to the kinds of standards that we were mentioning.
There are also -- we have been involved in a couple of treatment INDs, treatment, investigational new drug studies which allow the use of experimental medications prior to approval in circumstances where there is substantial benefit that can be gained to the patient; AZT before it was first approved.
I think the federal law or the IRB regulations allow waivers of local IRB approval in circumstances where private investigators or physicians do not have access to local IRBs; there is still patient informed consent.
So there are still provisions that are available for waivers, but some overarching body has to make that determination. It is done very rarely.
DR. WARD: I would like to particularly ask Dr. Hiatt, because you are situated in Kaiser, and the HMOs and managed care is an area where, when we have held consumer hearings around confidentiality and privacy, what keeps coming out over and over again is, my health plan will find out something and take away my access to care, or my employer.
Do you have disclosure policies that say you as a researcher may not give this to the benefits office who wants to get rid of a particular expensive enrollee or to an employer who was pushing Kaiser as a health plan for some of its employees? Do you have any particular rules or regulations?
DR. HIATT: Yes. Anything that we do within our research unit is kept confidential from other parts of the organization. Kaiser is an integrated medical organization that has both a medical group and an insurance company.
Analogous to how an individual physician functions, the medical group has responsibility for certain types of clinical data. The health plan has responsibility for data which is demographic, billing and so forth.
Those types of data do not flow freely between the two parts of the organization. But I think Kaiser's situation is relatively unique in the country in this way, and it is probably not -- it may be a good example, but it is not a -- does not reflect what goes on in any other types of HMO or managed care situations.
If I can keep the floor for a second though, when we do research which is characterized by hypotheses, evaluation intended for public consumption through publication, that is pretty clear what we are talking about. Then there are situations where under the Bennett bill, or I guess Condit bill, Mr. Gelman, the research does not include activities for which the organization -- as a normal course of the organization's functioning, I think is how you said it, that appeals to me as something that is excluded.
But I think the problem is that there is still something in between those two, where there is fairly rigorous inquiry that goes on, that may be hypothesis driven, that may be evaluated using rigorous methods, but which is still not intended for public domain, and which is designed to further the business interests of that organization. There is strategic interest to improve quality care, reduced costs, whatever.
I think still in those situations, if individuals are approached, it requires informed consent. This is my opinion. If medical records are used in those situations, I think that that is where the crux of the problem is.
That may be obvious to everybody, but --
DR. GELLMAN: And the answer is?
DR. HIATT: The answer, of course, I don't know. i'm not sure what is the proper way to approach this.
DR. SCHWARTZ: I was wondering whether or not Kaiser might have any disclosure policies with respect to reports that the research unit might write so as to insure that the administrative group cannot deduce the identifiability of any of the patients, such as in tables and that type of thing.
DR. HIATT: It has never come up. We are working with millions of subjects, or thousands of subjects, as opposed to the kinds of situations that Dr. Hamilton mentions, where you have a few people, or genetic situations, where you have a few families, or a rare condition, that has not come up. Theoretically it could, but there is no formal way of prescribing that information, or limiting that information.
DR. HARDING: Dr. Korn mentioned the issue of firewalls earlier, and the need to keep information in a vertical sense, instead of allowing the information to go out to other agencies or to another part.
I was just thinking, we were talking about Kaiser. It isn't beyond the reasonable that Glaxo could buy Kaiser. Therefore, Glaxo would be a pharmaceutical company and a provider, and then would be doing research on its own lives. It can get complicated. It is more than I can comprehend.
But the issue of guaranteeing firewalls in that kind of an organization seems to be very important. I certainly don't have the answer to that, but it is getting more and more interrelated in the medical field. How can we keep somebody's illness from becoming an issue with a whole different entity. That kind of firewall is -- I would like to hear your comments, or anything you have to say about it.
DR. ANDREWS: I think in those particular circumstances of mergers, acquisitions, where pharmaceutical companies have arrangements with large databases --
DR. HARDING: Would you speak up?
DR. ANDREWS: In circumstances where pharmaceutical companies have common interests with a benefits management plan, the one I'm familiar with is what used to be called United Health Care -- still is -- and the DPS database, which was very useful for health outcomes research.
It was purchased, I believe, by SmithKline Beecham, and there was quite a lot of concern by people who had conducted research using those data, that they might not be accessible, and there might be some special interest on the part of the parent company.
What I understand is the case is, there are very, very strict firewalls. So there is still a research unit that manages the database. The pharmaceutical company cannot have access to identifiers, the same way as I couldn't if I were contracting to do some work in the database. I'm sure they have been very, very careful about that. It certainly can be done.
DR. HAMILTON: But it probably comes back to somebody on the local level as you were suggesting in the beginning, to have an IRB type organization in all institutions or all settings.
This is research that needs review and protection. This is risk analysis for projecting our next budget, which doesn't really affect any individual person in any way.
In my experience, I said before that the guidelines are the same in the NIH and other places. Any research that involves human subjects is reviewed by the IRB, whether it is generated by a person who has drug company funding, or since we are all federal employees, we all have a federal connection. But there is outside research also that is brought in that is not federally generated.
I think a lot of institutions handle it that way. Somebody may start a research project innocently enough and have somebody on the IRB or somebody else say, wait, stop. You need to write a protocol and submit that for review, that you are not just looking at one or two charts to see if there is a connection. But this is now defined as research.
But again, it is very hard to put that into words and to legislate it. It is very hard to say a hospital that has no federal funding of any kind needs to have an office record keeping, a person whose salary is generated by somebody to keep all those IRB type records at a federal mandate.
DR. GELLMAN: Let me expand upon Dr. Harding's example. It is one thing to have a merger of some sort between a drug company and a hospital company. It gets more interesting when you have a merger between a hospital company and the New York Times or Time Warner or somebody else, which is not necessarily beyond the realm of possibility, which only makes this question of internal organizational use even more difficult.
The language, for what it is worth, from the Condit bill, and there is similar language in the Bennett bill, has a similar rule. It allows information to be used by a trustee for a purpose that is compatible with and directed related to the purpose for which the information is collected or was received.
Well, that language is language that derives from the Privacy Act of 1974, which defines routine use as the use that is compatible with the purpose for which information was collected, and it was intended to be a little narrower. But basically when you look at the words, they don't tell you anything. It is still kind of mushy.
The problem is that you are still trying to regulate a whole wide variety of uses. If we tried to list them all, we would probably have hundreds of them, and that wouldn't even be trying very hard to make a list. Trying to control all of these with some kind of statutory standard, it is not an easy problem. It is not necessarily an ideal solution.
Let me go on to another area. All of the bills would treat health researchers who get access to records as health information trustees. Basically, everybody who gets health information is a health information trustee, with a variety of responsibilities.
I want to talk about some of those. The principal one involves re-disclosure. When can a researcher re- disclose records for a variety of purposes? Should researchers be prohibited from making certain kinds of disclosures?
Now, I've got a list of ones to talk about. See what you think. Should researchers be entitled to disclose records to other researchers? Is that something that should be permitted or not be permitted?
MR. WITTER: Are you talking about identifiable patient information, or non-identifiable --
DR. GELLMAN: Yes. Non-identifiable information isn't subject to regulation. But we can assume that, at least for purposes of discussion. If it is not identified, it is not regulated. But we are talking about identifiable. Do researchers have to disclose identifiable researches from time to time to other researchers?
MR. WITTER: The reason I ask that question is, I have a hard time understanding why there would be very much of a need to disclose identifiable information. I think you have heard it from all of us that the predominant use of moving information around between researchers would be in the non-identified category, as opposed to the identified category.
DR. KORN: Yes, identified versus identifiable is, identifiable means coded but linkable.
DR. GELLMAN: Yes, and for purposes --
DR. KORN: Is that how you were using it?
DR. GELLMAN: I think for purposes of discussion, and maybe this is something that needs to be looked at. The traditional approach in this area is to divide the world into two kinds of records, identifiable and non-identifiable. What constitutes an identifiable record is somewhat of a difficult issue that I don't want to get into, because it is a long-winded discussion.
The McDermott bill is the first one that suggests basically a third category of record with a different level of regulation. That is, coded information. It suggests that coded information, that is linkable but is not on its face identifiable, may be treated in a different way. I think that is one of the interesting contributions of the McDermott bill, because it is a different way of looking at the world, and it may be a useful one.
But coded information is still linkable, and it is still at some level identifiable. If you didn't need to link it, you wouldn't need the identifiers or the codes at all. So there has got to be a purpose to that
There may be an argument for a different level of control and a different level of regulation, but for conceptual purposes, if you still link coded records, they still need to be identifiable.
So I want to go back to the question, do we need to build in a facility for researchers to be able to disclose identifiable -- if you want to say coded, that is fine, too, but should that be permitted? Should we say researchers can't disclose identifiable records to anybody?
DR. HAMILTON: No. That would be too restrictive. Certainly coded information is commonly used. Again, one has to assume there is good intent, that there won't be intentional disclosure of coded information. That is the whole reason that one goes to the trouble to code it. But there has to then be a tie to see what results mean when they are sent to a different lab or to a different researcher.
Researchers then also put on the hat of auditors, and will look at other researchers' charts and make sure there isn't an informed consent form signed. How can you not know who the person is then? So there is the sense that researchers are also regulators of each other. They have to be able to determine each other's --
DR. GELLMAN: There may need to be a scientific audit of somebody else's work to see if their work is valid, so that may require -- any other examples? Any other comments?
Let me go on to another. What about disclosure of research records to police? For or against it? Any views? Should this be allowed?
MR. WITTER: If you have a court order that says you are going to release the records, --
DR. GELLMAN: Now, subpoenas are -- I'm talking about, police walk in -- this happens all the time.
DR. KORN: For research information?
DR. GELLMAN: Right.
DR. KORN: No, absolutely not.
DR. GELLMAN: What if the police are investigating the researcher for fraud?
DR. KORN: But police don't investigate researcher for fraud, do they? There is a process for dealing with research misconduct. Certainly data have to be accessible and stuff for the investigative process.
DR. HAMILTON: But interstate transfer of quack drugs, for instance, would it be the police doing the research.
DR. GELLMAN: The police broadly defined. The police could be the FDA or the Inspector General at HHS. We are talking about the oversight process of -- you have gotten a research grant from the federal government and provide a bunch of data, --
DR. KORN: Yes, I think oversight of the integrity of the research process has to be enabled. You can't build barriers to legitimate inquiries and investigations, anymore than you could on the oversight of health care. It just wouldn't make any sense.
MR. WITTER: But I view that as quite different than the police rapping on your door, saying we want to know about patient X, tell us what you know. I see those as two very different kinds of things.
DR. HIATT: The way we behave, we don't release data unless we really have to. So if somebody presents -- what informed consents frequently say these days is, your data is confidential to the extent protected by law.
But what you are talking about is making laws.
DR. GELLMAN: Right.
DR. HIATT: And what our opinion is about that. I think researchers are going to hold onto it, unless they absolutely have to give it up. So if the laws make them do that, they will obviously comply.
But I think the mind set of most researchers is to keep the records confidential, just like with journalists. You are protecting a certain trust with the people with whom you are working.
DR. GELLMAN: What about disclosure to public health authorities? Is that something that comes up?
DR. HAMILTON: Some of that is already legislated, as far as diseases that have to be identified and reported.
DR. GELLMAN: Well, if you are a provider, what you may be is a researcher in some cases, and you discover certain conditions that are reportable. That is an example.
Is that a circumstance that arises under other conditions?
DR. HIATT: There are ethical questions that come up here. If you know that somebody is HIV positive and they are having relations with somebody who you know is not infected, and you can't -- these are medical type of issues, but they involved records. They have been debated in the ethical literature and so forth. But I hesitate to say these kinds of things should be legislated. There are decisions that physicians make, and by extension, medical researchers.
DR. GELLMAN: Well, my next question is, should you be able to disclose records to treating physicians? You are looking at records, you are not dealing with the patients. You look at records and you discover information by linking records one way or another, and you discover something about the patients that is threatening to them. You have got perhaps an emergency condition, emergency circumstance, it is relevant.
I know there are a lot of ethical questions that arise, but in terms of crafting a statute that says, okay, you can get records, and these are the terms under which you can re-disclose them. You can say they can never be re-disclosed, but then if you do that, then if there is other research use that makes sense, that would be cut off.
If you just write a blanket rule, then when the oversight people come along, be they police or inspector generals or whatever, they can't get access to the underlying records. So that seems a bit too restrictive. And you have to confront all of these questions, because otherwise you are leaving people in a circumstance where they don't know what they can do, or they are at legal risk for making a disclosure that may otherwise make legal, ethical or moral sense. So you can't avoid some of these questions.
These are all things right out of the legislation, which sets terms under which when information can be used and re-used.
DR. FANNING: Can I ask a question to exemplify the public health case? Suppose you collected records, extracts of records in a great series of hospitals in two counties, and the public health authorities -- from hospitals or possibly from office visit providers, and the public health authorities said, we are not sure we are getting all the TB cases reported. Would you give a printout of all the TB cases and the names as detected in your analysis there; we want to see whether physicians reported them and whether these people are being followed up.
Is that a proper demand on a researcher?
DR. HAMILTON: I was going to say, TB is one of the examples that is already legislated as a reportable --
DR. FANNING: Yes, the provider is obliged to report it. However, you have gotten it in a secondary situation. You didn't identify the patient and diagnose the patient. You have taken this from somewhere else. You have a large assemblage of records which the public health people think would be a good source to find out what is actually going on. Is that a proper -- do you consider disclosure of that a proper thing, from the standpoint of the research ethic and all that goes with it?
DR. HIATT: I'm trying to think of a general case. Again, in our situation, where we are acting as an extension of the medical group, yes, we do that.
DR. FANNING: Yes, okay.
DR. HIATT: But if you had obtained medical records from a practicing physician or group of physicians, you might go back through that practicing physician and give them the information. This is information that you would like to know about, it is a reportable case. So the medical researcher would provide the information to the physician, not directly to the county.
DR. FANNING: Okay, but suppose the county arrived at the researcher's office and said, look, we know you have assembled this from a great number of reports, and we think you should give it to us, because we want to know -- we think we are not getting proper reporting through the regular channels, we want to know all the TB cases.
DR. HIATT: We would like to help you, and we are going to provide the information to the physicians from whom we got it, and we direct you to them.
DR. HAMILTON: I can think of two other situations. One, we always have the option in all of these cases to go back to the patient and ask for consent to say, we want to do this additional research, so I want to disclose your records to another researcher.
The police situation would be a little bit more dicey, but the public health agency has asked for us to make sure that there is a full identification of all the TB cases. Or you could say, well, I can't go back to all these patients, so I am happy to provide the information. But I can only do it if you give me a court order and basically force me to do it. You are asking the public health agency to --
DR. FANNING: Do you think there should be authority to get a court order?
DR. HAMILTON: Well, for TB there would be. It is a reportable disease.
DR. ANDREWS: I think we have a different answer for that. I think the researcher's obligation would be only to say, let me give you the summary of the information we have. We have X number of cases of TB in the following time period from participating institutions. The authority could use that to compare with the information collected. If they feel there is under reporting, then they could go back to the hospital or other providers. I don't think the researcher has the obligation -- or, I think the researcher has the obligation not to disclose the individual information that is in the research database.
MR. WITTER: If I can give you another example, as part of the stroke prevention port that I mentioned that we were involved with, one of our goals was to understand how physicians were managing patients that needed to be anticoagulated, that had atrial fibrillation, and are therefore at a high risk for stroke. We want to understand why there seemed to be so much variation in specific practices, and what were the underlying reasons.
So we took to our IRB a proposal that said, we want to examine records in physicians' offices, in their practices. We didn't really care about the identities of the patient, but we wanted to know about how physicians were managing this group of patients.
Now, if the public health authority had then come to us and said, we want to know about those physician practices, our answer would have been, we can't tell you that, because the conditions under which we were working were established by an IRB, and while the physicians knew we were there and knew what information was there, and we agreed as part of the conditions of that study to provide individual physician feedback, that that was the limit of how we were going to use the information that was approved by the IRB.
So we would not disclose it to anyone else out of that context. If somehow somebody wanted to go to court and get a court order, we would have complied with the court order. But we would have taken no initiatives to show that information in any way, shape or form outside of the scope of what was required by the study.
DR. FANNING: Now we are designing the situation under which the court orders are obtainable or not obtainable. Would this be the kind of thing -- if we were writing it up, determining whether court orders were available for this, what would you view be of how we should --
MR. WITTER: My answer would be no.
DR. FANNING: No.
DR. ANDREWS: I think we would have a very definite reduction in the number of institutions that were willing to participate in very important epidemiologic research.
MR. WITTER: Because basically, you make it too easy for somebody else to break the conditions that are established in terms of peoples' willingness to provide information. You are really opening up the issue of making information more public than it would otherwise be by, in effect, the contract that you have made with the individuals participating in the study.
DR. GELLMAN: Not to suggest that I am not sympathetic to the point you just expressed, but right now what protections do you have? I can be a plaintiff's attorney and come in with a subpoena and get whatever records I want, and you don't really have any protections today. Am I wrong?
DR. KORN: I'm not sure, but I think you are correct. That is why -- again, unfortunate I have to leave in about eight minutes, but I really -- coming from the genetics turmoil and the tissue issues, I really wish that someone would deal with blanket protection of research information that would protect it from forcible disclosure. Now, there may have to be some very, very carefully crafted, narrow exceptions to that mantle of protection. But I think it is very, very important, in order to build up public confidence that if people are willing to participate, personally or through their derivatives, in research, that that material really will be held in strict confidence.
I think it is a terribly important issue to build public confidence in the process, and to alleviate a lot of public anxiety, which is very severe right now. Part of it is because of genetics, part of it is because of the whole thing of electronic information transfer, with records flying all around, in and out and here and there. I really would urge you to give some consideration to that.
I think there are two pieces, as I said before, one, the institutions' need to have policies that are meticulous in what is expected of their people, in terms of non-disclosure and all of this other stuff. It has to be sanctionable for violations, so there is teeth in it. But then over that should be a protection of the whole institutional repository from insurance companies or employers or other -- anything but the most compelling public need to force disclosure. I think we would go very significantly toward alleviating some serious public concern about these issues.
DR. GELLMAN: I think that that is sort of the general approach that is -- in all of the bills, even where they disagree, is to try and put that kind of structure in place.
Let me just offer an observation. It is clear from public opinion polls that the public is not wildly sympathetic to researcher use of records. You can read the polls as you please, but people even have concerns about making non-identifiable records available to researchers. You can find that in the polls as well.
A question here is, why doesn't the public trust researchers, and why doesn't the public appreciate the connection between records and research? You find on the evening news virtually every night these days some research study is reported. But the people that conduct these studies have not done a very good job in terms of educating the public.
The public is very interested in the results of research, but they do not make the connection here. I think this is a problem that the industry has, in terms of educating people about -- that this is not a free activity, that people have to contribute to this in some way. It may be one of the ways they contribute, besides spending billions of dollars of federal funds every year, as well as lots of private funds, is through making records available under conditions.
Anyway, that is just a general comment. Let me turn to another issue. Our witnesses from the AAMC have to leave, so when you need to, just get up. We thank you for your participation.
I want to talk about pre-emption of state laws. This is going to be a hot button issue throughout. My question is whether there are any existing state laws that affect the conduct of research using identifiable records. As a hint, let me suggest that there are perhaps AIDS laws, and I want to know what the experience is with these laws and what problems they present, if any.
MR. WITTER: There are 38 states, or there were 38 states that collect uniform hospital discharge data regarding all hospital admissions. AHCPR reports some of that out now in the national in-patient sample.
