Hubert H. Humphrey Building
Room 503A
200
Independence Avenue, SW
Washington, DC
PARTICIPANTS
Committee:
Robert M. Gellman, J.D., Chair
Richard K. Harding, M.D.
Elizabeth Ward
Don E. Detmer, M.D.
Staff:
John P. Fanning, J.D.
Harvey, Schwartz, Ph.D.
Marjorie Greenberg
Speakers:
Robert Thompson, R.Ph., National Association of Chain Drug
Stores
Richard Kent, M.D., PhRMA
Alan R. Goldhammer, Ph.D., Biotechnology Industry
Organization
Stephen Joseph, M.D., M.P.H., DOD
Charles DeCoste, Department of Veterans Affairs
Elizabeth DuMez, National Association of Social Workers
Jeffrey Funk, Social Security Administration
TABLE OF CONTENTS
Page
Call to Order - Mr. Gellman 1
Pharmaceutical Industry:
Robert Thompson, NACDS 1
Richard S. Kent, PhRMA 6
Alan Goldhammer, BIO 10
Federal Agencies:
Stephen Joseph, DOD 107
Charles DeCoste, Dept. Veterans Affairs 113
Social Welfare Agencies:
Elizabeth DuMez, NASW 151
Jeffrey Funk, SSA 158
P R O C E E D I N G S
MR. GELLMAN: Good morning. This is the Subcommittee on Privacy and Confidentiality of the National Committee on Vital and Health Statistics. We are here today in our fourth day of six planned days of hearings on medical confidentiality issues.
Yesterday we heard from some health insurers, some employers and claims processors. Today we are going to begin with the pharmaceutical industry.
It has been the practice of the committee to let everyone in the room introduce themselves if they choose. So we will do that, and begin with Richard.
[Introductions were made.]
Thank you all.
The way we have been holding these hearings is I'm giving witnesses five minutes to make a presentation, and then we will have the rest of the morning with this panel to answer questions and have discussions about the issue. So I would appreciate it if you could keep your statement to five minutes.
Mr. Thompson, would you like to begin?
MR. THOMPSON: Certainly. Good morning, members of the committee. I'm Robert Thompson, Vice President of Pharmacy Operations for Revco Drug Stores. Our corporate headquarters are located in Twinsburg, Ohio, and we operate over 2,500 pharmacies in 17 states. In 1997, we will dispense over 120 million prescriptions.
As you will understand from my statement, having access to accurate and complete patient records is essential to delivering the finest quality pharmaceutical care. In a health care system where the majority of services are delivered through coordinated care systems, electronic communication has proven essential to providing high quality patient services at the lowest cost.
Revco's pharmacy systems are completely integrated into the electronic prescription infrastructure. That means that all of our prescriptions can be processed and dispensed almost instantaneously through direct communication with our corporate headquarters and third party payers.
Our patients can visit any of our stores nationally to receive pharmacy services, because our pharmacists have access to the patient's profile through their comprehensive drug therapy record through our centralized database. This capacity is highly advantageous to the patient's health and also to our business operations.
Once a pharmacist begins dispensing a prescription, the patient's prescription information is transmitted in encrypted form to our corporate headquarters. Through our centralized database, the pharmacist, with the assistance of highly sophisticated software reviews the patient's complete medication profile for potential adverse drug reactions and drug interactions, compliance with drug therapy and overall drug utilization.
The current role of today's pharmacist is to focus his time and efforts on discussing the patient's treatment with the patient, the caregiver or next of kin and the prescribing health care provider. The evolving role of the pharmacist is to understand the patient's diagnosis, the actively manage the patient's pharmaceutical treatment and to insure better outcomes for the patient in treatment.
The electronic maintenance of patient information insures quick and accurate delivery of patient pharmacy betters, it reduces waste and costs for the payers. Incorporating electronic systems into our pharmacy operations has eliminated multiple operational functions from the pharmacist's workload such as manually compiling patient profiles, manually maintaining drug histories and manually processing third party claims.
Electronic capability is essential in a health care system that has evolved into a coordinate care system, where health care providers must have time to consult with one another and their patients to maximize the quality, and minimize the cost of health care.
When a patient receives care at one of our pharmacies, the security of his or her patient medication profile is one of our foremost priorities. Revco considers patient information proprietary, established and maintained only to serve the patient, the physician and our pharmacist. In no situation do we sell or give away patient-specific identifiable information for commercial gains.
We protect and secure these records through the use of secure technology, and significant limited accessibility among our pharmacists and employees. Any employee who breaches a patient's confidentiality is subject to immediate termination.
While the advantages of electronic recordkeeping are numerous, there also can be hazards. Current federal and state laws do not take into account the potential problems of electronic data systems such as more readily accessible information, and the number of people working within this health care setting who process patient identifiable information.
Very few state laws sufficiently penalize those who disclose protected patient information for inappropriate purposes. Overall, state laws lack uniformity and conflict with one another, which causes confusion among our employees and pharmacists in complying with these state laws. This fragmented legal system could cause unintentional breaches of confidentiality.
We believe that Congress should move forward to insure the confidentiality of patient identifiable information at the federal level. With our input, the National Association of Chain Drug Stores has developed the attached principles for your consideration as you guide the Department of Health and Human Services in its recommendations to Congress on federal patient confidentiality legislation.
We believe that effective federal confidentiality legislation should include the following elements:
(1) minimal interference in a health care professional's provision of care;
(2) a comprehensive scope, so that state confidentiality laws are unnecessary;
(3) strong criminal and civil fines and penalties for those who knowingly and illegally disclose protected information; and
(4) sufficient time to implement new uniform standards, including time for software development, hardware development, testing and distributing of these products, as well as employee training.
If federal legislation includes these specific provisions, it will reduce community retail pharmacy's cost of complying with the various state confidentiality laws, increase overall efficiency and recordkeeping and strengthen current protections for maintaining confidential patient records.
I appreciate this opportunity to be before the panel today, and will be happy to answer any of your questions.
MR. GELLMAN: Thank you very much. Dr. Kent.
DR. KENT: Thank you. Good morning. My name is Richard Kent. I am Vice President and Director of World Wide Clinical Research at Glaxo-Wellcome. I appear before this subcommittee today on behalf of the Pharmaceutical Research and Manufacturers of America, PhRMA, to discuss our industry's views on the important issue of data privacy.
I will summarize our full statement, which will be provided for the record.
It is clear that patients deserve to have their medical information kept in strictest confidence by those to whom they entrust it. PhRMA companies honor that trust.
Patients also deserve answers to their unmet medical needs. This past year the research conducted by our companies yielded 53 new FDA-approved medicines, new weapons in the war against 40 diseases including AIDS, cancer and mental illness.
Our continued progress depends on aggressive, multi-faceted research, including:
(1) basic science that allows us to understand disease processes;
(2) practical research and development that enables us to discover and develop drugs for treatment of disease;
(3) clinical trials that demonstrate a product's safety and efficacy;
(4) epidemiologic research that helps us know how drugs perform in the real world; and
(5) health services research that leads towards improvements in patient care.
Federal policy must accomplish twin objects: protecting the privacy of individual patients, while also protecting the continued viability of research that promotes improved health care for all patients. We believe these objectives can best be met by establishing uniform national requirements for the handling of medical information, defined to include genetic information. We urge you to share with Sec. Shalala our suggestions about what these requirements should include.
First, clinical trial information should continue to be protected as it is now, by FDA requirements for privacy and informed consent. These rules are carefully designed to protect patients' privacy, while permitting essential safety and efficacy surveillance of clinical trials.
Second, any new legislation or regulations should preserve researchers' access to the full range of potentially useful information about the incidence, prevalence and outcomes of illness, as long as individuals' privacy is properly safeguarded. Only those data sources that directly identify individuals need to be kept confidential. Encrypted or anonymized data sources should be freely available to researchers.
With respect to clinical trials, the controls regulating FDA-monitored clinical trials are quite strict. Through "Standard Operating Procedures," companies insure, under federal rules, that personally identifiable information remains secure in the offices of individual investigators.
The sponsoring company has access only to the information it needs to report to the FDA, verify results and protect patient safety. The key or code that links the information our companies have to the information at the research site is typically located at the research site, under tight security.
We are concerned that legislative proposals intended to protect individuals from the misuse of medical information could substantially impair our ability to conduct clinical trials, make such trials more expensive , or altogether impossible.
For example, a requirement that an institutional review board or IRB, before approving a trial, must weigh the psychosocial and privacy risks to patients would be difficult or impossible for IRBs to interpret. Similarly, a requirement to obtain a patient's informed consent for each separate use of his or her information is unduly burdensome and impractical.
PhRMA is also concerned about proposals that would restrict access to certain databases if they can be linked to data sources that identify individuals. The entire range of health-related data could be affected, from Medicare and Medicaid and private insurance claims data to state-collected vital and health statistics.
These large databases contain information about many thousands of encounters with the health care system, as well as disease outcomes. Access to these data is important to generate answers to many of today's pressing health issues.
Finally, requiring the consent of the subjects in such databases would make epidemiological and health services research impossible. Instead, careful encryption of data, tight security safeguards whenever confidential information is accessed directly and guarantees of confidentiality by each individual who obtains confidential information can protect patients' privacy without impeding research that benefits our society enormously.
In conclusion, the research-based pharmaceutical industry respects the privacy of patients and the confidentiality of information about them. We urge that any changes in federal confidentiality requirements be crafted to insure that medical research can continue to yield new remedies and better ways of caring for patients.
Thank you very much.
MR. GELLMAN: Thank you. Dr. Goldhammer.
DR. GOLDHAMMER: Thank you very much, Mr. Chairman. I am Alan Goldhammer. I'm Director of Technical Affairs at the Biotechnology Industry Organization. Our companies are leaders in identifying the genes that cause disease, and are developing new diagnostics and therapies for these diseases.
We support a strong federal role that will achieve the dual goals of protecting individual information, while not inhibiting vital, lifesaving medical and biotechnology research. We trust that you will keep in mind the many important uses that health information for medical research as our companies strive to develop new drugs and biologicals to treat and cure diseases.
Our statement focuses on a number of specific issues to address your concerns. First of all, we support efforts of this committee to address the need for medical privacy of all medical information. Privacy interests with respect to genetic information are not different from privacy interests with respect to other forms of medical information. Patients who avail themselves of genetic tests, or participate in clinical or genetic research should be assured that the information obtained will be used appropriately, and is protected from abuse.
It is critical to insure that a medical privacy bill, while protecting the privacy and confidentiality of individual health information, will not place unreasonable burdens on medical research. Federal medical privacy laws should preempt state law and not inhibit medical or epidemiological research on patients from different states.
I would note that privacy of information is not a new issue. One hundreds years ago Louis Brandeis wrote of modern technology intruding upon the solitude and privacy, that it become more essential to the individual. Brandeis was writing not about genetics, but about the latest technology innovation, the box camera, which unlike the daguerreotype and flash pan, would allow someone to take a portrait of another without that individual's knowledge or consent.
This is an analogy to our future ability to take genetic portraits, and is not farfetched. Our individual genome is potentially the most intimate of personal portraits.
We agree that the confidentiality of medical information, including genetic information should be protected. Our board of directors recently adopted a statement on medical privacy calling for strong protections against the misuse of personal medical information, including that derived from genetic diagnostic tests.
We also support the creation of federal standards to protect the confidentiality of an individual's medical information, including the results of genetic testing. We believe the secretary should recommend that Congress enact a comprehensive bill with respect to privacy and confidentiality of all medical information including genetic information, rather than a bill that treats genetic privacy issues in isolation.
We believe legislation focusing exclusively on genetic information runs the dual risk of failing to address the larger issues of medical privacy, while inappropriately stigmatizing genetic information in the public's mind.
In addition to this threshold question about the scope of a privacy bill, we are developing specific comments on terms that should be included in broad-based privacy bill. The following principles that we are working on should guide in the drafting of a medical privacy bill or revision of present regulations:
(1) medical research should be encouraged and not inhibited;
(2) informed consent as outlined in federal regulations, should be used;
(3) there should be a clear delineation between identifiable and non-identifiable samples and records; and
(4) privacy standards should be national in scope to insure legal uniformity and consistency throughout the states, so that medical research is not impeded.
I would like to amplify on two of these points. The need for distinctions between identifiable and anonymous data is crucial. For instance, it is not essential for many epidemiological to represent the full cross-section of the group affected by a disease, or to avoid selection bias if individuals were allowed to opt out of studies.
Many public and private advisory bodies have concluded that the use of non-identifiable information and samples is not only ethical, but essential to improved public health. In the context of when to require informed consent, we recommend that the bill's provisions only apply to samples that are personally identifiable, not to ones that are anonymous or encoded.
We believe that it would be a burden on the process without providing patients with additional protections if the informed consent provisions were to be required for the use of non-identifiable samples in research. As long as there is an appropriate firewall between the data in the identifiers, the use of the data for further research should not breach confidentiality.
We also believe that there is a strong case for federal preemption to provide the same privacy protection to all Americans and promote uniform protections for research. Allowing states to pass more burdensome or contradictory laws would be particularly detrimental to research, because so much of today's research is and must be conducted across state boundaries.
This is a critical issue. We have observed in the past year, numerous states that have or are considering legislative approaches to protect either medical or genetic privacy. We have observed inconsistencies in all of the approaches, and believe that harmonizing this effort at the federal level will lead to adequate protection of medical records and associated information, while fostering the important research conducted by our industry.
I would like to thank you, and we look forward to providing you with answers to questions you might have.
MR. GELLMAN: Thank you. All of the statements were very good and very helpful.
Let me begin with questions. Congress has obviously decided that some kind of comprehensive medical privacy legislation is needed. That is what Kennedy-Kassebaum seems to say. Obviously the scope and details have been left for the future.
Now I gather from everybody's statement that everyone agrees with this judgment that medical records need better legal protection at the federal level. Is that a fair characterization of what you all said?
Mr. Thompson?
MR. THOMPSON: Yes, I would agree with that. I think what we are saying is that to that point is that we believe that there should be strict penalties for those people who knowingly and illegally misuse patient identifiable information, but not restrictions which would inhibit the free flow of information between health care providers.
MR. GELLMAN: Well, I understand that everyone wants to see various provisions in the bill, and that's fine. I'm just looking at the basic question of whether we need federal legislation.
Dr. Kent?
DR. KENT: I think the PhRMA position is that there should be a national standard.
DR. GOLDHAMMER: Yes, that is our approach also.
MR. GELLMAN: Now under the Kennedy-Kassebaum, if legislation doesn't pass within three years, and I think the period ends in August of 1999, the secretary is authorized to write regulations for the electronic subset of health records. Would you prefer to see a bill passed by then, or would you prefer to see the secretary deal with these issues by regulation.
MR. THOMPSON: I would prefer to see a bill.
DR. KENT: I think a bill.
DR. GOLDHAMMER: Yes, I think we would as well.
MR. GELLMAN: Okay, good.
I want to go back to the issue of genetic information, because you raised the issue of whether genetic information should be treated separately than other information, and I think you made a good case about the problems.
We have already existing laws at the state level that treat a variety of classes of information separately in some cases. AIDS records have special rules in some states. Mental health records have special rules in some states. Alcohol and drug abuse records have special rules in some states, and there may be some other categories here and there.
Is your aversion to treating some classes of medical information separately, does that extend to all information? Would you prefer to see all information treated under the same set of rules and standards? Or do you think there is a case to be made for any specific subset of information to be treated under a special, perhaps more confidential set of standards?
DR. GOLDHAMMER: We have restricted our consideration of this issue to genetic information. I think you are correct that there are some separate rules for other classes. That has not been an issue that we looked at.
One of the problems that we see with trying to single out genetic information from the broader class of medical information is it is often very difficult to draw the line. One can conceive of a great deal of work and effort that goes in with the physician taking a family history, which could entail genetic information if he is asking about diseases that might have affected siblings or parents or other relatives. That clearly falls into a class of both medical and genetic information.
Certain clinical laboratory testing, which is not necessarily defined per se as a genetic test, reveals genetic predispositions. People that have extraordinarily high levels of blood cholesterol for instance, the initial linkage to familial hypercholesteremia, which is an underlying genetic condition, although the test itself was not a genetic test, was revealing of a genetic condition.
I think that is why we think trying to single out genetic tests or genetic information from the broader class of medical information is probably a futile task, and we would rather see it looked at in the larger context of medical privacy.
MR. GELLMAN: Well, I certainly understand the definitional problem. One of the bills that I looked at had a definition of genetic information that was so broad that it included the original Gregor Mendel paper on genetics as genetic information, because it couldn't distinguish between patient information and non-patient information.
Dr. Kent?
DR. KENT: Yes, I completely agree. I think one of the reasons genetic information is singled out at this point in time is that it is relatively new. Within a few years virtually every gene-causing disease will be isolated and characterized. Within five years, eight years, the entire genome is going to be sequenced.
Just like you know that granddad had high blood pressure, or granddad died of a stroke, in a few years everybody will know, will have access to their own genetic information. It will be an integral part of all our health records, and it will be impossible to differentiate genetic information from general health information; they will be one in the same. They are one in the same.
MR. THOMPSON: We're supporting uniform standards. I can't really speak to genetic information.
MR. GELLMAN: On the genetic information, one can distinguish between information and uses of information. So for example, if you look at a lot of the proposals, and some of the state laws, you can categorize them into bills that regulate uses and disclosures of genetic information.
There are bills that regulate the uses of genetic samples, and then there are bills and laws that regulate the way in which the information itself is used. So sort of basically genetic discrimination bills.
I understand the point about the regulation of genetic information as distinguished from other medical information. I wonder if you have the same views with respect to genetic samples or genetic discrimination? Those are not necessarily issues that are directly before us, but I am just looking to see what lines we can draw.
DR. GOLDHAMMER: With respect to genetic discrimination, we have been looking at this issue as well. I think there is to some degree, some uncertainty as I recall, and we'll have to get back to you with the details as to what the relevance of the Americans With Disabilities Act in this area.
I know that there were some cases broadly construed, dealing with genetic discrimination that have wound their way through the courts. It has been some time since I have looked at those, and I'll have to take another look at it.
With regard to the use of genetic samples, again, this is a very difficult area. I think as we have looked at, we go back to our statement of is the sample identifiable or not identifiable? Our feeling at this point in time is if you have an adequate firewall between the sample and the identifier, it shouldn't be treated in any different way from genetic information or medical information.
I think that when one looks at the literature on genetic diseases and people that publish familial pedigrees -- and you will see this in the literature where they will have tremendous numbers of people within the family with circles and squares, some of which are colored in, that may have had the underlying genetic condition -- that those publications are all free from any specific identifiers.
Yet throughout that whole process clearly there were tremendous numbers of samples that were taken to allow the pedigree to be constructed, or interviews in the case of deceased individuals, where direct samples couldn't be taken.
So I think if the focus is oriented on the appropriateness of a firewall and protecting the identifier from the underlying data, that that in our view, addresses many of the considerations.
DR. KENT: Yes, I'd like to go back actually to a couple of the examples that you gave earlier. My company and the other pharmaceutical companies represented here do hundreds, probably thousands of studies on patients with AIDS, with various psychiatric diseases, we're involved in a very large study with bi-polar depression now, HIV patients, patients with sexually transmitted disease. We have been doing these for years.
Genetic information, as part of demographic information on patients with these diseases is becoming available. We have done a lot of clinical research in the sensitive areas that you mentioned earlier, and I believe have been successful in doing it in such a way that society has benefitted; patient confidentiality has been protected.
I agree with Alan that what we need to concentrate on are adequate firewalls, and adequate encryption and anonymization of data to make sure that patients are protected. We have to be able to do the research in these very critical areas.
MR. GELLMAN: Let's play with the concept of identifiable. If you look what is an identifier, a name is an identifier. Social Security number is an identifier. If you look at the Privacy Act of 1974, you find that fingerprints are identifiers. Voice prints are identifiers. Photographs are identifiers.
Now some of those things are not particularly useful as identifiers without a database behind them. So for example, if I give you a fingerprint, you don't know who it is. If I give FBI a fingerprint, they have got a reasonable shot at figuring out who it is.
I wonder if there is such a thing as a non-identified genetic sample? At least looking a little bit down the road, where we have more of the genome mapped out, and if everyone's personal genome is unique, at least in some ranges and some places, I wonder if there really is such a thing as a non-identified genetic sample. Can you talk about that?
DR. KENT: When we collect samples for genetic analysis in our clinical trials, which we are doing now, we are analyzing a specific gene. So for example, it may be an enzyme related to diabetes. We are collecting data in a diabetic study. We do not do the type of a genetic analysis you are talking about, the genetic fingerprinting. We would have no reason to do that ever.
The data that we generate based on looking for those mutations or alleles in the patients in our clinical studies is kept confidential, and is kept separate from any linker to the patient's name. So we would not do, nor would we ever do the type of genotyping which could actually identify an individual.
MR. GELLMAN: So what you're saying is you deal with such a small subset of a gene, that with that limited amount of information, it is not identifiable back to the patient?
DR. KENT: That is correct. If we are doing a diabetes study, we prospectively identify the markers that we wish to test to see for example, if you have this type of enzyme, you respond to the drug. If you have another type of enzyme, you don't respond to the drug. That would, of course, be reflected in your genotype.
DR. GOLDHAMMER: I think to carry it to another example of the technology, in the case of clinical genetic services, the tests are done for specific purposes. In other words, say you've got a familial history, and you want to see if one of the children in the family may have a certain genetic disease. There clearly would be a sample taken and tested for the gene for that disease.
I think that trying to say that we're going to look at the whole genetic fingerprint of that person, I don't think that is what is happening.
I think the National Bioethics Advisory Committee is exploring the whole issue of samples and how long samples should be retained, and when they should be appropriately destroyed. I think the larger issue, I think as we have looked at it is, maintaining samples, and to what use those samples would be put to beyond what the test might be.
Now clearly under an informed consent process, where you were saying well, we are going to test you for gene A, and that is all that is permitted to be done is fine, but I think the larger question in my mind, as we have been wrestling with these issues is the storage of samples for prolonged periods of time. Clearly, samples could then be tested for further things beyond the original protocol.
MR. GELLMAN: Does anybody want to follow-up on any of these genetic information questions, because I want to move on to another subject?
