Transcript June 4, 1997 p.m. session

NATIONAL COMMITTEE ON VITAL AND HEALTH STATISTICS

PERSPECTIVES ON PRIVACY, CONFIDENTIALITY, DATA STANDARDS AND MEDICAL/CLINICAL CODING AND CLASSIFICATION ISSUES IN IMPLEMENTATION OF ADMINISTRATIVE SIMPLIFICATION

PROVISIONS OF P.L. 104-191

June 4, 1997

Afternoon Session

Federal Building

450 Golden Gate Avenue

San Francisco, California

Proceedings By:

Tigerfish Transcribing and Editing

653 Francisco Street, Suite 4

San Francisco, CA 94133

(415) 474-5575

P R O C E E D I N G S

DR. DETMER: I think I will, actually, resume our hearings. We have still a couple committee members coming back, shortly, but I think we need to get underway in the interest of everybody's time. We have a Provider Panel, as the title of this group, and there are quite a number of you, we've kind of swedged you in there. I hope you're not too uncomfortable being so cozy. But in any event, in the interest of obviously being able to get through each of your own testimony as well as have a little chance to interact in the time frame we've got, I would hope that you would try to limit your comments to ten minutes. We have, certainly, additional paper testimony as well. So, at any rate, Ann, would you mind starting?

MS. GEYER: I'd be pleased to. My name is Ann Geyer and I'm speaking today in my role as President and CEO of the Health Care Data Information Corporation. And, actually, we have been quite active in getting our collective 45 members to provide direct testimony. So, since you've heard from, more or less, I think, 12 of them in the last two days, I'm going to restrict my remarks to...

DR. DETMER: You've done quite well.

MS. GEYER: ...the three topics that, that strike across all of them or are part of the issues that we think it's very difficult to discuss from any particular segment. And a segment to us is a health plan, a payor, a purchaser --some part of the industry. HDIC is a California non- profit organization. Rita did describe our mission statement this morning, so I won't repeat that. Our membership is open to any organization inside or outside of California that has an interest in improving health information. And, as an organization, we focus our efforts on electronic communication and the creation of a health information network. So, my comments will only come from that perspective. And it's one of the more -- this morning's panelist said, "There's an option here about to provide access or not to provide access." And, again, our organization is focused on the provision of access. So, that's just some preliminary comments to state categorically what our perspective is.

I don't think - let me start with - there's a lot - there's not a lot, after four years of HDIC being in existence, we still have a lot of issues that we don't have consensus on. And, in fact, as an organization, we have dropped the requirement for a consensus to act. What we now have - we might be here forever - we now have, what I like to categorize as a Rule of Three. Any two parties can go off-line and find a better, faster and cheaper - I'm no doubt sure - way of doing these electronic communications.

As soon as you bring [three] parties to the table, chances are you've got an industry level problem set. And, therefore, we say that that's a model for us to use to drive a problem statement to start with as well as approaches to solutions and then the analysis of how they're working.

The one area that, that our organization has been very active in and actually started with is the area of privacy and confidentiality - patient consent. That was the first work group we put in place. And it has been in existence for the full four years of our organization. I thought Rita did a great job in representing the results of that. She had to referred to it as the stay colder - stay colders...it actually had a lot of consumer advocates and other organizations that were official members of HDIC. And I have provided copies of our white paper on public policies for your review. There - it really took two serious years of discussion to get to the ability to put any policies down on paper. And now we're in the process of revising those policies to bring them into compliance with the issues that we take recognition is as we move into an Internet strategy, which is something that our organization has formerly adopted as the way we would like to do business.

I also would like to, to put our agreement on the principle of a minimalist approach to these issues. In fact, what we have learned, over the course of the work with our 45 members is that you can never get - to get consensus we have sort of given up on - but even if we were able to get consensus - in some areas we are, quite frankly. The amount of time and the patience and the work it takes to keep everybody stuck to those agreements while you're working out the solution set becomes the next major problem. So, our new approach is to say, "Let's agree on what is the minimum amount of requirements or specifications or things we need to agree in common, so that we actually end up with the maximum local decision making in the other aspects." And I would, I would strongly suggest that that's a good principle. And, having moved to that principle, has actually allowed our organization to work on more things at the same time.

However, in the area of privacy and confidentiality, the things that I would like to go on record as saying is that HDIC supports the strictest possible privacy provisions that can be implemented with existing technology. And we believe that there is a fair amount of technology out there. And, as new technology comes into play, that should raise the - should raise the banner on what the strictest possible privacy is.

Our Public Policy Committee has specifically asked me to state that they believe the acceleration - the pressure to accelerate implementation of electronic transactions without provisions for privacy/confidentiality and security seriously compromise patient rights. And that, while the legislation does have a three year window and then another one year window for the committee to take action, that we believe that - as we say - that this is a serious compromising.

On the other hand, we also have seen here, in our own market that, that dedication to privacy rights is pretty strong. And I think that that holds another states - particularly from the testimony that we've heard today.

We would like to see the Committee take a leadership position in it's recommendations to Congress on these issues. The area that I think we would find disconcerting is if we ended up with 50 different state privacy and confidentiality rules which, again, would not allow for administrative simplification on this area and would make it very difficult to understand what being in compliance met - regardless of whether you were an individual interacting with the system or a provider or other type of constituency. We believe that the implementation of information systems and networks act to expose the weaknesses in the present policies and procedures. And, in fact, I would say that the recent experience that the Social Security Administration had in putting their information on the Web was not a statement about insecurity of Web as it was a statement about exposing what the current privacy and confidentiality procedures in place are. And I think that that's the most telling example that I can bring on this.

We also believe that we must insert business imperatives into these deliberations in order for there to be real call to action. I'm not sure how you do that in all cases, but that the strongest way to get someone to implement is to show that it has a business imperative - and that there is - it's really worth the effort to look for those kinds of imperatives.

This is particularly the case in managed care where the managed care system, in and of itself, has expanded the number of parties who have a daily operational requirement to interact with patient date. And that - the pressure on managed care and the managed care structure are going to expand the number of parties that need to see data to do business rather than [contrast that?].

