Transcript June 3, 1997 a.m. session

NATIONAL COMMITTEE ON VITAL AND HEALTH STATISTICS

PERSPECTIVES ON PRIVACY, CONFIDENTIALITY, DATA STANDARDS AND MEDICAL/CLINICAL CODING AND CLASSIFICATION ISSUES IN IMPLEMENTATION OF ADMINISTRATIVE SIMPLIFICATION

PROVISIONS OF P.L. 104-191

June 3, 1997

Morning Session

Federal Building

450 Golden Gate Avenue

San Francisco, California

Proceedings By:

Tigerfish Transcribing and Editing

653 Francisco Street, Suite 4

San Francisco, CA 94133

(415) 474-5575

P R O C E E D I N G S

DR. DETMER: In any event, the delay is not their doing, unfortunately nor our planning but it's a human world and we're glad for that. In any event, I'm Don Detmer I chair the National Committee on Vital and Health Statistics. This is actually the seventh of our hearings that we've had on the Kennedy Kassabaum, Kassabaum Kennedy.

It's such a large task for the time they have given it that we refer to it affectionately as "K2" because it's something to really scale. What we intend to do over the next couple of days is actually have a hearing across the full range of issues that were relating to, relative to this legislation. The Committee, as you know the National Committee on Vital Health Statistics is actually 45 plus years approaching 50 years of life but most recently through this legislation I would say is essentially emerging as a data information, health data information policy advisor to the Secretary and Congress; more than simply Vital and health statistics but how do we relate to these things in an information age.

The task is really quite large and the time line is quite short. We're very grateful for the people in California who have helped us organize this. I'll mention a little more about them in a moment. What we typically do at the start of our sessions is start actually with an introduction of Committee members themselves, and then what I'd like to do is ask the government folks that have come with us from Washington as well as those who are here from California or the West and then we'll literally go through and ask everyone in the room please to introduce themselves as well. And then I'll make some additional comments and we'll get underway. So, Marjorie.

MS. GREENBERG: Marjorie Greenberg from the National Center of Health Statistics and I'm the Acting Executive Secretary of the Committee. Thank you for inviting us to California.

MS. FRAWLEY: I'm Kathleen Frawley I'm Vice President of Legislative and Public Policy Services for the American Health Information Management Association.

MR. GELLMAN: I'm Bob Gellman I'm a Privacy and Information Policy Consultant in Washington.

DR. COHN: I'm Dr. Simon Cohn. I'm the Clinical Information System Coordinator for Kaiser Permanente and a member of the Committee. I live in Oakland.

MR. SCANLON: I am Jim Scanlon from the Office of Assistant Secretary for Planning and Evaluation of HHS and Executive Staff Director for the Committee.

MS. COLTIN: I'm Kathy Coltin I'm Director of Clinical Management Systems at Harvard Pilgrim Health Care, a managed care organization in Boston.

DR. LUMPKIN: I'm John Lumpkin. I'm Director of the Illinois Department of Public Health.

DR. DETMER: And I mentioned that Vince Mor is from Brown University as a full professor and Dr. Iezzoni is at Beth Israel Hospital at Harvard as a professor there. and then Bill, I guess.

DR. BRAITHWAITE: I'm Bill Braithwaite the President of Health and Human Services Office and the Assistant Secretary for Planning and Evaluation and I'm staff on the Committee.

MR. SMITH: I'm Bill Smith I am with the Health Care Planning Administration.

MS. BALL: I'm Judy Ball I'm also with the Office of the Assistant Secretary for Planning Evaluation.

[From the audience.]

[Lily Corn] I'm from TRW.

Jean Campbell and I'm a research assistant with the Bethesda Missouri Institute of Mental Health and a mental health consumer researcher.

I'm Donna Rake. I represent Blue Cross of California Well Point Health Networks and the Director of Electronic Data Services.

I'm Sharon Ferrell the President of the California Medical Billing Association.

I'm Larry Matejika I'm Vice-President of the California Medical Billing Association and also RH Managed Care Reimbursement in third party medical bill and services claims.

Dr. Bill Marshall Resident of Public Health and Medicine working at Health Sciences University at Kaiser Permanente in Portland.

I'm Gene Scott. I'm Director of Government Affairs at the National Data Corporation in the Media Factor of the association for electronic health care transactions in Washington, D.C.

I'm Laura Brownly Bernstein I'm from San Francisco. I'm Tony Nespole I'm Medical Director for the CFRI the a Medicare Probe.

Vienci Reno with Wellpoint Healthnet, network across California, transaction network electronic division.

Jim White with Texas Health Care Information Council an Interstate Agency in Austin Texas.

DR. DETMER: Kay, and then we'll clear on that way.

MS. FRANKS: Kay Franks, I'm an Assistant Administrator for Sutter California a large independent health care system.

MS. HARMS: I'm Dorel Harms I'm Vice-President for Quality and Professional Services with the California Health Care Association, the Hospital Association of California.

MS. FERRELL: I'm Sharon Ferrell, President of the California Medical Billing Association.

MR. MATEJKA: I'm Larry Matejka. I'm Vice-President of the California Medical Billing Association and also am president of a medical bill company in Long Beach California.

Cathy McDuffy Executive Director of the Data Division of the office statement and Health Planning Development.

I'm Jim Yamasaki for [unintelligible] Corporation.

Mary Wood President of [unintelligible]

Ann Formacy Associate Examining Director of the American Association of Medical Transcription.

Paula Utesia Executive Director of the American Association for Medical Transcription and Chair of the of the AS Subcommittee on Health Care Transcription and documentation.

My name is Harriet Metts Melialflin. I'm just here.

DR. DETMER: We're glad to have you here.

My name is Jonathan Bens and no reason.

I'm Dale Miller and I am Dave Incorporated a health care information security consultant.

Ken Crowley Assistant Vice-President to third party administrator, providing administrator services.

DR. DETMER: Okay. Thank you. I want to mention to all the guests that we do have a period at the end of day that's open for people to make additional comments. We'd like for you to please sign in if you do with to comment at that time. And I'll make that announcement a couple of times during the date since some people will be coming and going. I do want to particularly thank the California Office of Statewide Health Planning as well as the Healthcare Data Information Corporation. Cathy McCaffrey we heard from a moment ago. Ann Gyer, I don't know if I missed her. But at any rate, these two people and organizations were very helpful in setting this up and we appreciate your work.

We really came out here because of an interest, and difficulty of some people making the trek all the way across the country to Washington. So in an effort--obviously there's a lot of land between California and Washington but in effort to at least give a better opportunity for people across the country to make an input, we thought that would be useful. We don't intend actually to have more hearings on this round, if you will, of the Kassabaum-Kennedy legislation before we move forward on our recommendations. The hearings have been very fruitful to date and I think this process out here will also be very useful to us.

I think, let's see, in terms of other issues before we get underway I think that program, basically we have set of the different panels. The first one on insurers, health plans and providers; another panel on public health and research; a panel on public hospitals, community health centers and academic medical centers, as well as an as an advocacy panel; a panel on integrated health systems and employers and state health data panel; and a provider panel. So it's essentially going across the whole gamut of these issues, and I think, as I say we'll round out our input, formal input side of our activities. We're mandated by legislation to come forward with recommendations on the privacy and confidentiality issues by August. Which, by the time you go through the processing, sometime in July we've got to really have that ready to go and then we can move forward standards and such. We have a meeting in Washington later this month we have to do to closure on some of these issues.

So these comments today will clearly be playing into our recommendations and conclusions and I think that it's quite timely that we're here. Jim or Marjorie do you have anything to add before we move forward to the first panel?

MS. GREENBERG: We are transcribing the meetings. So if people, particularly people in the audience want to ask questions I guess do come up to one of the microphones. Otherwise, if the presenter will repeat the question, it will helpful.

DR. DETMER: So, in other words, if somebody in the audience wants to ask a question relative to the topic at hand, fine. If you want to start a whole new topic, that will be at the end of day. Okay.

MR. SCANLON: On that, in addition to the obviously Administrative EDI type transactions that we'll be discussing in many of the panel. The law that Don talked about, Health Insurance Affordability and Accountability Act, in addition to the insurance reforms, also asked the Secretary of HHS to make recommendations to privacy--health record privacy, that would be federal legislation. Any suggestions comments or other advice you have in that area as well please feel free. Thanks again for hosting us and putting together such an excellent program.

DR. DETMER: Vince and Lisa, it's great to have you have join us. I introduced you in your absence but I'd like you to weigh in yourself for a moment if you would. We're glad to have you. I apologized for your being late it's not your own cause.

DR. MOR: I'm Vince Mor from Brown University. I've been on the Committee for just under a year and I specialize in issues related to long-term care.

DR. IEZZONI: I'm Lisa Iezzoni from Beth Israel Medical Center and Harvard Medical School in Boston.

DR. DETMER: What we've done is gone ahead and done the introductions. I'm sorry you missed some of the introductions of people here in the audience and panels of course you'll hear from in a moment. What we've asked the panelists to do is limit comments to 10 minutes. We've had actuality very good cooperation on that. It gives us time also to have a chance to actually query you folks and have a good discussion as well. I don't know how you want to start this end or that end? But the floor is yours. Larry?

MR. MATEJKA: Once again, my name is Larry Matejka I'm here representing the California Medical Billing Association. We're an association made up of medical billing companies in personnel in the State of California. We estimate that at any given time there are between 800 and 1000 different billing companies within California through polling of telephone books. We are very, very pleased to be part of this process because we are the people who produce the claims for providers, not necessarily just physicians, but hospitals and in some instances even hospitals, even though we are predominantly physician-oriented. With that I don't want to steal the thunder, but I'll turn the rest of the 10 minutes presentation over to Sharon Ferrell the President of our association.

MS. FERRELL: I'm Sharon Ferrell President of the Medical Billing Association, and I would also like to thank everyone for allowing us to come present our views. The California Medical Billing Association was formed for the purpose of presenting a unified voice for third party medical billers, and to lead the way in attaining a higher level of professionalism in the medical billing industry throughout the State of California. Some of our strategic goals are to take a pro-active positions advocating changes to improves our industry, to provide a source of continuing and advanced level of education, establish and maintain professional standards, provide an open forum network for the free exchange of information and ideas, and to promote member companies to other associations groups within the State, as industry leaders with equal professionalism integrity and knowledge.

As third party member billers we deal with a full spectrum of provider specialties as well as third party payors, and have become all too familiar with the complexity of rules, regulations and contractual requirements that already exist. Efforts to simply or standardizes the collection and transmission of administrative health data are heartily welcomed in theory, however, experience has demonstrated that prior attempts at simplification have only led to yet another layer of complexity. All the issues addressed in the Health Insurance Portability and Accountability Act are important and directly impact our members and in turn, health care providers they serve. These issues are the nuts and bolts of our daily operations.

While we can understand the need to collect and report more comprehensive data, and to facilitate the dissemination of the information, the burden of implementing changes of the scope and magnitude proposed under the HIPAA should not shifted in entirely to the administrative arena. California has felt the impact of managed care to an extent not fully appreciated in most other states in the country. Efforts to reduce the cost of health care have drastic increased administrative costs born by the provider while simultaneously decreasing revenue. Practices are experiencing 200% to 300% increases in the administration resources necessary to deal with utilization review, referrals, authorizations, and inefficient IPA's. This leaves them ill-equipped to absorb additional new requirements or adapt to radical changes. The cost of the infrastructure changes should be carefully considered. The ripple effect of even a small change such as the National Provider Identification Number can mean hundreds of millions of dollars in computer software, telecommunications programming, printing costs and time loss. Whatever the end result of these hearings we would urge you to consider the potential impact of your recommendations on those who comply and allow ample time for implementation. An example is the EDM codes that were introduced in 1992. There are still a lot of physicians out there still do not have this down yet and that was 1992, and here we are.

The inclusion of the phrase indicating those "who choose to conduct transactions electronically" is particularly troublesome to us and could be seen as inducement to take a giant step backward as we experienced with the California Medi-Cal Managed Care Program. When the various plans were implemented throughout the state, there was no requirements on behalf of payors to accept electronic claim submission. The result is millions of paper claims suddenly being introduced into a system that was previously highly automated. HMO's and other payors may accept transactions electronically when submitted directly. However most physicians in California are contracted through IPA's a vast majority of whom do not accept electronic claims. (I just lost my spot here.) It might prove easier and/or less costly to revert to paper claim submission than to comply with electronic standards thereby shifting the burden to the provider's office or to the billing service we represent. Our recommendation would be that any standard formats adopted should, at the very least, be mandatory for all intermediaries working with the government plans including IPA's.

True simplification can only be accomplished through wide scale implementation of the proposed changes. Anything less will only add that additional layer of complexity which was mentioned earlier. We presently have a Medi-Cal/Medicaid program which uses different codes than are allowed with Medicare. Our workers compensation carriers and private payors can opt to use different codes. Home healthcare, ambulance and pathology all have different code sets and even programs within the Medi-Cal system such as CHDP use different coding systems. While this situation serves to illustrate the point that standardization is needed and also stands as a glowing example of a need for widespread public and private sector implementation.

We have addressed each of the questions which I'm not going to go into. They are in review. I would like to thank the panel for the time given to us.

DR. DETMER: Thank you very much.

MS. HARMS: As I said my name is Dorel Harms, I represent the California Healthcare Association or CHA. CHA was previously the California Association of Hospitals and Health Systems. We represent over 400 hospitals and over 50 physicians group in California. Today I'd like to comment in a capacity of vice-President of professional services of CHCA but also the acting president of the California Institute for Health Systems Performance, a collaborative effort designed to address comparability in California hospitals and also with the ultimate goal of improvement of care. First we apply the purpose as stated in subtitle [S] of the HIPAA, "To improves the Medicare and Medi-Cal programs by encouraging developmental of standards and requirements in the complex electronic transmission of specified health information." CHA was instrumental in the development of both the UB-82 and UB-92 and supports standardization.

Regarding the answers to the questions asked the NCVHS communication, I'll go through each one of these and name the number that I am addressing.

Number 1, when fully implemented the standards will have major impact on nearly every aspect of the health care arena. Because Medicare and Medi-Cal represent the critical mass for many of our providers, standards set by the HIPAA becomes universal, which from many viewpoints is desirable. Speaking more specifically, the time it takes to perform administrative transactions will be reduced. Educating employees and reformatting computers will be very costly. Maintaining privacy and confidentiality will be more of a challenge and the assignment of unique identification numbers will allow collection of data across the continuum of care as something that we're very encouraged by.