DR. HARDING: Just one question. It's just more of a practical question than research I guess. If I have a child and want to look into the possibility of some kind of cholesterol problem or predisposition to diabetes, or some important medical issue, and get that testing done, how do I help that child not be damaged by that information?
That is, how do I keep that information a thing of knowledge instead of something that could be used against him at some point as he applies for medical insurance when he turns 18, or something along those lines?
That's not exactly what we're talking about here, and I understand that, but it seems like that is a concern of the populace, that instead of it being used to help this child, it will be used to somehow or other prevent that child at a later time, getting the kinds of insurance and so forth that he needs.
DR. GOLDHAMMER: Well, I think that you have touched upon the critical issue that we face right now. I have been part of four or five hearings over last year and half where this identical issue has come up with respect to children or adults who may be suffering from a disease where there might perhaps be an underlying genetic condition, and the question always comes up, well, am I going to be discriminated on my health insurance at some point in time?
I think there have been a lot of individuals it would seem, that have taken great steps to testify. In one case I recall a hearing, someone testifying without any name attribution, because they were afraid that there might be someone from the health insurance industry in the audience, and there might be some repercussions.
That is why we are trying to look at this as the larger issue of medical privacy. We think that if it is part of medical privacy, and that you then need an informed consent to release your medical records for whatever purpose, then you have got appropriate and adequate control over those records.
I think that there are a number of issues that we at BIO have only begun to touch upon in our discussions that are going to be critical to this whole issue.
MR. FANNING: In this morning's New York Times there is an article about this very point. People in research studies, where there is protection for the information in the study, get tested in those studies. Then there are big issues about whether they should tell their ordinary caregivers the results of that.
DR. HARDING: I have no objection to the research. I think that you all need to do that, and I'm proud that you are doing it as an American, and so forth. Then I get to the issue of -- not to mention it directly -- but a managed care company that my child is in who can see that this is a problem here, and he is 2 years old, and he going to really cost us a fortune in a few years.
Get him out of here, or have that thought, that maybe we should somehow or other screen that child out, or that family out, because of that information. Certainly it would create an underground genetic system. I would not go to my managed care company and ask that my child be screened, because the possibility would exist that he would then be "discovered" and then that would be a real problem for me.
So I would go to across the country, to California, because I have the resources to do that, because I am a physician and I can do it, and get that information, and I would keep it a secret, the best I could.
See, that's what I would like for everybody to have that ability to keep it a true secret if that's what their intention is, and they feel that that is the best thing for their child.
DR. KENT: I believe you are addressing two points. One is the ability to get information that you desire, to have it kept confidential. I think we totally agree with that. The second issue, which certainly goes beyond my expertise, is what are the discrimination liabilities once that information -- all our medical records eventually wind up somewhere -- with employers, with the armed services.
I think that the discrimination aspects of what you are talking about, which I believe are probably beyond this hearing, are very important. What we would like to see though is the ability to continue the research, and have the appropriate laws and regulations protect people from the type of thing you are talking about.
MR. GELLMAN: I think that is a problem and an issue. Preventing invidious discrimination is a different issue at times, from controlling access to information. It may not be possible or practical to always be able to limit access to information, but you can still deal with the discrimination issue, even if people have the data, and that is something that is important.
I want to turn now to clinical trials. In some ways clinical trials are really easy. You begin with a willing, informed patient who signed a consent. Now yesterday and certainly in other contexts we have made distinctions, and this is an important one, and it may come up from time to time, between consents for treatment and consents for disclosure. They sometimes are two different things; they often are.
The question is, what problems do you foresee for clinical trials from having formal federal privacy standards that would apply to clinical trials just like any other form of medical treatment. What are the difficulties that you can foresee?
DR. KENT: I think there are several, and I alluded to several of them in my talk. When a patient gives informed consent, the patient is allowing the investigator, allowing the sponsor, the company and allowing the FDA in this country access to his or her private health information.
I think it is important that that information, when patients agree to be in clinical studies, that we have the full range of ability to use that information. I'll give you an example. One of the things that has been discussed is patients should be able to get access to their clinical trial data anytime they want.
That would be very, very, very problematic, extremely problematic. If a patient is randomized in a clinical trial to an active drug or a placebo, being able to unblind him or herself would really put the entire trial in jeopardy.
MR. GELLMAN: Can you explain why?
DR. KENT: If -- and it happened a lot early in the HIV trials, and I can give you an example -- if there a particular laboratory characteristic that follows a treatment, and for example with AZT, your blood cells get slightly larger when you take AZT. It is harmless, but it is something that is very easy to follow.
So if patients have the ability to unblind themselves and find that their blood cells are larger, they know they are on AZT. If they are not, what we found is they went and they bought it on the black market. It really hampered our ability tremendously to do the studies. At that point in time the activists were saying well, we have to have access to the drug. At this point in time what they are saying is we need accurate, very reliable, very robust data, because we have to know the best treatments.
There are issues on privacy. We do everything in our power to keep the information that we collect on patients completely private. There is an issue about should IRBs, as part of their review, review the patient's privacy rights? We are not sure exactly what that means. As I stated before, we are doing studies with HIV patients. We are doing studies with patients with very serious and potentially sensitive disease states. We maintain privacy among the FDA, sponsor, patient and IRB.
So giving an IRB this additional requirement or burden to enforce privacy when it is not spelled out exactly what that means I think would be problematic.
MR. GELLMAN: Well, the legislation presumably will spell out exactly what privacy means and all of its elements.
Dr. Goldhammer?
DR. GOLDHAMMER: I think that I would agree with that. We would not want to give broad rights to the patient with respect to their records as it goes through, and also with regard to samples that are taken, because you may be looking at samples in a clinical trial or any variety of things, and in the case of a couple that I am familiar with, there were side effects that came up relatively late in the clinical trial. They had to go back and do a retrospective look at samples to say well why did we not observe this earlier on.
If all the sudden now the patients would say, okay, as soon as my part in this trial is over, I want you to destroy all the samples, then you reach this point later on in the trial where you need to go back and take a retrospective look. You don't have those samples to do that with.
I think it gets back to the linchpin of our argument, let's make sure that we are assuring the privacy of the patients in the trial. Keep the identifiers in one place, the samples, the data, et cetera, so that can be used, manipulated, looked at free of the identifier.
MR. GELLMAN: I want to keep on this issue of patient access, because I think it's an important one, and I think you have raised some interesting and relevant concerns by all means, and I don't mean to suggest that I dismiss it. There is very strong public support in principle, in general, for patient access to records. Each of the legislative proposals has a variety of exceptions; many of them similar, but some differ in part.
Sometimes you have an exception because the interest of another party is involved. I have never seen a bill with an exception for clinical trials. About half the states have patient access laws. I can't say that I have read them all lately, but I don't know if any of them have exceptions for clinical trials.
The European Union has very comprehensive data protection policies. I have never seen a European law with an exception for patient access. So the question here is, is this a real problem? Is this something that is really affecting things? Do patients actually seek access to their records in trials when they have come up front and gone through the informed consent process, and they understand what is going on?
DR. KENT: I think we need to discuss just for a moment the mechanics of clinical trials. I think that may help to clarify the issue. Most patients, on completion of a clinical trial, will want to know was I on active drug, was I on placebo? Did it help me. For example, a cholesterol trial -- what was I on? Did my cholesterol go down? That information could be freely available.
If the patient has an adverse event during a clinical trial -- again, we'll use cholesterol -- rarely, in less than 1 percent, there are liver problems. The doctor stops the patient. You have to come out of the trial. Your liver is acting up. You were on active drug and it doesn't seem to be agreeing with you. So for any sort of problems, the patients would know.
What we are talking about is a patient who wants access either to his or her particular information or to the entire clinical trial information before the study is complete, which could jeopardize the integrity of the study.
Remember, the FDA rules are that once a patient is randomized into the study, they don't even have to have received drug yet. The randomization envelope has been opened, and it says you are randomized to placebo, or you are randomized to active drug. Only the pharmacist at the site would know that.
The patient then, by FDA regulation is in the study, and contributes to the database, and the company has to include that patient. As soon as the patient takes one dose of the drug, whether it is active drug or placebo, the patient must be analyzed for safety. So we have statutory/regulatory requirements that we have to fulfill that also make good scientific sense. They are very important for scientific integrity.
I would have no problem whatsoever, and we encourage our investigators to inform patients once the trial is over of what they were on, what the results were, what the trial said about this drug. I think that is very important. It is disturbing the integrity of the trial during the process of the trial.
MR. GELLMAN: Do you have any examples of trials that have been upset by patients asking for access to their record? I'll tell you that we had CDC testify at our first two days of hearings, and we asked them this question, and they said under the federal privacy act patients have a right of access to their records. There are no exceptions for clinical trials. They said this isn't a problem.
DR. KENT: I've been in the pharmaceutical industry 14 years. I'm actually unaware of a specific instance where a patient, in the middle of a trial, has asked for access to the data. We have had patients drop out of trials, saying I don't want to be in the trial anymore. At that point in time, yes, they can ask for access to their data, and the investigator probably would tell them what they were on, but then they are no longer in the study.
MR. GELLMAN: Well, that's part of what I'm getting at here. It seems to me that patients in trials -- again, I want to say I understand the point about disrupting the trial. It is not that the bills that have been proposed say you have to give patients all this information. Patients have a right of access. If they want to ask, they can get it.
If I'm in a trial and I want this information, I have a lot of leverage over you, or at least some leverage. I can say if you don't tell me, I'm going to drop out of the trial.
DR. KENT: And if we tell you, you're out of the trial.
MR. GELLMAN: I understand.
DR. KENT: And if we tell you and you're out of the trial, and you really want this experimental medicine, you're not going to get it.
MR. GELLMAN: I understand that, but just because patients have a right of access, doesn't mean that you can't say to them, it's not in your interest to do it, and they won't exercise that right of access.
DR. KENT: I think if the playing field is understood by all then -- it's not an ideal situation. Obviously, we want patients who are informed well enough and who understand what they are doing in the clinical study that they won't drop out. Of course they always have the ability to drop out of a clinical study at any time. That is written into every informed consent.
MR. GELLMAN: Right. Do you avoid conducting clinical trials in states that have patient access laws?
DR. KENT: No.
MR. GELLMAN: Anyway, it seems to me that you have a raised a legitimate concern, but I'm not convinced yet that providing a statutory exception here will really change the balance on this issue, and that patients really have leverage. Ultimately, I can always get my doctor's record in any state, whether there is an access law or not, by suing the doctor for malpractice. In discovery I can get all the records, whether he wants to give them to me or not.
So there is always a way of doing it. So a really motivated patient will always find a way to do it. I think that I'm really trying to get at the question of whether this is really enough a serious problem to warrant special statutory provision, because it simply may not change the balance of power between the researchers and the patients.
DR. KENT: I'm not sure I can speak to the specific of statutes that might be proposed. I'll just reiterate that patients always have the right to drop out of studies, and always have the right to access their clinical, which the investigator would have anyway as part of the medical record. It is not something obviously that we would encourage. If it became widespread for some reason, it would damage clinical research.
MR. GELLMAN: Great, okay. I mean, I think that's fair enough.
You made some reference to the regulations on protection of human subjects. Can you tell me how specific they are with respect to privacy? I'm using as a touchstone here, as a standard, the Code of Fair Information Practices, which generally sets out eight elements of privacy, of notice and access and correction rights, and limits on use and limits on disclosure, and accountability and what have you, and whether there is anything in the rules on protection of human subjects that is that specific?
DR. GOLDHAMMER: I think you are treading on a legal line which we poor scientists often fear to tread.
MR. GELLMAN: Well, let me suggest -- and I haven't read them lately -- but I think that while there is some reference in there to privacy, in comparison to what we are talking about here and all the elements of privacy that are laid out in legislation and that will necessarily be addressed, there isn't all that much in there, and there isn't that much specificity or direction. A lot of it is left to IRBs or to other people to deal with.
So I'm not sure that the scope of those rules offers enough protection, if you will, or addresses enough of the issues to really provide a substitute for what we are looking at here. Maybe that needs to be looked at again later, but I'm not sure there is enough there to say it is covered there, we don't have to worry about it otherwise.
I want to talk about registries. We don't know what a registry is. This came up in the first two days; we were talking to researchers and public health people. There are disease registries maintained throughout the country, throughout the world. They will be affected in some way by this legislation.
I don't think any of the bills expressly addresses registries. I think it is a finer point that just hasn't been gotten to yet. Some level registries are viewed as simply another form of research, but that may not be a clear description of the functions of registries in all cases.
Do pharmaceutical manufacturers maintain registries for research or drug testing or what have you?
DR. KENT: Our company maintains several registries, mainly pregnancy registries around our new drugs. Let me give you an example, and then we can discuss it further.
Essentially all anti-convulsive, anti-epileptic drugs are teratogenic.
MR. GELLMAN: Which means?
DR. KENT: I'm sorry -- they cause fetal deformations, birth defects. They are very difficult issues when women are pregnancy and are epileptic. We have a new anti-convulsant drug. It has been on the market for several years. In animals it is not teratogenic. It doesn't cause birth defects.
It's very important to find out, does this drug cause birth defects? How do you do it? Well, you don't do a randomized trial. That would be completely unethical. So we set up a registry.
Now how do we set it up? Well, we set it up with an expert group that actually runs the registry. The company collects the data, but in terms of making decisions, we have an expert, independent group that does that, which includes always one or two members from the CDC and their birth defects group.
The registry is as follows. It just invites physicians who have patients who have become pregnant while taking our drug -- so it is observational; there is no intervention -- to send us details about the pregnancy. We never know the patient's name. There is an identifier, a number. Sometimes they send us initials. We take those off and we start working with a number, which we keep in-house until the result of the pregnancy is known.
They send us the result of the pregnancy, and then all that is left in-house is the pregnancy occurred, the patient was on the drug, and here was the result of the pregnancy. The data are reviewed by this expert committee two or three times a year. The committee has advised us in every registry that we have, that informed consent is not required, and it's probably bad medicine.
Now why would it be bad medicine? Well, think about it. You tell a woman who is pregnant, you're on this anti-convulsant drug. All other drugs are teratogenic -- cause birth defects. We don't know if this one is. We are going to follow your pregnancy.
That is something the doctor can discuss in terms of taking care of the patient medically, but in terms of this becoming a clinical trial, we would foresee a lot of terminated pregnancies that would be caused by our intervention, and that is what we don't want. This has got to be done in the context of normal medical care, where the physician and the patient are discussing the medical care. We are observers.
It's very crucial, when you get up to about 300 pregnancies, you can then begin to tell does your drug cause birth defects? If it doesn't, that's very important. If it does, that's very important. We have to know. So that's purpose for a pregnancy type of registry.
MR. GELLMAN: Now in that one, identifying numbers must be assigned by the doctor submitting the data?
DR. KENT: Yes. Many times, because the registry is advertised with an 800 number, they will call and say, Mrs. Smith is down here. She's on your drug. We never take that information in. Sometimes they will send in the initial form, they will send initials. We take those off and we begin working with a number.
MR. GELLMAN: So if a patient moves from one obstetrician to another, you will lose track of her?
DR. KENT: We will lose track.
MR. GELLMAN: Do you also maintain registries in some cases where you have identifiable patients, where you need to follow them over a long period of time?
DR. KENT: Yes, that's done with informed consent. That tends to be for orphan diseases. I'll give you an example. Primary pulmonary hypertension is a fatal disease. It affects young women in their twenties and thirties. It is uniformly fatal. We have a drug that is now approved for life prolongation. It prolongs people's lives.
Now this is a drug that you wear a pump, and it is continuously pumped into your subclavian vein. So it is a complicated drug to use, and we have a registry where we follow these patients, and we follow them by name. They know they are being followed. They come and visit us. They show us their pumps. Many of these people were bedridden and couldn't walk until they got this medicine.
So they are not only identified to us, they are active participants. This tends to be for very rare diseases, where you would actually keep patients' names and follow them with their referring physicians.
DR. GOLDHAMMER: We have two examples in our industry of registries that I'm familiar with. The first is in the area of gene therapy, where you are being treated by the direct insertion of a gene. It might be in the somatic cells or it might in those cells then reinfused in you, or it might be direct injection of a gene into you. There are cystic fibrosis trials currently underway using an inhaled virus that delivers the gene to the lungs.
All of these patients -- and this is a requirement of FDA to do long-term studies of these patients, because the technology is so new. We don't know what potential long-term side effects might come up with these patients where they are receiving essentially genes that their bodies don't normally have, and using viral vectors, which may pose certain safety issues. In all cases, these registries are patient identifiable, and the patients are tracked as such.
The second one is one that is being proposed, because there, to date, has not been -- there has been but one patient treated, and that is the area of xenotransplantation, where you are receiving either cells or tissue or an organ from a foreign source.
There was a proposal put forth late last year by the Public Health Service as to what types of safety testing might need to be done, practices for xenotransplantation. In there it was a requirement to establish a patient registry. The critical issue there, as you might imagine, is infectious diseases, and infectious diseases from outside the human sphere.
If you are taking baboon cells and implanting those in an AIDS patient, which in fact did take place last year, one would worry, are we going to see a monkey virus jump across species lines and now infect humans. That's the reason for establishing the registry, there again, a long-term safety follow-up.
As we were developing our comments to the PHS notice, and we were asking the companies is there any problem that you have with the registry, nobody said no. They felt that it would be good practice, because the critical issue of infectious disease surveillance requires a registry for long-term follow-up.
MR. GELLMAN: So we have some types of registries that don't have identifiable information in them. That is basically beyond the scope in general of the legislation. It is not a problem if it's non-identifiable. We have some registries that are identifiable.
Are all the identifiable registries maintained with patient consent?
DR. GOLDHAMMER: The genetic therapy registries are. That is in the informed consent form. Given that we have had no companies do a xenotransplant on humans yet, I can't give you an answer to that, but I would expect that the answer to that will be yes, because again, you are telling a patient, we want to follow you up. This may be for 5, 10, 15, 20 years or the life of the patient.
I don't think we have a firm enough grip on the science of xenotransplantation to know how long we need to track these patients. So I think that this would be part of the informed consent form given to the patient.
DR. KENT: I don't know the answer to the specific question in other companies, but I would agree that any open registry should only be open with informed consent.
MR. GELLMAN: Okay. This may be beyond your industry, and that's fine -- there are other registries maintained where patients do not have notice or consent. I'm not necessarily suggesting that that's a bad thing, because the question is what is the registry doing, and how do people benefit? To a certain extent it's the same problem that you raise with trials in terms of sample bias and what have you, and those are clearly issues.
Let's sort of broaden the focus a little bit. Are there any drug distribution activities for which manufacturers need to know the names of identified patients? Think of some of this in terms of perhaps you will collect information on adverse reactions that are out of the mainstream, that will come back to you to be compiled, and ultimately analyzed and reported, or what have you.
Are there circumstances in which you need to know the names of the patients who are taking your drugs outside of the scope of course of clinical trials, where you do know?
DR. KENT: We have a regulatory requirement to submit all adverse reactions on marketed products to the FDA, some in terms of alert reporting within 15 days; some in an annual report. Those adverse reactions come into the company several ways. Patients can call them in directly. Most of the time they come in through physicians; sometimes through pharmacists. Again, we do not take in personally identifiable information when we take in that information.
MR. GELLMAN: Suppose that you get two reports, one from the patient and one from a physician. If you don't have an identifier, you don't know whether that is two reports or one report.
DR. KENT: I think that sometimes happens. That probably sometimes can happen. Many times it is found later on when you are actually examining the database, and you will see two 48 year old white male, same reaction, and you realize you have a duplication. That can happen.
I should say that we are actually moving away from things like birth dates, which is a linking identifier to age. We are doing a lot of things to reduce -- we are moving away from patient initials only to coded numbers. So we are doing a lot of things to increase the wall between us an any possible identification of individual patients.
DR. GOLDHAMMER: I think that that's the general practice in our segment of the industry as well.
MR. GELLMAN: Are there circumstances in which manufacturers are involved in the distribution of drugs to patients and know who the patients are as part of the activity?
DR. GOLDHAMMER: There are a couple of examples I'm familiar with in the biotechnology industry where drugs are distributed directly to the patient from the manufacturer.
MR. GELLMAN: Can you talk about the nature of the activities, why it's done?
DR. GOLDHAMMER: I don't know. I would have to get back to you on that. I'm familiar with some cases. As to why it's done, I don't know.
MR. GELLMAN: Now the concept of registry, since it is undefined, is a rather fuzzy one, at least at the moment. To some extent we know it when we see it, but until you write a legal definition, you are never quite sure what it is. To some extent, a list of patients taking drugs is a registry of sorts. It may not be particularly valuable. It may not be big enough. It may not be scientific enough.
So a list of your customers in a pharmacy taking particular drugs might be viewed in the same way. I'm wondering if manufacturers ever seek lists of individuals who are taking particular drugs, and then seek to market to the patients directly? Do you get requests like this from manufacturers?
MR. THOMPSON: We have a policy that addresses that issue. We believe that the information we have is proprietary, and that information is never released to a manufacturer. If a manufacturer wishes to contact a group of patients, then we can send that information, if you will, on to the patient without the manufacturer ever knowing who the patient is.
MR. GELLMAN: Now is that standard throughout the industry?
MR. THOMPSON: I would say that a number of my colleagues in the industry have the same attitude and policy.
MR. GELLMAN: Is there some kind of statement of policy from an industry group that says that this kind of activity is unethical or improper or what have you?
MR. THOMPSON: Well, I can't speak for the entire industry group. I can speak directly for Revco. We placed a great deal of thought and emphasis on protecting patient information. We want to make sure that we protect it at every opportunity, so we have a very strong policy that is widely known in the organization.
MR. GELLMAN: From the perspective of the manufacturers, do you have any different views on this particular issue?
DR. KENT: I can't answer in specific detail. I will say that one instance which is very common is a company will put out an advertisement, do you wish to receive information on asthma, on migraine, and people will call in. Obviously, they have requested information, so information will be sent to them, but that's a request that they specifically make.
DR. GOLDHAMMER: I don't have any examples from our industry.
MR. GELLMAN: Well, the voluntary disclosure of information by patients is voluntary disclosure of information by patients. Patients are free under any proposal, to disclose information as they please. One of the activities that goes on, and this is outside the scope I suspect to a large part, of the pharmaceutical manufacturers is there are people who create and compile databases of people by disease.