On individual, unique, individual identification, well, I'm not going to weigh in on to use the Social Security Number or not because my members have - some proposed to do it, some propose not to do it. What I would like to say is I don't see how the Social Security number or any number solves the unique identification problem. And what I would ask for is proof of the solution. And, and one of the criteria I would ask to see proved, is what is the liability of a health care constituent when they determine that the Social Security number is a duplicate? Now, Dr. Detmer has asked for research on some of these issues and I have, informal, research. That is, I ask everyone I run into, "What's your experience with duplication and Social Security numbers?" And, my common answer is 20%. Whether it's fraudulent duplication or miscodings, typos or just people giving the wrong number, every time I get back somewhere around 20%. The L.A. County, for example, which is a member of HDIC says that they believe they have, at least, a 20% duplication. And if that, in fact, were the level, I think that they would be doing wonderful.

I've interacted with a health planner, a health information network in Colorado that says in one small town in western - in the western part of the state - had 300 people using the same Social Security numbers. So, there's all kinds of evidence that show that it's not a func...it's not really a function of the Social Security number as it is a number that identifies. And I think whatever number we put in place would have the same issue to it. So, having said that, HDIC is turning to other types of approaches. And what we believe is that we're in a technology time window, says within three years, we're going to have more options. And in that regard, I endorse the work that Rick Peters mentioned this morning. And, in fact, it's very consistent with our approach, the use of digital certificate, the public key infrastructure...we're looking, we're starting right now, to look at the availability of SMART cards. And some of the technology that's coming into play to support electronic commerce on the Internet, which has the potential to deliver scale that brings the cost equations into the right realm for us to use in health care. I won't go into more detail, but to say that I think that one of the, the advices - well, maybe advice is the wrong word - but, the consideration I would like to see you take, is what is the technology horizon in this next five year window?

Secondly, I would also say that I, personally, have observed the work of our health plan members to find a workable MPI solution and that I've become convinced that this is a very difficult thing to do. And that the, the effort to link data - whatever the data is and whatever indicator you use, post hoc - within a single organization is quite complex. And therefore, to expand that into extra organizational - the time is not appropriate.

We have, therefore, turned our attention to some, some different problem statement. And, in fact, we believe - because, again, we work in a managed care - that it is, it is a worthwhile effort to look at identification at the point in time of enrollment and to pass the identification down the process, the information process, rather than to wait at point of care and try and pass it around to everybody else. We are just starting this work within our organization. And, again, it is embedded in our use of digital certificates and public key encryption and the technology cost curve for SMART cards and other types of devices.

On the subject of EDI, which is my last subject, HDIC actually has a priority objective around administrative simplification through the increased penetration of EDI. We see that establishing data standards for the ten transactions named in the legislation is only the first step because the format of the transaction is the - only one part of the full information flow. We have - we have our work group, which consists of thirty members who have been coming together, at least once a month for two years, on these issues. We are just starting to get to the point where we are implementing ANSI standard transactions. It is extremely costly, difficult and cumbersome. And we hope that the administration will also take under consideration how to reduce all three of those efforts in the work that it does.

I-I would say that we recommend the Committee establish one standard per transaction. And that it is important to have one than what that one is, although, having said that, we believe the one we should have is the ANSI Standard Transactions - but you'll hear from our members directly on that point.

DR. DETMER: If you could summarize, just point...

MS. GEYER: Yes. I have a specific recommendation I have not heard before to this process. And that is, we would like the Committee to direct the standards bodies to create implementation test data sets. That these data sets would be as part of the certification that a standard has been implemented.

Further, we would like to the appointment of independent agents to act as mediators or arbitrators when there is a dispute about the consistency - or the inconsistency of an implementation meeting standard. And, finally, we would - well, we would see the training partner contracts would determine when this option is taken into effect and who would pay. And that there should be several such agencies to encourage competitiveness and pricing and services and to protect against bureaucracy. Now, we believe that these kinds of mechanisms are going to be as important to actually getting to a standard that can be exchanged as the setting of the standard itself. Thank you.

DR. TRABEN: My name is Tom Traben and I'd like to thank the committee for inviting me here today to discuss these very important issues. I'm here on behalf of Central Inc and the Institute for Behavioral Health Care. I am Vice President of the former and Director of Research of the latter. These two related organizations put on continuing and executive education conferences for the behavioral health care, field and industry; publish a national journal - also publish a book series - and are known for bringing together the major leaders from all segments of this field to address the major challenges that we face. The particular areas that I am especially in charge of, are Informatics, the impact of computerization on behavioral health care and also, reviewing all the quality and accountability initiatives in the field.

In these areas, I chair national conferences, play a key role in our journal and our book series. And I was also pleased to note, when I came today, that two of the people on this committee were people who I had featured as key note presenters and writers for the journal and the book series: Kathleen Frawley and Bob Gellman.

I mentioned to Carolyn Rimes when she invited me here that I didn't fit neatly into a category of provider or health plan or the categories that are laid out because we are actually a neutral organization in the eye of the storm in our industry, bringing together leaders from all the different segments. And she said that was find and put me here in this provider category and I will represent the provider view point, but also other's as well. I think that any single view point ignores the extreme complexity and competing interests in this field that have to be taken into account to come up with good solutions. So, as part of my background, I'd like you to know that I was an Executive in a managed behavioral health care company for many years and am intimately acquainted with how operations go within those companies and I still do some consulting for the American Managed Behavioral Health Care Association, taking part in their efforts to develop a report card that they call PERMS 1.0 and now 2.0.

I'm also involved in hospital work. I was, for many years, a hospital executive and currently on the Behavioral Health Advisory Board for JCAHO. I'm also on the Advisory Board for the National Committee for Quality Assurance and their accreditation efforts. I have a small, private practice within a group practice and I am on the Executive Council and Board of Directors of the California Psychological Association, representing the needs of psychologists in this disturbing-for-them era of managed care.

So, I'm going to try to bring together these perspectives today. In five major talking points that I would like to address. First of all, I'd like to talk about the ethical, legal and economic clashes that are occurring between providers and managed care organizations as it plays out with the issue of confidentiality. Previous to managed care, the contribution of information on clients or patients that providers had to give to insurance companies, typically was restricted to very rudimentary details of diagnosis and procedures. What has happened, is that the information - as you all know - has gotten far more extensive and that's burdensome and I'll get to that later. But the key point I would like to make now, is that it is a fairly recent phenomenon that significant amounts of information have to be divulged now about patients without it necessarily being directly to facilitate patient care. And, in fact, that information, oftentimes, is used to deny patient care. And that exacerbates the tension and the dilemma that providers feel themselves under when asked to give such detailed and personal information.

