The National Committee on Vital and Health Statistics was convened on Tuesday and Wednesday, June 3 and 4, in the Federal Building in San Francisco, California. The meeting was open to the public. Present:
Committee members
Don E. Detmer, M.D., Chair
Simon P. Cohn, M.D., M.P.H., F.A.C.P.
Kathryn
L. Coltin, M.P.H.
Kathleen Frawley, J.D.
Robert M. Gellman, J.D.
Lisa
Iezzoni, M.D., M.S.
John R. Lumpkin, M.D., M.P.H.
Vincent Mor, Ph.D.
Staff and liaisons
Marjorie Greenberg, National Center for Health Statistics (NCHS), Acting
Executive Secretary
James Scanlon, DHHS, Executive Staff Director
Lynnette
Araki, NCHS
Bill Braithwaite, DHHS
Judy Ball, DHHS
David Smith,
HCFA
Others
Ed Sondik, M.D., Director, NCHS
Paul Lee, Pantheon Health
Tom
Trabin, Partnership for Behavioral Healthcare
Geraldine Oliva, UCSF
Michael
Ball, California Health Information Association.
Marianne Louri, PacifiCare
Health Systems
David Manigault, COHR
David Schinderle, St. Joseph Health
System
Rita Moya, National Health Foundation
David Hopkins, Pacific
Business Group on Health
Barbara Simons, Association for Computing Machinery
Richard
Peters, American Society for Testing and Materials
Benson Nadell, SF
Ombudsman Program/Family Service Agency
Marcia McLure, McLure-Moynihan, Inc.
Sherreta
Lane, CA Healthcare Association
Heidi Tom, Asian and Pacific Islander
American Health Forum
Michael Ralston, Kaiser Permanente
Marj Plumb, Gay
and Lesbian Medical Association
Eileen Hansen, AIDS Legal Referral Panel
Gretchen
Swanson, Swanson & Co.
Denise Love, Utah Dept. of Health
Leonard
Rubin, Kaiser Permanente
Michael Kassis, CA Health Information for Policy
Project
Harold Luft, University of CA
Arlene Triplett, McManis Assoc.
Robert
Hiatt, Kaiser Permanente
Mark Schiller, CA Association of American
Physicians & Surgeons
Robert Newcomer, UCSF
James Sutocky, CA Dept.
of Health Services
Peter Abbott, CA Office of County Health Services
Duane
Ferrell, CA Medical Billing Association (CMBA)
Sharon Ferrell, CMBA
Daniel
Essin, LA County/USC Medical Center
Robert Robinson, CDC
Gwendolyn
Doebbert, CA Dept. of Health Services
George Flores, Sonoma County
Department of Health Services
Jack Christy, CMRI
Shahla Yaghmai, LA
County Department of Health Services
Roxanne Andrews, CA Office of Statewide
Health Planning and Development.
Ciaran Phibbs, Center for Health Care
Evaluation
Donna Lata, Blue Cross of CA
Eric Osborn, Foundation Health
Corporation
Nelda McCall, Laguna Research Association
Mary Jean Sage,
CMBA
Terry Fotre, Healthcare Data Information Corporation (HDIC)
Ann
Geyer, HDIC
Lucy Johns, Healthcare Planning & Policy
Dale Miller,
Irongate, Inc.
Philip Marshall, Oregon Health Sciences University
Nancy
Reno, Blue Cross of CA
Kinji Yamasaki, Sholink Corporation
Lyndalee Kon,
TRW
Kathy McCaffrey, OSHDP
Claudia Tessier, American Associaton. for
Medical Transcription (AAMT)
Pat Forbis, AAMT
Benay Dara-Abrams, Sholink
Corporation
Jean Campbell, Missouri Institute of Mental Health
Anthony
Nespole, CA Medical Review, Inc.
Laura Brown, Ernst & Young
Kay
Franks, Sutter Health
Dorel Harms, CA Healthcare Association
Jeane
Schulte Scott, CIS Technologies
Larry Matejka, CMBA
Ken Crilly, BEST
Plans Administration Co.
Jim Loyd, TX Health Care Information Council
Mitchell
LaPlante, UCSF
Edward (Ted) Shortliffe, Stanford University Section on
Medical Informatics
The National Committee on Vital and Health Statistics convened a two-day hearing on June 3-4, 1997 on perspectives on privacy, confidentiality, data standards and medical/clinical coding and classification issues in implementation of the administrative simplification provisions of
P.L. 104-191. The hearing, held in San Francisco, California, was the seventh NCVHS hearing on Kennedy/Kassebaum (K2). It was the first to deal with the full range of issues related to the legislation. The hearing had panels on insurers, health plans and providers; public health and research; public hospitals, community health centers and academic medical centers; advocacy; integrated health systems; employers; and state health data. NCVHS Chair Dr. Don Detmer said the testimony and discussion would contribute to the recommendations the Committee is mandated to make to the Secretary.
(Larry Matejka and Sharon Ferrell, California Medical Billing Association; Dorel Harms, California HealthCare Association and CA Institute for Health Systems Performance; Kay Franks, Sutter Health)
All of these panelists expressed qualified support for standardization but considerable concern about the burden it would impose on providers and the possibility that it would add complexity rather than simplify. They all supported a single procedure coding system, and expressed concern about confidentiality issues. They urged that standardization be mandatory and universal, and that its implementation be gradual and cautious. However, they also expressed concern that the law allows exceptions to the use of EDI. (Dr. Braithwaite later explained that this applies only to providers.)
The panel's discussion with the Committee focused on implementation issues, particularly cost and timing. It was emphasized that many health care organizations are not yet aware of the impending changes and their anticipated impact, and that considerable publicity and education are needed. The panelists were generally positive about the implementation of ICD-10, but they had differing views about whether to impose it all at once or in stages.
(Nelda McCall, Ciaran Phibbs, George Flores)
Ms. McCall focused her remarks on the uses of standardized data to improve the health delivery system. She encouraged the Committee to use its position to explore and promote integrated standards that apply to all forms and settings of health care. Standardization must be broad-based and include standards for long-term care insurance policies.
Dr. Phibbs focused on the potential gains of linking data from different sources. He recommended that the standards include a set of identifying information rather than just an ID number.
Dr. Flores stressed the fundamental importance of maintaining the trust of all those for whom public health is responsible, something that depends on their confidence in the privacy and security of their medical information. He described the dire consequences of Proposition 187, with both documented and undocumented immigrants avoiding essential health care for fear of jeopardizing their status in the U.S. He recommended local oversight to control access by researchers and others, so that local authorities know who is using the information.
Much of the discussion with this panel focused on ways to protect confidentiality and still permit research, and on the need to make a stronger case for research to the public and Congress. There was a long and inconclusive discussion as to what meaningful distinctions can be made between research and law enforcement in terms of their use of health records. Panelists agreed that greater scrutiny is required for data uses that focus on individuals. Mr. Gellman pointed out that researchers need to clarify the black and white areas related to confidentiality, and then deal carefully and creatively with the many gray areas.
Panelists were supportive of the IRB model to govern researchers' access to identifiable individual data. Ms. McCall suggested a developmental effort in which NCVHS "gets down to the nitty gritty" and looks at all the standards for various services and figures out how to integrate them over the long term.
Regarding establishing trust with immigrants, Dr. Flores encouraged the Committee to include in its pronouncements a strong reassurance that the security and confidentiality of their medical encounters will not be jeopardized. Dr. Detmer pointed out that actions are needed on two complementary fronts: fair information practices related to personal health data, and non- discrimination legislation.
(Dr. Robert Newcomer, UCSF; Dr. Harold Luft, UCSF; Dr. Mitchell Plante, UCSF Disability Statistics Center; Dr. George Peter Abbott, CA Department of Health Services)
All of these panelists are affiliated with institutions, but they all spoke for themselves. Dr. Newcomer focused on the need for better data on group housing. He recommended beginning with hospital discharge abstracts and Medicare claims while figuring out how to improve these sources. A longer term goal is to improve disability information on the NHIS, the housing survey, and other surveys.
Dr. Luft suggested several approaches that allow for the burden of data collection and the variability in data capacities. Data can be collected to varying degrees of accuracy and detail, depending on the intended use. To protect patient confidentiality, data for researchers can be "jittered" in ways that do not impede research. He advocated using IRBs to determine what level of detail and accuracy is needed for each data request.
Dr. LaPlante's comments focused on informational needs in the areas of health and disability services research. Reliable functional and disability information should be included because these factors are proven predictors of health care utilization as well as indicators of service outcomes. He urged the Committee to recommend placeholder for these elements in administrative simplification standards.
Dr. Abbott commented on the need for standards for public health and noted the key role of identifiers in following individuals longitudinally and across programs. He described his state's development of a core data set to serve as an identifier, with five core and seven confirmatory data elements. The system is premised on the patient's voluntary cooperation. He recommended the use of a kind of IRB to deal with data requests and help protect patient confidentiality.
Much of the discussion period focused on confidentiality issues and their relation to research and public health priorities. The panel and committee explored Dr. Luft's ideas about "approximate value" and other ways of protecting confidentiality while allowing research to go forward. In a discussion of the difficulties of getting data from health plans, it was pointed out that plans are improving their data collection and this trend will probably continue. Asked about ICIDH, Dr. LaPlante repeated his point about the importance of data on functional performance, but he said the ICIDH may not be the best standard for this purpose. He and Dr. Iezzoni discussed the tradeoffs between small area research on disabilities and rare conditions to document underservice, on the one hand, and the threats to privacy this research represents, on the other. Mr. Scanlon suggested that a certificate of confidentiality from the DHHS Secretary might add further protections for researchers from subpoena.
The short-term and long-term prospects for procedure coding for people with disabilities in conjugate housing generated considerable discussion, with varied views on whether the current situation supplies even minimally necessary information. Dr. Abbott pointed out that data from transition points in the care system are the easiest option. As with the previous issue, a panelist pointed out that growing activity and spending in this area are likely to generate better data in the future. One issue is whether existing coding schemes are capable of capturing relevant information.
In his final comments, Dr. LaPlante urged the Committee "to think about linkage in a forward fashion," i.e., in terms of what might be done rather than with the usual retrospective approach. Dr. Iezzoni noted that this is compatible with Dr. Sondik's desire for proactive advice for the National Center.
(Dr. Shahla Yaghmai, L.A. County Department of Health Services; Dr. Dan Essin, L.A. County/USC Medical Center; Dr. Ted Shortliffe, Stanford University)
Dr. Yaghmai stressed the great complexity and limited resources her health department deals with. She urged that proposed changes be pilot tested and that those required to implement be offered incentives, financial assistance and adequate timetables for implementation.
Dr. Essin noted the limited usefulness of claims data and the need for clinical care information. He stressed the need for clear policy so institutions know how to improve their data collection, and he recommended structured data collection that can be translated into coding systems, possibly with the cost of translation offset by grants or other means. Discussing confidentiality issues, he noted that until institutions can afford the expensive technology to limit access to data, care should be exercised in the collection and transmission of data.