The conditions under which each of those databases is maintained, and how they can be used varies state to state. For $300, I can buy the California data set. I get scrambled or encrypted numbers. I can't find out exactly what zip code people were in, but I can use that information in virtually any way I want. If you call California and say, are there any restrictions on how I use this information, they say no.
In the state of New York, if I want to get the SPARCS, which is the analogous database, I can't use that data in any way that reports a cell of information of less than five cases. There are other states that are even more restrictive, and everything in between.
One of my concerns in reading this pre-emption provision that is in some of the legislation is, in effect, it overrides -- it may override that in some ways that eliminate the state's ability to set those standards for themselves.
DR. GELLMAN: Is that a good thing or a bad thing?
MR. WITTER: Well, as a researcher, I am frustrated, in that I can't use the data from other states in the same way I can California. But at the same time, those standards have evolved for reasons that apply to that particular state and that level of information. Since the information itself varies state to state, there may be an appropriate basis for some of those differences.
DR. GELLMAN: Suppose all 50 states had different sets of rules and procedures governing all health research use of identifiable medical information. They establish their own IRBs or something in addition to IRBS. One state decided to require a patient consent, whereas other states allow it without consent. Do you support allowing that flexibility?
MR. WITTER: Well, the basic issue, we all know, is what do you want to do in terms of tradeoffs for flexibility in the authority of the individual states versus standardization of information and simplicity rules. I don't have any better answer to that than anybody else.
DR. GELLMAN: Anybody else have a comment on that?
DR. KORN: I don't know. I agree with what David Witter said. It is a mare's nest. But it seems to me that our society has indicated very clearly since World War II that there is deemed to be a compelling federal interest in promoting research, particularly -- not exclusively, but certainly biomedical research broadly defined has been a very, very favored object of that support.
I think that in terms of large rule sets that have profound impact on the way that research can be conducted, the benefits that can flow from that research for public good, that there should be federal pre-emption. I guess I would disagree with my colleague a bit on this, although he might be able to convince me otherwise.
I think that the federal government should have the right to assure that the conduct of the research to which the government puts so much public resource is conducted as readily, as easily as it can be, subject to some common set of protections that everybody would agree are necessary.
So I guess I would go for pre-emption. I think having every state doing everything entirely differently would be terribly disadvantageous, particularly for the kinds of large-scale health service research and care delivery and financing and organization that society also seems to be very concerned with these days.
DR. HIATT: I would point out two examples that support that statement. Increasingly, epidemiologic research involves multi-center studies. So you get research units in different states that are collaborating and pooling data that may in fact be linked to SEER data or something like that. That would present problems in terms of the standards that are involved in data collection and so forth.
The other situation is that there are national organizations, Kaiser Permanente, for instance, that has research units in multiple states. We would like to be able to draw conclusions from studies where data is drawn from individuals in different states.
So in both those situations, a uniform set of confidentiality rules would be preferable to having to deal with state differences.
DR. GELLMAN: Well, I think that this is an issue that is going to have a very high political content. In other privacy legislation, -- I am thinking specifically of the Fair Credit Reform legislation that passed in the last Congress, a fight over pre-emption held up an otherwise consensus bill from passing for four or five years, probably.
So this is a very difficult issue, and it is one on which people, whatever side they happen to be on, are going to have to speak clearly and forcefully.
Let me make it worse. Research is not just a nationwide activity. It takes place internationally, too. Anyone have any experience in what extent research that is conducted across national boundaries is something very unusual, is it something normal?
DR. HAMILTON: For cancer it is very usual. There is a direct relationship with -- there are multiple cooperative groups in the United States of collections of universities and clinical offices that do research together. There is a similar organization, the European organization for the research and treatment of cancer, at EORTC. At one time, the statistical office was even receiving some NCI funding.
There has been a recent move by the FDA to standardize -- FDA was a participant -- with Europe, Japan and the United States in an international committee of harmonization of terminology and data reporting and whatever else. So the obvious move is that there will be more and more international research, the borders between the United States and Canada, probably to the fear of the Canadians. But it is sort of invisible, as far as cancer research goes. The Canadian institutions, numerous ones participate in many, many American studies.
DR. HIATT: Are these with identifiable data?
DR. HAMILTON: Sure, yes. Well, often yes, not always yes.
DR. GELLMAN: The member states of the European Union -- and they are not the only foreign countries -- have data protection laws that regulate the use and availability of all personal records of all stripes, no matter what, including of course medical records.
I am wondering if anyone has any experience, or have heard of any problems that have arisen, in terms of doing these international activities and running into foreign data protection laws that are more restrictive than we have here.
DR. ANDREWS: It certainly comes to the attention of our society. We have a public policy and ethics committee that is looking at that, and a special ad hoc committee that is looking at European issues and data privacy.
As you know, in the European Union, they did adopt a directive on data privacy, and the member states have only about a year and a half, I believe, to adopt their own standards.
DR. GELLMAN: Most member states already have laws.
DR. ANDREWS: And people who are doing research are trying to struggle with implementation.
Another provision of the directive relates to transfer of data outside of member states to non-EU countries. My understanding was that some countries were beginning to question whether the U.S. is an adequate place for providing data to.
Certainly, research is done with multi-center studies, multi-country studies, all the time. Whether or not they are multi-country studies, data from clinical trials, data from spontaneous adverse experience reporting are transferred from one country to another all the time, with linkable information.
DR. GELLMAN: And this is important, this is valuable.
DR. ANDREWS: It is critically important, absolutely. Must happen, must happen.
DR. GELLMAN: Can you say why?
DR. ANDREWS: So that regulators can have confidence in the quality of the data that support regulatory decisions, for example, for drug approval or other regulatory action that happens, changes in product safety labels, for example. This kind of information is critically important, and cannot be obtained in any other way.
DR. GELLMAN: And this contributes to the general level of public health?
DR. ANDREWS: Yes.
DR. HARDING: Is the EU's federal legislation that they passed, is that a base or a ceiling?
DR. GELLMAN: It is more -- it is a hard question. It is more of a floor than anything, but it is not that simple. It is not that simple.
We have had some discussion off and on about registries. This is a difficult issue. If you look at the bills that have been proposed, they don't really deal directly with registries. If you say registries are just the same as research and they are regulated in just the same way as research is, I don't know that that necessarily reflects the reality. I want to see if one or all of you can talk about the role of registries. Are there a lot of disease registries that use identifiable patient information, how do they work, how does information flow back and forth? Are there different kinds? Can someone speak to that?
DR. HIATT: Yes, there are a lot of them. They have individual identifying information.
The way they work is that -- they work frequently through linkages. For instance, there are cancer registries, there are diabetes registries, there are AIDS registries.
DR. GELLMAN: Would you say there are hundreds of registries, thousands of registries?
DR. HIATT: I would say that there are somewhere between 100 and 1,000 registries in the country of various and sundry -- clearly more than 100. I don't know if there are a thousand yet, but just within our own institution, there are three or four. I don't know how many there are nationally, but there is certainly the SEER registry, which is very prominent, in everything that we do in terms of cancer.
DR. GELLMAN: SEER? Is that an acronym?
DR. HIATT: SEER. That stands for Surveillance, Epidemiology and Results, and End Results. End, e-n-d, results. It is something that has been supported by the National Cancer Institute since 1973, I believe.
DR. GELLMAN: Why are registries important?
DR. HIATT: Registries provide us with population-based data on rates. The new cases, deaths, survival, other aspects of treatment. It is important to notice, because we use them for looking at trends in diseases. Everything we know about cancer, for instance, again, comes -- this is the best data source we have.
So when you read things in the paper, when the public reads things in the paper about decreasing cancer mortality or increasing rates of melanoma or other specific cancers, it comes from this source. It generates research into causes of these trends, and it has all very important and critical public health consequences, as well as clinical consequences.
So they are used -- they are really critical to the way we do public health research.
DR. GELLMAN: So registries contribute to the practice of medicine and to the quality of public health generally?
DR. HIATT: They absolutely do.
DR. HAMILTON: And one needs linkage of the information, because if there is an incidence of a disease, then one has to be able to see what the end result is, tie into the death index, that kind of thing, to know how mortality rates are changing, because of course not all information comes in on a particular individual at one time.
There is somebody here from SEER, if you have particular questions about it. But I think the linkage there is the social security number.
DR. FANNING: Can I just ask how the information gets from the provider? Is this something that hospitals and physicians voluntarily agree to participate in? If so, is that regarded as a research disclosure and subject to IRB review? Or is there legal compulsion in states?
As I understand it, there are some state laws that deal with reporting. Could you comment on that?
DR. HIATT: There are registries that are mandated by law. Again, the cancer reporting is one of those.
DR. GELLMAN: Who is required by law to report what?
DR. HIATT: Individual physicians are required to report cases of cancer, by state law.
DR. HAMILTON: And also by hospital accreditation, certain accrediting organizations demand that there is a tumor registry in hospitals, and that accurate data are collected to have the ability to have, for instance, a surgical oncology program at a particular hospital.
DR. GELLMAN: Is there some kind of certification requirement for registries? Can I just set up a registry, everybody tell me -- everyone who has got cancer, and just send it over to my address and I'll put it in a computer and do with it as I please? Are there any controls on this process?
DR. ANDREWS: No.
DR. GELLMAN: Do you want to come forward and identify yourself? Are you willing?
MRS. PERCY: I am Mrs. Percy from the SEER registries. I have been with them since the inception of the program. The cancer registries were initiated in 1971 from the Nixon act on cancer. We started in '73.
Each state has different laws, slightly. They all basically give the permission to a state registry or some other -- some of them are voluntary.
DR. GELLMAN: But I take it that there are other registries that are not required by state law or regulated by state law or regulated by federal law or regulation that exist, is that right?
MRS. PERCY: Yes.
DR. GELLMAN: So this is basically -- anyone can be a registry, if you want.
MRS. PERCY: But in order to get the records, you have to have some official recognition.
DR. GELLMAN: Official recognition by who?
MRS. PERCY: Well, usually it is the state. I think particularly in Detroit, we have a private foundation who collects the -- registers patients.
DR. HIATT: Well, leaving cancer for a moment, you have other diseases, say, diabetes, where you have questions about disease management, and you want to know how to predict who is going to need what kinds of treatment, and who needs to be followed with particular care.
DR. GELLMAN: Are we talking individual tracking of individual people to make recommendations about their treatment?
DR. HIATT: No.
DR. GELLMAN: Or is this generic?
DR. HIATT: No, this is generic. I am saying, the medical reason for having a registry is to learn more about how a disease behaves in a population at a group level. But you need the individual data, and you need to be able to link it in order to make those kind of conclusions.
So for instance, you might collect a bunch of information on who has diabetes, and then follow them over time, and find out who requires treatment for retinopathy, or who has an amputation, who develops an infarct. By using epidemiologic methods, you can come up with a very useful picture of the progression of the disease, which helps not only medical care, but health services management.
The reason you get that information -- the way you can collect that information is because of access as researchers or as physicians to hospital discharge data or other sorts of medical record information. Whereas you can construct the registry, given current circumstances, without permission from the fossil fuel, if you were to go to the individual to ask for additional information that was not related to medical records, then you would have to get informed consent.
DR. GELLMAN: Well, let's stick with the access without consent. Suppose you ask people to consent before their information were sent to registries. What would be the consequences?
MRS. PERCY: You wouldn't get complete registration.
DR. HIATT: Same problem I mentioned at the beginning. You would get people who refused to participate for various and sundry reasons. You would have a biased picture of the natural history of the disease.
DR. GELLMAN: Okay. Do registries themselves do the research, or do they make their information available to others to do research?
MRS. PERCY: Both.
DR. GELLMAN: How do they make decisions about who can see information? Do they use IRBs? Do they have their own IRBs?
DR. HIATT: They frequently have their own internal peer review groups. They look at the quality of the research question and the quality of the researchers, and allow the data to be used if it passes muster.
DR. GELLMAN: Is that the equivalent of an IRB?
DR. HIATT: No.
DR. GELLMAN: Why not?
DR. HIATT: Because IRBs don't usually look at the quality of the research. They don't look at the science. IRBs' main mandate is to protect human subjects. These groups do both, I think.
DR. HAMILTON: And an IRB has a prescribed membership and that kind of thing. So they might be quality judges or a review body, but they wouldn't be an IRB in the formal sense.
DR. FANNING: So there are some disclosures from these registries that are not subject to formal IRB review, that are in fact not reviewed by IRBs, is that correct?
DR. HIATT: I don't know across the country. In fact, I'll make a general statement about that. In our institution, it is reviewed by the IRB.
DR. HAMILTON: And the disclosure would almost never be about individual patients. I can't think of an example. I don't want to say never would be, because there is never a never or an always.
The data that are collected from various individual physicians or individual hospitals would almost always come in some coded fashion. A social security number isn't much of a code, but then the data that would be reported would be on national or state statistics, not what individual patients had or their outcomes. So it would be blended in, and the patients would become anonymous because they would be one of 100,000 or one of a million that had a particular condition or a particular outcome.
DR. FANNING: But as it leaves the registry, it is identified?
DR. HAMILTON: As it comes into the registry.
DR. FANNING: As it comes in, but not as it leaves?
DR. HAMILTON: Right. Why would you want to do that?
DR. FANNING: Suppose someone wants to do a linkage of some kind. Wouldn't that have to go out in identifiable form?
DR. HIATT: Yes. This goes back to what we discussed earlier. Somebody has to do a linkage.
DR. FANNING: So it does get disclosed in identifiable form from the registry.
DR. HAMILTON: But there would be a review of that type of research project, either by the registry or by some other body.
MRS. PERCY: Sometimes it is through social security number.
DR. GELLMAN: Basically, the approach in the bills is to treat registries as researchers. None of the bills have gotten this specific, I don't think, which would mean basically, before anyone could disclose records to an IRB, just like research there would have to be an IRB approval. This seems like a crude method for what is a continuing -- the view of research in the legislation generally is that a research is not an unusual event, but is an identifiable event. Someone comes along, gets an idea to do something, collects the records, does the research, publishes results in some fashion, and then that is the end of the project. Although some of those things obviously go on for a long time.
A registry is a perpetual thing. There doesn't seem to be any kind of formal, legal, whatever industry certification or regulatory process. How do we regulate -- what is to stop Junk Mail America from setting up a registry of people with diabetes, and say everybody tell me all your diabetes patients so we can send them junk mail?
How do we regulate this? How do we say in a piece of legislation that disclosure to registries is okay? How do we set qualifications for registries? How do we control the process? How do we make these distinctions? Does anyone have any ideas?
DR. HAMILTON: Why would you want to regulate that?
DR. GELLMAN: If you want to allow disclosure to registries, you have got to be able to say what is a qualifying registry.
DR. HIATT: But if Junk Mail America told me, send them information about all my patients, I would say no. My information already goes to SEER, which is a reliable registry. Why would I --
DR. GELLMAN: But what if Junk Mail America came along and said, we are a qualifying registry under the statute, and we will pay you $100 a name? You might not do it, but somebody else would. Our scoundrel might do it. That might be very attractive.
If you are writing a piece of legislation, you don't want to leave a loophole of this variety. The question is, how do we regulate? How do we define what we are talking about here?
DR. HIATT: You are suggesting that registries be treated as researchers? Registrars be treated as researchers?
DR. GELLMAN: Registries have to be treated as something in order to get disclosure by identifiable records.
MRS. PERCY: They don't, not at the national level. We get all our records in by a number. The only thing I can identify is the state they came from. If somebody wants to really identify the person, they have to go back to the state registry, and then as I said, they have different rules. But it is pretty hard to identify the patient.
DR. GELLMAN: But the state registry may have -- and other registries have identifiers.
MRS. PERCY: The state holds the name of the person. They collect them, so of course.
DR. GELLMAN: The problem is somewhere then. It is still the question, what is a registry. Is there a trade association of registries? Is there some kind of industry rule? Is this just an area that has developed over a long period of time with a useful source of information and product that, all of a sudden we've got a problem how to define it?
MRS. PERCY: Well, CDC is in control. Of course, there is a National Cancer Act, and nowadays, CDC in Atlanta controls cancer registries in every state in the union.
DR. GELLMAN: But that is just one kind of registry. There are lots of registries that CDC doesn't control.
MRS. PERCY: That's right, there are. One of the biggest now is AIDS. That is a growing thing.
DR. WARD: My understanding of the definition of a registry is that it is a research surveillance tool. One must not confuse a registry with a clearinghouse.
DR. GELLMAN: Explain.
DR. WARD: There are for-profit clearinghouses that have been produced, where information may be collected from sales, that kind of thing.
The patient registry to my experience is a voluntary or mandated entity that a government has authority over, and it fits into all of the research requirements. I can't imagine any other reason for a registry. Even an institutional registry would have to be under that institution's health information requirements.
DR. HIATT: And you're going to get at this this afternoon.
DR. GELLMAN: Yes.
DR. HIATT: The public health function of surveillance is what you are talking about. The CDC folks are coming this afternoon and are the ones you need to talk to.
DR. GELLMAN: Okay. But this is a problem that is largely unexplored to date in most of the legislation. Registries are clearly important. Clearly you have made the case. The question is, how do you get information into a registry, who controls what is a registry, how do you get information out of a registry. When you are writing rules that are comprehensive, you have got to deal with all of those things at some level. That is what I am struggling over here.
DR. ANDREWS: I was just going to go back to the example that I used earlier about pregnancy, registries associated with some particular kind of medication exposure. That is an example of a registry where the identifying information is only available as it goes into the registry, and only in a very limited way it is deleted. There could never be identifying information coming out to re-link.
DR. FANNING: Now, is that a research project that was approved by an IRB?
DR. ANDREWS: No.
DR. GELLMAN: Who runs this? Is it a registry of all pregnancies?
DR. ANDREWS: No, not all pregnancies. There are several different pregnancy registries, and run in different ways. But basically, the principle is, there is some oversight group that considers the study design and how the study works.
Physicians who voluntarily contact a registry provide enough information so that the registry can re-contact that physician at about the time of delivery, so that the physician will know which patient they registered, and provide information about pregnancy outcome. At that point, the identifier is deleted, so that it becomes a non-identifiable data set after that point. There could be no further relinking to identify the patient.
DR. FANNING: But the physician has disclosed a name.
DR. ANDREWS: Not a name, not a name, but some kind of identifier or code.
DR. FANNING: I see, okay.
DR. ANDREWS: That they choose. They disclose voluntarily.
DR. FANNING: Okay, well, that presents less of an issue, because that doesn't sound identified as it leaves the provider. But in any of them that seek to un-duplicate or seek to have follow-up from other record sources, the registry is going to need real identifiers.
So the question is, does that count as a research project that should be reviewed by an IRB? And is that a feasible way of doing it, in view of the fact that this is an ongoing thing? Or should it count as something else?
DR. HIATT: Just thinking about this as you are bringing it up here, I think it is less different than it might first appear. In any epidemiologic study, you essentially -- or in many epidemiologic studies, especially cohort or prospective studies, you are essentially constructing a registry of individuals who you then link with other information to learn something.
In this case, the registry performs that step, but doesn't take the next one. But it is there to take a number of next steps. So in many respects, it is the first stage of a research project.
I'm not sure just on the surface of it what the downside, from the perspective of a researcher, would be of treating registries as part of the research enterprise, and requiring that IRBs review their mandate or their intent. IRBs don't like to do this, because they want to know what the hypothesis is, what the question is, how are you going to use this information. So they may be uncomfortable with taking this on.
But you were on an IRB. It seems still quite feasible to review the broad attempt.