The training that we get as therapists in graduate school and that we then get in order to pass our written and oral exams to comply with state law with regards to confidentiality are very specific and very strict. They say that most information can not be divulged unless there is a written consent form that specifies to whom the information is going, about what and for what purpose and within what specified time periods. In contrast, the requirement that patients have under managed to care to have their providers reimbursed is that they have to sign a consent form that pretty much allows most any kind of information that passes between the provider and the patient to be conveyed to the managed care company for purposes of facilitating treatment and/or reimbursement. It's pretty much a blanket kind of consent form.

This puts providers, needless to say, in a quandary and has been disturbing to many of them and with regards to informal research, I can tell you that in the many workshops I've given over the years, when I ask for a raise of hands amongst providers as to how many of them had the experience of patients opting out of reimbursement because of fear of information going back to their employers? I used to get a couple of hands being raised. Now, it's the entire room, where they had the experience of some patients voluntarily foregoing reimbursement and paying out of pocket for fear of what will happen to the information.

So, here we have a quandary. Now, on the other side, it is to the benefit of the managed care companies - and I would go so far as to say, to the providers and the patients - to have a blanket consent form of that order from the view point of administrative simplification. It would be extremely onerous to require a separate form for any and every exchange of information that is required. And as my predecessor on this panel pointed out, those instances are only on the increase, they're not going to decrease. So, what do we do?

Well, here are a couple of recommendations for you to consider and, hopefully, pass up to the Department of HHS. One of them is a legislative initiative that is now being pursued by the California Psychological Association with the state legislature. In discussions with HMOs and managed care companies in this state and that is to keep the consent form the way it is, but you require that the managed care companies give a monthly or quarterly report to any patients under their care that lists the number of times that their chart was reviewed by others internally and external to the organization and the categories of types of reasons for which those charts were reviewed. This would be the first time that people under care would ever get any information on what's happening to their records and who is looking at and for what reason. And it would make review of charts, at least, more circumspect.

Another thing that I would urge you to consider, is that there be a separation between the almost blanket consent for routine kinds of reasons, which probably should continue, and separate that from the extraordinary reasons which would require separate consent forms. Now, related to this, there are with good intentions on the part of many, a greatly increased set of standards and efforts at accreditation with the National Committee on Quality Assurance taking a lead with managed behavioral health care companies, that will now begin the requirement that there be chart audits of network providers in private offices at the local level. This needs to be worked out as to how it's going to be implemented, but it is another step in what providers will perceive as intrusion into their private records that is unprecedented.

Now, it's coming from a place of good will and good heart, that managed care companies should be held accountable for the providers that they credential and the care that they authorize and that they do due diligence with this, down to the level of chart scrutiny. But, from the provider perspective, it's frightening. So, this needs to be addressed. There needs to be appropriate consent forms that take account of these - I would say - non-routine kinds of scrutiny.

Going on. There is another way in which there is a clash between competing interests with regards to legal requirements. And that is, now, from the managed care company perspective, that they are required to protect the confidentiality of patients from others unauthorized to receive information. And yet, they are required to also inform the subscriber of benefits that some benefits have been used - the EOB, Explanation of Benefits.

The way this can translate is that when additional care is authorized for a dependent of a subscriber, that one might argue that the subscriber needs to receive notification that this care has been authorized. Now, this is pre-payment, this is just authorization. And I worked for a managed care company where we worked out the clash by mailing - not to the subscriber, but to the dependent - the notification that care had been authorized. I can't vouch for all managed care companies following that rule, some may, instead, give that notification to the subscriber who may be a spouse in a situation where they're going through a divorce and it would seriously compromise confidentiality. So, no one has really addressed this clash between health care rules and laws and insurance rules and laws coming together. Both those laws, with good intentions, attentive to customers and consumers, but clashing in this case - please do address this.

Next...

DR. DETMER: Yeah, if you could wrap it up fairly quickly, because you're already over ten minutes.

DR. TRABEN: I see. OK. A big hole is with employers. There are not good firewalls in the small to mid-sized companies between those who get the claims and those in other areas, who should not see them. And that needs careful attention. Paperwork burdens amongst providers, a next thing is that it's getting horrendous as payment drops for providers but paperwork burdens increase. There's a tremendous need for there to be common data sets that the managed care companies adopt. I have organized a national conference on this basis. I have the proceedings from it. It doesn't look in the near future without strong pressure from government. There will be work towards defining a consensus so that managed care companies will - all in one - ask for the same common data sets from providers, which would make their lives a lot easier.

Electronic commerce, EDI, is one way of leapfrogging over that. I had hopes that that would happen. I have some details about some software that would allow for that, but I don't see that in the immediate future and it concerns me.

Lastly, I would like to say that - two more quick points. Please consider mental health and substance abuse, along with certain aspects of health care as having more extraordinary needs for confidentiality and data privacy protection than many other kinds of health care concerns. It is good for policies in hospitals and other large health care systems that have integrated data sets to have more secure checks and balances for access to this kind of data then for others. Some have resorted to actually separating that data. I think that ends up being unfortunate, though, because we need to integrate those for coordinated health plans.

And, lastly, I'd like to say that there is a roll out now of collaborative outcomes projects and performance indicator projects. You now about report cards, I'm sure. You may not know about - in mental health areas - collaboration between multiple organizations, sharing a common data pool with a neutral organization analyzing the data and giving them feedback on their results against the aggregate. It is a way of having massive databases with rapid turn around, tremendous knowledge generation of what works best for what kinds of problems and people and what kinds of situations and rapid translation into practice. What is needed to be addressed in these situations, that no one has thus far, is uniform standards in such situations for how the confidentiality and privacy of data for individual patients should be protected. I don't consider that to be too daunting, though, compared with some of the other prospects which are standardizing the methodology with which this data is collected so that it's truly apples and apples from which conclusions are drawn that will impact millions of patients as to best practices. And, how information should be shared with the public about findings so that it's not too proprietary but the public benefits and that there still be some method of scientific scrutiny, since this is going through a different process than our normal, much slower process of publications, research grants, etc. as we move into the 21st century with some wonderful new possibilities - but challenges also accompanying it for, with computerization, how much more data can be shared and mined for the good of all. Thank you.

