NATIONAL COMMITTEE ON VITAL AND HEALTH STATISTICS
PERSPECTIVES ON PRIVACY, CONFIDENTIALITY, DATA STANDARDS AND MEDICAL/CLINICAL CODING AND CLASSIFICATION ISSUES IN IMPLEMENTATION OF ADMINISTRATIVE SIMPLIFICATION
PROVISIONS OF P.L. 104-191
June 4, 1997
Morning Session
Federal Building
450 Golden Gate Avenue
San Francisco, California
Proceedings By:
Tigerfish Transcribing and Editing
653 Francisco Street, Suite 4
San Francisco, CA 94133
(415) 474-5575
P R O C E E D I N G S
DR. DETMER: Good morning. I'm Don Detmer. I chair the National Committee on Vital and Health Statistics. I started to say in my normal life, although my normal life, it seems like, is chairing the Committee on Vital and Health Statistics. I'm at the University of Virginia. In any event, my wife hopes that will be true one day.
Now, we're pleased to start the second day of hearings. And what we'll do is do much of the basic run that we've started today with yesterday. Go through the introductions. We do have at the end of the day an opportunity for anyone in the audience to make a statement. And we'd like for them to sign up on the book back there in the corner, around the corner, if they choose to do that.
I think all of us, speaking for the committee yesterday, felt like this was a very worthwhile day, and worthwhile visit, and we're looking forward to today's program as well. I will be reminding all of the panels today that I'd like very much if they'd really try to discipline their introductory comments to absolutely no longer than 10 minutes, because we've got enough tightness in the schedule that if not we won't have a chance to dialogue with you, which we also find very, very helpful.
There are, as you know, opportunities for you to submit written testimony as well, so that we can get additional comments and thoughts from that as well.
So, with that I will ask Marjorie to introduce herself, and then we'll go on around the room, first the committee members, next, people here from government, either from Washington or from the offices out here in the west. And then the general audience as well.
Marjorie?
MS. GREENBERG: I'm Marjorie Greenberg from the National Center for Health Statistics, and I'm the acting executive secretary of the committee.
MR. MOORE: I'm Vince Moore from Brown University.
MS. FRAWLEY: Kathleen Frawley, vice president of legislative and public policy services for the American Health Information Management Association.
MR. GELLMAN: I'm Bob Gellman. I'm a privacy and information policy consultant in Washington.
DR. COHEN: I'm Dr. Simon Cohen. I'm with Kaiser Permanente and a member of the committee.
MR. SCANLON: I'm Jim Scanlon from the U.S. Department of Health and Human Services. I'm the executive staff director of the committee.
MS. COLTON: I'm Kathy Colton. I'm Director of Clinical Measurement Systems at Harvard Pilgrim Healthcare in Boston.
DR. LUMPKIN: I'm John Lumpkin. I'm director of the Illinois Department of Public Health.
MS. IEZZONI: I'm Lisa Iezzoni. I'm in the division of general medicine at Beth Israel Deaconess Hospital in Boston.
MR. BRAITHWAITE: Bill Braithwaite. I'm the [unintelligible] Health and Human Services [unintelligible] the office of assistant secretary [unintelligible] evaluation [unintelligible].
MR. SMITH: [unintelligible] Smith. I work for the Healthcare [unintelligible].
MS. BALL: I'm [unintelligible] Ball. I also work for the office of [unintelligible].
MS. ARAKI: I'm [unintelligible] Araki. [unintelligible].
DR. DETMER: Any of our guests?
MR. NADELL: My name is Benson Nadell. I'm the program manager here in San Francisco for the Long Term Care Ombudsman Program.
MS. TOM: Heidi Tom of the Asian and Pacific Islander American Health Forum.
MS. CAMPBELL: Jean Campbell, research assistant professor at the Missouri Institute of Mental Health.
DR. DETMER: Thank you. I appreciate everyone being here. I also wanted to thank, I did it yesterday, I want to do it again today, so that everyone that missed yesterday knows how much we appreciate what the California Office of Statewide Health Planning and Development contributed to this, as well as Healthcare Data Information Corporation, and Kathy McCaffrey, and Ann Geyer, we appreciate that.
Before we introduce, I mean before we get to our first panel, I did want to let Dr. Iezzoni, she chairs our subcommittee on population specific issues. We're going to hear, we heard from one advocacy panel yesterday, and I'd like for her to make some comments.
MS. IEZZONI: Yes, we're really excited about the hearings that we had yesterday, and hearing from you all this morning. We're very interested in making sure that populations that sometimes in the history of our country don't quite make it to the table, that you all do make it to the table, for us getting input from you about this administrative simplification provisions. So we're happy to have you here, and we hope to have a nice dialogue with you.
DR. DETMER: Okay. I think, I don't know which of you would like to lead off, but the floor is yours.
MR. NADELL: I'll start. As you know, the ombudsman program nationwide represents the interests of residents of long-term care facilities, specifically those in the demographic cohort 80-plus who are frail and vulnerable. And our authorizing legislation is federal as well as state. And it's the Older American Act.
And there is something interesting in the Older American Act that gives us authority that's rather broad-based. We can represent residents in the terms of complaint investigation that result from actions or inactions of facilities, private agencies, conservators, as well as other governmental agencies that have adversely affected these residents, either through their actions or inactions, in terms of the following parameters. Affected their safety, their health and welfare, as well as their rights.
So that I thought I could make some kind of comment today representing the rights of our clients, to the extent that I understand how they might be affected by the proposed regulations today.
I have to say that I have not read the entire Portability bill. I was hoping to get the context within which to make these statements about the proposed regulations about coding and billing and all that kind of thing. So if I seem to appear not to know what I'm talking about, it's because I think I perhaps represent my clients. And that'll be one of my key points.
I'd like to read what I've written rather than just be extemporaneous, because I think that's the easiest way for me to proceed.
Nursing home data and outcomes. Since the federal standards, derived from OBRA 87 for nursing homes, have been in place, there have been standards for determining outcomes, rather than process, of quality of care and quality of life. These standards are national for all certified skilled nursing homes.
The key to determining quality of care outcomes is a standardized assessment instrument, to be updated as needed, which shapes individual care plans. This MDS, or minimal data set, is for all care, not just single, diagnostically driven care. That is, it is the assessment process itself that is standardized within a set of operational definitions for each level of care. And it's also comprehensive in that it includes all care needs, not just those covered by Medicare.
And let me interpolate here that I think that one of the keys issues is whether client need is going to be part of this data collection system, or is it just going to be a matter of billings? And whether or not it's going to be Medicare-driven information, or whether it's going to be driven from the totality of care needs.
"GIGO." One concern I have with the consolidation of information is that the same limited information will be portable without the whole set of care needs being accessible. It is possible that the coding will only be a modification of DRG categories, assuming we're talking about Medicare here, with varying degrees of collapsed information. This will exclude important consumer information from any retrieval. To put it in blunt terms, "GIGO," garbage in, garbage out. Just because certain aspects of care are not covered by Medicare should not mean that information should only pertain to what is covered.
Some recommendations. That the MDS be used as a standard of assessment across providers so that information is not lost. In other words, to extend this tool from the institutionalized base out into the community, assuming that long-term care is going to be more managed and more evenly distributed across different levels of care. That this used as a model. This would have preventive value in the environment of managed care where future money can be saved by triggering interventions ahead of the curve.
Also, if there is a standardized assessment tool prior to institutionalization, then there will be greater portability of information without any loss. We must recognize that a lot is lost in translation between providers, each of which carves out its own proprietary way of structuring patient data.
Who owns the information? Under both federal as well as state statutes, consumers have the right to informed consent. They have the right to access their own medical records. Although the provider owns the physical records, the consumer owns the contents of those records. This is true in the institutionalized setting of long-term care, but advocates have to continually monitor provider procedures to realize this in practice.
Measures of quality of life emphasize patient involvement in care, and in decision making. However, in the rather abstruse world of providers, this access to information by consumers is not realized. In a recent letter from a PRO, responding to a request for appeal for Medicare continued coverage, permission had to be obtained from the provider to release information to the patient. There is still a pervasive paternalism in health care, that consumers do not have access to information.
There is nothing in the proposed standards pertaining to consumer access to this information. This makes it difficult for consumers and their advocates to appeal denials. Even if the information is incomplete, the consumer should be able to obtain their own health care information, in order to determine the basis on which coverage continues or discontinues.
Electronic autographs are useful. However, in certain contexts, like nursing homes, physician signatures should be conditional on actual contact with patients. To delegate medical observation to less-trained eyes and ears can be risky. Many residents of nursing homes complain they never or rarely see their physicians. The essential communication from the frightened elderly patient and doctor is already minimal. I am afraid that allowing electronic signatures in certain contexts might even more minimize this essential patient-doctor contact. However, for billing purposes it might be as good as long as there are additional safeguards against billing errors.
Privacy. We think the recommendations with respect to privacy of certain health information should be stronger, and not couched in delegatory language. There already exists very strong language guaranteeing the privacy of such information. The problem is not the language but the enforcement of these protections. For instance, in the present and future environment of managed care, can consumers be protected against discrimination of coverage based on determinations by providers over benefit/burden analysis so that treatment decisions are not even offered? Or will information of persons be shared without respect for privacy issues, so that providers are limited as to what they can communicate as treatment options to patients? Will information be shared to make actuarial decisions at the time of enrollment?
Such questions are not satisfactorily dealt with in the section 2649b subjects of recommendations. Whatever regulations are drafted should address existing statutory protections, and should be anchored in the U.S. Constitution and case law for starters.
Consumer access to billing information. Anyone who has helped an elderly consumer of medical services figure out the thicket of bills knows the difficulties involved. The burden is placed on the consumer and their advocates to make sense of how much is owed, what is covered and not covered. Not all can be attributed to infirmity. It is my contention that the reason why bills are difficult to figure out is intentional.
When I first reviewed the proposed regulatory changes for transactions, I made the assumption that the consumer would be the beneficiary of these streamlining efforts. On reviewing my comments above, I realize this was not the intention, except for efforts towards protecting confidentiality. The proposed regulations represent the interests of providers and their concerns around billing procedures, and in standards for transactions between plans. Perhaps these streamlining efforts will save money. I doubt it. As a consumer for a growing segment of elderly wading through shifting decisions of what is covered and not covered, as expressed in billings delivered in their mail, I find myself positioned on their side when reviewing this section of the regulations.
I have to say that the consumer does not have much of an explicit mention in these regulations. I believe that one of the key standards to any streamlining effort of billing, codes, et cetera, is the necessity to make billing detailed, easy to understand, with clear instructions to the consumer as to how to appeal billings. This could be possible, as could real health reform which would benefit consumers, and not just providers and the various payors.
Thanks. And again, my statements are couched in an incomplete understanding of the entire bill. Thank you.
DR. DETMER: Thank you very much.
Heidi Tom.
MS. TOM: Thank you. I am very honored to be included in today's hearings, and to be able to provide testimony this morning.
I am Heidi Tom, and I am project coordinator of the Asian and Pacific Islander American Health Forum. And as a national advocacy organization dedicated to the improved health status of the Asian and Pacific Islander American communities, the Health Forum assures that the health and welfare needs of our communities are addressed through policy analysis, information dissemination, research, and community capacity building activities.
It is with an emphasis on ethnic-specific data that the Health Forum is able to advocate for an accurate representation of the health needs of the distinct Asian and Pacific Islander American communities. In addition, through community-sensitive research that better informs health policy makers and providers, we are able to contribute to the shaping of public health policy and programs.
So with this in mind, I share some thoughts with you this morning, and I ask that you please bear with me, as I realize that about 1:00 a.m. last night, as I was reviewing this, that what I had originally prepared wasn't quite on topic. And so I spent another two hours or so reworking my presentation. So if I get lost in following my handwriting, can't read it or whatever, again, please bear with me. And I also apologize for not having something in hand for you. But I will be providing a diskette so that you'll have it and it'll be on record.
As heavy data users since the inception of our organization, and again, as advocates for Asian and Pacific Islander health, we recognize the importance for good data and health care delivery systems as fundamental components to the adoption of data standards. Data issues related to privacy and informed consent surface and exist, which affect not only data collection and reporting, but also data utilization and effectiveness for the provision of health care services.
Today I will focus on three fundamental data issues as they relate to the Asian and Pacific Islander communities. Their inclusion in data systems, and their ability to access appropriate health care services. These three issues are culturally and linguistically sensitive approaches, community perspective, and diversity in ethnic representation.
First, culturally and linguistically sensitive approaches. The goal of obtaining health information from patients, and providing health care services to the Asian Pacific Islander communities should not compromise nor ignore variations in language, ethnic-specific perceptions, socioeconomic status, et cetera.
Patients, no matter their backgrounds, should be treated with sensitivity. For example, sensitivity ensures that sincere efforts will be made to provide an interpreter who can assist the limited English speaking patient's ability to give informed consent and accurate information, which assist it with better and appropriate health care access and delivery.
Part of incorporating sensitivity into the health care delivery system is the serious consideration of people's belief systems and how those may affect a patient's ability to truly give his or her informed consent and accurate information. Cultural beliefs and concepts of health care in medicine heavily impact people's perception of and reception to receiving health care.
Based on a community profile series that was conducted by the cross-cultural health care program at the Pacific Medical Center in Seattle, Washington, I offer the following examples: Same-sex health care providers and interpreters were generally preferred. And interpreters made available to the patients and their entire families. South Asians perceive the health care provider as the authority. They themselves feel their role is passive, respectful, and obedient to the provider's presence. The patient or family will seldom ask questions, because they feel it might seem rude.
Western health care is confusing and overwhelming for many Cambodians. Language and cultural barriers, crowded waiting areas, multiple interviews, mysterious procedures, and the somewhat abrupt behavior of health personnel all make obtaining health care an unpleasant experience. Many Cambodians believe blood draws are very painful and will make them weaker because blood is not replaced. X-rays are thought to destroy red blood cells and lower life expectancy. Men elders, and many in the second generation ages forty to sixty feel uncomfortable undressing for a physical examination.
Patients are people. Very real people with very real beliefs, fears, needs and feelings. Thus cultural and linguistic approaches become very important to good data and health care delivery systems. A provider who displays a genuine and sincere care for the patient's health and well-being, versus treating the patient as merely a subject, will help build a trusting relationship that the patient will appreciate and thus more willing to disclose information.
Creating a comfortable setting, not only physically but also psychologically and socially with language-appropriate interpreters, forms, and written materials will help keep intact a patient's self-esteem and sense of security that will facilitate a better informed consent decision, data collection process, and again, health care delivery system.
Knowing that there are numerous cultural beliefs and languages, it is unrealistic to expect that the providers be expert sociologists or linguists for each ethnic population. However, cultural and linguistic considerations for the community served would greatly enhance the health care access and utilization. And thus improve and ensure integrity in the data systems. Such systems could be assisted by local community based organizations and agencies and clinics for cultural and linguistic considerations.
This leads to the second issue: Community perspective. By community perspective, I mean one needs to think of the health, including the mental health, of the community. In other words, the community cannot just be the subject of one's data. But the community needs to be a partner in the data collection and health care delivery system and methodologies.