Question number 2. Currently several of these standards have addressed priority issues in our hospitals. Several hospital systems have a standardized administrative transactions, coding sets, and adopted unique numbers for providers' plans and patients within their system. But I think that the issue here and the key term is "within their system." "Within their system" is the issue for any organization, including the institute that I referred to that wishes to compare outcomes.

The institute was established to provide standardized comparable information for hospitals' internal use to improve care and also for external use by payors to makes decisions based on the outcomes of the care provided. We do not have a starting point without standardized definitions and coding practices and the ability to identify providers and patients by using the unique numbers. Hospitals and systems cannot accurately compare themselves to providers outside their system without standardization. Hospitals are at various stages in attempting to address these issues and the institute has included standardization in its strategic plan.

Question 3. Unfortunately many hospitals are not voicing concerns about the types transactions specified in question number 3. Hospitals are just beginning to realize the implications from the HIPAA. But there is value in recognizing the lack of specific concerns due to a general information void. Providing care in California hospitals is changing rapidly. Probably more so than at least 45 of the other states. Managed care has affected every aspect of hospital performance and many hospitals are struggling with all the pressing issues. Many hospitals have not yet begun to prepare for or even think about the issues you are addressing today. It's not on their list of priorities, at least not yet.

As far as the availability of data, much of the [unintelligible] recorded in California requiring standardization will necessitate format changes at about the same time other changes need to takes place to accommodate the year 2000. CHA recently learned that many of our hospitals have not begun to address millennium changes, the millennium change. Nearly every piece of equipment in a hospital has some type of timing device that will require adjustment. We are convening a work group to address the problem. Our concern is the HIPAA required changes will take place at approximately the same time, creating what we see as exponential problems.

Quality of data has been an issue. For example hospitals have been required to submit the patient data abstract to the state for every patient discharged from an in-patient setting here in California. Penalties were not enforced and the data is not always accurate. On the other side, there is also a question about the edit process. Current activities are attempting to address this. A great deal could be achieved through standardization but it also needs to be a priority.

Question number 4. Administrative simplification, clinical and payment need will all be assisted if standardization occurs. The true balancing act is maintaining privacy. Precautions can be taken. But to be useful data must be transformed into information, which can only accomplished if the data is accessible. Accessibility makes data vulnerable and security can be threatened. Choices will need to be made. Possible precautions include enforceable policies on usage. Periodic security reviews and specific plans to protect data from attack. Encouraging a well-thought-out plan in advance at every juncture should dilute the problem somewhat.

Question number 5. One way administrative simplification can be achieved while reducing administrative burden is to eliminate record duplicating. Frequently the same basic information is requested in slightly different formats. For example, Medicare requires one set of financial data, Medi-Cal another, and OSHPAD yet another--the Office of State Health Planning and Development here in California. The same is true of the private sector. Each contacted HMO requires the same basic data in a different format and the amount of data requested is growing eliminating duplication is vital to simplification, and I urge you to address that issue also.

Number 6, because we represent so many groups this question has all multiple answers for us, and I think that you probably can get more specific answers from the other groups.

Question number 7, ambulatory and in-patient coding systems should not differ. Having separate systems was developed when procedures done in the ambulatory setting were different from those done as an in-patient. In many situations is no longer true. Having separate coding systems is confusing and does not support the concept of standardization.

Question number 8. The year 2,000 is one targeted for change. This time in relation to the ICD or ICD-10 PC. I envision a massive meltdown with all the changes required of hospitals and their computer systems in the year 2,000. Changes should be staggered when and if possible concerns.

Question number 9. Concerns have been addressed throughout my comments. In summary, simplification through standardization and the identification of all parties is long overdue. Reducing duplication would also be very helpful. Initially it will be an expensive process and we can expect delays in transactions. But simplification and a reduced cost can be achieved.

In closing I would like to emphasize that implementing these changes as we begin a new millennium will present additional challenges. Thank you for inviting the CHA to attend this meeting today and we would like to assist in any way we can.

DR. DETMER: Thank you, Ms. Harms.

MS. FRANKS: I am an Assistant Administrator of Sutter Health in the Central Area, which is one of the areas within Sutter. For those of you who might not know about Sutter Health, we're a large nonprofit integrated health care organization. I did prepare a handout for you can pretty much follow along. It's 2-sided. We're located more than 100 Northern California communities. We have 25 acute care hospitals, multiple long-term care home health and out-patient entities. We have over 4,000 physicians that are aligned with us. Almost 1,000 of those are legally part of a foundation that is part of Sutter. We're a majority owner of OMNI Health Care HMO, which is a health care plan. We have over 31,000 employees. I'm going to focus on just some of the questions I felt that my input was more appropriate in some many of them, and wouldn't take much longer than 10 minutes.

The first question: What is the expected impact on the health care providers? And I'm going to present my feedback from the provider's standpoint. In general, I think the provisions are very well intended. However, I think many of us believe they will create added burdens for health care providers rather than making work simpler. The time lines that I think you have been charged with are very aggressive. I'm going to try to relate that to some of the other things we're going through in health care that might give you and example of how aggressive those are. Information technology from my perspective is going to be a major challenge that both the challenge of standardizing information technology, and cost to do so, to create all the electronic transactions.

At Sutter, we are currently experiencing very high cost for our new systems that we're purchasing. And we're finding across the 25 hospitals in the out-patient arena and our physician groups that there's much complexity in trying to standardize across just that small, small subsection then it isn't anything like what you're trying to do. On a national level these issues we experienced on a small scale will be greatly compounded. One of the questions is will vendors able to supply cost effective products for us, but in a timely manner.

Focusing on costs, I think many of you know that the health care margins for health care organizations are very slim today. The cost of the converting current systems, modifying our operations, and ensuring compliance will likely be very expensive and time-consuming. Taking all of those in conjunction with everything else that's going on with healthcare, trying to set up managed care, capitated systems for it. There's so much else going on today. Who will pay for those costs? The costs of implementing all of those?

Another concern that I have is in the unique identifier and just the creation of that nationwide, unique identifier I think is an overwhelming challenge. My background is medical records and in other system we have tried to implement an enterprise-wide master patient index and have had significant complexities and difficulty in finding a system, a system that is available that has intuitive logic that we were interested in. Just the ability to implement that in all of our various systems that we have across our organization.

I think it also creates some major confidentiality concerns. And in the area of confidentiality I think we're all concerned about that, unauthorized access from external parties--and that's a major concern for us. Yet another one is balancing the need to be able to share that data across our large organizations without concerns about disclosure penalties.

In terms of question number 2, what is Sutter doing in terms of current priorities and standards? We are in the process of trying to standardize our financial and clinical systems and it is taking much input, much effort, much time and cost to achieve that standardization and it's not happening overnight. We are replacing our financial systems and we'll need to implement that in a phase-in across our 25 health care systems and out-patients and it's probably going to take us 3 or 4 years to do that totally.

In question number 3 concern regarding transactions, I had a couple of areas I want to provide there. The first is, I think it is very important that all government and private payors and plans comply with the requirements and I think that's what Sharon mentioned that for this to really work, it needs to be mandated. We're rather concerned about the changes that may be made and that will really create even more chaos for us in health care organizations.

The common definitions and standards, just in trying to implement those in a small system, I think will be a major challenge. Trying to get all of the parties to agree to what definitions and standards are within the time frames that you're talking about. A third area of concern are claim attachments. For this to work effectively for health care organizations we're going to eliminate current requirements that requires us to forward paper attachment with bills to payors. Examples of that are copies of authorizations, copies of discharge reports, copies of op reports. It's getting more and more voluminous every day and every pay area is somewhat different. But transmitting such records--so the ideal would be, if we have to send those attachments to justify payment, to do so electronically would be ideal. But what will that take to implement a system of electronic transmission? And how costly and time consuming might that might be?

Number 5, the best coding approach. I think many of you, and you've probably heard it from a lot of people, that we have multiple different coding systems and for different payors. And it's very duplicative and time consuming and costly for health care organizations. So if we can standardize on one diagnostic and procedural coding system it would be ideal. But I also understand that, that would be a amazing feat to pull that off in short time frames.

In summary on number 9 my advice and recommendations regarding implementation would be ensure our payors and plans comply. Ensure that the cost of the product and what it takes to comply are cost effective and not burdensome. And I think as many of us have talked, we don't know enough yet in terms what's envisioned. I think as we know is a little bit more than what the vision is what some of the data elements are and that we can give you feedback.

Continue the significant participation and input that you have allowed. Implement reasonable security and compliance standards. You know we're somewhat nervous internally within a health care organization what new burden will be placed in us because security mandates, and allow sufficient time for implementation. I do think your timelines are very aggressive and I thank you for the opportunity to provide input.

DR. DETMER: Sounds like you're very envious of us. [laughter]. I appreciate that very much each of you. Mr. Joe Harrington was also going to have been originally on the panel in case you're looking at your program. He is not going to be able to make it. So essentially the panel is open for questions and comments.

MR. SCANLON: Several of you mentioned that the time lines for implementation--I wonder if we can talk about that a little bit more. The law, as you recall, asks that the secretary of HHS to implement which in essence means to adopt the standards by next February of 1998. Then most plans, providers and others would have an additional 2 years, 24 months, to implement and small plans to be defined would have an additional 12 months. What do you in your other assessment--obviously that's very ambitious. What would you see it. Some other ways of looking at it what time would you think might be more appropriate?

DR. LUMPKIN: There are 2 pieces to this. One is the identification of the standards, second is the implementation of the standards. If in answering that, you could say whether or not you feel both are ambitious, or the issue is more in the time frames of implementation than identifying which standards should be implemented.

MR. DETMER: Doctor, (cross talk),

DR. LUMPKIN: Shares of implementation.

MS. FRANKS: Well, first of all, I think you said February of next year for your standards, for completion on your recommendations for your standards. To me that seems sort of ambitious, but again we don't know exactly what this is going to look like maybe it's taking what we now providers submit for UB-92 you know we don't know that. To me it seems pretty ambitious to get the various parties to agree, but then to maybe take that out and get more input once you have proposed data standards. I think it would be very helpful to get some input as you are now, at that time. So that to me is a little bit aggressive.

Then for the 2 years to implement those standards you know just from a provider I look at all of our data systems that we will need to change to comply with that, I look at all the plans that we'll need to modify. I mean it's going to take some time for us to just modify the current systems that we have and ensure that everyone is simultaneously implementing. I don't know. One idea might be to select certainly states for pilots just to make sure that these are truly workable before you have the whole nation...

DR. LUMPKIN: You're thinking California?

MS. FRANKS: No. I was thinking of Illinois.

DR. DETMER: Any comments?

MS. HARMS: I certainly agree with what Kay has just said, and we were talking earlier that she was telling me that ever next five years they have approximately 250 million dollars is dedicated to making the changes and I believe that's not including this. Right? So we're talking a major financial concerns here, I think just to put that in the queue as far as what our hospitals are a planning, in their financial plans, strategic plans, et cetera, sometimes takes more than the 24 months.

Another issue that I see and I don't think that we've done did a very good job meaning myself in California is really bringing this the fore. If there is some way that we can give this more publicity, as I said I am responsible for some of this. That I would relate like to work would the group to do that because I don't think many of that's hospitals have a clue as to what's happening.

DR. DETMER: Well what good are you if you're going through this really massive time of transition. It's a time we ought to be weighing in on this because if you wait until that's done, then you really have problems and also tying it in. So it's messy it may be timely.

MS. FERRELL: I agree with Dorel, and what I would like add to at that is the fact that we need to budget in the education and training that would go along with all of this transaction. I think at that is a little aggressive too, to be able to attempt this time frame. Because we have currently on provider side, we mainly represent many provider side, we have a serious shortage on qualified personnel to do medical billing. This just adds another layer to the problem. And we're we're aware of the fraud and abuse situation and take that very seriously and we feel that qualified personnel is the only key to eliminate that particular thing but I think that the aggressive target.

MR. MATEJKA: Just is a couple comments and that would be that for our association represents thousands of physician practices, and speaking just general terms of physician practices, there are numerous computer software systems out there that they, or ourselves, as somewhat opposed to hospitals, we do not have the ability to automatically go in and program changes and modifications. We sometimes are at the mercy of software vendors that we utilize. Obviously, I'm sure they're somehow part of this loop in the process but we're somewhat dependent upon their ability to comply with whatever the regulations are, either nationally or state specific et cetera.

DR. DETMER: We heard from others, the importance of getting this more on people's scanners too. So your help and thoughts on that would be also very useful as well.

MR. LUMPKIN: I'm sort of fascinated. Maybe I'm not understanding some of the things you may have said, Ms. Ferrell, in relationship to the complexities that may be a result of the standardization. Can you help me understand how our attempt to limit the formats and structures and number of coding systems would add complexity the billing process.

MS. FERRELL: That's kind of a blanket statement and it depends on how it's going to be simplified. Because we're totally in support of simplification, believe me, because of complexity we deal with. But there are times that we do make decisions that we think this is a simple avenue to take and we end up with all of these problems out here that we didn't think about. I guess my point is that I think we ought to work with this cautiously, and we would be very glad to work with the committee on anything that we can do. But it's just concerns that a lot of the times we, even ourselves, jump into things we regret after the fact of making the decision, that we support the simplification in the standards.

DR. COHN: I had a question for Ms. Franks, perhaps the others would want to join in. I find myself a little confused, perhaps like Dr. Lumpkin, about I guess, some of the concerns that I was hearing expressed. I'm well aware of your initiatives, et cetera, to try to standardize financial and clinical systems and I think any of us in large complex organizations are trying to do that, typically to help standardize data. And underneath the systems is typically this desire to have comparable data across institutions. I know within my organization we seek standards so that we can have national standards around these data definitions and how we're defining data with these systems. I would think based on what I see as your priorities, that you would be welcoming and embracing these sorts of efforts as opposed to expressing major concerns. Perhaps you could clarify that for me.

MS. FRANKS: Well, I think the one thing is just the major priorities that we're involved in, that this is another one that takes and diverts resources that are already very stretched. We're totally changing our financial systems. Every one of our institutions has a different charge master. So it means going back standardizing each and every item. You know and there's sometimes 20,000-30,000 entries on a charge master.