DR. DETMER: Thank you very much. Ms. Swanson?

MS. SWANSON: Thank you. Welcome to California. I know in [unintelligible] we have a beautiful day. I hope you get to enjoy it. So, I've got to talk fast. I'm a little anxious, you know, physicians and health care today in California, particularly, are a pretty anxious bunch. And I'm sitting across from a physician in California with a big hammer, but, nonetheless...

CA PHYSICIAN: I left my knife at home.

MS. SWANSON: I know, that's good...you went through the metal detector which was OK. I manage Swanson and Company, Incorporated, which is in Long Beach, California. We're and outcomes management firm and our focus is functional outcomes. The intent of my presentation is a bit different from the two proceeding me. It doesn't deal with access or confidentiality. It really, interestingly enough, is suggesting you might consider adding a variable to the data set - as strange as that might seem in this discussion. Nonetheless, I think that there's some value and utility and I'd like to go through my reasoning for that.

In my own portfolio, I am a trainer, a national trainer for the National Center for Health Statistics in the International Classification of Impairments, Disabilities and Handicaps and my company has received contract monies to develop software to help in the training of people here in the United States and the English speaking world in the use of ICIDH.

To summarize, I'm suggesting that you consider having a functional variable in this uniform data set. And, if you do that, to consider using the International Classification of Impairments, Disabilities and Handicaps, which I refer to in the written document as ICIDH. There is a reason there and I - the reason stems from the fact that we've relied on ICD - International Classification of Disease, Injury and Causes of Death - really, as the justification item, data bit, in the system and I think we've done that unduly. That, as one of the committee members pointed out earlier today, that we're having increased use of hospital extended care, long term care, out-patient home care services and these are related, quite strongly, to one's functional status as well as a person's ability to work and return to work.

So, in past models of health care delivery, using ICD was quite appropriate and, as we become more complex, adding a variable like CPT also made sense. But now we're faced with an increasing population of people in the delivery system that have chronic disease and limited benefits and we have to take them - at some point in time - from birth to death and managed those funds. It may be with one plan. It may be across plans. But, nonetheless, the reason for the service needs to be outlined. And so what they system is doing now, is trying to categorize to use this data set that we're talking about to categorize or stratify people for plans of care and payment. We can call them DRGs, FRGs, RUGs - and Gs you want - but, nonetheless, we have to group these people and try to categorize them. And, I think that this is a survival tactic and not one that's been developed in a, sort of, preemptive or...or preemptive manner.

So, in my estimation, you decided to develop and thoroughly investigate this comprehensive data set, which I applaud, for these uses. I guess the question is, when would characterizing function or loss of function be useful? And I think that there are instances that effect the overall cost and delivery of services, of health care in the United States. What I do in my consulting firm is to use this data to improve the quality of care and reduce the cost. That's why my company does when we talk about outcomes management. So, I'm very aware of incomplete data sets. And using a functional variable helps the provider understand ways - methods - to reconcile why they're getting paid or not on the payor side and also, on the operation side, in fact, what they need to do in terms of critical paths, standards of care and so forth.

So, I think there are incentives which we need to understand that are occurring and it puts, as the gentleman before me discussed, the provider has to reconcile these two opposing forces, is that from the payor perspective of what is being allowed for and what administratively is what is being budgeted for. The provider, whether it be a psychologist, social worker, nurse, physician has to reconcile that on behalf of the patient. And so a common framework for need for services and justification is important in this common data set.

An overview of ICIDH is probably worthwhile. It's a 1,400 item techsonomy that characterizes the loss of function in three domains. The first domain is body system function, which is referred to as impairment. The second domain is loss of function at the level of the person and usually reflected in terms of activities, that's referred to as disability. And then the final one is the person's perception of disadvantage and that is referred to as handicap. It both qualifies and quantifies the sequeli - the functional sequeli of an illness, injury or disease - within a framework that allows for analysis. And we've talked, some of the presenters have talked about that need for a way to analyze the data that is universal.

The World Health Organization developed this as a companion to ICD - it is not redundant - and has published over time, the revision to the initial - the original version is due out at the end of this decade. There are some differences in the proposed revision, all are - and I've noted here - are enhancements to the original version. It does not change the underlying construct of the instrument. I think it's compatible with ICD, which is very, very important. Because it was developed as a companion classification system, it does not replicate the ideological pathological idea of International Classification of Disease. However, it further characterizes function, which, in fact, implicates a need for service. And so, I give an example in the written testimony out of a textbook that a British orthopedic surgeon has developed to help orthopods understand that medical prognosis is largely dependent upon the person's loss of function. And so, that helps us classify need for service. And so, a five digit code or four digit code can help us, very simply, better triage a person to a plan of care or groups of people to plans of care.

It has been compared to instruments like the Functional Independence Measure, the FIM, for those of you who are into that area of data. It is very different from functional assessments tools and it needs to be understood. It is a classification system like ICD or DSM IV. And so, the FIM, which is a common tool that is used in the country today, is a 17 item instrument. The impairment classification alone in ICIDH has over 1,000 variables. These are very different ideas. It is not a measurement tool. It is a classification system.

So, I liken the - an analogy might be that an MRI, an X-ray, a CAT scan is to ICD as the FIM and the Burg Balance Test, Range Motion Test are to ICIDH. There is testing instruments and there's classification systems. They're very, very different. And that's where the utility to comes in. The other part is that, from a behavioral domain or a medical domain, a physical domain, different areas of loss of function may occur and no single functional measurement instrument will cover all those domains, whereas ICIDH covers the nine domains of body system function, nine domains of physical activity and behavioral activity and then six social roles. So, it's much more comprehensive and allows a provider, as well as a payor of service, to understand the populations that they're treating.

There's a structure to it. It's well defined. The impairment is a four digit structure and I described it in the document. The disability is a five digit structure that also rates severity of the disability and its outlook, which has a power to it that we don't have with ICD today. We don't have an opportunity to actually change ICD status over time, whereas, when we're looking at efficacy of care, we actually want to see the person getting better in the data set - not just stopping service. And so, the power of ICIDH is you can actually look at change of function over time.