A frequent source of the information is the patient themselves, who reveals the information either directly or indirectly, typically with very little notice or knowledge. You might fill out a consumer survey, and it says, have you ever had diabetes? When you check the box, you go into the database that says here is somebody with diabetes. Now this is an unrestricted, non-medical database maintained by a marketer, and they are free to sell this information to anyone they want, because there are no rules that govern that.
There are databases that have people by diagnosis, millions of people by a variety of diagnoses. There are other ways that information can be collected. Somebody can ask for information from a manufacturer or from somebody else. You can call an 800 or 900 number that offers information on a particular subject, and if you call the diabetes number, people can assume that you have diabetes or have a very specific interest in it that is close enough for marketing purposes. It is certainly not a scientific activity.
You can give your information to supermarkets and frequent shopper programs, or you can write your name on a coupon for an over-the-counter drug. There are a lot of ways in which information can conveyed, and people that are either interested in collecting information or knowing who their customers are can find out through other means, and that are beyond the scope. So this is an area that is beyond the scope of all the bills, but it is still a troubling area.
DR. DETMER: I guess the one that I'm curious for response to are physicians in primary care principally, but not necessarily, who may, in moving to computer-based records have a tie in, so that the patient may in fact not necessarily know that there data is moving forward.
Do you know if any of those data are person-specific that are collected in those kinds of circumstances? What could you tell me about that?
DR. KENT: I really don't know. Computer-based records are increasing in use obviously, but I'm not sure the aggregate data -- how it's used. I don't know.
DR. GOLDHAMMER: I don't either.
MR. GELLMAN: Let's go back to pharmacies a little bit. You said that Revco maintains a central, nationwide file of all of its patients. Let me ask you a question of broader context. Every centralized, nationwide file of personal information that I have ever heard of has been abused. It just happened; it doesn't matter who maintains the files -- credit files, FBI files, every kind of file. That's just the nature of the activity.
At an earlier hearing somebody made the point, and I think very effectively, that no matter what you are doing, you always have scoundrels somewhere, and there is a limit to what you can do to prevent somebody, a dedicated insider, who has got access to information, from misusing it. You can have penalties, you can have rules, you can have procedures, and we all just have to live with that.
I just want to get some better sense of the kinds of protections that you include with your computer files, and how you limit access, and what kind of procedures you follow to try and limit the kind of abuse of patient records that nobody supports.
MR. THOMPSON: Certainly. We see a lot of advantages to having a centralized database to serve the patient. As I have said in my earlier comments, our primary goal is to serve the patient, serve the pharmacist and the physician who is treating the patient.
To maintain this database requires a significant investment and a significant infrastructure. A key point is that the pharmacy computer system at Revco is used solely for processing and dispensing prescriptions. It is not used for other activities. We will send transactions out for adjudication with third party payers, but that is outside the scope of the centralized database.
MR. GELLMAN: Can you explain that?
MR. THOMPSON: Yes, and I will get to that. The centralized database serves to help us follow the patients, because in today's mobile society, patients move from place to place. We want them to ideally stay with one pharmacist or one physician, so that there is a good coordination of care, there is good communication about treating disease states.
That doesn't happen. A patient in our society today can go to a Revco store today and get a prescription filled from Dr. A, go to the CVS store tomorrow and get a prescription filled from Dr. B; go to Store C on the third day and get another prescription, and no one will ever know. They are potentially harming themselves, and harming society by being sicker longer and not receiving appropriate care.
The way we maintain our system is our system is totally proprietary and secured. We use dedicated telephone lines, land-based lines that are solely for the purpose of transmitting prescription information between the pharmacist and the central computer system.
The pharmacist has to log on and log off of the system. We know exactly who logs on, when they log on, when they log off, and we can track every entry by day, by minute, by second.
MR. GELLMAN: If I'm a pharmacist and I call up a particular patient record, is there an audit trail of that?
MR. THOMPSON: Yes, sir.
MR. GELLMAN: Okay.
MR. THOMPSON: We can get back to who had access to the information, because everything is kept real time. It is an enormous amount of data recording, because we dispense 120 million-plus prescriptions a year, so there is a lot of recordkeeping. We feel that it is important to be able to have the audit trail. So if there is a transfer of a prescription between two stores, there is an audit trail. When was it transferred? Who was the pharmacist on duty at the time of the transfer? Who was the pharmacist that received the information?
So we know these things and have an established audit trail. We feel that helps us safeguard the process so that all of our employees know that we maintain this audit trail, and we can to get to it; however, that doesn't eliminate the opportunity for an opportunistic person or a motivated person to do things that they shouldn't do. We hope that we have security and policies and procedures and methodologies in place where we can detect those things, and deal with them as they occur.
To be very honest with you, we haven't had instances where we had significant abuses. We are happy to say that.
MR. GELLMAN: I'm happy too.
Let's talk about the audit trails for a minute, because you are living with this already. All the bill propose audit trails for disclosures. If you look at the health system broadly, and you look at on any given day, there are tens of thousands, hundreds of thousands of patient and maybe millions of patient encounters.
There are lots of disclosures that follow from this as information is moved from doctors' offices to labs, and labs back to doctors' offices, and from offices to insurers, and through all the various places. Audit trails are required. Now how this would be phased in and dealt with is a technical detail of some significance, but not worth talking about right now.
What we are talking about is a system that could generate easily tens of millions of audit trails a day. You have got a system that is not that large, but still generates an awful lot of audit trails. Audit trails are very valuable when you know that there has been a particular disclosure that has been questionable, and at least you have the option to track back to see who saw records, who disclosed records, who used records in various ways. You may be able, in some circumstances, to find out what happened.
How do you use audit trails when you have got 120 million transactions a year? You've got an enormous amount of audit trails. How do you use them internally? Do you ever have some kind of review of audit trails? Do you have some kind of software that sifts through them, looking for unusual patterns? I'm just wondering how you make use of this in some effective way?
MR. THOMPSON: We use a variety of techniques, and I think you hit on a very important point. Just looking at what Revco does in a single day, we may process upwards of 600,000 prescriptions in a single day. You think about the other 50,000 chain drug pharmacies out there; they are going to be processing a lot of prescriptions on a daily basis. So it is literally millions of transactions a day.
The audit trail is really store-specific and pharmacist on duty specific. The audit trail exists in paper format in the stores in each individual location of the daily activity. Most of the audit trail that exists at the local level is a requirement of state pharmacy law or additional requirements that we impose in order to make sure that we have strict control over the information.
MR. GELLMAN: You said these records are all on paper?
MR. THOMPSON: Many of the records are on paper, yes. State pharmacy law requires paper records to be kept at pharmacy locations.
MR. GELLMAN: Are they also maintained on computers?
MR. THOMPSON: Yes, sir.
MR. GELLMAN: So you do have the capability of electronic analysis?
MR. THOMPSON: Right. We can duplicate and have high tech storage capabilities, so if we want to go back and look at a specific transaction on a specific day.
Now as far as sifting through the information, we can look for unusual patterns, particularly where it comes to unusual drug utilization, controlled substances, whatever. We generally use a lot of intuition in our daily operation to look for things like that. We have that ability, but we do not routinely sift through millions and millions of records every single day. We have the ability to do that, and we have all the audit trails in place to trace back to the actual date and time of any occurrence.
MR. GELLMAN: Audit trails are, in theory, a wonderful technique. The more I have looked at this, I begin to question how effective they will be in a lot of circumstances. I think that if you can build a computer system, and you know that this is a requirement from up front, the cost of doing it isn't all that great. Storage costs being what they are, it is relatively trivial. If you building and designing a system up front, it's not that difficult.
I know, just to give one example, NCIC, National Criminal Information Center, files criminal history files that are maintained jointly between the states and the FBI. We had an audit of that done some years ago when I worked for the Congress. One of the examples came up of -- again, there is a set of records that are routinely looked at regularly, every day, lots of police encounters, lots of police checks.
In one state they had all these audit trails, and they looked at them once very two years. You've got a mass of records, and they are looked at once every two years; they are basically useless. So the question here is, how can these records be used effectively, in some sort of cost effective way?
Are there activities that can be done through software sifting, so that basically it doesn't require a lot of time and special effort from people, but that the systems can be designed to at least try and flag certain things? The pharmacist in Minnesota who suddenly looks at 50 records of different patients, none of whom are customers of the store, and who all live in other states, for example? So that you would perhaps infer that the pharmacist in that case is pulling up records and using them for some other purpose.
MR. THOMPSON: Two points there. I think you make an excellent point in the cost of storing data. Even though data storage is relatively becoming less expensive as technology improved, at a company like Revco we literally spend millions of dollars a year on storing data. It is the nature of our business. It is a tremendous investment.
If you increase those storage requirements, or requirements for additional information, you could literally double that expense. Even though we talk in millions, millions of dollars for even a company like Revco is a significant expense.
The way that our pharmacy system is built, in the example of the pharmacist in Minnesota, we would have the capability of looking at those records to see what occurs. What occurs in the day-to-day operation is we could have a patient in Cleveland, Ohio get a prescription filled, and go to a specialist in Minneapolis that same afternoon and receive other prescriptions.
Because of our central database, the pharmacist in Minneapolis could look at all the records, and our system would check for drug interactions, potential adverse reactions, potential drug misadventuring, all for the good of the patient.
Now the system isn't conducive to surfing if you will. You have to know some things, and typically the way you find out things is the patient discloses to you their name and their address and their telephone number, so that we can go in and directly hit on the information that is necessary to serve that particular patient.
Could a motivated person get to the information? Sure. Can we check on it? Yes, we can, but I want to make it clear that the system that we maintain and operate is not conducive to surfing patient records easily; you just can't do it.
DR. HARDING: I'm very impressed with your system, by the way. I have one question though. The issue of consent -- does the patient give Revco consent to be in that database, or is that automatically accepted that they come in and hand you a prescription, and therefore they are giving consent to that?
MR. THOMPSON: It's automatic, if you will. The way pharmacy is governed in the United States is by individual state pharmacy practice acts. Every state we operate in has stringent requirements for the type of computer system that you use, or that we are allowed to use.
In fact, in certain states, for example the state of Indiana, we went to the state of Indiana and our system had to be approved by that particular state board and all the specifics. So most every state has these types of criteria. Once they approve the system for use, then the state has more or less told us that it is okay for us to use the central database.
We are completely open that that's how we use our system, because we think it is most beneficial to patients.
DR. HARDING: I think it's excellent. I use Revco, and I didn't know that.
The other part would be you do not sell the information to outside sources?
MR. THOMPSON: Absolutely not.
DR. HARDING: I'm glad to hear that, and I think that is a wise decision of your corporation.
Sometimes you have arrangements with outside sources to supply somebody with information from you? If somebody has diabetes, you may have an agreement with a company to send them information on a certain type of insulin or something along those lines, but it comes from you, and the outside company doesn't have any contact?
MR. THOMPSON: That is correct. For example, if there was an interest by a manufacturer to distribute information about a new insulin product or whatever, the manufacturer would give us the information and we would customize it. The printed information or any brochures that would go to the patient, would come directly from Revco. In fact, it's if you have a question, contact your Revco pharmacist. We completely keep the manufacturer out.
We also use our professional judgment at the corporate level. Not just anyone can come in and say, I want to send information to a group of patients. We are very selective about what we feel is appropriate for those patients to receive. So there is an intense screening process. It's not like you can just come in and buy that privilege.
DR. HARDING: The question would be in my mind, is the patient, by being on that database, giving you consent to send him those things? Is he asking for it? Is he making himself available to that? Maybe that's not an important issue because it's just information. It's like advertising, but they are receiving that, and they didn't sign up for that so to speak.
MR. THOMPSON: I will tell you honestly that some patients will say I really get too much mail, and I don't want anything else, even though it might be something as important as a refill reminder program, to encourage compliance for hypertensives to take their anti-hypertensive medication on a routine basis. We receive comments from people, and they ask to be removed from the list. If they ask us, we remove them immediately.
What we are doing at Revco is we have taken a look at this issue in context with the other discussions going on in the industry, as well as our profession. We are adding disclaimers, or if you will, consent language to our patient profile record where it directly says from time to time we may feel the need to contact you about your medication. Would you like to receive that information via mail or telephone call? If not, you can opt out. If you check the box yes, you can opt in.
So we felt the need to make sure that that was being communicated more to the patient, so that they could have a better understanding.
DR. SCHWARTZ: Just following up on that, what if they don't check any box?
MR. THOMPSON: Well, what we try to do sir, in all honesty is we try to go through every patient profile for completeness. It's a training issue for pharmacists and our pharmacy staff, as well as it is an educational issue for the patient.
I won't mislead; if they don't check the box, there is a likelihood they could get a letter. We are hoping to address that issue by being more forthright in making sure that that information is out there for everyone dealing with the patient to see, and to show sensitivity to this issue.
DR. SCHWARTZ: Let me just ask a question on the audit trail. Is that information that is contained in the audit trail captured at time of transaction?
MR. THOMPSON: Real time.
DR. SCHWARTZ: Real time. Even though it's on paper, it is still real time?
MR. THOMPSON: The paper printouts -- and let me clarify that -- we only print the information that the state absolutely requires, and that is generally a daily transaction log. There is no printed reports of everybody's medical history for that day. What the state requires, and we do have some audit information on additional audit information that pertains to our computer system that we print out and maintain, so that it is easy for our operational people to come in and provide oversight.
DR. SCHWARTZ: That information of course is not necessarily put into the audit trail in a sense, at time of transaction?
MR. THOMPSON: Oh, yes.
DR. SCHWARTZ: All of it is?
MR. THOMPSON: All of it is real time. The printed reports print after the business day for practicality purposes, but if we wanted to, literally it is instant.
DR. SCHWARTZ: One question on the cost. In your formal testimony or record, there is a mention about the need for a complete cost assessment for implementing new software and information systems with respect to satisfying any new federal legislation. Is this something Revco is going to do, or the pharmaceutical industry by and large? Could you just elaborate more specifically on who or what?
MR. THOMPSON: I think that we would certainly -- at any new proposed regulation, one of the things we look at is the cost of implementation. In association with the National Association of Chain Drug Stores, they help us with assessing the information as well.
Not everyone operates a system like Revco. There are different systems out there, legal in the various states for different types of pharmacy operators. Each new piece of legislation has to be evaluated as to how it would impact. So yes, we would take a look at that, and we would be happy to supply information as required by the committee.
DR. DETMER: One of the things that the Kennedy-Kassebaum legislation speaks to our committee to suggest to the secretary is how do we approach the issue of unique patient identifiers. A number of groups have spoken to Social Security with a special identification, or a totally unique number. I would just be curious -- it's off the line of thinking, if that's okay --
MR. GELLMAN: Sure.
DR. DETMER: To take at this point kind of what are your reactions to that, if you have them?
MR. THOMPSON: Well, in our operation today, the majority of our business is managed care paid business. That's the trend in our industry, is more and more prescriptions are paid by third party payers or by the state and federal programs.
Typically, the identifier that we use is the identification number assigned to them by that particular plan or whatever, whether it is a state Medicaid agency, or it is the employer's plan, or whatever. So even though we have names, and we can go back to each individual's name if we have to, most of the processing and activity that happens is on a numerical basis.
So I guess if you were to grab onto a transaction going through and you just had a set of numbers there, you couldn't instantly identify that that person was receiving an AIDS medication. You wouldn't know who that person was, but yes, you could translate back to the person.
DR. DETMER: So in terms of your current practice, you are sort of using in a sense, a variant of a unique number for most of your transactions?
MR. THOMPSON: For most of our transactions, yes.
MR. FANNING: But it's different unique numbers, depending on the payor.
MR. THOMPSON: That's correct, sir.
MR. GELLMAN: So for one patient, you might have several numbers in some circumstances?
MR. THOMPSON: There is a potential for that. For state Medicaids, yes, you typically have a unique number for each and every patient, or you have a family group that has numbers underneath that can tie back to a family identifier.
DR. DETMER: Where the numbers are, what would you prefer to have?
MR. THOMPSON: Well, right now we have built a system -- and this is why it is so important to have federal standards, because we have built a system that has to operate across every state's unique process, every different insurance provider's different process. We would like to have some sort of uniform way to handle it that makes it more efficient.
MR. GELLMAN: I think this is as good a time as any to take a 10 minute break, and we will come back for some more questions.
Thank you.
[Brief recess.]
MR. GELLMAN: I want to turn back to the manufacturers. Some manufacturers also own companies that are pharmacies that distribute drugs. This is a very broad question, and I recognize it, but do they follow some of the same policies and practices that we have heard described by Revco in terms of not allowing information to flow outside of the pharmacy?
DR. KENT: I'm really sorry, I couldn't answer that, not being from a company. I can't give information on that.
MR. GELLMAN: I understand. I think this is an important area and an important issue to know how information flows. It may all be within a big company, but one of the basic and difficult issues in a bill regulating use of medical information is how the information is used inside a company. There is a big distinction between internal uses and external disclosures.
As you have companies getting bigger and bigger, and we can envision -- suppose that a pharmacy or a hospital is purchased by Junk Mail Incorporated, with the idea of taking all the patient information and exploiting it in other ways. I mean that's sort of the ultimate horror story or potential anyway, so that is an area of some concern, and I think needs to be explored. If we can't do it here, maybe somewhere else.
You mentioned, Mr. Thompson, sending renewal notices, reminders to patients. Can you talk about that a little more, how that is done, and how that is controlled?
MR. THOMPSON: Yes. The pharmacy is in an evolutionary stage as pharmacists try to move from the old role of being just product distributors, to being more integrated into health care delivery in total.
One of the big focus points today is pharmaceutical care and disease state management. The purpose of all of that is to help the physician manage the patient more effectively through proper pharmacotherapeutic usage. To do that, there are a number of ways that you can approach the process.
Certainly when you deal with a large organization that dispenses a lot of prescriptions to the millions, one of the best ways to improve pharmaceutical care is really through compliance. So we have been looking at ways to keep patients in the habit of taking their medication. All too often, especially in the case of hypertensive patients, hypertensive patients really have a silent disease. Once it is diagnosed, they will start taking medication. A lot of them aren't compliant. They say, well, I feel okay, and there is a lack of compliance.
We will generate letters to those patients, hopefully to improve their compliance, but there is a cost associated with that. Typically, that cost to do a refill reminder is shared by the pharmaceutical manufacturer, who also stands to gain if you will, by more compliant patients. In that particular instance though, no matter if they offset the cost or not, the information that we utilize is strictly blind to the pharmaceutical manufacturer.
MR. GELLMAN: You don't send reminders to all patients with prescriptions. It's basically those where you are getting some kind of support for this activity from a manufacturer?
MR. THOMPSON: That's correct, but we would like to. I think you will find companies like Revco, who are exploring ways to find the most effective way to communicate. There are all different kinds of things on the marketplace today, but I think as technology improves and as systems improve, there may be better ways and more cost effective ways to help patients become compliant.
MR. GELLMAN: Well, I can see that if patients are prompted to take medication that it is good for them, it is good for the patient, and it's good for the manufacturer. It's good for business, and everybody benefits from that.
I wonder if you might find the same kind of interest from a managed care company that also has an interest in getting patients to take drugs to provide better care and more cost effective care?
MR. THOMPSON: I think managed care -- and I'm speaking purely from my own opinion and observation -- I think managed care companies are interested in appropriate utilization of pharmaceutical, because there is a large cost involved. So they are interested in appropriate use. We are interested in appropriate utilization. I think that you are seeing new ideas come into the marketplace to try to encourage appropriate utilization.
Again, if the managed care organization or the insurer -- they have all the patient's information. They can pretty much do what they want to within their own constraints with that information. We communicate with the insurer, the managed care organization for purposes of payment for our services that we provide.
DR. SCHWARTZ: On this, do you ever make that type of data available to researchers for medical effectiveness research? For example, do reminders or alerts make a difference in that type of thing?
MR. THOMPSON: No, sir, we don't. We are trying to determine internally if we are seeing benefits. That is part of the whole proposition of disease state management, is demonstrating outcomes. So we look at that internally, but we haven't shared, or don't intend to share that with any research.
MR. GELLMAN: I'm going to change the subject quite a bit now. I want to get into a small, but extremely important provision in proposed legislation dealing with disclosures to next of kin. All the bills deal with this.
Just to set the scene here, when you are developing a piece of legislation that says we are regulating all of the uses and disclosures of medical information, you have got to take care of everything. You've got to foresee whatever is out there, and provide some kind of disclosure standard for when information can be shared.
This is a very sensitive, and very delicate, and very difficult area. It is very important, because the practical implementation of this bill -- this is sort of where the rubber meets the road. A lot of the other things are all very important, but it all goes on sort of off stage from the patient's perspective.
The next of kin relationship between a physician and a family, or a pharmacist and a family is very important, and the way information flows. If this is done well, it won't be noticed. If it's not done well, it can be very disruptive. So the pharmacy is one of the areas where this will come up.
Let me ask, are there existing laws at the state level or formal policies within the industry about when information is disclosed? When I say next of kin, it doesn't necessarily have to be a legal relationship. It could be a roommate. It could be a caregiver. It could be someone who is recognized -- it could even be a neighbor in some cases. I'm not getting at that particular part of it, but are there policies or standards that apply here?
MR. THOMPSON: State pharmacy practice acts generally set standards. The origin of those standards comes for the practice or the profession of pharmacy from ethical education in colleges of pharmacy. We learn as pharmacists about ethics, about patient confidential information. As you pointed out earlier, it's not a new subject. It's a long term discussion within the profession and within the industry.
Various state laws govern somewhat loosely if you would, the conduct of pharmacists as it relates to next of kin. An important provision of the practice of pharmacy, as well as I would say the practice of medicine also is professional judgment. There are times when a pharmacist or a professional must rely on his professional judgment in how to deal with the situation.
At Revco we attempt to define policies and we try to be very clear on how we share information with next of kin. Typically, we know through conversation with the patient or serving a patient's needs for a period of time, if we are dealing with the patient, the caregiver, whomever. It's generally established up front in that patient/pharmacist relationship.
Although there are not any formal forms or disclosures if you will, where I say that it's okay for my wife to have this information. So it's pretty loosely defined.