Dr. Shortliffe used his experience on an IOM panel as a frame for his comments on privacy and confidentiality. He recommended the panel's 1993 report, "Health Data in the Information Age," and recounted some of the stories of abuses he learned about on that panel. He asserted that all patients owe their society some access to their records for research, just as they have benefitted from past research on others, and he expressed hope that confidentiality restrictions would not be so stringent as to impede future research. Noting that automation has the potential to increase controls over data, he urged the Committee to help design clear policies that will indicate to the industry what computer systems are needed to improve security measures such as encryption and audit trails.
(Dr. Mark Schiller, California Association of American Physicians and Surgeons)
Dr. Schiller, a psychiatrist, expressed strong opposition to the use of unique identifiers for patients and providers, because they make it easier for the government to collect information that can then be abused. He stressed the rights of the patient as the overriding principle for medical care. He questioned the assumption that administrative simplification will improve medical care and asserted that the information needed for patient care is not compatible with the constraints of computer systems. He called for a recommendation that patients know how their information will be used, and by whom, and he urged that patient consent be required.
(Marj Plumb, Gay and Lesbian Medical Association; Eileen Hansen, AIDS Legal Referral Panel of the San Francisco Bay Area)
Because of discrimination against gay and lesbian patients and people with HIV and AIDS by society in general and by health care system, the consequences of information's getting into the wrong hands are very serious. Ms. Plumb stressed the need to give top priority to privacy and confidentiality. Her organization recommends that the Committee recognize that only universal access to health care and strong anti-discrimination laws will protect against discrimination, that it request strong measures to protect patient information, and that it call for strong penalties and sanctions for inappropriately divulging information.
Ms. Hansen urged that electronic data collection and transfer of information not be done unless/until the strongest possible protections are in place, in view of past abuses and the evidence of discrimination against people with HIV/AIDS. The AIDS Legal Referral Panel is concerned that HIPAA seriously threatens patients' confidentiality in that the administrative simplification provision emphasizes the goal of reducing the cost of health care and gives privacy concerns secondary consideration, at best. She urged that constraints be imposed on the implementation of HIPAA until a comprehensive federal privacy statute is enacted.
Invited to make a public comment, Laura Brown of Ernst & Young asked about the status of work on security. Dr. Detmer said the Committee would take this up within a month.
The group began the discussion period with comments about mechanisms for translating clinical narrative into coding. Panelists spoke in support of structured data input that can be translated. This was followed by a long discussion of the risks associated with electronic records. Dr. Detmer asserted that the nation must have anti-discrimination legislation in addition to security measures; technology alone cannot solve all the problems. It was noted that security technologies are routinely used for credit card use and Netscape but have not been adopted by the health care industry. In addition to the cost constraints, the health care industry suffers from a lack of vision and leadership, some of which the federal government could supply. Clarification of a health data and security policy would lead to appropriate technology.
The second day of the hearings began with a special welcome to those present on behalf of special populations, issued by Dr. Lisa Iezzoni, Chair of the Subcommittee on Population-Specific Issues. She stressed the NCVHS commitment to taking their concerns into consideration in its recommendations to the Secretary.
(Benson Nadell, The Ombudsman Program; Heidi Tom, Asian and Pacific Islander American Health Forum; Dr. Jean Campbell, mental health consumer; Rita Moya, National Health Foundation)
Mr. Nadell discussed the implications of HIPAA for frail elderly nursing home residents. He noted that the legislation seems intended to benefit providers and payors, not consumers. Key issues are whether client needs are reflected in data as a priority along with billing efficiency, and whether this consolidated client information will extend beyond what is only triggered by Medicare coverage; that is, whether risk factors inherent in data on ADLs are captured, and is portable for a truer and more complete profile of each client. He called for access to this data for consumers in cases of appeal, for informed consent for release of data, and strong protections for confidentiality.
Ms. Tom called attention to three fundamental data issues: the need for culturally and linguistically sensitive approaches; the importance of a community perspective in both health promotion and assessment; and the need for adequate diversity and ethnic representation in the data systems. The organization supports the maintenance of the nine categories listed in OMB Directive 15.
Dr. Campbell focused on the concerns of mental health consumers about misuse of their medical records. The most compelling argument for linkage would be improved care, but in her view this causation has not been proven. The views of mental health consumers and other stigmatized groups must be considered in the current standardization efforts, because they are vulnerable to the greatest harm from misuse of their records. She called for strong informed consent measures and access by consumers to their records.
Ms. Moya said her organization evaluates all information technology in terms of its impact on consumers, whose voice is often not represented in consensus-building activities around standards. NHF convened a group that worked out confidentiality principles. Its recommendations include the requirement that access to person-identifiable data only be given when confidentiality protections are assured and access to nonperson identifiable data be given to researchers and other entities when the purpose is in the public interest.
(Mary Ann Louri, PacifiCare Health Systems; Dr. Michael Ralston, Kaiser Permanente California Division North; Dr. David Hopkins, Pacific Business Group on Health)
Ms. Louri focused on confidentiality issues and urged the Committee to help put proper safeguards in place so that legitimate users of individually identifiable information can continue to have access to it. She described the protections imposed by PacifiCare.
Dr. Ralston said that Kaiser Permanente's concerns particularly revolve around the cost of legislated change, the relevance of what is required, the potential to misuse or gain unauthorized access to information, and the need for flexibility as the system evolves. It is concerned that HIPAA's vagueness in some areas may undermine the motivation to exchange information electronically or standardize tape formats.
Dr. Hopkins described several PBGH data and research initiatives, but he stressed that progress depends on key decisions by the federal government. He recommended the following: adoption of the SSN as the core element of the unique individual health identifier; avoiding confidentiality provisions that would inhibit the construction of integrated databases for legitimate research and evaluation; ensuring that provider group identifiers fit the realities of today's marketplace, connecting providers to their particular medical group or IPA; making every effort to meet the mandated deadlines; and publicizing standards widely.
The discussion with this panel focused on provider and group identifiers for today's market and the need for protections against improper employer requests for disclosure. Ms. Louri and Dr. Ralston said they have trouble with inappropriate requests from employers for data on individuals, and federal guidelines would be very helpful. In response to a question, Dr. Hopkins said he would support federal rules prohibiting employer access to the health data of employees. Other discussion topics were provider confidentiality protections, distinctions between research and evaluation and their implications for the use of data and IRBs, and the limitations of current procedure coding.
(Denise Love, Utah Department of Health; Dr. Richard Peters, ASTM; Kathy McCaffrey, California Office of Statewide Health Planning and Development; Jim Loyd, Texas Health Care Information Council)
Ms. Love described her state's experience with standardization, which she noted is an iterative process. She said many Utahans are concerned about whether HIPAA is flexible enough to allow the state to move forward with its progressive EDI effort and about whether federal privacy legislation might restrict current public health practice. Her major point is that federal policy, including privacy legislation, must be flexible enough that states can continue their own solutions. States also do not want reopened the issues they have already fought through with state legislatures. Generally, Ms. Love called for an iterative approach to innovation.
Dr. Peters highlighted three areas where ASTM standards are being developed: security, privacy, and identifiers. He said the ASTM identifier, which is not specific to the individual or type, addresses the concerns raised by Dr. Hopkins and others about the complex interweaving of providers and organizations.
Similar to Ms. Love, Ms. McCaffrey noted the many application and implementation issues concerning HIPAA and the difficulty of foreseeing its impact because of its breadth. She wondered how it would affect her state, which (for example) collects more detail than will be covered by the standards. She expressed a desire to help work out the details of standardization, which she supports.
Mr. Loyd urged the Committee to distinguish between political and technological issues and asserted that its HIPAA-related concerns are the former. If the political will is there, the technology exists; conversely, political problems cannot be solved with "technological bandaids." He urged that exemptions to the standards be minimized, and that they be introduced from the top down.
The discussion centered on the federal-state relationship in privacy legislation and standardization. Some misconceptions about the Bennett Bill and other matters were clarified, and Ms. Love stressed the need for intensive briefings of states when a law is passed. The group discussed the challenge for state data offices of adding elements such as California's praised diagnosis flag, and Ms. McCaffrey said the state works with hard-pressed jurisdictions such as L.A. County. Ms. Love reiterated her appeal for a go-slow, incremental approach to adding data elements.
(Ann Geyer, Healthcare Data Information Corporation; Dr. Tom Trabin, CentraLink and Institute for Behavioral Health Care; Gretchen Swanson, Swanson & Co.; David Manigault, Core, Inc. and Healthcare EDI Coalition; Pat Forbis, American Association for Medical Transcription; Dr. Barbara Simons, U.S. Public Policy Committee of the Association for Computing)
Ms. Geyer had several recommendations on behalf of HDIC, whose members strongly advocate for earlier determination of essential confidentiality protections which can be implemented in the same timeframes as the EDI provisions. She urged the Committee to exercise national leadership in this area and to establish one standard per transaction. She also recommended that standards bodies be directed to create implementation test data sets as part of the certification that a standard has been implemented, and that independent agents act as mediators in the event of disputes over implementation.
Dr. Trabin described increased information exchange practices under managed care that exacerbate providers' paperwork burdens and compromise traditional data privacy practices. He suggested 1) requiring managed care companies to periodically report to patients on the number reviews of their charts, by whom including the reason for the review, and 2) requiring a special consent for non-routine reasons for access to the patient record. He called for strong governmental pressure to encourage common data sets among organized care systems, to lighten the paperwork burden on providers, and he urged that mental health and substance abuse records receive special protections.
Ms. Swanson encouraged the Committee to add a functional variable to the core data set and to consider using the ICIDH for this purpose. By characterizing function, the ICIDH indicates a patient's need for services and makes it easier to triage, plan care, and monitor changes in function over time.
Mr. Manigault stressed the centrality of the interface between trading partners. He urged that standards take this into account and be kept simple and inexpensive. Also, hospital workers who are displaced by EDI should be given training for new work.
Ms. Forbis drew attention to the burgeoning of a huge, unregulated industry to transcribe dictated medical records, with serious implications for the confidentiality of those records. She called the industry attention to the fact that some transcription services are becoming data repositories and looking at how to market the information they control. AAMT recommends that information release forms include information about where documentation is stored, who controls it, and the patient's right to review it. Quality assurance standards for dictation and transcription process should be developed, and ASTM's standard on security and confidentiality of transcribed health records should be adopted.
Dr. Simons encouraged the Committee to call on ACM for disinterested technical assistance. She discussed the current threats to confidentiality, and called for aggressive Committee leadership in this area. She strongly criticized the use of the Social Security Number as a unique identifier.
Much of the discussion with this panel focused on Ms. Forbis' alert about medical transcription and the general need for new solutions that take into account the global nature of information exchange. Dr. Detmer observed that the Committee and the government are being challenged to be unusually proactive in their approach to policy planning.
(Dr. Oliva, Family Health Outcomes Project, UCSF; Dave Schinderle, St. Joseph Health System; Mike Ball, California Health Information Association; Mike Kassis, California Health Information for Policy Project; Dr. Tony Nespole, California Medical Review, Inc.)
Dr. Oliva described California's development of a unique client identification system that uses a set of core data elements for uniquely identifying individuals across the services of several agencies, with confirmatory elements. A larger set of elements is to be used for case management and inter- agency information about the client. Tested in respect to more than 600,000 birth records, the five core data elements yielded a 99+ percent match. It has been pilot tested in Orange County, where few patients refused to provide the core information. Patients sign a consent form that says who will have access to their information and where it will reside.