DR. HAMILTON: And if the information is not tied to a specific patient, that is, patient identifiers have been removed, then in some cases no IRB review is required. Obviously, we are talking about -- in each case it is removed, but there is linkage, or else the information would make no sense. How can you find out the outcome unless you can go back to the actual person's chart? But the reliability then is with an individual provider or some lower level provider. There is an implication of consent or there is actual consent, depending on what a patient signs when she or he begins the process of care.
DR. HIATT: I believe this is a case where epidemiologists would not object to IRBs reviewing registries in the same way they review other research. I think this is a reasonable protection of patient confidentiality that would not interfere with the research enterprise.
DR. GELLMAN: Well, let me make a comment and a suggestion. I think some kind of process here may be needed. We have got to distinguish -- we've got to define what a registry is, and we have got to have some kind of process to say this is an acceptable one. The IRB model exactly as written may not be the right thing, but it may be very close.
Another question: whose IRB does it? If there are 500 hospitals all making disclosures to a registry, are they all going to do this themselves, or can we have some nationwide or possibly out of the Department of Health and Human Services some other mechanism to serve as the IRB? Those of you who represent organizations concerned about this need to go back and think about this, and see what makes sense, and perhaps come forward with some suggestions about how to deal with this.
I don't think it is necessarily all that difficult. You just have to make sure that in the context of a piece of legislation that you have allowed for disclosures that make sense and that serve the public interest, and that you have provided people with a degree of protection for their information and confidence that there are protections and that there are rules.
There are already a variety of models. It is just a question of fiddling, I think, with the elements that are there in some way that accomplishes all the purposes. Maybe registries have to be recognized -- and I am not sure of this -- as some kind of separate thing. It is not the same as research and not the same as public health, maybe not, I don't know that. But at least it is a possibility.
DR. HAMILTON: I would like to make one statement. Dr. Hiatt mentioned that IRBs are -- their main function is protection of human subjects, so they won't really review the science of a proposal. Although most, at least in my experience, will because if the science doesn't justify a clinical trial or some kind of research, then why subject somebody to any kind of research, even if it is only the inconvenience of an interview.
So science isn't actually a dictated part of what an IRB has to consider, but it is obviously an important part.
DR. HIATT: A double check, yes.
DR. GELLMAN: Anybody else have anything you are dying to say?
Well, it is noon. We are going to reconvene at 1 o'clock to talk about public health. I would like to thank all of our witnesses for coming. It is very helpful. We will be back at one.
(The meeting adjourned for lunch at 12:00 p.m., to reconvene at 1:00 p.m.)
A F T E R N O O N S E S S I O N (1:05 p.m.)
DR. GELLMAN: We are going to reconvene, if everyone will find a seat.
This afternoon's panel is about public health. We are just going to go right into it. Let me just make a comment. Some people have said it is a little hard to hear in the room, so if the witnesses would speak up, and I guess all of us as well, to make sure they can be heard.
The procedure here is to recognize everybody for five minutes, to make a statement if they want. I will cut you off ruthlessly, as I did this morning, after five minutes, so we have the rest of the time for questions. You are the only panel this afternoon, so we have lots of questions, and we will have lots of opportunity to speak.
Would you like to begin?
DR. POUNDSTONE: I'm John Poundstone. I am the Commissioner of Health for the Lexington, Kentucky Health Department. I am here representing the National Association of County and City Health Officials.
I am probably the wrong person to start off on this. My plane has just landed. I was only selected for this last week. I do know that, just as perhaps an obvious statement, we do need information on patients that have communicable diseases, particularly sexually transmitted diseases, tuberculosis, diseases like that, that we know are a threat to the community, so that we can stop the spread of diseases.
In addition to the obvious communicable disease information needs that we have, clearly we know that there are preventable causes of injuries, preventable causes of environmental related conditions. So anyway, we are very concerned that we will continue to have access to patient information, so that we can continue to do our job.
With that, I will end my statement.
DR. GELLMAN: Okay.
DR. FLEMING: Good afternoon. My name is David Fleming. I am the state epidemiologist from the Oregon Health Division. I am here today representing the Oregon Health Division, as well as the Council of State and Territorial Epidemiologists, of which I am president.
I really appreciate the opportunity to address the panel, and to provide just a few comments for you.
The job of all health departments, including the Oregon health department, is to protect, preserve and promote the health of people under our jurisdiction. As a consequence, Oregon like every other state has recognized that in select instances, public health departments need timely access to identifying medical information without the consent process. That is, the person in question cannot opt out of this.
It is this fact, this need, that I would ask the panel to recognize in whatever recommendations you wind up making.
Let me quickly add that health departments uniformly realize that our ability to obtain this information is a special privilege. Our livelihood depends on us protecting this information and protecting the public's trust. As a consequence, one of the strongest values that you will find in public health culture is a feeling of an absolute responsibility to protect the confidentiality of the data under our domain.
So it is really not a public health versus private rights kind of argument that I would like you to consider, but it is rather that public health can only operate if we protect the integrity and the privacy of our customers and clients.
There are basically three areas where we need access to identifying information. The first is in the creation of an official public record. All health departments are charged with monitoring marriages, divorces, births, deaths as a service to society, as well as a service to the individual. We need information in order to do that.
The second area is the area that Dr. Poundstone has mentioned, which is in surveillance or monitoring for specific diseases or conditions. We need the ability when there is a case of meningitis in our jurisdiction to quickly be able to contact the people who might have come in contact with the case and to provide prophylaxis to them. We need the ability, when there is a case of hepatitis-A, to quickly investigate that case, to determine if the case was in a food handler. Even though it might not be in the economic best interests of that individual or the establishment for which they work, to notify the public if there is a danger to the public.
We need the ability to quickly investigate unusual new illnesses. We need the ability to look at medical records when there is an outbreak of the next toxic shock or Legionnaire's disease, or eosinophilia myalgia syndrome.
The third area that we need access to information is in population-based registries, be they immunization registries, cancer registries, trauma registries. It is the responsibility of health departments to serve the entire population, not just people who choose to participate in a particular service. Because of that, we need to know information about everybody under our domain, whether it is for the purpose of providing immunizations, whether it is investigating cancer clusters, whether it is assuring the effectiveness of our trauma delivery system.
To conclude, I would like to make four suggestions for the kinds of recommendations that you might consider. The first two suggestions are things I would suggest you not recommend. They really derive from some of the legislation that was proposed last year.
First, all states have already threshed through the specifics of confidentiality and public health information. Please, please do not recommend pre-empting state public health confidentiality and access laws.
On a philosophical basis, it is at the state level where there is a responsibility for assuring the health of the public, and therefore it should be at the state level where the balance between a patient's confidentiality and the service to society, where that decision should be made, not at the federal level.
On a practical note, at the state level, the existing confidentiality laws are meshed throughout the state system with rules and regulations and practices. To pre-empt those laws and try to establish some new standards would create chaos.
The second place which I would urge you not to make a recommendation -- and this also was in some of the legislation proposed last year -- is, do not change the authority of a state to require information from a mandate to a permissive. In other words, providers need to know that they have to provide this information to us, not that it is their choice to provide this information to us. To give a provider that choice will do nothing but create further work for us, and I would put it in the general category of creating an obstacle for a legitimate process, in the hopes of preventing abuse. Don't make the process more complicated than it has to be.
The third recommendation is, feel free to establish federal penalties for wrongful disclosure. In the public health arena, one of our strongest values is to protect this information, and the way to do that is through effective penalties.
The final recommendation is, in Oregon, for example, I am confident of my ability to protect public health information from any person in the state who wants it. I am less confident of that ability if I receive a federal subpoena or a federal court order. I would urge the panel to make recommendations that would protect public health information at the state level from federal subpoena or federal court order.
Thank you.
DR. GELLMAN: Thank you. Dr. Thacker.
DR. THACKER: I am Steven Thacker. I am the director of the epidemiology program office at CDC. With me are Vera Neslund, who is the deputy legal counsel for CDC HTSDR and Dr. Joseph Reid, who is the associate director for science for the information resource and management office at CDC.
We welcome this opportunity to appear before the committee to provide a federal perspective on the functions of public health and the relationship to certain issues of privacy and confidentiality.
The mission of CDC is to promote health and quality of life by preventing and controlling disease, injury and disability. We accomplish this by engaging in a number of activities, including monitoring of health of the population, detecting and investigating health problems, developing public health policies and implementing prevention strategies.
In these activities we work closely with state and local health departments and other partners. CDC and its public health partners are concerned with a wide spectrum of health issues, including infectious diseases, chronic diseases, reproductive outcomes, occupational and environmental health and injuries.
There are several types of public health data that we use routinely. For example, as alluded to earlier, there are reports of cases of specific infectious diseases that are sent from state health departments to CDC each week. Other types of data include vital records, information on health status, risk factors and experiences of populations, and information on the potential exposure to environmental agents.
Health information collected by CDC does not generally include personal identification of individuals. However, to protect the public's health, the agency under certain circumstances must access confidential health information. With few exceptions, state health departments and other providers remove identifying information to CDC. When CDC assists health departments with investigations, agency staff may act under the authority of local health officials who may assist. CDC policy mandates that its staff retain individual identification information only when absolutely necessary after leaving the health department setting.
Today, powerful social and technological trends will create new opportunities and challenges for strengthening the nation's health information flow. The first trend is the shift in the health care industry from one dominated by a large spectrum of small offices to one characterized by a smaller number of large managed care organizations with electronic patient record systems.
The second trend is a greatly increased capacity to take advantage of hardware, software and spatial aspects of transfer of electronic data, currently characterized by the explosive growth of the Internet. We anticipate that new technologies, new partners and new data sources will provide health information systems that will enhance our capacity to protect the public's health.
At the same time, there are barriers. Public health information systems exist in thousands of places, in record systems of public health agencies, in grantees, in the information systems of the health care institutions, and in individual case reports, just to name a few. Fragmented and departmentalized, this information often cannot be aggregated to describe populations, communities, or even describe health issues.
To address this, CDC is committed to implementing the highest priority objective of its strategic plan, the creation of an integrated public health information and surveillance system. CDC has convened a health information and surveillance system policy board, which is chaired by the agency's associate director for science. The board has representatives from CSTE, where Dr. Fleming is from, the Association of State and Territorial Lab Directors, and the National Association of Public Health Statistics and Information Systems.
In addition to addressing policies and standards within the agency, board members are actively interacting with a number of outside groups such as the American National Standards Institute and the Computerized Patient Record Institute. Board members also participate on implementation teams convened by the HHS Data Council to develop recommendations for enacting certain provisions of the Health Insurance Portability and Accountability Act of 1996.
We believe that these efforts will create efficient and valuable sources of information about health strategy, status, quality and cost of health services, information needed to create effective public health policies and practices.
In summary, CDC programs use health information to monitor health trends, respond to urgent threats to public health, identify causes of preventable diseases and injuries, develop and evaluate prevention strategies. The execution of these essential public health functions depends upon CDC's continuing access to confidential health information.
The agency recognizes the importance of individual privacy and data confidentiality, and has successfully protected information in the past. We are unaware of any breaches in confidentiality that have occurred at the federal level at CDC. CDC will continue to use state of the art methods to protect data and data systems, and to maintain confidentiality of health information.
Thank you.
DR. GELLMAN: Thank you. Let me begin the questions with -- oh, I'm sorry, do you have statements?
MS. NESLUND: No, we consider it one unified statement.
DR. GELLMAN: That's my assumption. Let me begin with the basics. If you look at the legislation that has been proposed on Capitol Hill, they are all relatively generous in allowing public health agencies to have access to and use of identifiable health records. I think there is pretty broad recognition that public health departments, public health agencies serve the public interest. I think that is reflected in the bills.
The question is, what does public health mean? One bill talks about disease or injury reporting, public health surveillance, public health investigations or interventions. Have we defined this field well? Is this a reasonable statutory definition? Do these terms have clear meanings?
DR. THACKER: I always defer to my local colleagues first.
DR. GELLMAN: I don't want to get too much into wordsmithing of all of this, but I think the basic issue is a tough one. The language is, disease or injury reporting, public health surveillance, public health investigations or interventions.
DR. THACKER: It pretty much covers the CDC mission. As you remember, I read out in my statement each of these aspects of our mission, which really build on the local and state public health information flow.
I think you could take these to cover most of what we do, without getting, as you say, into wordsmithing in specific details.
DR. POUNDSTONE: I think community assessment is an important aspect of what local health departments do. I would like to make sure that that particular aspect be included in this.
DR. GELLMAN: What does that mean?
DR. POUNDSTONE: Well, community assessment means you look at your needs and assets in the community, develop priorities as to what your public health priorities should be, your goals, and then you set about developing a plan to meet those goals.
In order to do this, you have got to have data so you will know what your needs and your assets are.
DR. GELLMAN: Now, is there a distinction between public health functions carried out by a public health agency, and -- I don't know if this is a useful distinction, and state health departments? Is that the same function? Are there different functions that health departments to in terms of oversight and planning that are not traditional public health functions? Does that vary from state to state? I don't know enough about this to --
DR. POUNDSTONE: There might be some variability from state to state. We talk about ten core functions. Here again, you never know how this conversation is going to go, but we recognize ten core functions, and I don't have them memorized. But anyway, those are the functions we like to make sure are preserved in whatever legislation comes out. In order to carry out those functions, clearly we need some patient data.
DR. GELLMAN: Because it sounds to me -- and I don't have a clear enough understanding of what goes on the state level. When you talked about community assessment, that didn't sound to me like the sort of traditional public health function.
I'm not being critical of it, but in terms of diving the world up into categories, we want to have either categories that make sense or reflect what is going on.
DR. POUNDSTONE: Well, it is a variable function. You mentioned behavioral risk factor analysis. There are different kinds of things that we use to analyze what goes on in a community.
The health department is the only -- the local health department, anyway, is the only unit that has overall vision of the community as a whole. There are insurance companies that have their insured populations, there are hospitals that handle sick patients and so on, but the health department is the only unit that can look at the health of the population as a whole.
So that is why we feel the community assessment in general is one of our important functions.
DR. FLEMING: The Institute of Medicine report collapsed those ten functions that would be useful for the committee to look at down into three: assessment, assurance and policy development. So even when you get down to the most basic assessment, that is, knowing the health status of the community, is a key and core public health function.
As a little bit of a tangent, another function of public health departments is to assure the appropriate delivery of medical care. I'm not sure that I heard that in the definition that you mentioned. So I would very much like to see the committee consider that as well, trying to assure the adequacy of delivery of medical care. We need access to medical information in order to do that.
DR. GELLMAN: What does that function mean?
DR. FLEMING: In different states, it is going to mean different things. But basically, it ranges from programs like certification of need, where health departments will look at a community and work with the facility in that community to decide whether every hospital needs a C-T scanner, or whether one will do the community as a whole.
Two, evaluating the quality of care that is given to Medicaid clients. But a part of public health is health care, and part of the mission of many health departments is to assure that quality health care is being delivered.
DR. GELLMAN: Some of those functions -- I'm not sure this necessarily helps in terms of drawing lines -- some of those functions clearly might require identifiable patients records, some of them are likely not to require it at all, so it is not an issue in terms of this legislation. But I'm not sure that is going to draw the line. You have to figure out what the functions are and work backwards from that, and you can't just -- because if it is a function that doesn't require identifiable records, for most of the bills anyway there is no restriction on access. So it is not a concern.
I sort of have this conception, and this may be wrong, that state health functions and state public health functions were housed separately. But I gather that view of the world may be incorrect.
DR. FLEMING: It may be incorrect, yes. The saying is, when you have seen one state, you have seen one state. So each state is structured a little bit differently. But in many states, the public health functions as I think you are referring to them and the assurance of delivery of health care functions are housed within the same agency. In general, those are looked at as public health functions. One of the responsibilities of public health in general is to assure the quality delivery of medical care.
DR. GELLMAN: Okay. Well, I think that is an area that clearly needs some more exploration.
Let me go on in the same vein. The bills also use the term public health authority. Is that a sufficiently defined concept? Does that have a clear meaning within the field, as to who is a public health authority? The bills talk about access by public health authorities, or people who are acting under direction of a public health authority. In other words, it may be that a particular function would be contracted out, yet is still a governmental function in that sense.
Is that a meaningful term? Does that cover the waterfront? Does that cover everyone we need to cover in terms of people who are authorized for public health purposes, to get access to public health records? Or is there someone that we are missing? Or is the term too vague?
MS. NESLUND: As long as you are making the distinction that at the federal level, there isn't a specific legislative authority for giving us access to state records. There would be a general authority under our investigation, a general public health function, but there is not a specific legislative authority that says to a state that you have to give someone from the Centers for Disease Control access to your records. Rather, we always work in collaboration with the state, and actually use their specific authority under their legislation to gain access to records.
DR. THACKER: Most dramatically, when there is an epidemic of a sort and we want to be involved, we are always invited in by the states. We are under their authority to do that. They may specifically direct --
DR. FLEMING: At the record level, it is my opinion that the terminology public health authority does have meaning, and is something that is fairly clear cut, because that is an authority that is vested at the state level, and in many places is designed down to the local level. What do you think?
DR. POUNDSTONE: In general, that is true. In some states like Michigan, they essentially abolished public health recently, and now the local public health quote authorities, or whatever term you want to use, are the ones that actually have the power now. At least, that is my understanding of it.
So here again, as you said, once you have seen a state, you have seen a state. I would guess that term would cover the waterfront, but not being a lawyer, I can't be sure.
DR. GELLMAN: This is an area where there is not enough depth in the proposals, and they don't seem to reflect the reality that I am hearing from you. So that needs some more exploration.
One of the ways that the legislation approaches controlling use and disclosure of records is basically by function. Researchers are treated one way, public health authorities are treated another way, the police are treated a different way. The bill divides the world up. Health care providers are treated another way.
Obviously, public health agencies, however we define them, and we haven't figured that out yet, perform a whole variety of different functions. Some public health functions involve providing treatment, some are oversight activities, some are research, some may be disease prevention. This categorical approach that the legislation takes doesn't necessarily match up well with the functions that are carried out in the real world by public health people.
How do we deal with this? Is this approach not -- Does this approach fail to reflect the reality of what is going on in the world? Is there another way? Can we take people, call them public health authorities and give them uniform access rights and use rights with respect to a record, no matter what function they are carrying out, when somebody else is just a health researcher and may have narrower authority? How do we deal with this kind of problem, with so many functions being mixed up in the same agency and the same department, carried out by the same individual, perhaps, on different days?
DR. THACKER: I think the fuzziness is understandable, because as public health practitioners, we are responsible for the public's health. That ranges from preventing people from getting waterborne diseases to preventing other causes of death and disability, which means we have to work with other parts of the private and the public sector.
So we are constantly working with the police, when we deal with injuries. We are working with researchers when we are trying to find new ways to prevent activities.
On the other hand, we are uniquely positioned for authority in protecting the public's health. So I think you wouldn't have to give everyone in the world the same blanket authority that these bills have given to public health agencies, as long as we are held accountable for that. We may indeed, as you suggested earlier, delegate this to other people, either contractually or collaboratively.
DR. FLEMING: And functionally, the status quo is the categorical approach that you have mentioned. I think health departments are very used to thinking of some of what they do as public health, but then when it goes over into the pure research arena, health departments have their own IRBs, and they go through that process. So we are used to thinking about the functions we do in these categorical lines.
DR. GELLMAN: Well, I just see this as being particularly difficult. This is a problem for a lot of the players. A lot of the traditional categories in the health field between providers and insurers have basically disappeared in a lot of ways. There are so many people carrying out so many functions. I think this is a problem throughout, and it seems to be especially acute with public health, because the view that public health authorities should have -- essentially they have as broad a right of access, ability to use records as anybody under this legislation, with the fewest restrictions in a lot of ways. But that gets difficult to sustain with so many different functions being carried out.