A community perspective for data collection can be accomplished through establishing true partnerships with community based workers and organizations who are working in the community, for the community, and with the community. Through partnership, the survey instruments can be developed more appropriately for the communities surveyed. Community based individuals and organizations are well respected and trusted by their clients and constituents. They are able to provide the cultural sensitivity and linguistic needs of the community. And it is through such individuals and organizations that community members seek medical, mental, social, financial, and educational support.
Through establishing a partnership with these individuals and entities, data collection efforts and health care delivery systems can be enhanced, better utilized, and more effective. In addition, continuing a community perspective for data analysis and reporting becomes imperative for the utilization and effectiveness of the data collected and health services provided. For instance, the value added from having a community perspective in the analysis of the data would elucidate more comprehensively the community's health status. Thus, health services could be better targeted more appropriately for the community, in particular those traditionally underserved. Which leads to the third issue, diversity and ethnic representation.
The traditionally underserved populations tend to have the least amount of data describing their populations. Such populations also tend to be under and uninsured. To mask the health conditions and health coverage status of the Asian Pacific Islander populations under "other" during the collection and recording of the study finding would be irresponsible and a misrepresentation of this diverse population. In addition, reporting data on the Asian and Pacific Islander communities as an aggregate community ignores the diversity and often bipolar conditions of the Asian and Pacific Islander communities. The health status and access issues of the Chinese or the Korean or the Filipino populations face are very different from that of the Vietnamese, the Hmong, the Samoan, and all the combinations in between. When ascertaining the health status, health care needs, and health coverage status of a specific ethnic group, and how that group compares to others, the data have minimal utilization in value when aggregated.
Therefore, data systems need to be ethnic-specific, as often there are cultural aspects and beliefs that directly impact the communities' health, as illustrated earlier. Furthermore, the rich diversities ethnically of the Asian Pacific Islander community need to be assured in the collection analysis and reporting of the data, which again will contribute to the enhanced and increased utilization and effectiveness of the data and health care delivery system. In conclusion, good data collection and health care delivery systems should include the integration of culturally and linguistically sensitive approaches, the community perspective, and diversity in ethnic representation. Ignoring these issues would compromise the data issues related to privacy and the informed consent process, and the credibility of the health care institutions would be suspect, at the least.
Incorporating these issues would exemplify the providers and/or health care institution's commitment to maximizing health care service utilization amongst various communities across the United States. And increase data and health care system utilization in effectiveness. Furthermore and finally, integrating these issues will ensure a good methodology for providing health services to the Asian Pacific Islander communities and other communities with distinct cultural, linguistic, community, and diverse needs. Thank you.
DR. DETMER: Thank you. Thank you now.
DR. CAMPBELL: I want to also thank the committee for the opportunity to give testimony here, and to also thank the Center for Mental Health Services, and particularly Ron Mandershide for supporting my travel to be able to do the presentation. You have copies of my formal testimony, so I'm going to make some informal remarks to emphasize some points, and I realize yesterday there were things I forgot. And also, I want to respond to other, some assumptions in other peoples's testimony. So this will be somewhat more informal.
I would like you all to know I am a mental health consumer. So I'm not only speaking or advocating for mental health consumers, I've also lived that experience with a bipolar diagnosis. But I'm also, as you know, a researcher and I was formerly the director of research QA and information systems for the Department of Mental Health and Mental Retardation in Maine. I serve on two (JACO) committees, one as a public member and one as a member of their advisory committee on managed behavioral health care. I'm also a member of the MHSIP, Mental Health Statistics Improvement Program ad hoc advisory committee, in which we're, as you know, developed data standards around the FN 10 and are working now on the FN 11, and also coming up with a core data set related to encounter data. I'm also a member of the Work Group for Computerization of Behavioral Health and Human Services Records, Inc. Which is developing an electronic patient record for behavioral health and human services using object programming approach. And I also am working with the World Health Organization on the revision of the ICIDH.
And the reason I went through that is because I want you to know that if there's any balancing act that is being done, I've had to do it wearing all of those different hats. And also I think it's important to know that the things that I've advocated, I'm stuck trying to implement. And that what I'm talking about isn't radical within, because I'm working within those organizations. And hopefully you'll have an open mind when I make some of my remarks.
First of all, that balancing act of individual and society. We heard that over and over again yesterday. And I had some concern because in research it's the individual, the person, that is to be protected. When I go back and think about the Nuremburg trials and the protections that were established, you could not use the potential benefits to society to justify jeopardy of harm to the subject. And if we're starting to think about data collection and use of data in terms of the regulations of research, we have to pay some attention to that. In other words, it has to be benefit to the particular person, not people in general. And I think that, also that researchers and data managers are also motivated by self-interest as much as by benefits to society, like we all are. So that I don't think they can speak for the benefits to society in general.
Also, there was a discussion of the potential for linking data. I heard that over and over again yesterday. But when I think about my work in Maine, the point of having a unique ID wasn't as much to link data but was to generate an unduplicated list so we would know what people we were serving. Now that's a comment on the focus to address people's needs rather than do research on those people. And also it points out that in most cases, particularly within state mental health authorities, which I'm most familiar, the capacity to do that kind of linkage isn't there. In Maine, we still had one of those machines where you reach up and crank it down. And we weren't the only one. And that was in our financial section.
I think the most compelling argument about the capacity to link data is not researcher law enforcement, although I would think yesterday there was a lot of discussion about that. But it's the quality of clinical care to the individual. And I think we all recognize that to be very important, and that's the benefit, I believe.
But I think that there's an unproven assumption that data linkage and research will produce quality care. And I think that that's one of those assumptions that we really have to interrogate. I don't think that's necessarily been proven, what the value added process of data integration synthesis and dissemination really is. And I think that we have potentially unholy alliances that are being developed within the health care system. And I think first of all about the Brady Bill, which was enacted when I was up in Maine, in which I had the responsibility of dealing with that. And I started to think about it in terms of states' rights versus federal law. Because I thought there were real dangers to the recipients of services to be able to go back and research state mental health, I mean mental health institutions, to see who had received services there, and then now to put that on an insta-computer link.
In fact, at the Missouri Institute of Mental Health, we have the contract from the state to implement that. And I go everyday up there and say, "Well, have you had any legal challenges to this yet?" Very interested in how that's going to play out. I also think that our unintended consequences or negative outcomes from having this capacity to link data without the strongest protections and consent of participants.
We had a discussion yesterday I thought was excellent about how data systems can be a barrier to people seeking services. And that there's a real fear to seek health services. And I think that's particularly true of people that have stigmatized diseases. And I thought that Marj Plumb and Eileen Hansen had excellent remarks on that. I don't think that's totally resolved by ending discrimination. Even if you could. I don't think those issues can go away. I think that it's particularly, it's the issue of law versus culture. And we may be able to make law, but how do we change the way people think and behave? And I think that's where the critical issues lie.
And I think that probably more than any other group is people with psychiatric diagnosis face the most incredible stigma in this society. There's a whole bunch of research about help-seeking behaviors and why people don't seek help for fear of that stigma. And with the stereotypes of them being dangerous, violent, and unpredictable. And that isn't only just out in the public, that's within those people that deliver the services. And that's with all of our, I mean that culture is ingrained within our society. And many of the incentives to do data linkage, as well as to interrogate databases for information, is really given a push by these types of stereotypes.
I also heard some remarks just about patients yesterday, that they have no capacity for rational thought and they might make, and that was around informed consent, and then there is some issue about competency to give informed consent. But I think that we really have to pay attention to what the recipients of services say about this proposed regulations.
And I, just so you know, is that mental health consumers, just as their own group, are organizing to stop a reform progress, and synthesizing, integrating, and disseminating their mental health records. There's both legal cases that have been initiated, and on a positive side, I've been brought in several states to begin to bring together all the stakeholders so that they can start a dialog. Because things are being polarized rather than people being brought together. And I wanted to share a few of the concerns of mental health consumers today and some of the recommendations.
One of the things that we've talked about, a lot about access by government entities, providers, payers, researchers to data. In fact, that's almost assumed. I mean, this committee, in a certain sense, is in a reaction to the potential and the desire of people to be able to have that sort of virtual data capacities.
But there's been very little attention today about access by consumers, both to their personal record for shared decision making, knowledge over their condition, to correct errors. There are no efforts here, that I can see, to really address that problem of when you electronically store and transmit data, it becomes more difficult to get access to your record. Also I think that something that I haven't heard at all is that access of consumers and advocates around aggregate or administrative data. And that is really being withheld from consumers.
There's a claim of proprietary rights, ownership, people want to control information, and I've had to sign gag clauses to do contracts. In other words, I could not publicly, or there might be prior restraint. I couldn't publicly talk about the results of data, even if it was funded by state or federal agencies. Because of the fear of what that information might do if the public hears about it. On the other hand, I mean...consumers are the ones that need to make choices based on quality. And that requires good data. And advocacy, I think, is what really drives quality. In other words, they have to have the access to this information as well.
DR. DETMER: In the interest as her time as well, if you could...
DR. CAMPBELL: Is it 10 minutes already?
DR. DETMER: Yes.
DR. CAMPBELL: Boy, it really runs fast. Well, I guess I want to talk about two things to conclude. And then in my, when we get our last remarks, I'll hit you on collaborations. But one is the issue of informed consent. If we believe it is important, and that's the way we earn trust of consumers in order to have compliance. Is that we need to really integrate the idea that it's too expensive or can't be done. Because I believe that that's an assumption that needs to be tested.
The other things is that I believe also that we need to have an opt-out system in which people, if they do not want to have, in some cases, retrospectively their paper records put into an electronic system, is that they shouldn't be denied services. A lot of states particularly think that it's their consumers and it's their records and that they have a right to go in and do what they want with those records.
I think finally again, just returning to the attitude of people. I think it's so clear that maybe the biggest dangers, in terms of privacy and confidentiality, don't come from the hackers from the outside, but it's really an internal issue.
And I can only think of when I was up in Maine, how many times I would look down at a fax machine that set in central office, and on there would be the names of mental health consumers that were incarcerated in the state hospital. Not only would their names be there, but then the paper would roll up and fall on the floor and just lay there. I think that's a statement somehow on people connecting data, that information to human beings and real in care. And when I tried to get that, when I tried to get that fax machine moved into a locked place, I got more anger from people in the central offices. Because what it did was disturb the status quo. And I think we have to have the courage to begin to challenge those types of assumptions.
DR. DETMER: Thank you Dr. Campbell. Ms. Moya?
MS. MOYA: Good morning, I'm Rita Moya. I'm President of the National Health Foundation. And like the other presenters, I want to thank you for this opportunity and especially for holding these hearings on the west coast.
The National Health Foundation is a Los Angeles-based charitable organization that was founded in 1973. And the mission of the foundation is to improve the health care system by developing projects that promote and support more effective health care delivery and better personal health. NHF specializes in forming public/private partnerships and collaborations that address critical health care issues. Projects are designed to be replicable, self-sustaining, and permanent solutions to gaps in the health care system. We receive specific program and general endowment funding from individuals, corporations, government and private foundations.
For the past five years, the National Health Foundation has been involved in numerous projects related to administrative simplification, and specifically the electronic transfer of health information. In 1993, the foundation created the Healthcare Data Information Corporation, a mutual benefit organization made up of health care providers, payers, purchasers, and government entities in California. The shared vision of the members was to make Californians healthier by facilitating the development of a secure, standard-spaced, open statewide health care data interchange, and data analysis capability.
I will not elaborate on the work of the Healthcare Data Information Corporation because you'll be hearing from Ann Geyer, HDIC's president, later in the day. My reason for referencing HDIC is that much of the work the National Health Foundation has done, and what we have learned in terms of public policy development related to privacy, confidentiality, and access to health care information was developed as part of our efforts to successfully launch this new organization. We actually spun HDIC off as a separate, self-sustaining entity last year, and I currently serve on the board of directors of that corporation.
HDIC is not our only involvement in health information technology. We've reengineered California's poison control centers with a new technology system. We've created an Intranet for community clinics, and we've developed numerous computer-based decision support tools that are currently being used in Los Angeles County. Because NHF has completed so many projects with health information technology as a focus in the past several years, we've recently created a new Center for Health Information Technology and have made a permanent commitment to this area of endeavor.
One of the goals of our new center is to increase collaboration among health care stakeholders and work with all entities to eliminate barriers to effective deployment of health information technologies. One of the key barriers we have identified is the lack of standards, particularly for clinical information. The foundation as a charitable organization places particular emphasis on the interests of consumers and evaluates all information technology in terms of its impact on consumers.
Given its history and focus, NHF is most interested in the opportunity that the Administrative Simplification provisions of the Insurance Portability and Accountability Act provide. We support any efforts that will advance development of standards for health information. We also appreciate the difficulty of this process. Having worked with diverse stakeholders, we've learned that consensus is difficult to achieve, especially regarding standards. Often the group that should have a significant voice, the consumers, are not represented.
Consumers have often been absent from these discussions because of a number of factors. And the very idea of consumer points to one of the biggest barriers to creating health information standards, who are the consumers? Are they the patients who actually need the health care? Are they the general population in need of maintaining health? Or are consumers the employers who pay for the health benefits? In reality, consumers can be all of these groups.
All the various health care consumer categories must become advocates for utilizing more modern information technology and the processes of health care delivery and the maintenance of health. Our work with HDIC and the community clinics, has shown us that the health care providers are reluctant to invest in computer systems and software applications that help keep track of patient information.
Patient privacy, confidentiality, and security of such data have often been cited as reasons for not converting records to electronic formats. These are issues of real concern. But ones that can be solved with appropriate policies and procedures for utilizing information technology, just as there are procedures for paper-based systems. Patient consent, encryptions, data security software, and coded access can do much to protect confidential information.
The National Health Foundation has spent over three years working with a group of dedicated volunteers from health plans, health provider organizations, consumer advocacy groups, employer groups, state and local government entities, and consumer groups to develop guidelines for public policy that will protect privacy rights of individuals. And the confidentiality of all forms of health information which is collected, stored, processed, or transmitted in electronic form.
There are several basic assumptions regarding privacy that were supported by all these participants. Individuals have the right to privacy. Individuals have the right to review corrected data about themselves. Individuals have the right to access the audit trails that pertain to their own health records.
Additionally, there are assumptions related to confidentiality that were supported by all the stakeholder participants that worked with us. These include electronic transfer of data will not occur without systems in place to support verification of appropriate informed consent and maintenance of confidentiality. To protect confidentiality, a Social Security number should not be used as the sole identifier. A Social Security number combined with additional characters may be acceptable.
The stakeholder group proposed several policy areas for maintaining confidentiality that might be helpful to your deliberations. These are: the individual has the right to identify items that he or she does not want disclosed. Payer, provider, employer, proprietary information is confidential and is not to be released without consent. A unique system-generated identifier needs to be established for each patient provider and pair. Appropriate data protection techniques need to be utilized to prevent the inadvertent release of person-identifiable information. The burden of proving patient consent will be the responsibility of persons or organizations requesting access to data.