Mr. Schinderle had many practical suggestions. The many providers that, like St. Joseph Health System, process claims for HMO need to be educated that they are classified as payors and the forthcoming regulations will apply to them. X12 data sets should be frozen for periods of time. His group recommends allowing the continued use of the current claim transaction for about three years, and it also asks the Secretary to consider formalizing an implementation process. He also recommended that no exemptions to uniform standards and processes be permitted, and he expressed concern about the proposed two-tier implementation, favoring instead letting the deadline slip to 30 or 36 months.
Mr. Ball called special attention to two issues: the lack of access to published coding guidelines by medical records personnel, and insurance companies' arbitrary refusal to reimburse certain valid codes. CHIPP anticipates extensive educational work to prepare its constituents to enforce new HIPAA-generated regulations. Government should offer funding to offset the cost of the computer-based patient record, which is borne entirely by providers.
Mr. Kassis recommended using a core data set for personal identifiers, not including the Social Security Number. He offered CHIPP's help if the Committee decides to recommend such a set of core elements. CHIPP also suggests the adoption of an accreditation standard for health data operations, which it believes would generate confidence in health information systems. Every major health data organization, to be accredited, should have a body of representatives that includes consumers. CHIPP believes informed consent should be required for disclosure of information that affects individuals' lives. Mr. Kassis also recommended a consumer education campaign about the uses of health information and how the public benefits from them.
Dr. Nespole said his organization strongly advocates administrative simplification and standardization, and he stressed the need to expand the list of mandatory data elements extracted from the medical record. CMRI research shows potentially important differences between the Medpro file and medical record data, demonstrating the need for routine checks on the validity of Medicare data. The same applies to non-Medicare data. CMRI recommends routine unannounced audits or other accreditation systems of health care data practices and procedures. In addition, confidentiality protections should be in place before computerized patient-specific information is made available for analysis. Dr. Nespole outlined some of physicians' fears about misuse of their data and its consequences. CMRI urges the Committee to be bold in its recommendations to protect providers' and patients' rights.
In the discussion, Mr. Gellman and Ms. Frawley expressed support for CHIPP's idea of industry accreditation, to build mechanisms for accountability and to bolster public confidence. Two panelists noted the need to stimulate vendors to meet the industry's software needs for both EDI and data quality control. Dr. Detmer pointed out the need for a national strategy for the health component of the national information infrastructure. The computer-based record, help in facilitating its dispersion, and financial incentives as well as privacy, confidentiality and security provisions and data dictionaries can coalesce as part of a public/private strategy.
Three people spoke in the public comment period. In their final comments, several Committee members and staffers remarked on what they most valued in the hearings -- notably the information on single identifiers, practical insights from a cutting-edge state, the cross-fertilization of ideas across issues, and the broad agreement about the importance of confidentiality and the need for uniform implementation of standards.
Dr. Detmer called the meeting to order and noted that this is the seventh NCVHS hearing on Kennedy/Kassebaum (K2). Unlike the others, it deals with the full range of issues related to the legislation. NCVHS is emerging as a health data/information policy advisor to the Secretary and Congress, and these and other hearings are directed at strengthening the Committee in that role. NCVHS is holding a west-coast hearing to make it easier for westerners to give input. He thanked those who planned the meeting, notably the California Office of Statewide Health Planning and the Healthcare Data Information Corporation. Following introductions of everyone present, he invited people to sign up for the public comment period at the end of the day.
These hearings will have panels on insurers, health plans and providers; public health and research; public hospitals, community health centers and academic medical centers; advocacy; integrated health systems; employers; and state health data. The testimony and discussion will contribute to the recommendations the Committee is mandated to make to the Secretary.
Larry Matejka and Sharon Ferrell, California Medical Billing Association
Billing companies, of which 800-1,000 exist in California, produce claims for providers. Ms. Ferrell said that while efforts to simplify or standardize data collection and transmission are theoretically welcome, in practice they have added layers of complexity. She cautioned against placing the entire burden of HIPAA's changes on the administrative arena, noting that the shift to managed care has increased administrative costs and reduced revenue for providers. Thus providers are ill equipped to adapt to radical changes. She urged the Committee to consider the impact of its recommendations and allow ample time for implementation. She also expressed concern about the K2 provision that would allow payers to choose not to conduct transactions electronically, which would be "an inducement to take a giant step backward." Her organization recommends that any standard formats be mandatory for all intermediaries working with government plans, including IPAs.
Dorel Harms, California HealthCare Association and CA Institute for Health Systems Performance
Ms. Harms used her 10-minute presentation time to respond to the Committee's questions, posed in advance to all speakers. She anticipates benefits from standardization, once HIPAA becomes "universal," and she noted that currently much of the standardization is internal to specific health care systems and does not permit comparison among hospitals and systems. Many hospitals have not begun to think about the issues being raised by NCVHS and HIPAA. Her organizations are concerned that HIPAA's changes will take place at the same time as year 2000 changes, creating "exponential problems." These changes should be staggered, if possible. There are privacy concerns as well: data are only useful when transformed into information, and this requires accessibility, which makes the data vulnerable. On coding systems, she asserted that ambulatory and inpatient coding systems should not differ.
Kay Franks, Sutter Health
Sutter Health is a nonprofit integrated health care organization. Responding to the questions, Ms. Franks expressed concern that the attempt at administrative simplification will actually add burdens on providers, and that the time lines are very aggressive. She noted the difficulties simply of standardizing within a relatively small integrated system and the slim operating margins of health care organizations today. Other concerns relate to technical and confidentiality issues raised by a unique identifier, and the prospect of disclosure penalties. Ms. Franks stressed that for administrative simplification to work, it must be mandated for all organizations. Requirements for paper attachments must be eliminated. A single diagnostic and procedural coding system would be ideal. Finally, she encouraged efforts to ensure the compliance of payors and plans, to minimize the costs of the change, and to continue broad input into the process.
Most of the discussion with this panel focused on implementation issues. Regarding the tight timelines, Dr. Lumpkin distinguished between the time for identification of the standards and for their implementation, and Ms. Franks asserted that both are quite ambitious. She suggested a pilot in some states. Ms. Harms called attention to potential costs and to the need for much more publicity about the impending changes to hospitals and other organizations. Ms. Ferrell noted the need for education and training, and added that there is a shortage of qualified medical billing personnel. Mr. Matejka pointed out that providers are at the mercy of software vendors, which must handle the changes. Dr. Detmer asked for continuing suggestions about how to "get this more on people's scanners."
In response to a question, Ms. Ferrell explained that her misgivings that intended simplification will result in greater complexity are based on past experience. She urged a cautious approach to implementation. Asked why she does not welcome changes that would result in more comparable data, Ms. Franks explained that it is a resource issue. Ms. Coltin noted the difficulty of reaching consensus on change within an organization, suggesting that it will be easier if the change is imposed from the outside. Ms. Franks said she would reserve judgment until she sees the standards. Noting the differing applications of the Medicare 855 form, Mr. Matejka stressed the importance of having the standards apply universally.
Dr. Lumpkin asked the panelists to give input on the existing SDO standards and the anticipated impact of standardization. Mr. Matejka and Ms. Franks noted the frequency with which billing systems are enhanced, and Ms. Ferrell commented on the difficulty she has had finding software for her proprietary system to keep up with changes. Ms. Franks noted that health care in general is far behind the banking industry in information technology, and Mr. Matejka said software developers are focusing on clinical modules.
Asked to explain their somewhat negative attitude toward the anticipated standardization, the panelists said that in California the ascent of managed care has resulted in "steps backward" in EDI. They stressed the importance of requiring universal compliance with the standards. Ms. Franks noted that the declining use of bills as a result of the rapid move to capitation is another consideration.
In response to another question, she said that the key technical issue in regard to the unique ID relates to assigning numbers to newborns. To a related follow-up question, she said her confidentiality concerns about master patient indexes relate to the potential for external invasions of privacy.
Dr. Iezzoni asked about the issues in the home health care setting, and Ms. Franks said the software systems are different and there are few vendors for them. Ms. Harms noted the potential usefulness of a unique identifier in linking data from various care settings. The group discussed some of the problems with the Social Security Number (SSN). They then discussed aspects of procedure coding, with the panelists agreeing on the desirability of a single system. Ms. Franks said discussions of this topic have not taken place between her organization and the California Medical Association and other associations, but this should happen. She and Ms. harms agreed that a single procedure coding system would greatly reduce duplication of effort. Mr. Matejka added that ideally the coding set should be universal, with specialty subsets that payors could restrict.
Regarding the proposed implementation of ICD-10, the panelists were generally positive about this change. Regarding the process of implementation, Ms. Franks and Mr. Matejka recommended being clear about what will happen and allowing time for organizations to educate their members, but then "doing it right, and doing it once." Ms. Harms, in contrast, recommended a phased-in approach.
Turning to confidentiality, Mr. Gellman asked for comments on proposed legislation. Mr. Matejka asserted that the Bennett Bill is very restrictive, and he appealed for clarity in the guidelines about who is entitled to access to data on patients. Ms. Franks noted that California already has strict patient confidentiality laws. Panelists commented on the law's provision that information can be disclosed for billing purposes without patient authorization.
Asked to comment on the National Provider Identifier, which Mr. Scanlon noted they all seem to support, the panelists noted that the longer the number is, the more room for error and that it will be good to replace the current "sloppy" systems. Concerns were expressed about possible misuse or misinterpretation in connecting providers to mortality data.
Dr. Detmer thanked the panelists for their contributions, and invited final comments. They expressed support and appreciation for the Committee's work, and noted that the foundation already exists for the impending changes.
Nelda McCall, health services researcher
Ms. McCall focused her remarks on the uses of standardized data to improve the health delivery system. She commented on the data needs in five areas: utilization and access monitoring, financial analysis and rate setting, quality assurance, program planning, and general societal uses. A major concern is that the data sets collected to date will not be lost in the shift to managed care. Databases are especially critical for documenting and understanding trends in disease incidence and treatment.
Regarding the promotion of standardization, Ms. McCall noted that current standards are based on Medicare data. She urged the Committee to use its unique position to think about and promote a broader perspective, structure and coding for all health data. One of the Committee's challenges is to help find the proper balance between existing systems and new ones that can accommodate more outcome-focused and clinically-focused data. The integration of service delivery systems will improve the ability to standardize information. Standardization must be broad-based and include standards for long-term care insurance policies, as an increasing proportion of health care resources are spent on long-term care.
Ciaran Phibbs, research economist (Palo Alto V.A.; Stanford University)
Dr. Phibbs (speaking for himself only) focused on the potential gains of linking data from different sources, something that will be facilitated by unique identifiers and data standardization. He recommended that the standards include a set of identifying information rather than just an ID number. To demonstrate the benefits of data linkage, he described his recent analysis of neonatal mortality and hospital patient volume, published in JAMA. Using several data sources increased the predictive accuracy of the model and yielded substantive changes in the results. He noted that it will be important to link the emerging clinical data sets to existing data, to remove the effects of selection bias, among other things. As another example of data linkage issues, he discussed the benefits of linking data in the V.A. system with those from care outside it, as veterans receive care in both places. Finally, he noted that increased data linkage also increases the risk to patient confidentiality, and he called for reasonable and appropriate steps to protect confidentiality without denying data access to qualified researchers.