Typically in the practice of pharmacy, you can determine most often if there is an improper motivation if you will, to gain information. Let me try to characterize this in the form of an example. An example would be if my wife is home sick, and the doctor has phoned in a prescription which physicians do routinely, then I may go to the pharmacy and pick up her prescription. I may have to fill out some information if there is personal information that the pharmacist needs for the patient profile that is incomplete.
I will pick up the prescription and take it home and give it to my wife, and communicate hopefully part of the message, if not all the message that the pharmacist gave to me; however, if I walked into a pharmacy and said to the pharmacist at Revco, I'd like to have a record of my wife's complete dispensing history, we won't give it to him.
So it's a clear line to us. It may not be clear to other people, but it is very clear to us. If they are picking up a prescription to serve the need of a patient, someone who is ill, then there is an understanding, and there is a flow of information between the parties. If it is information that would relate to the entire medical history, even tax records, unless we have a signed consent, we won't release that.
MR. GELLMAN: I want to get into some of the details. We haven't really done much of this, but I think this is an issue that hasn't gotten enough attention, so I want to talk about some of the details of the bills.
The Bennett bill permits next of kin disclosures only if the subject of the record has been notified of the possibility of such a disclosure, and has not objected. Does that present any practical problems?
MR. THOMPSON: Yes, sir, I would say it would present a lot of practical problems, because in many instances today there are lots of caregivers in the continuum of health care. I mean there are people at home that are bedridden, that are incapable of giving that consent. They may not be part of a guardianship if you will. They just may be there. They have a caregiver; a family member, maybe someone who was hired by the family to watch that person, but they need to provide for that patient. That's a very common practice.
There are instances where people are completely coherent, but may be extremely ill and it is just not convenient to transmit that information. Would you consider it appropriate to do it over the telephone? Well, if I pick up the phone, do I have knowledge of who that person actually is?
So in trying to deliver efficient care, and to make sure that we focus on what the patient really needs at the time of their need, we have to be cognizant that in most instances we are dealing with people in need, and we are trying to address that. There are a minority of people out there who are motivated to other inappropriate reasons.
MR. GELLMAN: The Bennett bill includes an exception for exigent circumstances that would make it impractical to notify the individual. I wonder if you think that that as a standard, provides enough flexibility to overcome some of these problems?
MR. THOMPSON: I have to be honest, I'm not familiar with all the specifics of the Bennett bill, but I will tell you that anytime we place disclosures among the many steps, and we try to define each individual step, we are going to impede the delivery of health care, and keep health care costs at the lowest possible level.
MR. GELLMAN: I want to turn to one of the other bills, the Condit bill. It has a somewhat different approach here, and see if you find this to be easier.
The Condit bill limits next of kin disclosures to oral disclosures. In other words, that you can't turn a record over, but you can disclose information orally. That sounds consistent with the kind of practice that you have just described, where you would give someone a prescription and some instructions, but you wouldn't give them a whole history.
MR. THOMPSON: That is more consistent with what we do; you are correct.
MR. GELLMAN: The Condit bill doesn't require formal notice to the patient before these disclosures are made. All the bills require sort of a general notice of information practices be made available to patients, although those are likely to be multi-page, fine print, long winded notices that few patients practically will read.
The Condit bill says that you can make a disclosure without a formal notice as long as you have no reason to believe that the individual would consider the information that we're talking about to be especially sensitive. That may or may not be a significant matter in the case of someone involving prescription information.
MR. THOMPSON: Perhaps. It depends on how it is applied and how it is implemented.
MR. GELLMAN: Another standard in the Condit bill is that there has been no previous objection from the patient. So for example, if the patient said don't tell my wife, don't tell my children, whatever, that would be binding. I assume that if you have instructions like that from patients --
MR. THOMPSON: Well, in today's environment if a patient were to tell us that there was a certain concern that they had, we have the ability to enter that into their permanent record. Again, because we are able to move patients' records as they move, it would available to all pharmacists, and therefore give protection to the patient and acquiesce to their individual needs.
MR. GELLMAN: Another standard from the Condit bill is simply that it's consistent with good medical practice. This is I think, intended to be a large measure of local professional judgment on the part of the physician, the provider, the pharmacist, whatever. I assume that is something that you already exercise?
MR. THOMPSON: Yes.
MR. GELLMAN: The other condition is that disclosures are limited to current health care. Again, that is consistent with what you described, that you will not give a history of prescriptions to a spouse, but you might give information about current treatment.
MR. THOMPSON: Well, that's correct. The disclosure that we would normally do -- let's take the example of a pharmacist dealing with a patient who is visiting multiple doctors. Certainly the pharmacist would probably disclose to the physicians that this patient was seeing all of them, and was doing these things, and that this is an opportunity for us to manage the patient better, and to make sure that there is no overutilization or drug misadventuring.
It would be unlikely that we would also talk about the health condition of the patient's wife or husband, who wouldn't be involved.
MR. GELLMAN: Anyway, I just wanted to go over some of these things. I don't think this issue has gotten enough attention. I think it is very important. If there are rules that are developed that prevent someone's wife or spouse or roommate or whatever from going to the pharmacy and picking up a prescription, because even disclosing that John Smith is a patient of a pharmacy, is medical information even beyond that; or is being treated by a particular physician. That's basic protected medical information.
If you limit that kind of flow to the point where people can't function in the way that they expect to be able to function in a reasonable way, the bill just won't work. It will become a laughingstock, and that has happened in the past from time to time with privacy bills that have not taken into account the realities of the world.
So I think that I wanted to get some of this out, and maybe provoke some thinking for those who are paying attention to this issue. I'm not sure that the Condit bill has gotten it quite right either. There are a couple of different approaches out there, and this needs to be sifted much more carefully by people who deal with patients routinely every day. This is not some theoretical privacy concern. This is a real world kind of problem.
DR. HARDING: Does your system or do you think systems should have the ability to hide a medicine? That is, if I have herpes, and I go to you for anti-herpal medicine or whatever you call it, anti-viral medicine, can that be kept from the view of my next of kin if I ask you to please do that?
MR. THOMPSON: It depends on the circumstance.
DR. HARDING: It's pretty important to me.
MR. THOMPSON: Yes. If you are asking me should valuable health information be blocked from exchange between health care professionals that are involved in the treatment of that patient, I would say no.
If you are asking me should a patient have the right for their next of kin to not know something, I would say that that's completely appropriate. In our system today, again, we wouldn't release any medical history or any profile information without the consent of the patient.
DR. HARDING: And upon my death?
MR. THOMPSON: Upon your death, well, as Mr. Gellman pointed out, lawyers have ways of discovering that information. We don't release anything unless it is under subpoena.
MS. WARD: Do you get a sense that this problem that is being tried to be dealt with by this disclosure piece of the legislation is worthy of trying to be addressed? Do we have a problem where the public is being harmed because information about their prescriptions is being given out to next of kin or others who are injuring them? Why are we --
MR. GELLMAN: Can I answer that part? One of the reasons is -- I'm not planning to let you totally off the hook. You are welcome to respond. The problem here is that in developing a comprehensive scheme regulating disclosure, you have to address this issue. If you don't say it's legal to do it, then it's not legal. You have to address it.
I'm not saying that there is a problem specifically, but you've got to write legal standards that say when these disclosures can be made. You can write them very broadly. You could write a provision that says it is wholly within the judgment of the health care provider, but that may be too broad, and there are circumstances and communities that are very concerned about next of kin disclosures. This is an issue for example that has been discussed at great length with the AIDS community, which is very sensitive on this.
There are other instances of care -- mental health is certainly one -- where there is a lot of concern back and forth. So it's not just a free field here.
MS. WARD: So today's pharmaceutical conversation is that that is a piece of health information that is going to get scooped up in our disclosure. It may not be a problem. Pharmaceutical information may not be the problem, but certainly disclosure in its largest form needs to be addressed, and you're going to get scooped up in that same definition.
MR. GELLMAN: We're going to revisit this issue when we have the providers here to talk about this.
MS. WARD: I was just curious about whether you have a sense that because there is going to have to be something about disclosure of any information, I was just curious about the pharmaceutical piece, whether that seems to be an issue.
MR. THOMPSON: We think within the industry, and especially within my responsibilities at Revco, that we have adequately addressed concerns about confidentiality. As I told you earlier, we are adding new disclosures. As we become more educated, and as patients become more educated, and certainly as topical issues become more clear to all of us in how they have impact, we have tried to design a system with absolutely the best interests of the patient at heart, so that we are making sure that we take care of them first, because if we don't, we won't have any more patients to take care of.
In general, we have a concern that as our companies grow and expand and cross different state lines, as more serious issues come into the public, whether it is genetic research or clinical trials, or more unique pharmaceutical treatments for diseases like AIDS, that there is a necessity for us to look at this issue, which you are trying to do.
Our concern is that the legislation that you propose should taken into consideration the practical realities of delivering this service. Also, the practical realities of trying to manage this across different states who may be more sensitive to this issue than others, and therefore impose different regulations which make it more difficult for us to meet the standards.
So I won't say that it's not a problem, because there is a lot of discussion in our society today about it. I would say that there is a potential for it, but in the practice of pharmacy, and in the practice of pharmacy at Revco we make every means that we can make available to protect the patient.
MR. GELLMAN: I want to turn to some other disclosure issues. In the context of research activities we talk about identifiable patient information. Is information shared with other researchers, with other research activities? I know that in some kinds of epidemiological research, the sharing of information does take place with IRB approval and control and all that. I'm wondering if this is something that goes on with your activities?
DR. KENT: The only information that we share with anybody that could be directly linked to a specific patient would be to the IRB where the study is taking place -- that would be through the investigator; to the FDA -- that would be through the investigator, not through us, and that is really it.
All other information sharing that we would do would be data driven, and would not identify individual patients at all.
DR. GOLDHAMMER: I think that that's the same case here. Certainly in the case of our subset of companies that do genetic test services, that is directly to the physician who is requesting the test. So it really is dealt with in a privacy matter along those lines.
MR. GELLMAN: Are there circumstances in which disclosures are made to public health authorities? You mentioned FDA, who would certainly qualify? Are there other circumstances in which you would share information with state or other federal public health agencies?
DR. KENT: I can't think of any. Anything like that would go through the patient's physician, the investigator; it would not go through us.
MR. GELLMAN: Okay, fine. This may be aimed at the wrong player here. I want to talk about disclosures to employers. This is a problem, and we discussed this a little bit yesterday with disclosures where employers are funding health insurance and they want information on the treatment of identified patients.
There is a case that was decided last year Septa(?) v. Doe by the Third Circuit in which someone sued an employer over the release of prescription drug information to the employer, and the patient lost. The court said this disclosure was legal; did not create any liability.
Is this a problem that you encounter at all?
MR. THOMPSON: I understand what you are talking about. We exchange information to insurance companies, and insurance are employed or contracted by employers. So we don't directly give any employers any information, nor would we. So the information that an employer might obtain about their employee population would come from their benefits management organization or their insurer, whatever.
So what we do is we exchange a transaction on a particular prescription at a particular time in order to get paid, and to receive payment for the service and the protect that we have delivered. As far as a pharmacy like Revco giving information to employers, that's --
MR. GELLMAN: You're not engaged in the separate provision of pharmacy benefit insurance?
MR. THOMPSON: Right. Well, we have a pharmacy benefits management organization that is under construction, if you will, but we're not doing that at this time.
MR. FANNING: Can I just ask about your communications with pharmacy benefit management firms or directly with insurers? What kind of information occurs in that transaction? What kind is sent?
MR. THOMPSON: It's a very large, complex issue with managed care organizations. Different plans require different parameters. That's why we have this huge computer system that exchanges the transaction.
Typically, there is some sort of patient identification number which is unique for that patient or the family, and the person that is being treated may be identified as spouse or child or whomever. The drug is identified by NDC number, which is a national drug code. Then the cost is adjudicated against the plan parameters; what we have agreed contractually with the third party organization to be paid for that particular prescription. So for purposes of an electronic transaction, it is a patient number, a drug number and a charge.
MR. FANNING: You within your own company maintain a list of medications a particular patient is taking, and can look for contraindications. Does the pharmacy benefit manager do anything like that? If a previous prescription has been obtained from another drug chain for example, can they respond to you?
MR. THOMPSON: Some pharmacy benefit managers can. The pharmacy benefit managers are concerned about appropriate utilization. They look at overutilization. They look at drug overlap. We screen for every patient -- that's why I want everybody to go to a Revco store -- we screen every patient against everything that they have taken that we have in their history. So we are looking for the same things.
Pharmacy benefit managers, if they are paying for prescriptions, and those prescriptions have been obtained at Drug Store A, B, C or D, they may look for overlap too, and they will send a reject message back to the pharmacy on-line that says that there may be an overlapping product. We may have to interview the patient, or we may have to call the PBM and see what the problem is or whatever.
MR. FANNING: I see.
MR. THOMPSON: There is some screening to that degree based on the different PBMs.
MR. GELLMAN: Can we talk about commercial services that collect information on prescriptions? How do you relate to these organizations? How do you provide information? What is going on here? What is the activity?
MR. THOMPSON: That is typically a marketing function. If we were to provide any information to a statistical service, there is never any patient identifiable information shared. It is all statistical.
MR. GELLMAN: Is it identified as to doctors?
MR. THOMPSON: No, sir, not that I know of.
DR. SCHWARTZ: Is it identifiable in terms of let's say zip codes, so that they can target a zip code and send information out and that type of thing to a particular area?
MR. THOMPSON: I don't know the answer to that. I cannot tell you that we participate routinely, although --
DR. SCHWARTZ: Maybe it does, maybe it doesn't.
MR. THOMPSON: Right.
MR. GELLMAN: You indicated that you don't provide identifiable patient records for prescription drugs to anybody. I wonder if that extends to non-prescription items as well?
MR. THOMPSON: We consider a patient's record confidential, so if we have record of that OTC product, if it is on the prescription database, that would meet the same requirements.
MR. GELLMAN: Do you have another database that you maintain of other things? Let me give you an example that may not apply. Supermarkets keep track of frequent shoppers, and they have a list of everything that a person has purchased in a supermarket. I don't know whether prescription information gets into that system. When I have asked, I have been told no, but I haven't asked lately.
OTC products do, so if I go to the supermarket and I buy a tube of Preparation H, people can infer what kind of a problem I might have. I don't know what the policies are at supermarkets with respect to that and what constitutes a drug item or a food item; in some cases it can be very hard to distinguish. Is this an issue at all with you?
MR. THOMPSON: Not at our company, no. We don't have a program like that.
MR. GELLMAN: So you don't otherwise track purchases by individual consumer?
MR. THOMPSON: We track purchases or sales by SKU. We know that this store sold 25 Coca-Colas today, and that's the extent.
MR. GELLMAN: So if I come in and I buy a tube of Preparation H with a credit card, you still don't really have a record of me?
MR. THOMPSON: No, sir.
MR. GELLMAN: Okay.
Let's talk about some other details. I want to go back to the uniformity issue. Everybody talked about the importance of some kind of uniform federal standard. One of the issues here -- this is going to be a very contentious issue as the bill moves through. The question is, how much uniformity is necessary?
Are there existing state laws that create particular problems? Are there existing state laws that have policies that you like? Are there existing areas where if state law vary to certain extent, it doesn't make any difference? I wonder if you have any thoughts on that, any of you?
DR. GOLDHAMMER: We have been tracking state legislative efforts in this area I think going back five or six years. It is interesting, because it waxes and wanes from year to year. I think one of the things that we have observed this past year, this is one of the waxing years, as opposed to one of the waning years, and this has caused us no degree of difficulty at the state level.
Part of the difficulty as I think I alluded to is a tremendous amount of inconsistency in the states' approaches. I think that's one of the reasons why we are urging the federal approach. I just got across my desk last week, a legislative initiative from Florida. Our state government relations person says, well, we need an answer. We need to write them with information this afternoon.
Well, I'm getting in my car to go off to FDA to talk about FDA modernization, which is probably of more paramount interest to our members than what is happening in the state of Florida, but it highlights the problem. There were a lot of difficulties in the language and inconsistencies between one section and other, that it appeared to me -- and again, from a scientist's perspective, as opposed to a lawyer's perspective -- is that one of the sections was completely contradictory to the other.
We have observed this in numerous cases. There were questions in I think a New Jersey statute that we looked at that might have been extremely inhibitory toward clinical research if the clinical research was crossing the state boundary line.
If you had a clinical investigator in New Jersey, he or she might be held to some different requirement than a clinical investigator in Pennsylvania, even though the difference between the two might only be ten miles.
I think it is largely to that reason that we are looking here, as well as to clarify the genetic versus medical privacy. Quite frankly, a lot of the state initiatives that we see are genetic privacy, and not the larger medical privacy initiatives.
DR. DETMER: May I just follow-up on that, because I think this is a very contentious issue. To see if I can put words in your mouth, and if not -- I would say that you would say that there is sufficient wisdom today to both write and defend what a national standard and model ought to look like?
A lot of people say, well, maybe the feds won't get it right, and that's why we need to allow states obviously the understandable flexibility to improve upon that.
DR. GOLDHAMMER: No, I think our inclination is to answer that in affirmative. That we do think that there are some common principles. Even when we have looked at the state legislation, the principles are all there. What tends to happen in the heat of the moment, a legislator says, well, I'm going to make this my issue and charges ahead on that.
Many state legislatures have very short times that they are in session. You have a lot of states where the legislature may be in session for only two months out of the year; you have larger states like California and New York, where it is like the federal Congress, where they are in session throughout the year.
What tends to happen is things might be thrown together very haphazardly, without thinking about some of the ramifications, in particular some of the ramifications on medical research. We were on a conference call with people up in New Jersey over several days, and several hours on each day to explain the ramifications that this approach would have on the conduct of clinical research.
When they understood it, the governor, Gov. Whitman gave it a conditional veto, saying I think it's a good idea to have this legislation, but legislature, you need to correct some of these problems with the legislation. In fact, that was the course that was followed.
If you look at this happening in 50 different states, to different degrees of sophistication, you see the difficult that it puts us in terms of responding to it, and identifying where some of the difficulties arise. That's why we would like to see the federal effect -- and I think that one of the good jobs this committee is doing is giving a thorough airing to all the issues.
The recommendation then comes out with the thorough airing and the transcripts and the reports and so forth, I think it will cover all the issues. I can't see that we are going to leave any stones unturned through this process.
MR. GELLMAN: Well, I for one just want to express shock and dismay at the suggestion that state legislatures have bills before them that are incomplete and inconsistent and poorly thought out. That never happens here in Washington.
DR. KENT: I'd like to agree very strongly with what Alan said, and just remind you of some of the things we have talked about today. Our ability to get access to research data to actually determine the best use of drugs and the best use of new drugs; the ability to do clinical trials that we have had, and we have done these trials, and patients' confidentiality has been protected.
Our abilities to work with IRBs in a uniform way. Our abilities to set up things like registries and explore large databases, which we have done to the benefit of society in a way that has protected patient confidentiality. What we are seeing now is the potential onslaught of a variety of state initiatives. I think what we are asking for is the ability to continue to do these things in a uniform way.
MR. GELLMAN: Can I ask you about this issue? It's clear from what you said, and of course otherwise that states do a lot of regulation of pharmacies. This is obviously a big concern of yours. I just wonder about the problems of meshing a federal confidentiality standard with all of the state rules. What kind of problems do you see arising out of that?
MR. THOMPSON: I think that I have to agree with my two colleagues here on the panel. We would like uniform standards, because in our particular piece of the industry, we see the same onslaught of different types of regulations, with different levels of intensity. For us, that is a tremendous cost of implementation. The systems have to be adjusted individually for each location and in each state to be able to meet those requirements.
What the states have been successful in doing is regulating and directing the practice of pharmacy. If the medical board regulates the medical practice, what we are looking at here is legislation that really moves across the health care continuum. It's all the participants.
I think that should supersede the state regulations, not telling the state board of pharmacy that they can't regulate the requirements to become a practicing pharmacist in their state, but these are the guidelines that we all have to meet to protect patient confidentiality. I see them as two separate issues.
MR. GELLMAN: One of the suggestions that has been made is that a federal law would preempt state laws, except state laws that are more protective of privacy. How do you think that kind of a standard would apply with respect to the existing pharmaceutical regulations at least? Does that really tell you specific -- can you always tell which is more protective of privacy and which isn't?
MR. THOMPSON: I think that we see that today with regulations as it relates to DEA, the Drug Enforcement Administration. There are some states that carve out specific drugs, like in the state of Georgia, soma is a controlled substance, but in the state of Tennessee it isn't. Without being overly critical, one wonders the need to do things like that.
In the issue of the patient information, if it is more stringent, where I think we are doing exactly -- we are opening the door to exactly what we are trying to prevent here is that we would still have more states out there competing to have more stringent regulations. It would create the same bureaucratic process that we are trying to avoid.
MR. GELLMAN: This may not be that common a circumstance for pharmacies. When you have information that is in several states, or is being accessed -- you have a nationwide system, and there is a particular requirement in a state, how do you determine which state law is relevant to which particular record?
MR. THOMPSON: Well, it's difficult. It is done with great difficulty. We make a decision as we review the requirements for new regulations, or regulations in various states, we learn something that we didn't know. We actually work within our organization to set the priority, and then we write software specific for that instance.
So it requires a lot of diligence. It requires dedicated personnel, which we have many, just working on these issues to make sure that we follow the priorities of the individual location.
One of the things that I think the committee here is attempting to address is that in our society, and with technology and the advent of telemedicine and specialists in one state, and pharmacists in another, and trying to serve patients effectively, that's a real issue. So I see the need for the global standard, and a standard that preempts all the other activities, so that we can keep this information moving for the benefit of the patient.
MR. GELLMAN: Do pharmacies get requests from police from fraud investigators, health care? When I say police, I'm talking outside of the health care context.
MR. THOMPSON: Routinely. If it is a standard police investigation, we require a court order or subpoena. A state board of pharmacy inspector or a drug enforcement administration inspector, they have privilege to come into pharmacies to inspect and to investigate.
If they request information, reports or whatever, because we operate a centralized system, we limit our pharmacists -- our pharmacists do not have the ability to do ad hoc reporting. If we can't meet a regulator's needs at the store level by looking the required records, that information is sent to our corporate headquarters. We typically review those requests. It gets our standard operating procedures against our legal department to make sure that we are complying with the legal requirements. Then we make a decision to release the information.