Access to data is an area related to privacy and confidentiality, but with additional parameters. The stakeholder group determined access to person-identifiable data must be given only when the privacy and confidentiality provisions are not compromised.
Access to aggregated, non-identifiable data can be given to researchers and other appropriate entities provided the purposes for which the data is sought are determined to be in the public interest and benefiting the overall advancement of knowledge regarding population health.
NHF is an organization that does engage in research activities, and we feel strongly that access to aggregated, non-identifiable data is essential to furthering our collective understanding of what works and doesn't work in terms of health care delivery and health maintenance.
In closing, I would like you to think about your task and encourage you to be bold and realize the full potential of Administrative Simplification. More efficient handling of information is in the best interest of all the various health care consumers. Balancing their unique requirements and needs is difficult as we have learned from the projects we have undertaken with clinics, employer groups, health plans, provider organizations, and consumer representatives.
From these experiences, we have come to regard the process of forging consensus as a very necessary part of any effort related to health information technology. We are not lacking for technological solutions, but rather the shared will to cooperate on implementing those solutions. The details involved in accomplishing this consensus building are frustrating and time-consuming, but well worth the effort. Thank you.
DR. DETMER: Thank you, and thank each of the panelists. Before I open this, I think Dr. Sondik has joined us since we started. Ed, would you introduce yourself, please? Glad to have you here. Thank you. Good to have you with us.
By my clock, to allow time for the next panel to start, we have about four minutes for questions and comments, and who would like to start that?
Kathleen.
MS. FRAWLEY: Jean, I was kind of speed reading through your written testimony, and I'm not sure, I just want to make sure that it's clear for us.
I see your reference to the American Psychiatric Association, in terms of their lobbying the Congress on schedule legislation. And I'm not sure if I understand. I know that they believe that there should be exemptions for mental health [unintelligible].
DR. CAMPBELL: Right. Exactly.
MS. FRAWLEY: And what I'm trying to find out is, do you support that, or--
DR. CAMPBELL: No. I mean, that's an issue of access. In which access is being restricted for the people who are receiving the--
MS. FRAWLEY: Right. I just wanted to make sure I was clear. I mean, I thought that was what, the point you were trying to get across, but I wanted to make sure we got that out on the record. Thank you.
DR. DETMER: You may want to make the comment about collaboration, because I don't think we're going to have time to go through the...if you could make that--
DR. CAMPBELL: Well, I think it's already been made in a sense here, is that I think that mental health consumers, and I would say other groups really need to be central to this process and not marginal. And I think if you just look at the composition of this group, is that I don't think that that's the case. And that isn't just for being politically correct. I think that's really so that we can really deal with these issues, and what you called a bold aggressive way. Because I don't think you can think outside of the lines of your own experience.
And I also noticed just in the scheduling, this panel had the least amount of time for the presentations. I went and added it all up.
DR. DETMER: Okay. You've made your point. Others? Yes.
MALE VOICE: I have one question. Ms. Tom. We're going to be having hearings sometime later this month. One of the issues is going to be recommendations from...OMB, is that right? On the definition of racial and ethnic groups. If I understood you correctly, you advocated having additional detail on information codification of Asian and Pacific Islanders in terms of those particular categories. Do you have a suggestion?
MS. TOM: We also are a census information center at the health forum. And we do take the position to maintain the existing nine categories that the OMB directive lists. And those are the main categories. So Chinese, Vietnamese, Filipino, Japanese, Korean, Hmong. Anyway, there's nine! Vietnamese, Laotian, and Thai. And then for Pacific Islanders, Hawaiian, Samoan, Tongan...and there's one more. That we do maintain that those be maintained and not just simply that a race question is asked and that we can could never go back. It can always be aggregated, but we can never go backward.
DR. DETMER: All right, I thank you very much. We appreciate it. And if the other panel could please then come forward, the members of the next group...
They're not here yet? Okay. Well, we'll wait one minute and then we'll get started with our group. I guess this is what the west means by laid back or something, huh?
Well, I think what we'll do is begin so we don't fall behind, and we will start. I don't know which of the two of you choose to begin, but Mary Ann, if you would, please? It's nice to have you here.
MS. LOURI: Thank you. I'm Mary Ann Louri, and I'm a health services researcher by training, and the director of Quality Measurement and Research at PacifiCare Health Systems, which is a network model managed care organization. And we operate health plans in thirteen states and Guam. And our total membership is more than four million lives, including nearly one million Medicare beneficiaries. And I really appreciate the opportunity to participate in today's hearing.
I'm going to focus my comments on issues of confidentiality and privacy of individual level data. Safeguarding of member enrollment, demographic, and medical care-related information is of great importance to PacifiCare. And we support this committee's efforts to protect against the unauthorized and inappropriate use of individually identifiable information while promoting efficiency and security of the health information infrastructure.
PacifiCare's efforts to ensure security and confidentiality of member information include requiring that all employees sign a confidentiality agreement upon being hired. Enforcing a policy that addresses the consequences of improper use of confidential information. Allowing access to member and provider level information, and that includes both demographic and clinical information, only to individuals whose job responsibilities require that they use such confidential information. And maintaining information system controls, including warnings on front log-on screens, unique log-on identifiers and passwords, and also the maintenance of electronic audit trails.
PacifiCare also enforces all of the above confidentiality rules with all contract employees, consultants, and our academic collaborators who require access to confidential information.
It's important to be reminded managed care organizations such as PacifiCare use individually identifiable [unintelligible few words]. ...Body of care, as well as the payment of claims. In addition, our health plans use individually identifiable data to prepare reports to respond to requests for information from the federal government, state agencies, regulatory bodies, accrediting organizations, and also employers and purchasers. Examples of such reports include reports on claims payment and processing, which HCFA requires and so do some of the states and employers and purchasers. Descriptions of the appeals and grievances process, health plan performance data as specified in HEDIS, the Health Employer Data Information Set, and clinical performance measures for individuals with certain medical conditions as for example required by the Foundation for Accountability.
Now, none of these reports contain individual, specific information. Individually identifiable information plays a crucial role in a managed care organization's ability to carry out quality measurement and improvement activities, which include the collection of data and analysis, both to identify clinical areas and providers which may need improvement, and to identify the most effective and successful medical management strategies.
Also to conduct measurement of quality against a nationally accepted clinical practice guideline that a managed care organization may adopt and disseminate among its members and providers.
Also the investigation of individual cases for the purpose of care management. And finally analyses of underuse and overuse to assure appropriate care is delivered to plan members.
Access to and use of individually identifiable information is critical for trend analysis, care management, and provider and member education. As well as for preparation of reports which enable purchasers and consumers to evaluate health plans. Therefore, PacifiCare encourages this committee to continue its efforts on promoting efficiency and security of the health information infrastructure. Such efforts will allow managed care organizations and other legitimate users of individually identifiable information to maintain access to this information while safeguarding individuals' privacy and confidentiality. And we will be happy to provide the committee with any additional information on our internal security measures, or on any of our internal uses of confidential, individual level data.
DR. DETMER: Thank you very much.
DR. RALSTON: Good morning, my name is Michael Ralston. I'm a physician with the Permanente Medical Group and director of quality demonstration with the Kaiser Permanente California Division North. I'd like to thank the committee for the opportunity to offer both written and oral testimony. I've submitted responses to the nine questions, which is in written form. And I'll sort of highlight generally three important points that our program would like to make. I think it's also of note that this does represent our program-wide position on the evaluation and implementation of the act.
Just as a point of reference, Kaiser Permanente, at least we feel, is a preeminent HMO in the country. Have been delivering prepaid health care in a public non-profit health plan since 1946. We're a group model HMO with the various Permanente medical groups delivering care to all of the Kaiser Foundation Health Plan members. Our current national membership exceeds 7.9 million and is growing, and we deliver care in seven divisions and one local market. We have ninety thousand internal employees with nine thousand four hundred physicians in the Permanente medical groups.
We look forward to this testimony in an ongoing, we hope, dialogue as concerns the implementation of the act.
Three points I would like to make just in summary of the testimony. One point relates to what we feel is of primacy, and this issue is related to privacy and confidentiality of information. Secondly, is just the interpretation of the legislation as it's implemented. And the third point relates to the initial implementation of standardization as relates to administrative information and what we believe clearly is a much greater issue in the future as pertains to clinical information.
The general position that we have is that there should be strong protections against improper disclosure by health plans of information related to individual health plan members, patients, and providers. Provisions specified in law or regulations should address various points, which include appropriate use, confidentiality and security of information, as well as protection of individual privacy, appropriate circumstances under which persons may be given access to individually identifiable information.
I'll just say here we feel that there is a significant difference between individually identifiable information and individual level data, or encounter data without individual identification. Such information should not be disclosed to any person except purposes necessary for required quality assurance functions to meet the needs of purchasers and/or providers, especially to determine entitlement to coverage or administer payments, or to conduct approved bona fide clinical research under various policies and procedures including investigational review boards and such for access to that data.
An overriding principle should be that the data should not contain individual patient identifiers which could lead to violation of privacy, or certainly individual harm to the individual. Other accesses to the data need to be in conformance with statute, court order, or legally mandated procedures requiring access to individually identifiable data. Or certainly in claims, litigation, grievances, and such between individuals and plans. The standards and rules concerning the movement of information must balance the need for privacy and confidentiality with the clinical need for comprehensive, accurate information. The governing principle should be established in standards and within plans and systems, policies and procedures concerning confidentiality. The overriding guideline should rest on protecting the right of the individual against disclosure of such information to parties not involved in the delivery of clinical care, or the evaluation of clinical care. And the clinical need by providers, which should include all providers involved in the patient's care to have complete and accurate information.
The second point that I'd like to address concerns the interpretation of the legislation. We believe wide use of electronic data interchange, or EDI, using standard formats, codes, and identifiers will result in significant cost savings to the U.S. health care system. There are several factors, however, which will affect the impact of this in the administrative simplification requirements of the act. These include the interpretation of the phrase "exchange information electronically," which is vague, and motivations introduced to exchange information electronically using a standardized format.
The phrase "exchange information electronically" to us is not clear if this covers the use of electronic media such as tape and/or disks, or technologies such as SGML or Cobra, related object technologies, or Internet technologies. One could interpret the act to cover all forms of electronic data interchange regardless of medium used. This interpretation requires consideration and your recommendations of the implications of technical efficiencies associated with transaction format design and the medium. Essentially the issue here is that the data is important. The data again has primacy, but looking at the format and the envelope in which that data's transmission needs to be considered.
For us, most of our trading partners, we have used transactions submitted to us in either paper or magnetic tape with non-standardized formats. We are concerned that in the review of the act, there's little to motivate our trading partners, meaning the providers with whom we contract and pay, or the employer groups who come to us for coverage of their employees. There is little to motivate our trading partners to convert to electronic formats or to standardize these tape formats. While we are required as payers to providers to accept the standard format, providers and group purchasers are not required to use the standardized format. The absence of this motivation will force us, as the plan, to introduce motivations both to the providers that we contract with as well as the payers that are coming to us for coverage. And this could put the plans in a less than desirable position.
The third point that I would like to make revolves around again sort of the expansion of use of the information. Clearly, data information is moving from hard copy paper record to expanded electronic data repositories. This act limits itself to administrative transactional data, but clearly the future of health care delivery information in the country is going to expand rapidly into electronic data repositories for clinical information. We favor the use of CPT4 and ICD9 CM classification systems for current administrative transaction, but they have very limited uses for defining clinical care, and clearly there needs to be a movement toward standardizing clinical information that's moved electronically as well as administrative transactional information. This should recognize different stages in the development of maturation of clinical systems on the provider and plan side in the country. And as the standardization of clinical information movement moves forward, they'll be, or at least there should be some flexibility in recognizing different levels of maturation of systems that various types of delivery systems and plans have.
So in summary, I would just sort of like to state that the Committee for Vital Health Statistics in the U.S. Department of Health and Human Services have been charged with a large responsibility in evaluating and implementing this act. There is great value in establishing standardization for the assembly and transmission of electronic health care information. This is clearly necessary. However, it must be recognized that various components of the delivery system are in different stages of maturation. The establishment of standards needs to recognize the impact of change on systems currently in existence, as well as the cost of implementing systems that are not in existence. Guiding principles and standardizing process should be to enhance the effectiveness and appropriateness of clinical delivery of health care.
Our concerns primarily revolve around four points, the first being the burden of cost related to mandated or legislated change. The second being the relevance of mandated or legislated change. Third, misuse or unauthorized access to information, clearly issues of confidentiality and privacy of information at the individual level. And fourth, the flexibility to evolve and change over a period of time. Thank you very much for the testimony, and we'll take questions, I guess, after David testifies.
DR. DETMER: Thank you very much. Dr. Hopkins. Nice to have you here.
DR. HOPKINS: Thank you. It's a great pleasure to be here. Thanks for the opportunity.
I'm David Hopkins. I'm the director of Health Information Improvement at the Pacific Business Group on Health. And I come this morning to first give you a little bit of background on PBGH, who we are and why we're so deeply interested in the set of issues that you are discussing and will decide for all of us. And then to make some specific recommendations.
So first, what is the Pacific Business Group on Health? Well, we're a large business coalition, based in California, and actually one of the most active employer coalitions in the country. We were founded in 1989, and our dual mission is to improve quality and moderate the rising costs of health care. Currently, we have 33 members who are large private and public purchasers in California. These companies and public sector employers represent about 2.5 million employees, dependents, and retirees, and spend about $3 billion a year on health care for their members. Most of our companies employ workers throughout California and many are in multiple states. On the average, about two-thirds of all the covered lives in the PBGH network are enrolled in HMOs.
In 1994, the PBGH employers formed a negotiating alliance to collectively negotiate with California HMOs for a standardized benefits package, emphasizing both price and quality. As part of the negotiating process, all participating HMOs have agreed to set aside 2% of the total premium paid by the employers to improve customer service and quality according to a set of specific performance measures.
Over the years, PBGH has undertaken or collaborated on a variety of quality studies. Examples include the collection and analysis of patient satisfaction rates, HEDIS preventive care rates, and risk-adjusted, post-surgical mortality rates for CABG surgery. The cost of acquiring accurate data for clinical outcome studies has been enormous, since the data rarely can be found in electronic form. Thus, every quality project inevitably becomes a data project. To cite an example, last year California health plans spent over $1 million to collect data on six HEDIS preventive care rates. That was the out-of-pocket cost. I'm sure far more resources were consumer at the health plan level. Recognizing the severity of the problem and that it exists at all levels of the healthcare system, PBGH is using the market to advance needed improvements in health care information systems.
So now, let me just tell you briefly about what we call our data initiative. Initially, we focused on creating a data vision, and identifying problems for which we purchasers ourselves are responsible.
The vision developed to guide purchasers' evaluation of providers and plans and to influence their contract decisions, is comprised of the following three components. Number one, computer-based patient records to record key encounter data at the point of care. Number two, using open-architecture systems with standardized electronic data interchange to exchange data between trading partners. And number three, built-in real-time feedback mechanisms to allow for continuous process improvement by providers.
Not only are these systems elements necessary to enable more informed value-based purchasing decisions, but they are critically important for streamlining administration and improving care.