For example, as you mentioned, you do some things with respect to the police. Well, that is where things get very sensitive, and the police have a lot of restrictions on what they can do and how they can get records. That is part of the problem here, how to regulate these functions in one way or another without impinging on something that someone is doing that is particularly valuable.
But as I said, when you are talking about letting police have access to records, this is where it is the most sensitive and the most difficult.
DR. THACKER: At the same time, -- I think you're absolutely correct. But we have a responsibility, and I think responsibility is key to this. We are stewards of the public's health. In that role, we should take upon ourselves the responsibility of protecting that confidentiality. That is not to say that as humans, we don't make mistakes. But nonetheless, I'm not sure you can regulate too strongly and still allow us to do what we need to do to investigate illness in populations.
DR. GELLMAN: I think that is a fair point. One of the problems here is that when you are devising a piece of legislation that sets comprehensive rules for how records can be used, you have to allow for every function that is necessary. Otherwise, it can't be permitted. There is a limit to how much discretion you can allow people to have without basically undermining totally the structure of the bill.
So that is the tension here, is to -- you want to get just enough authority, but not too much. Given that the functions are fuzzy and the structures are all different at the state level, that just makes this even more challenging.
MS. NESLUND: Our experience too at CDC has been that the perception of confidentiality is just as important as the actual confidentiality. In particular, when our function involves interaction with law enforcement authorities, there is a great deal more suspicion, and those seem to be examples that are thrown in our face very often as reasons why there needs to be a greater level of protection, because of higher level of suspicion whenever there is interaction with law enforcement authorities. It impinges on things like our ability to get people to voluntarily cooperate with questionnaires we might need to administer, and even our ability to conduct the kind of investigation that we want to. I'm not saying it has, but it is the kind of thing that impacts it and raises the most questions.
DR. FLEMING: Just to follow up on that, I think it is a key issue that you need to consider. For the most part, information that health departments have exists someplace else in the system. We are not generating new information. Rather, it is information that has been provided to us.
We need to have stronger protections for the information that the health department has than the original source, so that if there is someone who is trying to get back to the original information, they are not going to use the health department to get it; they will go back to the original source. That is the way to protect the integrity of the public health information.
DR. GELLMAN: We will come back to that. Let's see if my other panelists have questions. Kathleen? No? Okay, let me keep going.
Let's talk about identifiable records. One of the purposes of this hearing is to let people come and make the case for their need for identifiable records. I would like you to talk about that. How you use identifiable records, why you need them, why you can manage your activities without them. I want you to make the case for when you need identifiers, how you use them, that this is an important function, and there is a benefit to this. I think this needs to be stated affirmatively. Would someone like to --
DR. FLEMING: I touched upon that briefly, but just let me reiterate. I think that there are three broad areas were you need identifying information in public health. The first is in the vital record function. If we agree that we need to have comprehensive registries in births and deaths and abortions and marriages, and that people need to be able to prove that they have been born someplace, then you need to know who that person is, so you can provide that information to them. So that vital record function is a function that cannot exist in the absence of identifiers.
The second broad area is in the investigation of specific diseases or conditions that may put the public at risk. Examples that I gave -- I think a good one is meningitis. If there is a case of meningitis in the community, public health officials need to know instantly who that person is, and be able to rapidly conduct an investigation around that individual case, so that the context of that case can be identified and treated to prevent the spread of infection to others.
As I mentioned, not always may that be in the best interests of the individual. So we cannot rely on an informed consent process there. In the case of hepatitis in a food handler, the last thing that a food handler may want to happen is for their employer to know they have hepatitis-A, a disease that could put the patrons of a restaurant at risk. The only way that we can identify that someone is a food handler, identify the restaurant and subsequently notify the patrons is by knowing the identity of the individual.
The third broad area is in the category of registry. An immunization registry of all children in a state to improve immunization rates, if that is going to be useful in the field, will providers be able to access that information and determine whether a child they are seeing in an emergency room does or doesn't need immunizations. That has to have the identity of the person there.
A cancer registry is an analogous kind of situation, where in order for us to be able to investigate reported cancer clusters to look at the etiology of various diseases. You cannot collect all the information that you need up front. You need to collect some identifying information, and then as specific issues come up, you need to be able to go back and re-collect that information.
Then finally, I think the reality is that for much of what we do, the accuracy of the data that we have is critical. One of the best ways in our society to prevent duplication of information to assure that each report represents a unique report is by having the name of the individual. We can't underestimate the value of identifying information, as far as being able to assure the integrity of our data.
So it is those three broad areas where you really can't get by without identifying information. I think health departments uniformly, every time some sort of new data need is established, go through this and say, is this something that could be done without identifiers. If the answer is yes, great, we'll do it that way. But there are those bottom line issues where you need identifying information.
DR. GELLMAN: Anybody want to add anything to that?
DR. REID: There is a classic example of what we are not able to do now that we could do if we had better longitudinal data, which of course implies being able to follow records for an individual. That is information about complications in childbirth. This is a textbook example. Information about complications in childbirth can be given fairly readily for the likelihood of a given complication in any delivery.
But what is not available readily is the probability that having had one complication in childbirth of the same individual having a different or the same complication in a subsequent delivery. The reason that that information is not readily available is that we don't have longitudinal records coming from the hospitalization that allow us to draw the public health conclusions about those kinds of issues.
So there is a whole broad range of public health questions, particularly as it relates to the interest in managed care and quality of care that is simply not available without longitudinal records, and that means knowing the individual record with a personal identifier.
As it stands right now, what the textbooks generally say is that the information we have comes typically from the Scandinavian countries, where there appears to be less concern about the privacy issues and more longitudinal medical records exist.
DR. FLEMING: I was going to essentially say the same thing, the need for a computerized record or a longitudinal record.
DR. GELLMAN: Okay, we'll come back to that. To what extent can or should encryption or anonymization be used in public health functions? This is an area that -- of the three main bills on Capitol Hill, two of them don't pay much attention to this, and one of them raises this as a fundamental issue about using anonymized or coded information in a variety of functions.
Is there a role for that in any public health functions? Or are identifiers absolutely essential?
DR. REID: The software and hardware technology exists to provide a broad basis of encryption services and digital signature services to allow the majority of accesses to records, not to provide additional information beyond that which is required.
So I can readily imagine computer systems that allow me to ask as an individual in my work role a very limited number of questions, and get maximal data relating to that, without giving me access to other things.
The problem basically isn't the technological aspect of it. The problem is the fact that all technologies are operated by human organizations, and the lack of coordination in the management of systems tends to produce very large loopholes.
It is one of the areas where the independence of the managed care providers and the independence of the state public health organizations makes it very difficult not to have multiple interfaces between systems that provide opportunity for leakage of data out.
Then in addition to that, one always has to remember that the majority of severe security problems that we have ultimately involve either insider nefarious activities or insider lack of performance of already specified roles.
It is difficult for me to imagine that you can take a system as complicated as the health care system in the United States, and without superimposing on that a rather major federal authority, at least with respect to the definition of standard for data and for transmission protocols, and not expect there to be severe leaks of information out of that.
One thing I would like to say about this that I find continually brought up in these sorts of discussion is the use of the credit card security. The ATM system in the United States is an example of what we can do with technology. I think it really behooves everybody who is trying to make these decisions to realize that the credit card system and the ATM system tolerate enormous amounts of fraud, which is tolerated because the profitability of the systems is so large that the fraud can be accepted as a writeoff. That means that there are not good comparisons for what we are trying to do here with privacy and confidentiality.
So in short, I wouldn't attempt to try what is being described here without encryption and digital signature and all of the technology that can be applied, but I wouldn't want to bet on that being the solution to the problem.
DR. FLEMING: Just to follow up on that, I think that there is a role for encryption, but it is going to be limited. I think that specifically, once information gets to a health department, how that information is subsequently relayed to others, there is a role for encryption there. Health departments already routinely assign code numbers, for example, to cases that we send to CDC, so that CDC doesn't know the identity of the individual, but they can relay the number back to us, and we would know the answer.
So within the public health system, certainly there is a role for encryption from the providers, from outside the system to the system. If the report requires an action back to an individual, there is not an option there for an anonymous identifier.
I think the current state of the art is that in places where it has been tried, it is very, very difficult and cumbersome to encrypt and identify information from the private sector to get it to a health department in a uniform way across multiple provider lines, such that that will be, at least right now, a good way to prevent duplication.
So I think there is potential in the future, if the only reason you need identifying information is to prevent duplication for some encryption system. But the state of the art right now is that that doesn't work practically.
DR. GELLMAN: You said that there have been some trials of this sort of thing. Are there studies or documents or reports or anything?
DR. FLEMING: Folks from CDC can comment on this as well, but this has been a particular issue, for example, in AIDS. One of the primary reasons for doing AIDS surveillance is to understand the epidemiology of the disease rather than to make an intervention on individuals. So in places where we have looked at, is there an alternate way to requiring names for HIV reporting.
Several states, I believe Texas and New Jersey and others, have tried to get their providers to do some encryption at the level of the provider, and submit an alternative to a name. They have not worked well. It has been complex and confusing, and there is a lot of controversy about the long-term utility of this.
This is in an arena where there is a lot of money to support this kind of surveillance. Most of what public health does, the resources to do it are very limited, and that is a major stumbling block to any sort of encryption system.
DR. POUNDSTONE: Also, many smaller health departments don't have these kinds of more sophisticated technologies. Some are still waiting for their first computer. So if the system is too sophisticated, why, it will be useful as far as many of the smaller health departments.
DR. GELLMAN: So basically, if I may summarize, there may be some limited role for encryption at some point, but we are a long way from being able to do it in any comprehensive way. In some areas it offers no assistance at all because you need the details.
Are there any examples where public health authorities obtain identifiable patient records and use them inappropriately? The word that we used, that came up this morning, that was contributed by one of the witnesses, was scoundrels. They said, whatever you do, there always will be scoundrels, and that is certainly the case.
The question here is, is this a significant problem? Surely, in the whole public health arena, there are scoundrels here and there. Is there some way of getting a reading of how broad a problem this is, how trustworthy public health departments are? Does anyone have anything they can offer on that?
DR. FLEMING: The point I made before is that public health departments uniformly realize that the quickest way to go out of business is to violate the public's trust. So there are very, very high standards in all health departments regarding confidentiality.
The exception that proves the rule -- up until a couple of months ago, we could have said we were unaware of instances. But the exception that proves the rule was the situation that occurred down in Florida earlier this year that it looks like you're aware of. That is an example of an individual breaking the law, basically.
I think in a positive sense, that was handled well, and there was no violation of confidentiality as far as names actually being published. But there is always that potential. That is why we need to insure that not only the appropriate culture is there, which it is, but that the penalties for wrongful disclosure are such that people won't do it.
DR. GELLMAN: That example was actually my next question, is asking about that one. That was very visible, and obviously got attention nationwide.
DR. POUNDSTONE: I would just like to add, at my health department we have about 350 employees. We serve a community of 230,000, and I would say we have one episode every two years of a violation of confidentiality. If it is an egregious one, that employee is fired.
We do have a law case right now, not against us, fortunately, we had a case of tuberculosis in a substitute school teacher. We tried to preserve her confidentiality, but a person that headed the PTA at the school finally revealed who this person was. The parents were demanding to know why all the children had to undergo tuberculin skin tests. Now that person who feels like her confidentiality was violated is suing, and so she is seeking redress.
I'm not sure it is appropriate or not, but I just wanted to let you know that there are occasions out there where this happens. I think the system is able to handle it.
DR. REID: Let me address the Florida situation, because I spent some time consulting with CDC's program in HIV surveillance on that issue.
That particular -- it in fact is not true that thee was not an actual exposure of information. The newspapers that received the diskettes containing the data chose on the advice of their counsel not to print anything, which I think was rather a wise move.
But one of the accusations of course that has been made in that case is that the individual who has been accused was literally using the information from the HIV records for profit in some activities. So there is reason to believe that he actually did reveal information.
But one of the primary things I think that has to be seen in that particular case is that there were grounds prior to the event to have some concerns about the trustworthiness of the individual, or at least the trustworthiness of the circumstances that that individual found himself in, having to do with personal relationships that he had.
The thing I think that this really points out is that we don't generally look at public health professionals or employees as requiring the sort of personal investigations that for example national security issues justify. But without that sort of expectation of a clean record and a clean life as a justification for presuming that someone is trustworthy, the invitation for diversion of public health information is rather great.
The profitability of things like suspect HIV cases is actually substantial. In the case in Florida, the long-time partner of the individual who is accused was the operator of a funeral home that specialized in AIDS deaths. So you can readily understand the profitability that advance information of who was presumably HIV positive would have for that individual. That is an example.
That particular piece of information is publicly known; a lot of it is not. But that is a good example of how prior examination of the public health workers -- personal circumstances would indicate that they were possible at risk. But that conflicts with our way of doing business, in general.
DR. GELLMAN: Well, your mention of national security. You only have to read the papers every couple of weeks to see where there is a considerable amount of effort put into controlling who gets access and overseeing the people, and it doesn't seem to work very well. There is always a tradeoff between the oversight of people and functions and cost and other activities. It is a very hard line to know how to draw.
DR. REID: Well, the message presumably in the Florida case would not have been that some sort of severely adverse action be taken against the individual, based on the fact that they might sometime be a problem, but that simply, they had access to information that specifically related to a weakness in their own circumstances, that perhaps they should have been doing other work.
DR. THACKER: Let me just make a point. As an epidemiologist, I always look at denominators, people who are affected. I think we should be struck by how uncommon these occurrences are.
CDC has been around more than 50 years, and we have yet to be able to document the breach in confidentiality in our agency, which doesn't mean that it won't happen tomorrow, because we are people, and people are involved. But I want to be careful with you in your position to recognize that any changes you might make in the system, the consequences it may have on our ability to do our work. All of you who have had contact with government know there are pounds and layers of bureaucracy. For each one of these I find inconvenient in my everyday life, I can understand why they are there, because somebody did something sometime. I think we should be very cautious in making anything that could interfere with a system that is working well.
DR. GELLMAN: Well, if you look at some of the legislation, it does tread carefully around this. For example, if you look at the bills, and it talks about security requirements, it basically says you've got to have reasonable security, and it doesn't go into detail to say what that is, because reasonable security means different things in different places, and what is reasonable security today may not be reasonable tomorrow, because technology will have improved.
So from a legislative perspective, it is a very light standard, with the details to be filled in somewhere else, hopefully.
Another end, all of the bills propose very onerous penalties for people who do violate it. If there is no problem and if there are no violations, then the penalties aren't very important. But if there are, at least they serve as a significant deterrent. One of the contributions of all the bills is that they very much increase the penalties for people who engage in improper use of information, up to ten years of jail.
Some of the bills talk about trafficking in medical records, as opposed to just disclosing. That is what creates the highest level of penalties that might or might not have been triggered. But in any event, it is an attempt at least to set rules that are designed to force people into the appropriate kinds of behavior, without necessarily disrupting ordinary uses of information. The trick is though that you've got to define what is illegal and what is legal, in order for the penalties to have any meaning and to pass the general requirements for criminal statutes.
So you still don't get away from this definitional problem with that. It just helps to shunt some of the problems a little bit off to one side or another.
DR. FLEMING: I just want to second what Dr. Thacker said about looking at the denominator. In my experience, the reality is that confidentiality is inadvertently breached occasionally because of the circumstances far more often than an intentional breach.
The classic example would be someone who has a sexually transmitted disease, who you are going partner notification. If one of their partners has had sex with only one person, and you go to them and say you have been exposed to a sexually transmitted disease, you are de facto bridging that individual's confidentiality. But there is no way around that. I think that is a good example.
DR. GELLMAN: We have talked a little bit here and there about AIDS. Let's go into that in a little more detail.
Lots of states have laws regulating the use of AIDS records. Do any of these laws create any particular problems for public health functions? And if so, could you talk about them in some detail?
DR. FLEMING: Just to comment. In Oregon, which I am most familiar with, what we did was to establish the same standard for all of our reports, as is the case for AIDS. So we used the AIDS epidemic as a way to improve the confidentiality precautions for all of our records to meet that same high standard. So it has been a plus for us.
DR. GELLMAN: So you don't make any distinction in your records on the basis of what is in them. They all get the same high level of confidentiality?
DR. FLEMING: Exactly.
DR. GELLMAN: How did that change the level of confidentiality that was available for other records before?
DR. FLEMING: The most specific is that previously, only sexually transmitted disease records were immune from subpoena or court order in the state, and we used this as an opportunity to expand that to al of our records. That is the biggest assurance that we can provide to our providers, that is, that we will assure them that these records will be used only for the purposes stated in the law, and that they cannot be obtained by someone else to use for other purposes.
DR. GELLMAN: Are there rules that define -- that is talking about compulsory process. Did the rules that affected how information could be used or disclosed in your ordinary functions also change at the same time?
DR. FLEMING: No, because the rules as they currently exist are -- the information can be used only for specific public health purposes, as defined by the public health authority in the state. So that stayed the same.
DR. GELLMAN: Dr. Poundstone, have you had any experiences in Kentucky?
DR. POUNDSTONE: We have essentially done the same thing in Kentucky, in that we have increased the confidentiality of virtually all our reportable disease records in a similar fashion.
DR. GELLMAN: I don't know if anyone can speak to this. Is that --
MS. NESLUND: I am aware of one circumstance. It is actually not one circumstance; one set of circumstances. CDC collaborated with Georgetown University and CSTE several years ago, and did a uniform system of state laws and privacy, including AIDS confidentiality laws. One of the findings of that study was that in some limited number of states, the protections of the AIDS database were such that it would not permit access by other public health workers, for instance, particularly tuberculosis workers.
At the time the finding was made, it wasn't determined or highlighted in such a way, because there wasn't necessarily the knowledge that there is now, and the necessity of the physicians in sharing the information on co-infection in designing the therapies for a co-infected person.
As that information became available, it became much more of concern to the states, such that CSTE is now working with us on a new study. I believe there are 20 states, is that right, David? There are 20 states that do not permit data sharing between the tuberculosis and the AIDS. They keep separate databases of the reported persons. That is pursuant to state laws, and in some cases, state practices. It is not always the law. Sometimes it is the practice.
What we are going to be examining is the reason for that. We are doing a comprehensive study to find out what impediments this has been, what degree. The tuberculosis division at CDC estimates that they have about a 47 percent under reporting of co-infected cases as a result of confidentiality.
So I don't want my statement to seem as if I am not in favor of confidentiality. But yet, it is something where it has gone so far that there is even distrust within the health department in sharing this data. This is very common in other states for other diseases as well. It is not unique to this. In this case, it might be impeding the availability of therapy to those patients.
DR. GELLMAN: Let me ask, when you changed your laws in Oregon and in Kentucky, was that a difficult political event? Was that a technical change that no one had a problem with? Was it hard to accomplish that?
DR. POUNDSTONE: Well, there were some tangential issues. Our law in the past said that we should look into all causes of diseases, and there were some broad categories like that. Kentucky grows a lot of tobacco, so the legislature thought this might be an anti-tobacco legislation of some form. So only tangentially like that. Gun control people also were concerned.
DR. FLEMING: Yes, I think I would echo that. That change that I spoke of was something that people were fine with, basically.
DR. GELLMAN: One of my experiences in dealing with this issue over the years is that -- and AIDS has really been the hardest case, although I think arguably this has been changing, along with approaches to treating AIDS -- that some records are more sensitive than others. You find that in one of the bills. The McDermott bill proposes that. And actually, it was an approach I started with many years ago and abandoned, because I didn't think it worked, and I still don't.