There's an infrastructure for maintenance, which I think is important from a cost containment [unintelligible]. The World Health Organization maintains it. There has been a North American collaborating entity, which is the National Center for Health Statistics. And these groups, in conjunction with each other, have been active here in the United States in training and refining this process, outside of a professional association, for example, or single agency.

I think the part about ICIDH which is attractive is that, in my experience - and I have several applications that I've been involved with listed at the end - is that it has reduced the cost of documentation and the overall administration of services. And the reason that is, is because there's a lot of time spent on documenting why someone needs something more so than someone else, and that usually has to do with function and using a series of codes allows the person, the provider, to do it much more quickly and much more efficiently.

There are hurdles to acceptance. And one is that not all people collect functional data in the same way, and that needs to be recognized by the group. One would need to consider how many of these variables you would accept, if it were, in fact, an option. So, that is not clear within the document itself. ICIDH does not define that, whereas, for example, in the UB92, I think you allow for six ICD codes. Is that correct? One? Nine? Your one primary and then others? We have no rules for ICIDH that would have to be considered.

I think that another factor is it's a change in philosophy to have functional data in a medical data set. It's expanding the whole notion of what it is that you're trying to do. I would not want to suggest that this is a simple idea, that having functional data in there that's changing over time actually has a power and utility that's different than what we've had to date.

And, finally, people are concerned about professional acceptance. Someone's got to actually collect this data and, as a trainer for the National Center, we've had a tremendous response from professional groups. There are training manuals and materials and it used to take us two and a half days to train someone, now it takes two hours. So, it's something one can learn as a provider. It's not something one has to go to a special course for and people are quite interested because this notion of characterizing function and need to be admitted to a nursing home or a need for home health services is a very confusing and problematic process. And so providers are interested in having a universally accepted method to communicate that.

One of the applications - and then I'll...

DR. DETMER: If you could summarize...

MS. SWANSON: Yes. Just one that I would like to point out, is that there is an organization here in the Bay Area, Bay Area Managed Care that provides therapy services, physical and occupational therapy services to 200,000 lives - it's a 100% capitated and it does show - using both ICH and ICIDH - it adjudicates the entire process. It's the basis for their case record. And they have cut costs. They've one, improved quality of care. Two, they've cut costs of the administrative burden from 12 cents per member per month to 6 cents. And, actually, they've cut it down further - mostly because they classify loss of function. And, finally, this organization has now - this will be interesting to providers - the providers in this group get paid by the level of outcome they achieve.

So now we're actually shifted - I just though I'd add that, wake people up - from being paid for service utilized to the effect of the services that were provided. So, in that sense, I think that there is some reason to consider function. I would like you to look at ICIDH as a way to characterize that. Thank you.

DR. DETMER: Thank you, very much. Mr. Manigault?

MR. MANIGAULT: My name is David Manigault and I'm looking at you guys...I'm a little intimidated, but I'll try not to stumble too much.

I'm with a company called Core, inc. I'm the Executive Vice President of a Division known as Information Master plan. Some background about Core, Inc., in 1974 through a Kellogg Grant, we started a biomedical engineering company. That company was owned by the time - by a company called the Hospital Count of Southern California, now you know them as the Health Care Association of Southern California, which is also one of the related companies to the National Health Foundation.

There are three divisions of Core, Inc. One is the biomed division, the other is group purchasing. We do about two billion dollars a year with contract sales, representing about 1,500 hospitals. A lot of that is done electronically. The division that I head up is the EDI Division. We basically put software at hospitals on the hospital's behalf. Originally we were owned by the hospitals, so a lot of the out sourcing was done our way.

I also have another hat today, and that's the Health Care EDI Coalition, and that's a group that represents some 5,000 facilities across the country represented by about 23 multi-hospital groups with the defined goal of working together to solve problems in the area of EDI. In June of 1988, 23 hospital groups came together and decided that they weren't going to fight anymore in the area of getting into EDI. It was probably cheaper to work together to move data.

As I go through my presentation, I'm going to give you two case studies. One has a lot to do with what happened at Core and one of the products that we've put together and how some hospitals are pretty successful and some of the pitfalls that we saw as we went through. The other is what happens when multi-hospital groups in the industry gets together and literally solving some problems that would almost be impossible to solve on your own.

Let's start with the Health Care EDI Coalition. Again, you've got some pretty large players in there, again, representing some 5,000 facilities across the country. We also work with major vendors. I believe it's about 500 vendors as well, all the big vendors in health care. And the thing that we're trying to do more than anything else is to move data between the providers and the payors, using the ANSI standards. There are all types of networks out there available. There's all types of possibilities for moving the information. But there's one thing that we found out. Within the ANSI standard, there's a lot of flexibility. You have to, basically, sit down with each trading partner. There are no single standards that you can use to go back and forth. You can use - provider can receive in an incorrect segment and it won't work on his application. A vendor can send a catalog out to a provider and the provider can't read it. So, you have to basically sit down with each trading partner - and that does take some time.

What we found out, though, that by working together and putting out standards through implementations, life became a lot easier. When Hickville put out the 835 for claims, that made life a whole lot easier for receiving the ERAs for hospitals. Without a document like that, without a standard piece, then it would have been a little bit more difficult. But getting back to Hedick, we've moved forward with things like the 832, which is a price catalog. The 85, which is a purchaser order. And now we're seeing things that come across like the UPN number. The UPN number, the Universal Product Code, has to be tied back into the purchasing arena in order for claims to be paid in some states.

These are issues that the hospital has no idea what to do with. When you put together this project of process, keep in mind, that the hospitals have to be able to move data from their system into whatever the network is. And then, the other side has to be able to receive it. The interface piece is the most important part. Without the interface piece, you can put a document in the middle and move it back and forth, but no one can read it.

Seventy percent of all computer input comes from a computer and people sitting down, keying it in. The thing that we're tying to do, with Hedick, is to make sure that the data stays in the system and not come out - and it does take time. What Hedick has done, nationally, is put together study groups, EDI partnerships all across the country. It's the opportunity of sitting down with your trading partners and deciding, exactly, what you like to do in a big group, instead of one to one. It makes it easy for the hospitals. It also helps them understand what, what goes on.