MR. GELLMAN: Now what about with health care fraud? Is it any different?
MR. THOMPSON: Typically what we see is most requests for information coming almost universally either from the DEA or the state boards of pharmacy. There is a pretty good silo there. We have protections in place to make sure that we look at all the aspects.
MR. FANNING: Can I just follow-up on this? On a police request, it is dealt with at the central office, and there a judgment is made based on the law of the state where the information was generated?
MR. THOMPSON: Yes. We use legal counsel.
MR. FANNING: So if the prescription was filled in New Jersey, and that particular disclosure isn't allowed by New Jersey, your lawyers will be aware of that?
MR. THOMPSON: Yes.
DR. SCHWARTZ: I just wanted to briefly touch on the issue of the multi-state laws and the software. It seems that you are suggesting that there are additional costs due to these multi-state laws with respect to development of software. Not to put words in your mouth, but perhaps I'll take a stab at it anyway. Do you expect then if there were this uniform legislation, that perhaps a privacy provision that was uniform, could actually be a cost savings with respect to developing information systems and the software?
MR. THOMPSON: From our standpoint of operating almost 2,600 pharmacies, based on what I know from what we have discussed today, I would have to say that it would be a cost saving. It is much easier to do it. Because we have a central system, we can do it one time for everyone. If we have 17 different state laws, we have to do it 17 different times, and then mesh it with the priorities of the other states. So a uniform standard typically is a cost savings.
MR. GELLMAN: Do pharmacies -- we talked before about the issue of access to records in the clinical trial context, where there were some problems. Are there any problems with requirements of patient access to records?
MR. THOMPSON: Could you clarify, please?
MR. GELLMAN: Well, a requirement that patients have a right of access to their own record?
MR. THOMPSON: Our view is that a patient has access to their own record. So we are concerned about people who want access to someone else's records.
MR. GELLMAN: One thing that goes along with that is a patient would also have a right to seek a correction of a record that they think is incorrect.
MR. THOMPSON: Certainly.
MR. GELLMAN: All of the legislative proposals include civil liability and criminal penalties for violations in a whole variety of different flavors, as well as some administrative actions. Does anyone have any objection in principle, without getting into the details about -- obviously onerous penalties no one is in favor of -- in principle does everyone thing that those kinds of remedies are appropriate?
DR. KENT: I would say so.
MR. THOMPSON: Yes.
MR. GELLMAN: Good. I want to ask about the international flow of information. Many pharmaceutical companies are international in scope, owned by large companies principally in other countries. Do you operate only in the United States?
MR. THOMPSON: Only in the United States.
MR. GELLMAN: Are you a publicly owned company?
MR. THOMPSON: Yes.
MR. GELLMAN: To what extent does information flow across borders? I assume that there are some clinical trials conducted in more than one country; that may not be uncommon. Are there other circumstances in which patient information may either flow back and forth or be accessible in multiple countries?
DR. KENT: Patient information, the data actually flows quite freely. The reason for that is we do have multinational clinical trials, so there will be sites in the United States in a single trial, and sites in Europe, Australia, Canada. We are required to notify investigators if serious adverse events occur during those studies. So if a serious adverse event occurs in a United States site, we will notify investigators around the world that that has occurred.
Also, when the data are compiled, we may compile the data in London, where we have a big research and development facility. The key here though is that patient identifiable information is never sent. This remains at the investigator's site. The patient's name, the patient's individual identifiers never come into the company, are never sent overseas, never go to other investigators.
DR. GOLDHAMMER: No, the same thing. It takes place in our industry. In fact we have some areas, particularly with some of the vaccine research, where almost all the clinical research is done overseas, and it is similar that the data comes here, but the identifiers don't.
MR. GELLMAN: Are there problems that you have encountered in any respect from privacy regulations in Europe -- England, France, Germany or any of the EU countries -- that already have data protection laws that have interfered with or changed the way in which you have to conduct any of your trials or any other activities?
DR. KENT: Well, not yet. There is an EU directive on patient data privacy, and I must admit I am not an expert on it, but it is being studied by our company right now.
MR. GELLMAN: If you come to any interesting conclusions on that, that might be useful.
One of the problems, and this is a generic one, and it's beyond the scope of anything we are really going to be able to deal with here is not only do we deal with activities that are multistate in nature, but increasingly things are multinational in nature.
The same problems that we are talking about with respect to conflicting or overlapping regulations at the state level, may ultimately become problems at the international level. It's even harder to deal with these issues at the international level than it is within the United States.
DR. KENT: If I could actually comment on that, referencing the previous discussion on multiple state initiatives, and forgetting for a moment the international component. We do our clinical studies irrespective of geography within the United States. We will look for the best centers. We look for the best investigators, experienced clinicians. Sometimes we will look for specific patient populations.
It would be disastrous for us, I believe, if we had to take geography into account, because certain state laws don't allow us to conduct clinical trials easily.
On the international front --
MR. GELLMAN: Let me put words in you mouth. They would affect the quality and reliability of the activities?
DR. KENT: Yes, not only that, but it would affect the generalizability of the data, because obviously there are certain patient populations that are accessible more easily in certain geographic areas.
For example, the FDA does expect, it's required that we study our drugs in minority populations; we study our drugs in Hispanic populations. That we have a fair representation obviously of males and females and children. Sometimes there are specialized populations that are geographically dispersed that we need to access.
In terms of the international aspect of this, I think you are correct. I think obviously our company would hope that there will be a standard which is reasonable, but clearly our major concern today is within the United States.
MR. GELLMAN: Okay, well, so is ours.
DR. HARDING: I have a comment, and actually a question to Dr. Kent. Your statement a few minutes ago was excellent in summarizing the things that we went over. I think that your industry that you are representing here, not just Glaxco, but the industry is felt in very high esteem in my opinion, by the citizens of our country. We give a lot of leeway in effect, because you have done a good job in research, and you have been careful with people's data and so forth. I'm speaking to both of you.
Mr. Gellman, though brought up the issue that things can get more complicated when a company buys another company, and has a subsidiary that is a pharmaceutical distributor or a managed care company. I would just throw it out just for comment, be careful, because you're going to sully your reputation if people come in immediately after buying out a managed care and change the formulary, which has already happened.
All of the sudden that company is no longer the same company in my mind as a provider, and you all have to look careful at that or it's going to change the trust that we give to you -- justifiably ; you've done an excellent job -- in the future. I would just caution you on that.
DR. KENT: If I could just respond to that. Thank you for your comments. I can't speak for other companies, but I can put forward my personal position, I think Glaxco-Wellcome's position, and I believe PhRMA's position.
When we are studying patients, there are a number of advocates the patients should have to insure that they are treated properly, to insure confidentiality -- the patient's physician, the investigator is an advocate, the IRB is an advocate, the FDA is an advocate. Hopefully, the patient should be an advocate for him or herself, although sometimes they are vulnerable populations.
In the medical group that I run, we are advocates. I feel very strongly about that. I'm a physician. We took the Hippocratic oath in some form. That doesn't go away just because you work for a pharmaceutical company. That is something that I feel very strongly about. I'm sure PhRMA feels strongly about.
Mr. Gellman mentioned scoundrels earlier. I think there will probably always be scoundrels. The position that I want to put forward is that we are very concerned about patient safety, about patient confidentiality, and about the ability to do good research.
MR. GELLMAN: Let me just follow-up on one point. It's a point I made at the first hearing involving researchers. Sometimes people within an industry sort of develop some sort of myopia in terms of they know what they are doing. They know it's very valuable. They know it is very helpful, and they have got a very good story to tell about why they need to be able to do some times, and to be able to get access to records and what have you.
It's not always clear that people have done a good job, that industries have done a good job, that researchers have done a good job educating the public. I said this before. Every day on the news you seem to see a story about some new development, a new drug, a new treatment, and people are interested in this, or it wouldn't be on the news all the time.
The connection between this activity and the benefits, and the need to get access to patient information and do this isn't always clearly made. It's not going to be made all the time, but it is something that should not be neglected. You need to sell yourselves to the population at large.
DR. KENT: I think we understand that very explicitly.
DR. DETMER: The thing where I think this particularly gets tricky, having been involved in this over the last few years, is the critical importance of sample sizes and cell sets if you will, in order to get valid and reliable data.
There is a lot of sense that well, people should be able to opt out, but how that really fundamentally totally changes the whole thing, statistical truth if you will, is largely something the public really doesn't have a good sense of.
DR. KENT: Without getting into the technical aspects of things, you have raised an extremely important point. Just very briefly, when we do a clinical trial, we agree to certain parameters with the FDA on sample size and the power of the study to show what we want to find.
It would be unethical to do a study that has a low probability of showing what you want to find, because then you are exposing patients to a drug, and you have very little probability of proving that it works.
So sample size, and the ability to keep patients in studies -- and we have drop outs all the time for very valid reasons -- but the ability for us to keep patients in studies and not have studies disrupted is crucial to us doing our work. It is something we agree up front with our investigators, with the IRBs and with the FDA.
DR. DETMER: That's a really critical educational piece in my mind.
MR. GELLMAN: I want to thank all of our witnesses. I think that you have been very forthright and very helpful. We're most grateful for your participation.
We're going to recess now and reconvene at 1:00 p.m.
[Whereupon the meeting was recessed for lunch at 11:56 a.m., to reconvene at 1:00 p.m.]
A F T E R N O O N S E S S I O N (1:07 p.m.)
MR. GELLMAN: Some of the members of the committee have to leave early, so I think we're just going to start.
We have asked all of our witnesses if they could keep their statement short, so I hope that you can confine yourselves to five minutes apiece.
Dr. Joseph, would you like to begin?
DR. JOSEPH: Thank you. It's a pleasure to be here on the part of the Department of Defense, and comment on the confidentiality issues.
DOD policy of course, is to safeguard personal information contained in any system of records, including medical records. We have the standard provisions about authorized release of information about individuals constituting an unwarranted invasion of privacy, with subsequent civil and criminal penalties.
DOD medical records also are exempted from public disclosure under the Freedom of Information Act.
This strong departmental policy to safeguard personal information stems from the Privacy Act, which does allow, however, disclosure for specific purposes related to official duties. We recognize that the committee has under discussion proposed changes to the confidentiality rules, which is applied to federal agencies, that seeks to limit some disclosures currently allowed.
For the most part, we welcome those changes, but we must clearly go on the record stating that some aspects of the disclosure authorities included in the privacy act need to be preserved. It is the position of the Department of Defense that any legislation addressing medical records confidentiality must allow the department to use those records for purposes critical to national defense and mission effectiveness.
Let me give you a few examples of situations where either active duty members or civilian employees would come under these issues. For example:
· a pilot who is receiving medication that may
affect alertness;
Those obviously are not an exhaustive list, but I give them to you to represent circumstances where the line commanders must have critical medical information in order to make safe and protective decisions regarding not only the individuals, but for the entire units.
That said, let me turn to two circumstances I think that you may not hear analogues to from other agencies in which the Privacy Act protections by themselves are insufficient. The first has to do with physician-patient privilege within the military setting, but applying to nonactive duty members.
This issue gained some prominence recently in the case of a family member who sought care. She is a beneficiary and she sought care from a military health care provider following an alleged rape by an active duty member. The military psychiatrist who cared for her was ordered to give a military lawyer the patient's medical records. In military court cases based on the current military rules of evidence, physician-patient privilege does not exist.
This lack of confidentiality causes both our patients and our mental health professionals grave concern. In our view, the records of military psychotherapist session with a spouse or child of a military member should not be subject to disclosure under the same rules that might apply to active duty members. Even though this might be allowed under the Privacy Act, I believe strongly that additional confidentiality restrictions should apply.
In that regard, I have urged the department general counsel to take all measures as early as possible to amend the military rules of evidence to create privilege between nonactive duty patients and military health care providers. Presently, the department has this issue under intense review, spurred on by substantial interest in Congress, in the medical community, and of course, among our health care beneficiaries.
Additionally, the Supreme Court's recent recognition of a psychotherapist-patient privilege under the federal rules of evidence has highlighted this issue, and I know the military rules of evidence probably fall somewhat outside the scope of what you are looking at, but I think it's an important corollary.
The second area where I want to raise the issue of the Privacy Act protections by themselves being inadequate is in the use of DNA-related information in the military. In 1991, the secretary of defense authorized the establishment of a DNA identification laboratory and specimen repository. This means of identification is of course, more expeditious, and allows more timely return of remains to relatives.
This repository was established for the specific purpose of remains identification, and it houses anti-mortem reference specimens from each service member for comparative DNA profile analysis. We have specimens that consist of air-dried bloodstains and oral swabs.
DNA information and repositories of specimens suitable for DNA analysis present special issues regarding confidentiality of course because they contain a great deal of not only medical, but physical and family information. In establishing this repository, DOD imposed restrictions on disclosure that were much stricter than those allowed under the Privacy Act. Moreover, we further refined these restrictions early last year, strengthening those privacy protections.
As I stated then, DNA specimens are collected for the purpose of remains identification, but there are, however, other very specific permissible uses of DNA specimens. These other uses in the repository are:
(1) internal quality assurance to validate the process;
(2) any purpose for which the donor, him or herself consents; or
(3) as compelled by other applicable law in a case in which all -- and I stress all -- of the following conditions are met:
It is important to note that when DNA typing is necessary, only the specific genetic information for identification is obtained. We do no other tests on the material. The department scrupulously safeguards personal privacy interests in the specimen.
Further, we follow a routine destruction schedule for DNA samples. In last year's refinements of the privacy consideration of DNA specimens, we introduced a procedure whereby individual specimen samples will be destroyed upon the request of the donor, at the conclusion of the donor's military service obligation.
These steps are designed to insure the privacy and confidentiality of all individuals whose specimens enter the repository for subsequent typing. DNA identification of remains is state-of-the-art technology, and offers survivors more expeditious response to any questions of identity, as well as more timely return of remains.
In closing, I want to reiterate the department's strong belief in and support for confidentiality of medical records. Yet, I must underscore that military unique circumstances creating absolute necessity for national defense and mission effectiveness disclosure. Such disclosures must remain unimpeded.
I believe the department recognizes the need for its own judicious exercise of its authority regarding medical record confidentiality, and that it will continually and carefully monitor each situation.
Thank you. I would be happy to respond to any comments or further questions that you have at the appropriate time.
MR. GELLMAN: Thank you. That was a terrific statement; short, detailed and very useful.
MR. DE COSTE: Good afternoon, Mr. Gellman, and members of the subcommittee. My name is Charles De Coste. I'm the Director of the Health Administration Office for the Department of Veterans Affairs. It is under my direction within the department that the VA's national policies and procedures for medical records, as well as the confidentiality laws that protect those records are set forth and implemented.
I have with me today Jeff Corzatt, from our Office of the General Counsel, and from my own staff, Celia Winter, the Privacy Act Officer for the VHA, Veterans Health Administration.
My office works in conjunction with the chief information officer for the Veterans Health Administration to insure that electronic medical records are maintained in secure databases, and that policies and procedures are developed and implemented to maintain the security and confidentiality of medical record data.
I would like to present a brief overview of the department and its major components utilizing health information. Headed by the secretary of veterans affairs, VA is the second largest of the 14 level cabinet level departments, and operates nationwide programs of health care, benefits and assistance services and national cemeteries.
The Department of Veterans Affairs is primarily comprised of three major components: the Veterans Benefits Administration; the Veterans Health Administration; and a national cemetery. For our discussion today, I will focus on Veterans Health and the Veterans Benefits Administrations.
The present VA population is estimated at 26.2 million. Nearly 80 of every 100 living veterans served during defined periods of harmed hostility. Altogether, almost one-third of the nation's population, approximately 70 million veterans, their dependents, and survivors of deceased veterans are potentially eligible for VA benefits and services.
The Veterans Benefits Administration operates a vast program of veterans benefits, including compensation and pension payments, education, vocational rehabilitation, home loan assistance, and one of the largest life insurance programs in the world, and the fourth largest in the United States.
Some 2.7 million veterans are receiving disability compensation or pension payments from VA. Over 680,000 widows, children and parents of deceased veterans are being paid survivor compensation or death pension benefits. Among them are over 120,000 survivors of Vietnam era veterans and approximately 345,000 survivors of World War II veterans. VA disability and death compensation and pension payments were approximately $18.3 billion in fiscal year 1996.
These numbers are important, as most veterans' compensation benefits are based upon medical evidence.
Perhaps the most visible of all VA benefits and services is VA health care. From 54 hospitals in 1930, VA's health care system has grown to include 173 medical centers with at least 1 in each of the 48 contiguous states, Puerto Rico and the District of Columbia. Additionally, there are more than 390 outpatient, community-based and outreach clinics; 131 nursing home care units; and 39 domiciliaries.
VA health care facilities provide a broad spectrum of medical, surgical and rehabilitative care. With approximately 51,000 medical center beds, VA treats nearly 100 inpatients in VA hospitals, 79,000 in nursing homes and 25,000 patients in domiciliaries. VA's outpatient clinics register approximately 27.5 million visits a year, and an estimated 2.5 million individuals receive care annually.
Half of all living veterans are older than 57 years of age. Veterans 65 year old and older account for 34 percent of the overall veteran population. The 80 to 84 year old year is showing the greatest increase, followed closely by the 75 to 79 year olds. This trend reflects the aging of World War II veterans.
Female veterans number approximately 1.2 million, with the median age being 45.
Veteran in general have less secondary and college education than non-veterans, including the younger veterans aged 30 or less.
The average income for male veterans aged 30 to 54 stands at $35,000; older veterans aged 65 plus are earning an average of $17,000 as they enter retirement.
MR. GELLMAN: Excuse me, Mr. De Coste. We are under some time constraints. Could I ask you to summarize the rest of your statement very quickly?
MR. DE COSTE: Yes, sir, and I will be happy to provide the written summary to back up what I can't fill in.
I guess our point that we wanted to make is that VA is heavily involved in a number of different activities, that we have widespread affiliation. We are serving in an emergency back-up capacity to both DOD in the event of national emergencies and emergencies overseas. We are providing high quality health care to research, and we also are involved heavily in sharing both between VA and DOD.
We believe that it is inherent in any health care setting that individuals have important privacy interests associated with their medical records. Patient medical records are derived from relationships, the success of which is maximized by trust and frank communication of some of the most sensitive personal information.
At the same time, in today's environment this information is often maintained electronically, and can and must be transmitted rapidly for a variety of purposes to multiple recipients at distant locations. Under these circumstances, the need for protection of medical information has increased.
In summary, we believe the important points to be specified today is our commitment to maintaining patient rights. That we recognize special needs of the federal sector in providing health care across the broad spectrum of the VA. That we recognize the interaction between VA, VBA and the Department of Defense in providing combined health care services. That we limit consents, and that we find ways to provide the information that must be provided, while striving at the same time to insure the need to the know provision.
We service and work well and closely with veterans' service organizations who assist our veterans and need the flexibility to provide the information that they seek to support our veteran population.
We also believe strongly that while routine uses could be modified to become more specific to the purposes for which they are intended in some areas, that we must continue to protect the provisions of routine use.
I believe that in keeping brief here and in trying to keep brief, I will limit my comments to that, and hopefully address any questions that you do have.
MR. GELLMAN: Thank you. We'll get back to some of these issues in the questions.
Let me start by asking about the Privacy Act. You both operate under the Privacy Act since its inception in 1974, and let's talk about some of the requirements as they apply, because in broad principle the Privacy Act is an implementation of a Code of Fair Information Practices, and all the legislation we are talking about for health records is the same thing; the implementations are somewhat different, because the Privacy Act is much broader in scope, but nevertheless, a lot of the elements are there.
For example, the Privacy Act gives patients, as well as other record subjects a right of access to their records. What is your experience with this? Has this created any problems?
DR. JOSEPH: I'm not aware of those. Certainly of the things that come across my desk and the complaints about the system that I would see, that is not one, in terms of access to one's own records. It is more on the other side, concerns about the use of records for non-consensual purposes.
MR. GELLMAN: Okay, we'll come back to that. How about --
MR. DE COSTE: I would echo the same as Dr. Joseph. We have been managing the program very well under the laws that exist. We provide what people need. There are concerns conveyed similarly for people that have other than the need to know, for other than physician purposes and direct care purposes there could be some problems.
MR. GELLMAN: Is patient access a costly requirement to implement?
DR. JOSEPH: Well, we're moving rather quickly to modern, electronic data systems, but we still have, as I'm sure the VA has as well, a lot of hard copy records that can't be found on any given day, et cetera, et cetera. So in that sense it is costly, but I think with an efficient system, it again it not a major item.
MR. GELLMAN: Okay. Same for you?
MR. DE COSTE: Yes, absolutely.
DR. JOSEPH: The benefits would certainly outweigh that cost.
MR. GELLMAN: In the context of clinical trials -- and I assume that both of your organizations engage in some kind of research activities -- we had some testimony this morning that giving patients access to their records in clinical trials can be disruptive to the trial, and can skew the results or make the patient have to drop out of a trial.
I'm wondering if there have been any actual problems -- not theoretical ones, but actual problems that have been reported to you in this area?
DR. JOSEPH: I don't know of any. If that is a specific question that you really want hard answers to, we can clearly survey our major medical centers without question, but again, it's not something that has come up from the researchers.
MR. DE COSTE: None that we're aware, but I could look into that.
MR. GELLMAN: Let's put it this way, if you learn -- I'm not asking you to go out and really beat the bushes, but if you make an inquiry and you learn that there are some problems out there, we would like to hear about them.
DR. JOSEPH: I guess it would seem to me that's more a problem in design of clinical trial than it a problem of the protection of the individual record.
MR. GELLMAN: It could be, but nevertheless, it's going to be an issue that is going to be considered in this legislation.
MR. GELLMAN: Another part of the Privacy Act gives patients a right to seek correction of records. This is clearly a more delicate area when you are dealing with medical records than you are dealing with other kinds of records. I wonder if you had any experiences to report, any problems, any difficulties?
MR. DE COSTE: From the VA perspective, we handle those things on a local level, and deal with individual patients at the local facilities. I think that for the most part, those things are handled to patient satisfaction, and physician satisfaction as well.
MR. GELLMAN: Dr. Joseph?