I mean it's things like that -- and when you're geographically separate, just the challenges of getting people together frequently that already have more than full time jobs in health care to agree on standards. Any that impact multiple types of professionals within our organization take even longer. Physicians and you know because you have different needs. So it's--I suppose in some ways it's a resource issue because you have so many different priorities in health care today of just trying to divert those to accomplish what is needed here.

MS. COLTIN: I have to say I have experienced the same kind of thing that you have as part of the organization that has gone through several mergers over ever past several years. We find that each of the claims systems in each of various managed care organizations that have come together have been difficult to merge. And part of process that has been so difficult it exactly what you're describing, getting the people at that time various merging entities together to the try to achieve consensus.

But our take on it at this point, having gone through it three times, is that it would be a lot easier to have someone from outside say "This is the way to do to it." And then we all do it that way than trying to get together and reach consensus because when we do that, each one, each entity kind of, each entity has its viewpoint and wants to make as few changes as possible to whatever they're currently doing.

Whereas, if there's an outside standard that seems to have widespread support then everybody's in the same boat, trying to adhere to that standard. That's the position we've come to and I just wondered how you would view that way of looking at this issue.

MS. FRANKS: Some of it for me will depend on seeing what the standards are and knowing what they are, then knowing what potential complexity might be. Blue Cross is a good example, where we implemented electronic transaction of billing and it took a significant amount of time. I'd say maybe a couple of years from the time of plan. And those were data elements that is were already standardized we're changing the method of transmission. I don't know, back to standards we're finding it's not that easy, you know OSHPAD may be an example to, where even though there are very clear definitions for each data element that's provide, there's still problems in how people interpret that data. So there just needs to be a lot of time and clearly understanding what the standards are and how they are defined and then implementing, if you don't have that type of data or you're not submitting it now, setting up systems that allow you to provide that efficiently.

MR. LUMPKIN: [Mr. Matejka?]

MR. MATEJKA: I'd like to say that I think that from our behalf there's the usual fair amount of--you want to stand back and move very cautiously simply because we totally welcome some performance standardization but we sometimes see a pattern. Not necessarily a pattern--but one thing that concerns us is that this, according to some of what I've read that those volunteered to participate would participate with the standards. That's what we have in California, where those that do great and that don't. Such IPA's as an example, or the different payment plans and programs that don't participate then we have to suddenly now meet and comply with their standards.

So we would like to see something that could somehow be more universal. We think in a payment program or a health care delivery program has any government involvement then they should be required to have to live with these standards. Other than just say Medicare, CHAMPUS the Medicaid programs, etc.

We also, another good example is Medicare--to obtain a provider application for Medicare they implemented an 855 form. We call it the 855 Excedrin headache for us in the trenches, because I myself am involved with physicians in California and there's two carriers in California for Northern and Southern California. I may have to fill out the exact same form as required by Medicare and yet I have to get two different interpretations from the different carriers on how to complete it and the information they want on it.

Here's an example of a simplification process that the intermediaries or the carriers interpret it two completely different ways. So in that type of scenario, we think the approach would be that if the rules of the games could be very clearly defined and that's how we kind of could answer some of these questions, that would be just be wonderful.

I know that our state Medicaid program here in California is a "well-defined" -- when I say that I mean they a very thorough, comprehensive, user manual that you, the provider, can go directly to pretty much find the answer to questions. So those would be some of what--we'd welcome about standardization, although but we're a little hesitant at the some of the changes.

DR. LUMPKIN: One of the things that will be important to us as we make our assessment, and certainly as we move forward in the standard identification process, we are directed by the Act to look at the currently existing standard development organizations. And so in that regards, if you look at X12M standards and those kind of standards, it's a fair bet that's where we're starting. So any specific comments that you might want to have, not necessarily today, but subsequent too, as to what kind of standards would have useful.

We'll be weeding through them and trying to figure out which ones we're going to try to adopt. But I'm interested in also trying to be able to evaluate the impact. Because there is a cost to making change. But there is also a cost to delaying change. How long? What's the lifespan of a information system at a billing company? How long is it--I know that in my wife's office, she had the same system for about 6 or 7 years and then had to go to new system because it was no longer being supported. So there are people who may be today making the decision on a new information system and if we delay the process of identifying standards they will have incurred a cost which perhaps they will now have to incur once we initiate the standards. So some help, from each of your organizations, particularly from the hospital and the billing of some of your impression of what that cycle of change of the currently existing information, even between one version to another which requires some update and changing or to a totally different system. It would be helpful.

MR. MATEJKA: Personally, myself, I went into private business with assumption that it was like a car mechanic. I could buy a tune-up device and tune as many cars as I wanted for as long I wanted. Unfortunately, I found after about a year and a half that the system I had wouldn't do the job. I couldn't tune up my more practices. I have a mind-set and that's about every two years there's going to be some kind of enhancement to the system. I personally use a very nationally recognized system, one of the top three in the United States in practice software systems but about every two years I'm having to tweak it out somehow by buying something for it.

DR. DETMER: Any comments?

MS. FRANKS: I'll answer for Sutter, you know, we're pretty much realizing all of information systems. Our billing systems I would say are a good 10 years old and as we went out there to identify new and state of the art systems, they are in the billing arena, the admitting, discharge, transfer billing systems there weren't a lot of new client server types of systems out there, so you. You know, I think for most hospitals since there's nothing, there are not significantly new, really enhanced billing systems, they'll probably stay with the ones that they have. And, many particularly in large organizations, are systems of billing are there for long periods of time. But you're right there are significant enhancements based on changes in laws. DRG changes and things that we're constantly trying to enhance, and we have difficulties.

DR. DETMER: Sharon?

MS. FERRELL: I'd just to add like to that, that I have a proprietary system, and one of the reasons that I have kept it a proprietary system, even though it's old, is about four years ago, I sent out an RFP across the country and I had 52 mandatory requirements, which were basics to me in billing for software and I got three responses, and out of those three responses when it came down to it, none of them could comply with all 52 requirements. I think we have a very tough issue in the software side of them keeping up with the changes and also I think it applies to the hospital as well as the provider side, of them not having all of the products within their software that's really needed for billing today. I mean, I see some of the software that they're just now getting software things that we were doing five years ago, seven years ago. I think that's a cost issue that needs to be taken into consideration, is the software side of producing these changes, and so on.

DR. DETMER: Why do you think that they so far behind? It's just a by product of not having standards, or?

MS. FRANKS: Health care in general is so far behind the banking industry just in information technology. I think its probably that dollars for remember search and development health care doesn't have--hasn't invested the dollars in systems, so...

MR. MATEJKA: I'd like to say a lot of that, that I've personally experienced is that big software developers put it more into the selling into clinical modules, you know, medical records, things like this. And the billing what we're finding we've had a big ramp up at that last probably two years I know I have personally. We're obtaining clients who hire us simply to gather statistical and do a lot of report generating information on patient data base, whether or not had a contract with, I keep saying IPA, but a contract with a certain plan is viable or not, in terms of medication business decisions as to if they should sign up into this contract. So we're finding that a lot for the numbers crunching of data is what everybody is a look for out there.

DR. DETMER: Just a minute, Jim?

MR. SCANLON: Let's take a step back together. The theory of the law here was the assumption as there would not be a need so much for new standards as there are a fair amount of existing standards. Standards developed by American National Standards Institute and other standard development organizations and the other part of the theory of the law here is that the law, and you have pointed this out, the law doesn't require electronic interchange per se. It requires that do you electronic data interchange then the standards apply, which I think you're all agreeing is problematic because it does allow [outlaw] I suppose. It could have the perverse effect, I suppose, of actually moving away in some instances. But is it not truth that, I mean there really is the assumption that the drafters of the law here had--there were a number of these standards.

In California, for example, you have had a high percentage of electronic billing in the hospital area, I presume, as well as in the out-patient area or institutional area and others. There seems to be a paradox to me that there apparently is a fair amount of electronic interchange now to support claims and yet here we are sort of arguing that we can't, that it's difficult to move forward or that it's not enough to build upon.

MS. FERRELL: I think from the provider side, this goes back to what Larry said, is we had a lot more electronic format prior to managed care. Prior to IPA's and Medi-Cal Managed Care System going into effect. We have taken steps backward in a California over the last few years because of these issues. Now we have--as I think the panel had all agreed--I think everybody has to comply with those standards. We have can't have exceptions and, that where I had stated who choose. And that was disturbing to us due to the fact that there may be a lot of them out there who choose therefore we have the exceptions again with we have to go out to paper.

MS. FRANKS: I think the challenge is getting the payers to all agree on a common set of standards. One of the challenges will be getting all of the payers to agree to comply, and to standardize.

MR. SCANLON: There are standards but there are too many of them.

MS. FRANKS: Sometimes when we started this, operationally there were limitations. There are limitations--when you can transmit--so, you know, as you get a larger operation will need to mindful of that. In California we're moving rapidly to capitation. Some payors we don't even provide bills anymore. So, that's another complexity to look at.

MR. MATEJKA: I would like to add on that, and we hear this from physicians who would like to hire us: "Well, there's no billing, becauase we're capitated." Well, that's totally untrue. We still have to register. We still have to submit a 1500 claim form. I don't know anyone that accepts it electronically. For panel members that don't know, in California they have what we think is a great California Medicaid processing system -- whatever we send in this week by Friday, the following week we have a check in our hands. It's great. The EOB looks the same every time. The remittance advice. Now with managed care moving the State, the State of California moving all the Medi-Cal beneficiaries out into managed care programs by county, of which there are, what -- there's 52 counties in California. They've done a county by county -- they have recently done-- currently taking the Medicaid population in LA County which I heard upwards of 1.7 million enrollees, or beneficiaries down in there. They're moving them out into these managed care plans which means now we take a step backwards because managed care plans can't accept any of this stuff electronically. What used to be a very standard standard, well-understood, well-documented, well-defined system we now have to go about and comply with each one of these provider groups methodologies and how they want it, what coding structures they want it in, et cetera. We'd like to say: Hey, if you guys play ball with MediCal in a Federally subsidized program, then you have to comply with the standards. We would welcome that totally.

DR. MOR: That's a very good point. I have two questions. Ms. French you mentioned something about the unique ID for individuals, to create both technical as well as confidentiality. What are the technical issues about a unique ID?

MS FRANKS: Well, you know, for us we have tried to [across] 25 hospitals, and tried to--we actually sent out RFPs to identify a master patient index where all your patients for our organization in Northern California would go into one database, and a unique identifier to that one patient no matter where they were would be assigned. And we found none on the market that would meet the needs of a large, integrated healthcare system. To me the technical aspects are: How do you do that accross the entire nation, and how do you do it in a way that the provider can have that feedback immediately on the birth of a baby so that when we get ready to build for a newborn a day or two later that we would have that identifier. So what is it that we are going to connect to that would be just--from an information technology standpoint--large enough to provide that.

DR. MOR: That was very helpful. The other question, you mentioned something about commonality of output reporting. The least the little bhtat I know about--the law doesn't specify anything about standards of output reporting and so on and so forth. So I don't know how kind of perview this Committee has in that area. But I wonder whether you thought about if the inputs were common and standardized whether that in your mind would create a sufficient language of commonality that people might then ask for the same kind of thing in the outputs, although you clearly can have lots of different ways of organizing the output, even though the input is the same. Do you understand the question?

MS. FRANKS: I think my point when I was addressing this was that when you're looking at performance measures and outcome, if you don't have a standardized point at which you begin, so you're not all speaking the same language, it's like a garbage in / garbage out type of thing. I think before we can have really comparable performance outcomes that we need to have the standardization that you're addressing.

DR MOR: That's what I thought.

MS. IEZZONI: Yes, I have a couple of questions as well. The Center Health System, according to your information sheet includes long-term care, and home health care. Many hospitals now have gotten into vertical situations where they have the hospice on site, or the long-term care on site, the post-acute care setting as well as home health care associated with the hospital.

Can you talk a little bit to how the issues that we've been discussing right now play out in these other settings of care? The long-term care setting and the home health care setting.

MS FRANKS: Well, it will impact them very similarly. I think the difference may be that the software systems are different, so you're dealing with different...

MS. IEZZONI: That's what I wanted to hear you talk a little bit about.

MS. FRANKS: ...Different software systems that are very unique to home health. And again, that's going to take time and money and dollars to modify those, and the numbers of vendors that exist to do that are minimal, but the numbers of home health agencies are plentiful. Does that, I don't know if that's what you wanted?

DR. IEZZONI: Yeah. Those are the kind of things that I'm interested in hearing about. Also about coding sets, whether you think that the current coding sets that are used, for example, in acute medical care settings and hospital outpatient clinics and physician offices really translate to home health care settings and long-term care settings, both for billing, as well as for reporting clinically what the diagnosis are and the conditions and procedures that are given to patients?

MS. FRANKS: You know, I have involvement with our home health agencies, but I, I'm personally just not aware of how much difficulty they have in code acceptance and difficulty in doing that. I'm probably not the best person to answer that.

DR. IEZZONI: Okay, that's a fair answer.

MS. HARMS: I think that linkages is a real clue here. The various linkages, if you can link a lot of this information together, that will certainly solve of these problems. As far as home health, I think with some modification, that could be achieved so that you could use the same coding approach with that. After all, we're taking care of the patient that has usually been in the hospital setting and it's just continual.

Which brings me to the next issue that someone was addressing, and that's the unique number I see as very valuable in tracking these patients across the continuum. If we're ever going to evaluate outside of our hospital family, so to speak, and truly evaluate patient care, I think we must have that unique identification.

FEMALE SPEAKER: Can I follow up with a couple of questions, Don? Hasn't (Oshwood) been requiring you to submit Social Security numbers that they then encrypt?

MS. HARMS: Yeah.

MS. IEZZONI: Yeah. What is the new experience with doing that?

MS. FRANKS: We just don't always have a Social Security number on a newborn. Some of your patients that come in that are trauma patients, I mean, you just don't always have it.

MS. IEZZONI: So how do you deal with that?

MS. FRANKS: You have an ability to put in a zero base number.

DR. DETMER: When you do have it, does it work when you've got it?