But all records are sensitive, some records are more sensitive than others, kind of idea. You start to tick off the list of records that are arguably more sensitive than others. AIDS is probably number one on the list, followed closely by sexually transmitted diseases, alcohol and drug abuse records, mental health records, genetic records and maybe some other records.
One of the examples that I got pursuing this from my own dentist was a patient of his who wore dentures. No one knew this patient wore dentures except the patient and his dentist. The patient's wife did not know that he had dentures, which seems rather extraordinary. But obviously, to that patient, the fact that he wore dentures was probably the biggest medical secret in his life. So what is sensitive?
It is interesting. The approach generally of at least some of the bills is to try and provide a uniform high level of protection for all records, essentially without regard to the contents, simply because you can't control -- you deal with what sometimes is called the disease of the month phenomenon. Whatever is particularly sensitive suddenly gets a separate rule and it becomes impossible to manage implementation of all these different -- you have one medical record subject to five or six or more different laws, and it becomes impossible for anyone to deal with it. So that is why I think that experience is interesting, the tobacco and gun control aspects notwithstanding, because it is consistent with the general approach here.
It is clearly administratively simpler, but politically more difficult. One of the judgments in the legislation was -- in some of the legislation was to pre-empt -- and we will come back to pre-emption and discuss that in more detail -- to pre-empt state laws to a greater extent, but essentially to leave the state AIDS laws alone, because that was viewed as probably politically too difficult to try and overcome. Maybe that needs to be re-examined, I'm not sure.
Let's talk about the uniformity thing next. I think this is a particularly troublesome area. To what extent do state public health departments share records and activities with other state health departments in other states, and does this create problems with conflicting or differing laws, differing legal standards, differing rules?
DR. FLEMING: There is a fair amount of exchange that goes on. Usually, --
DR. GELLMAN: Could you be specific and talk about what kinds of activities lead to this?
DR. FLEMING: Yes. I think that one of the most common would be reportable diseases, such that if a patient with tuberculosis is diagnosed in one state but is a resident of the neighboring state, and that is where they are going to be seeking their medical care, there is a reciprocal notification process that occurs.
Generally, the way that that works is if it is in accordance with both state laws. So if tuberculosis is reportable in both states, then the information is exchanged. If for whatever reason the disease is not reportable in one state or the other, there is no information exchanged.
That works fairly well, actually. The other place where there is exchange with information is with respect to vital records, the same kind of thing, where if a person is a resident of one state but gives birth in another state, there is an exchange of records that goes on.
There is some bureaucracy and some administrative clutter that you need to deal with to make that happen, but it generally works okay.
DR. GELLMAN: Is that your experience, too, Dr. Poundstone?
DR. POUNDSTONE: I can't think of any problems that we have had. Being a local health department, we have less need to deal with other states rather than usually our own neighbors' health departments locally. So I can't think of any problems that we have had regarding that.
DR. GELLMAN: I wonder to a certain extent, if you have -- I don't know enough about state public health laws in detail, but state medical confidentiality laws vary tremendously from one state to another.
If you take a record from a state, say, with a good law, with a better law -- I'm not sure there aren't any good laws out there -- with a better law, and it is transferred in connection with all of this activity to a state which has a different, lesser law, and the record in the new state loses the protections that it had previously, simply because it is housed in a different state, that seems to be a reality of the multiple jurisdictions having different rules.
It may be that in this context, that kind of a problem has not arisen, at least in any visible way. It just may be there, may not have caused any problems.
One question is -- and you talked about this some in your opening statement -- to what extent would uniform confidentiality laws be beneficial? If there was a standard rule for the treatment of records throughout the United States, the movement of records from one state to another wouldn't create any of these differences, wouldn't create any of these problems.
Do you see any benefits to this to the public health functions? Or is this an irrelevancy?
DR. FLEMING: From my perspective, there has not been a problem here, so I am not sure what it is that we are fixing in the public health arena. Depending on the content of what this uniform law was, as I mentioned, it could create a lot of problems at the individual state level. There are rules, regulations, practices that have evolved around how the laws are currently worded. At a minimum, we would create a fair amount of at least temporary chaos if suddenly those rules were no longer operative, and there were some new ones that were in effect.
In addition, I think it is fair to say that there is a difference among states and between states as to what is acceptable and non-acceptable. It is at the state level where the authority for controlling the health of the public is vested. It seems to me that it should be at that same level where this balancing between confidentiality and protection of the public health needs to happen. You can't move one of those to another level, the federal level, and expect that the balancing is still going to happen in an appropriate way.
DR. GELLMAN: Well, yes, I think this is really at the heart of the problem. If you talk to the people -- and we will at later hearings -- who are involved in treatment and especially in payment functions, where the transfer of records between states is quite a routine function, because the players are located all over the place, and most health care at some level is either in the treatment or especially in the payment, totally interstate activity.
The notion of having different state rules that apply to the same medical records as they pass from one state to another is clearly -- creates a tremendous -- is not only tremendous complicated administratively, but it creates all kinds of potential legal liabilities for people. As they perform a normal function in their own state, the records go somewhere else, and they may be liable for it.
So there clearly are a lot of benefits.
DR. FLEMING: Are you talking about protection of the primary medical record as opposed perhaps to information from that record that has been forwarded to public health authorities? I would advocate that those two things be kept separate, and that the standard would be that the protection that is afforded to the public health record be higher than the protection that is afforded to the individual record, so that people who are interested in getting access to that record will always go to the primary one.
We are going to have a problem if the public health protections are less than the primary record.
DR. GELLMAN: I think that is fair, but at the same time, the creating of an enclave of records that may be subject to different rules, especially given that records from all the players move back and forth -- you get records from people who are engaged in treatment routinely. That is probably your principal source of records, I would guess. If they are subject to one set of rules and you are subject to a different set of rules, it creates problems as records go back and forth. You have the same problem of differing standards and different rules, and you can create circumstances where you have direct conflicts in what happens, and you can't predict what kind of protections.
So I think this pre-emption thing is particularly difficult. My guess is that -- I think most of the bills basically already include an exemption from the total federal uniformity for what are called state public health laws, which aren't defined. It is not clear what that provision means.
What it was intended to mean in many respects at least was, this was a code word for AIDS laws, that this was an attempt to leave state AIDS laws alone. It is not clear what the scope of it is, because none of these things are particularly defined terms.
One area where I don't think there was an intent to pre-empt state laws -- states have different reporting laws, in terms of what diseases they track. I don't think there was an intent -- whether the language works technically to accomplish this or not is another question, but I don't think there was an intent to tell states what they could or couldn't require. It was to allow them to do it.
So that is an area in which state activity is not necessarily inconsistent with a uniform federal standard. At least, it could be made in that fashion.
You raised an interesting angle on that with respect to the mandatory reporting requirement, which is something that hadn't occurred to me before. The legislation -- I think all the bills, but I know the Condit bill and I'm pretty sure the Bennett bill, says well, here are a bunch of disclosures that anyone is authorized to make. But it says, just because a disclosure is authorized doesn't mean it is required. I assume that is what you were picking up on.
It is not clear actually what that means and how that would apply in a context where you have a mandatory state reporting law for tuberculosis, whether that would make that a voluntary -- it might be a technical thing to be dealt with, but it is an angle.
DR. FLEMING: Unless it has been pre-empted, which is a concern with the Bennett bill, that the state law has been pre-empted, and now you have this permissive disclosure. Then where are we?
DR. GELLMAN: Right, I think there is a technical solution. My guess is, there is a technical solution to that.
But there is still this problem of -- you are suggesting that somehow, public health records -- I want to try and get a sense of how far you want to go. The reporting thing is probably something relatively easily dealt with. Whether records in the hands of public health authorities at the states can and should otherwise be subject to different rules, then the general rule is established in this legislation, if that would in effect be exempted from this legislation totally.
DR. FLEMING: Right. My sense is that -- and this has worked very well in Oregon -- it has been the best move we ever made, was to raise the level of confidentiality of our medical records to a level where no one in their right mind would try to get them, because they would rather go to the primary source to get them. That has really made it so that we can assure our providers, who are giving this information, that this information is only going to be used for public health purposes that were authorized, and that there is no way that anyone else is going to get access to this information.
If they try to get access to it, they are going to quickly see they should go back to the primary source.
DR. GELLMAN: Well, the Condit bill, which is the one I am most familiar with -- and I think the Bennett bill may not be too different in this regard -- authorizes disclosures to public health authorities, and defines in general -- this is some of the language I used before about disease and injury reporting and surveillance and what have you -- doesn't provide for any disclosures. If you compare sections, you will see that researchers are authorized to make certain kinds of re-disclosures of records; public health authorities I don't think have any of that.
So basically, the public health records under the legislation have the highest standard, and are the most restrictive re-disclosure rules. So it is somewhat similar to what you are talking about.
DR. FLEMING: I don't know the answer to this, but in the absence of a specific protection from federal subpoena, would that be assumed or not?
DR. GELLMAN: Well, that is not as clear.
DR. FLEMING: That is really -- I don't want to underestimate that. It is that kind of disclosure that is what the biggest fear out there is, that law enforcement agencies or others will come in with some subpoena and be able to get these public health records that were never collected for that purpose.
DR. FANNING: Can I ask a question in this regard? You say that we shouldn't supersede state law that now covers this. Now, you say in your state now, your law makes unavailable pursuant to subpoena all of your reports.
DR. FLEMING: That is correct. In addition, we do not have to testify about even whether the records exist.
DR. FANNING: Okay. Now, I know there are many states that have laws like that. But my understanding is that it is not universal. There are still some states that will permit disclosure pursuant to compulsory process, however they are being used, in domestic relations litigation and the like.
Wouldn't you welcome a federal law that tightened all of them up?
DR. FLEMING: That would be fine, as long as that federal law did not pre-empt a state law that was more restrictive. In other words, I don't know what the least common denominator that the feds are going to be able to agree on is. If it turns out that an individual state has been able to do a better job with respect to protection of confidentiality, that should not be exempt.
DR. FANNING: Okay. But you are not troubled by imposing a federal tougher standard on a state that, let's say, now permits disclosure?
DR. FLEMING: That is correct.
DR. FANNING: Okay.
DR. LEATHERMAN: Can I just -- well, maybe I should introduce myself, since I wasn't here this morning. I am Sheila Leatherman. I am executive vice president, United Health Care, and also a fellow at the School of Public Health in Minnesota.
I am concerned about this whole issue of what health departments can release. I think at this point, the way that this conversation seems to be being conducted is that the health departments and health authorities still are in a fairly traditional role in terms of protecting and enhancing the health of the public.
I think there is increasing arguments that the world is changing in terms of some of these -- what have been traditional public health functions, whether you agree with it or not, moving into other venues, for example, managed care plans and so forth.
So this issue about whether health departments can pass on data to another entity, I think, needs further discussion. For example, increasingly by policy and by regulation, by accreditation, health plans are being increasingly held responsible for the immunization of enrolled populations, children. And it is very difficult to get accurate immunization data, either by administrative data sets or if your recommendation is that we always go to the primary source, being the division offices, that adds a lot of intrusiveness and expense, as opposed to, if there is an additional way to gain that information more efficiently and perhaps accurately, number one.
Another example is, much of the rhetoric these days is outcomes research, all of us knowing what the problems are with actually conducting good outcomes research. But in many cases, in health plans, even when you are attempting to do that kind of research, because we have inaccurate, incomplete data in terms of deaths, it would be really again more efficient, accurate to be able to go to health departments in some cases for registry data or death data.
So the question that I am raising here is really this issue of what is prudent and reasonable as far as health departments making available back into whether it be academia or private sector.
DR. FLEMING: You raised a lot of different issues. I will start off by assuming that release of information that is not identifying is not -- we are not talking about that. So providing back to a managed care organization information about immunization levels within its population --
DR. LEATHERMAN: No, no, this would be individual case, both for research purposes as well as intervention purposes.
DR. FLEMING: Right, so we will ignore that release of non-identifying information.
I think this is something that probably needs to be dealt with on sort of a case by case basis. You argue about immunizations as being a good example. What about a client in a managed care organization with a sexually transmitted disease, who chooses to go to a health department for the sake of anonymity to get that treated. Is that something that should be reported back to a managed care organization or not?
My personal opinion is no, that if the person believes that their primary provider is going to get that information back, that they may not seek care in the first place. Immunizations may be a separate issue. In Oregon, we have dealt with the immunization issue separately, and through legislation have carved out an exception to our public health laws that does allow sharing of immunization records across plans.
I'm not so sure that I would want to deal with the specific issues that you are raising in the general or rather to deal with them on a case by case basis, with the weighing of the advantages and disadvantages.
In addition, I think there need to be provisions in all arenas, including what you probably heard this morning, for sharing of identified data in the research setting, and how that happens and what the controls about re-releasing use of that information are.
But I would rather start from a standard that is very strict, and then carve out the exceptions, as opposed to a more general looser standard.
DR. THACKER: It is an interesting tension here. Part of what you bring up is the intrusiveness and costs related to responding to requests, which would come to the local health departments and state health departments, too, which are getting smaller budgets and that sort of thing. So it is an interesting tension, who is going to pay the bill when you are asking for additional information about individuals.
I think it is an important tension. I think your first point is a very important one, that the health care arena is changing, and we have to adjust to that. CDC has invested a lot of its own resources in understanding managed care and its impact on public health policies. We form partnerships with people in order to help us still do our mission, but doing it with people in different ways that we have been doing it in the past. I'm sure David and John are doing the same thing on a local level.
It isn't a clear future on how that is going to fall out over time, except we know it is going to be different, and except we know we are going to be held accountable for the public's health, somewhere down the road again, in the ways that David outlined from the Institute of Medicine report.
So I don't think it is easy to answer. That is why I think David is advocating a case by case approach.
DR. SCANLON: If I can follow up a little bit, is there a certain amount of uniformity across the states in terms of under what conditions vital statistics information would be made available for research or for other purposes, with identifying information, death, mortality data or birth data? Does each state have its own laws governing when such information can be made available, or is there more uniformity, or a model law, for example?
MS. NESLUND: It is closer to the model law. There is a great deal more uniformity, but it has been more by the informal collaboration of the states, the voluntary cooperation of the states than anything compulsory.
DR. SCHWARTZ: Could somebody give me an example of how well the cross boundary or multi-state cancer clusters work with respect to the accuracy and the sharing of that information?
I think Mr. Fleming mentioned the need to develop cancer clusters. I would imagine that some of these exist across boundaries and across states. How accurate is that information compared to those that are contained within states, and can you describe how states generally go around, if there is such a thing as generally, to share that information?
DR. FLEMING: That is a problematic example, because the primary barrier here is not so much differences in confidentiality laws, but rather differences in the intensiveness with which different states have cancer registry data. So there is a big caution up front that every state have -- not all states have cancer registries, to start off with, and they are constructed differently in different states.
So from a practical standpoint, it is that issue around how the data were collected that is the bigger obstacle to multi-state investigations than differences in confidentiality laws.
DR. WARD: If I can just comment from a public health perspective, usually cancer clusters become known to a health department because a group of, or a couple of providers, or a single provider will contact and say, this is really odd, three providers in this community are suddenly seeing five cases of kids with brain cancer, that we think is really unexplainable. They go to the health department and say, please investigate that.
DR. FLEMING: For which there -- I mean, there might be two states or three states --
DR. WARD: Those providers may be on a border and contact both states. But the provider is then giving the information to the department, and letting the families know that they are very concerned about what might be the cause of this cancer.
That is different than public health departments who are scanning their registries to look for issues. There are usually very different causes for those different activities occurring. One goes back to the provider and the medical record, in addition to, if there is a registry available.
DR. SCANLON: The issue of registries again. The registries are used for different purposes. There are registries that are set up for research purposes primarily. There are others that are set up particularly in public health, where some sort of an intervention is envisioned. The immunization registry, at least nationally and within a state, for example, while it has research aspects, clearly the intent is to promote and facilitate the process of getting children immunized.
Similarly, I think in the other agency as part of CDC, ATSDR, there are exposure registries, there is the list of their Superfund site registries, there are disease and treatment registries. Should a distinction be made in these sorts of deliberations between registries whose first purpose and clear primary purpose is research, versus those where clearly, the information is intended to be used in that manner, to find children or to check on the status of children, or to be able to locate individuals who have lived in a site, a Superfund site or whatever. Is there a distinction for purposes of confidentiality law, and how would that work?
DR. THACKER: It is fuzzy. We have exposure registries -- like at ATSDR, we have had exposure registries in the past such as the Three Mile Island -- the state of Pennsylvania set one up, looking for an intervention.
What we do in public health is what we call applied research. We have an intent to do something. At the same time, we can use registries set up for research, much like the SEER registries for cancer, when something comes up in a public health setting. We did this with the Agent Orange studies and Vietnam.
This was set up for another purpose entirely. Nonetheless, it could be used for immediate public health concerns. I think that becomes a problem as you try to define rules that separate these two things out, because they sometimes come together in the middle.
DR. FLEMING: Yes, I agree with that. There is multiple reasons why you can -- how you can use registries. To me, the critical issue is, is the use of the registry such that you need identifying information in order to be able to accomplish that use. If the answer to that question is yes, then independent of what the use is, I think that the same level of confidentiality to that identifying information should be applied.
DR. GELLMAN: I think we are going to come back to registries. I've got a bunch of questions. Sheila?
DR. LEATHERMAN: I just wanted to pursue this one issue with you a little bit more. Let me preface it by saying that I completely agree with you that to give every protection that is needed for the integrity of public health data, so that you can continue to be able to collect it as paramount.
Again, though, I want to look futuristically instead of what the world looks like right now, and assume that there is going to be some function where there is more private-public sector collaboration to improve the health of the public.
I think creating obstacles to data where they don't need to exist will be an impediment. So the second word or question that I want to say is, are there areas -- as opposed to going the route that you suggested, that everything be addressed on a case by case basis, are there areas, categories, that could be identified in legislation up front, be it model legislation or whatever at a state or federal level, that we could create more predictable access to certain areas of data, where it is considered a public good, and where that maybe doesn't require that additional level of protection? So that we don't have to go through on a case by case basis every time every piece of data is attempted to be accessed.
I am not looking for a list of those now necessarily, but to say, is that a reasonable consideration to pursue?
DR. FLEMING: Sure, I think it is worth thinking about. I think that thinking about the world of managed care as an example, there is going to be an increase in need for managed care organizations to access information about the populations they are serving. There needs to be an ability to do that.
We also need to think about, are there services that individuals are likely to be crossing managed care lines, for which we do not think the consent of the person to relay the information across lines is necessary.
I don't know the answer to that question, but I think it is definitely worth thinking about.
DR. GELLMAN: I think this is as good a place as any to take a break. A lot of people look like they could use some caffeine. We will reconvene in 15 minutes.
(Brief recess.)
DR. GELLMAN: I want to go back to ask a couple of questions about the uniformity issue.
There is a new proposal that I just want to throw out on the table, not necessarily expecting people to jump on it one way or another, although you are welcome to. The Condit bill has been re-introduced with some changes. One of the changes is in the uniformity area. It basically pre-empts state laws, except for public health, mental health laws and -- by the way, there are about seven areas of things that are not pre-empted. One of them is vital statistics. All the bills exempt vital statistics reporting, although the one thing that you mentioned -- I think it was you, mentioned as part of vital statistics was abortion reporting. There is question whether a birth or a death is really -- how much of a medical event that is, but abortion is getting a lot -- anyway.
But all that as it may, I don't necessarily want to get into that, leave that one alone, the Condit bill proposes as another exception to the pre-emption thing a rule that basically says states can have a higher standard, more limited access for their own state offices, for their own state agencies.