Go back to Core, Inc. There were five hospitals that approached us and asked us what should I do with the 835 when they're getting it from [unintelligible]? The 835 originally came across, it was a document that's printed out with a program, I believe is called PC print, and then they had to turn around and key the data into the system. That's not EDI. That didn't do the hospitals any good. There was no benefit. They still - they had to pay for the paper, originally they were getting the papers from the FIS, but then they had to pay for it. And they had to still keep the data around. So they had no savings.

So we put together a process that allowed them to take the electronic file and post it directly into the system. A lot of providers are now looking at this as being the best way to do it. When you put together your solution, make sure, again, there's an interface device. Don't just give the provider a claim or remittance advice or an ineligibility or an enrollment or don't have an employer have to put across an enrollment. How - what is he going to do when he gets that data? How's he going to merge it into a system? The content of the data is important enough, but also, when you're talking about portability, port it over to the next side. If I have a Legacy system over here and you're sending me data, how am I going to get that into my system? That's the thing to keep in mind.

Because I've had hospitals that have asked me questions. They said, "What do you think I'm going to do in this scenario? Am I going to spend X number of dollars on software or am I going to buy a CAT scan or a VISA machine? What am I in? What business am I in?" And that's some of the hard things that they're facing. So, when you're looking at putting together a system like this, keep in mind that at the hospital location, they're not technical jocks. You guys are doctors. You take care of people. So whatever we put together, whatever you give them, make sure it's kind of easy and not that expensive. Or, maybe somehow, trying to find vendor standards that don't hurt them too often or too much.

There are a lot of things that we've gone through in the past couple years. I started with Hedick in June of 1988. And we, basically, went all across the country looking at Vens and looking at the way people were moving data and looking at how to move data and ANSI standards. I am still a member of the ANSI Committee. I remember when Ed started an insurance division. I remember the hoopla and everybody's getting excited in the work groups. But what's happening is that, if I look back way then and look today, we talked a lot but a lot is still left to be done. There's a lot of opportunities still and the technology exists. But the piece that you have to work through is, how do we agree to move data? How do we make sure the data sets are there? How do we make sure that when a hospital pushes a button the right information is going to come in? And not that the right information comes into the wrong patient? Because those are some of the issues that we worry about as well, too.

There are a lot of other pieces - I'm getting nervous - there's a lot of other pieces - and I do appreciate the opportunity to sit in front of you. It's not too often that the industry has an opportunity to maybe change its own future - or maybe participate in its own future, but that's something that we're going to make sure. You guys are doctors. You're pretty familiar and you're pretty...you know what goes on at the hospital locations. I wish that every data entry clerk in the hospital could be turned into a programmer, because then you'd be all set. OK? The biggest piece that you also have to keep in mind with this, is that once information goes - and it goes properly - there's some displacement. And just keep that in the back of your mind, as well, too.

It's like the old days when we'd have the old big row boats and all the oars and oarsmen would row...what happened when the steam engine came in? Those guys lost jobs. But, they turned around and built steam engines. So, we have to find a way of reeducating while we're implementing - that's a pretty important piece. I've seen many things at hospitals. I've seen people, maybe, even try to sabotage technology because they're afraid. OK? Keep those things in mind as you go through. And I think, the only other thing I'd like to say is the education piece is probably the most piece, but in global thinking, don't forget the people at home, because any true communication system should be able to say, "I'm at home, there's a home health company somewhere. I've got a drug dispensing machine here that hooks up to my phone. How do I get information back and forth?" Keep in mind the globalness of it. Don't just define hospitals and doctors. We're servicing the entire realm. Just keep that one piece in mind...because sometimes we loose sight of what we're trying to do. We might want to be going to the sky, but we stopped right here. We need to stay up high. Thank you.

DR. DETMER: Thank you, very much. Ms. Forbis?

MS. FORBIS: Thank you. With all due respect to the former presenter, I wish every programmer could be a medical transcriptionist. [Laughter]. I am Pat Forbis the Associate Executive Director of the American Association for Medical Transcription. And, on behalf of our association, we thank you for the opportunity to speak here today. AAMT is the only professional association representing medical transcriptionists. The medical language specialists, whose responsibility it is to assure that dictated health care information is complete, consistent, clear, correct, concurrent and credible. AAMT supports the patient's right to confidential, private and secure health care documentation. We believe that safeguarding the patient's privacy by maintaining confidentiality and security is essential for quality care.

In 1995, our association published guidelines on confidentiality, privacy and security of patient care documentation through the process of medical dictation and transcription. And we are currently active participants in ASTM's E-3122 Sub Committee on Health Care Information and Documentation. I serve as Chair of the Confidentiality, Security and Privacy Sub-group which just submitted the ASTM standard on management of the security and confidentiality of dictation, transcription and transcribed health records for second ballot.

Little about a patient is more revealing than the dictated and the transcribed or text portion of the health record. Yet, as the debates rage on about confidentiality of health information and systems security or protecting patient privacy, there is little understanding about the complex process of dictation and transcription.

Millions of dollars are being spent to change or even to eliminate this process, but the industry continues to grow. Two factors appear to be at least partially responsible for this growth. One, as technology moves health care information into an electronic format, health care providers have two choices - learn how to enter information or have someone do it for them. Most choose the latter. Therefore, a greater diversity of health care providers is using the dictation and transcription process to assure the documentation of their health care delivery.

Two, third party payors, researchers and an increase in litigation are requiring more - not less - information. The result of the industry's growth is an increased demand for qualified medical language specialists known as medical transcriptionists.

Additionally, as these demands increase, health care continues to experience down-sizing, re- engineering and outsourcing. These dynamics have resulted in one of America's hottest new industries - health care information and the unregulated industry known simply as medical transcription. And unregulated industry that is estimated to annually generate 15 billion dollars. It is an industry that has moved to Wall Street and that has captured the attention - and the money - of impressive investors, including pharmaceutical and insurance companies. And, it is an industry that, if allowed to continue to flourish without restraint, has tremendous potential to compromise the confidentiality and security of health care information and the privacy of patients.