George Flores, Sonoma County Public Health Director and President, Health Officers Association of California
Dr. Flores appeared on behalf of the Health Officers Association. He stressed the fundamental importance of maintaining trust with all for whom public health is responsible, which depends on their confidence in the privacy and security of their medical information. In particular, the concerns of California's immigrant population about confidentiality and security have been severely exacerbated by Proposition 187, leading to precipitous drops in clinic attendance and the failure to get care for serious conditions. This puts both individual and societal health at risk. Dr. Flores also discussed the concerns around disclosure of HIV status. He noted the potential advantages to public health from linking information systems, benefitting immigrants as well, but also the considerable risks through intrusion by the Immigration and Naturalization Service, insurance companies, apartment owners, and others who would use medical records against people. He recommended local oversight to control access by researchers and others, so that local authorities know who is using the information. Localities also need access to information derived from shared information systems. The goal is to use health information for "systematized improvements in health care" and to avoid their use for "systematized entrapment." In conclusion, he stressed the need to assure immigrants that their health care information will not be used against them, and he urged the Committee to "first, do no harm" with its data sets.
Much of this discussion focused on ways to protect confidentiality and still permit research, and on the need to make a stronger case for research to the public and Congress. The panelists said that some, but not all, research can be done with nonidentifiable data. Dr. Flores said public health's use of encrypted identifiers for AIDS information has no disadvantages for epidemiology but prevents contact tracing. Special access may be necessary for public health. Mr. Gellman noted that some legislative proposals require patient consent before their records can be used for research. Given that every user group asserts their special entitlement to access, it is incumbent on researchers to make the case for research more effectively than has been done in the past. Failing that, research is at risk. Several panelists pointed out that there are already limits on access to data for research uses, but they agreed that more public education is needed. Dr. Detmer noted the paucity of research on the nature and extent of abuses and problems in this area.
Mr. Gellman stimulated a long and inconclusive discussion with a query as to what meaningful distinctions can be made between research and law enforcement in terms of their use of health records. It was posited that the INS and law enforcement are interested in individuals, while researchers generally are not, but this distinction was disputed. Nevertheless, it was agreed that greater scrutiny is required for data uses that focus on individuals. Ms. Coltin pointed out that a single unique identifier that could be encrypted would obviate the need for additional data, but Dr. Phipps stressed that a dataset is necessary to definitively identify an individual. Responding to a question, he said it is theoretically possible, but not currently realistic, to have a reliable unique identifier. Mr. Gellman pointed out that any access to a person's medical record is a violation of that person's privacy, whether or not it leads to a decision regarding that individual. He also observed that researchers need to clarify the black and white areas related to confidentiality and then deal carefully and creatively with the many gray areas, including this one.
The panelists were supportive of the IRB model for health services researchers around their access to individual data. Asked about new provisions that require the patient's authorization for research use of medical records, Dr. Phibbs and other panelists said it is "a disaster." Ms. McCall concurred with Dr. Phibbs.
Asked to elaborate on her comment about the Committee's taking the broad view regarding health care, Ms. McCall suggested a developmental effort in which it "gets down to the nitty gritty" and look at all the standards for various services and figure out how to integrate them over the long term. This would involve putting things on the table for people to react to and developing a discussion piece. NCVHS is the right body to spearhead this effort, she said. Dr. Phibbs agreed on the desirability for researchers of having a single unified data system.
Dr. Flores was asked to expand on his remarks about undocumented aliens' avoidance of careseeking. Two studies in medical journals show the deterrent effects of Prop. 187 in this regard, and other informal studies and anecdotes have appeared in newspapers. He noted that many households contain both documented and undocumented family members. To counteract this trend, he said medical workers must be committed to protecting people's privacy, regardless of their immigrant status, and this commitment must be made very clear to individuals and the community, to establish trust. He encouraged the Committee to include in its pronouncements a strong reassurance that the security and confidentiality of their medical encounters will not be jeopardized. Dr. Detmer pointed out that actions are needed on two complementary fronts: fair information practices related to personal health data, and non-discrimination legislation. He also observed that the absence of standards for media reporting of these issues contributes to the problem.
He then thanked the panelists for their contributions.
Robert Newcomer
Dr. Newcomer stressed the need to track the service utilization of people in group housing, including both elderly and nonelderly disabled people. Currently, although as many people live in group housing as in nursing homes, the industry is virtually invisible in national data systems. It also is not clearly defined or well regulated in state and local ordinances, threatening an erosion of the quality of care. Until adequate information systems are in place, hospital discharge abstracts can be used to track marker conditions. Another possible source is Medicare claims, to track diagnoses. Neither of these data systems is adequate, however. One alternative is to rely on survey systems, but these are national and do not yield useful community-level estimates.
Definitions are a key problem because the term "group housing" encompasses a wide range of settings and purposes. To simplify matters, states use a simpler definition based on having five or more unrelated persons in the same home. Many group homes are not included in the National Health Interview Survey and other surveys. Dr. Newcomer provided the Committee with a critique of 75 surveys, all of which have fundamental problems. S/He recommended putting and maintaining better information on hospital discharge abstracts and claims data as the first step toward better information in this area, and also that NCVHS or another body look at how to improve the sample frames used in the NHIS and other national surveys with respect to group housing. In addition, the disability information in the American Housing Survey and the Census must be improved.
Hal Luft (U.C. San Francisco)
Dr. Luft, an economist, directs the UCSF Institute for Health Policy Studies. Speaking for himself only, he focused on three issues: data quality, the potential burdens of data collection, and risks to confidentiality. Given the burdens, and to maximize quality, he recommended being sensitive to the kinds of data requested and ensuring that those generating the data care about them. He noted that the current health system has widely varying data capabilities, and incentives vary. Because different levels of information are generated in different settings, coding should represent the expected degree of accuracy, and data collection should be done with "the appropriate level of resolution." Furthermore, national standards should be seen as a minimum, not a maximum. And because the nation is in transition from paper to electronic medical records, we should focus on the reasons for needing specific data at particular levels.
Dr. Luft noted that the risk to patient confidentiality depends on the research setting. He advocated the use of IRBs, with accurate identifiers to achieve the linkages that are crucial for monitoring medical care performance and improving patient care. He supports redundant linkages "to check on things," followed by the stripping of identifiers. He suggested that for research purposes, data could be "jittered" in ways that reinforce confidentiality without undermining the research.
Dr. Mitch LaPlante (UCSF Disability Statistics Center)
Dr. LaPlante echoed Dr. Luft's statements about research and said his comments would focus on informational needs in the areas of health and disability services research. Speaking for himself only, he stressed that standards development and administrative simplification should address data content in order to optimize the information in transactions and maximize its usefulness. Reliable functional and disability information should be included because these factors are proven predictors of health care utilization as well as indicators of service outcomes. The research applications of such information include determining the rate of low-prevalence chronic diseases and conditions in specific geographic areas, comparing different covered populations and looking at differences between capitated and non-capitated plans, longitudinal research, and identifying the need for rehabilitation services.
Noting that the ICIDH offers a standard for consideration, Dr. LaPlante encouraged the Committee to establish place holders for functional and disability elements in the implementation of administrative simplification requirements, just as it did in its core data recommendations.
Dr. George Peter Abbott (California Department of Health Services)
Dr. Abbott (appearing as an individual) noted that California has been developing approaches to many of the issues in the National Committee's mandate. He stressed the importance of standards to public health and research, with identifiers playing a key role in following individuals longitudinally and across programs. He then described his state's project to develop an approach to a unique identifier, and the evolution of a core data set for this purpose with five core and seven confirmatory data elements. The system is premised on the patient's voluntary cooperation, and uses stable data items the client can remember. The Department of Health Services has a goal of full implementation by June 1998, and it hopes other state agencies and departments will also adopt the system. They did not choose the SSN because it is not reliable and can too easily be linked with other information that can be damaging to the individual. Other stakeholders such as schools were involved in the process. Dr. Abbott echoed Dr. Luft's recommendation that federal standards be viewed as minimums on which states and localities can build. Regarding confidentiality, he noted the need to determine whether data are confidential in their own right or when combined with other data. California uses a kind of IRB to review requests for data by researchers and others. He described its process and criteria, noting the importance of public tolerance of the use of health information and thus the need to establish and maintain trust. He urged the Committee to maintain the balance between confidentiality and data access rather than being too restrictive.
Much of the discussion period focused on confidentiality issues and their relation to research and public health priorities. First, in response to a question, Dr. Abbott said the common core data elements for unique identifiers are estimated to cost between $10 to 20 million to implement and yield 98-99 percent accuracy.
Mr. Gellman asked Dr. Luft to expand on his comments about "approximate values." Dr. Luft said multiple sources with no interest in the underlying data could do linkages, and varying levels of accuracy could be tolerated, depending on the application. Mr. Gellman noted that proposed privacy legislation initially called for centralized data banks until this became too sensitive and disappeared from discussions, and Dr. Luft described California's practice of a series of steps whereby the person doing the linkage never sees the patient-level confidential data. To match the category of data to the application, he suggested something akin to IRBs that would use a standard protocol combined with case by case variations. He noted that some data can be blurred in ways that are tailored to each situation.
Building on these ideas, Dr. LaPlante suggested a mechanism whereby records per se are never linked, but the information in them is linkable across the system. He noted that in a clinical setting, identifying data can be confirmed with the patient and this provides a safeguard that the correct record is being used. A question from Mr. Scanlon about the panelists' experience getting encounter-level data from health plans led to a long discussion of working with HMOs. Dr. Luft asserted that many of them in California "do not get any data." Dr. Newcomer said health plans' complicated structure is made even more complex if they have an independent practice association mix as well as a staff mix. Dr. LaPlante said a fundamental problem is that the plans' data are not available in a linkable form. These problems have both proprietary and logistical origins. He added, however, that the situation is changeable and even changing, as health plans face growing incentives to collect more data.
Dr. Cohn pointed out that many HMOs collect a good deal of data in response to HEDIS and other NCQA requirements, even if they do not have "typical encounter information." Shifting the focus, he asked Dr. Luft's views on single procedure coding, to which the response was that "it is so large an issue, and so technical, that I didn't want to get into it." Dr. Luft asserted that he is not competent to recommend a solution, and that those who know the clinical issues need to resolve them.
To a question from Dr. Iezzoni, Dr. LaPlante said he sees the ICIDH as a "not perfect" framework, but one that is evolving and improving. He doubts that it is the best classification for these purposes, because it has so much detail. Functional performance indicators are the crucial elements to predict health care utilization and eligibility. He noted that Dr. Swanson would discuss the ICIDH on the following day.
Dr. Iezzoni then expressed concern about the prospect that small area research would identify people with rare conditions. He agreed that this is the danger, and added that he would sacrifice the ability to generate a prevalence estimate if it would result in identifying someone. He also pointed out that people with disabilities and rare conditions can benefit from documentation of underservice and the considerable regional variations in access to appropriate care. He noted the operative NCHS regulations that restrict investigation of sparsely populated regions, which afford some protection.
Dr. Newcomer pointed out that the key questions are "who wants to know, and why?" For regulatory purposes, as much information as possible would be justified, while research needs less.