MS. FRANKS: I think it does. I know we have experienced, you know, as part of our registration systems, that's a required element. And if we don't, we can put in a dummy number but...I think except for newborns, there are times where husband and wife that are older, their numbers are sometimes transferred and you cannot always insure total accuracy that you've got the right number for the patient.

MS. HARMS: Could I address that also? In Southern California that's a major issue.

MS. IEZZONI: That's what I wanted to hear you talk about, for some of the public hospitals especially, I suspect.

MS. HARMS: Yes, they have found that if they do get a Social Security number, frequently it is not correct. You may have three patients with the same Social Security number, and many of the people just do not have Social Security numbers. Or in some instances, do not want to give them to the hospital.

DR. DETMER: More social than secure.

MR. MATEJKA: Also on that, a couple points, is you take a newborn for example, the payor system sometimes allow payment to be made under the mother's ID card for X number of days, which is true in the state of California on it. So there are ways that are dealt with, prior to them having their own "identifiable number" for service rendered.

In terms of, as you were asking about home health, I grew up in the hospital environment before I switched over to the physician side. And at the time when I switched over I was over a home health billing division also. And we had separate, identifiable systems that were specialty driven strictly for home health, and I think that they would be a separate discipline all in of themselves. We do have some members within our group that deal with home health care services, and these [are] becoming more prolific in terms of billing here in California. But it's just a specialty all in of itself.

MS. IEZZONI: And my final question. I was very interested to hear both Ms. Harms and Franks say emphatically that we should have a single procedure coding system. But then, soft peddle a little bit, appropriately, and say it might be hard to do this. I wonder, Ms. Harms, whether you have talked with your counterparts at the California Medical Association about this?

MS. HARMS: We're on the ninth floor and they're on the tenth floor.

MS. IEZZONI: Oh, are you in the same building?

MS. HARMS: Same building. No, we have not discussed that. Like I said, the discussions have not taken place truly within the hospital community, much less discussing these things with the other associations. And I think we're remiss in that. I believe it should be happening, but it has not happened.

MS. IEZZONI: Could you tell us little bit, both of you and maybe the others as well, why you feel so strongly that we ought to have a single procedure classification system even though it might be hard to achieve?

MS. HARMS: I think if you're talking about simplifications, then you need to go to one system to simplify.

MS. FRANKS: To me, probably a good example is outpatient surgery. And depending upon the payor in California, you will use different systems for the same procedure. And that is very duplicative. I mean, for us it requires a lot of extra training. It requires different systems, different computer systems that will accommodate and do some internal validation. So that alone to me is some easy duplication that could be eliminated.

MR. MATEJKA: I'd like to say that a physician billing, et cetera is really at the mercy of the payor as to what they use. They have CPT, you've got McGraw Hill, you've got RBS, et cetera. You know, the Federal Trade Commission took away the unit value structure in 1975 from the RBS book here used in California, under the auspices that it was price fixing for physicians to say, "How much do you charge per unit value in surgery section?"

However, insurance carriers and IPAs and all of them use that, or some methodology of conversion unit factors. We wholeheartedly support RBRBS as a basis to use it. Unfortunately, not everybody uses the darn thing. So what happens is that we have to use different coding sets, and we like to think of it, put them all in, call it one thing, and just have specialty sections, and let it go at that. And to us, that's how we define one standard process. Because the codes that we may use would have no bearing as to home health. But to have these different, you know, different books by different names produced by different source entities.

MR. LUMPKIN: You're talking about one coding set but not everyone gets to use all the codes?

MR. MATEJKA: It would have access to it, and possibly have the ability to either, one, purchase it, or use it if your specialty that, for example, an anesthesiologist can use CPT codes and also has ASA type level codes for their service. They may have access to it and they may be qualified to use it, but their specialty may prohibit them because that's just not their type of service that they perform.

MR. LUMPKIN: So the coding set would be a universal coding set?

MR.MATEJKA: Right.

MR. LUMPKIN: It would naturally fall into specialties, but that there would be no restrictions on an individual provider, for instance a gynecologist using a urology code would not be prohibited.

MR. MATEJKA: Well, I wouldn't think that, no, in that scenario it could conceivably happen. But more acceptable would be if you're, like, just currently happened here within the last six or eight months, psychologists have their own set of codes, traditionally they could use psychiatric codes with the modifier. Medicare came along and changed all that and said, "No, no, no, you're going to have your own codes specifically for psychologists," so that a psychologist could not use an MD type service code, is how I would explain that.

MR. LUMPKIN: You're explaining what's now, but in your vision of the future, are you saying that when you have specialty subsets, that those would be restricted?

MR. MATEJKA: Well, they would have to be restricted through some method, but that's by the payor sides of the fence. That's once again if a podiatrist billed for some procedure, heart procedure, that there would be some kind of a...

DR. IEZZONI: An edit.

MR. MATEJKA: An edit. There you go.

DR. IEZZONI: Caller investigation.

MR. MATEJKA: I mean, that currently exists right now, to be honest with you. With a lot of the payors, that they'll come back and say, "There's no way that you could render this type of service for your specialty."

FEMALE SPEAKER: We're going to switch order, because I'm going to ask the coding classification, and he's changing the topic entirely. Not to confuse the panel, I'll ask my question and then Bob's going to shift gears.

As many of you know, the legislation requires the adoption of code sets. And certainly right now we've been using ICU-9 CM in the inpatient setting, and ICU-9 CM and CPT for physician billing. The timeline that both the National Center for Health Statistics and HCFA has been working under for many, many years, as you know, in terms of ICD-10 is envisioning that in 1998, that we would begin to roll out plans for implementation on or about the year 2000 of new code sets. And so what I'm curious to get from the panel is some input -- we did have almost two days of hearings in Washington on this issue -- is again to get some sense of, the Secretary has to make code recommendations next February. She's going to renounce the code sets. I mean, should we be moving to ICD-10? Should we stay with the status quo? What's your recommendations, and kind of give us an idea in terms of what kind of timeline or phase-in approach you'd want.

MR. MATEJKA: From our perspective, when we're just, right now we'll talk ICD-9s, diagnosis. You know, when we looked back on earlier versions this last weekend when we were putting our response together, when they were two digits in nature. Then they expanded them to go to the fifth digit, which they've had in place for quite a while. But the carrier specifically didn't need it. Then they came along and said, "It's mandatory that you give us to the fifth degree or fifth digit." Which is fine from our perspective, great. That is really not a problem in terms of usage, because it's really the physician practice that's going to try to be more specific in the coding process. And we welcome that whole thing. Especially if it could gather data down the road. I think, but in terms of, what is it? The ICD-9, I mean ICD-10, but what's the other one, C...?

FEMALE SPEAKER: PCS.

MR. MATEJKA: PCS. Which is more procedural in nature. Not having a chance to look at one, I'm afraid I don't know if the codes are same other something completely different.

MS. FERRELL: It was my understanding that there's no unit value for reimbursement on the ICD-9, 10 currently. Which would take at least a couple of years, if not more, to develop. That was my indication of what's been going on in Europe. That there is no unit value attached to that. I don't have any documented proof of that, it's just something that I had heard.

MS. FRANKS: You know, I should probably know more than I do, Kathleen, but I think that the benefits to implementing that are significant. And if implementing that would resolve maybe some of the duplicate coding systems that are out there, it probably would be worth just the major transition it will take. But I'm really not as up-to-date as I should be on the benefits from ICD-10.

MS. FERRELL: Let me ask a follow-up, then. Because this is what we're trying to sort through in terms of some of our recommendations. All of you have talked about the impact this is going to have throughout the industry. So just your perspective. Would it be better for us to say, okay, here's certain standards for this? And then we're going to kind of do the status quo on this, but with a long-term goal of getting to here. Or would it be better if you just say, here's everything, go out and change everything by the year 2000? Or...we're just trying to get a sense of, would it be better for you to make changes once, or...as opposed to us saying, okay, here's the first set of ten changes you have to make by the year 2000. And then in 2001 we're going to require this. And in 2002 we're going to require this.

That's what we're trying to get a sense of. What's going to be helpful to the industry in terms of whether a phased-in approach, get hit with everything at once...

MR. MATEJKA: I was going to say, that's the way...you know, once again we sometimes deal with these changes by interfacing with our software vendors. And as they're more cognizant of what's specifically required, either at the state level or at the federal level, and they can make the planning and the process. And they make the transition very invisible. And we hope that, ourselves, that we would like to educate our membership on this.

So I think that that process would be a very ideal process.

DR. DETMER: Which?

MR. MATEJKA: The process of saying, at this given point in time here are, and make sure that it's very concise and clearly defined, what the changes are.

MS. FRANKS: I support that, too, Kathleen. Do it right, and do it once. Because there are such major ramifications of, you know, with the payment systems that are tied to that. I think do it once. But see if we can maybe accommodate some of the current problems that we have with the change.

MS. HARMS: I think I'm going to have a different take on this!

If the changes were planned, and everyone was aware of what changes were to occur, I think the phased-in approach would be more appropriate. Rather than this massive change on top of everything else that's talked about.

If, however, you're going to say, okay, we're going to make this change in the year 2000, another one maybe in the year 2001, that's not going to fly.

MR. GELMAN: I want to ask...I want to change the subject. I want to ask a couple of questions about confidentiality. First is sort of a matter of curiosity. The last three years there have been, the Congress has been paying attention to some legislation for privacy of health records. And I'm just curious if you're aware of this legislation, and if you pay any attention to it. One of the leading bills is by a local congressman, Gary Condit from Modesto. Anyway, I'm just curious what you know about it.

MALE SPEAKER: Well, the local one I don't know about. I'm familiar a little bit with the Bennett bill...that addressed all of this. We as an organization, there's a national organization that has a lobbying effort behind that. We thought it was very restrictive in the sense of it would virtually tie hands as to patients making, giving permission and having to know all the people who are going to be involved and have access.

One thing that we have stated on our answer to question number one on that, that we truly do understand the need for confidentiality. We also think that what is really needed is a very clear definition that we can, we as, in the trenches, working with clerical people, et cetera, know what the limitations are as to how much data we can deal with.

I know operationally I deal with Riverside General Hospital and do billing for some physicians who work out of there. They, as the county, require me to sign a statement of confidentiality and explain very concisely what is encompassed in that statement that I'm signing and the provisions that I have to work within. By the same token, I cannot get access to a hospital real close to me because they feel that that's a breach of their confidentiality with their patient, even though I'm representing and doing the billing for a doctor who works out of, at a hospital.

So the standards are very unclear, and I would myself welcome a set, written, something that I can go to that clarifies it. But we're very much, in terms of even giving, even so much to say that we would like to be given security issues, some guidelines, if there are some that exist, as to how much information we should be giving to outside vendors because we are asked that. Not so much vendors, but medical groups or insurers who ask us for data concerning our patients. Maybe not necessarily at the individual level, but they might want to know total numbers.

MR. GELMAN: Other comments? Are you aware of the legislation?

MS. HARMS: I am aware of the legislation as a hospital association person that has a federal lobbyist in Washington, and he brings these things back to us. But again, it has not been a priority that we've discussed [unintelligible].

MS. FRANKS: We have very strict patient confidentiality laws in California. And we honor those, and they're very strict.

MR. GELMAN: Well, actually, I was going to ask about that next. If in most states -- not all states -- but in most states, if you ask about the billing process and what is required in order to disclose information for billing, you'd be told that you require the authorization of the patient. In California the law provides that information can be disclosed for billing purposes without patient authorization.

I want to get some sense from you of what is the effect of that law. Are authorizations sought anyway? Are there disclosures that are made routinely without authorizations? Are there problems that result from disclosures that may be made forbidden without authorization? Can any of you discuss that?

MR. MATEJKA: I would say that on any of the hospital- based businesses that we're involved with, we operate under the assumption that the hospital has obtained the confidentiality permit, so to speak. In terms of private patients, probably I can't say all the physicians I'm involved with who see patients in the office who come into the office sign a confidentiality statement all of the time. I don't believe that that probably in fact takes place.

In terms of the mentality that we have where, you know, even though programs operate in California under the Knox-Keene act, whereby they're supposed to process and pay a claim within, or adjudicate a claim within so many days after receiving it as a bill, quite often it is held up because they have the right to request additional information saying that they did not receive a "clean claim."

I know in those instances when they request data from us concerning a patient such as an op report or something along those lines, it's just automatically given to them for the processing with the assumption that they as a payor have the right to question that claim.

DR. DETMER: Anybody else?

MS. FRANKS: Yeah, from the provider side, upon registering for any treatment a patient signs an authorization to release the information to the bill, and we're very conscientious about getting that. Sometimes a patient will come through the emergency room, and our staff will actually go up later when the patient is able to provide that. So I would say in the vast majority of cases we do obtain that.

MS. HARMS: The standardized admission form for any inpatient in California has very small print. It says that signing this form authorizes the disclosure for billing, et cetera purposes.

DR. DETMER: John, did you have a question?

DR. LUMPKIN: I did, and it was for Ms. Franks. When you discussed unique identifier, and the development of the MPI that you were working on, you said that it creates major confidentiality concerns. My question really is what does that mean? Because we're now becoming so aware of confidentiality it's almost like becoming a mantra that we say. We say patient information, confidentiality, of course. So I'm just wanting to make sure that we understand what you mean by the confidentiality concerns that you see developing, by developing a master patient index.

MS. FRANKS: It's probably a personal feeling, but once you have a very large database that's got a very unique identifier, I just feel most of us think that that is so accessible through computers these days, and I think that's a concern. Right now we've got our own internal data systems and the identifier is unique within our own systems. But as you pass that information up, and for example, I think a lot of us are nervous about Social Security number, if that becomes a unique identifier. So that is used so frequently in so many different ways, you know, for your bank account, that just the concerns about computer hackers and the ability to get into systems and identify and access medical information about patients.

DR. LUMPKIN: So the concern is from the external?

MS. FRANKS: Yes.

DR. LUMPKIN: As opposed to the utilization of it within your system, that is not your concern?

MS. FRANKS: Yes, definitely, yes. Because I put in there that there is a concern that the disclosure requirements will be so severe that if one patient (of ours) is admitted at one facility and transferred to a tertiary, that we won't be able to share the data clinically on that patient.

So within our system, my concerns are that the disclosure regulations will be so strict that you won't be able to share clinical information when you really need to.

DR. DETMER: I think we have time for maybe one more question and still give our panel a chance to make a comment before we adjourn for a break.