Approximately a decade ago, medical dictation and transcription were considered to be such a delicate process that it was unthinkable to allow them to leave the confines in which they were created. Environments were structured to assure quality, control, responsibility, security and accountability. When the outsourcing trend first began, the same control was

[End of Side A]

...if not thousands of highly qualified and reputable home based medical transcriptionists and services who are dedicated to providing the greatest possible quality health care information. They are committed to safeguarding that information and they support the need for laws that will protect it. However, it is not uncommon for dictated health care information to be outsourced to medical transcription services or individuals about whom little, if anything, is known. Nor is it uncommon for dictated health care information to be transmitted across state lines and to English- speaking foreign countries, transcribed and transported to employers and/or client organizations in a variety of ways, including by courier, through Express Mail services, the United States Postal Services, modems, remote printers, fax machines and the Internet.

It is also not uncommon for the quality of health information to be compromised because of the demand on medical transcriptionists for high production. In what has been called an electronic sweatshop environment, transcriptionists are often reimbursed only for the quantity of work they produce, with very little regard to quality.

In addition, some medical transcription services are selling storage space in order to become data repositories. And unless their contract with the health care provider specifically prohibits it, some service owners are considering how to market the health care information they now control. While they may remove what they believe to be all demographic information, it is important for you to understand that individually identifiable information is often contained within the text portion of a patient's documentation.

By now, you undoubtedly understand that the process of dictation and transcription is rapidly evolving into another autonomous health care provider industry, about which the public is primarily uninformed and unprotected. Our concerns and recommendations include the following: patients are not adequately informed. Release of information forms should include information about their documentation -- where it is stored and who controls it and their right to review it. Reasonable efforts should be made to explain how the information will be used. Do not promise that the confidentiality and security of health information can be guaranteed -- we all know that it cannot be. Honesty will surely provide the first step to rebuilding a measure of trust.

Because organizations and individuals depend on the accuracy of the data for bill payment, managing the care process and health policy analysis and assessments, we urge the adoption of quality assurance standards for dictation and transcription processes and look forward to participating in their development.

Medical transcription companies, as data repositories raise grave privacy concerns. Standards must be adopted that will assure the protection of stored health care information and restrict such data repositories from marketing it.

Dictation and transcription are sensitive processes. We therefore encourage the adoption of the ASTM standard on management of the security and confidentiality of dictation, transcription and transcribed health records. AAMT urges strong criminal and civil penalties be adopted and enforced for those who knowingly and willfully violate health care information.

In summary, medical dictation and transcription are not magical processes. The expertise of qualified medical transcriptionists is unmatched when it comes to the dictation and transcription processes of health care information, including their confidentiality and security. Events of the past decade have introduced outside influences that have created a dangerous gap between the public and the confidentiality and security of health care information that they deserve. This gap must be closed. Again, on behalf of AAMT, we appreciate the opportunity to be here today.

DR. DETMER: Thank you very much. Ms. Simons? Dr. Simons?

DR. SIMONS: I appreciate the opportunity to discuss this with you today. My name is Barbara Simons and I speak today on behalf of USACM, which is the U.S. Public Policy Committee of the Association for Computing. ACM, founded in 1947, is an international, non-profit, educational and scientific society dedicated to the development and use of information technology and to addressing the impact information technology has on our lives.

ACM publishes scholarly journals, puts on conferences and is involved in a number of different areas, as well as social issues. We have about 60,000 members residing in the United States who are academic, professional, scientific and ordinary users of technology who have a strong interest in the development of secure and private methods for storage and use of medical information. And since this is a panel of providers, I suppose we are the -- I represent the trouble makers. We are the ones who are creating all these problems that you have to be having this panel today.

Hopefully, we will also help you fix some of the problems. Before going on with my talk, I wanted to just pick up on a couple of things that were said by panelists earlier today. One of the gentleman said that he thinks that these problems are primarily political and not technical, I beg to differ with that comment. I think they're really both. I think that it's critically important to get the right technology in place and to do that will require some political will. So, I think it's a combination of both -- and I can't see that politics alone will fix the problems that we're talking about.

There was also a comment about using legal procedures to make, to prevent access. And, again, I agree that there should be strong legal ramifications for unauthorized access. And I also want to point out that there are situations in which this technology can help to make it very difficult to have a unauthorized access -- or at least to have an unauthorized access without a record being kept of that unauthorized access. So, whereas technology is not going to solve all these problems and none of the technological solutions that might be proposed is completely foolproof or completely unbreakable, it should be a goal, I believe, to put in place technologies which will, at the very least, inhibit the kinds of activities that we don't want to see happen -- and make them much more difficult.

I also agree with the first panelist today in this panel that digital signature certification crypto and SMART cards are all technologies that need to be seriously considered. Obviously, encryption is going to be critically important if there's any hope to have any kind of privacy of medical records. I don't see doing it without using encryption and without using it significantly. I also found the comment about implementation of data sets protesting to be quite interesting. I think that that's -- again, it was made by the first panelist -- I think that's a very interesting comment. It's something that I, personally, would tend to support with the caveat that it's very tricky to write good data sets. I mean, we do that in this profession all the time, they're called benchmarks. And people design chips, sometimes, which have peculiar features in them just so that they'll run very efficiently on some of the benchmarks. So, that does happen. The square root of two, for example, is one. So, whereas I think that is a good idea, I think it's also a very challenging thing to do.

I just want to point out, getting back to my more formal comments, that USACM, which I mentioned I chair, is our U.S. Public Policy Committee. We have a home page -- I don't know how many people have been giving home pages -- but ours is WWW.ACM.ORG/USACM/ and there you won't find my comments right now, but, hopefully, they'll be up in a few days -- since I wrote them last night on the flight home, which is why you don't have copies, either.

One of the main points I'd like to make in my testimony is that I really hope that you will call on us to help you, to provide you with expert testimony of a technical nature. I'm not -- I, personally, am not an expert on medical databases. We have members who are, who are working on projects right now developing medical databases, secure medical databases who could go into much more detail than I expect you would want to hear about the technical implications of various policy approaches and vice versa. And we would be very delighted to provide you with names of people who could come to you as a relatively independent witnesses. That is to say, that they - they're not representing particular companies or organizations that have financial interests in these issues.