Dr. Luft raised a concern about what protections researchers have from subpoenas requiring them to turn over data. Dr. Lumpkin added that national preemptive privacy legislation could jeopardize current state protections, in which case supplying data to a researcher could create a loophole for other users. Mr. Scanlon later commented that one option is to use the DHHS provision whereby the Secretary can issue a certificate of confidentiality for research data, which might add protections.
Dr. Lumpkin generated a long discussion with a question about what procedure codes were in order to capture care in conjugate living facilities. Dr. Abbott said the easiest option is to collect data only at transition points in the delivery system, supplemented by a data system in the facilities recording information about functionality and other factors. He predicted that as more Medicaid dollars are spent on residential care and group housing, procedure codes and other data will improve. In the meantime, indicators of movements in and out of that system and of quality of care are the top priorities. Dr. Mor and Dr. Lumpkin pointed out that many residential care facilities have no provider numbers, and most encounters will produce no data. Dr. Newcomer observed that third party vendors who provide skilled care record their procedures. Dr. LaPlante said the major issue is that "this is a new and developing mode, and there is more and more concern." In the future, the procedures need to be linked with the location. The question is whether the coding scheme is capable of capturing these procedures, not whether they are currently being coded. The CPT codes capture a lot of rehabilitation, and he urges consideration of classifying rehabilitation as a separate type of encounter. The exemption of rehab from DRG treatment needs to be addressed.
Asked about coding systems for durable medical system, Dr. LaPlante said the ISO has a classification, and there is another for the Assistive Technology Act that is being tested in North Carolina. He said he would supply a reference on the latter.
Dr. Detmer then invited the panelists to make final comments. Dr. Abbott said, in regard to where data should repose and who should guard it, that the approach in California is to get people to accept that data will reside in distributed settings. Regarding patient consent in a public health context, he noted the tension between the legal advice that "a good consent is very specific" and the reality that often the specific uses are not known until the research begins.
Dr. LaPlante urged the Committee "to think about linkage in a forward fashion," in terms of what might be done rather than the usual retrospective approach. Dr. Iezzoni noted that this is compatible with Dr. Sondik's desire for proactive advice for the National Center.
Dr. Luft underscored Dr. Abbott's point about being able to link data without its residing in a single big data system. Mechanisms should be designed, he said, to ensure scrutiny, thought and oversight.
Dr. Newcomer expressed skepticism about "moving too much beyond the Social Security Number," and suggested piloting new systems in a few states and computer systems.
Dr. Detmer thanked the panelists, quoting the maxim that "in nature, nothing is free."
Dr. Shahla Yaghmai, L.A. County Department of Health Services
Dr. Yaghmai described her county's efforts to develop a centralized database and the extraordinary complexity with which it contends in operating the nation's second largest health care system, restructuring services, and capturing and linking data. The county's $123 million deficit makes any significant system and procedural changes difficult. Its recommendations to NCVHS are 1) to implement a pilot program to determine optimal approaches before requiring them on a national scale; 2) to provide financial assistance and incentives for the required changes; and 3) to establish a reasonable timetable.
Dr. Dan Essin, L.A. County/USC Medical Center
Dr. Essin directs medical informatics for his institution. He said computerized records are important so practitioners can know as much as possible about their patients. He stressed that claims data are only useful for paying a claim, and even for that purpose they do not necessarily contain correct information because of the gaming that sometimes goes on. The problems with this incorrect information are compounded, and can cause problems for patients, when systems forget that the information is not correct.
The County/USC Medical Center needs to know what to expect from standardization, to know how to restructure itself for meaningful data collection. Dr. Essin recommended that organizations adopt systems that can support codified data rather than "big blobs of narrative," so they can generate relatively quantitative information that is useful for health policy research. Orderly data can be turned into various coding systems. The cost of translation might be absorbed by a grant or by funding for a research project.
Regarding confidentiality, he noted that the greatest risks relate to secondary release of information, and this cannot be prevented by any policy. Specially constructed systems are needed to modulate the level of primary access, but the technology required for this is too expensive for most organizations. Until this is available, caution should be exercised in putting data where people can get at it too easily.
Dr. Ted Shortliffe, Stanford University
As an internist and a computer scientist, Dr. Shortliffe deals with both clinical and research issues. He noted that there is growing recognition of the importance of the computer-based patient record; the unresolved issues lie in the area of data privacy and confidentiality. He described his work on an IOM panel on Community Health Information Networks and encouraged everyone to read its 1993 report, "Health Data in the Information Age." Participation on that panel exposed him to stories of egregious violations of confidentiality as well as to the arguments for a "balanced recognition of the valid roles for health data outside the clinical setting." Although many patients do not find it "obvious," in his view all patients owe their society a degree of access to their information in return for benefitting from the good medical care based on research on other people's medical records. And although computers may heighten the sense of vulnerability of records, he is convinced that they also have the potential to increase control over patient data. He cited some mechanisms, such as audit trails, encryption, and authentication.
Dr. Shortliffe urged the Committee to help design clear policies that will indicate to the industry what computer systems are needed and that do not stymie either computer developers, physicians caring for patients, or high-quality research. The NRC report points out the problems with IRBs and the need to address the implications of giving patients total control over their records, including the undermining of the quality of care.
Dr. Detmer thanked these panelists and deferred discussion with them until after the next panel's presentations.
Dr. Mark Schiller, California Association of American Physicians and Surgeons
Dr. Schiller is a psychiatrist. His comments are based on the principle that the patient's care always comes first and that the protection of patient confidentiality is at the heart of the Western medical/ethical tradition. Current trends are leading people to disavow this principle and stress the social good over the individual good; this, he said, is wrong, as no concern supersedes the rights of the patient. He questioned the assumption that administrative simplification will improve medical care, and asserted that the information needed for patient care is not compatible with the constraints of computer systems. Furthermore, the information will be abused. Dr. Schiller asserted that Kennedy/Kassebaum's requirement for unique identifiers for patients and physicians is unconstitutional. His preference is for the Committee to recommend against the implementation of IDs; but failing that, he called for a recommendation that patients know how their information will be used, and by whom, and that patient consent be required. He plans not to use a physician identifier or a patient identifier in his clinical work.
Marj Plumb, Gay and Lesbian Medical Association
Ms. Plumb directs public policy for the Association, which combats homophobia and promotes quality health care for lesbian, gay, bisexual and transgender patients. Medical records confidentiality issues are central to their mission. She described the plight of these groups and of HIV-positive patients in a homophobic and AIDS-stigmatized society, and described the types of discrimination they confront in the health care system and society in general. The substandard care received by many gay and lesbian patients has been documented. For these reasons, the consequences of information's getting into the wrong hands are very serious. Ms. Plumb stressed the need to give top priority to privacy and confidentiality. Her organization has the following recommendations for NCVHS:
Eileen Hansen, AIDS Legal Referral Panel of the San Francisco Bay Area
The Referral Panel does federal and state public policy work and provides legal services to people with HIV/AIDS. Ms. Hansen directs their policy program. She discussed the principles of confidentiality and control over information access and their relation to public health considerations -- a pivotal tension in regard to people with HIV/AIDS. These issues are heightened by the fact that those most affected by the HIV epidemic are disproportionately members of socially stigmatized groups that mistrust government's intentions.
Ms. Hansen reviewed the breaches of confidentiality that have occurred in a variety of contexts, and the negative consequences of inappropriate disclosure of people's HIV status. She urged that electronic data collection and transfer of information not be done unless and until the strongest possible protections are in place. The AIDS Legal Referral Panel is concerned that HIPAA seriously threatens patients' confidentiality. The administrative simplification provision emphasizes the goal of reducing the cost of health care; privacy concerns are at best secondary. This organization and the AIDS Action Council in Washington, D.C. agree that according to the current plan, privacy standards will be developed long after the EDI network has begun operations, making them meaningless. The Panel agrees with the NRC that strong incentives to protect confidentiality do not exist, but it disagrees with its assertion that consumers are not concerned about this issue. The AIDS
Legal Referral Panel calls for "extreme and absolute" policies and sanctions in this area, including honoring patients' right of consent. Until a comprehensive federal privacy statute is enacted, constraints must be imposed on the implementation of HIPAA.
Laura Brown of Ernst & Young asked about the status of the Committee's work on security issues. Dr. Detmer said the Committee views this as an important factor, and will be getting into it later in June and thereafter.
Dr. Mor asked about translation technologies for handling narrative, and Dr. Essin cited several demonstrations of what can be done with narrative. Dr. Mor expressed concern about introducing strightjackets that limit the potential for more flexible systems to characterize behaviors, but Dr. Essin said the systems he refers to are flexible. Dr. Shortliffe noted that these systems are effective for structured data entry at the time of recording, but not for post-coding, which still has "tremendous potential problems." Standardized environments can be built that allow flexibility in description, and people adapt to these structured systems easily. The key variable is the human- computer interface, not the technology.
Dr. Lumpkin commented on the widespread concerns about the increased risk associated with the electronic environment, and asked how much is due to the lack of sufficient safeguards and how much is inherent in any information system. Dr. Detmer remarked that it should be assumed that anti- discrimination laws must be in place, and its absences clouds much of the discussion of electronic records. Dr. Essin pointed out that even the CIA seems unable to prevent security leaks with existing technology, so it is not realistic to expect other institutions to do so. Dr. Schiller commented that the chief danger is the government's intention to collect healthcare data on individuals and providers that can be abused. Dr. Shortliffe observed that it is impossible to devise technology that prevents people from misusing information; rather, policies, procedures and penalties are needed. Paper records already are vulnerable to intrusion; the added risk with computerized records is that they can be moved out of the institution and into networks. Technologies are commonly used to limit charge card abuse that are not being used in health care.
Ms. Plumb noted that a major difference between computerized and paper records is that large numbers of people can be compromised at once. She suggested shifting from current thinking and starting with the premise that no information needs to be transferred, then evaluating each request for information separately in terms of whether it really needs to be transferred. Dr. Essin noted that the release category could be pre-associated with the data facts, so that the data are flagged at the outset in terms of whether or not they can be released. He also noted that Netscape technology exists that prevents printing or saving to a file. The group discussed the fact that the health care industry has not taken advantage of available technology, largely because of its cost. Dr. Shortliffe said the failure is also due to the lack of a shared vision and coordination in healthcare. There is a role here for federal leadership, to delineate a health data security policy and help others understand it. He noted that health care industry is far behind other sectors in the sophistication of its information systems and the use of technology. Dr. Schiller observed that part of the problem in health care stems from the separation of the people receiving the services and those paying for them and directing the care. Ms. Hansen commented that her organization accepts the value of electronic records but focuses its concerns on the networking aspect and how information is shared.
Dr. Detmer concluded the discussion by noting that the practical political problem is how to keep the perfect from being the enemy of the good, and how to get enough people to converge on a reasonable solution to get it on the books. He thanked the panelists for their contributions and the meeting recessed until the following day.
Dr. Detmer asked for introductory remarks from Dr. Lisa Iezzoni, Chair of the Subcommittee on Population-Specific Issues. She said the Committee wants to make sure populations that sometimes are not included in decisions have input into the National Committee's HIPAA recommendations. She gave a special welcome to those who have come to speak on population- specific issues.