DR. JOSEPH: I really wouldn't have a specific comment. I think I'm probably not the right person to ask that question to.
MR. GELLMAN: One of the reasons I'm asking is that if we are going to extend these kinds of requirements to apply to everybody, then building on the experience that we have with the federal Privacy Act is useful perhaps in reassuring the rest of the medical community that these requirements of access and correction aren't costly, aren't difficult, and don't create a lot of conflict. So that's the purpose of the question.
Another provision of the Privacy Act requires an accounting, a record of the date and nature and identity of each recipient of information of each external disclosure. Again, this is a requirement that you have lived with for 25 years. Has this been a problem? Has this created any particular costs or difficulties?
DR. JOSEPH: I really don't have a basis for comment on that. Again, all I can say is it doesn't come to me as a problem, but I might not be the place to know that.
MR. DE COSTE: I think that there is a cost associated with it obviously in staffing and maintaining the position. There is a lot of work associated with it, but at the same time I think we have an effective system for responding to those requests.
MR. GELLMAN: Good. Let's get into some of the specifics. Dr. Joseph, you have got some examples where medical record disclosures are essential to military operations. Some of these activities are comparable in many ways to sort of occupational medicine kinds of issues, where any employer may have medical information on a patient, and it's relevant to the patient's activities in the workplace, whether that patient can operate a crane safely or perform other kinds of physical tasks that would either endanger that particular person or somebody else.
I'm not sure that covers all of the circumstances that you described.
DR. JOSEPH: I think there is a difference. In both instances you can say something about the impact on the safety of the military unit or the workplace setting or society in general. Here is where maybe I wish I had brought my lawyer with me, but the military member, while the active duty person, while clearly not giving up their constitutional rights, is bound in a certain way to command authority that is different from the way the crane operator is to the owner of the company for which he or she works.
While I'm not sure I can take that much further in terms of the legalities of that difference in the protections of the military member's rights, there is a difference there. So that I think that the burden of proof of the outweighing of the individual's privacy rights versus the mission effectiveness or national security is easier in that sense, because of the command authority obligations that the military member has.
MR. GELLMAN: One of the comments that we got yesterday from someone who provides health care in an occupational setting was over the tension between demands from employers -- I mean they identify someone who is not, to use the crane operator example, who should not be operating a crane. They convey this information to the business manager, saying this man should not be allowed to operate a crane. The comment he made is the invariable question of what's the matter with him? He said, you don't need to know that. You just need to know that he can't operate a crane.
Does that kind of limitation work in the military, where you can say this person can't do something without giving more information?
DR. JOSEPH: Yes. I think another set of differences of course -- again, I'm speaking of active duty; you heard my comments about the non-active duty -- but with respect to active duty military, the military health care provider is also in a different relationship with the line commander than the crane operator or the occupational physician is to the company owner.
There is again, a subordinate military chain of command responsibility that leaves less flexibility to the physician, however, I think anyone's observation would be that the military health care providers find ways to deal with that dilemma.
The most common of those ways is probably partial -- not incorrect -- but partial release of information. So that if you are the line commander and I'm the physician, you may need to know that Sgt. Smith over here is not available for duty or is in the base hospital or whatever, but unless it has a specific reflection on mission effectiveness or safety of the unit, you may not need to know the details of the diagnosis.
There is all sorts of room within it. That's where some of the judgmental difficulties come from. Well, you have heard my statement about the non-active duty, where it gets more difficult to justify why line command has a need to know information related to a spouse or dependent.
MR. GELLMAN: Now is it fair for me to suggest that the VA doesn't have these kinds of line command problems? This is a unique, if you will, DOD situation? Okay.
DR. JOSEPH: There is clearly some ambiguity in it, and perhaps there is some virtue in that ambiguity.
MR. GELLMAN: I think it's clearer just even in the traditional occupational medicine setting that there is a lot of ambiguity and conflicting interests. You just can't line them up and solve the problem clearly, because the conflict remain, the overlapping interests remain. Yours are sharper, and in a much more specific and much more unique context.
Not all the legislative proposals that are floating around address military use at all. I can tell you that when this issue was considered many years ago, an earlier version of some of these bills back in 1980, did have a specific provision that dealt with the military. I can't remember the specifics of it right now, but it gave the military more flexibility in developing rules to accommodate this.
I think one reason that none of this got into any of the legislation is the military hasn't come forward to make its case. That's one of the reasons we wanted to have you here. It's an important issue, and it needs to be on the record.
What I'm going to suggest is you need to be more of a participant in this, in speaking up and saying this is what we need, and this is how these pieces of legislation need to be adapted, hopefully as little as possible, but certainly in some ways to accommodate the kinds of interests that you have addressed.
The physician-patient privilege -- and I have read a little about the case that you referred to -- is difficult. I mean the evidentiary privilege -- in a lot of places there is in fact no physician-patient privilege. I'm not saying that's a good thing by any means, but there isn't. Where there are privileges at the state level, many times they are extraordinarily limited, and they are not available in lots of circumstances.
That's just a comment. I'm not trying to pick a fight over that, because I'm clearly sympathetic to the point of view that you have expressed. If the military can solve its own problem through its own rules of evidence, that would be very nice. I think that is likely to be beyond not only the scope of this committee, but it is likely to be beyond the scope of the legislation as it works its way through Capitol Hill.
DR. JOSEPH: If I may interrupt you, I think what I was trying to do in my testimony is to say that I think it would be useful for both the debate leading up to the legislation and the legislation itself to recognize that issue as an issue of substance, even if it hasn't got a controlling influence upon it.
MR. GELLMAN: Well, for whatever it is worth, the legislation does try. I think all the bills have provisions such as they are, that simply say that nothing in here is intended to undermine any physician-patient privilege, or any privilege whatsoever that makes this otherwise. Evidentiary rules are very messy, and this whole area is much more complicated than we have time to get into today.
When the Conduit bill worked its way through the 103rd Congress, the VA did come forward and raise some problems about it, and there was a provision included in the bill, and it is still in there. We're not going to get into word smithing on this thing.
In Section 304(f), and basically what the provision says is that the restrictions on use and disclosure of information don't apply to exchanges within the Department of Veterans Affairs, where you are determining eligibility for benefits, or to provide benefits under any of the programs.
Does that kind of idea come close to solving the kinds of problems that you have addressed in your statement?
MR. DE COSTE: I will have to revert to my specialists.
MR. GELLMAN: You can have them come up and join you, if you like or not. Identify yourself for the record.
MS. WINTER: Celia Winter, Privacy Act Officer.
Under the Privacy Act we don't have an issue with exchanging information between different components of the VA or with DOD. What we were referring to was if something like S. 1360 passed, which would severely limit that, and require consents in order to go back and forth. That's what we are trying to avoid.
MR. GELLMAN: That's what this provision that I'm describing -- that is in the ballpark. I'm not asking anyone to sign off on anything today.
MR. CORZATT: Jeff Corzatt with the Office of General Counsel.
I think that one of the other things you need to address, as Mr. De Coste's written testimony provides, is some recognition of the unique nature of the federal government and its relationship with the congressional and other branches.
For instance, the things that arise from patient care clinical settings where we share facilities with DOD. These are federal records, so the National Archives and Records Administration has an interest historically and otherwise. Congress routinely asks for records. This is just the General Accounting Office.
All of those things are expressly provided for in the Privacy Act. I think that whatever legislation comes along needs to recognize that federal agencies generally have certain requirements imposed by other pieces of legislation or whatever that need to be taken into consideration.
If the legislation for instance, did not provide for disclosure to Congress absent a subpoena or something else, I think that would clearly be unworkable.
MR. GELLMAN: Well, let me say, I appreciate that. Some of the kinds of problems that you raise are generically no different than problems faced by other people. Other medical care institutions have auditors come in and look at their records. Whether any of the bills deal with that adequately or not may be open to debate, but some of those things are the same.
Whether Congress wants to write itself a special rule that says it has a greater right of access to somebody's medical records is their problem to decide. They may choose not to do so or whatever. Ultimately, one of the rules that works all the time, as it does under the Privacy Act is you can make any disclosure you want, as long as the patient consents.
MR. CORZATT: That's right, but for instance in the case of the National Archives, I think where there is a certain historical nature, that a value judgment is going to have to be made.
The other point is the point about veterans' service organizations which provide for representation, and do a very good job of representing veterans in claims for benefits. They provide a consent which is the power of attorney, which lasts for a very long time. Basically, the veteran may have a claim that goes on for years and years, and the veteran simply isn't interesting in having to reauthorize that every year, and having to go through that.
So I think that there needs to be some unique recognition of that unique representational relationship that is very, very close between these veterans and the service organizations which represent them.
MR. GELLMAN: I understand that. All the bills have authorization provisions and all of them have time limits. One of the things that has become clear as progress has been made in this area, that in certain contexts the time limits create problems, just of the kind that you speak of, where it is either impractical or unnecessary to have a limit, or the limit that is proposed is too short. So I think that's clearly got to be viewed as an issue that requires more thought and some more review. So I think that is helpful.
Can you talk more about the relationship between DOD and VA, and the flow of records back and forth?
MR. DE COSTE: Yes, I can try to discuss that with you as best I can. We have, in the course of providing health care, we have several relationships whereby we share our health care facilities and provide our health care using our expertise or our equipment and facilities, and vice versa. We work in a number of instances with DOD staff in that capacity.
It is often necessary in the course of providing care, that we make that information available, whether it is for a VA patient or a DOD patient, and that we have the information available to provide quality medical care. So there is a common use of that information within the particular health care facility.
MR. GELLMAN: Generically is that really different than other shared medical facility that might be found in the private sector somewhere?
MR. DE COSTE: Generically? No, I don't think it is.
MR. GELLMAN: To the greatest extent possible, of course, one of the ideas of the legislation is to try and deal with everybody the same way for simplicity. Where that doesn't work, it has to be dealt with, but the same thing we talked about auditors or storage of records or whatever. A lot of the problems are not necessarily dissimilar, and that's not to say the bill solved them adequately as any of them are written.
I think it's good to get all of these kinds of issues out on the table, but to the extent that they can be analogized to other kinds of issues that are --
DR. JOSEPH: The only way I would say that it's different is that of course everyone who would leave our system is automatically, other factors of their eligibility being equal, to care in the VA system. That wouldn't be the same between an academic health center and a private group practice in the same city.
MR. GELLMAN: If I'm in the military and my term is up and I leave, do you automatically transfer records to VA?
DR. JOSEPH: No, we don't.
MR. GELLMAN: So it's --
DR. JOSEPH: So it's also consensual. It's always consensual, but there is an automatic -- their eligible patient population is drawn exclusively from our patient population. Our patient population is automatically eligible for whatever kind of care that they are eligible.
MR. GELLMAN: If I never present myself at a VA facility, they never the record. So there is a way of dealing with that kind of transfer. Okay, that's helpful.
DR. HARDING: Does the VA system or the military have a medical database? If I were moved from active duty from Andrews to Norton Air Force Base in California, would my database be available?
DR. JOSEPH: We have a variety of databases. At the present time, your medical record would not be available. Your identifying information of course would be, because our basic medical database works off of our personnel database, the DEAR(?) system. Increasingly as we go electronic, pieces of your database would be available for electronic transfer, but that is nowhere near universally true yet.
DR. HARDING: I was a BARY(?) plan doctor 20 years ago in the navy. I don't remember when I signed up, what I signed in consent. Is there a giant consent form that when you join the military that you sign that says you can just about do what you want to?
DR. JOSEPH: Yes, and it costs $400 to print. I don't know the answer to that question, Dr. Harding. I will find out for you whether there is a sort basic overarching consent form. I don't believe so, but I'm not sure. I'll find out and we'll get that back to the committee.
DR. HARDING: I don't really want to see it, but I would like to just have some idea of when young man or woman joins, what is they are consenting to as far as in their coverage that goes to the VA and so forth. Is that covered?
DR. JOSEPH: I will find out.
MS. WINTER: Perhaps we need to clarify that issue. When you are discharged from DOD, you may in fact never ever present at VA for any kind of benefit or health care. Regardless, at this point in time, your paper record will be sent from the DOD point of care to the records repository in St. Louis.
Now that is a joint VA-DOD venture. They are still working on the automated transfer of those medical records. At such point in time when you came to VA and presented yourself for VA benefits, then you would sign a very specific consent saying you have authority to obtain my military medical records for what I'm asking for from VA. We would go to St. Louis and have that authority to pull your records out of that repository and make them VA records.
DR. DETMER: Dr. Joseph, I was actually pleased very much with your testimony on this issue of dependents in the military, and essentially that there really needs to be some shoring up on that. I think I was hearing from both of you that if in fact we could find a way to recommend if you will, omnibus coverage that would really bring the federal side of this together with the rest of the country.
As long as it dealt with the specifics that relate to some of the uniqueness of your operations, you would see that as a good thing?
DR. JOSEPH: I do think it would be very helpful.
DR. DETMER: And you feel that way too?
MR. GELLMAN: Are there any special needs? You have described the way officers may need information about men or some medical information about enlisted men.
DR. JOSEPH: Or other officers.
MR. GELLMAN: Right; of course. Does the same need arise with respect to military dependents in any circumstances, where there is some military-based need for information?
DR. JOSEPH: I'm sure there is. I can think of a couple, but I think those should be handled as exceptions. See I think probably the schematic in my head is that for the active duty, the disclosure is the rule, and the exceptions need to be made. Whereas for the non-active duty, the dependents, the non-disclosure should be the rule, and exceptions should be made.
For example, if there were an evacuation of a military area, and there was some medical issue about dependents, spouses and children in that area related to the evaluation -- pick your own scenario -- you could clearly say, sure, the commander in charge of that mission needs to know the medical status or conditions of the dependents, but that's an exception in my view, to what the general role should be.
MR. FANNING: Would you leave to the consent of the individuals, or would you still want the commander to be able to get it regardless of consent?
DR. JOSEPH: No, because in those instances -- again, if the critical principle is mission effectiveness or national security, if the determination is made, and I guess you have to have confidence in the command structure, that it's that sort of issue, then consent would not enter into it I think.
MR. FANNING: I see.
DR. JOSEPH: I suppose you could draw a hierarchy. There are certainly instances where consent for disclosure is the appropriate way to handle it. If an individual wants a consent, they ought to be able to consent when they want it.
I think you could postulate instances where the dependent beneficiary, with or without consent, ought to be required to allow disclosure to take place for those appropriate reasons -- national security or mission effectiveness.
MR. DE COSTE: Dr. Detmer, if I could, could I go back to a statement that you made a minute ago about this idea of creating this one law that would apply across the board? I think that one of the things that concerns us greatly is the complexity of the organization that we are, and the fact that we are as widespread and as significant as we are in involving various aspects of health care and benefits of determination.
One of the things that would be important for us is if that would ever come to pass, that we be given an ample opportunity to sort of transition over to a new sort of system, and not something that would happen on a given effective date, but rather something that would give us time to catch up to speed and cover our bases.
DR. DETMER: Obviously, I hear that, and I think that's important. On the other hand, the very fact that you are everywhere, if we really had one set of rules that related then, instead of the states having 50 different ones, plus the federal one, if you really could find a way to shape it, and you gave the right time to do it, it seems like ultimately it would sure be a better situation.
MR. GELLMAN: I do think the transition problem is one that everyone is going to have to deal with. If and when we get to that point, it is going to take -- probably everyone is going to get a couple of years notice to figure out how to adjust to all of this.
There are some parts of it that are likely to be phased in, in the sense that some of the privacy enhancing technology features of these pieces of the legislation work wonderfully for computers when you have had advanced notice, and been able to program your computers in advance, but they just don't work at all for paper.
So there is some recognition here and there in some of the bills or in some of the other materials that maybe you need to write different rules. The law might not necessarily be different, but the regulations might be different for paper records or for computer records, because you have got to reflect the cost of doing all of this, as well as the difficulty and practicality. So I think that those are issues very much on the table.
DR. DETMER: Another question, obviously you use unique identifiers. You have had a lot of experience on that for a number of years. One of the things this legislation asks us to speak to is the idea of a unique identifier for the whole country. Do you have any thoughts or advice to us of problems or issues relating to that?
MR. DE COSTE: We have historically in the VA, been using the Social Security number for a number of years. I think that comes with its own set of unique problems, whereby you can find circumstances where people may have multiple Social Security number, and stub names and other things are used to identify, and result from using a Social Security number causes some inconsistency.
We continue to analyze that, and have some things under development in our chief information office that hopefully will come up with a solution for a unique medical identifier. We continue to work on that as we speak today.
MR. GELLMAN: VA and DOD facilities are obviously located everywhere. Let's just talk about this country; I don't want to get into the international issue. Is it your policy and practice to comply with state public health reporting laws? If you have an infectious disease, will you report that to the state in accordance with state rules? That's a universal policy?
MR. DE COSTE: I believe that's true.
MR. GELLMAN: Let's talk about researcher access. Do you make records available to researchers, and what are the general policies and procedures that you follow before you -- again, we're talking about identifiable records. If they are not identifiable, I don't care about them right now. Can you describe that?
MS. WINTER: Yes, we do a lot of research. A lot of researchers come to us from outside the federal sector, as well as from within. Historically, it has been clinical research, and you have had to have some type of alliance, if you will, with a VA physician, be it part-time, full-time or whatever. It is usually between a physician and a VA hospital who has components also at the companion medical school, a private college.
In those situations, we make sure that their research is approved by the medical center's R and D committee, and that they are fully aware of all the informed consent requirements, and that they meet all the privacy act provisions, and that they sign a document saying that they are aware of all that.
Requests that come from outside the agency, I clear off on every one of them. I take them through a program review in whatever clinical specialty that they are proposing research in, as well as a Privacy Act review. If they meet the requirements, we will give them identifiers. If they can do their research without identifiers, we will give them data. Other than that, we say no.
MR. GELLMAN: When you've got an outside medical center involved, presumably there is an IRB involved. Do you have your own IRB that will review these research proposals that don't have one attached?
MS. WINTER: Each medical center has a research and development committee, which is similar to an IRB.
MR. GELLMAN: Okay.
DR. JOSEPH: We would provide our records for researchers, either internally or external researchers, based on the usual informed consent, human subjects protection criteria that has been mentioned.
We do have another circumstance that I think might be of interest to you. We have several repositories that are very large and unique. We have both serum repositories and now we have the DNA repositories. Not infrequently we get requests from researchers who want access to those repositories to do research that really can't be done in any other way.
Our position has been that we will not make those specimens available or access to the records available without specific, individual informed consent. We have come under some fire because of that. To use one example, there are things that our serum repository or our DNA repository could be used for that would be of benefit in doing identical twin research, that truly can't be done with any other repository in the world. Clearly, that's a "good" thing to do.
It would be quite burdensome to the researcher, if not impossible to the researcher. Without specific, individual informed consent, we would not allow that. We have not allowed that access, at least in the three years I have been here. That is a matter of policy.
I suppose we could change, but I have felt that is very important, particularly on the DNA side. As we are reading in the papers, there is a great deal of suspicion and even some paranoia about the uses to which DNA specimens can be put. As a matter of fact, the DNA repository is not available for research purposes, as you heard in my comments.
DR. DETMER: Has that requirement meant that there actually hasn't been research?
DR. JOSEPH: On the DNA repository that is correct. That's been important for tactical reasons, as well as philosophical ones. Even on the serum repositories, our current view is that you really need to have individual informed consent to get access to those specimens, even though that may be difficult or even prohibitive.
MR. GELLMAN: Has anyone managed to get enough informed consents to really do research?
DR. JOSEPH: On our serum repositories I'm not sure there has been any research access externally. There is a lot of research done using clinical records and living patients in the system, but that is under those same --
DR. DETMER: It actually would be useful to us to know to what extent that policy has in fact made it difficult to do research, because one of the things we have to look at is the trade off between these competing social goods, if you will.
DR. JOSEPH: Repository research -- we will get you something on it. The answer on DNA is it has made it impossible, and that has been by design. That has been deliberate. On the serum repositories, I will get you a -- there are others of course. There is the huge dental panograph repository, which was our means of identification before the DNA system. I don't know whether that has ever been used for research external to the system.
DR. SCHWARTZ: Could anyone inform us if the repository that was mentioned out in St. Louis, of those that have been discharged, might include a lot of let's say less invasive information, have been used for research where researchers were interested in a relatively healthy, long term extended type of cohort and analyses? No requests or never made available?
DR. JOSEPH: St. Louis, that's a records repository. The ones I was referring to were specimens.
DR. SCHWARTZ: Let's say for the others.
DR. JOSEPH: I don't know the answer to the St. Louis -- that has, of course, been hampered because that the great -- 1947?
MS. WINTER: Nineteen seventy-seven.
DR. JOSEPH: The records before 1947 were destroyed in a big fire. So your records are probably not there.
DR. SCHWARTZ: I was also concerned if there were any repositories with less invasive type of information, where there could be a very long, extended cohort of relatively healthy people that researchers might have been interested in studying, or might actually have used to study.
DR. JOSEPH: It would seem to me though that that's the kind of circumstance where you take the identifiers off.
DR. SCHWARTZ: Right, they can be. I was just wondering about the history and whether that has been done.
MR. GELLMAN: Let's talk about third party payments. Obviously in a lot of circumstances both VA and DOD are funding care directly, but I assume there are circumstances in which at the least the VA -- I'm a lot less certain about DOD -- seeks reimbursement from some third party insurer.
Are there any special problems that come up say under the Privacy Act or otherwise in terms of finding third party payers, and getting them the right kind of information? Do you do this only with patient consent? Do you do it otherwise? What goes on?
MR. DE COSTE: Specifically, when we request reimbursement from health insurance companies, we complete standard forms, the UB92s and the HCFA 1500 forms. In the unique circumstances where there is specific medical information that might be sought, again, the consent would allow us to provide that information.
I think on the UB92 itself there is a patient consent component. Am I correct on that?
MS. WINTER: Yes.
MR. DE COSTE: It is also on our 1010 form as well, when we enroll people and do the basic application for them, that in the event we need to get information, that they sign off for it. So we cover ourselves in advance, but routinely speaking, the standard forms are used for billing purposes and for reimbursement.
MR. GELLMAN: Do you have a routine use covering this as well or you are covered every way?
MS. WINTER: Yes.
MR. GELLMAN: Is this an issue for you at all?