MR. SCANLON: One question. One of the first standards likely to emanate from this process is probably the national provider and identifier. And a couple of you have mentioned that, that this in essence would be a unique number that would apply, that would be assigned to each provider. And I think you're basically all supportive of this. Do you see any things to watch out for, or any advice or recommendations to give in that direction? Would it be helpful, for example, in California to have a unique provider number?

MR. MATEJKA: We think it would be as long as we know where it stops growing. You know, we've had the PIN number, then the P-10, the B10. And you know, as far as I've read, it's going to be seven plus one. But then there was some further discussion in the book about some other additional locational type information. And whether or not that's dealt with at a payor level to being information or rather if it's required at the provider level to provide that, that's where we run into some obstacles.

MS. FERRELL: Plus the longer the number, the more room for error. And that's one of the things that we deal with ID numbers is, unless you're scanning them in, if you're inputting down, the longer the number, there's just more room for error to transcode or whatever in having correct billings.

FEMALE SPEAKER: [unintelligible] we really support this because, as I said, we're looking at the process of evaluating performance across the continuum care, and we really need that to be able to do that. I think what Kay and I were talking about earlier when we were addressing this issue of confidentiality, and how it will be affected if it's one kind of massive system as opposed to what we have now. What we have now is really pretty sloppy. And it's a lot more difficult to get into a bunch of sloppy systems than it will be to get into one sophisticated, organized system.

FEMALE SPEAKER: My only thought would be some concerns about the ability of public and the media to go in and to translate provider to mortality. I don't know, just some caution with how some of that information then might be released to the public in a way that would not be well-informed.

DR. DETMER: Well, I want to on behalf of the committee thank you folks. This has been really very useful. And I'd like to give each of you a chance, if you'd like to make a final comment before we break, certainly we're very appreciative of your input. You, as you know, can also continue to write us information. But we're going to be trying to pull some of these things together, because this has been very useful. Any last comments?

MS. FRANKS: You made it very easy, and your questions were very good, and thank you for the input, the opportunity to give you input.

MS. HARMS: I agree, and lots of luck.

MS. FERRELL: I agree, and we support you, and we'd like to be active when we can and help you in any way that we can.

MR. MATEJKA: And I'd like to say that I really think the foundation already exists for where you folks are headed. We talked numbers, Right now it would be tremendous to have a standardized provider number as an example, so that I don't have to have my 8:55 headache dealing with two different carriers within the same state.

Also I think that currently, when you do electronic billing on a Medigap patient, which is Medicare with a, say AARP as an example, they already have the code number structures in place for insurance companies that I think we could somewhat adapt to ourselves. I think that NEIC or Envoy, which is some of the major players in the game in terms of electronic claims submissions, already have identifiable numbering systems. So a lot of the -- to me the foundation already is there, it's just kind of implementing it and fine tuning it. But we would very much like to continue to participate with this process.

DR. DETMER: Thank you all very much. We will break for fifteen minutes.

(Break in proceedings.)

(Proceedings resume.)

DR. DETMER: Also move your table at the end around a little bit so I can see you. Hopefully it will be easier. I'm sorry I missed you earlier, Simon. I think what you need to do is wave or something like that. Feel free to gesticulate wildly. Because when you're all in a row here, it's very tough to dodge and see all the heads.

Bill, briefly, I think you had a comment relative to some of the discussion we talked about earlier. And if you'd like to comment before we get underway, that would be useful.

MR. BRAITHWAITE: I just wanted to clarify an apparent misunderstanding in the testimony that came out in the last session. The law says and is being interpreted as saying that all payers and all clearinghouses must accept electronic transactions using the standards, no exceptions. It's only providers who have the opportunity to submit their transactions in means other than electronic. That if they choose to do it electronically, they too must use the standards.

DR. DETMER: Question.

AUDIENCE: It's my understanding that providers are pretty much off the hook if in fact they're using a clearinghouse that translates whatever format they're using into one of the adopted standards to try to understand [unintelligible].

MR. BRAITHWAITE: The law allows providers to comply with the law by contracting with a clearinghouse to do that translation for them.

DR. DETMER: Okay. Our next, our current panel, now panel, is public health and research. And we anticipate that Dr. Schiller will be joining us. But I think I'd like to welcome Nelda McCall, Ciaran Phibbs, and George Flores, and we're delighted to have you here. I don't know which of you care to go first, but the floor is yours.

MS. McCALL: Thank you for the opportunity to testify on this important issue of health information. My name is Nelda McCall, and I'm a health services researcher. I've been involved in using health data information systems for more than 25 years. Besides being a user of the Federal Medicare Data System, I've also worked with many state data files, including Medicaid, fee for service data, and encounter data, private insurers data, and participated in the development of a uniform, long-term care insurance database for the Robert Wood Johnson Partnership for Long-Term Care, which collects uniform data across four participating states for all private insurers that are participating in the program on purchases of long-term care insurance, assessment information, and use and cost.

And today I'm going to, I feel like I'm preaching to the choir here, but I'm going to focus my remarks on two major kinds of issues. The uses of standardized data to develop a better health delivery system, I know all of you probably know more about this than I do. And then some sort of general thoughts on promoting standardized data collection. Some things that I've observed in terms of the specifics of some of the projects that I've been involved with.

The uses of standardized data. Despite the difficulties of negotiating and collecting uniform data, and I've sat around the table on a lot of negotiating sessions and I can testify how difficult this can be, it's of paramount importance. And it's important because there are five critical areas we need to look at: Utilization and access monitoring, financial analysis and rate setting, quality assurance, program planning, and then general societal uses for the data.

And I think it's particularly important at this place in history to be sure that some of the data sets that we've collected over time based on our fee for service system are not going to be thrown away as we move to a more managed care way of delivering services in this country. Utilization and access monitoring. It's a critical component in understanding how a medical care program is performing. Service utilization has an influence on cost, and an equally important relationship with quality.

And there are tools available to help assess if there's appropriate utilization of services and access to care by analyzing the specifics of what services are provided, and investigating potential problems with access to care. Some of these tools that really have been developed in the last five years have to do with examining utilization in more detail. And methodologies to look at hospitalized data to see if it suggests that there are particular access problems related to the delivery of such care. And this is the work that's been done by the folks at NYU and Billings and some others.

Financial analysis and rate setting data are of critical importance I think in that area. Again, utilization is a substantial element in costs. And it's important to improving more at the competition to know what the costs are that are involved in providing services. Especially as we move towards providing more services on a capitated basis, it's very important that we have mechanisms in place to control for risk selection, and you have among your members of your committee an expert in that field. And there are methodologies in place for people to look at risk selection in thinking about setting capitation payments for individual plans that take account of the health status for those populations. And I think these are very important things that are really critical to the future development of the health care system.

Quality assurance. Assuring that high standards of quality are maintained, requires the ability to analyze the data in detail. Analysis to detect underutilization of services, looking at treatment patterns by diagnosis, monitoring selected procedures, detecting (foreign) abuse, profiling physicians. And I go into some detail in my written remarks about the specifics of that.

But these are all methodologies that we have begun to look at in more detail, and to the extent that we could standardize information across multiple providers and across a full range of medical care services, we're much better to get a sense of what really is important in the medical care system.

Program planning. Any program that's involved in providing medical care needs to take a look at what's being provided under the program, so they can look at estimating the costs of modifications, looking at future costs, identifying activities that promote long-run cost containment, and researching area for general study.

But perhaps most importantly are the societal uses of standardized information. Things like determining disease incidence, documenting treatment trends. We're just beginning to understand this thing called outcome analysis. And these databases are absolutely critical to being able to understand that. Developing knowledge on a successive treatment and providing a database in general in research inquiry.

These are perhaps, I think, the most important reasons for data collection, as the data provide sources of information for these kinds of analysis. Which really are able to chart the future course of health delivery.

I think I'm just going to give up a few general thoughts on promoting standardization. And again, I'm sure that you're familiar with all these, but just to reiterate them. The current standards, I think, are very much based on data processed by the Medicare program. Because that's really where the standardization is based. And to a much lesser extent by the Medicaid program. But even with respect to the Medicaid program, the standards, the reporting of data are not national.

These provide some standards related to services covered by the programs. But I think what's really needed and what I would think your board is in a unique position to begin to think about is a much broader perspective about the logical structure of all health data and how it fits together. So that we're recording things that are like kinds of services the same way, no matter what kind of provider type it is. And at the same time, attain a buy-in of all the affected parties, including consumers, providers and users.

I've testified at many of these kinds of forums, where I was actually very surprised by sort of a lack of a more global view of how a particular type of service or particular type of provider fits into the broader range of service delivery. And I think that it's very important from your perspective to have that broader sense of how a particular kind of coding might affect the bigger picture.

I mean, for instance, home health care. I think you want to look at where very few standards really exist. Although every Medicaid program does it, there are many, many different standards for how that information is coded. And I think we have to look beyond the specific interests of the whole health industry to a broader sense of how that kind of data fits into the whole health care delivery system.

As with so much of the health delivery system, I think the problems of data integration are related to the way we pay for care. And provides one set of rules for care delivery to a hospital, and that delivered on an outpatient basis, for care delivered for a few care services and for chronic, long-term care. And to the extent that we can integrate these service delivery systems, we can substantially improve our ability to standardize collected information. And that's a tough issue and probably not one that you're willing to take on. But certainly broader thinking about standards for that is critical to the development of this kind of issue.

In thinking about how to implement these standards, I think that you need to think about the balance between building upon existing systems as compared with defining new data elements that would provide better, more outcome focused and more clinically focused data. I think it's important to continue on working on definitions (on) these sort of idealized systems, new and improved data elements for collection. But it's also important to consider that the standards we have in place do at least come part of the way in satisfying societal needs. And I think this is especially of interest when we talk about the collection of encounter data in public programs, where I've often heard arguments that we should give up on collecting encounter data in the form that it's currently being collected.

But making that kind of decision, and develop a new system that's more clinically focused. But making that decision in an era where actually some kind of that kind of collection is going on, and is successfully going on, I think needs to be carefully considered.

The standardization to be taken on should be broad-based and include standards, I think, for long-term care insurance policies. I read within some of the questions that were asked that there's some discussion about whether long-term care should be in the standards (setting) that's part of this. I think the sooner that discussion can begin on standards in these areas, the sooner that such kind of data collection can begin. I think there needs to be information on those who purchase insurance, on the use and cost of the services that they get, and on their assessment for benefits.

In the next decade, more and more of health resources are likely to be spent on beneficiaries in need of chronic, long-term care, and the standards developed to monitor how and when care is delivered are of critical importance. We were part of the development of the system for the Robert Wood Johnson Partnership for Long-Term Care, and we'd be happy to provide more detailed information on that system, structure and operation. And I thank you for the opportunity to testify, and I'm happy to take any questions.

DR. DETMER: Thank you.

DR. PHIBBS: My name's Ciaran Phibbs. Thank you for this opportunity to testify. I am a research economist at the Center for Health Care Evaluation and the Cooperative Studies Program at the Palo Alto V.A. I am also an assistant professor at Department of Health Research and Policy, Stanford University. For the record, I want to make clear that I am testifying as an individual, not as a representative of the Department of Veterans Affairs.

I know that this committee has heard testimony on the advantages of individual identifiers and many of their potential uses. I want to focus my remarks on the potential gains of being able to link data from different sources together. I am pleased that the idea of unique identifiers and data standardization are being considered. These will facilitate data linkages. Based on my past experience with data linkages, I would recommend that the standards include a set of identifying information instead of just relying on an individual identification number.

One potential gain from data linking occurs when complementary data are contained in different data sets. An example that I will use is an analysis that I had recently had published in the Journal of the American Medical Association that looked at the effects of patient volume and level of care at the hospital of birth on neonatal mortality. From the perspective of this committee, what is important is that the results from using the linked data not only increase the predictive accuracy of the model, but also yield substantive changes in the results.

This study looked at how the characteristics of the birth hospital affected neonatal mortality, using previously unavailable linkages between birth certificates and hospital discharge abstracts. This study was able to do a more complete case mix adjustment than was previously possible. The results showed that the mortality advantages of being born in a hospital with a high volume tertiary facility were much larger than had previously been reported.

For a follow-up manuscript that is almost complete, we explicitly compared the results of the model estimated using each of the data sets individually, and compared them with the combined data. The last page of my prepared comments shows the main table from this draft manuscript. It shows how the results differ when I use information only from one of the two data sets, compared to the information on both data sets. The last column shows the previously published using linked data. The previous columns show the results using only the discharge data and only the birth certificate data, respectively.

Using only the birth certificate data, while the qualitative effects are the same, the size of the estimated effects are smaller, and not all of them are statistically significant. When only the discharge data are used, the qualitative findings are totally different, and none of the differences are statistically significant. Which just highlights that there are cases where linking these data yield significant differences.

The cause of these differences and my findings brings up an issue that applies beyond my study. The reasons that the findings changed when I had to link data was that the addition of the discharge data to the birth certificate allowed me to control for diagnoses. If you're just going to use one, the birth certificate is more important, because that's where the birth weight comes, and that is the single most predictor of neonatal mortality.

But the addition of the discharge diagnoses partially correct for the selection bias that exists due to the selective referral of a disproportionate share of the highest risk cases to selected tertiary centers. But the ICD codes only control for the presence of diagnoses, not their severity. Given the direction of the selection bias that we observe, it is a reasonable expectation that my estimates are still biased. That within the diagnoses, those with the most serious cases of those diagnoses are more likely to be selectively referred.

As more complete clinical data sets become available, it will be important to allow the linkage of these clinical data sets to existing data. This is a problem for many health services research projects. While some research has shown that the value of adding such data is limited, I believe that in cases where we know there are systematic referral of at least some of the highest risk cases to selective hospitals, that these additional clinical data can be quite important in terms of removing the effects of selection bias.

Another example of the importance of data linkages is from my experience as a V.A. researcher. And that is that the use of health care V.A. facilities is not reported to any other body. But many veterans obtain care outside the V.A. system. The ability to link these data sets would make it easier to conduct research from both the V.A. and non-V.A. perspective. It's very important to the Veterans Affairs in terms of predicting demand and so on to know what is happening on the outside.

But it is also important from the other side. Medicare is very -- and specifically (from) this perspective -- payment review commission is very interested to know about the use of Veterans Affairs health care by Medicare enrollees that are enrolled in HMOs. Because to the extent that this is occurring, the federal government is paying twice for this care.