Benson Nadell, The Ombudsman Program
The Ombudsman Program nationwide represents the interest of residents of long-term care facilities, especially frail and vulnerable residents over age 80. Mr. Nadell said he would discuss HIPAA in terms of its implications for the rights of his organization's clients. Key issues are whether client need is a priority along with billing efficiency, and whether the consolidated information will extend beyond Medicare to the totality of care. He recommended that the nursing home MDS be used as a standard of assessment across providers and extend out into the community. He asserted that consumers have the right to informed consent and to access to their medical records. Nothing in the proposed standards pertains to consumer access to information, making it difficult for consumers and their advocates to appeal denials. Electronic autographs should be conditional on actual contact with patients. Privacy protections should be stronger than the current HIPAA approach, not be couched in delegatory language, and have strong enforcement mechanisms.
Mr. Nadell said he has come to realize that the proposed HIPAA changes for transactions are not intended to benefit consumers, but rather to serve the interests of providers and payors. The law hardly mentions consumers. He urged that the administrative simplification provisions make bills easier for consumers to understand.
Heidi Tom, Asian and Pacific Islander American Health Forum
The Health Forum has always used data heavily in its work on behalf of its constituents. Ms. Tom called attention to three fundamental data issues: the need for culturally and linguistically sensitive approaches, with awareness of how people's belief systems affect their ability to give accurate information and informed consent; the importance of a community perspective in terms of both assessing the health of the community and working in partnership with the community for data collection and health care delivery; and including adequate diversity and ethnic representation in the data systems. Ms. Tom noted that traditionally underserved populations tend to have the least data describing them, and adequate detail is needed in statistics to identify the relevant differences among various national groups.
Dr. Jean Campbell (mental health consumer)
Dr. Campbell is a researcher and has held several posts in mental health agencies and advisory bodies. Among other projects, she is working on the revision of the ICIDH. She said the many roles in which she tries to help implement what she advocates create a balancing act, and she noted that the balancing of individual and societal concerns has been a theme of this hearing. She added that researchers and data managers are not necessarily motivated by social benefit and can themselves be moved by self-interest.
Dr. Campbell observed that the most compelling argument for data linkage is the potential for improving clinical care for the individual. However, this is an unproven assumption that needs to be investigated. She echoed the observations of the previous day's advocacy panelists that data systems can be a barrier to people seeking services, especially when they have stigmatized diseases. Even ending discrimination may not make those issues disappear. People with psychiatric diagnoses face the most severe stigma and stereotypes, not just from the public but from people in the health care system. Therefore, the views of service recipients about the proposed regulations must be considered.
Mental health consumers are organizing "to stop the reform" process that is "paving the way" for the dissemination of their mental health records. Dr. Campbell shared some of their concerns and recommendations. Consumers need and are entitled to access to their data. The fact that consumer access is more difficult when records are computerized is an issue that is not being properly addressed. A way must be found to require informed consent for the release of data, and people should be able to opt out without being denied services.
Rita Moya, National Health Foundation
The NHF is a charitable organization improving health care and health through public/private partnerships to address critical issues. It has worked on many administrative simplification projects, in 1993 creating the Healthcare Data Information Corporation to facilitate data interchange and recently a Center for Health Information Technology. The organization evaluates all information technology in terms of its impact on consumers, whose voice is often not represented in consensus- building activities around standards.
NHF spent three years working with a volunteer group to develop guidelines for public policy on privacy protections. They identified basic assumptions, including the individual right to privacy, to review corrected data and to access audit trails, and asserted that electronic data transfer should not occur without the presence of systems to support verification of appropriate informed consent and confidentiality protection. The SSN is recommended as the identifier. Ms. Moya enumerated the group's specific recommendations on confidentiality, including the requirement that access to person-identifiable data only be given when confidentiality protections are assured and the purpose is in the public interest. She stressed the NHF's experience that the effort to forge consensus, while difficult, is an essential part of finding workable solutions and the will to implement them.
Ms. Frawley clarified with Dr. Campbell that mental health consumers generally do not agree with the American Psychiatric Association position that access to their records should be restricted for mental health consumers. Dr. Campbell reiterated that mental health consumers, among others, need to be central to this process, not marginal.
To a question about the OMB race and ethnicity categories, Ms. Tom said her organization supports the maintenance of the nine categories listed in OMB Directive 15.
Mary Ann Louri, PacifiCare Health Systems
PacifiCare is a network model managed care organization. Ms. Louri focused on confidentiality and privacy, describing some of PacifiCare's efforts to ensure security and confidentiality of member information. After noting the many data uses that do not require individually identifiable information, she enumerated some that do. She encouraged the Committee to continue its efforts to promote efficiency and security of the health information infrastructure, so that managed care organizations and other legitimate users of individually identifiable information continue to have access to it while people's privacy and confidentiality are protected.
Dr. Michael Ralston, Kaiser Permanente California Division North
Dr. Ralston emphasized three points from his written testimony. First, there should be strong protections against improper disclosure by health plans of information on individual members and providers. There is a significant difference between individually identifiable information and individual level data without identification. Disclosure of the former should be carefully restricted, and data should not have identifiers that could lead to violation of privacy or harm to the individual. The overriding guideline should be the protection of the individual against disclosure to parties not involved in clinical care or its evaluation. Second, Kaiser Permanente believes EDI will be beneficial. It is concerned that the HIPAA legislation may undermine the motivation to exchange information electronically or standardize tape formats. Finally, movement is needed toward standardizing both clinical and administrative information that is moved electronically, but there also needs to be flexibility to recognize the different levels of maturation of the various components of the health care delivery system.
Kaiser's concerns particularly revolve around the cost of legislated change, the relevance of what is required, the potential to misuse or gain unauthorized access to information, and the need for flexibility as the system evolves.
Dr. David Hopkins, Pacific Business Group on Health
The PBGH is one of the most active employer coalitions in the country. Because two-thirds of all the covered lives in the PBGH network are enrolled in HMOs, PBGH formed a negotiating alliance in 1994. It has done a variety of quality studies, leading to efforts to improve health care information systems. Its data initiative developed a three-part vision involving computer-based patient records, open-architecture systems, and built-in real-time feedback mechanisms. The Business Group also has involved a core group of managed care stakeholders in a commitment to build a data infrastructure, with a short-term focus on adopting unique patient and provider identifiers and uniform data standards. PBGH is exercising its leadership in getting employers to use ANSI enrollment standards.
Dr. Hopkins stressed that for all these initiatives, the private sector is dependent on the federal government to make key decisions. He offered the following recommendations:
The discussion with this panel focused on provider and group identifiers for today's market (per Dr. Hopkins' comments) and the need for protections against improper employer requests for disclosure. Other topics were provider confidentiality protections, distinctions between research and evaluation and their implications for the use of data and IRBs, and the limitations of current procedure coding.
In response to a question, Dr. Hopkins said the Federal Employer Identification Number seemed workable for employers. He and others elaborated on comments about the need for a system for group identifiers. Ms. Louri said there are structural effects on physician behavior as a function of group membership. Dr. Ralston pointed out that this is a new level of aggregation that is not apparent elsewhere in the country but is critical in California. The relationships are not fixed, and the linkage needs to capable of change. A plan ID would not be applicable because of variations within plans at the group level.
Dr. Cohn raised the issue of employer requests for individually identifiable health care data and asked for suggestions on how the Committee should advise the Secretary on this. Dr. Hopkins asserted that except for worker's comp and disability issues, employers do not want individually identifiable information, but only aggregated information to look at trends. In response to a later question from Mr. Gellman, he said he would support a rule that did not permit employers to get individual data on employees.
Dr. Ralston said his plan has "an extraordinary problem" with employer groups asking for individually identifiable data, which they refuse to divulge. There is a large potential for misuse, and it would be "highly desirable" to have standards for what is inaccessible. Ms. Louri said her group takes a strong position about not sharing individual level data with employers. Dr. Campbell commented that regardless of the actual practice of providers, many consumers continue to believe that their data are not secure. She urged the Committee to take proactive steps to win the public's trust. If consumers believe they have input into the process, they will be willing to take risks. Dr. Detmer noted the Harris Equifax data that 25 percent of the population are "privacy fundamentalists," 45 percent are "privacy pragmatists," and 20 percent have no opinion or concern about the matter.
Dr. Iezzoni shifted the conversation to confidentiality protections for providers. It was noted that some outcomes research identifies individual practitioners. The general feeling was that physicians deserve the same safeguards as patients, and that key information can be conveyed in the aggregate. Ms. Coltin noted that an MPI would permit the pooling of data across health plans and allow sample sizes large enough to produce provider-level quality data, and this is what consumers want. Dr. Ralston suggested a consensus process about the public policy question of what is made public.
Ms. Coltin pointed out that outcomes research often requires individual data so patients can be contacted about outcomes. Dr. Hopkins suggested that this contact not be made by the employer but by the provider or, preferably, a third party. Dr. Campbell noted the burden imposed on patients by the requests for self-reported assessments.
Mr. Scanlon generated a discussion about distinctions between research projects and quality assurance activities and their respective uses of data and of IRB oversight. Dr. Campbell commented that sometimes, institutions will reclassify research as quality assurance or evaluation to avoid going through an IRB. Dr. Detmer noted that this issue needs to be investigated.
In response to a question, Dr. Ralston said his organization believes existing procedure coding systems are not adequate, especially for assessing and improving clinical care. Dr. Hopkins agreed, and noted the need to speed up the transition process.
Dr. Detmer thanked the panelists, and introduced the next group.
Denise Love, Utah Department of Health
Ms. Love directs Utah's Office of Health Data Analysis, and also chairs the Board of NAHDO. Having been through a similar effort, she offered her state's assistance with the Committee's work on standardization, which she noted is "a never-ending, iterative process." She pointed out that national policy is applied locally, and thus it should be flexible so it works for the states. Some states already have found ways to address policy issues such as balancing proprietary tensions with the public's need to know. Many Utahans are concerned about whether HIPAA is flexible enough to allow the state to move forward with its progressive EDI effort, and whether federal privacy legislation might restrict current public health practice.
On another issue, there is concern about HIPAA's causing a regression to "a bare bones billing system" after some 40 states have developed hospital discharge data bases. They do not want to have to re-fight old battles.
Ms. Love recommended that "a middle road" be found between the minimum transaction standards advocated by the billing community and the detail desired by researchers. Further, initial efforts around EDI, identifiers, and so on should be kept simple. The needs of the industry must be balanced with those of the states. Federal policies should be kept flexible. She called for federal privacy legislation that provides a framework that states could tailor to their own needs, with model legislation to help states update their statutes. She noted that the HHS workgroups are entirely federal in makeup, and somehow state perspectives must be brought into the mix.
Dr. Richard Peters, ASTM
Dr. Peters highlighted three areas where ASTM standards are being developed: security, privacy, and identifiers. ASTM is building a security framework in conjunction with the HL7 security group. It is developing a standard for rights of access and disclosure in conjunction with CPRI. On identifiers, it has a standard being implemented by the Veterans Administration that is an alternative to the SSN. Dr. Peters said the identifier, which is not specific to the individual or type, addresses the concerns raised by Dr. Hopkins and others about the complex interweaving of providers and organizations. ASTM recommends that the task of developing identifiers be turned over to the private sector, thereby saving money for the federal government and making money for private interests. ASTM standards are very strict in terms of privacy and confidentiality, and they are believed to be technically feasible, affordable and adaptable. Dr. Peters noted that the opposition to them is coming from information systems and information management vendors in the claims industry, stemming from their concerns about losing market share and about the cost of the changes. He predicted that if standards have teeth and are backed by federal regulations, the "bump in the curve" in cost will ultimately reduce the cost of services.