So for example, if -- and there is a standard in the law for the bill for law enforcement access. It doesn't matter what it is, but it sets the bar up here that for law enforcement to get access, they have to get over the bar. What the new proposal says is, if states want to have a higher bar to limit their own police or their own oversight agencies or their own health departments or their own offices, that they may do so, because it doesn't really undermine the basic principle of uniformity. It simply states opposing a further restriction on their own state offices, which seems -- anyway, it is a new proposal on uniformity. It is not by any means the be-all and end-all of the uniformity issue, but it is something that may help a little bit.
The other side of the uniformity thing I want to get back to is something you mentioned about protection from federal subpoenas. Is this a problem? Do you get federal subpoenas?
DR. FLEMING: It is a big theoretical problem. I have been in the Oregon Health Division ten years, and I have gotten one federal subpoena, and that was a problem for us.
DR. GELLMAN: What was it, can you tell us?
DR. FLEMING: It was -- we did an investigation of an epidemic of eosinophilia myalgia syndrome. That was the disease that surfaced several years ago, that was associated with consumption of an over-the-counter product, L-tryptophane. It was a very, very serious disease. A class action suit was filed in federal court, and we received a subpoena for our records from that federal court.
DR. GELLMAN: This was a subpoena from the plaintiff or from the government? Who issued the subpoena?
DR. FLEMING: You are now at the bounds of my knowledge here, but --
DR. GELLMAN: Tell us what happened.
DR. FLEMING: The first thing that happened was a frantic call from me to the Attorney General in the state, saying what do I do with this. We talked about it for awhile, and then discussed with the -- I think it was actually the defendant in this case, it was the company, our willingness to testify as something other than a hostile witness if we could blind the testimony to the identity of the individuals, and they were okay with that.
But it was a gray area, as to whether or not if push came to shove, out confidentiality laws would have protected our confidential information from a federal subpoena, because our confidentiality laws are state laws. That is how it was explained to me, and probably don't pertain to federal investigation.
DR. GELLMAN: And a lot of the details would depend on exactly what the authority was for the subpoena, whether it was routine discovery or whether it was under federal statute. There is some case law, a case involving NIOSH, where they subpoenaed records from a company. The company fought the -- do you remember the case?
DR. FANNING: It was NIOSH.
DR. GELLMAN: Anyway, whatever, it doesn't matter what company it was. This was probably about 15 years ago. Maybe it was General Electric. The company fought the subpoena, and basically, the solution that they came up with I think was non-identifiable records that still allowed them to be used, but protected the workers.
DR. FLEMING: One other example, we in Oregon have the authority to conduct special kinds of studies if they relate to the public health. What we usually do is routinely pass those through our IRB to go to the extra step of, if we are involving participants, to do some sort of consent process.
Our IRB has mandated that in our consent process, when we say we will be collecting confidential information about your sexual behavior or your drug using behavior, you need to know that we can protect that from state law. But if we have a federal subpoena, we may or may not be able to protect it. So that functionally is a problem to getting consent.
DR. FANNING: Can I just say something in reference to that? There is authority in the Section 301d of the Public Health Service Act for the federal government to issue protection for that on a project by project basis.
DR. FLEMING: A blanket authority would be even more useful.
DR. GELLMAN: Let me ask CDC, if there was a proposal that said the federal government couldn't subpoena records from public health departments. Would you care?
MS. NESLUND: I don't know that we have had to --
DR. GELLMAN: Do you have subpoena power? Can you compel the production of records?
MS. NESLUND: No, not -- we don't have specific subpoena power. We would have to tag it onto another public health function that we would have, using it pursuant to that. But we have never had an instance when we have had to compel public health agencies to share data with us.
DR. GELLMAN: Could I ask you to speculate? Are there other federal agencies, or any of you, that are likely to see records from a state public health department?
MS. NESLUND: The other way --
DR. FLEMING: Law enforcement would be one concern, federal law enforcement. The civil suits that are brought in a federal court. That is another place.
DR. GELLMAN: I think you have to divide the world in some way. You've got federal subpoenas from federal agencies who are carrying out federal functions, and then you've got judicial subpoenas.
MS. NESLUND: There have been instances when other parts of the federal government have had statutes, confidentiality statutes, which have precluded their -- or in the general interpretation of their general counsel's office, precluded the sharing of data.
Early in the HIV epidemic, the Department of Veterans Affairs, their specific confidentiality statutes, were interpreted to preclude them from sharing that data with both local health departments, state health departments and in some instances also directly with CDC, because in some areas, we collect the data almost directly, because we have a person assigned to a function there.
So I have seen instances where it works the other way. I don't know of any where we have had to compel process or even strong arm. I am speculating. I am trying to think of an instance where we would be. The only one I can think of is where the interests would be adverse; law enforcement. Would they be seeking our records for a purpose that we would deem not be a purpose for which they were collected?
DR. GELLMAN: You can always run into the circumstance where you are receiving a federal grant, and the cops come along and say you are using the money improperly, we want to put you in jail for fraud, and all of a sudden all of the records become an issue. That is always a problem.
We discussed that this morning a little bit with research. It is almost a universal problem. With any kind of record you always have that difficulty, even though it doesn't relate -- it may not relate at all to the substantive activity or the patients, but the record keeper may be engaged in some kind of improper activity. That is a problem.
PARTICIPANT: I would just like to suggest, following up on your earlier comment, that in the future, large managed care organizations will be gathering data. Theoretically, if they are an insurance company and they are sued for making some kind of decision that negatively impacts on classification, they might want to see identifiable data from public health agencies to verify (comments off mike).
DR. GELLMAN: Another problem in this area goes back to an issue that we talked about before. That is the different functions that are being carried out. It may be that we can identify a core of public health functions yet to be defined for which some kind of broader exemption from access is appropriate. But if you are providing treatment to people just like every other provider, that is a different story. You may be subject to the same rules, whatever they happen to be as other providers.
DR. FLEMING: That is the way we have dealt with it, to say there are two distinct functions. One is a primary care provider in the records in that primary care setting are subject to the same laws as records in any other primary care setting.
But if a patient was diagnosed in a primary care setting with tuberculosis, any records that went forward to the reportable disease part of the public health department now are conferred the protections of the public health records.
DR. GELLMAN: That is a very important distinction. I think it is something that probably needs to be explored. The premise, possibly not clearly stated, of some of the bills is that if you are providing treatment, you are subject to the treatment rules of health care provider, the confidentiality rules for health care providers.
So the concerns that you have expressed about having public health records treated with a higher degree of confidentiality than other records, in order to accomplish that, you have got to have a very clear definition of what it is. That may be something that your organizations may want to think about some more, and come back with some suggestions about how we do that.
One of the problems -- and this is sort of a generic one -- in dealing with legislation like this, especially very complicated legislation, is, people who have a problem come forward and say, we have a problem, just exempt us from it. That usually doesn't work as neatly as you think, and it is not as politically acceptable as you would like, and you have to look to narrow the differences, narrow the problems, down as much as you can and see what you can do within a framework that you are creating.
DR. FRAWLEY: I have a question. Within the public health function, we know that there is a lot of different reporting requirements. We have vital statistics, communicable diseases, different disease registries, hospital discharge data, incident reporting for health care organizations, in some public health departments it would also be the professional licensing component.
The question is, how much data linkage is appropriate? Thee are some states that have literally built a Chinese wall between these functions, and in other states, it is not uncommon for them to link data across several databases.
So the concern is, what linkages if any should be permissible? Any guidance in that area?
DR. FLEMING: That is a very good question. Obviously, it is an area where there is a lot of controversy right now.
From a practical standpoint, to conduct our business efficiently and effectively, I need to advocate for the ability to do linkages across data sets, as long as that linkage remains within the public health department. So I need to be able to link my communicable disease registry with my death registry, for example, and would urge you to not prevent that kind of linkage of confidential data sets, as long as the linkage remains within the health department.
It is also very difficult, as you know, to anticipate prospectively every single example of what kind of linkage you might want to do, as far as being able to lay out exactly what you want to do beforehand.
One of the solutions that has been proposed is to get the consent of people prospectively for whatever linkages you want to do. That is very, very difficult practically to implement.
DR. WARD: I could just add to that. Dr. Poundstone commented, and somebody else did, about the quality assurance role that health departments are moving into. We in fact have a law in Washington that was passed two years ago that says that we are responsible for a uniform quality assurance program. We are supposed to come up with an idea what that means.
You could begin to project out into the future all kinds of linkages for us to be able to evaluate the health delivery system, and to comment on that. It would be -- again, I think Dr. Fleming's comment about keeping it within some walls is what is really critical, so that it is not misusing it. But that is going to be a function that health departments continue to move into. It is going to be impossible today to imagine what those data sets look like, and what we are going to be connecting in terms of facility, professions and patient outcomes, together.
DR. GELLMAN: I think that is certainly a good point. I think the approach of all the legislation is to try and come at things more generically. That is not to say that it has hit it correctly, but it is exactly that: you can't deal with things on a case by case basis, because you can't see where anything is going.
Let me come back to the issue of registries, which we discussed some this morning. Let me ask the two gentlemen from public health departments, what kind of registries do you maintain?
DR. POUNDSTONE: Personally, we don't maintain any. We do maintain connections. We have a cancer registry for the state. We have a beginning immunization registry. It is not anywhere near complete. Obviously, birth and death certificates; those are things that are available to us.
So anyway, the bottom line is, I think whatever you see as the needs of issues that you want to address, you should have the ability to set up registries to be able to follow what those needs are.
DR. GELLMAN: What is your legal authority for setting up registries? Is there a state law? Do you do it by regulation?
DR. POUNDSTONE: Right now I'm not sure what our legal authority is. I know the cancer registry was set up by state law, but I don't know whether some university couldn't, if they had the money, go ahead and set it up on their own, assuming they could get people to cooperate. A reason to have a state law is to give some assurance that you would get complete or nearly complete reporting. So you would need law for that part of it.
DR. GELLMAN: What about in Oregon?
DR. FLEMING: We have the same kinds of registries. In addition, there is a trauma registry which tracks the ability of the health care system to treat people with trauma.
It is a mixed bag, the cancer registry and the immunization registry, because of specific issues around confidentiality and research and sharing of data. We felt we needed to get specific legislative authorization. For other registries, we have a generic ability within Oregon to conduct special studies of morbidity and mortality, and we sometimes use that as well.
It kind of depends what we see the needs are going to be, and whether there is anything that we feel might be questioned that we would need specific legislative authority to do.
DR. GELLMAN: What about CDC? What do you guys have?
DR. THACKER: CDC is not so much in the business of registries, although ATSDR is. We do work with state health departments and their registries, most visibly in recent years in the cancer registries, trying to get uniformity and pulling things together, much the same way as the communicable diseases in the past.
DR. GELLMAN: Let me pose a question that we discussed some this morning. You have a bill that defines what kinds of disclosures can be made for medical records. One set of disclosures is for public health, one other set of disclosures is for health research.
It is not clear from the legislation where registries fit in. It is just not clear. You can make an argument, but at this stage it is not worth fiddling with the words because they can be changed.
How do we decide? You and others this morning have made a case for registries serving clearly a valuable function, and something that should continue. I don't think that is too much in dispute anywhere.
The question is, how do we decide what is a registry? What is the definition of a registry? Where do they get their authority? What is to stop me from setting up a registry all by myself and asking people to report sensitive information to me? And, if we are writing a law that says it is okay to disclose to registries and set some conditions on registries. How do we define what a registry is? Is there a substantive definition? Is there a procedural definition? How do we approach this, so that everybody can't set up their own street corner registry and try and collect medical information from the health care system? Does anyone have any thoughts on that?
DR. FLEMING: Are you talking about people outside public health?
DR. GELLMAN: Well, if we are going to come up with a definition of some sort or an approach to this problem, it is going to have to cover everybody. It is easy when you have got a government entity doing the work, because that is an easier thing to define. But if we define registries as only registries run by government agencies under statutory authority or what have you, that doesn't cover the waterfront, because they are private registries. The problem is much more in the private area than in the public area. Anyone have an idea?
DR. THACKER: It gets to your first question. There are definitions of registries, and we can come to some agreement on that, although I'm sure there will be some discussion. Like anything else, it is wordsmithing.
Right now, people outside the government do set up registries. I'm not sure what would prevent them from doing that. Your question is whether we should prevent them from doing that. Is that what you're asking?
DR. GELLMAN: I'm not asking whether we should. I am willing to take on faith at the moment that there are private registries that are perfectly evaluable and should continue.
The question is, how do we write a definition that distinguishes between registries that are good and serve the public interest and registries that don't?
DR. LEATHERMAN: I think there is another dimension. Aside from good and bad, there is the notion of voluntary and compulsory reporting that seems to me to be the first order of distinction here, isn't it?
DR. THACKER: Yes. That is why I'm saying, right now I can't see how you can prevent people from voluntarily providing personal information to someone.
DR. GELLMAN: Well, we are not preventing people from doing it. We are preventing medical care institutions from doing it, because under the legislation, medical care providers will not be permitted to disclose information unless the legislation says they can.
So that is why we have to be comprehensive here. It is not a voluntary thing. It may not be mandatory, it may be a permissive disclosure, but we have to allow them to do it if they want to. That is the problem.
DR. FANNING: Can I ask a question? These private ones, are they typically -- are they what might fairly be described as research, for a research purpose?
DR. THACKER: The ones I am familiar with are, but it could be --
DR. FLEMING: I am struggling for some concrete examples of what you are talking about.
DR. THACKER: University based research.
DR. FLEMING: In the absence of a patient's consent, where information is crossing provider lines?
DR. THACKER: That I don't know.
DR. FANNING: Yes, I think that is what the inquiry is about, yes, a situation where providers perhaps voluntarily agree to disclose information to someone else who is assembling every case of whatever in the New England states.
Now, I can imagine that some of them would be for a research purpose. I am wondering what other purpose that they could be fairly called registries for.
DR. SCANLON: One is the organ transplantation registry, which is not necessarily research. It is treatment. And the immunization registry is not necessarily research. You want to find individuals for referral.
DR. FANNING: Okay, those two are for treatment.
DR. SCANLON: Yes.
DR. WARD: But are those privately owned?
DR. GELLMAN: The organ registry thing is sort of a quasi-private federal regulation thing.
DR. WARD: It is still living under some government oversight.
DR. GELLMAN: It is complicated.
(Simultaneous discussion.)
DR. GELLMAN: Well, let me come at this a different way. If I called you up and said I have just set up a registry for Gellman's disease, would you share your records with me, what would you ask me, to determine whether I am performing a public function and you are willing to share records with me? Would you just say no to anybody? Would you consider it? What kinds of issues --
DR. POUNDSTONE: You are asking him as a public health official?
DR. GELLMAN: Yes, as a public health official.
DR. FLEMING: Speaking for Oregon, I think this is true in many states, there are either by statute or by rule specific procedures that you would have to go through in order to access information that we have. It would involve institutional review board approval, assurances around confidentiality, non-disclosure, a signed statement kind of thing.
That varies a little bit, depending on the specific registry that we have and whether the legislation deals with that, or whether we have some general rules to fall back on.
But the standard of practice would be that you have to demonstrate some bona fide researchability and meet some confidentiality concerns, and non-redisclosure, before any information could be released to you.
For some of our information, for example, communicable diseases, you couldn't get it.
DR. POUNDSTONE: Unless you went to the original treating physician. That is how we would handle these things. If it is secondary information that we have, we would say it sounds like a nice registry you're setting up. You should go to the treating physicians that have these cases and ask them for it. I'm not sure we could -- we could point you in the directions of who these physicians were. We would probably know something about that.
DR. GELLMAN: You may be a treating physician wearing one of your hats. You may be providing treatment.
DR. POUNDSTONE: Then I would ask the questions that he did. Why are you setting this up, what are the protections. Also, we have our own IRB at the health department that would go through that kind of procedure, too, if it seemed appropriate.
DR. GELLMAN: There are lots of registries out there, I suspect, that you cooperate with. Do you run those through your IRB on a regular basis? Did you do it on a one-time basis?
DR. FLEMING: I ama little bit confused, because there are not a lot of registries out there in the private sector that we are providing information to. So that may be unique to work in, but it may not be a valid assumption.
Something that we frequently do to deal with the kind of problem you mentioned, if you call and you say, I want to investigate cases of Salmonella or whatever, we will say, we are not allowed to give that information to you. But if you write a letter to us, we will send that letter to our patients and if they choose to, they can contact you directly. So in other words, to serve as an intermediary.
DR. GELLMAN: But that is not likely to produce -- obviously, an answer to everything is to get the consent of the patient. That is not going to produce a particularly useful registry.
DR. FLEMING: Right. And again, for most of what we do, we are saying what is the specific purpose that you are doing this for, and to give it to you for that purpose. A registry in my mind connotes undefined future purposes, and we would not release information to a private registry. That was covered by our public health statutes.
DR. GELLMAN: If we treat registries under the scheme in the bills as research, they would require IRB approval. It is not clear whose IRB. Given the fact that there are both state, federal, nationwide, international registries, that is a question. And of course, there is always nothing to stop me from setting up an organization creating my own IRB, especially if I am not subject to the federal laws, of whatever quality, and say here is an IRB certificate from my home-grown IRB.
Do we need to have some kind of standards? Should the legislation say that a registry has to go through an IRB established by the Secretary, or established by somebody? Does that make sense as a way of imposing -- if we can't define -- there are two ways of coming at the problem. You can either define registries substantively, saying they perform the following specific functions, or you define them procedurally, saying you write a much more general definition and then you say they have to be approved by somebody, so that there is somebody to look at them on a case by case basis.
Does any of that sound useful, not useful, helpful?
MS. NESLUND: One created by the Secretary would certainly give you a higher level of insurance or integrity within the system. I don't see how you can define a registry at this time. When you introduced the organ transplantation issue, you would have to rewrite history to change that. We do that all the time. Because they aren't engaged in research, and also across a large number of states. There is more than one of them.
I think IRB approval under an IRB that follows the Part 46 regs would certainly give the system some level of integrity.
DR. FLEMING: It depends on the purpose of the registry. The problem with an IRB is, they are geared to looking at issues around research. If you have a registry that has a non-research purpose, they are going to have problems with dealing with it.
MS. NESLUND: Right, that is true.
DR. GELLMAN: Well, I think actually, the researchers made that point this morning. We talked about the same thing. You could define an IRB-like creature with a different focus. Instead of looking at individual projects, it might look at individual registries as they came through on a cycle to make sure that they are carrying out some kind of appropriate purpose. I'm not quite sure how you would do that.
DR. REID: Like a licensing board.
DR. GELLMAN: Perhaps. I'm not sure you want to use the term licensing, but yes. I don't know, I'm just fishing for a solution to this kind of problem that doesn't interfere with what is clearly an important function, but still doesn't allow it to go on -- right now, it sounds like it is almost totally unrestricted, and the only thing that prevents me from establishing a registry is the good faith of the people I am asking to give me data. They are going to say we don't know who you are, we are not going to give it to you. But in a statutory scheme, that may not be enough to rely upon.
DR. REID: The other thing that restricts you, it costs money. Registries are expensive to maintain and do well.
DR. WARD: I guess I would need proof to know whether your statement is accurate or not, in the world that I live in. But I am unaware of lots of private registries. The registries I know of are all governed by public health entities. There may be some institutional ones that are very specific for research, and they have an IRB. So we have registries for research and we have public health registries, and the registry in the public health arena is a particular label for doing what is always done in public health.
So I don't know that that is a problem yet, that we have to legislate the proliferation of private lists of people until I know whether that is really a problem or not. Or are we legislating something that is not a problem?