Last winter, PBGH took the initiative to convene a core group of California managed care industry stakeholders -- meaning purchasers, plans and providers -- to urge a collaborative approach to building the necessary data infrastructure, obtain commitments from interested organizations, and develop an action plan. Over the past six months, a consensus document has been produced, and written commitments have been obtained from 12 large purchasers, 12 major health plans, and 16 provider associations and large provider groups in California. A long-run vision similar to the one that PBGH developed has been adopted.
In addition, several impediments have been identified for which immediate action is needed. These include adoption of unique patient and provider identifiers and uniform data standards for EDI. Work groups are now being established to tackle each of these issues. They will look to nationally recognized bodies for the standards to be used and only where national standards do not exist will they develop standards of their own.
Dr. Ralston is correct when he says that up until recently employers have not really been motivated to get on board with ANSI enrollment standards. But I'm happy to say that PBGH is trying to exercise its leadership here, and we have our members committed to implementing ANSI 834 within a reasonable time frame. And actually a work group is set up to go, and is working on that.
Key organizations that have joined PBGH in these efforts include the California Association of Health Plans, the American Medical Group Association, the California Medical Association, and the National IPA Coalition. We have adopted an aggressive time frame for implementation of standards and EDI. We intend to make improvements that will have a lasting impact on health care services delivery in California. Yet we are dependent on the federal government to make key decisions about the unique patient, provider, and provider group identifiers, as well as others that you're considering, before we can implement our systems changes.
Let me turn now to a set of recommendations we'd like to offer for your consideration. Number one, adopt the Social Security number as the core element of the unique individual health identifier. Our reasons are as follows. Social Security number already exists and has been issued to most individuals in the United States. Number two, it's already collected by employers and incorporated accurately in their payroll systems. Since employers (including government) are the source of health plan enrollment information for their employees, the transmission of the Social Security number as identifier can be done without introducing new errors.
Number three, it is in fact widely used today as an identifier at all levels of the health care system. To replace it with another identifier would require undoing many of the identification systems that are already in place.
Now, we understand that there are big issues about patient confidentiality, and those often get raised in the context of this proposal. From our point of view, those concerns can be met through encryption and adoption of other security measures. And I know that's a whole area that you all are going to be working through. It is much easier to gain unauthorized access to an individual's confidential medical information in today's paper-based environment than it would be in a properly controlled electronic environment.
Recommendation two. Do not establish confidentiality provisions that will inhibit the construction of integrated databases from individual patient encounter records for legitimate research and evaluation purposes. Again, our reasons. Purchasers and consumers alike need aggregated "quality" data so they can make judgment on the performance of health cares and providers in managing the health of their assigned populations. Plans and providers need integrated data so that they can proceed to improve their clinical services. And I think at least as important as those two other points, these databases will serve as an extremely valuable national resource in terms of outcomes research used to advance the science of medicine.
Now, although the unique individual health identifier will need to be used for data linkage in these integrated databases, I'd just like to observe that none of the uses I've described requires information that's generated from the databases to be identified with the individual. So I think it's practical to imagine that the databases can be designed and administered to protect patient confidentiality.
Recommendation three. Ensure that provider group identifiers fit the realities of today's marketplace. Probably California has the most complex set of arrangements between providers as individuals, their chosen group practice, business relationships that they may have either individually or as a group, with multiple IPAs and integrated medical groups.
So we need provider group identifiers to be assigned so they can be used to indicate each provider's contractual relationship to the patient at the time of the encounter. In other words, the identifier should connect the provider to a particular medical group or IPA that contracts with the health plan to which the patient belongs.
Number four. Time is of the essence. The California stakeholders that I referred to earlier are poised to implement needed systems infrastructure throughout the state. Yet they cannot act until the Secretary of HHS has determined the standards that will be used.
So we urge you to complete your work in a timely manner and to recommend rapid decision making within HHS once the recommendations have been made. Great efforts should be made to meet the deadlines mandated by law.
And a final recommendation. Once the standards are developed, publicize them widely. The last thing we need is for systems vendors and others to continue developing and adopting proprietary data sets and formats.
Thank you for the opportunity to present the information that I've shared with you today. We appreciate very much the work you are doing. And please let us know how we can help.
DR. DETMER: Thank you, Dr. Hopkins. Are Robin Wythe and Mark Quillici in the house, I would ask?
Okay, we'll go ahead and open this--
DR. HOPKINS: I think in most respects you can assume that I was speaking for their companies as well, because they are members.
And I did speak with each of them yesterday! And they send their regrets.
DR. DETMER: John.
DR. LUMPKIN: First couple of questions for Dr. Hopkins. Let me start out first with a question that you didn't comment on.
One of the charges that we have in front of us is to make recommendations on a unique identifier for employers. And some of the options, which there aren't a whole lot in front of us, one of them that we're exploring is the use of what we call in Illinois is the federal employer identification number, because we have a state number. But my colleagues in the federal government, they just call it the EIN.
Is that a workable number?
DR. HOPKINS: I would think so.
DR. LUMPKIN: Second is your comments on the provider ID. Are you suggesting that in your recommendation that an individual provider would have multiple numbers?
DR. HOPKINS: I think so. Or it's that -- let's see. I think the concept that I have, or that I think you have, is that an individual provider has a unique number to identify him or her as provider. But in addition to that, we need a system for group identifiers, and that's really what I was wanting to address there.
DR. LUMPKIN: So, for instance, if -- because we're also charged to have a plan ID. So if that provider's part of the plan and then that number is then attached to that plan, so obviously my number -- if it's plan ABC -- my number when I take care of a patient from plan ABC could appear to the system, it would be ABC plus 1-2-3-4. Or are you suggesting--
DR. HOPKINS: Yeah, there's somebody in between. And that's what I'm trying to get at.
And it's particularly relevant for performance measurement, and actually for clinical practice improvement. Because it's the provider group that has the ability to look at aggregated data and make good use of it. And furthermore, it's the provider group about which purchasers and consumers really want better information on quality. So we're hoping that you will come up with a system to uniquely identify the provider group.
DR. LUMPKIN: I guess that the thrust of my question is, is that--
DR. HOPKINS: Which is not a health plan.
DR. LUMPKIN: --is do you build that logic into the evaluative software that allows you to link that group together so that they would have their own software? Or do you build that into the number? And I guess what I'm hearing you say is that ought to be built into the number.
DR. HOPKINS: We need a system of identifiers. We badly need a system of identifiers for these groups. Absent that, the challenge of linking data that comes from one health plan versus another, and tagging it to the appropriate medical group, is very, very difficult.
DR. LUMPKIN: Let me just ask, because I'm... If we envision a provider number, and a provider being an individual practitioner, a provider would also be a group, and would be a plan that delivers services. Would that be consistent with what you're talking about? So if you have a multi-specialty physician group, that group would have a number. And each individual provider in there would have their own separate number.
DR. HOPKINS: That's part of the answer.
And we need you to do the same thing with IPAs. Which are a looser form of organization. They're set up largely for business relationship purposes. And we need to evaluate those.
Go ahead.
MS. LOURI: On what David was saying, that in California we have individual physicians who belong to a specific medical group, but also simultaneously belong to an IPA. And may practice and see members of the health plan, either as an IPA member or as a medical group member. And if you're looking at structural effects, they're going to be very different depending on whether they're acting on behalf of the IPA or on behalf of the medical group, in terms of dissemination of practice guidelines or, you know, any kind of infrastructure that would be there for the group may not be there for the IPA. It may be different.
DR. RALSTON: This is, David says, it's introducing a new level of aggregation in here which is not, I don't think, apparent across the country. It's apparent in this state, with what's gone on. And that's the medical group. It cannot be -- the individual identifier, the provider identifier, cannot as part of that identifier be intrinsic to that identifier, a linkage to the group. Because these are not static. These are not fixed relationships. The relationship of the provider to the medical group changes over time, as does the relationship of the provider organization, the medical group to the plan. So these are all various levels which need their own unique set of identifiers. You do, however, have to be able to link a pool of providers to a group. So there needs to be some linkage there which has to be able to change and be dynamic over time, given contractual relationships.
DR. MOR: On that same issue, what you've just characterized is actually the group and IPA membership are qualities of the individual provider. And they need to be changeable. If that's the case, can you imagine a provider registration system that would have to be updated for those kinds of data elements on an ongoing basis, so any event, episode of care, could be date stamped in accordance with where that physician's qualities are at the time? That's a lot of updating on the provider level.
DR. HOPKINS: Yes, it is.
MR. SCANLON: The medical group that you're referring to, the IPA. Isn't it more, rather than the, associated with the provider ID, isn't it more like a plan ID? They're not providing care.
DR. RALSTON: No. No, it's not. Because the reality is that a certain number of plans basically deal with all of these groups, these provider groups. And if you try to discriminate on the level of the plan, you'll find very little variation. Whereas the movement towards group level performance is where at least the perception that you're going to start finding wider levels of variation and be able to introduce improvement schemes and mechanisms at the group level, ultimately inside the group you're going to have to disaggregate down to the individual level as well. But plans and groups are very different, especially in their ability to influence change down at the individual provider level.
MR. SCANLON: Do you have any advice -- there are different levels of aggregation that you could assign the plan ID at. You could decide it at Kaiser as a corporate enterprise, or you could assign the plan ID number at any of your individual, Kaiser's individual plans. The same thing for Blue Cross or Aetna or anyone else. Do you have any -- what would make more sense? To have a corporate sort of a plan ID? Or the individual kind of a...
MS. LOURI: I'm going to take a stab at clarifying network models in California, and you guys jump in. This is always a challenge.
At PacifiCare we contract in California with more than 3,000 medical groups and with over 30,000 physicians. Now, all of our competitors contract with a large proportion of the same network with the same delivery system. So if you look at PacifiCare of California, that's a plan that has two and a half million members, and 30,000 individual physicians, and 3,000 medical groups.
So in order to get at further relationships, especially if you're looking at evaluating quality of care, and when you get into outcome issues, where you really need to know where you can attribute the outcome, or who you attribute the outcome to. You really need to be able to separate out all those levels of the individual physician, the infrastructure from the medical group, or a looser infrastructure from the IPA, and also they layer that the plan brings on.
DR. COHN: I have a slightly different question, though certainly I think in relationship to this one, I think you're describing a situation where we need to have maximum flexibility. As well as probably have some understanding of what the plan is actually offering. As well as -- Kaiser has different service lines. It would be useful to be able to differentiate those.
Now, actually, I had a question on privacy and confidentiality, so I hope it's okay to change topics.
MS. IEZZONI: My question's on both topics. So why I don't follow Simon, and then I'll...
DR. COHN: Now the committee is obviously very concerned with issues of privacy and confidentiality of individually identifiable health care information. We talked about primary and secondary uses of data, and I think we've talked at sort of a high level of this issue of what happens to the data after it goes into your environments. And I was just posing a problem, at least one that I'm aware of.
But I'm curious if you all perceive this as problems, and if so, how the committee can help this relationship to this issue. And this issue has to do with requirements or requests by employers and others regarding individually identifiable health care data, after you've received this date. In other words, for things such as assessing the value that is being given by the health plan or by the providers, issues of cost, issues of actually managing absenteeism or disability on the job.
This must be, at least to my view, it must be a big issue, about how one handles it in an appropriate fashion. How can the committee help in terms of this one, and what sort of rules should we be advising the secretary of HHS?
DR. DETMER: And before you respond, we had a couple of people that didn't come to this panel. The last panel didn't really have much of a shot at discussion. And I think some of this is very relevant to those folks. So, if Dr. Campbell, I see you're still here. I don't know if our other, any of our prior panelists are also still in the room. But if you'd like to join us at the table, why don't you? Because I think some of these issues are just as relevant to that prior panel as this. So...
DR. HOPKINS: Let me answer your question from the employer's point of view. The employers really don't want individually identifiable information. They do want aggregated data, and they want the ability to look at trends and, you know, how are you doing at managing the health of my population?
The only time that employers get directly involved with individual employees is in relation to worker's comp and disability. And of course those are situations where the employee has already identified himself or herself to the employer. But for medical treatment, I know of no employer that wants that information, nor that asks for it. Now, I'd be interested to know if the plans have different experiences with it. Well, I hope nobody in our group.
DR. RALSTON: Yeah, we do have experience with employer groups asking us for individually identifiable data related to health care conditions and clinical diagnoses of individuals. We have an extraordinary problem with divulging this information. Because it may or it may not. But there are certainly a large amount of potential for misuse of this information.
Certainly the intent of this, I think is well intended. For shared risk arrangements, shared care programs between the groups and the delivery systems. And developing enhanced productivity and worker potential. The groups want to make sure that the health status of their employees is maximized. But there is certainly potential for misuse of this information as relates to the position of the worker in the workplace environment, advancement, longevity, and so on and so forth.
So, it's a problem that's just beginning to surface. We have had experience with this level of data being asked of us. We've refused to divulge that. There are certainly potentials on how to get encrypted individual level data that may meet the need of the group for this type of information. But these are complicated schemes, and certainly not either labor or resource cheap to undertake.
But it would be highly desirable to have some rules or standards right up front about what is inadmissible, inaccessible. And recognizing individuals' rights to privacy.
MS. LOURI: We have taken a very strong position about safeguarding our members' confidentiality, and have not shared individual level data or individually identifiable data with employers. And we have just presented them with trends or information on management of certain conditions or things of that sort. But not beyond that, I mean, I think the lowest level that we have gone to is to give a specific employer information in the management of their, let's say diabetics or reporting some of their (HETUS) results.
But no, we have not divulged any individual data, nor are we planning to.
DR. CAMPBELL: I have just one comment. And that's that my experience I've found that no amount of assurances, that by having an electronic system, will give you -- or linking data -- will give you better services. Or that if you have high security around that, that you'll be protected, seems to convince recipients of care that their data is secure. And I think that that's a cautionary thing for what you're going to be trying to do as well. It doesn't convince people, even if it's true.
So you have to deal with the reality of their perceptions, and take some proactive actions to be able to really win over the trust of the public. And there's science of risk that says that people are willing to take risks. And we all live in a scary, risk-ful world. So we can't make data 100 percent safe. So what we have to do is allow customers to weigh the risks and benefits. And I think they're willing to take risks if they feel they have some control and input into the process and they can trust the people that are administering their data.
(new speaker?DR. DETMER: Harris Equifax, just as a general piece of information, over about the last 10 years has produced a fairly stable, at least at this point, set of numbers that they break the population generally out into three kinds of population. About 25 percent of the U.S. population they define as a privacy fundamentalist group. They really are very concerned about privacy as a very ascendant value, and see, really, this as a really high, important issue.
About 45 percent of the population fits a category that they call "privacy pragmatists." And these are people who have a concern about privacy, but they're willing to trade that off for other kinds of things that they see as important goods in their life. And then the remaining 20 percent is sort of, what's this privacy thing all about? And probably at the lower tail of that are folks who have no trouble putting their nose in everyone else's business. Which then of course makes it equally distressing to all of us, the rest of the group.