Kathy McCaffrey, California Office of Statewide Health Planning and Development
The OSHPD does surveys and collects data on financial information and facility profiles. Its large discharge data base uses an encrypted SSN to protect confidentiality. Data are used in the aggregate for trend analysis and outcome measures. California has stringent confidentiality laws. On HIPAA, Ms. McCaffrey noted the many application and implementation issues, and the difficulty of foreseeing the impact because of its breadth. She wondered how it would affect her state, which collects more detail than will be covered by the standards. She described some linkage studies and state's stringent confidentiality protections. On coding changes, her office advocates a single procedure coding scheme. Ms. McCaffrey stressed that her office supports standardization and would like to participate in the work groups where the details are being worked out.
Jim Loyd, Texas Health Care Information Council
The Council is a new state agency charged with collecting data from HMOs and from hospital discharge data records. Mr. Loyd stressed the need for the Committee to distinguish between political and technological issues, and asserted that its HIPAA-related concerns are the former. If the political will is there, the technology exists; conversely, political problems cannot be solved with "technological bandaids." He suggested that Congress has asked the Committee to solve political problems on which it (Congress) has foundered. In principle, everyone is in favor of administrative simplification, but "not in my backyard." To make the standards effective, he urged that exemptions be minimized. Further, it is preferable to "push forward from the top down" rather than the opposite. Mr. Loyd questioned whether the Social Security Administration will agree to the use of the SSN as a unique identifier. Regarding confidentiality, he called for strict civil and criminal penalties for violations of access and use of data.
Dr. Lumpkin asked for comments on procedure coding, and Ms. Love said it will eventually make sense to convert to a single system, but in the short run it is better to build on and crosswalk the existing systems. To another question, both Ms. Love and Ms. McCaffrey said their states do not use the UB92.
Asked to explain her comments about federal privacy legislation, Ms. Love said the concern about the Bennett Bill is that it lacks enough flexibility to accommodate public health practice or industry practices. A "one-size-fits-all law would not work, especially given the difficulty of defining public health to distinguish it from other activities. Regarding her earlier point about model legislation, Dr. Detmer pointed out that it already has been available and has not been picked up. She said states are loathe to reopen the subject with state legislatures, for fear of losing even more ground. Mr. Gellman said the Bennett Bill in fact does build in flexibility, and it is difficult to deal with health privacy in a piecemeal way. Ms. Love suggested "very intense state briefings" on future federal legislation, and added that she is not opposed to uniformity through a federal statute.
Ms. Iezzoni praised California's data from researchers' perspective, and said it works fine for her research without having individual identifiable information. She asked how the state deals with the complexities and limited budget present in Los Angeles County, with such things as its diagnosis code flags. Ms. McCaffrey said some hospitals are given exemptions, and it is too early to know how well this data collection is working. In general, they know the issues and do a lot of "hand-holding" as well as carrying on a broad effort to educate people.
Ms. Love reiterated her call for incrementalism in data collection, an approach that has worked in Utah.
In response to Mr. Loyd's question about the acceptability of the SSN, Mr. Scanlon explained that the Social Security Administration will accept the will of Congress and the American people, even if it departs from its policy of not using the SSN as a national identifier. He noted that it has already been used in other federal programs, such as to track deadbeat dads. Mr. Loyd said the information services people he talks to say "let's get something from HHS and get on with it."
Ms. Coltin asked about the potential of the MPI in respect to institutions and payer ID. She described the experience in Massachusetts, and asked about other state experiences. Ms. McCaffrey said California shares information between medical and public health and is working toward an ID number for all facilities. Ms. Love said hospitals are fewer in Utah, and are identified by name. A payer field would help states a lot, she said. On another subject, Mr. Loyd suggested that hospitals and HMOs be given confidentiality protections from subpoenas.
Dr. Detmer thanked the panelists for their contributions.
Ann Geyer, Healthcare Data Information Corporation
Several HDIC members have already testified at the hearings. The organization promotes access to data, and also has been active on privacy and confidentiality, particularly patient consent. Its members call for the strictest possible privacy provisions and believe the acceleration of electronic transactions without such provisions would compromise patient rights. HDIC urges the Committee to assert national leadership and work against state-based approaches to confidentiality protection and other matters. HDIC members are not in agreement about using the SSN as a unique identifier. HDIC is looking at various approaches, and favors something similar to that advocated by ASTM. HDIC's health plan members are looking for a workable MPI solution, and finding it very difficult; Ms. Geyer said this is not the right time to expand that. HDIC has a priority objective around administrative simplification through increased EDI. After two years of work, it is just starting to implement ANSI standard transactions, and finding it very costly and difficult. She urged the Committee to establish one standard per transaction.
In addition, she asked that standards bodies be directed to create implementation test data sets as part of the certification that a standard has been implemented; that independent agents act as mediators in the event of disputes over implementation; that trading partner contracts determine who pays for this option; and that several agencies perform this role.
Dr. Tom Trabin, CentraLink and Institute for Behavioral Health Care
Dr. Trabin's organizations sponsor continuing and executive education conferences and publications for the behavioral health care field. He noted that this perspective extends beyond that of providers. Regarding confidentiality, he stressed the quandary caused for therapists by the clash between the high standards to which they were trained and current liberal disclosure practices and open-ended consent forms under managed care. Although it is not feasible to have a separate form for every exchange of information, he suggested 1) requiring managed care companies to periodically report to patients on the number of reviews of their charts, by whom and for what reason, and 2) requiring a special consent for non-routine reasons for having access to the patient record. He added that even accreditation requirements, while serving worthwhile purposes in many ways, sometimes require undesirable intrusion into private records. Other threats to confidentiality are the Explanation of Benefits sent to subscribers even when it is their family members who receive the care, and employers' ability to see detailed claims. Dr. Trabin called for clear governmental regulations in these areas, as well as in the area of common data sets, to lighten the paperwork burden on providers. He also urged that mental health and substance abuse records receive special protections, not by completely separating the data from medical records, which need to be integrated, but by giving them stronger security. He also encouraged regulations to define limits to patient record access for accreditation purposes so that quality of care can be enhanced with patient privacy preserved.
Gretchen Swanson, Swanson & Co.
Ms. Swanson's company does outcomes management, focusing on functional outcomes. She focused her remarks on encouraging the Committee to add a functional variable to the core data set, and to consider using the ICIDH for this purpose. Health care has relied unduly on the ICD, which may have been appropriate in the past. But given that services are strongly related to functional status and that an increasing proportion of the population has chronic conditions, the reason for service should be outlined and categorized.
Ms. Swanson described the ICIDH, which was developed as a companion to ICD and is currently being revised. By characterizing function, it indicates a need for service and makes it easier to triage people and to plan care. She stressed that it is a classification system, not a measurement tool, and it allows providers and payors to understand their client populations. Change of function over time can be monitored. The use of ICIDH has demonstrably reduced the cost of documentation and improved the quality of care. One hurdle to acceptance is that people collect functional data in different ways, and that simply having the data in a medical data system is a new idea. Some people are concerned about professional acceptance, but she has seen a positive response from professional groups.
David Manigault, COHR, Inc. and Healthcare EDI Coalition
The divisions of COHR, Inc. include biomedicine and group purchasing. The Healthcare EDI Coalition (HEDIC) contains 23 multi-hospital groups, representing 5,000 facilities, all dedicated to solving EDI problems using ANSI standards. Mr. Manigault said there is a lot of flexibility within an ANSI standard, and every combination of trading partners has to work out their transactions. HEDIC put together study groups to decide these issues in groups. He described COHR's experience with the 835, a "standard" that has been beneficial to hospitals, and he urged that forthcoming solutions include an interface device. He also reminded the Committee that "at the hospital location, they're not technical jocks," so the solutions should be simple and inexpensive. Noting that EDI will cause displacement of data entry workers, he suggested finding ways to reeducate them.
Pat Forbis, CMT, American Association for Medical Transcription
AAMT, the only professional association for medical transcriptionists, supports the patient's right to confidential, private, secure health care documentation, essential preconditions for quality care. Ms. Forbis chairs the ASTM Subgroup on Confidentiality, Security and Privacy. She noted the lack of understanding, amid the debate on confidentiality and security, of the process of dictation and transcription. This industry is growing, both because of the increased demand for information and because many providers prefer not to enter healthcare date themselves. Meanwhile, forces such as downsizing and outsourcing have resulted in "one of America's hottest new industries": medical transcription. She stressed that it is an unregulated $15 billion industry that has the potential to compromise the confidentiality and security of health care information and patients' privacy.
Ms. Forbis contrasted the secure environments and practices of a decade ago with those of today. She stated that it is not uncommon for dictated healthcare information to be outsourced to medical transcription services or individuals about whom little, if anything, is known, nor is it uncommon for dictated healthcare information to be transmitted across state lines and to English- speaking foreign countries. Some transcription services are becoming data repositories and looking at how to market the information they control. She assured the Committee that there are hundreds, if not thousands, of highly qualified and reputable home-based transcriptionists and services.
AAMT therefore recommends that information release forms include information about where documentation is stored, who controls it, and the patient's right to review it. Reasonable efforts should be made to explain how the information will be used. The development and adoption of quality assurance standards for dictation and transcription was encouraged, and standards to assure the protection of stored healthcare information and restrictions on marketing such data were encouraged. The Committee was urged to adopt the ASTM standard on security and confidentiality of transcribed health records. Finally, AAMT supports to adoption and enforcement of criminal and civil penalties for violations as outlined in the current legislation.
Dr. Barbara Simons, U.S. Public Policy Committee of the Association for Computing
Dr. Simons began by commenting on the statements of previous panelists. She asserted that the problems being addressed require both political and technical solutions, and she suggested that technology can help make inappropriate access very difficult, possibly reducing the need for legal measures to prevent access. She encouraged the Committee to call on ACM for disinterested technical assistance as it moves forward. She then discussed the current threats to confidentiality, noting that twelve categories of information seekers outside health care have access to health care records and calling special attention to the latitude of insurance companies as evidenced by a letter from the Medical Information Bureau. She stressed that it is far easier to build security into a new system than to try and graft it onto an existing one. She criticized the notion of using SSNs for unique identifiers, noting their lack of security and uniqueness. Finally, she urged the Committee not to "just to inch your way along" in providing leadership on privacy protection.
Mr. Gellman asked for comments on how the Committee should approach its recommendations about individual identifiers, given the imminence of great technological change. Panelists had no specific advice, but Ms. Geyer said the industry needs to recognize people's varying comfort levels with disclosing information and find technologies that accept those constraints.
Asked to comment further on her concerns about medical transcription, Ms. Forbis observed that the field is very outcome oriented today, and liable to overlook process issues. She noted that medical transcription is a home-based business, and while many of those doing it have great integrity, "a sleaze factor has been introduced" into the industry and measures must be taken to make sure it does not spread. Ms. Frawley pointed out that this home-based industry has existed for 25 years or more; the issues now are the volume of information flow, the lack of disclosure about how the work is done, and the huge databases that companies now control and think they can market. Ms. Forbis said one question is which nation's laws apply when work is sent overseas. It was suggested that those who contract with service vendors should be held accountable for the security of the information. Dr. Detmer added that international information exchange is a reality today, and ways must be found to set international standards. Mr. Gellman said one proposed bill has a provision that medical information cannot be sent to a country that lacks protections equivalent to those in the U.S.