DR. GELLMAN: Well, life would be a lot easier if there were a governmental connection and we could rely on that in some fashion. Maybe someone could try and find out, and get us some more information about that. Is there a registry of registries somewhere? In any event, I don't know. But if it is not a problem, we don't need to deal with it. But we don't know that yet.
DR. POUNDSTONE: I don't know whether it is apropos or not, but under managed care, disease management is a big issue right now. In other words, how are the diabetics managed, how are the hypertensives managed? When you try to come up with an ideal way of reducing costs as well as improving the quality of life for these people -- if a certain organization for proprietary reasons has found some kind of secret way of reducing costs and increasing quality, then they might want to hold on to that.
Where we are worried about information getting out and protecting confidentiality and so on, here is information that might be useful to more people than this proprietary organization that is withholding it. It is a different side of the coin. But it is something that may want to be looked at as well.
DR. GELLMAN: I think that is an interesting point, and I think it is likely to become more and more of a problem as people are competing with one another in the marketplace. If I have got something that is going to save money and allow me to treat people less expensively, not that there aren't other pressures, but I might have a competitive advantage by keeping it secret, which has not been the pattern or practice up until now.
Let's talk some more about vaccination, immunization kinds of activities. Do you each run an immunization registry or program of some sort?
DR. POUNDSTONE: It is not a complete registry, but we are just getting started.
DR. GELLMAN: Could you describe how it works, what its purpose is?
DR. FLEMING: Sure. This was authorized by statute. Basically, the way that it works is that at birth, every -- and this is new, I'm not sure it is going to work -- but at birth, every child is enrolled into this registry and then each time that child gets an immunization at any provider, be it public or private, the information about that immunization is forwarded to a central computer that is managed by the health department.
The legislation then authorizes any provider of immunization to access at any time specific bits of information in that computer, so they can determine when a child comes in seeking immunizations what immunizations that child needs. There is some password and confidentiality protection, but that is --
DR. GELLMAN: So any provider in Oregon will have access to this?
DR. FLEMING: That is correct.
DR. GELLMAN: What kind of inquiries can they make?
DR. FLEMING: They can make inquiries about -- this child is in my office, and based on the record of immunizations that this child has received, what immunizations would you forecast that they need at this point.
DR. GELLMAN: Any significant differences between what you are planning?
DR. POUNDSTONE: That is essentially what we are working on as well.
DR. FANNING: And it is reported. Are subsequent immunizations fed into the system?
DR. FLEMING: Yes.
DR. FANNING: Yes, okay. That is done without the consent of the parents?
DR. FLEMING: That is correct.
DR. FANNING: The law permits it, and perhaps requires it.
DR. FLEMING: That is correct. Now, parents can for a list of reasons that the law stipulates take their child out of the registry. They don't have to affirmatively consent for them to be in it. But they can decide to take their child out.
The classic example would be if a parent were concerned that there was an estranged parent who was trying to get hold of the child. They could ask that that information be removed. That kind of thing.
DR. HARDING: Is there an audit trail of access --DR. FLEMING: Yes. The legislation and the rules permit us to follow up on that audit trail if we suspect misuse or for whatever reason, to go to the provider and investigate their records.
DR. HARDING: And there are penalties?
DR. FLEMING: Yes.
DR. FRAWLEY: What type of unique health identifier do you use for the child?
DR. FLEMING: We actually have a number that is assigned to the child at the time of birth that is related to their newborn metabolic screening. All children in Oregon and in most parts of the country have to have at the time of birth blood drawn to test for metabolic diseases. There is a unique number that is ascribed to the child at that time. That is the number that we use. We also use their name, but that is the number.
DR. GELLMAN: How do physicians get that number?
DR. FLEMING: I should have brought my presentation. Basically, it is a fairly innovative bar coding system, where the providers in Oregon have bought off on using an immunization record sheet that consists of a bar code. So each time you give an immunization, they peel off a little bar code sticker, put it on the card, drop it in a box, and then write the immunization in there.
When we talk with providers about what are the stipulations for you using this registry, they said, we would love to have this registry as long as our documentation takes less than one second per immunization delivered. So this peel-off sticky bar code drop-in was --
DR. GELLMAN: The bar code identifies the patient?
DR. FLEMING: The patient and the immunization.
DR. GELLMAN: How do they get the bar code number for the patient?
DR. FLEMING: That is something that is generated by the central registry.
DR. GELLMAN: I am a physician. A baby comes in at the appropriate age and I give it a vaccination. Now, how do I -- where does the number come from, exactly, in the transaction?
DR. FLEMING: If you are their primary provider, you will have that bar code there. If you are a secondary provider, then you can --
DR. GELLMAN: Why will I have the bar code there?
DR. FLEMING: Because that is sent to the provider of record.
DR. GELLMAN: A patient walks in the door with a baby and says it needs a vaccination. I have never seen them before.
DR. FLEMING: So in my mind, you would be their secondary provider.
DR. GELLMAN: Even though they have another provider?
DR. FLEMING: Right.
DR. GELLMAN: So where do I get the number?
DR. FLEMING: So then, you contact the registry and using the patient's name can find out, has this child been enrolled in the registry, and if so, you can get information regarding their immunizations. If it is your intention to take over the primary care of the child at that point we will send you the information that you need to do the bar coding. If you just happen to be seeing this child and do not intend to see them again, you can report their immunization data using their name, and then that is encoded into the computer.
DR. GELLMAN: What happens if I walk into a clinic with a child born in another state?
DR. FLEMING: Then at that point, we ask you, is it your intention to carry out further immunizations for this child, or is this child just visiting. If the child is just visiting, we do not record that immunization. This is only a system for people that we believe will stay in Oregon. If it is your intention to take over the care of that child, then there is a system for developing a unique ID number for that child, and sending you their record.
DR. GELLMAN: What would that number be based on?
DR. FLEMING: You are now at the limits of my knowledge again here. I can let you know. I don't know offhand.
DR. GELLMAN: It is not all that critical at this point. It is a pretty complicated system, it sounds like.
DR. FLEMING: It is complicated from our perspective, but from the provider's perspective, it is easy. It doesn't matter how complicated it is from our perspective. It is your perspective that matters, right?
DR. GELLMAN: Right. Is there a federal role in any of this?
(Simultaneous discussion.)
DR. GELLMAN: Could I ask you -- I think this is obvious, but could you state for the record what the benefits of this system are?
DR. FLEMING: There are many. The primary benefit is that we have an immunization crisis in our country, where a couple of years ago, only half of our children were adequately immunized.
The primary reason why children are under immunized in this country is that there is no central place where someone can figure out whether a child needs immunizations or not. The only way to improve immunizations in this country is to have a comprehensive registry, where providers can quickly and accurately determine whether or not a child needs immunizations, and take advantage of those opportunities to give immunizations to children.
A secondary benefit is that a consequence of the attention on immunizations is that many of our children wind up being over immunized. That is, a provider who is uncertain about immunization status chooses to take the better course and provide more immunizations than are needed. So there is a cost issue here as well, where we are wasting immunizations on some children at the expense of not providing them to others.
DR. POUNDSTONE: That is essentially it. Just in terms of identifiers, what we are using in Kentucky is the name and date of birth. That is our approach right now.
DR. GELLMAN: I just think it is important. The reason I asked about it is to state why this is. You are generating a lot of records and a rather large information system. So I think the reason for it has to be explained.
DR. THACKER: I have been thinking through your question about registries. I have come up with a hypothetical one, and see whether you want to regulate it.
Mothers Against Drunk Driving creates a registry of people who are convicted or even get accused of drunk driving, and then some sort of intervention program.
DR. GELLMAN: No problem. It isn't covered by any of the legislation. It is not medical information, it is public record information from the court. So it doesn't -- nice try. Anyway, keep at it.
On the vaccination, immunization things, this is clearly a new program of its type. Does this have applications to other kinds of medical treatment? Could this be expanded to deal with things other than just immunizations? Is it beyond the realm of foreseeability that that could be done, that there are other kinds of --
DR. FLEMING: I think that immunizations are somewhat unique, just in the way that health care is being delivered in this country, in that there is a mix between public and private and across provider lines.
So in some ways, it is one end of the spectrum, but there are a number of chronic conditions -- diabetes is one that has been mentioned, where there are a series of preventive services that need to be provided to diabetics. It would be a great advantage to providers and to managed care organizations to be able to track over time the services that were delivered to diabetics.
What we hear though functionally is that -- and this is a little bit off the track, but that people don't want categorical registries. Instead, what we need to be developing in this country is a holistic way of tracking medical information about individual patients that cross disease lines. So I am not sure that I see in the future more central registries of the sort of immunization registry as becoming the norm. I think what we are looking at instead is working with providers and managed care organizations to develop holistic patient-oriented registries instead.
DR. GELLMAN: It clearly has advantages along the lines that you described, just for dealing with vaccinations. But it also clearly creates larger databases with more information about more people, that are widely accessible to health professionals within a state. Are any of these programs worried about interstate, or are they just worried about gearing up within your own state, about sharing information across state lines? Is that an issue?
DR. THACKER: We are worried about interstate. We have national responsibility. I think you share when you can.
DR. FLEMING: Right. The immunization registry issue I think is just being invented now as we speak, so many of these questions are kind of the least of our worries at this point. It is trying to get an operational registry in the state.
DR. FANNING: How many people in your state and how many births per year?
DR. FLEMING: There are slightly over three million people and there are 42,000 births.
DR. GELLMAN: Anyway, you have created a new kind of identifier, at least insofar as I have seen before. There are a couple of options floating around for health identifiers. One of them is the social security number, which lots of people like and lots of people hate.
Another proposal is sort of a modified social security number. It has been proposed to have that with a check digit added to it, which other people like, and presumably the same people who hate SSNs will hate that one, too.
Another proposal is for some new kind of health identifier. It is interesting. Does the number that you generate out of this metabolic information, is that essentially just a unique random number? Or can you work backwards from that number and divine something?
DR. FLEMING: We cannot work back from that number. Our first choice was the social security number, but we were told from a legal standpoint, we could not use it for this purpose.
DR. SCANLON: By your state agency?
DR. FLEMING: By our attorney general. Actually, right, the Privacy Act, Section 7 of the Privacy Act, yes, that's right.
DR. SCANLON: You might think about changing, because functionally that is the number that people can relate to. That would have been our first choice.
DR. GELLMAN: Is that your preference?
DR. POUNDSTONE: Personally, it would be my preference. The people that hate it say there are too many errors made in it. So it is easier. We thought we would give better information with the name and date of birth than we would trying to get a social security number, particularly for small children. The parents wouldn't have had it memorized yet.
DR. GELLMAN: Does CDC have a point of view on the identification number?
DR. THACKER: Well, we like it from some points of view. But you are asking whether we like the social security number?
DR. GELLMAN: As a health identifier.
DR. THACKER: The unique identifier has a lot of benefits. As Joseph alluded to an hour or so ago, the Scandinavians have a national health number that they use, and it is very beneficial, not just for research, but for following patients in health care settings.
DR. GELLMAN: They also have a sexualized health system, so that makes it a little easier.
DR. THACKER: I understand that. You asked what we liked. You had a comment.
MS. NESLUND: I think that in the immunization registry, I think our preference would have been to have a national registry, in order to meet the goals. But that was not politically acceptable. So we have to recognize the limitations.
I think the same holds true on the numbering system. We would like a unique identifier, because that would make it easier from a statistical and surveillance standpoint for matching purposes.
DR. GELLMAN: Are there health benefits from having better identifiers?
DR. FLEMING: I think there are some, maybe slightly intangible benefits, but certainly there are benefits. One of the missions of public health is to assess the overall health of our population. The advantage of having a unique identifier is, it solves many of the problems in accuracy of data around duplication, so that you can assure that you are dealing with individual case reports, and you can track events from one instance to the next. Only by understanding the health of our population can we implement effective programs and allocate resources. So, yes.
DR. GELLMAN: Let's try and deal with some other details in the legislation. We have talked about disclosure, re-disclosure of public health records. Can we talk a little more comprehensively about the kinds of disclosures that you make? You talked about notifying partners for sexual diseases. What other kinds of disclosures are routinely made?
Let's ignore your treatment functions, because I said those are the same as everybody else's. But for public health functions, when will you re-disclose identifiable patient records?
DR. FLEMING: For example, in vital records, at the request of the patient. That is generally across the board. If the patient wants the information we have on them for whatever reason, we will re-disclose back to the patient.
With respect to investigation of reportable diseases, the specifics vary from disease to disease. But disclosure basically is, whatever we need to do to protect the health of the individual and the health of those folks around that individual. If that requires some disclosure, then we will do it.
The default always is not to disclose. But occasionally you get into situations where you need to disclose.
Then a third setting would be in some of the selected research areas that we talked about, where there is a researcher with a need to know information, and can satisfy our assurances, we will disclose it. Some of the public health information we get to those folks. That is pretty much it.
Oh, I'm sorry, can I raise one other issue? This is a tricky issue, but there is a tremendous need for us to actually use the data that we collect, that because want access to it. They want us to translate this data into information that then can be made useful to policy makers. So we are constantly aggregating the data that we collect and presenting it to folks.
There is a fine dividing line between the need that people have for data and the specificity and the issue around inadvertently disclosing.
I'm not sure if that is within the committee's domain or not, but that is a very, very difficult issue for us right now, how finely can we put out aggregate information, where we are respecting the confidentiality of the individual, but at the same time providing useful information.
DR. GELLMAN: Does anybody have anything to add to the list of uses?
DR. POUNDSTONE: Abuse, various kinds of abuse. We are required to release that, if we know about it. That is not necessarily reportable disease, but these people --
DR. GELLMAN: Disclose to law enforcement agencies?
DR. POUNDSTONE: Yes. If we receive a subpoena, yes. That is a state requirement. In fact, we are actually supposed to report it. Then if they need more information, they may send us a subpoena to get more information.
Another one. I think we have got a law in Kentucky that says that prostitutes who have AIDS and who knowingly continue their profession can be prosecuted for that. So it is a fairly new law, and we are still trying to figure out how we can dodge that. Presumably there is a primary care provider for that patient as well.
So anyway, there are certain specific areas like that, that do come up.
DR. THACKER: Just to build on what Dr. Fleming says, we have a concern about unintended disclosures. So we have some rules about cell size, in other words, the number of people in a particular grouping that we put on our data that we release.
DR. GELLMAN: I'll set this one aside, but it is a significant problem. When is information made adequately non-identifiable? It is a very difficult problem. You cannot divide the world necessarily up into identifiable and non-identifiable data. You can take a non-identifiable record and if I have other information, I can identify it. So it is a very difficult problem.
At least one of the bills recognizes that. I think they all do, and use some kind of standard about reasonably, reasonably non-identifiable, or something like that, because you can't guarantee, unless you are aggregating tremendous quantities of data, that -- anyway.
So go over some of these disclosures. Public health officials may disclose records to other researchers, for research purposes.
DR. FLEMING: Right, and that is probably going to vary by state and vary by record. So for example, in Oregon we cannot disclose communicable disease records to researchers, but the legislation for our cancer registry does authorize that we can disclose that.
DR. GELLMAN: Okay. I presume that disclosures are made to other public health departments in the ordinary course of activities, when appropriate, as people move back and forth across state lines.
What about the police? Do police come to public health departments and ask for records?
DR. FLEMING: Not anymore in Oregon. We don't provide our records to police.
DR. GELLMAN: Do they not come and ask?
DR. FLEMING: They do, and we explain to them that the law prevents us from giving the records to them, and that the records are more easily obtainable by going to the primary provider.
DR. GELLMAN: Why do they come to you? Do you know what their motivation is for asking you for records?
DR. FLEMING: They think we may have information. A classic example would be that they have a person who is known to be HIV infected, and they want to know how long ago it was that the person was tested, as far as prosecuting a manslaughter case or something. That would be an example, if they would come to us saying, we want your records about HIV testing.
DR. GELLMAN: Do you have any experiences with police?
DR. POUNDSTONE: Similar experiences like that, nothing unique, other than was already talked about.
DR. GELLMAN: What about disclosures to the subject of the record? Somebody comes along and -- I want you to think about this broadly in all the records, treatment records and others, intervention, whatever you are doing, comes along, I want to see the record you have about me. Is that a problem? Do you have any difficulty giving that out?
DR. FLEMING: There are some instances where we do. We will disclose back to the subject information that they have provided to us. In some instances, our law confers upon us an ability to withhold some of the information that we may have about that individual.
For example, in the case of hepatitis-A that I mentioned, if we go and ask the individual's coworkers about their level of hygiene, that information that they provide to us we do not have to give back to the individual. It is a way of assuring, if you will, that people will feel comfortable about providing accurate information without having to worry about the individual in question learning about it.
So there are some select instances where third party reports to us about an individual, we can prevent release back to the source.
DR. GELLMAN: Actually, under at least one of the bills, this probably is consistent, there is an exception in the patient access for what is confidential source information. That is at least consistent with that, if not the same thing.
Do you have any experiences with this?
DR. POUNDSTONE: Yes, there are -- health care reform in Kentucky included where the patient is entitled to a free copy of his or her health record. I'm not sure what the exceptions are to that, I can't remember. I assume psychiatric and some things like that are protected. But there is a general agreement that the patient is entitled t the record.
DR. GELLMAN: Do you have any experience with this? You don't really have that many identifiable patient records that anyone would likely come and ask for.
DR. THACKER: No. For example, I mentioned earlier where we did the series of studies on the Vietnam veterans, and basically what we provided are non-identifiable public use data tapes, and just stop it at that.
MS. NESLUND: The question does come up on what is the patient's medical record. Sometimes when we have done an investigation, then it gets to be a question of whether or not the observations and the comments of our investigator are a part of that medical record or if they are a separate record subject to certain protections.
It has come up in the case of -- where a patient has brought a lawsuit. They consent to the release of the record back to themselves. We have had to grapple with that; is that a part of the individual's medical record.
DR. GELLMAN: Well, it doesn't really matter whether it is a medical record or not. You guys operate under the Privacy Act. The issue is whether it is in the system of records.
MS. NESLUND: Sometimes we are dealing with an assurance of confidentiality under Section 308d or 301d, the record that has been created, which does allow the record to be re-disclosed back to the individual.
DR. GELLMAN: Does your certificate trump access under the Privacy Act, subject to the record?
MS. NESLUND: No, they are read in concert with one another.
DR. FANNING: One of the exceptions to the use of the certificate is, if the patient wants the record disclosed.
MS. NESLUND: And sometimes they want it disclosed to their attorneys.
DR. FANNING: Well, that is all right.
DR. GELLMAN: What about disclosures to physicians? Is that something that --
DR. FANNING: Wait a minute, can I just go back? You said you wonder whether some of the observations of other people about the subject, Vera?
MS. NESLUND: The record that we would have that would be collected under 308d might include the patient's medical records, a questionnaire that was administered by epidemiologists from CDC, interviews with other individuals, similar questionnaires that might have been administered to them.
The question is, when the patient is asking for the records back from CDC that we have on them, it can be a difficult question to decide whether or not they are entitled to access to it, because it wasn't -- it does contain some sensitive information.
It is similar to the hepatitis-A situation, where we might have observations about the hygiene of that individual.
DR. FANNING: I see, okay. Is it different if it is some professional who is evaluating the person, a physician, for example?