It is not just for research completeness that I think that is important to be able to link data sets. Since the selection to participate in certain types of care can be non-random, findings based on unlinked data can have systematic errors and could potentially misdirect policy.

Finally, I would like to acknowledge that as more data are linked, that the risk to patient confidentially goes up. I believe that appropriate steps should be taken to protect these data as the potential risks increase. But these procedures should remain reasonable so that qualified researchers can have access to these data.

For example, the California data I have been using is not a public data set. While I have had the confidential versions to enable me to do the necessary linkages, current state policy is that even versions of these linked data without confidential, individual identifiers will not become public use data sets. But these data will be available to researchers subject to completion of a review process.

I consider such a review process both reasonable and prudent. My only concerns are that any rules on the review process to obtain nonpublic data not be too burdensome, and that it remain possible to obtain nonpublic data in a timely manner.

I'm happy to take any questions. Thank you.

DR. DETMER: Thank you, Doctor Phibbs.

DR. FLORES: Good morning. I'm George Flores. I'm a health officer and public health director for the County of Sonoma, and I'm president of the Health Officers Association of California. Today I'm speaking as an individual and as president of the Health Officers Association rather than as a representative of the County of Sonoma.

I'm speaking mainly to practice issues where the rubber meets the road, about practitioners, about the practice of medicine, about the practice of public health. Particularly in regards to concerns about demography, privacy and confidentiality as critical elements of public health practice.

Any standards to exchange information electronically must protect privacy and confidentiality to the same degree that occurs in non-electronic systems. In order to be able to make contact with persons having contagious conditions, for example, and to have the cooperation and the trust of their medical providers, the door to public health must be open to all categories of individuals, including those who may be disadvantaged by disclosure of their identity. For the door to be open there must be public confidence in the privacy and security of medical information. This holds true for medical as well as mental health conditions.

You've been asked to have hearings in Washington, D.C. and now in California, and the unique factor about California perhaps in deference to other parts of our country is that our immigrant population, both legal and undocumented, numbers in the millions of people. We have tremendous concerns about confidentiality and security here in San Francisco, where the HIV and other lifestyle populations have serious concerns about disclosure of their status because of the potential social repercussions.

When Proposition 187 was passed here in California in 1994, we found clinic attendance dropping precipitously across our state. Studies undertaken by the University of California at San Francisco, by the California Congress of Health Officers and others, showed that immigrants in general chose to stay away from essential medical services, rather than risk an encounter which they understood could put themselves, a family member, a friend, in a position where their immigration status was to be challenged. Consequently, hundreds of persons with tuberculosis, pregnancy, end-stage kidney disease, and other contagious or life-threatening conditions, failed to get care. This deterrence to care posed by concerns over privacy and security of the medical encounter information not only jeopardized individual health, but put at risk the health of the general population.

Immigrants can suffer from breaches of medical record security in other ways, such as political retaliation or reprisal if they are political refugees, or employment repercussions by employers who don't wish to pay benefits or otherwise will threaten their immigration status.

The social consequences and concerns over public disclosure of HIV status are also well-known. Misuse of medical record information, specifically personal identifiers, is dangerous and an awful practice which should be prevented by all means possible. In reviewing the suggested standards and the questions that you have addressed before your committee, I noticed that there are a number of sanctions against those would misuse medical record and medical record information.

The safeguards to make sure that shared information and linked data systems do not lend themselves to misuse is so critical for people in California that we could imagine that our health, in the large sense, in the greater sense, population's health could be damaged beyond repair and lead to public health [unintelligible], would lead to personal jeopardy, risk of immigration status, risk of insurance status, risk of economic status, risk of livelihood or housing. And all of these things have occurred in our state and they are very, very real and must be protected against by all means possible.

Certainly there are clear advantages to public health and shared information and data sets. I support completely linked information systems, community health information networks and I'm quite enthusiastic about automated systems and receiving reports from health maintenance organizations, of having the benefits of health services research. It would find substantial power from linked data systems. We could add to our epidemiologic analyses.

We see advantages even to the immigrant population, particularly migrant farm workers and those who travel throughout the state and between states, perhaps even internationally. And I can envision in the future perhaps there might be a day when we would be talking to people in Canada as well as Mexico about sharing data and data systems that would advantage us all greatly in terms of control of disease, in terms of treatment of populations. Immunization registries are already of great use to us here in California. Disease tracking systems, and even lending itself to program design, policy analysis and policy construction. There are wonderful things ahead of us, if we use this data correctly.

But there are also distinct disadvantages to the individual as well as to public health. Any intrusion by unauthorized agencies or individuals must be protected against. And I refer mainly to the INS --Immigration and Naturalization Service -- also to other agencies, insurance companies who would redline populations and exclude them from care. From apartment owners and others who might exclude people with HIV status that they perceive could be a threat to others, or people with a NIMBY syndrome who don't want particularly categories of individuals in their neighborhoods.

These are all threats in our society and it could be, it could potentially happen if we don't protect the security, the confidentiality of medical records, of medical information that is transferred between agencies, that falls into hands of individuals who don't know the sanctimony of the physician/patient relationship; who don't understand or value the confidentiality that those of us, and I am sure all of you at this table value so carefully.

Fail safe confidentiality and security. No unauthorized access or uncontrolled access for research is extremely important. Therefore I am recommending that there be a key, some components for local oversight. In our Public Health Department I have found that there will be research going on by universities, perhaps even by the state or the federal government on populations that are within my jurisdiction, yet I might not even be informed about this fact. And that disables me and it disadvantages me from being able to respond, especially when research findings declare certain kinds of status or situations in the population based on the health information that was derived from the population in my jurisdiction.

I have to respond to that rather than being proactive, rather than being prepared, it is in a response mode. And so it is of importance that we are informed ahead of time and that we also provide the information to the agencies that are doing research, are using this data, about the potential threats to security. The issues around confidentiality, so that they are aware that what we are dealing with on a local basis, so that we can make sure that there isn't any breach locally or in general, because certainly when it is individual disclosure, that is a local issue, not a generic state-wide or nation-wide issue.

Local access to information that is derived from shared information systems is extremely important too. We have done state-wide health planning and used data sets all over the state and had numbers come up about immigration status, had numbers come up about demography. The questions end up being asked by researchers and people who don't know the local population and therefore it is extremely important, again, to interpret with the advantage of having local input.

I have some question as to how to create a file so that it would unlink legal status of immigration or legal sanctions, perhaps even those who have been outside of the law and would be reluctant to go in for health services because of this disclosure perhaps being found out. And using health identification medical systems, data systems as systematized entrapment rather than systematized improvements for health care. In other words, should be allow law enforcement, should we allow others access to medical files for their own purposes. Not for medical research, not for improvement of public health, not for improvement of individual health but simply to find out late bill payers, to find people who are outside the law, to find people who are here in the country illegally.

These are problems, these are ethical problems and real problems that face us and will face us in our face when we have our clerks, when we have the people who...the nurses, the doctors, who will see face-to-face patients who will ask them, who are you going to share this information with? Can I tell you whether I am here legally or not. Is that important and is that crucial to the medical file? We need to ask those questions because we are dealing with real people who will then chose not to come through that door to public health, to medical care, to have their tuberculosis treated, unless we can assure them that first we will do no harm.

And that is what I ask you all to do. First, do no harm with your data sets. That is an adage we use in medicine and it is one I recommend to you all, please, in your deliberations. Thank you.

DR. DETMER: Is Dr. Schiller perhaps in the audience? Okay, since he isn't, I want to start by thanking each of you and at this point what we would like to do is open this up for some dialogue with the committee and yourself. So, who would like to start? Bob?

MR. GELLMAN: I would like to ask some questions about confidentiality. First of all, you have all described different kinds of research activities. To what extent can any of these activities be done with nonidentifiable data?

[Several words, inaudible.]

MS. McCALL: Well, at some point there will, you know, links just have to be made between different data files and I guess one way around that is that the linkage gets done before the researchers get the data. that can be problematic because many times when you are doing research, you know, you have a set of hypothesizes but you data may take you in a slightly different direction and you may find out that some variables that you would like to use your data file to link to, if you don't have some identifier that you can use to do that, it is...that hypothesis is not able to be pursued.

So I think that it is a question of balance and a question of the people who you give access to the data understanding that...that the data is confidential and that it is only to be used for the purposes of doing research. So I think if you put in restrictions, you are probably limited the researchers to the hypotheses that they could think about before hand rather than the ones that may come up as they begin to investigate the data and find out that other things might be helpful. So I really think it is a balance.

DR. PHIBBS: For some purposes that would be perfectly legitimate to have the...if the data were linked centrally and have the identifiers stripped. It depends on the research application. There are research applications where there have to be...additional linkages or sort of non-standard linkages need to be done and while theoretically this could be done by some central authority, those are most likely going to be government entities with somewhat limited resources.

Where HCFA will link data for you but the time lag is very long because of their limited resources and for some of these special types of linkages, it just may be more efficient on an overall basis to release those data to the researcher, but for standard linked files, where the researcher doesn't... The data has already been linked and the researcher doesn't need the identifiers, it is perfectly reasonable to give...you know, strip those identifiers off. You may need to provide some sort of an encrypted identifier so they can identify unique individuals but they don't need to know any specifics about them.

So I think it is possible, but it can't be a hard and fast rule because you have... There will be cases where you are going to need to adapt for the particular research project.

DR. DETMER: Dr. Flores.

DR. FLORES: Public health has used encrypted identifiers around AIDS information. Our AIDS files for the state and is all the by name and we found no disadvantage to epidemiology using that kind of system. It is done centrally, it is done by the state and by individual counties in collaboration with the state, but we have used it successfully and that is one way of doing it. The problems that would arise from not knowing the individual though, would be in contract tracing because it is a distinct public health advantage to know who the individual is in case they have something that is highly contagious.

So there may be a special circumstance for Public Health to know who the individuals are in particular for medical tracking, but I am sure you could find a way in your standards to create that access for Public Health perhaps and have all safeguards that no others would have similar kinds of access because I can imagine cases where individual tracking would be of great social advantage other than for the prevention of social consequences like spreading a disease.

MR. GELLMAN: Well let me just make some points about that. I am very sympathetic to research use of records and Public Health use of records. But in the context of some of the legislation that is being discussed in Washington, there are proposals what would say before you can allow records to be used for research, you have to get individual patient consent. I am not saying I support that, but I am saying that is out there as a formal proposal.

Or there are even proposals that would give patients the right to opt out of having their data become non-identifiable and made available for researchers. And I think that one of the problems that researchers have is that you say well, we are good guys and we only use records for research. And when we had hearings in Washington on this, every community of users health records, including the law enforcement people and everyone else in the world came up and said the exact same thing. We are good guys, we do socially beneficial things and we only use records for this purpose so we should be allowed to get them.

Now I think that this is a problem that the research community, particularly, has to address and I think that in general it has not done a good job of making the case. I mean I am not saying that your statements were inadequate, but in general, in terms of educating the public and making it clear to people what the value of your activities are, in dollars and cents or in increased public health or whatever standard you want to use, that burden has not been met and there are risks to researcher access in what is going on and I think that that is a message you might want to take back to your various communities and think about. And if anyone wants to comment.

DR. FLORES: Well the issue of having people sign an affidavit for every time or every instance where you are going to use their personal identifiers is tremendously burdensome to health providers. Most people will sign. By and large 90% of people or greater will sign that you can use it because they don't read the fine print and they don't understand the consequences of signing. But it is, it takes additional time, additional paperwork and where that it is all filed and whether that could stand up legally to a...when there is a jeopardy or a breach in confidentiality, that is a very big question.

DR. PHIBBS: One, I want to note that this would be a dramatic change from history in which all medical records of all kinds have always been available for research use and that was sort implicit. But the, and I think one the things that may help alleviate public concern is that confidential data are not routinely available. You know, it is available, but controlled use. And that that should alleviate a lot of the concerns.

When you get data from HCFA, HCFA... You are allowed... You have to have a review process and you are allowed to use it only for that purpose and then you must return the data to HCFA. And it is those types of controls... And it may be that the public does not realize that. Maybe this committee can have a role in terms of helping shape that today.

DR. DETMER: Want to respond Ms. McCall?

MS. McCALL: Yes, I think that is a really excellent point. I think that the health services research community has failed in a lot of respects and that is probably one of them in terms of selling what we do to, you know, to the Congressional forces. And, I mean, several years ago we found ourselves in a situation where a lot of our funding was going to be cut off because we hadn't done a very good job in terms of doing that. So I certainly think that is a message we should take to our associations.

I would also like to agree with my colleagues. There... It isn't, when you get... It isn't so easy to get these data. Right now, I mean, in order to get the HCFA data you either have to be HCFA contractor or the agency that you are contracting with has to make special arrangements with HCFA to purchase the data. And there is, you know, a lot of confidentiality requirements that mean that the Project Director and anyone who has access to the data use. So it is not as if there aren't very careful things in place right now in term so of assuring that folks who are using it are using it for truly a societal...a societal use.

But I think you are right. I think, I think that we haven't done a good enough job letting folks know that and letting folks know that, you know, that having access to this data is not going to make them vulnerable to insurance companies finding out what we are [unintelligible].

DR. DETMER: Something that would be useful, actually, one up things that has made this tough is a paucity of research on this kind of problem. How many problems have there been? Of what types and such? It is amazing that it is...seems to be just such a void of any hard data even on how much of this is a real issue and how much of it is an imagined issue? And that is a research question of some real import that I think we will have...

DR. McCall: You will have to [unintelligible].

MR. GELLMAN: Can I ask another question. If you looked at all the legislative proposals on confidentiality that are floating around in the last Congress or this one, they make distinctions in terms of substantive standards and procedures to regulate access by researchers, by public health authorities, by fraud and abuse investigators and for management purposes. Now if... I mean you had a nice list in your testimony of sort of five different kinds of research.

MS. McCALL: But I think it is a [unintelligible].

MR. GELLMAN: I understand. I understand. And five different kinds of activities. The distinctions between the categories of, you know, research or public health or fraud and abuse control or management don't seem to have much meaning when you look at the nature of the activities and one of the things that...