So, at any rate, that may be a useful sort of taxonomy. I don't know if those numbers will stay that stable, but I think it does relate to your comment.
Gellman? Then Lisa. Did you have a [unintelligible] question?
MR. GELLMAN: Dr. Hopkins. You said that you don't think your members want individual data. If we proposed a rule that said employers can't get individual data, would you support that?
DR. HOPKINS: Yeah, I think so.
MR. GELLMAN: Okay.
DR. DETMER: Lisa?
MS. IEZZONI: Okay, yes. I did want to follow up on both the provider identification number and confidentiality. To turn the tables a little bit.
We've heard very, very eloquent testimony over the last day and a half about protecting patient confidentiality. But, David, your new little program, looking at outcomes for cardiac surgery, and both of your interests, and looking at quality of care for providers, makes me want to ask you a little bit about protecting confidentiality of providers. And hear a little bit from you on that topic.
Yesterday afternoon we heard a very kind of scary story about an employee of a health care provider who went through patients' records looking for people who were going to undergo therapeutic abortions. You might anticipate that there might be hackers out there who would want to get into provider databases and find out what gynecologists or obstetricians do therapeutic abortions, and then maybe follow up based on their belief system. Let alone, looking at mortality rates for cardiac surgery, which is what, David, you're doing with your new initiative with the Pacific Business Group on Health.
So could I hear a little bit from you about how you feel about protecting provider confidentiality, how you think about that. What you think the issues might be. Maybe all of you.
DR. HOPKINS: First the simple answer to the specific question about the CABG mortality study. We're not collecting individual provider ID.
MS. IEZZONI: So you're not doing what New York state--
DR. HOPKINS: The unit of analysis is the hospital...for that.
DR. DETMER: Was that a part of your decision?
DR. HOPKINS: Yeah. Collaboratively reached. In other words, when we undertake these studies, we bring researchers in, and we bring in members of the provider community directly to discuss and work it through. But the question is a profound one. Yeah, in New York state that doesn't inhibit them, right? In the area of cardiac surgery and for high volume--
MS. IEZZONI: Pennsylvania as well.
DR. HOPKINS: --in Pennsylvania as well. And for a few select high volume procedures, I think it may be legitimate to look at risk adjusted outcomes at the level of provider. But I think those are relatively rare situations, and that in most cases one suffers from lack of statistically significant samples. And one should just not do it.
MS. IEZZONI: But what about the issue of just going into a database and looking at what kind of procedures doctors perform. Or what kind of patients they...
I mean, I think it's a broader issue than just looking at risk adjusted outcomes. Do any of the others have comments on this?
MS. MOYER: Would that meet the public benefit criteria that our group established? I don't think it would. I think there has to be a broad public benefit for having access to any kind of data, whether it's aggregated or identifiable by providers or any other way. I don't see a broad public benefit in that access, so I think the answer would be no.
DR. HOPKINS: You're almost sort of entering into a utilitarian model here on what's the greatest broad public benefit as opposed to the rights of the individuals, and sort of where does the scale rest. And this almost, again, becomes a public policy issue. From the provider side, I would stand vocally and loudly on the right of the providers to be protected against disclosure of information that doesn't relate to their accountabilities on performing good health care. The types of health care may not be disclosable, but the results of that health care, I think there is a strong argument to be disclosable.
Also, the issue that David brought up about whether it's valid or not. Sample sizes, certainly the influence that the provider has on that outcome. And whether it's on a provider level or a group level, systems level. You know, where does the influence on the outcome rest, I think is important to recognize, also. And clearly it needs to be sort of a consensus driven process. Where all of the "stake holders" have legitimate says in ultimately what may be the policy.
But I think there's certainly an accountability that providers at whatever level have to their, in the jargon, their customers, which I still call patients. But the patients have a right to know for informed choice on who they see or where they get their care. It's just sort of what that accountability is and what types of information go to the public benefit in making that informed choice.
DR. CAMPBELL: And what I would cite who makes the choice about what the public will benefit from, and what data. I know that we're working on a lot of report card efforts, which in a certain sense, I think, are voodoo science. As well as outcome measures, which I don't think we've reached any gold standard.
But one thing I've noticed, and I think it happened in Florida, where they did rate all of the HMOs based on a report card. And a HMOs that were in the middle fought so that their company would not be divulged. In other words, they didn't want the public to know that they had fallen in the middle, and it hurt their right, they claimed, it hurt their right to do business. Of course, the people that were at the top wanted [unintelligible].
So I think where there's some resistance to making this information available. My nose goes up as what do they have to hide there, as well as what kind of things are necessary so they can continue to do business.
MS. LOURI: I just wanted to address something that Lisa asked about, protecting individual level data. And when I mentioned all the safeguards that we have in place for individually identifiable data, those apply to the physician data as well. And insofar as they'd have to go through patient records, for example, to see the gynecologist, you know, Smith perform therapeutic abortion, they'd have to have access to the patient records. And so, pretty much, it would be a difficult thing to do. And we have, clearly we do some, we have analytic staff that do have access to those data. But there are very strong security measures in place.
But I wanted also to talk about this provider profiling movement, and there's a lot of that that's going on. And no one had mentioned it. And we in our California plan do have a provider profile. What we present in the provider profile is aggregate data for a group. So for a large medical group we have thresholds for membership numbers and things of that sort. And each group gets its own profile. We do not report individual physician level to them, because when you get into even common conditions, like diabetes, the number of diabetics that have retinopathy becomes so small at the individual physician level that, leaving statistical significance aside, it doesn't make sense for the diabetic, or any consumer to look at those kinds of numbers.
We do give them information about their peers or aggregate information about all the other groups that we contract with. But those are never identified, so they're usually in graphic form.
DR. DETMER: Vincent? And then...
DR. MOR: Yeah. As a direct follow-up to the question, I'm actually a little surprised at the actual responses to the question about provider identification and so on. Precisely because you were so adamant about being able to identify the individual provider, the group, the actual plan, and all of those little structures, so you can actually deal with issues of attribution. Why you care about issues of attribution. If you don't want to be able to make statements for QA or Consumer Choice about the type of physician under a group.
MS. LOURI: Well, some of the issues of attribution, I think, are imposed on us. It's not that we have voluntarily decided to go -- I mean, we have been testing the foundation for accountability, diabetes measures, for example. And once you get into some of the other measures that look at more long-term things and the other conditions like breast cancer, you really have to struggle with questions of attribution, and what does it mean when you report 5-year survival rates for breast cancer? And what does the stage of diagnosis mean when you can't really even tell where the patient was. In whose care was the patient when the breast cancer was diagnosed, and what's the screening history that goes along with that? So, those are the reasons why we're grappling with attribution. It wasn't a voluntary journey.
DR. DETMER: Katherine and Jim?
MS. COLTIN: Yes. Well, I had two questions. One relates to the MPI issue. And I know that comments have been made about the problems of small sample sizes when you are trying to look at provider-specific information for quality. But the presence of an MPI would actually make possible the pooling of data at the provider level, across health plans. Or across medical groups or whatever other entities. Which might bring those sample sizes up to a point where in fact one could produce provider level quality data.
And we have been hearing from consumers that that's really what they would like, more so than the health plan data. They would like to have data about the quality of care at the medical group or at the provider level to help them make choices about where to get their care.
What are attitudes toward that possibility which could be enabled by the presence of an MPI, where each plan would aggregate up to that MPI level, and then one could pool the information across plans?
DR. RALSTON: I'll take a stab at that. I don't think that we have any fundamental objection to that. It's a process that clearly needs to be worked within rules about validity, relevance, and so on and so forth.
I think there's certainly great value, certainly from the consumer's perspective, patients and members, as well as responsibility of the plan or the group to essentially regulate its providers, and determine outliers in performance and poor performers, and remedy that situation. There's clearly that level of responsibility to develop individual level data on performance.
As I mentioned before, sort of the consensus process on what becomes public, as opposed to what remains protected within peer review mechanisms and such for intraplan, intragroup, quality improvement purposes, again is I think something that's going to evolve over time, and frankly my own experience is that that's more of a legal exercise than anything else. But I think that the development of individual level data is important, and certainly from the plans and systems perspective is something we do.
DR. DETMER: You had a second question?
MS. COLTIN: Yeah. My second question had to with the interest in outcome measures, and the fact that there really are a very limited number outcomes that one can look at based on administrative data. And I know that David made a comment about not needing to contact patients. But in fact, in the course of outcomes research, one frequently needs to contact patients to get self-reported measures of outcomes.
And that obviously raises issues about who makes the contact. And issues of credibility of the resulting information, when in fact the information is generated either by the providers themselves making the contact and collecting information. The health versus some external third party under contract, which I know is a model that you've used for medical record reviews, which also raises similar issues.
DR. HOPKINS: Let me try to split my answer into two parts. I think the first part is who's responsible for seeing that that information is gathered. And to reinforce the point I made earlier, that's not the employer. The employer does not feel responsible for that. So it's either the health plan or the provider or the provider group.
And then secondly, who actually carries it out? I think that's a very key point, that it is often more reliable if carried out by third party. And so, generally speaking, that's a preferred route to go, if you think there's any chance that the data would be suspect otherwise.
DR. CAMPBELL: You know, one of the other issues, though, is that you have to think about the burden of responding to all of these self-reported assessments. And one concern, and that is more like how do you use this? There's a tendency in outcomes research to link clinical assessments done during the process of treatment to the quality assurance enterprise. And actually, people end up being part of an unpaid work force around quality assurance, and are forced to answer many, many assessments around quality of life, but also symptom checklists and things like that. That really relate to the information gathering process. I think at point there's a real confluence and confusion in what that data is supposed to serve.
DR. DETMER: Mr. Scanlon, then John.
MR. SCANLON: Within health plans, do you make a distinction between research projects you may undertake and quality assurance activities that involve aggregation and looking at outcomes, or even utilization in management? And if you do, obviously, you spoke about provider information previously. Within the plan, obviously, with providers you contract with or employ, you obviously have some performance review, and then some monitoring of your own employees. So you clearly have information within the plan for your own QA procedures. You obviously have that information. You don't necessarily make it public.
But is there a continuum between formal hypothesis testing research you may undertake within plans, and what you would regard more or less as management and review, you know, aggregate data for management and this sort of thing?
DR. RALSTON: Uh, yes.
MR. SCANLON: And how do you account--
DR. RALSTON: The formal research is under much more constraint, has to go through review, authorization, and so on to get access to the information on which research is done. Because the purposes of that research may be more global and doesn't have a direct turnaround individual benefit on improving care. It's mainly just for public knowledge. And the movement of health care in general.
Internal quality assurance mechanisms, on the other hand, tend to have more direct, at least, relevance on improving individuals' care. Because the information turns around more quickly and there's a greater capacity to as a focal system rather than broad-based health care, delivery system is a focal plan or group, to use that information to improve care.
There are still, however, guidelines and polices and procedures concerning access to that information, how it's transported, movement of charts, and so on and so forth. So it's not as though this is going through the U.S. mail. It is not under the level of constraint that research is. And again, clearly the need to do this on population-based samples, on however you want to aggregate that, and then ultimately who you attribute causality to, is something that these systems are finding is necessary to do. Which was not necessarily the case three to five years ago.
DR. LUMPKIN: I still have a lot of questions about the provider identification. But I won't go there.
Other than to say that given the, you know, at least knowing the experience of my wife's practice, that many of the choices that the provider has are being increasingly restricted by their plans. And so in fact aggregating provider data may not necessarily tell you anything about it. If they have to use a different laboratory for each patient depending upon their plan, their practice begins to take on the characteristic of the plan more so than the individual provider.
But having not gone there, my question really has to do with a comment that Dr. Ralston made about procedure coding. And particularly mentioning CPT4, but that there's some limitations to that. And if that is question that all of you feel that there is -- and I think we heard this in the first panel, too. Where there was a comment about the granularity, the ability to actually understand what's happening in the clinical encounter from a very abbreviated coding system.
And so if you have any comments about procedure coding, any advice to the committee on where we should be going on that.
DR. RALSTON: Yeah, I'll just sort of reiterate what I said. The CPT4s, ICD9s as they currently exist -- CPT4s for ambulatory outpatient care, ICD9s for inpatient institutional hospital care -- have their genesis and origin in financial transactions. And not for the assessment and improvement of clinical care. You can certainly extract information from these coding systems that may be useful for that, but it's our position that they are not adequate.
Movements of administrating/billing/financial transaction systems, I think, is not useful in a clinical sense. There needs to be a whole area opened up that typifies at a granular level elements of clinical information that may not even be relevant to billing. They certainly are relevant for assessing the characteristics of populations in a clinical sense. For improving the care of those populations.
And that's, you know, the point that I made, opening up this window, the electronic medical record and clinical data repositories, I think, is going to be a much bigger issue that's going to need to be dealt with than what's involved in the act as it is. Setting the precedent for dealing with that through standardization, regulation, and the modeling of how you go about that process is kind of what's going on now, and I think that that's incredibly important. But the element of the electronic medical record, I think, are what this whole discussion will revolve around. And how that clinical information is moved back and forth.
DR. HOPKINS: We completely agree with that. We just wish we could do something to speed it up.
DR. CAMPBELL: I'd like to just go back to the comment before about the distinction between research evaluation and QA. Which I think is really important for this group. Although I think you can make criteria for a distinction. I think going back to attitudes and behaviors of people is important.
And what I have found to be the case is that most people will define their work right now in terms of evaluation or QA if they can get away it to avoid going through IRB. Because it's more -- they see the IRB as a barrier to them getting at the research, not as a way to really fulfill their public duty to protect people. And many times I have seen research projects redefined as evaluation or QA or part of the normal data collection. That's really outcome studies. They publish in journals. They share this information. They aggregate it. But they want to call it normal data collection because they don't want to go through an IRB process.
DR. LUMPKIN: Can I just ask for some clarification on that? Because you're using a fairly broad brush. Are you saying that that is the norm, or is that an exception that you're seeing to the use of evaluative data as a way to do research?
DR. CAMPBELL: I would suggest that within institutions that do evaluation and QA, and are focused more on that but also do research, that's more the norm. And one of the reasons is because IRB see all of this as a gray zone. They don't know what to do with outcomes studies and stuff. So they're not -- they give the wiggle room for researchers who want to move forward as quickly as possible to start answering some of these important questions, and see all of these regulations as a barrier to that that may not even be applicable in their minds.
DR. DETMER: This, I think, is another area where, at least in my own efforts to find good research data on how prevalent, what this situation really is, I don't find much good data. And I think these are another examples of where we really need, in my mind, some more health services research, just to even give us a better sense of where to shape the public policy.
Well, I want to thank each of you very much for your participation. And I'd like to have us adjourn for a 15 minute break, please.
(break at 11:15)
(Testimony resumes at 11:30)
DR. DETMER: This next panel is on state health data, and we have four individuals here. I don't know which of you chooses to go first. Denise, do you want to start?
MS. LOVE: Sure.
MR. DETMER: Okay. Thanks. Denise Love.