Commenting further on the need for flexibility, Ms. Geyer said that in the entire domain of access to information, agreement should be reached on the core issues and local decision making should be maximized.
Dr. Iezzoni and Ms. Swanson discussed the nation's failure to implement the ICIDH, noting that the lack of a "national intent to monitor function" has led to several individual solutions such as the MDS. Dr. Trabin said behavioral health outcome measurement is increasingly oriented to functional measures.
Reflecting on the foregoing discussions, Dr. Detmer observed that the panelists have challenged the Committee and the government to be more proactive than is typical of "the way America makes policy." He thanked the panelists, and introduced the final panel.
Dr. Oliva, Family Health Outcomes Project, UCSF
Dr. Oliva described California's development of a unique client identification and its approach to confidentiality issues in this area. The effort began in 1991 with a legislatively mandated committee, and in 1992 her project was given a contract to develop the methodology. Ultimately, a set of core data elements was recommended for uniquely identifying individuals across the services of several agencies, with confirmatory elements to identify and locate clients. A larger set of elements is to be used for case management and inter-agency information about the client. These were done in the form of EDI standards, based where possible on ANSI. She described the process leading up to these recommendations and the options considered. The recommendations were endorsed by the California Inter-Agency Data Collaboration Project and the CHIPP Project (see Mr. Kassis' presentation, below).
Tested in respect to more than 600,000 birth records, the five core data elements yielded a 99+ percent match. Dr. Oliva contrasted this with hospital discharge data using Social Security Numbers, in which only 46 percent of San Francisco Hospital data and 44 percent of state hospital discharge data had useable SSNs.
The project has now developed the Common Application Transaction System in California, a front-end registration and eligibility system for primary care and family health programs. It has been pilot tested in Orange County, where few patients refused to provide the core information. Patients sign a consent form that says who will have access to their information and where it will reside.
Dave Schinderle, St. Joseph Health System
This system has ten hospitals, nine in California, with integrated delivery systems. Mr. Schinderle stressed that as an agent of an HMO that processes claims, the System is defined as a payor. The 300 or more provider organizations in California that pay claims on behalf of HMOs offering Medicare risk contracts also are really payors. This is an educational issue that needs to be addressed with providers, who need to understand that impending regulations will affect them.
Mr. Schinderle noted that although the X-12 process has been excellent, the data sets change constantly and should be frozen for a period of time. On the personal identifier, his organization recommends that the SSN be used in the interim. St. Joseph's has taken similar steps to those in Dr. Oliva's research, with similar results. Vendors have been slow to adopt the standards, thus delaying hospitals' ability to resolve application system issues. He endorsed the idea of a certification process for independent testing services, to accelerate the implementation process and ensure uniformity.
In the claims area, he cautioned against "pulling the plug too early on the current flat files," before payors and clearinghouses have uniformity and standards are thoroughly tested. His group recommends allowing the continued use of the current claim transaction for about three years, and it also asks the Secretary to consider formalizing an implementation process. Regarding security, he asserted that the technology exists; "we just need to pick one and go with it." He also recommended that no exemptions to uniform standards and processes be permitted, and he expressed concern about the proposed two-tier implementation, favoring instead letting the deadline slip to 30 or 36 months. Further, training programs should be established for all industry segments, with increased penalties for failure to comply. He urged the Committee to concentrate on administrative transactions now, and the Secretary to create technically oriented advisory groups to provide ongoing feedback.
Mike Ball, California Health Information Association
CHIA is the state chapter of AHIMA. Expanding on the April testimony about clinical coding and classification by AHIMA's president-elect, Mr. Ball called special attention to two issues: the lack of access to published coding guidelines by medical records personnel, and insurance companies' arbitrary refusal to reimburse certain valid codes. He recommended that HCFA health care facilities be required to subscribe to BHA's coding clinic or use a software solution that incorporates that information.
Responding to the Committee's questions, he said CHIA anticipates extensive educational work to prepare its constituents to enforce the regulations. The computer-based patient record is the best way to balance clinical, payment, and privacy needs; however, the cost of this solution is borne entirely by providers, and government should offer funding to offset it.
Mike Kassis, California Health Information for Policy Project
CHIPP is one of seven state information projects funded by Robert Wood Johnson. It began in 1993, and its activities have included an inventory of government health databases and several useful file linkages, including one between hospital discharge data and birth data. Mr. Kassis recommended using a core set of data elements for the individual identifier, not including the SSN because "it doesn't work." He offered to work with the Committee to implement California's core data set, if that is its recommendation.
CHIPP also suggests the adoption of an accreditation standard for health data operations, which it believes would generate confidence in health information systems. To ensure consumer input, every major health data organization, to be accredited, should have a body of representatives that includes consumers. The best protection for information is to keep it in the public eye. CHIPP believes informed consent should be required for disclosure of information that affects individuals' lives, but not for things such as collective hospital discharge data. For research, IRBs should be used rather than consents. Stronger sanctions and protections are definitely in order, and Mr. Kassis noted that California is taking steps to strengthen them. Finally, he stressed the need for consumer education, possibly in high schools, about the uses of health information and how the public benefits from them.
Dr. Tony Nespole, California Medical Review, Inc.
Dr. Nespole noted that CMRI is the only physician membership organization to speak at these hearings. Its primary work is quality improvement, and it does Medicare peer review work in California for HCFA. It strongly advocates administrative simplification and standardization. Dr. Nespole stressed the need to expand the list of mandatory data elements extracted from the medical record, notably adding race and ethnicity to the UB-92. He then described CMRI research project that showed varying and potentially important differences between the Medpro file and medical record data, demonstrating the need for routine checks on the validity of Medicare data. The same applies to non-Medicare data. CMRI recommends routine unannounced audits or other accreditation systems of health care data practices and procedures. In addition, confidentiality protections should be in place before computerized patient-specific information is available for analysis. Existing state and federal laws are weak and do not protect how information is handled. The rights of the physician are often overlooked in consideration of confidentiality issues, and Dr. Nespole outlined some of physicians' fears about misuse of their data and its consequences. CMRI urges the Committee to recommend due process for physicians before they are deselected by health plans because their practices are too costly. In general, it urges the Committee to be bold in its recommendations, so that providers' and patients' rights are protected.
Mr. Gellman questioned Mr. Schinderle about the assertion in his written testimony that the health care industry has "an excellent track record" in protecting privacy. He noted that the only published investigations in North America (Denver, 1976 and Canada, 1980) showed widespread abuses and lack of control. Mr. Schinderle acknowledged there are no independent studies to confirm his feeling that the industry takes adequate care of patient records. Mr. Kassis repeated his recommendation for accreditation to improve practices and bolster public confidence. Both Mr. Gellman and Ms. Frawley expressed support for the idea. Ms. Frawley noted that the National Research Council found that organizations have no data to validate their claim to be safeguarding confidentiality. The industry needs to develop standards in this area and hold itself accountable. Dr. Mor suggested that JCAHO, or something like it, might be an appropriate mechanism.
Asked about incentives, Mr. Schinderle said he had tax incentives in mind, and/or other ways of compensating for the up-front cost of conversion. He added that the costs are offset by savings in a ratio of about 4 to 1. Dr. Oliva said the vendors she has talked to welcome standards and expect they will cut costs. Mr. Kassis cautioned that incentives could motivate vendors to cut corners in order to meet deadlines, and Dr. Mor observed that they penalize those who do the re-engineering on their own. Mr. Schinderle said the vendor community has been unwilling to respond to Californian managed care needs because the other 49 states don't need the software yet; now the hope is that the legislation creates the critical mass to move the vendors to change their systems to make electronic commerce possible.
Dr. Iezzoni raised the subject of non-fraudulent coding problems stemming from honest disagreements or mistakes. Dr. Nespole said incentives to improve coding practices must come from goals and "carrots." Mr. Ball noted that coding will not improve as long as it is done by the lowest paid, highest turnover position, the hospital admission clerk, and/or until there is a national language.
Dr. Detmer pointed out the need for a national strategy for the health component of the national information infrastructure, including the computer-based record, help facilitating its dispersion, and financial incentives as well as privacy, confidentiality and security provisions and data dictionaries. These factors coalesce as part of a public/private national strategy. He thanked the panelists and organizers, and invited those wishing to make public comment.
Dr. Phillip Marshall, a public health and preventive medicine resident, thanked the Committee for defining core data elements and (in advance) for recommending "general expectations" for security and privacy. He urged that legitimate research not be impeded by heavy constraints on data access.
Claudia Tessier, CAE, CMT, RRA, of the American Association for Medical Transcription speculated about why the banking industry is ahead of the health care industry in its use of information technology. The banking client has more control over financial data and thus holds the banking industry accountable, and this has led to more progress in the use of technology. She therefore suggested increasing client control and institutional accountability in health care.
Dr. Marcia McClure of MMI noted some ambiguities in HIPAA, including the need for a definition of the purpose and scope of electronic data interchange as distinct from electronic commerce, and the nature of a small plan. She asked who will pay for the technical assistance the Secretary is directed to provide, and who will evaluate compliance. She urged that standards be easily accessible and that a mechanism be established to report on successes and barriers to implementation.
Dr. Detmer remarked that the Committee intends to keep to the HIPAA timeline, and the Department has been taking its role very seriously. He urged the panelists and others to contact the Committee by e-mail if they have specific advice.
To her previous testimony, Ms. McCaffrey added some comments about data quality along with encouragement to the Committee to move vendors forward. She described her unsuccessful efforts to interest vendors in developing on-line edits for California, with one vendor bluntly declining because "it is not a demand." She noted that part of what Dr. Nespole was talking about is "flat-out wrong information getting combined." Dr. Iezzoni congratulated the state for routinely doing studies to look at data quality, and for training hospital data people.
Dr. Detmer invited committee and staff members to make final comments. Ms. Frawley thanked the organizers of this meeting, at which 44 people have testified, and she expressed particular interest in the ideas for a unique identification system. Dr. Mor said he was encouraged by the unanimity about the singularity and uniformity of code sets and standards, and by the widespread emphasis on confidentiality.
Ms. Greenberg expressed satisfaction at the opportunity to hear from more Westerners and encouraged them to continue to apprise the Committee of their concerns. She noted that the proposed rules and Committee recommendations will be published in the Federal Register, with an opportunity to give input. Mr. Scanlon noted that the Committee had gained insight into what works "on the ground," in a state that has passed a medical privacy law and is "deeply into EDI."
Ms. Coltin said she appreciated the cross-fertilization of ideas across issues. Mr. Lumpkin noted the merits of the notion of a maximum data set. Appreciation was expressed to Carolyn Rimes, Lynnette Araki, and Bette Darling for their work on the meeting.
I hereby certify that, to the best of my knowledge, the foregoing summary of minutes is accurate and complete.
| /s/ Don E. Detmer Don E. Detmer, M.D., Chair | October 11, 1997 Date |