You sort of led off in two directions. One is that the proposals don't reflect reality and divide up the world into categories that don't make sense, that don't reflect the kind of activities that go on and the other is that leads off into a different direction which suggests that everybody has got to be measured by the same standard, which seems to be difficult politically and otherwise.

And I am just wondering if anyone has an answer to this problem. You know, if you say I'm a researcher, I am a good guy, I should be able to get records... How can I tell the difference between you and a law enforcement agency that is doing fraud and abuse investigation? Can anyone help me with this problem? I don't have an answer myself.

DR. PHIBBS: You know I can just speak in terms of the current approval process, which is you have to specify what you are going to use these data for and what the end product is, in terms of the approval process of getting access to it. And so that is already implicitly there in determining, you know, what the activity is for in terms of current policy. And that could be incorporated.

MS. McCALL: Well I think that HCFA data, I mean, which is, you know, I guess the biggest federal data base in terms of the Medicare and the Medicaid program, we have these new data files called SMURFS that are Medicaid data. That is essentially claims data for Medicaid in 26 of the 50 states.

I mean you essentially have to be a HCFA contractor, working on a HCFA project that relates to improving the Medicare or Medicaid program or, as I said, you have to write essentially a research proposal, because I have done that, because I have been involved in foundation projects where the HCFA databases were necessary. And that goes through a review process by the technical people at HCFA who are in charge of that area. And then, as a result of that, they either provide the data to you or sell the data to you for the purposes of doing that particular project and that particular project alone.

DR. PHIBBS: Yes, but I am trying to broaden this out. If we are trying to broaden this out. If we are trying to write standards in legislation that are going to regulate access to records by researchers and public health people of all sorts...

MS. McCALL: Right.

DR. PHIBBS: ...in all contexts then their reliance on the local HCFA procedures isn't going to work.

DR. GELLMAN: This is an area in which there is black, white and gray. I see it as between black and white, there are clear distinctions between use for aggregated data from which there can be no individual reprisal and also individual tracking and disease controls such as would be done with Public Health to find out individuals who maybe hadn't disclosed that they have a certain communicable disease. Or by another agency that would track an individual that would track an individual purely for the purpose of getting them to pay bills that they hadn't paid.

In between there is a gray area where some things may lead to one or the other of those consequences, either public benefit or not public benefit. I think it is up to your group to draw the distinction between black and white and clarify those things and then deal with the gray in a much more careful manner in which, perhaps, an adjudicated committee of authorities or others would have to try to sort things out in the gray zone.

DR. LUMPKIN: Lumpkin, Frawley and Moore. I guess I am responding a little bit Bob's question and I think that my concern is, and maybe you can help us, is that we sort of developed the phrase "researchers and public health and law enforcement. And Bob's question was sort of starting to get at that. Is that an inappropriate lumping? I mean, how do we distinguish for people who aren't in public health? I think I understand the difference, but how do we distinguish for others and express it that there is a different mission and a different set of regulatory environments in which researchers operate versus public health and even law enforcement.

DR. PHIBBS: I think one distinction that may be important for a lot of use is all...for a lot of uses, although you have individual data that there is never any importing of individual data or attempt to contact those individuals and in many of these review processes that is an important distinction. And, in terms of gaining for control backs as to data, you have to identify what you are going to do. And I think that is an important distinction and I think that the standards should be very different if individual data are going to be reported or if efforts are going to be made to contact individuals compared to a use where you need individual level data but it is not going to be...no individual data were reported or no individual would be contacted. So it is not going to have any direct effect on an individual.

DR. FLORES: There is also a statutory basis for disclosure of information about individual health status, individual disease status in the State of California. I imagine the same would hold true in most states whereby you simply need to refer to existing law in terms of access to information.

MS. MCCALL: I also think that is a really good distinction and he probably... I never thought of myself to be in the same category as law enforcement [unintelligible]. I mean I think perhaps you could put some [unintelligible] researchers but I actually think IRS, law enforcement, those sorts of things should be treated separately because their interest is in individuals.

Our interest is in individuals only insofar, I think as my colleague said, in linking to other data sets that may help us better explain what it is we are trying to explain about behavior. We are not interested in making a list of all the people that have a particular disease and contacting them and following up with them and trying to get more information about them. So I think there is that distinction there in terms of, you know, what we were planning to do with it.

DR. LUMPKIN: Well don't public health agencies do directly a [unintelligible] therapy for individuals with tuberculosis? And if they don't follow through on that then progressive means of restrictive involvement on their freedoms? I mean that is not really... I mean that is sort of taking one of the extremes, but I think that it certainly is a use of individual health information that can result in a protective type reaction by government.

MS. McCALL: Maybe you need to take public health away from those researchers to [unintelligible] (laughter).

MALE VOICE: Emily.

MS. McCALL: Maybe we are lumping too much together.

MS. FRAWLEY: This is following up on the services research specifically that we heard a lot in terms of the fact that perhaps an IRB model is the way to go. That, you know, in order for health services researchers to have access to individually identifiable data that they have to go through an IRB process and I'd like to get some comments from you on that. And then, secondly, is we are starting to see states now enacting legislation that requires specific authorization, specifically the state of Minnesota, for medical records to be used by health services researchers so I would just like to get some comments from panel on those two issues.

DR. PHIBBS: In terms of the IRB requirement, I consider that reasonable. That is current law in California and, you know, that process can be set up so that it can be... It is not a huge burden, it can be completed in a reasonable amount of time and it can be done in a responsible manner.

And, in terms of the second point, about having patients be able to prescribe it. I think it is disaster. And, I mean, the federal government can preempt the state law or something. I don't know if that is possible, but if... And it is the type of thing that, as Dr. Flores referred to, you know, if we start to have those types of restrictions there are going to be... There is the potential for serious adverse consequences in the future in terms of because somebody didn't have use of the data that something happened that could have been potentially prevented.

MS. McCALL: You know, I would agree with you both. I think some kind of IRB type thing might be useful. I think you have to be careful about how you set it up so it doesn't like there is any conflict of interest in terms of access to some of this data because, you know, data is in a lot of ways power, and if there is any kind of sense that, you know, being a friend of a friend, you know, gets you better access to data then that isn't such a good thing. So you have got to be careful, I think, when you set it up that you don't create that kind of environment.

I agree, you know, the individual patient specific permission to use data would really seriously impact the ability of health services researchers to do research. I am actually, I am involved in a project now in one state that requires that and, and although 90% of the people agree to participate, we are still subject to issues related to whether, you know, there was selection in the folks that didn't agree to participate and it makes all of our results... And it is quite an extensive project that a foundation has put a lot of money into and it makes a lot of our results subject to that kind of criticism.

So I think there is a big price to pay for that. And I think, you know, we as a society have to balance societal...society's needs against the needs of an individual in terms of...

DR. DETMER: Okay. Vince.

DR. MOR: I would like to ask you about, to respond a little bit further, elaborate a little further on your notion that the committee should sort of step back and look at first things regarding code sets and the entire health care system. You mentioned something that, if we were to look at how the current coding went, would it be reasonable to think about the same set of codes applying to the same procedure regardless of who did it, regardless of where it was done, including going all the way out to home health, to personal care attendants, whether they are licensed or not licensed.

MS. McCALL: Yes, right.

MALE VOICE: Because right now...

MS. McCALL: Are they billing by hour or [unintelligible]?

DR. MOR: Right. Right now what we have is we basically have a set of codes that if you have an authorization as...as in the earlier panel, if you are authorized by virtue of your license or something or other to execute that code, then sometimes the coding system includes the iconoclastic character of what the person's specialty is. How would you like us to think about that?

MS. McCALL: Well, I think it is, you know, I think you probably have to get down a little bit to the nitty gritty in terms of thinking, if you are going to be thinking about that. But I think it is critically important to really begin to sit down and say okay now what are our currently in place standards for all these different kinds of services and how...and really take a close look at them and maybe figure out a strategy for integration.

That would really be a five or ten year development effort. So that all the organizations and the providers have an opportunity to comment on the development of that and that we move, you know, not tomorrow but over the course of some reasonable schedule, to thinking about that kind...or implementing that kind of a program. And I think the only way to do that is to sort of get down and dirty into the specifics so that those kinds of things and to put some things on the table that people can react to from their various perspectives. And over the course of, say, a year of so, begin to develop something that can then be a discussion piece and then can implement it. I don't think it is something that can happen tomorrow, nor would I want to throw away the standardized systems that exist today.

But I think, certainly, if anyone is going to think about it, it should be your committee. Because you really have the weight behind you to look at these broader issues of how to integrate the whole health care delivery [unintelligible].

DR. PHIBBS: Just, I mean, that is related to one of the questions I didn't address in my oral comments, but did in my written comments about the coding across systems, particularly the ICD codes and the CPBT4 codes and I am sure... I see lots of heads nodding about this being a big issue. And, I mean, from a research perspective, the current problem with the system is that they don't map to each other on a one to one basis and there, the other thing is that there is complimentary information... There is, although a lot of the information is redundant, there is some complimentary information in the two data sets. And, you know, if would be nice if we could have a single unified data system, but in doing that I would like to raise the concern that we not throw out any of the data that we are currently getting in terms of... So that there may have to be some merging of the two systems.

They emerged for totally different reasons and, you know, I don't have an exact answer about how to fix it, but I think it is something that needs to be given some real thought before we... Not just coming down on the side of doing this or doing this, but maybe some amalgamation of them.

(Cross-talk.)

MS. COLTIN: I don't know if anyone else has questions on this particular topic. I was looking back to the identifier question.

DR. DETMER: Do you have a question on that topic?

MS. COLTIN: Okay. With respect to the identifiers, I... One of the things I wanted to make sure is very clear when people use the term individual identifiable data, I am presuming that what you mean is information that either contains a name, or contains an identifier that would allow you to link to data outside the health care system. I think what we really mean or what we have been talking about here are individual level data that may contain an identifier that is only meaningful within the system for linking... Within the health care system for linking purposes.

I know that in the environment in which I've done research, we use encrypted identifiers that allow us to link data, but I never can go back in the research context and find out who that person is without having specified up front in the research application and in the review to the...in the review by the Human Studies Committee that I, in fact, need the name, the address, because the purpose of the research requires contact with the patient. In which case, they will put on all kinds of limitations on how that contact might be made, whether it is made by the physician first to secure permission and then we get the names of those who agree or whether it can be made directly by the researcher.

Sometimes when you are going back to the individual and there, really it is just a random sample of a population that you need to survey, the researcher will be allowed to go directly to the patient. When, in fact, the patient population is selected, people who have a condition, sometimes that is not the case. The provider goes back to get that permission, because simply by giving you the name you know that that person has that condition.

I would take issue with some of the statements about research not necessarily needing that individual name kind of information. Outcomes and effectiveness research really requires, in many cases, going to the patient to get information about outcomes because we cannot get that information from automated data systems and it is extremely important from a societal perspective to be able to do that kind of research, to be able to identify what medical interventions actually produce better outcomes. Or from benefit to consumers to know what institutions provide care the results in better outcomes. So there are clearly benefits but there need to be processes in place such that the situations under which those various scenarios play out are clearly defined and controlled.

But I did want to make sure that when we use that term individually identifiable, what it is we are really meaning when we say that because I think different people interpret that different ways.

DR. PHIBBS: I have... Depending on use there are different, you know, wide perspective. And one of the things that may be muddling it is that in California and HCFA treats certain combinations of data as potentially individually identifiable, even if you don't have a name. And that is even if you have an encrypted social security number, they treat some of it. But then there are uses, you know, where you do need individually identifiable names, such as actual social security numbers as opposed to encrypted or actual names, even.

With the linkages that we have done between VA data and HCFA data, because not all veterans have social security numbers, we have used names as well for that linkage. But it is the point that the other thing is that once that linkage is done, those can be stripped away.

But I think that the point you raise is that there are different levels of research at which the research needs to have individually identifiable data and I think it is appropriate that as you have more individual data and are going to contact individuals, that the scrutiny goes up.

MS. COLTIN: Just as a follow-up. I mean, in my experience it is this lack of an individual identifier that is standard. That actually creates more risk because in order to do the linkage now, in the absence of that, you do need more information to make sure that you are linking the right records. But, in fact, if there were a single unique identifier that could be encrypted, you would not need that extra information to make that link.

DR. PHIBBS: Well, it will still have a problem. And let me give you an example of where this might arise. California has gone to adding an encrypted social security number to the discharge abstract data. And you want to do a linkage. Now, the problem is, is that number is not necessarily unique.

In 1991 as the big county hospital in Los Angeles County, there were over 200 individuals with the same record linkage number and it was not a missing number. It was a social security card that was being passed around the undocumented community. And so you have to have... If the number truly is unique, that works and the reason that I said earlier that I think you need, in terms of these identifiers to have more than one of them is because it is not always unique in current reality, yes.

DR. DETMER: That came up in the last panel, we called them more social than secure. We have John, Jim, Simon, Lisa and Bob. And by then, I intend to see us also have lunch, so try to be brief, but this is obviously an important discussion.

John?

You pass. Well that was quick.

Jim?

MR. SCANLON: Let me pick up. If we could talk a little more about the California medical record confidentiality law. Apparently it deals with health research in the same...for the most part, by requiring an IRB for access to health information. In general, it does not require that the individual provide informed consent each time such records are used, although obviously for any active research where you are actually...participate and you go through the informed consent... How does it deal with public health reporting and public health law? And here there are two sorts of perspectives.

Public health often does something very similar to research in the sense that public health is looking at the status of a population. In which case the analysis is very similar to what a researcher would do across the population of a county, for example, what are the measures of health status. And there is not an interest in the individual so much as it is the population value. But there is the other situation you described where the individual identity is of interest. In fact it is specifically of interest where some sort of follow up or intervention would be linking.

How does the California law approach the public health side for both those two, those two areas.

DR. FLORES: There is some disadvantage in terms of dealing with birth records, for example. There is a confidential section on the California birth records that you cannot, even the locality, where the birth is registered and where the birth occurred. You can't have access to abrogating data at that level and using the confidential information contacting moms at home that follow-up on particular traits or issues that were in the confidential section [unintelligible] if you go through the California, the entire state process.

I think there is an interest because the records are maintained locally, they are recorded locally and they are computerized locally. That we have easy access, we don't even have to tell the state that we are going to the records if we didn't chose to. But by law we are supposed to and let them know. So that, it does create some disadvantage to have to go through a review panel to get at the records that you have in front of your desk, right in your own computers, right there in your own locality. So I find that somewhat problematic.