MS. LOVE: My name is Denise Love, and I am the Director of the Office of Health Data Analysis at the Utah Department of Health, and appointed as Executive Secretary to the Utah Health Data Committee under the authority of the Utah Health Data Authority Act, and I am also serving as Chair of the Board of the National Association of Health Data Organizations, and so these perspectives will frame my comments. Utah's work to standardize claims and claims payments and transactions since 1992 through our Utah Health Information Network, which I will talk about in a little bit but, to open up, I just -- I know you have your work cut out for you, based on my experience. My heart goes out to you, and any way that we can help in Utah, having gone down the road at a state level, and multiplied for your case. Be sure to ask. Standard-setting, I have learned, is a never-ending, iterative process. Your work will never be done, so enjoy that a little bit. Also, because of my work in my state and with other states, the recommendations that I will mention, the four recommendations, are going to be framed with the reality that whatever national policy or legislation is developed as a result of this process we must not forget that the applications of those standards will occur locally, and so whatever flexibility that we can build in and sensitivities that would help the state.
As Director of the Office of Health Data Analysis, I direct the implementation of data policies developed by the Utah Health Data Committee. This is a statutory committee appointed through the Health Data Authority Act. The committee's purpose, like many states around the country, is to collect, analyze and disseminate health care data to improve health care cost, quality and effectiveness and access to health care. We have implemented a statewide hospital discharge data reporting system. This month an ambulatory surgery reporting system is rolling out. We are in the thick of auditing [unintelligible] for release later this year, and have completed our first HMO enrollee satisfaction survey. These expanded initiatives are in response to Governor Levitt's health care reform plan outlined in 1993. States -- and Utah is no stranger to balancing the proprietary tensions with the public need to know. In the last conversation, I couldn't help but think there are ways that states have and do handle those situations in that last discussion many ways over. One of them is defining levels of access to care or to the data and defining those data that are strictly confidential. I do think that the physician I.D. issues and others and the level of access honestly might be a community issue, and I think different communities have different standards for that and different needs for different levels of data, so we can talk about that later if you'd like.
I also wanted to mention that standards on the front end, the coding end, are important. I will talk about those in a moment, but in Utah we are also putting hospital data, birth/death data, out on the Internet and we can have a conversation about that if you'd like, but what we are struggling with are analytic standards, so just keep that in mind, that small numbers cause us quite a bit of heartache, even in publicly available data.
I mentioned UHAN. UHAN has implemented the following NCASC transaction sets, and they are up and running as of yesterday; 837 A&B, 835 remittance, 277 claim status and 834 enrollment for Medicaid. Apparently, 834 did not meet the needs of Utah payers and is working on the 272/271 eligibility standards. The goal is administrative simplification with the intent to cultivate a statewide statistical data base administered under the authority of the Utah Health Data Authority Act and not by the payer systems themselves. Again, the Department of Health is working to integrate and standardize public health data by the year 2000.
When I spoke to Utahans, many were concerned about the scope of the core data set, the amount of flexibility permitted under HIPAA, the Health Insurance Portability and Accountability Act and, to look forward, Utah is concerned with the impact and its ability to move forward with what they think is progressive EDI effort, and the effect of comprehensive Federal privacy legislation on current public health practice, i.e., the Bennett bill caused some heartburn to some in my state.
The second issue is a broader one again with NADDO. Almost 40 states have mandates to collect health data. Many of the states that have hospital discharge data bases collect UB 92 or uniform hospital discharge data sets, and there is concern about turning the clock back and going back to a bare bones billing system. Those data elements were fought at the state level, hard battles, and having to go back and re-fight those is a concern to too many states.
Recommendations: I understand because we have done this in our state around standards. You have the tensions with the billing community that wants the minimum transaction to go across the lines to do their business, and that's a realistic concern. We also have a research community that wants to load it with every variable they might ever want before the year 2000, and neither of them are practical, so I'm a middle-roader. I really encourage that a middle road be found.
Keep initial efforts simple. Just the discussion with provider I.D. is just one example. Some in Utah feel that the purpose of HIPAA is to really foster and encourage and nurture initially electronic data interchange. I mean that's the first--we must walk before we can run. Loading it too much with extraneous data elements that don't support some critical business practices might stall us a little bit, so we'd like to see EDI take off first and then start building on that framework to meet growing information needs. Balance the needs of industry with those of states. I talked about that a little bit, but one concern is a flat file, for example, an ANSI flat file 3051, I hear from payers will not serve them because it doesn't support coordination of benefits, and payers are critically to making this securely take off into the industry. So those sensitivities I am sure you are aware of, but those are concerns.
Federal policies should provide some degree of flexibility to support innovation at the state level, and I think UHAN is one example. They're concerned that the work that they've already put forth as a laboratory, so to speak, might be stalled or rolled back, allowing some exceptions or innovations to occur at the state level.
Privacy legislation is a loaded issue, but we all know that there is a patchwork quilt of privacy regulations across state and vital record statutes, for instance, vary in their access to birth and death certificates. The concern that one over-arching federal statute, one comprehensive one, would meet all needs of all people in the industry and public health is not realistic, in my opinion, and maybe a combined approach where general federal guidelines are established initially and some model legislation to help states update some of those statutes that were developed before this time, when we're sharing data. Some of our vital record statutes and statutes in the state do not support the current practice, but my attorney always says to me each one of those statutes at the state level, and the data that resulted in that resulted in a very hard-fought battle, and we don't want to wipe the slate clean and start over, especially in this day and age of government tensions and downsizing.
The state called for involvement in the early planning stages at the work group level. The federal makeup of the work groups make it even more critical that state and industry involvement is sought at the early possible stages before some of the ideas are even framed. One suggestion might be to convene a state group to exchange these ideas, share the concerns of the states that are unique. I think your challenge is sort out the short-term and the long-term needs. EDI is one example versus coding structures that support clinical data interchange.
Remember, we don't have a clean slate. State data systems--again, the political battles fought there and the statutes that guide that collection and use of data--we're worried about turning that clock back and starting over. It should not, you know, remove the ability of the states to collect that data, but should foster it and encourage it and not put what we have now at risk. I will be glad to answer questions later. Thank you for this opportunity.
DR. DETMER: Thank you, Denise.
DR. PETERS: Thank you very much for allowing me to testify. Again, I'm not representing a state. I'm a little out of place. I apologize for that. I'm representing a national standard development organization. We are hopeful, however, that we will help the states and other stakeholders in this industry and set regulations to meet some of the guidelines and issues that they are confronting. I'll keep this short because, as many of you know, we will be holding a joint meeting next week in Washington on the 10th and 11th with HCFA, representation from ASTM, HL7, X12 and a variety of the stakeholders in the standard development and nonstandard development areas of health care to deal with specifically issues of security and confidentiality, kindly sponsored by HCPR and by the technical subcommittee of [ANSI HISB].
I'll go over very quickly what hats I wear so there is no confusion about where my bias comes from. I am head of the Division for Security and Confidentiality ASTM E 31, which is a health care standards group; also chair of a work group that was recently formed on security and confidentiality, [NCHSB], which is to coordinate efforts among all the standard development organizations; part-time practicing physician in emergency medicine with Kaiser Permanente and also a senior executive in health care information systems startup, so I'm conflicted on a number of different issues, to say the least. I work for ASTM, but since--
DR. DETMER: That's the state you're in.
DR. PETERS: That's the state, which is a bad state, but at least it's the right [unintelligible]. Well, some people would like this not to be an emergency--
(Laughter.)
DR. PETERS: I'd like to, for the Executive Manager of ASTM whom I represent here, highlight three areas specifically where standards are being developed, and then I want to in the end talk a little bit from the [NCHSB] perspective. We've had a lot of forums and I don't want to take up too much of your time, but there are three areas in ASTM which I think are of value to the discussions today. We are looking at three primary areas to focus our standards work in the next three to five months to meet the regulatory needs of the federal government. The three areas are security, privacy and identifiers.
In the security area, we are coming up with a framework. It will go out to vote very quickly. We are doing this in conjunction with HL7 security group. We have an Internet and Intranet security guideline which is applicable to EDI and other things that will be available over the Internet and Intranet services. We are dealing with user authentication, which is the authentication of [end] users of systems who will have access to data. We are dealing with digital signatures, trying to make this consistent with other federal government guidelines and with other industries such as financial services; also data integrity issues, how you can manage data if you are a holder of data.
In the privacy area, we are dealing with individual rights of access to data, not from a legal perspective, but from a professional practices perspective within the health care community. Also, under the same professional practice guidelines, we are coming up with a standard for rights of access and disclosure in conjunction with the CPRI, the Computerized Patient Record Institute, to cover what is generally conceived of as professional practice in the exchange of health care information, rights of access and disclosure within the health care community under current practice in the [paper-base] record, expanding this to the electronic media; audit trails, also in conjunction with CPRI, and the use of audit trails to manage access and disclosure; amendments to health care data, emergency access to health care data and also consent, again in conjunction with CPRI, which has done some work in this area; the notion of what is an adequate consent, understandable and reliable to give people rights of access and disclosure.
In identifiers, again we have a standard that has been voted and is currently in use and is undergoing implementation with the Veterans Administration. Again, I want to take as nonpolitical a stance as I can. I know there is a lot of controversy in this area. Social Security number has a lot of backers. This is an alternative to Social Security number. We feel very strongly it is technologically and financially do-able. We feel very strongly, as well, it is a unique identifier that would work for patients, providers, provider groups, health plans and employers, because it is not specific to the individual or type. It has ability to be aggregated, has ability to provide security confidentiality. We also think and would be very glad for some of our technical people from the companies involved in putting these together, and from the standard side within the ASTM that has done the identifiers, to talk about the financial costs and the infrastructure needed to implement an I.D. like this versus a Social Security or a modified Social Security number. Again, a very politically touchy subject; we're not going to take a political stance on it, but we would like to offer it as an alternative, and I think that one that is founded on some very strong technological advantages also provides a lot of answers to the issues that Dr. Hopkins, Dr. Ralston and others brought up before about tagging the issues that we have, and this may be biased toward California, but the complex interweaving we have of providers with various organizations identifying who they belong with, a commonality of identifiers that is hooked together under the same framework and managed by the same organizations, we think would be of benefit. Also, we think this could be a private sector effort as a technological implementation of I.D.s, and these are discreet and non-identifiable I.D.s. We think we could save a lot of money for the federal government by having this handed off to the private sector who would manage this, make some money off the process of doing it, but be reasonable [unintelligible]. Enough said about that.
In addition to the work at ASTM, there is message security work underway at X12 for both EDI and interactive EDI. This is basically for value added networks. We're trying. It's an effort with HL7 and other STOs to come up with a non-value added network, general Internet, Intranet, EDI standard. There is some opposition to that, and I would like to speak to that for one moment. The standards that we're coming up with from ASTM and from the other organizations are very strict, and they are very strict in terms of privacy and confidentiality for patients, providers and for organizations. We feel very strongly that professional practice in medicine provides a significant level of privacy and confidentiality. We need to replicate that or make it better, since we can with technology in the computer industry. We also believe these standards are technically feasible. They are affordable and they are adaptable to changes which we are inevitably going to see over the next five years in security technology and financial services, and we think that will wrap-over and be of benefit to us in health care, so we're not sticking our foot in the ground and saying these are the exact technical things you're doing. We're building a framework and a set of standards that allows the industry to come up with solutions that will protect privacy and confidentiality.
What's interesting to see is where opposition to these standards is coming from, and I think that's germane to your group. Opposition to these standards is not coming from the industry. It's not coming from electronic medical records vendors, hospital information systems, vendors or others. It's not coming from health plans. It doesn't seem to be coming from state organizations or from federal organizations doing public health or other things like that or from researchers in specific. What's interesting is that it is coming primarily from information systems and information management vendors in the billing and claim side of the industry. Now, they have legitimate concerns about this. I think there are two that come to bear that we all need to address and that we're trying from the standards organization to include all of these issues and comes to grips with it. One is the loss of market segment dominance in a consolidating industry. The billing and claims industry is consolidating, and, if you open this up to Internet or Intranet EDI and you simplify the cost and use standards that are available from general providers to do this, you will knock the knees out from under a number of people who make significant money. It's a very profitable sector of the health care industry. The other is cost. There is a valid claim that there is a cost in implementing these changes and in buying the technology or modifying systems to use this technology, and that is valid in that yes, there is some cost incurred. But again, standards level the playing field and actually build a different industry. They build an industry of providers of technology who will provide the standards of tools to help people implement these. There is some diminution of costs over time.
The other is that cost to modify existing systems we will have to pay at some point anyway, and one of the issues that we see is that health care is a food chain, and costs that are incurred implementing standards, for example, for exchange of data or for privacy/confidentiality protection, actually roll downhill, and if you look at the fact that providers, for example, are paying seven to ten percent from the physician perspective on fee-for-service at discount or fee-for-service claims, and that their managed care costs for managed care documentation and managed care contracting are up to 20 percent of revenue within a specific practice--we could take inpatient sector, as five to twenty percent of costs are on claims or managed care contracting--it begins to be something that, if we can provide standards, and again my key point is if we can provide standards with teeth, i.e., that are backed up by federal regulations, what we'll do is provide certainly a bump in the curve in terms of cost. In the long run, we will bring down for the health care sector overall the costs of providing the services that we need to provide to take care of patients.
DR. DETMER: Thank you. Ms. McCaffrey?
MS. McCAFFREY: Thank you very much for coming out here and reading my letter. I appreciate that. What I wanted to do is to share with you one little anecdote about working in this, you know, trying to get this committee set up here, and that was a conversation I had with one of my colleagues in Pennsylvania, and I was describing what we were doing here in inviting the committee out and all the issues that I saw raised, where people weren't aware of the standards and weren't aware of the law or the segment of the law. It was really interesting, and he said to me, "What a great idea! We should have some of those hearings on the east coast!" I actually thought, being from California, you know, we get a little confused, and I actually thought Washington, D.C., was on the east coast, but it does kind of express to you that, you know, from my way of thinking that people do want to have the opportunity to talk to you in more their own environment, and it's really hard for us from the west coast to come out, so I really do appreciate it.
I'm going to talk to you a little bit today about LSHPD and California's data base. We're very different from Utah in that the complexity that Denise has dealt with in Utah, our complexity has to do with volume, and we are by far the largest, have the largest patient level data base, so let me give you a little bit of information about that.
The Office of Statewide Health Planning and Development is a small department that deals specifically with data collection, but, in addition, we have things like responsibility for seismic safety, for manpower planning in the state and several other research interests. Our functions are very different than our sister department, which is the Department of Health, who deals with MediCal and public health. So we're a very different organization. We collect data on hospitals, long-term care facilities, home health agencies and licensed clinics, and those are primarily profiling information on those through surveys, that sort of thing. We also have very detailed financial information and the facility profiles.
Our discharge data base is very large. We have 3.6 million discharges per year, and that has been a pretty stable number for about the last five years, even though there has been a fairly--and I can't--I don't remember the number, but population growth in California has been increasing, so we've been stable at the discharge level.
We collect 18 data elements on each patient record, and the two things that make it confidential, absolutely confidential, is the Social Security number, which we've collected since 1989, and the date of birth. Those are the two, in combination with other things, that can clearly identify an individual. So, we actually encrypt the Social Security number, and we convert the date of birth to an age for our public data sets.