MS. NESLUND: In every case that we have some to this situation, and it has been a real live situation, where we have been dealing with a release, sometimes it is even a subpoena and then accompanied by the medical release of the individual, saying I hereby authorize CDC to release to this person all records they have, or all medical records they have on me. Some of those records weren't created with the intention that the individual would see them again, people they are confidential information, or information of observations, interviews with coworkers, and that type of thing that were pursuant to our investigation, but were not necessarily records that we created on that individual as such. It was part of our -- pursuant to our investigation. Sometimes it is difficult, when you are sorting through pieces of paper to say well, this is a sheep and this is a goat, this is a goat, this one goes in, this one stays out. To assert a privilege, which is what we would have to do then, in the instance of the other documents, is some sort of a privilege.
DR. GELLMAN: Well, in order to withhold something under the Privacy Act, you would have to have an exempt system of records, which I suspect you do not, am I right?
MS. NESLUND: No, we do not.
DR. GELLMAN: Right, so you don't have any defense.
MS. NESLUND: The only way we have ever been able to do it is just deem that it is not a record on the individual. After the first one of these happens, you know what to do the next time. We create your record differently. You have the record that is identifiable on the individual, that is one set of records. Then you have your research records, which may be another set of records, but aren't in that same system.
DR. GELLMAN: What about disclosures to physicians? Will you share information with physicians routinely?
DR. FLEMING: No.
DR. GELLMAN: Not at all?
DR. FLEMING: Information that a physician provides to us, we will of course provide back to them. But other information that we collect is not sharable with physicians.
What we try to do is, for reportable diseases, where we rely on providers to report to us, is to send back some sort of sanitized summary, so that they can feel like something happened as a result of their report. But we would not ever show a copy of the individual record.
DR. GELLMAN: Your experience?
DR. POUNDSTONE: It is exactly the same.
DR. GELLMAN: Do you ever get demands for records in emergency circumstances? The emergency room, someone bleeding in the street, that someone may be able to identify someone and think you have information that is relevant? Is that something that doesn't come up? Never have that happen?
DR. POUNDSTONE: Not from the public health side of what we do.
DR. GELLMAN: But for the treatment side?
DR. POUNDSTONE: The treatment side, yes.
DR. GELLMAN: And on the treatment side, I assume as well that all the routine disclosures that are for payment, or if you have somebody you can bill for the treatment, that that all goes on just like everybody else.
Does CDC run anything comparable to a clinical trial? Is that something that you engage in?
DR. THACKER: We have done clinical trials in the past, tuberculosis, for example. We do longitudinal studies. I think one of these is the NHANES, the National Health Assessment and Nutrition Evaluation Survey, where we do follow-back studies. It is sort of like a registry. So we keep longitudinal records.
DR. GELLMAN: What is the nature of your clinical trials? Are you testing a procedure or a drug or something of that sort?
DR. THACKER: Drug. Drug or procedure.
DR. GELLMAN: One of the issues that has been identified in this area is the problem of basically double blind studies, patients being treated obviously in these trials with consent and disclosure all over the place, because that is routine. You guys are operating under the Privacy Act. I am being treated with a drug. I come along and say, I want my record. I want to know whether I am getting the real thing or not.
Is this a problem? Does this come up? Have you ever had to confront this? Do patients not ask?
DR. THACKER: Generally what happens is, we have stopping rules and trials. When we have reached the point where we have found it is effective or not effective or unsafe, we let people know.
DR. GELLMAN: But does the problem arise that patients come in and ask?
MS. NESLUND: I am not aware of any instance. The only ones I am aware of where we have had to do any sort of notification to the patients have been where we have stopped, or when patients have come back and we have stopped. I'm not aware of any that were in process.
DR. GELLMAN: Because that has been identified as a potential area --
DR. THACKER: The patients, when they give consent to participate in the study, it is told to them up front, if it is a blinded study, they will not know what the treatment is. That is part of their consent process.
DR. GELLMAN: Well, but the legislative angle on this is that if you are passing a law that says patients have a right of access, and if this is a right that is not waivable, and that is the question, --
DR. THACKER: Then it would be a problem.
MS. NESLUND: It would be a problem.
DR. GELLMAN: -- then there would be a problem.
MS. NESLUND: If it occurred it would be a problem for us, because we would be in the same dilemma that you described. I would be inclined to support trying to withhold it from them.
DR. POUNDSTONE: I trust you won't create these problems.
(Simultaneous discussion.)
MS. NESLUND: It waives their --
DR. POUNDSTONE: So they can do this, is what you're saying.
MS. NESLUND: So they can do it, and it would interrupt the trial. So it will bias the response.
DR. GELLMAN: No, I understand the effect of it, but whether a patient participating in a clinical trial has waived their statutory Privacy Act right of access is an interesting question.
Anyway, what you are telling me is that it is not a problem in practice.
MS. NESLUND: It has not been a problem for us.
DR. GELLMAN: I'm just fishing, that's all.
MS. NESLUND: That is correct, we don't do that many.
DR. GELLMAN: International. I want to talk about some international issues. Is there much international cooperation at the public health level? Is this something you deal with routinely, occasionally, once in a blue moon?
DR. POUNDSTONE: Immigrants, things like that. We get routine notification of immigrants coming into the community that have tuberculosis or some other situation.
DR. GELLMAN: This will be information coming from abroad?
DR. POUNDSTONE: Well, it comes from the -- I can't even say the word, the service that brings them in.
(Simultaneous discussion.)
DR. GELLMAN: How about you?
DR. FLEMING: Immigration is a good example, because Oregon is not too far from Canada. We oftentimes will have outbreak of a product that crossed the border. Then oftentimes some sort of imported product will be the cause of an outbreak of something, and we will need to try to work with manufacturers in other countries, usually to no avail. It is very frustrating.
DR. FANNING: Have you ever had an instance where a foreign government wouldn't cooperate because of some privacy law of theirs, and some question about yours?
DR. FLEMING: Well, we certainly had an instance where the foreign government would not cooperate. We weren't able to get far enough to figure out if it was a privacy issue or just being ornery. But, yes.
DR. WARD: If I can add, there are like six quarantine ports authorized in the country. I was just reading something about that. Those local or state entities that operate the states where those quarantine ports come in have more international work, because they can quarantine ships, they can quarantine planes. So that is the other instance where you will have some international interaction, when you have those areas that have international quarantine authority.
DR. POUNDSTONE: International travel, too. Local health departments give advice on international travel a lot for immunizations and things like that. So we do have to keep an information database as to what is going on in foreign countries.
I am in the Naval Reserve, so I have information sources there that help me out on those kinds of things. So there is a reason for local health departments to keep abreast of what is going on overseas.
DR. GELLMAN: Let's go back and talk about some of the mandatory reporting provisions, the disease reporting.
The requirements vary from state to state; we have already talked about that. I gather that there is a reasonable amount -- I'm sure that there are some things that are reported everywhere, but there is probably a reasonable degree of variability from state to state. Is that a fair conclusion?
DR. FLEMING: That is true. There is like a core set of things that are generally reportable everywhere, and then add-ons.
DR. GELLMAN: As written, at least some of the bills allow reporting of specific conditions to either police or public health departments, because some of the reporting under state laws is -- gunshot wounds I don't think goes to public health departments, but goes to the police.
I assume that that kind of permissive or mandatory -- I don't want to get back to that issue -- disclosure is something that you support. Do you have any problem with the reporting of information to police?
DR. FLEMING: We would have a greater problem for diseases like HIV with mandatory reporting to police, because our sense would be, if there was overlap between the two agencies, between the police and the public health, where we both wanted the report, that is where the problem is going to come in, because providers would not report HIV to police, and therefore we are not going to hear about it, either.
That has been an issue that has come up in multiple states. But those two need to be disconnected in some way. Do you see what I'm saying?
DR. GELLMAN: Right, it is not a joint operation.
DR. LEATHERMAN: Can I add something about the converse? Are there any reasons -- what you are saying in the disconnect in law enforcement and public health in that instance, but say for the situation of domestic abuse and child abuse, which is constituting more and more morbidity and mortality problem in this country. That is required reporting to law enforcement in that circumstance.
Should we also look at the opportunity to report that into the public health?
DR. FLEMING: I think the answer is yes. The problem that you come into here is what the perception of the reporter is, as far as what is going to happen to that report. So it is a lot harder for someone to report, for example, an instance of domestic violence to the police, where there will be direct, perhaps legal repercussions, than to the health department.
We tend to think that we have a softer touch on many of these issues. To the extent that people are worried that they will be penalized in some way for making this report, they are not going to do it.
Another example would be with occupational --
DR. LEATHERMAN: I know, but I'm looking at the opposite. I am trying to look at opportunities --
DR. FLEMING: Sure.
DR. THACKER: Would we be an impediment to the police? Are you asking the complete opposite?
DR. LEATHERMAN: No, I am looking at the opportunities through this piece of legislation, which is going to move forward, of actually trying to improve the health data gathering in this country in a constructive means. It seems to me that in some of these situations that there is data actually being reported, and it should be swift for public health purposes.
DR. FLEMING: If the legislation as written would prevent the police from sharing that information with us, I would strongly agree with you that that needs to be changed.
The current practice at least in Oregon is that we have access to police records. So if we want to start a database on domestic violence or drug use, we can go and the police will share their records with us. The opposite doesn't happen.
DR. GELLMAN: I believe all of the three main bills have an exception on the pre-emption thing for abuse reporting. So whatever abuse reporting is required under state law is not prohibited by this across the board.
I'm not sure it is totally adequate, but it is certainly leaning very much in the direction you have just described.
Let me ask the CDC folks, do you have any experiences wit the Privacy Act? The Privacy Act has basically all the requirements of any of the bills. They are stated differently generally, and there are a whole bunch of differences. But essentially all the basic principles of fair information, of patient access and correction and limits on use and limits on disclosure and whatever, are there any particular problems that you can report on with respect to medical records that have come to your attention under the Privacy Act?
MS. NESLUND: I'm not aware of any.
DR. THACKER: We deal with it on a daily basis. It is not something that people are not aware of.
MS. NESLUND: We have a routine way of processing that. The collection and the protection as far as -- even the technical aspects of it are very workable. It is so much a part of our life now, the way we collect, retain, release.
DR. GELLMAN: Are any of the requirements particularly expensive to implement at this point, the ones you have gotten used to, at least?
MS. NESLUND: I'm not aware of any problem.
DR. THACKER: As Vera says, it is very routine for those of us who do science. It is pretty straightforward, pretty simple. I don't have problems.
MS. NESLUND: Probably the main thing, if you were going to nitpick and try and find something, monitoring the -- because there is a burden on the government not to retain identifiers longer than is necessary, the personal work habits of the researchers very often get to the place where they may not monitor this as routinely as we would like them to.
In other words, we end up being in a situation and finding out we are holding identifiers when we wish that six months ago or three months ago we had already expunged those from the records. That kind of thing, just a maintenance thing. But I don't consider that any more than just the need for better training.
DR. GELLMAN: Anybody else have any questions?
DR. FANNING: Yes. I just want to ask about one thing. Many of the bills that have been proposed permit disclosure for public health purposes to an agency, to a public health authority for use in legally authorized disease and injury reporting, surveillance and so on.
I know some people have worried that the term legally authorized might be read as meaning there has to be an obligation to report, or there might be other fears about authority, or of people at least questioning the authority.
If that is the standard, legally authorized disease or injury reporting, I wonder whether people have any observations on that. I would like to think that you don't do anything that isn't legally authorized.
MS. NESLUND: Right. Certainly in a permissive sense, that is true. The federal statutes definitely govern the activities that we have, and permit us and authorize us to do the data collection that we do, retention of information analysis and everything else. The states' having of that information with us, I would say, is equally legally authorized as part of our function.
A very good legal argument could be made that our statutory authority does give us the legal authority. If you want to take a -- I'm not saying that a legal argument cannot be made on the other side, that is to say, well, it is not specifically legally authorized, you cannot pull words out of the public health act that say we shall do this and that. But then, the public health act could be contained in this room if every specific function were described in it as well.
So yes, a very good and clean legal argument can be made that what we do is legally authorized in the public health statutes.
DR. FANNING: Does anyone have any experience with attempts by people other than the public health agency to collect information, sensitive public health type information under the claim that it was public health, when in fact it wasn't?
DR. THACKER: Collect from us?
DR. FANNING: No, no, from physicians or from individuals.
MS. NESLUND: Oh, I would say things that I would call isolated incidents. We have had circumstances that have been reported to us, where people have fraudulently contacted doctors' offices, maybe even individuals at home, saying they were from the CDC, and they need to ask them a few more questions about this, that or the other. Yes, we get a half dozen of those reports a year.
DR. FANNING: Okay, but that is --
MS. NESLUND: But not anyone making a concerted effort with a documentation, no.
DR. SCANLON: I have a question about some of the other information that public health agencies may get.
Part of the public health functions clearly are meant to result in information that is meant to be public. I assume that information about inspections of restaurants or wells or other public safety and health protection function, that information that would come into the hands of a public health is really intended to be public, is that right? That would not be in the purview of information that we are discussing here, of records confidentiality.
DR. FLEMING: That is correct. There is an issue that we run into around information that can be potentially damaging to an individual provider, or to a health care facility or to a managed care organization, and our ability to promise that that information would not be released if it is provided to us. That is ambiguous in many places.
DR. SCANLON: So that would be authority to protect --
DR. FLEMING: Whether or not we have the authority to protect that is somewhat in question.
DR. GELLMAN: That is a difficult issue, and it raises a whole bunch of different confidentiality concerns that we have been dealing with today, and it raises a lot of really hard ones.
DR. SCANLON: One more question. Is it the case that a public health agency would also include mental health and substance abuse treatment functions? And how if at all -- would one approach that the same way? One would approach treatment information in general, or is there something different?
DR. FLEMING: I am not the best person to respond, because they are separate in Oregon. But my sense is that in general, statutory authority tends to be different for those two, so you would have to go to the individual state. It is more of a treatment issue as opposed to really collection of secondhand information, however.
DR. GELLMAN: Well, presumably any drug treatment records are subject to the federal alcohol and drug abuse law. The mental health stuff, there is no federal law that I can think of.
MS. NESLUND: Our experience has been, probably the majority, although I don't think we have data to support this, large number of the drug treatment providers do not provide HIV surveillance information. They use the statute as the basis for their withholding this information.
Although there have been attempts to say there would be a proper disclosure because it is pursuant to the -- they feel that that confidentiality protection under the drug laws permits them to even withhold surveillance information.
So in a large number of instances, we don't obtain any. Well, we don't obtain any information from that provider. It is possible we have obtained it from another source. If they were diagnosed at a different provider, or something like that.
DR. POUNDSTONE: We have had the problem of tuberculosis patients that are also under mental health treatment, and we want to make sure that we are giving the right -- the drugs aren't interacting inappropriately. It does sometimes take just a personal visit to find out what drugs they are on, if the patient himself or herself doesn't really know, as often they don't.
DR. FLEMING: Another area that has been fuzzy is for patients who are under the care of the VA hospital system or the Indian Health Service system, whether or not state laws regarding disease reporting apply.
DR. GELLMAN: At least one of the bills attempts to deal with that by authorizing disclosures by federal facilities pursuant to state laws. I don't know whether it hits the nail right on the head, but it is an attempt to address that, at least authorize it.
DR. FANNING: Yes. But part of the concept in the public health disclosure here is that it is not dependent on an obligation to report under state law. A VA hospital does not have to comply with the state reporting law. That is quite straightforward. But the bill isn't written in terms of, may report to state health departments when required by law. A provider including the VA may report to the state health department for a public health purpose, even if not required to.
DR. FLEMING: You might consider whether or not that should be a requirement. Basically, by saying to a veterans hospital you don't have to report, you basically are doing a big disservice to public health in that state.
DR. FANNING: Okay, I think VA hospitals do report, or at least -- well, all right. In our department, it is the policy of the Indian Health Service to cooperate fully with state health departments. I think if you start getting into trying to adjust it, you get into Constitutional issues.
MS. NESLUND: John, let me correct. The vast majority of the veterans facilities report. The largest number of them do. There are several in large metropolitan areas, including several in the high incidence HIV states that do not.
So there are cases where it can actually cause an under reporting of data. It does have a public health effect. The arguments that have been made to us have not been a state law argument, that is, that we are not compelled to under state law. They have asserted the privacy rights that are given to them pursuant to their own statutes protecting their records, which when you read them very carefully, they are making an interpretation that -- and they are very concerned about the veterans' rights groups, very much concerned about this.
We have had many meetings just to try to resolve it informally. The largest number of those disputes have been resolved informally, and resulted in the sharing of data, agreements, MOUs written up that permit it, that type of thing.
DR. GELLMAN: I think it is likely that we will hear from the VA eventually, so perhaps we will bring this up when we do, and see what they have to say.
Anybody else? Other questions? If not, I would like to thank you all. It has been a long panel and very helpful. I think we really got into a lot of the details.
The only other item on our agenda today is public comment. We have one person who registered to make a public comment, James Pyles. Is he here? Come on up to the table.
DR. PYLES: I didn't bring my name tag. Thanks very much. I am James Pyles. I represent the Coalition for Patient Rights and the American Psychoanalytic Association. I just had a couple of comments.
I have been here most of the day. I haven't heard all of the presentations, but I thought they were for the most part quite good, and the questions and answers were quite good.
But I guess the questions I have heard raised, at least through the morning session, seem to have to do with whether there are groups who feel that they could provide better health care, better health care can be provided if they got access, more access to private information, to private medical records. I think the answer we have heard is yes, there are groups who do feel that they could provide better health care, more efficient health care. Those groups that I have heard mentioned today are researchers, health information service companies, HMOs, pharmaceutical companies, the police, insurers, providers, and I may have missed some when I was out.
But I would hope the panel would think a little more deeply about this issue because I think it is a vitally important issue to where health care is going in this country.
Remember that simply because someone can think of a reason why they need access to personal health information, and why they might be able to provide better health care if they got it, doesn't necessarily lead to the conclusion that they should have access to it, and that ultimately better quality health care really will be provided, when one considers the erosion of the individual's right to privacy, and the confidential relationship with his practitioner.
The example I was thinking of as I was listening to the testimony today was that I do not have a right as a physician, for example, Mr. Gellman's physician, even his treating physician, to give him a prostate examination, even though I may believe, and there may be a lot of medical documentation to show that it would improve his health, and probably better enable me to detect whether there was some pre-cancerous condition. It might even improve the chances of lowering costs of health care nationally, if I were able to do that without his consent. But I can't. I've got to have the patient's consent.
I would suggest that similarly, as a health researcher, I have no right to compel Mr. Gellman or anyone else to disclose to me the history of their sexually transmitted diseases, of their child abuse. I can't walk up to them as a health care researcher, fully authorized, and compel them to answer those questions. I can't do that.
So I would suggest that there is very little difference between asking a person directly and getting the information indirectly, by obtaining that information simply because they sought treatment somewhere, either through a physician or a facility.
I would hope that we would keep in mind as we go through this very important process that what we are really trying to do is ultimately provide quality health care. We have seen through hundreds, perhaps even thousands of years, one of the most important elements for providing quality health care is that the patient must feel comfortable in providing confidential information to his treating physician, and perhaps also to the provider, confident that that information is not going to be used beyond the reasons that the patient consented for its use. Beyond that too, physicians have to feel comfortable that they can write down and create records for themselves and perhaps for their treatment. If they can write that information down without it being used in a fashion that would damage the physician further or perhaps damage the patient.
So I guess the bottom line, after hearing today's testimony, I would just hope that you would keep in mind that simply because there might be a good reason, a health related reason, for obtaining information, it doesn't necessarily mean we should.
DR. GELLMAN: Thank you. We don't have any other people who sought to make public comments, so we are adjourned here, and we will reconvene in this room tomorrow morning at 9 o'clock. Thank you all.
(Whereupon, the meeting was adjourned at 5:30 p.m.)