And I believe that for the purposes of local public health we can demonstrate and have demonstrated repeatedly what the use is in terms of protocol. So to put an additional step in there seems to be somewhat redundant and bureaucratic to me.

MR. SCANLON: So you would have, the Health Department would have to go to the... It is a state process, which would be a review board of some kind as well when identifiable information is used.

DR. FLORES: Yes.

MR. SCANLON: Oh, okay. And the... What about, should there...does California law distinguish between different kinds of information in terms of what the degree of protection would be? For example, are there any diagnoses or conditions or information, health information, that are given a higher level or a lower level of protection under California law?

DR. FLORES: HIV status is the only one that I know of that is in California law as guaranteed protected in terms of disclosure and needing specific, specific signed content to disclose that status.

DR. LUMPKIN: HIV.

DR. COHN: Yes, I just wanted to follow-up on Cathy Colton's question having to do with data linkages and identifiers. I think there are... As we all know the reason for identifiers is for data linkage be it for all the cases that I think Ms. McCall has identified earlier in the discussion.

I think the question I have for the group has to do with the... The national committee has been seeking either to deal in some ways with unique personal identifiers. And obviously there is two main approaches. One is to come up with a unique identifier. Another is to identify some other methodology to identify uniquely a person for this...for the purpose of data linkages.

Now I think the question, Mr. Phibbs, I would have for you and the others would be: Is can you imagine a sufficiently reliable unique identifier that could be encrypted that then you would not need all of the other sort of data I think you had indicated other identifying information to assure that you had actually have that patient or are we always going to be dealing with X number of identifying information to help assure that that is indeed that person?

DR. PHIBBS: It is theoretically possible, but right now it is not realistic. You know, current reality is not consistent with that, but it is certainly theoretically possible and if there were changes that would eliminate lots of problems.

The other, just related to your point, is that the California Department of Health just passed rules that all Department of Health data sets are going to have a set, a common set, of identifying information that will be on all of these data sets to facilitate for the Department of Health purposes the linkages to these data sets. I have, but not with me, I do have a list of what they are but it includes... I mean, I know it includes date of birth, and some other elements like that. And there is a list of them that they put together. And this is based... This list was drawn up based on experience that California had in linking some data sets.

(Cross-talk.)

Dr. Oliva is going to be here to describe that tomorrow so that she will have the details for you.

DR. DETMER: Thank you.

MS. IEZZONI: Dr. Flores, I wanted to tell you how eloquently you talked about the issue of the undocumented aliens and their hesitancy to seek care for potentially terrible conditions, such as tuberculosis that could also potentially cause a huge problem for the population at whole. And you said that one of the problems was with the clerks having to sit face to face with a person who came in and having to assure that person of some level of confidentiality before the person seeking care would be willing to receive care.

Can you talk about that a little bit more. You know, about what your colleagues are finding. Also going to Dr. Detmer's question earlier, has this been documented? Has... Is this just an anecdotal sense that people are currently afraid of seeking care for tuberculosis, for example, or are you making an active effort within the state to try to document the extent to which that is happening?

And then, finally, giving us your sense of what you might recommend? You said to us very nicely that we needed to balance these competing concerns during our deliberations. I want to put you on the hot seat and have you tell us what you think we ought to do, since you know a lot about it.

DR. FLORES: Thank you for the opportunity.

Documentation in terms of research done, there have been at least two studies published in medical journals that have shown after effects of Proposition 187 in which deterrents did occur from people who chose not to go into clinics for fear that they would have retaliation, that they would have been reported to the INS. Not simply for reasons of not having a bill paid by Medicaid, but because they were afraid of their immigration status.

There are other informal studies that have collected anecdotes and we have numerous anecdotes that have been published in newspapers about individuals who have suffered adverse consequences, mostly in terms of either suicide or other effects that people feeling like they would not have had access to care, a disease that was past, or a disease that got worse. In most cases a chronic disease, a pneumonia that got worse, a child that died of meningitis that wasn't taken in by parents who are undocumented and so on and so forth.

The unfortunate thing here is that it is a mixed bag. That most families or many households where there are undocumented people, there are many people who are also legal and so they may stay away as well to protect their other family member, one out of three children undocumented. One parent out of two that is undocumented. This sort of thing.

So it isn't just the undocumented person that suffers the consequence of it. It is problematic to clerks and to physicians on an ethical basis. You can understand that people's values may be conflicting at various times. Some people would be only too happy to report an undocumented individual. It may be the clerk right next, in the cubicle right next to another clerk who would do everything possible to protect a person from being turned into the INS.

It gets into an issue about whether, if you wish to construct a system that will work, you have to make sure that the people who are in the position of implementing that system agree with it and support it and if your providers and clerks are at odds, if your patients are at odds about it, then you are going to be creating barriers. Because then you have opened yourself up for fraud.

We know this to be true with the Medicaid system. With the social security card that is passed around, with the other systems. When you create systems that people will not trust that their confidentiality is going to be protected, that will believe that they are going to suffer consequences or legal consequences, fraud steps in or non-use. And then you have defeated your purpose, then you have started to deteriorate the medical system so it makes no sense to build a system that has an inherent flaw of taking away the trust of the public.

Now in terms of what we can do in response to that, I think it is crucial that this committee's outcome, that what you pronounce and what makes a difference to the public isn't going to be so much the research outcome because, as we have discussed here, most of the population doesn't understand the value of research. In fact, I daresay most of the population doesn't even understand what Public Health does. But they do understand jeopardy and they do understand security and privacy. And that is a value that is held very high in American society, as you all know.

So I think it is very important that among your pronouncements you make very prominent a reassurance to the American population, to the United States population, to the people that live here that what we decide, that what you decide as a committee is not going to jeopardize their security or their confidentiality in medical encounters. I think that is crucial and then you have to back it up with the process and the standard that you put in place to do that. Because without that...without that...

DR. DETMER: Let me respond a second. What I see is, first of all, I hope people even know about this committee as we said, how do you even get heard is a real issue, despite our wisdom or lack of it. The Executive Committee and I think at least some of the other members of the committee in preparation to our meeting later this month, clearly I think are seeing two sets of federal activity at the legislative level that is needed. And both sets are needed to really respond to this issue.

One is a set of fair information practices related to health data and personal health date. We clearly need that. But we also need a set of non-discrimination legislation on how such data is used or misused as it relates to employment, as it relates to insurability, as it relates to a set of business practices, housing and so forth.

And, in a way, to some extent we are mixing these two issues that are really different issues. We do not have universal access to care in our country as a matter of national policy, unfortunately. And I think unless we see these two pillars, if you will, built, I really think that we can't separate to some extent what is a information issue and what frankly is a cultural care and practice issue. And I think that is probably where we are going to come out. But I think that unless we really deal with those two separate dimensions, they get so muddled up and I think it is almost impossible to try to sort them out otherwise. They are really two distinct issues.

DR. FLORES: We have been wrestling with that in terms of the HIV reportability here in California. We have a very strong contingent of people who are insisting we do not have enough assurances in this state that people will not suffer from reprisal so we have had to hold off on doing what is right for the public health by making HIV reportable in this state.

DR. DETMER: That is why I say I think we really need to address this nationally as two distinct, both very important, issues. But I think if we try to put them together, I think it is going to be very, very hard to get with [unintelligible].

MS. IEZZONI: But, Don, the INS is a special case. You know, the non-discriminatory business practices, fair housing and so on, but what Dr. Flores is saying is that people are concerned about the fact that they are illegally here and something could happen to them. And I don't know how to bridge that.

DR. DETMER: Well, I understand but as Bob Gellman said earlier, everyone comes and makes their case as being unique and critically important and I agree.

MR. GELLMAN: I don't know how we are going to quite come on that...

MS. IEZZONI: On the INS thing, specifically.

DR. DETMER: And some of these others. But certainly we can go as far as I think we can on some of these. I don't think it needs to be either one tale or the other.

DR. LUMPKIN: In the other framework in the context, and many people work in emergency departments, that providers are required to report certain events. Someone shows up in the emergency department with a gun shot wound in most states in most locations that has to be reported to the police. Yet, I think that there is some...a different rationale. So we are actually putting illegal activity into a different framework.

You know, reports of drug intoxication due to illegal drugs generally are not reportable, but some other things are. So it is even more complex than just the INS and other law enforcement or other public agencies getting reports or information out of the medical accounting.

MR. GELLMAN: You guys have given some really good answers here but in too many circumstances you have sort of jumped on the easy outs and I want to try and go back at some of this and see if you can help.

I mean, one of the comments that you have made is that, well, researchers don't make decisions about individuals so it is okay that we get access to records. And I think, if I can wear a privacy fundamentalist hat, I am not even sure I need that hat to make this point. The fact that you get the record at all is a violation of someone's privacy. It is not that it is not a violation of privacy because you are not going to use the record against them. You have got the record.

You know that John Smith had tuberculosis and that is a violation of privacy. It is not to say that it may not be justified. But you can't, you sort of can't get away from this by saying it is not an issue.

And there are others who do this. I mean INS is sort of separate but the cops come along and want records and say, we are not making decisions about individuals. We are making decisions about doctors. You know, we are looking for health care fraud.

And so why shouldn't we be able to get records under the same standards that you are talking about. And do you want to be judged by the same standards if you are engaged in the same kinds of activities that are making either aggregate decisions, or decisions that don't affect individual patients. You want to be judged by the same standards as the cops, as the fraud abuse investigators. Do you want to lend your IRBs to them, do you want to be identified with them and if not what I want you to do is to tell me how I can distinguish you from them.

I mean this is your gray area. Someone tell me how to do this. We don't know how to do this yet.

(Cross-talk. Laughter.)

DR. PHIBBS: I think you have identified a very difficult problem and it is because the problem is that some of these other uses sort of meld into research in a continuum and it may be that it has to be the same IRB but with, you know, very strict guidelines. That is the UE can write in terms of the guidelines for the... And one possibility I would think is write for the guidelines for the IRB, sort of that standards don't have to be... That standards can be different for different people and that even a sort of a cop type use has to present it for, present a more overriding public use thing than a researcher would.

MR. GELLMAN: But this is easy, this is easier for the cops. I mean you guys are doing distinctive research projects and each one can be weighed on its own merit in this project. The cops say, we are doing fraud abuse investigations. It is the same fraud abuse investigation we did last year, the same ones we are doing this year, the same ones we are doing next year. So if we apply the standard, the answer is the cops get a free ride all the time because they always qualify. Does that make you feel better or worse?

MR. PHIBBS: What I was saying is that the standard that one would hold to give the cops access, that they would be different because that has ramifications for an individual, you know.

MR. GELLMAN: But it may not. It may not.

MR. PHIBBS: I think both... Providers are individuals.

DR. FLORES: We might be making this more complicated that it needs to be. It is our ball, we are the ones that should play with it. We don't ask the cops for their records so that we can do case finding. I am not going over to police departments and saying I want to find some people with disease, give me your records. And I am not going and asking INS for their records to find, you know, diseases that I can intervene with and stuff. These are health records and they have... I think that they are within our provence and we could rightfully...

DR. DETMER: Well, I could say the counter-argument is, of course, public monies are being used to pay for these services and there is an accountability to the public trust and...

DR. FLORES: But creating special standards, though, for non-health purposes seems to me to be a clear distinction. If it is a non-health purpose or by an agency that is not a health agency, there needs to be a separate set of standards.

MS. McCALL: Well I still think that the distinction between fraud and abuse activities within a program in Medicare and Medicaid and INS who is really, you know, not related to the program integrity... Well, maybe it is in a sense [unintelligible]. I don't know. I mean I think this is a complicated issue. I don't have the answer to it.

MALE VOICE: If it makes any of you feel any better, I can't answer my own question.

(Cross-talk.)

MALE VOICE: Well, we are all in agreement.

DR. PHIBBS: One just follow-up point on that and that is for, you know, say Medicare fraud and abuse or Medicaid fraud and abuse, those are data that are contained within a single program and that is very different than some of the other data that we have been talking about and, you know, that program can handle that internally. Is that what you are referring to?

MR. GELLMAN: Yes, but that doesn't help because some of the investigations are being done by state people, they are being done by...

FEMALE VOICE: No, it is very complicated.

MALE VOICE: ...they are being done by the FBI, by law enforcement agencies that are not directly [unintelligible]. A lot of these distinctions all fall apart at some...and that is the problem.

DR. DETMER: On this happy note, I want to wrap this up to give us a chance for you to make a final comment. I think one of the things that is fascinating as we talk about standards and lack of standards, is the absence of standards that the media applies as in relates to reporting issues on a lot of these things.

Within the last couple of weeks we had a tragic situation in the university... University of Virginia balcony fell and in the reports that came out, the standard deviation in the numbers of people on the balcony, on children involved, was just at a phenomenal rate. And I think one of our difficulties as a free society, I think, is also the issue of what standards are there for reporting and not just as we deal with it. But that dimension of it as well. And the legislation of course didn't speak to our speaking to that, but I think it clearly is, it is an issue in this, as well.

Any rate. Final comment from each of you if you would like to make it. This has been, I think really useful, useful to us. I hope you felt that way as well, but please, do you want to comment before we wrap it up?

MS. McCALL: The only thing that I would say is that... I'd like to go back to one point that I made that we really didn't discuss so much but which Vince picked up on, which is, I would like to think...have you consider putting on your agenda some broader thinking about the nitty gritty about what kind of codes and things we should use about the whole...about coding services that are delivered.

But also I think a lot of what you are saying is, is something that is really very difficult. It has to do with sort of balancing this individual versus societal needs and rights. And I think it is a fundamental question and when you asked me that question, I was already to make a distinction but then as I even said as my answer, it didn't work.

So, you know, I think it is something that you need to give a lot of consideration to and I wish you luck in your efforts.

DR. DETMER: Dr. Phibbs.

DR. PHIBBS: I'll pass and let you get to lunch.

(Cross-talk.)

MALE VOICE: Dr. Flores.

DR. FLORES: I want to thank you very much for the opportunity and also I'll let you get to lunch too.

DR. DETMER: Well thank each of you. I think this has been very useful to us and we will adjourn for an hour and then we will be back at 1:30. Thank you.

(Session Adjourned.)