Our usage is aggregated information, and our data is used for trend analysis and for outcome measures. I wanted to give you an example of one of the usages that comes up every year for our legislature. The legislature is very interested in, or has some difficulties with, our motorcycle helmet law and annually they come to us to find out what the mortality is on motorcycle accidents. It's a very legitimate use and I think it's a very important one. Also, if you live in Sacramento during the time that the motorcycle people come to Sacramento to protest the law, that's very interesting and a very loud assembly.
Relative to confidentiality, we have very stringent laws and, as Denise mentioned, the patchwork nature of those is also an issue. We do have a specific committee on protection of human subjects that is in our organization. We are part of the Health and Welfare Agency and that committee serves the Health and Welfare Agency, so anyone requesting information for patient level information for any of the departments comes to this group.
What I would like to do now is give you a little bit of my impression of what the impact is going to be in California, and I would just like to say that what I learned when I first started working at the office, which was about three-and-a-half years ago, was about the time that we had health reform, and what we learned there about the devil in the details was exactly where I constantly am hit.
When I first read the Kennedy-Katzenbaum Law I was just really excited and was going rah-rah, I want to be a cheerleader, and then you start looking at, well now, what about this and what about that? You know, there just are so many application issues and implementation issues, and I know there have been a lot of people talking about that, but that became very evident to me.
In looking at the data standards, what I was concerned about recently was a conversation in a car I got from one of my colleagues in Washington, D.C., who had attended the Uniform Billing Committee, who said they wanted to eliminate the state definition or state-defined sections.
California, differently than a lot of states, doesn't use the UB 92 as a vehicle for the patient level data base coming in. Our data is defined in Statute. Each data element is defined in statute. At least the title is there. The definitions are in regulation. So that creates some differences for us, and that's why it's very difficult to see what's the impact, because Kennedy-Katzenbaum is very broad. As far as every time I've read through, it doesn't seem that it gets down to the levels that I can understand for how it's really going to affect those individual data elements that are in statute, and there is nothing that says preemptive that I can see.
So, the concerns that we have, that I've had from serving on the Board, which I didn't mention, of NADDO, has to do with some of the other states and the issues around collecting race and ethnicity and the E Codes, and those are areas that have yielded a lot of good information both in California and in other areas of the country relative to especially trauma and injury.
Some of the other concerns I have, and this is kind of a weird thing, and again it goes back to how is this going to affect the state? Currently at the office one of the data elements that we collect that is different than most other states is a [unintelligible] modifier on each of the diagnoses that identifies whether the condition was present on admission. We have only been collecting this since January, so we haven't had any experience. We haven't had a test to see how relevant it is. Everyone is very pleased with that as a modifier to be able to differentiate complications from co-morbidities.
One of the things I've been thinking about in developing this presentation was who will deem this an appropriate data element? What if in application of Kennedy-Katzenbaum this is deemed to be outside of the standards. Will the providers in California say, "We're going to sue the State of California because this is outside of the standards," and what kind of liability might we see with this kind of thing?
These are the kind of real, I guess practical questions that I keep coming up with, thinking, well, the providers--in other words, the hospitals in our particular case--the hospitals have been pretty vocal about keeping those data elements in statute, because they feel that it protects them from arbitrary additional data collection. You probably heard a little bit about that yesterday.
Relative to confidentiality, what I wanted to do was just highlight one of the things that we've been doing, which has to do with linkage. We have been doing linkage, and I know that that has a lot of controversy, having listened to the testimony yesterday, but I wanted to give an example of some of the things that have really helped and enhanced. The office in a separate division has undertaken an outcomes project for AMI, the acute myocardial infarction study, and one of the things in the second wave of the study that they did--there have been two studies done--was to identify the-- and obviously the mortality was the measure. What they were interested in looking at was mortality 30 days after the heart attack. Well, that information is not available in the hospital discharge data unless the patient was in the hospital that long, which was pretty unlikely, so we did the linkage with the death data, and that one data element really made that study so valuable, so much more valuable, to understand the outcome. So, as a proponent of linkage in seeing how this has enhanced our ability to not have to impose additional data collection efforts, but to really enhance this in an efficiency way seems to me to be fulfilling the administrative simplification. I do think it is very important, however, for the confidentiality people, so one of the things that we have defined really clearly is that anybody who comes to us with a linkage project or internally as we discuss linkage projects, that we will take those to the committee for human subjects, because that way it's our ability to really evaluate whether that's an important project to go forward.
The other thing that we have, just as an interesting thing that Dr. Peters might be interested in, is the Senate, our Senate, has a joint task force for confidentiality, privacy and security, and this is a very overriding bipartisan group, and we attended a hearing last week about this. They were addressing, which was interesting, the work-place issues and health care. So it fits into the previous panel's discussion, but this was a very important issue in California. We have very stringent laws as it is, but in some cases perhaps it's not stringent enough, so this is being put to the test with our legislature right now.
Just a quick little note about coding changes. We have anticipated the coding changes for a long time, so in our planning for a conversion that's what we, you know, we kind of planned for it. On the other hand, implementation-wise, and I don't know enough about the differences, but a mapping scheme, something where perhaps we can get from point A to point B over perhaps a series of times; I think the state is willing to help the hospitals, in our case specifically right now. The hospitals help them, so that they don't necessarily have to buy the software, but we would have to have a mapping. I don't know whether that's possible, and that's where the devil in the details lies, and also with PCS the same thing would apply.
We would like to advocate a single coding scheme for procedures because we feel that that is really simplification. That's what we want to do, as well as being able to look at, do comparative analysis.
Finally, the other thing is I just wanted to let you know a little anecdote about the year 2000, which we all in the last two years have become very well aware of, and Newsweek found out about it this week, so it's an interesting article in Newsweek about it, with the doctor, of course, smack-dab in the middle of the pictures that they identified, but relative to the year 2000, I think that-- I just bought a brand new PC, Windows '95, Office '97, and I was playing around in it and I found something that said the year 2000, and I went, "Oh, good, this is cool." So I went in, I looked at it, and it said, the definition within my computer said--they're going to use a six-digit number, so if it's 40 to 99, that will equal the century, the 19th century, and if it is 002, 20 or 40 or something it would be a 2000, and I thought, "Well, that's really going to be wonderful because if I put in a CD, you know, from one of our data bases to do some analysis, we have an awful lot of patients who were born before 1940 and what is that going to do to my analysis itself. My own computer, brand new, one week old, and it can't handle the year 2000. At least to the issues that we're relating to the age.
In conclusion, I would just like to say that we support the standards. It's a very important effort. I am personally an advocate as well as the office--understanding how costly this is--you know, not having standardized information. We would like to very much participate as a state with any more of the details in the work groups that you have, because I think that's where the devil lies and that's where all the details are going to have to be worked out, and I would just love to have Dr. Peters give us a whole-day seminar and all the things he's learned because it seems like he has got a lot of the keys to some of the questions that have come up.
Thank you.
DR. DETMER: Thank you very much.
Jim Lloyd.
MR. LLOYD: Thank you. My name is Jim Lloyd. I'm with the Texas Health Care Information Council. It's a new state agency charged primarily with collecting information from the health maintenance organizations and from hospital discharge data records.
We're in the process right now of passing or developing a couple of administrative rules that will probably flow approximately 2.5 million hospital discharge records annually to us, so we'll still be back in second place, but we're working on it.
I need to preface my remarks by saying that I am not personally familiar with the committee's earlier work, so much of what I have to say here deals primarily with the process rather than reflecting on your actions. There are probably very few people in this room who know less about health data than I do. This is not my professional area. Neither am I a professional bureaucrat, but I'm in the role of putting together a state agency at this point. Other people can speak to the details of how to push the technology much better than I can.
To summarize up front, I would say that I think that it's very important for you as a committee to distinguish carefully between what's a political issue and what's a technological issue. I think that, as I'll explain in just a moment, this is not a technological project. I think it's a political project. If there is the political will to push this through, then the technology exists through consultants and hardware and software developers that the problems can be solved, and I think that we ought to be careful not to try to solve political problems with technological bandaids.
It seems to me that we don't have a true health care system. We don't have a true health care information system, but rather we have a bunch of components that have been developed over a long period of time, and at this point we're trying to fit the pieces together in a meaningful way that will allow us to analyze and compile the data. Certainly it's a monumental task. I think that given sufficient priority and time, we do have the technology to solve this. When I worked with what they call heavy civil construction projects, the engineers would tell me you can have it fast, you can have it cheap, you can have it good, you can have it two out of three. You can't have it three out of three, and so to that extent we have to choose which of the two that we want. I think what has happened is that the committee has been put between a rock and a hard spot by Congress by being assigned the task of solving some political problems on which Congress pondered. I know you may not be able to say that, but I'll say that.
During my relatively brief experience with health care information, I have not run across a single person or institution who has disagreed with the idea of streamlining the process. Everybody says we want standards, we want to do things cheaper, we want to do things more effectively and efficiently. Now you go change your ways. I'm not going to change mine. You know, not in my backyard, and I think, as Kathy might say, if I might put words in your mouth, the devils in the details.
We don't know exactly how data will be used in the future, but I think if we're half as smart as we think we are, we will find out some wonderful ways to use this information, and certainly it makes the argument for collecting data much more palatable or certainly easier to make, but if we're going to collect data it seems to me that we ought to minimize the number of exceptions that we allow.
In Texas, the rule that we're developing right now for hospital discharge data collection would exempt approximately 200 rural hospitals out of a total of 550 hospitals within the state. It seems to me that there's a lot going on in small hospitals that we could learn about that would be very useful. Now, certainly from the provider of data perspective, there are a lot of legitimate reasons why they might be exempted. It may be an onerous burden which would just bankrupt them or whatever, and for purposes of streamlining or for the administrative simplification maybe it's good to provide those exemptions. If we're looking at this in terms of providing research data, it seems to me that providing exemptions creates real problems for research, and in the worst possible case you could go through a tremendous amount of effort designing a system, going through the cost of collecting the information, and then not being able to do much with the data in hand. So, I suppose if there's one thing that I would really recommend it's to consider carefully what exemptions you allow regarding any of the standards or requirements.
Panelists yesterday noted that the development of standards is really an ambitious undertaking, and certainly once the development of the standards is in place the implementation of the standards is a bigger task. It seems to me that to the extent that we are able to push forward from the top down rather than from the bottom up, we increase our chances of success. If we can get a push from Congress, from the federal government and the state governments, from CEOs in hospitals or hospital systems or HMO systems, we will be much more successful, I think. My preliminary experience dealing with mid management folks is that there are a thousand barriers that are thrown out, and people say, "Well, we can't do this because A, B, C, D." I think that we have to get to the point where, as a policy position, we say we will accomplish these objectives despite the barriers, rather than fail because of the barriers.
The technology, the know-how, I think really does exists. There are a lot of coordinating and technical barriers to overcome, but in short I think this is not a technology project. It's a political project. The issues to address might really be whether the medicine tastes too bad to swallow or whether the medicine is going to kill the patient.
There are two other topics I would like to touch on before stopping. One has to do with the use of the Social Security number and privacy. I would be interested in hearing from the committee what the federal government's position is expected to be, to the extent that you can speak to this on the use of the Social Security number.
Regardless of what the industry wants, regardless of what the committee might recommend in terms of using the Social Security number as an integral part of some unique patient identifier, will the federal government formally allow this?
The second question has to do with confidentiality. It occurred to me last evening that my privacy and my confidentiality is right here right now. Whether I get wheeled into an emergency, and it is good for an emergency room physician to know whether I'm on some kind of psychiatric or allergy medication or whatever, that's problematic at this point. Once my confidentiality and my privacy is violated I can't get it back. I think that's something very serious that we should talk about or at some point has to be addressed. As for a best solution, the best that I could come up with--and this is something that we've done in Texas--is that we have strict civil and criminal penalties against the violation of access and the use of data.
That's the best thing I can think of at this point. That's not to say that I couldn't be permanently damaged if someone were willing to take the risk of getting caught.
We're on the horns of the dilemma: Either you make information accessible or you don't. If you make it accessible, then the question is to what degree and in what manner, and you take your risks. I don't really see how that can be resolved totally by the committee, because no matter what you say somebody in Congress is not going to be happy, and some constituent is going to bring pressure to bear, and as long as Congress does not resolve the political side of these issues, then I think we're still going to be struggling, but thank you very much for the opportunity to comment.
DR. DETMER: Okay, thank you each, and we'll open this up. John?
DR. LUMPKIN: First, I'd like to thank the panel. I was particularly impressed with all the things going on in Utah, and if only you had Michael Jordan, it might be a different week--
(Laughter.)
DR. DETMER: He's from Chicago. The comment was out of order.
(Laughter.)
DR. LUMPKIN: Oh, I couldn't pass that one up.
One of the issues that we're certainly grappling with is related to the coding of procedures and
Kathy McCaffrey's comment on the need for a single procedure code, which certainly is something that has to be addressed. Is there any comment from the other panelists on that issue?
MS. LOVE: In Utah, how we dealt with it is preserve the existing structure for the CPT for outpatient, HCFA 1500 type, professional encounters, and the UB 92 ICD-9 for inpatient.
I think the best in our discussions was to build on the existing, but at some point in time when it makes sense to convert. With our ambulatory rule, hospitals will report with an ICD-9 procedure code, and the surgery centers will report with the CPT. There may be some cross-walking. Hospitals were quite reluctant to give up the ICD-9, and I think for reasons that there's a lot of billing and revenue code slide-ins under that ICD-9 not permissible under CPT. The status quo is how we're handling that right now in Utah.
MR. SCANLON: Both of you made reference to--well, several of you made reference to the ANSI standards, which are largely sort of big item, and then transmission standards, but you differentiated the content of standards, like UB 92 or Uniform Claim sort of thing. How did you resolve these issues? When you adopted ANSI standards in Utah, for example, you adopted a standard for a claim. How did you deal with content issue as well? Did you say it's defined by UB 92, for example, for hospital--
MS. LOVE: I think that's where we started, but the UHAN folks, whenever I use the term UB 92 they want to erase that, that framework. They feel that it's, you know, more of an 837 transaction set.
MR. SCANLON: Mm-hmm.
MS. LOVE: So they worked on me to not use the UB 92 as our framework for discussion.
MR. SCANLON: And in California, Cathy?
MS. McCAFFREY: It's not the vehicle. We don't use it. We have all of our data elements defined as a title and statute and the definition and regulation. A couple of years ago I had one of my staff do a comparison. Like about 70 percent is the same definition, and some of the others, if we were going to adopt a standard, what we would do is have to change some of the regulations. Some of them actually would just be changed back to what they were before. We'd made some changes in 1993. That would be how we would handle it in the current environment.
DR. DETMER: Bob Gellman.
MR. GELLMAN: I have some comments about concerns about comprehensive federal privacy legislation. People have shot at that from a variety of angles, and could you explain?