DR. JOSEPH: Well, we have been increasing our third party collections, not at least stimulated by congressional interest in that issue. Basically, the problem for us is we do it through a voluntary -- what's the word I want? -- a voluntary assignment by the patient that they have another source.
The question is how effective we are at getting that. It's a problem in our effectiveness in doing, I guess, rather than a privacy concern.
MR. GELLMAN: You've got the consent side taken care of.
What about disease registries? Does either DOD or VA maintain on its own, any kind of particular disease registry?
MR. DE COSTE: Yes we do.
MR. GELLMAN: Can you just tell us a little bit about it?
MS. WINTER: We don't really have disease registries. We do have cancer registries. We have a very specific procedure on how information gets on to a cancer or a tumor registry, and equally as specific and stringent requirements to get any information off of a tumor registry.
MR. GELLMAN: Now there are registries maintained by others for some of these same conditions and others. Do you cooperate with those others?
MS. WINTER: Yes, sir.
MR. GELLMAN: How do decide what is a legitimate registry that you are willing to give information to?
MS. WINTER: There is a long string of procedure that you go through. Basically, it's a consolidated effort between the medical center chief of staff and his staff, their oncology staff, and the affiliated university medical school. As a matter of fact, they have entire tumor registry boards where they consider what goes on and what doesn't. It is a complex procedure. I have not had to deal with it for several years, but it is there.
MR. GELLMAN: This is a problem that has been discussed regularly now in these hearings about what is a registry? How do we determine what is registry? How do you have rules that if I decide to have the Bob Gellman Registry of Hangnails, will people cooperate with it, and is it appropriate to disclose information to it?
So if you have some formal procedures that help you determine what is a worthy registry and what is a qualified registry under your own standards, that would be very interesting in terms for us to try and figure out a generic solution.
DR. DETMER: Have those been pretty stable over the years too? That would be very useful.
MR. GELLMAN: Yes.
DR. JOSEPH: This is another note I've made that we're going to get back to you on, but I don't believe we have any centralized registry in the sense you asked the question. Our participation or cooperation with external registries would be a very local affair, and I'm not sure there are any -- I don't believe there are any overriding guidelines.
I think the one helpful thing I might be able to say about that is it would be worth talking to the Armed Forces Institute of Pathology, because they would have a lot of experience of trying to collate and work with local and state registries, and they would also have a very clear sense of what, if anything, we do keep on a centralized basis.
MR. GELLMAN: Well, I'm actually less interested in registries that you may maintain yourself, but how you deal with registries that exist elsewhere.
DR. JOSEPH: I think they would have something to say on those issues.
DR. DETMER: That's a very good one. That's a huge public/private kind of interface.
DR. JOSEPH: That's right.
MR. GELLMAN: I just want to point out something. I don't want to talk about it particularly, unless someone is wildly moved to do so, because it is very complicated. One of the problems of new health privacy law that applies to everybody, granted perhaps with a few exceptions and special rules here and there to accommodate special circumstances, we already have an existing privacy act.
So the question is, how does this legislation relate to the existing privacy act, and how do we draw the line so that you are not subject to conflicting and overlapping requirements? Now there have been attempts made in both bills, both the Condit bill and the Bennett bill to do this. It is very technical. It's not worth talking about in public, because you start slimming around subsections of the Privacy Act, E(1) and E(2) and it is simply not worth it.
I just wanted to suggest that this is an area that only federal agencies care about, and it really requires some careful review of what is there. You can't just exempt these systems totally from the Privacy Act scheme. It just doesn't work well. I think you have to be more specific.
I just invite you all to pay more attention to this, and convey your thoughts. We are not going to get into that level of detail here, but the folks on the Hill who are drafting this are going to need to hear from people about this works or this doesn't, or technically what has been proposed is inadequate in some way. I commend you to look at that.
DR. JOSEPH: I guess with the possible exception of the VA, the Department of Defense probably has the world's greatest expertise at coping with conflicting and overlapping regulations.
MR. GELLMAN: We need to make greater use of your talent.
Are there any other questions?
I think this has been very helpful. I thank you. I really urge all of you to sort of keep paying attention to this issue, and contributing to it, to make sure that your own interests are addressed, and help the people that are doing this legislation, do a better job.
DR. JOSEPH: We'll do that, and we'll get back to Mr. Fanning.
MR. FANNING: Let me just say, once the committee has made its recommendations to the secretary, we will be working up our own policy from within this department. I was aware before of some of the special needs of the agencies, so to the extent that anyone wants to communicate further with me also for our own administration position, I will be happy to help.
DR. JOSEPH: Thank you.
MR. DE COSTE: Thank you.
MR. GELLMAN: I think this is as good a point as any; we'll take a short break for 10 minutes, and then we'll come back with the last panel of the day.
[Brief recess.]
MR. GELLMAN: This is the last panel of the day, and of this set of hearings. We have two witnesses, one from SSA and one from the National Association of Social Workers. Would you like to begin?
MS. DU MEZ: I would be glad to.
Thank you for the opportunity to testify today on behalf of the National Association of Social Workers. NASW is a membership organization of more than 155,000 professional social workers. Those social workers work in a broad array of systems, as well as private practitioners, but of course it is in these systems settings that we are particularly focusing today.
They work in: health, mental health, child welfare, aging, family services, education, criminal justice and industrial settings. Often social workers serve as case managers, and also as information and referral specialists, and of course as direct service providers too. So in the milieu of client-centered work and the midst of complex systems, social workers are often challenged to protect vulnerable people, and at the same time connect them with help in these various service delivery systems.
The privilege of communicating with a professional who can provide access to resources or services is a long established society convention. The term "privilege" refers to communication that is protected by law from a compelled disclosure. It is meant to protect shared confidences from the possibilities of unintended consequences such as reprisal. Confidentiality, denoting the entrustment of secrets entails some exceptions.
NASW developed a new code of ethics in 1995, which was implemented just last month. There is much broader coverage of the subjects of privacy and confidentiality. If you want to reference the ones that pertain to clients, they are on pages 10 and 11 in the code.
Just to summarize some of those principles that are contained in our new code of ethics, these standards require that:
· Private information from clients be solicited
only as it is essential to providing services or conducting legitimate evaluation or research.
So those are some of the basic principles that are encompassed in the new code.
Many problems regarding privacy and confidentiality have been identified in the context of social services. A variety of agency entities have authority to access information about clients: accrediting and licensing bodies, insurers or funders assert those rights for purposes of quality assurance, risk management, policy development and research. In those circumstances, it would seem that the data to be analyzed can be accessed and utilized without specifically identifying information.
In anticipation of such uses of information about clients, social workers often I think cleanse their records or redact their records in an effort to protect clients, but the extent to which records are limited for the protection of clients can also operate against a really comprehensive and coherent recordkeeping system that allows an adequate record of all of the initiatives on behalf of the clients, and the key information that has been divulged by clients. So there is a real contradiction of purposes there.
The purpose of keeping accurate and comprehensive records of course is to work effectively with clients, and that can be defeated if social workers anticipate other uses of the information.
Authorizations for funding for service often entail open-ended or universal consent forms. The nature of these universal consent forms may not be well understood by clients, particularly if they are at a point of crisis. Rarely could the implications of such broad consents be known, and consequently, the consent would see to be less than valid.
Requirements of various systems are sometimes contradictory. A school-based health center for instance, may protect minors who seek treatment for sexually transmitted diseases, and for drug dependency and so forth on the premise that absent such protections, many youngsters would avoid seeking treatment in the first place.
Yet under the Family Education Rights to Privacy Act parents may gain knowledge from school records about requests for a referral or preliminary discussions with counselors. So those are sort of contradictory situations, and often I think place a service delivery system or a school in some real turmoil in terms of competition of rights and protections.
Home care services to the elderly is another sphere of service that raises a lot of these confidentiality questions. Often these home-based services entail records that may be maintained in the client's home for the sake of convenience, and as a means of coordinating service among various professionals that are involved.
At the same time, family members or custodial assistants can gain access to information that may be misunderstood or may be misused.
When victims of domestic abuse seek mental health service, without due protection for the service provider, the perpetrator of abuse or violence may summon records in conjunction with court proceedings, and use the very conditions associated with the interpersonal difficulties against the victim.
The types and comprehensibility of, and the requirements for retention and access to records is certainly the linchpin of protection for clients. Agencies and practitioners should have systems that require multiple copies of a record, so that earlier versions are available, and a log of the entries and modifications in the records may be reconstructed.
Likewise, a log of fax transmissions, and interagency telephone contacts should be maintained; however, overburdened practitioners can find these kinds of measures an unwieldy addition to a heavy workload. Again, there is the question of how you protect these records, even though they are essential for the reconstruction of all of the actions taken in a given case.
State and federal laws addressing health and education services are often inconsistent. The standardization of rights regarding privileged communication, informed consent and rules of disclosure would both advance a client's protection, and provide coherence for professionals in managing information.
Given the national trend to integrate services, provisions would have the greatest utility if they extend across health, education and social service systems.
At the same time that a plethora of problems can be defined, the opportunities that derive from information sharing should not be overlooked. When a client needs a continuum of care, it is imperative for collaboration among professionals, and for designing a complementary set of services so that information can be appropriately accessible in order to avoid duplication and gaps in service.
Inconsistencies among various states can be rectified with clear regulations that both protect rights to privacy and provide necessary and appropriate access and utilization.
Finally, the assurance of confidentiality is a foundation of an effective professional relationship. Inappropriate and inadvertent violations of that trust can undermine a problem solving process, and irreparably impair the social worker's effectiveness.
The central social work value honoring the dignity and worth of a person is advanced with a practitioner's understanding and practice of confidentiality in relationships with clients.
So those are some of our broad thoughts on your subjects, and I will gladly talk in more detail. I really appreciate the opportunity to present you with a social worker's perspective.
MR. GELLMAN: Thank you for your statement. Mr. Funk?
MR. FUNK: I am Jeffrey Funk. I'm a Senior Policy Specialist in the Office of Disability in the Social Security Administration.
Of course our interest in medical records is limited to supporting disability determinations. Essentially, when someone files a disability claim, they are identifying their treating sources. We have agreements with each of the state governments to establish an agency which will make illegibility determinations for the federal Social Security program, as it happens with 54 state agencies.
As I say, when a person files a claim in a Social Security office, the record then goes to the state agency, which goes to the sources which the person has identified, and obtains medical records, which would be relevant to the disability claims.
We're of course, not the primary source of medical records. We're a user of medical records. If the person's treating sources -- we can't obtain sufficient evidence to support a disability determination, we will purchase a consultative examination, which is to say the state agencies maintain a panel of specialists who perform consultative examinations for them, and they submit their reports to the state agencies to support the disability determination.
We do not maintain a central repository of information. The only medical records are maintained in the individual's claims records, which is maintained in our Office of Disability Operations in Baltimore. Ultimately, if the claim is denied, it is of course retired, assuming there are no appeals, I think within a year after the claims closure.
If the claim is open, which is to say we are paying benefits, then of course it would be maintained as long as the benefits were in existence. Once we retire a claim, then the individual record goes into a national archives site. I guess that is essentially what we do with medical records.
When the person files a claim, they sign a disclosure statement allowing us to obtain records, that is to say, copies of the person's record. Of course we operate within the regulations in the Social Security Act, which since the 1930s has -- I guess we had a promise to people. The Social Security records have always been confidential, and we tightly limit any redisclosure.
To anticipate questions which I heard come up before, any outside researchers essentially have access to statistics. In the first place, it would be unwieldy for a researcher to go into all the individual claims records. Secondly, it just would be in defiance of our regulations on confidentiality.
Of course as they have been modified by subsequent laws such as the Privacy Act or the Freedom of Information Act, but actually subsequent legislation hasn't changed the confidential regulations all that much.
Mr. Fanning also mentioned vocational rehabilitation. We are required by the Social Security Act to refer people to the state vocational rehabilitation agencies for services, directed of course to getting them back into so to speak, the world of work, and making disability benefits unnecessary.
In that case, we will send the person's medical records that we have gathered in support of the disability case, we will send those to the vocational rehabilitation agency. Again, they are subject to our regulations as well, not to mention their own.
I guess that is about the extent of it.
MR. GELLMAN: All right, thank you. These two issues don't necessarily naturally fall together. I just have a couple of questions for you, so perhaps we'll deal with you, and then if no one else has any other questions, we'll let you go.
Is it fair to conclude that whenever you get access to somebody's medical record, it is with their consent?
MR. FUNK: Oh, definitely. When they file a claim, they sign a consent statement, which is in some states, modified by state law, and of course in some circumstances such as HIV or DANA, further modified.
MR. GELLMAN: But it is always done?
MR. FUNK: We are required to obtain a person's consent.
MR. GELLMAN: So you don't have any need for special exceptions to get access to records? You have consent.
MR. FUNK: Oh, we have consent, yes.
MR. GELLMAN: Do you have any specific right of access under the social security law beyond consent?
MR. FUNK: No, actually we are just assisting the person in supporting his claim. We wouldn't want any special access.
MR. GELLMAN: One area where I know this has been flagged in the past, but not really dealt with, all of the proposals set rules and terms for authorizations for disclosure. The one that is probably most troublesome -- I don't know whether there are any smaller concerns -- is the length of time an authorization is good for.
Depending on the bill, you find that authorizations are good for 30 days or for a year or sometimes longer. What are your needs in terms of being able to access medical records?
MR. FUNK: Well, essentially when a case goes to the state agency, they immediately request evidence. They are required under the act to request evidence for the 12 months prior to the application. So it is a rather immediate thing, that they go out after the evidence. I guess it would be a matter of processing time.
I wouldn't want to limit it too much. I know that there are state laws that limit it. I know we have bumped into those over time.
MR. GELLMAN: I just wonder, for example if I come to you and I have applied for disability, and I have been approved, and I may be receiving disability payments from you for 20 years, forever, whatever, are there re-reviews?
MR. FUNK: Yes, under the act we have to perform continuing disability reviews. In those cases, we obtain new evidence of the person's current condition. We wouldn't be going back -- well, we may be going back to the same source, but it is to get more current evidence, and it would be on the basis of a new consent.
MR. GELLMAN: So when you do a review of somebody's --
MR. FUNK: It involves a new consent.
MR. GELLMAN: You go back to the person with a new consent?
MR. FUNK: Oh, definitely. We have to re-interview the person, find out what they are doing, if they are working, who their current treating sources are, and whether their condition has improved or worsened. So again, it is in effect under the law I believe may even be a re-application, I don't know. We have run into that, but that's irrelevant. It would be a new consent.
MR. FANNING: Does it occur that you have to go back among records which the application may not have identified? Would you ever be of the situation of suspecting that a person wasn't eligible and going to look for records in some other place, in an instance where the person perhaps wouldn't be willing to consent or try to conceal?
MR. FUNK: Actually under the law, the person, the individual is required to submit evidence in support of their claim. That is what our interest is limited to. Now actually in reality we help them to do that. We don't go after evidence that they wouldn't consent to the release of.
MR. FANNING: I see. Does the consent form that they sign specify the names of the sources of medical care, or does it say it in some general way, such as all physicians, hospitals and others who have treated?
MR. FUNK: Oh, no. Actually, when I was a claims representative some 20-some years ago you would put in the name. They are signing a specific consent to Dr. Smith, to so and so hospital. We don't have a general consent.
MR. FANNING: Does it ever happen that the person hasn't identified all the sources of care? You learn about them later and then have to communicate to get a new consent?
MR. FUNK: Then the state agency in that event, when they got a medical record that showed a certain source that perhaps hadn't been identified, which I won't say happens commonly, but it certainly happens. Then they would go back and get a consent from the claimant or his representative.
MR. FANNING: Do you ever have problems with people who are not competent to make judgments about these things, and either have been formally judged incompetent or put under some sort of guardianship? Or perhaps are not in fact able to make judgments in their own interests, but have not been formally declared incompetent?
MR. FUNK: Well, if an individual has been declared incompetent, we would generally take the application from his guardian. If they have not -- we do have a process whereby when it got to the state agency, if the state agency review physician would identify incompetency, then we would go to somebody else to be his representative payee and to apply for him.
That does occur, and in that event we would of course get the consent from his guardian, his legal representative. Of course, we do have people on occasion who come in initially with an attorney and identify them. That occurs when you get into the appellate process, where the person is appealing a denial, and then of course we would take the consent from the legal representative.
MR. FANNING: I see. Thank you.
MR. GELLMAN: Do you -- you obviously live under the Privacy Act.
MR. FUNK: Oh, yes.
MR. GELLMAN: Are there any problems in complying with it at all -- providing access and correction rights and all that sort of thing?
MR. FUNK: I happened to be working with the Privacy Act when it came out in 1974. We had always had the policy we would not disclose anyone's records without the person's consent. When we got into the disability business back in the 1950s, we expanded that to say without the consent of the individual and the source of the record.
Then when the Privacy Act came along, we, for reasons of I guess good medical management -- as a matter of fact, I believe we were told by the Social Security Act not to get into the claimant-doctor relationship in any way. For those reasons, we generally would not have allowed a person access to his medical records up until the passage of the Privacy Act. Due to the Privacy Act we had to develop policy.
Essentially, if someone asks for access to his medical records in our keeping, so to speak, we would review the record to see if there is anything in there that would act in a person's detriment, that would interfere with their medical management, that sort of thing. If not, then we would allow the person access.
If so, then we would ask the person to designate a representative, an attorney, generally a physician or another health professional, somebody of that nature, and in a rare event, a family member. We have always felt that that was the claimant's best benefit.
MR. GELLMAN: Does that happen often?
MR. FUNK: No. Well, I don't believe it happens often that people request access.
MR. GELLMAN: One more question about the sharing of information with the vocational rehabilitation programs. You will share a medical file with those programs?
MR. FUNK: We will send a copy of the medical record.
MR. GELLMAN: Is that done with the consent of the claimant?
MR. FUNK: When a person consents to release of their medical record, it is for program purposes. Under the Social Security Act, that is a program purpose, because it is the intent of Congress that they not remain on the disability rolls.
MR. GELLMAN: Anyone? Thank you.
MR. FUNK: Thank you.
MR. GELLMAN: You are welcome to stay, but you are also welcome to leave if you like.
MR. FUNK: Thank you.
MR. GELLMAN: You've been very helpful; not as complicated as I was worried about.
I've got a lot more questions for you. Until recently, the issue of social work, the problems of social workers under this legislation were not considered. You'll look at any of the bills, and there is nothing in there about it. The question is to try and figure out how you relate to what is already there, or what isn't there and needs to be.
I want to begin with one of the key concepts in the which is that of health care provider. Are social workers health care providers? Are they health care providers some of the time, all of the time? Can you elaborate on that?
MS. DU MEZ: Well, as I said early on, social work is practiced in really a broad array of settings. Certainly many social workers might not be defined as health care providers; however, social workers provide more mental health services than any other profession. I presume that this enlightened body considers mental health as part of health provision.
MR. GELLMAN: Absolutely.
MS. DU MEZ: So most assuredly they are health care providers in that sense. Of course social workers work in hospital and nursing care settings as well.
MR. GELLMAN: Is there a way to distinguish between social work activities that are health care activities, and those that aren't?
MS. DU MEZ: I think that there are certainly some very clear distinctions, with perhaps a small middle that might be defined, depending on one's perspective or one's objectives on one sphere or the other. I don't think it would be correct to define all social workers as health care providers.
MR. GELLMAN: One of the goals of legislation and definitions is to draw some kind of a bright line so that everybody can tell which side they fall on. The definitions in all of the bills tend to rely on people who are licensed, certified, registered, what have you under state law, to provide an item or service that constitutes health care in the ordinary course of business. That's as bright a line as you are going to get in this area.
Are all social workers licensed?
MS. DU MEZ: No, licensing is voluntary in many states, and indeed licensing laws for social workers are disparate among states. Some have very stringent licensing laws, and it would be virtually impossible to practice without a license, and other states have more of a certification or a registration system.
Now obviously there are advocacy efforts to try to get a uniform licensing law across states, and to upgrade licensing laws in states where they are weak.
There was something you said earlier on that I was going to respond to.
MR. GELLMAN: Well, you said that some states do licensing, some do certifying, some have registration. Do all states have something?
MS. DU MEZ: Yes.
MR. GELLMAN: So then the definition --
MS. DU MEZ: There are regulatory laws in all states; laws that regulate the practice of social work in all states.
MR. GELLMAN: But we are still left with the problem of even if we assume just for purposes of discussion that all social workers are licensed, so they all fall under the definition, whatever it may happen to be, there are more social workers licensed than quality as health care providers. How do we distinguish between those that are and those that aren't?
MS. DU MEZ: Well, is it important to do so for your purposes? I would make the point for instance that this is a universal code of ethics. It is developed by the National Association of Social Workers, but it is the code of ethics that is taught in all schools of social work, and is either adopted in its entirety or adapted for use by these regulatory bodies.
So the provisions for confidentiality are uniform expectations or standards for all social workers, regardless of their realm of practice.
MR. GELLMAN: Well, I understand that. I have actually read your code, and think it's actually pretty good, but the problem from the legislation's point of view is that we are trying to regulate the provision of health care and medical records particularly, and we are not trying to solve all of the privacy problems for all of the records that exist.
We are trying to draw a line, and this is hard enough even in the traditional medical context to do, because when you to the borders, you have problems. So the definitions are based in terms of the provision of health care.
So for example some areas are easy, because if you are providing services to someone in a hospital setting, your records are covered, because of the setting. It's in the context of providing health care, and it doesn't matter. In other contexts it may make a difference. Without having clear definitions, the problems are that either people don't know whether their records are protected, or they may be at risk -- social workers, recordkeepers may be at risk -- not realizing that what they are doing happens to technically fall under the definition when they don't feel like what they are doing is health care at all.
So the definitional problem is a crucial one least some poor social worker end up going to jail for inadvertently not complying with a law they didn't think applied. That is the problem here. So what I'm looking for is some help in distinguishing between social work activities that are clearly provision of health care, and those that are not.
You said there are some things that clearly are, and some things that clearly aren't, and some things in the middle, so how do we get at that in terms of making the distinctions?
MS. DU MEZ: One way of looking at it would be the setting in which the practitioner is practicing. In this day and age of course, there are so many contractual arrangements, so that somebody may not be an employee, may not be subject to the various policies and provisions of an agency, but rather would be functioning, performing certain duties and so forth without really a knowledge or affiliation with the agency's central set of provisions.
So I think it is a complicated question. I'm not sure I can help you at this moment. Maybe it is a somewhat unanswerable question.
MR. GELLMAN: Well, it's got to be answered.
DR. DETMER: It is really very relevant, because it's part of the trouble, particularly in some of these boundary situations, where you may be relating to an employer with some data that could very well be considered sensitive data. So you've got to know kind of when you're on the line, and when you're on one side or the other.
MS. DU MEZ: A good example of this gray area of practice might social work in the school settings, for instance, where often the social worker is providing counseling, much of it -- not all perhaps -- would be mental health counseling. It might entail collaboration with clearly defined health systems like clinics and that sort of thing.
So would school social workers as a group be considered to be health care providers?
MR. FANNING: Do you have any instinct on how that should turn out? Would you want them to be covered by the set of protections established by this law?
MS. DU MEZ: I would think that it would be desirable, but there may be considerations that I'm not aware of. Can we just have some dialogue on this subject?
MR. FANNING: Well, one test would be, what would it interfere with? To what extent is there communication between the social worker and the more distinctly educational staff in the schools? Is there a lot of that communication? Does it involve substantive material?
MS. DU MEZ: I think that varies greatly among school systems, but I think that is a very good example. Certainly in some systems teachers would seek access to the counseling or social work records. The social worker might very well determine that that is not in the best interest of the student, but there may be some overriding school board policy that requires that the school social worker's records be open to teachers.
I think there would probably be a good deal of variance among school systems in that regard. Basically, I think that it would be desirable to have protection for social work records.
MR. GELLMAN: The issue is not protection for social work records. The issue is protection for social work records as health care records under this legislation. So for example in that situation you just described, the disclosure of records to the educational staff of the school would not be provided for in this legislation, and would be illegal.
If that is a routine activity -- do you see where we are getting to the circumstance where we are applying this law in a circumstance where we have not --
MS. DU MEZ: Tread before.
MR. GELLMAN: To try it another way, if we were writing a law just to deal with social work, we would have a whole bunch of different considerations. We would worry about whether that kind of disclosure is appropriate and what are the terms, yet we are not likely to do that in this bill. So that's the problem we face, and I don't expect to solve it today, but I think that it is incumbent upon you --
MS. DU MEZ: I do think we have some people on our staff who would have the subject matter expertise in health, mental health, school social work and so forth, who would have some ideas that would go beyond my own.
MR. FANNING: Can I ask, in the school situation does the social worker and the teachers and others typically work in a team, where they would meet and discuss the plan for a particular child, and the progress for a child?
MS. DU MEZ: I think that is more and more the mode, yes. Again, I will bet there is a lot of variability among school systems.
MR. FANNING: In some of those instances there will be people who --
MS. DU MEZ: These team approaches, definitely.
MR. FANNING: -- whose profession is education, rather than anything related to health or counseling. Okay, so that presents the difficulty that Bob just identified. That's why I asked, do you think it is desirable if they be covered, but coverage results in --
MS. DU MEZ: The extent to which that undermines collaboration and the ability to make comprehensive plans on behalf of youngsters is a detriment of course.
DR. DETMER: Just to clarify this, because we would like to hear back from you and your colleagues on it, we had an occupational medicine person here for example yesterday, who was talking about they may have a decision that the worker can't go back on to do a certain kind of work. Well, the employer not infrequently will say, well, what's their problem? The answer is, you don't need to know his problem, you just need to know they can't do this kind of work.
Now the issue is if we were to try to tie social work into that, would it literally tie up social work, and twist it so much that it would be better to leave it out of the legislation? What kind of guidance on that? Double agencies is not rare in health care. The issue is how does it relate to your profession and your colleagues, and how would you have us try to do this for the sake of the medical information -- not all information -- as a matter of medical data?
MS. DU MEZ: I'm not sure this is precisely relevant to what you are saying, Dr. Detmer, but I think it is important to think about the importance of the concept of informed consent so that there are provisions in all these settings for the social worker to make an interpretation to a client for the need for information, and to be able to limit that consent to a certain timeframe, and to certain aspects of the record, when it is in the client's best interest to have that information conveyed.
Now that doesn't allow for a lot of generalizations. It may seem unwieldy, but I think that there is always -- there needs to always be the possibility of dealing on an individualized basis with a client's unique needs, and gaining consent for specific purposes to convey information.
DR. SCHWARTZ: Might there be in your view, the need for some type of special consideration for some of the records of social workers that might be considered health care records, when either on work site or in a school, the social worker is providing counseling services to a group in particular with respect to maintaining the confidentiality, and restricting use and disclosure of that information?
Perhaps you could tell us a little bit how you deal with that currently. How those type of records might be captured during group sessions, are protected?
MS. DU MEZ: Well, I don't know that there always is a good protection. It certainly is occasionally the subject of complaints that are reviewed by NASW and probably by licensing boards as well. There is now in this new code, specific standards that address the necessity for both admonishing members of a groups or members of a family and so forth about the necessity to maintain confidentiality among them, and also some of the risks involved in divulging information in those group settings.
I think that there is a lot of variability in terms of how social workers keep records. I'm not really familiar with physicians' records other than having seen my own, but I suspect there are much more standardized means of keeping physicians' records than there are social work records.
I'm sure too that some social workers, as a matter of good faith on behalf of their clients, keep what someone else might consider to be very insufficient records in order to reconstruct the course of treatment or service to a client. A social worker might do that in hopes of protecting a client if there is ever a court case or some sort of investigation.
Other social workers would keep -- and I think this is becoming more prevalent as a risk management strategy for social workers and for other professionals as well, where they assiduously keep records so they can reconstruct a lot of detail about their work with a client.
I don't think there is a great deal of uniformity.
DR. SCHWARTZ: The issue that you raised about informed consent, perhaps you can describe briefly what type of informed consent the patient or the individual might sign in that type of setting where there would be some type of group counseling?
MS. DU MEZ: Well, I would think that it would include the purpose for which information was going to be shared, with whom it was going to be shared, and the duration of time that this consent is valid.
DR. SCHWARTZ: I mean more particularly with respect to other participants in the group. What kind of assurances does a social worker offer any one of the individuals in those type of settings?
MS. DU MEZ: I think they would have to be conditional assurances. One of the basic precepts here is that the limits of confidentiality must be known to a client, and there are circumstances in which no matter the skill or goodwill on the part of the practitioner, that he or she cannot protect the client.
So then it becomes very important in advance of the service provided to enlighten a client as to those limits, so that a client can voluntarily withhold information.
DR. SCHWARTZ: So that if there has been some type of breach on the part of one person in the group, often times the social worker is not responsible for that disclosure?
MS. DU MEZ: Yes, that would be true.
DR. SCHWARTZ: That might be different from some other health care practitioners.
MS. DU MEZ: One of the settings in which you can examine this, which is I think fraught with hazards is in the treatment of domestic abuse perpetrators, batterers and that sort of thing. I think group treatment has proven to be a very useful methodology, and yet people will, in those situations, discuss illegal activity and extremely powerful information can be shared in those settings.
MR. GELLMAN: There are a lot of broad problems with group therapy. Anyway, like I said, we're not going to resolve this definitional thing, but I think that you guys have to take a look at this and try and figure it out. It may be that the goal here is not to define social work; the goal here is to define some of the elements that qualify as providing health care.
I'm not quite sure, but it seems to me that might be more fruitful. It may be necessarily to be more precise, perhaps even at the point of leaving some things out where you can't define them clearly, just so we know that we can define some of it clearly. The examples you gave of people who are clearly providing mental health counseling in professional settings is something that is clearly health care under any basic definition, and that is clearly important.
Let's talk about access and disclosure. Let me offer a statement; tell me if it's true. Social workers always get access to records of health care providers with consent of the patient. Is that true?
MS. DU MEZ: Yes.
MR. GELLMAN: Always?
MS. DU MEZ: Well, yes. I hope so. There are social workers who are either less than competent or less than ethical. We always hope to see those people in our adjudication system. Yes, consent is a very standard precept that social workers work under.
MR. GELLMAN: Would that be true in a hospital setting for example?
MS. DU MEZ: Well, I think that maybe my statement needs to have some conditions attached. If in a hospital setting there are standardized consent forms that are developed on the institutional level, and social workers are employed there, and are in a bureaucratic setting, they may be directed to use these standardized consent forms, which might different considerably from ones that they would devise on their own.
In those instances, it would certainly be incumbent on the social worker to explain to the client the limits of confidentiality, or what was entailed by this broad consent.
MR. GELLMAN: Suppose that in a hospital setting someone is making a referral of a patient to an outside social worker. Would that always be done with consent?
MS. DU MEZ: It should be. I doubt that it always is.
MR. GELLMAN: There are a variety of users of health records for a variety of purposes who have offered a case for non-consensual access to records -- public health, fraud investigators, researchers, a few others. The question is, do we need to provide for non-consensual access by social workers under any condition?
MR. FANNING: You mean where the social worker can get the record?
MR. GELLMAN: Yes.
MR. FANNING: From someone who is clearly a health care provider?
MR. GELLMAN: Right.
MR. FANNING: Without a signed statement in advance.
MS. DU MEZ: Supposing that the social worker didn't have direct contact with that client, and -- I'm just trying to think hypothetically of some circumstance that would illustrate this. I would like to say no to that; that the social worker would have no reason to access records that they didn't explicitly have permission to access, but let's think about the criminal justice system for instance.
It is very possible that social workers would have access I would think, in a criminal justice system to records --
MR. GELLMAN: Well, we're talking here about medical records, not other records.
MS. DU MEZ: Let's think about forensic criminal justice system.
MR. GELLMAN: Can you explain how social workers are involved in that?
MS. DU MEZ: Right. Think of St. Elizabeth's Hospital, the John Howard facility. There are a lot of social workers that deal with --
MR. GELLMAN: Okay, that's a good example.
Let's talk about the disclosure side when social workers make disclosures of medical information. Do they disclosure medical information to public health authorities? Is this something that happens routinely? Is this something that happens never?
MS. DU MEZ: I don't think it happens routinely. One of the functions of my office is to address the ethical quandaries and questions from our individual members. So I hear from a lot of social workers who struggle with these very questions, so that's why I know there are always exceptions, and there are always people who respond this way, or others respond that way when there are competing sources of authority. So I'm uncomfortable saying all or never.
MR. GELLMAN: I understand that. We're not really trying to make decisions here for all time. We're just trying to get a sense of the scope of the problem.
Are there obligations of social workers to make disclosures of suspected cases of child abuse?
MS. DU MEZ: Yes, they are mandated reporters in terms of child abuse, and in some states, other vulnerable populations as well such as the elderly.
MR. GELLMAN: Right.
Do social workers make disclosures to researchers? Do they make records available for people who are doing --
MS. DU MEZ: Only in aggregate form, one would hope.
MR. GELLMAN: Well, okay, but it makes a difference. Again, I'm not trying to hold you to make a pronouncement for all time here, but whether disclosures of identifiable records are made to researchers, whether they are to be permitted at all, is something that has to be determined in the context of the legislation. So that is why I'm looking for --
MS. DU MEZ: My answer would tend to be no. I can't think of circumstances that would be so compelling that a social worker would divulge individual data to a researcher.
MR. GELLMAN: It's quite common for records to be accessed by people who are engaged in oversight of the health care system. This is oversight of a whole variety of different purposes -- cost containment, fraud control, what have you. How do social workers relate to these kinds of activities? How do they make records available? How are their services overseen for all these purposes?
MS. DU MEZ: I think a lot of social workers are struggling with that. If it's part of their contractual arrangement with one of these systems, it is an absolute that the system gets copies of the records. Whether they like it or not, if they are going to be a preferred provider or have an association with that system, they are likely to adhere to that.
It is then incumbent on that social worker to inform every client of that. I'm sure the client is informed in small print of that fact, but I think it would be incumbent on the social worker to interpret that and emphasize that they cannot protect the confidentiality in terms of reporting back to the system.
Social workers also have an obligation to try to change policies that they think are detrimental to their clients. So often I think social workers engage in advocacy to try to get those systems to change those policies that are so unfair to individuals.
MR. GELLMAN: How are social workers -- this is just sort of my own ignorance -- how are social workers paid for their services? There may be a lot of different kinds of answers to this. In the health care setting we've got managed care and fee-for-service. Do you have the same kind of range of payment methods?
MS. DU MEZ: Yes. There are social work practitioners in private practice who collect fees directly, have businesses of their own. There are others who are reimbursed for services by systems. Then there are other social workers who are employees of agencies and are reimbursed on the basis of a salary or renumerated on the basis of a salary.
MR. GELLMAN: In the case of payments for health services, one of the major flows of information is from the provider to the insurer. We had testimony yesterday about all the electronic payment methods, and all the players that are involved in conveying information from here to there.
We have also had testimony about demands from insurers for more information to justify claims. Do you face all of these same kinds of problems and issues?
MS. DU MEZ: Yes.
MR. GELLMAN: And the same demands for broad access to records in order to justify payment? Is this a constant kind of struggle with insurers?
MS. DU MEZ: Yes.
MR. GELLMAN: Do police come looking for social work records very often? Now I'm not talking in the health care fraud context; I'm talking in the sort of routine police work kind of activity.
MS. DU MEZ: Not to my knowledge. I have certainly had calls along those lines, especially when it comes to fugitives and that sort of thing, but I don't think it is a routine problem that is faced by social workers.
MR. FANNING: Can I just ask how it comes up in the fugitive situation?
MS. DU MEZ: Well, certainly social workers don't necessarily know all the detailed history of various clients they may be working with. So the social worker may unknowingly end up working with people who are in trouble with the law. Social workers work in homeless shelters and do direct service to populations that are really on the fringe of mainstream society.
MR. FANNING: So the police might come trying to find someone, and may ask the social worker, have you seen this person? It may be turn out to be client. That's how it would come up?
MS. DU MEZ: Right, but also social workers of course are subpoenaed to appear in court, and even to testify against their clients. That suggests a lot of judgment needs to be exercised, where you have competing values of the best interests of your client, the protection of your client, versus the protection of society; very real struggles.
MR. GELLMAN: Let's talk about next of kin disclosures. This is clearly going to be a hot issue for you, and one where you face problems and conflicts all the time. What are current policies and ethical rules regarding how far you go? Is this mostly a matter of professional judgment?
MS. DU MEZ: You are talking about live clients?
MR. GELLMAN: Yes.
MS. DU MEZ: Because the question often arises, what are the duties to protect confidentiality of deceased clients.
MR. GELLMAN: Let's leave that for the future.
MS. DU MEZ: I think that primarily pertains to minors. I don't doubt that there are state laws, statutes that affect how a social worker must respond, for instance to parental queries.
Another question that I frequently hear is if a non-custodial parent has taken the child for therapy during visitations and so forth, what access does the custodial -- first of all, must the custodial parent give permission for this? What access do they have to information? The question is if Parent A is paying for the counseling services for this youngster, what are the rights of Parent B to have access to records, or to have information divulged?
So those are some of the very real dilemmas. I think again, there is quite a variation of experience in that social workers in some settings would conduct themselves one way, and then in other situations, another way.
MR. FANNING: Can I just follow-up? It seems to me that in some situations you would be working fairly closely with relatives. If someone is getting out of the hospital or some other facility and has to be placed, it seems to be that that is a fairly elaborate interaction.
MS. DU MEZ: Oh, absolutely. If we are talking about competent people, then it is simply a matter of explaining the limits of confidentiality to each of the members of that family system. I will be discussing with your daughter with your permission, or from the outset, at the very beginning of the treatment work, an explanation of the fact that because we view you and your family as a client system, we are going to discuss with the various members of the family, the information that we derive from each of the members. So that the rules of the game need to be known up front.
MR. FANNING: The social workers who are doing that kind of thing, would they be considered be health professionals?
MS. DU MEZ: If it's in a nursing care setting.
MR. FANNING: So some of them will be health professionals?
MS. DU MEZ: Yes.
MR. FANNING: The issue usually comes up in a narrower form with what can be told to relatives, because in a lot of situations there is no need to tell the relatives anything. In the ministrations of the social worker, it seems to me, fairly elaborate transactions with the relatives are the substance of the work.
MS. DU MEZ: One of the interesting ethical dilemmas that was posed to me just last week was a social worker in private practice who was working with a client who has been diagnosed with HIV over a long period of time; something that he had long since come to terms with, now has been diagnosed with terminal liver cancer.
He has a plan for ending his life, and this is a very competent client. He has divulged his plan to the social worker, and the social worker is struggling to determine whether she has a duty to support him in his self-determining actions, or whether she has a duty to report this to his partner or his family. I would call that social worker a health care provider.
MR. FANNING: Yes, and telling the family or partner might be a perfectly reasonable choice.
MS. DU MEZ: If she believed she had some sort of duty to warn somebody to try to prevent the act. Then of course, it would be incumbent upon her to inform the client of the exception to confidentiality.
MR. GELLMAN: We talked this morning about some of the legislative proposals on next of kin. In two of the bills, one of them seems to rely more on sort of a formal notice process to each patient, waiting to see if the patient has an objection to next of kin disclosure. This is all thought through much more in the traditional medical care setting than in the social work setting. So one has got sort of a formal notice process.
Another approach really gives professionals more discretion in what to disclose with respect to current treatment activities. In each case, when there is an expressed patient wish, that is controlling.
Do you see a preference between the two approaches?
MS. DU MEZ: I would see a preference for giving more discretion to the professional practitioner, because client circumstances differ so vastly, and there are so many unique features about any given case that really should be taken into consideration.
So I would rather think of social work practitioners as having been sufficiently trained in a problem solving model so to speak, an ethical problem solving model so that they can systematically use discretion and make decisions that are best suited to a given circumstance.
MR. GELLMAN: Let's talk about some more general confidentiality issues. A Supreme Court decision in the Redmond case was clearly very positive for social work.
MS. DU MEZ: It was a wonderful victory.
MR. GELLMAN: On the broad scale of things, the testimonial privilege is not especially relevant to the routine day-to-day disclosures that are faced by health care providers. Do you agree with that?
MS. DU MEZ: Well, are we talking about court situations in general?
MR. GELLMAN: No, we're talking about the court situations being a very narrow slice of the disclosures that are required in health care settings routinely.
MS. DU MEZ: In health care settings, yes, I think that is probably true. Let me tell you why I'm hesitating. Are we talking about custody and divorce litigation as well, because the kind of counseling, whether it has been preceded by marital counseling, or whether it is supportive in problem solving counseling for one or the other parties in those kinds of fractured family situations is certainly mental health counseling. There certainly is a lot of litigation that social workers are drawn into in that sphere.
MR. GELLMAN: I wonder even with Redmond whether that information would be privileged in those kinds of cases. I'm not sure that is clear from the decision.
Let me move on. I know that some state privilege laws are specifically aimed at social workers. They fall within the scope, and some didn't. That was one of the issues in the Redmond case.
Are there other state confidentiality laws specifically aimed at social workers? We know that there are health privacy laws in some states, and they are not very good, and they are very scattershot who they happen to cover. I'm just wondering if there are any state laws out there?
MS. DU MEZ: I don't think I know the answer to that.
MR. GELLMAN: What is your experience with patient access to their own records? Your code of ethics allows withholding of records if disclosure would cause harm to the client. In a discussion of access to medical information, this is viewed today by many, but certainly not everybody, as a very old fashioned, paternalistic standards.
MS. DU MEZ: I think the extent to which clients do have access is going to affect what kinds of records the social worker keeps if he or she has a choice, if they are a private practitioner or a contractor or what have you.
Again, I hear from these individual practitioners who are struggling with these questions. There are some clients for whom just noting the diagnostic category, the diagnostic features that may be phrased in very technical terms is very powerful information that can throw them into a tailspin, but I think that is the exception and not the rule.
I think basically clients can and should have access to their records. Now a lot of social workers I think keep what they call progress notes, and this may be for their own guidance in working with the client. They may not give a client access to those notes. I'm not sure that is proper, but I think it is typical.
I think that more and more service providers -- lawyers, physicians, nurses, teachers, social workers -- engage in their own risk management strategies, because they realize that the records they keep can somehow be used against them in malpractice suits and complaints and that sort of thing.
So there are a lot of dynamics that come into play, some of them self-interested on the part of professional people.
MR. GELLMAN: Obviously all of those concerns and pressures exist in other health care providers. For example with notes, there has been some pressure from psychiatrists who want to withhold their notes from patients, and other people who feel there is no basis for that.
MS. DU MEZ: Yes, I think there is a real range of thinking on that subject. I don't think there would be a sort of central or unified view on that question among social work practitioners.
MR. GELLMAN: I think we sort of touched on all the basic issues here one way or another. I think that social work needs to think about this legislation quite a bit, and pay a lot of attention to the details, especially the definitional one up front that we spent the most time on, and consider some of the rest of this, and try and figure out how you want to fit under this bill and where you want to fit under this bill.
Confidentiality laws are two-edged swords in a lot of ways. They protect records and it also makes records available in certain ways, and poses liability on everybody for violating the rules. So there is a price to be paid for the protections that are here. There also are provisions that allow records to be used in ways that may be unnecessary or inconsistent.
If you are a health care provider, there is a lot of authority. Health care providers have the widest range of authority under the legislation to disclose records for other purposes, and some of that may be unnecessary, or in the case of social work, it may be possible to say this is a use that even though a doctor might make this disclosure, social workers will not. If we can identify that and cut it off, that might be useful.
So I think that a lot of these things have to be reviewed with a lot more care and a lot more thought. From my perspective, as I said, you guys are new players here.
MS. DU MEZ: Right, and I do think it will be helpful to get input from our practice specialists in various areas of social work practice, which we can readily do for you.
MR. GELLMAN: I think that is very important that whatever rules we develop or are developed, have to work out there in the field.
Well, I want to thank you for your testimony. I think it has been very helpful.
Do we have any public witnesses?
MR. FANNING: We have no public witnesses.
MR. GELLMAN: We have no public witnesses. The hearing will stand in recess until February 18, 1997, at 9:00 a.m. in this room.
I would like to thank you all for coming and the staff and our recorders, and we are adjourned.
[Whereupon the meeting was adjourned at 3:37 p.m.]