MS. LOVE: I hope so. One of the concerns that we had when the Bennett bill came out was a one-size-fits-all approach to public health practice, let alone industry. During that time, I sat on a small group of a state task force to reconcile data statutes across our public health code and the diversity of the communicable disease statutes with the vital record statutes with the hospital discharge statutes. We felt perhaps the current laws were appropriate, that we couldn't come up with one-size-fits-all and not restrict the ability of the state epidemiologist to actually find out who that individual is and contact people by name, versus the hospital discharge data system. That is, it is not appropriate to use the data in that way to identify and contact people.
The concern was that just an exemption of public health, and I think there was an exemption of public health just categorically, but we are having trouble defining these days what public health is or is not. I mean, we're all--and so, with hospital discharge data part of public health, were immunization tracking systems part of public health, and so it just raised some concerns at the time that perhaps as a starting place general guidelines at the federal level and then some model state statutes--if you look at vital record statutes, I think you will find some confusion about sharing of data, making data public, because 25-30 years ago that wasn't an issue, the way that we're linking and using data now, and maybe we need to look at our state statutes and standardize those at the state level.
DR. DETMER: Model legislation has been already on the plate, and it hasn't been picked up. I mean, I guess, my point is--
MS. LOVE: You might want to--
DR. DETMER: You know, if it hasn't worked, why would it work?
MS. LOVE: See, I wasn't aware that it had been proposed. A lot of the legislation you see for vital records and even hospital discharge data, except for California's, is model legislation written in another time. It's cut on some states and states live with them, and they have some institutional knowledge about how to get around those old laws, but they haven't taken it to task.
One of the reasons might be, as you ask that question, any battle with any state legislature is just a gamble. You can lose as much as you gain and there may be some reluctance at the state level to go forth and say we need to revamp this vital record statute, because truly--this happened the last legislative session, or was it the one before when the Davis statutes team came up and recommended some tweaking of our statutes.
We had a legislator say, he said to me, "You mean the state collects data on me?" And we tried, you know, were you born in the State of Utah? You know, if you had Hepatitis A, we went through this, and he said, "But what if I just want to be invisible to the state?" And we brought up some real, what I thought scary concerns to epidemiologic and public health practice, because you cannot opt out of a birth registry. I mean, that's part of the epidemiology and the denominator that we need. So I think maybe that's why the reluctance. Maybe model state statutes haven't caught on because of the risk. I think the need is there, but we're scared to even change a data element. We might lose ten if we come back and say we need one more.
MR. GELLMAN: Well, to make a couple of points. I mean I understand the risks of the legislative process always exists. My advice is to --
(Laughter.)
MR. GELLMAN: In terms of this issue, just a couple of points. One is it's very difficult to deal with health privacy in any kind of piecemeal way. It's also hard to deal with it comprehensively, but to deal with it piecemeal is particularly difficult and, second, I feel that the Bennett bill and some of the other bills actually have a lot more flexibility in there or intended in terms of I'm not sure that any of the bills would necessarily interfere with any activities you're talking about. I'm not saying that it's not something that you shouldn't worry about, but I think that there is a considerable amount of flexibility either in the public health sections or in other sections to allow things that are going on. There are exceptions for vital statistics laws that will allow those to remain intact, unaffected by this, and I think perhaps--
MS. LOVE: Perhaps you can get at that then with some very intense state briefings, because immediately when that Bennett bill came out we had provider systems saying, "Well, we don't consider hospital discharge data part of public health, so maybe, you know, we have to get permission from the patient to give you the data, which is devastating to an epidemiologic--you know, hospital--
MS. FRAWLEY: The problem with that was that's uninformed discussion.
MS. LOVE: Absolutely. That's why I'm saying, maybe whatever comes out of the federal level in the future needs to have some state level briefing. You know, when you get the bill on a Monday morning and you start getting calls it is very easy to react and perhaps even over-react, but--
MR. GELLMAN: Yeah. No, I think that's perfectly fair, and it happens not only with the states; it happens with private companies and lots of other people, and just a thought is that, if there is a vehicle moving forward in this Congress, and it's not clear whether there will be or what it will be, is to look for solutions within the framework of the vehicle that's proposed or that's moving first and, you know, look for other kinds of options later on if you can't solve your problems in that framework.
MS. LOVE: And understand that I do think uniformity through a federal statute is not inappropriate at all. It's just that maybe there's several types of approaches and just consider some options.
DR. DETMER: Lisa and then Vincent and then John, and Kathy--
MS. IEZZANI: I wanted to thank
Ms. McCaffrey. We've used four years worth of California data, and researchers love it, one of the reasons being that it has slots for 25 diagnoses and 25 procedure codes, and is virtually unique among state health data systems in that way, and we recently bought your most recent year worth of data and were required to specify what data elements we could not get to avoid having individually identifiable information, and it worked fine for our research. We didn't need those data elements, but my question really has to do with discussion that we heard yesterday at Los Angeles and how little money Los Angeles has to do anything, and you do represent the entire state with [OSHBN], and so my question is kind of in two parts: You are initiating this, wonderful again from a research point of view and also from a hospital report card point of view, flag for each of your diagnosis codes that indicates whether the condition was preexisting or arose subsequent to admission. How is that working at Los Angeles County Hospital? You know, obviously that is something that is going to add to the cost of collecting those data, and what might you see being the implications for some of your big public hospitals, some of the requirements that we're talking about under administrative simplification?
MS. McCAFFREY: With regard to the flag, we just started collecting at 4/1996. We are in the final stages of getting the data in and making it final, so we have not had a chance to look at it, so I cannot tell you which hospitals ask for exceptions. There's an exception clause in the law so if somebody said, "Oh, my God," which happens fairly often; if they're changing computer systems or something, they'll say, "No, we want to get a modification for this year or for the first six months or whatever, so I can't tell you, but next year, I think, if you're interested or anybody else is interested, we can do that analysis." I think that's pretty straightforward. It's just that I just don't have the information right now, so I'm not sure what the burden is going to be.
I know there's been modifications and I'm sorry, I never thought about looking at who those modifications were, but I know that L.A. County has as one entity, as one of the largest facilities in California, always has a lot of complexity. We do quite a bit of hand-holding for that institution, and we don't mind doing that because we know their issues, so I just don't know enough right now about what's going on there or what their issues are. They may have asked for modifications or they may have just put something in. What we did to address the problem with trying to educate people is we go out every January, if there's any changes, but we do this through the California Health Information Associations, go out to like six places within the state to just talk about anything that's new and anything people have had problems with, just updating people, and so we do quite a bit of education, and that's one of the important things.
MS. LOVE: Taking California aside, and the core data set has implications [unintelligible].
MS. MCCAFREY: . . . Basically what was done, what was a service to the patient. And so. . . I mean, from my health information background, I'm particularly more interested in what's happening to the patient from the quality assurance perspective. Although, that's just it. I don't know what PCS looks like. And PCS addresses kind of some of both of those things. Then maybe that's the way to go. But I think, that's where we're in the dark. We don't know what PCS looks like to be able to say, well, we would advocate that system over something else. I mean that's just. . .
MS. LOVE: An intermediate step in Utah was, we aren't even using what's existing. So, why are we going out and, you know, worrying about the taxi drivers and everything else when we still don't have the physician handle on them? So, again incrementalism is the approach we take. And let's get a handle on the cardiovascular and the OB. And then we'll start drilling down.
They called me on the cell phone one time from a standards meeting and said what does the state want to do about PT? You know, the idea of individual PTs and psychotherapists in a group practice. And I said the state isn't going to get around to that until the year 2000. You know, maybe Medicaid will, but you know, the analytic framework of the state. So, I think we have some time to discuss that. So, we're. . . It's an important question. I don't have an answer. But I also hope we mind our data that we have existing.
MS. MCCAFFREY: I also wanted to just follow up with, I think what you're asking has to do with the Medicaid, or the Medical program. And I was hoping that I could get one of our Medical people here to talk about that, but I couldn't. They do accept CPT and ICD-9. And they have just recently been using UB-92 as the vehicle for communicating, so.
DR. DETMER: John.
DR. LUMPKIN: I just wanted to clarify what I thought I heard. Is that are we talking about a scheme where there may be a Federal floor and then states would then build upon that floor and relationship, the confidentiality, in which data elements would be there. Or are you talking about a, letting essentially a state run system completely?
MS. LOVE: Well, I think you need both. I didn't think of the Federal legislation so much as a floor but providing some structure, uniformity with the guiding statutes such as vital records statutes, hospital discharge statutes, maybe standardizing state by state so there's ease of sharing under the framework of some uniform Federal guidelines. Maybe the floor. I don't know if it's floor or ceiling but a framework. Instead of doing it all through one piece of legislation federally. And the data sets, I think a minimum that states are free to perhaps to build on that meet local needs.
DR. LUMPKIN: Just in response to a question that Jim Lloyd raised about social security number. I think that in this process, HHS is looking at all unique identifiers and has not excluded social security numbers. So certainly any comments that may be made about what particularly unique identifier you think might be useful would be helpful as well as the pluses and minuses. And we've hard a lot of discussion today about some of the dangers of going to the social security number. But that really I don't think any option has been thrown out. And national committee on vital and health statistics has in the past recommended the use of social security with a check digit, so that proposal certainly is out there and being evaluated.
MR. LLOYD: If I might respond, neither the state nor our agency has any particular official position on the use of the social security number. And it's been suggested that it would make a lot of sense to use that number. Yet I was talking to a former regional director of HHS a couple of weeks ago who to me that absolutely her opinion was that the Federal government would never, never, never officially sanction the use of social security number because of promises that were made sixty odd years ago that it would never become a national id of any kind. You know, JC Penny has my social security number. The utility company has it. The public library has it. But her opinion was that the Federal Government even with a so called check number at the end so that it would be, nobody could tell what the social security number was, of course. That it would never be allowed. So, I'm really interested to see how that will play out.
MR. SCANLON: It's been the policy of the Social Security Administration since 1936 that they would not use the number for anything else. But there are many other federal laws that did not originate in the Social Security Administration that were enacted by Congress that use the social security number to track deadbeat dads, to track all other sorts of folks. So, that number is not ruled out. And Social Security Administration generally carries out. If Congress directs them in a law, directs the Federal agency to use the social security number, the Social Security Administration views that as the will of the Congress and the nation, and there's no objection at that point. So, it may literally require an act of Congress to use that. It certainly has been used.
MR. LLOYD: The information services people with whom I have spoken are all in favor of it. And they say let's just do it, but let's get. . . You know, whether we do it or don't do it, let's get something from HHS and let's get on with it.
DR. DETMER: Kathy is next and then Lisa.
MS. COLTIN: I'd like to get some comments from the two states in particular regarding the potential simplification of benefits of the MPI for institutions in particular and payer id. We haven't heard too much about payer id in these last couple of days. I know that in Massachusetts in the efforts that I've been involved with where we have tried to link the state vital statistics data with the state hospital discharge abstract data for births. For example, one database uses the department public health facility to identify the hospital. The other uses a tax identification number and therefore we cannot link the facility data without developing a crosswalk. Now in the single state, where the number of hospitals may not be all that huge, we have fewer than Texas, we can do that. But, you know, it's a manual effort of sitting there and looking at the names and trying to make sure that we get it right and then maintaining it with mergers, acquisitions, closures, that sort of thing.
On the payer id side, Massachusetts actually added a new field through statute to our discharge abstract add base in 1994. We use to have payer type. We still do. But now we also have payer code. And it's a detailed code that identifies all of the commercial insurance carriers that are licensed in the state as well as big health plans. And for the health plans, it actually has separate codes by product line. So, you have Medicare, Medicaid, PPO, point of service HMO, that sort of thing. And the numbers are proliferating. I think they started out with 39 and they have quite a few more now, despite mergers and consolidation. Payer id, you know, is a possible solution to that kind of problem. What have you done in your databases? Do you have that level of information? Would you see either both of these helping with these kinds of things?
MS. MCCAFFREY: I actually, Lou and I are exchanging that piece of information now, so. Lou Freedman is with the, what do you call your counsel, I can't remember what your council is called.
MS. LOVE: Data council.
MS. MCCAFFREY: The data council in Massachusetts, so. In California, our identification for facilities with, mostly with the Department of Health Services which has, of course, the Medical and Public Health, and then we have the discharged data. We share some information, and we've been working closer and closer to having an actual specific id number that would not be different. There is a little difference now, but we do have a crosswalk. But we're working much more closely than in the past. That was identified a number of years ago. And we have. . . And that isn't just hospitals. It's all the facilities. So, we've got almost 600 hospitals, 1200 nursing homes. You know, it goes on and on. So, it is important for us to develop that kind of identification system. So, that's. . . We're still in the process of refining it. But we're in dialogue and networks.
We identified a need to change the way the payment source was identified about three years ago and embarked on that horrible experience of trying to figure out whether you wanted a category or, you know. And we learned a lot. One of the advisory committees that sits and advises us is a group which included some insurance people and some health plan people. And they gave us a lot of good advice. What we found out is that trying to get to the type of insurance coverage was just impossible in California. You just got yourself all tangled up. So, what we did was set up a kind of a diagram where we identified. Well, I should categorize this by saying that in California the health plans come under a different oversight responsibility in state government. Department of Corporations is responsible for health plans in California, under what is called the Knox Keene Act. Whereas insurance companies are under the Department of Insurance and Commissioner. So, what happens is that we have a very clearly defined group of people who come in under the Knox Keene plan. We knew that the insurance end of things was just out of site. So, we didn't even want to tackle that. So, what we did was, we are only monitoring and capturing information on those specific identified health plan which ends up being between health plans and Medical, Medicare, it covers like 80%, I think is what we were calculating of the patient population, and the rest are just. . . So, what we've done is categorize them as whether they're, you know. . . We've used real categories, and then we went in to saying are you Knox Keene or not. If you're not, then, you know, we don't care about an id. If you aren't, then give us your id. And what we did was went to the Department of Corporations and they helped us to identify a number that we could link back to the Department of Corporations that they wanted to do something in the future.
MS. LOVE: Hospitals are a identified by name in Utah. We don't have that many. You know who they are. Payers are nightmare and I think a payer field would help states very much.
DR. DETMER: Lisa, last question.
MS. IEZZONI: It's okay, lunch time.
MR. LLOYD: If I might make one more suggestion, I think that hospitals and HMOs whatever category of provider we're talking about, we might need to consider providing some protections for them.
In Texas, we had a case where a hospital was subpoenaed for data that included confidential information. Somehow the subpoenaed information became part of the public record. And some vendors got hold of the public record and started calling up people who were identified, I don't know if they were selling funeral plots or whatever. But some of these people turned around and sued the hospital for releasing the confidential information. And while the hospital eventually was held harmless, they put out over a million dollars in actual attorney and court costs to defend themselves. So, I think it might be worth looking into protections for data providers who are operating in good faith under regulations to prevent them from being zapped.
DR. DETMER: Okay, I want to thank all of you. I'm particularly happy to hear that the you're in charge of seismic safety as well. I always thought that God was in charge of that. But at any rate.
MS. MCCAFFREY: God is in charge of the quakes.
DR. DETMER: Thank you all very much. We're adjourned for an hour for lunch.
(Adjourned for lunch at 12:30 p.m.)