Now, another panelist, Tom Traben, mentioned the problem of people opting out of reimbursement because of privacy concerns. I want to put a slight twist on that story. I have a friend who opted out of treatment because of privacy concerns. Someone I know who was going through a particularly hard time in his life, happens to be married to a therapist and it was her opinion that he could really benefit from anti-depression drugs, some anti-depression drugs. But, because she was also a therapist and knew how well --how un-well -- this information is guarded, they decided, basically, the two of them decided, that they would not go this route because they were concerned -- he was concerned, they were concerned -- about the possible loss of future medical insurance and even possible employment implications.

So, the privacy issue is you don't have to have -- this doesn't sound so terribly dramatic compared to people checking for, checking records to see who has had abortions, but, nonetheless, this kind of thing, I suspect, happens a great deal. And I think it's something we should be very concerned about.

I also want to quote from a recent document called Options for Promoting Privacy on the National Information Highway, written by the NIITF, the task force. "Medical information is routinely shared and viewed by third parties who are not involved in patient care. The American Medical Records Association has identified twelve categories of information seekers outside the health care industry who have access to health care files - including employers, government agencies, credit bureaus, insurers, educational institutions and the media." And now I want to digress from what I wrote yesterday to mention a letter that was given to me over lunch that was sent to Dr. Terry [Fotrier]. This is from the Medical Information Bureau. He decided to request his medical records, actually using [Fourier]. And they wrote him back this form letter. And at one point it says, "Decisions are not based on MIB reports, unlike credit or other reports. MIB reports are not used by insurers to decline applicants or to increase premiums. Underwriting decisions are based on information from applicants, and from medical professionals, hospitals, labs and other sources the insurer contracted with the permission of the applicant. MIB reports alert insurers to occasional attempts by applicants to omit or misrepresent relevant facts." That's on page one.

On page two they say, "A consumer may be entitled to record search and disclosure at no charge if, within 30 days prior to a consumer's request for disclosure, both of the following conditions are met. the consumer's application for life, health or disability was declined or the consumer was charged an extra premium hereafter referred to as an adverse action and the insurance company which took the adverse action provided the customer with a notification which identified MIB as an information source."

Follow that? He said that you can have a copy of this, if you would like. I want a copy of it.

All right, getting onto other areas here. It is obvious that what we need is we need to have a database that is used to store -- okay, let me back up. An example of how the technology can be used to interact with policy -- something which I think is an obvious requirement -- is a database that is used to store patient health information that has patient identifiers easily removed without viewing the unencrypted data. In other words, you've got your identifiers, you've got your data. If you want to do, studies, if you want to do research studies on this stuff, you should be able to remove the identifiers and get into the data without ever looking at the combination of the identifier and the data. And that should be easy to do. And it's, it's certainly quite do-able to construct systems like that. I don't know if such systems exist today or not.

Getting on to some of the comments that were asked to address, I'd like to address, first of all, the issue of standards...

DR. DETMER: If you can move along...

DR. SIMONS: Okay. I want to stress the idea that it's much easier to build a secure system and one that respects the privacy of the patients if you start off with a design that incorporates that. In other words, if you do it in a top-down fashion and you take into account all of the things that you want in that system and you design and build the system to implement those things efficiently, rather than trying to take them and graft them on to an already existing system which will be A -- hard, B -- expensive and C -- subject to not working very well.

I also want to comment on the whole issue of Social Security numbers. I was thinking when I was sitting here this morning and hearing some of the earlier testimony that, well, initially I was thinking will I have anything new to say to this panel? And then I heard people saying we should be using Social Security numbers and I was blown away.

Last week, I had the occasion to testify before the Social Security Administration, which is holding a hearing in San Jose, to discuss the [forced removal] of its on-line system to provide personal earnings and benefit estimate statements or PEBs. This has been put on-line as a service that Social Security Administration was providing and to get your information, you had to send them your name, your Social Security number, your address, your mother's maiden name and your place of birth, sort of the five standard identifies.

Now, I know all that stuff about my former husband. I could easily have gotten his information. You know? The fact is we're on good terms and I probably could have easily gotten it from him, directly and, besides which, it would have been illegal. So, fortunately, I didn't do that.

But the point is, that this information is widely available and there was such a brouhaha raised that they had to take it down. And the bottom line is, not only do I think it would be ill advised to use the Social Security number as a patient identifier, the Social Security Administration even can't use it. They can't use it to authenticate people to get their own data because it is so widely available and I'm sure that I could get the Social Security number of any one of you in a relatively short period of time, off the Net, if I wanted to. It is not private. It is not authentic. And, of course, there's been a lot of testimony to the fact that it's also - that they're duplicates. There are many people with the same Social Security number both by accident and on purpose.

So, I'm skipping over a lot of stuff here, but let me just summarize by saying that we support the goals of the bill to expand privacy protections for medical data bases. We feel this is very important, and we feel that the way to do it is to start off thinking what is it that you want? Don't say, "Oh, my God, we can't get there from here." Start with what is that you want? How are we going to prevent/protect this privacy? And then worry about how you're going to get from here to there. Don't just try to inch your way along, because at that rate, I think, we'll never have adequate privacy protection because the technology will be moving faster than the protections that we're implementing. Thank you.

DR. DETMER: Thank you and thank you and thank you and thank you -- no, thank you all. I appreciate it very much. And now, what we'll now do is open this up for some give and take with the committee members. Dr. or Mr. Gellman?

MR. GELLMAN: Barbara and Ann talked about individual identifiers. And I want to ask both of you - or others, if you want to contribute - it seems to me that we're sort of at the end of the era of Social Security numbers or looked at another way, the beginning of an era of some other kind of form of identification. And at some point in the future, we are likely to be walking around carrying a card, SMART or otherwise, with a biometric identifier or digital signature or encryption codes or who knows what. And in making decisions about identifiers, how do you in an era of great change or great potential change, how do you make a decision? How do you look forward? How do you take all of these impending changes into account? The Social Security number has a lot of problems. Any other number will have a lot of problems, yet any of these things might be superseded -- I won't say at any time but in the near future -- by one of these, one or more of these other devices. What do we do? How do you make a decision in the near future? Do any of you - anybody have any comments on that?

DR. SIMONS: You mean, how do I make a decision as to what I'm going to use or..?

MR. GELLMAN: How does this committee make a decision on making a recommendation on what kind of unique health identifier ought to be used for individuals?

DR. SIMONS: Well, I think for starters you want to eliminate the Social Security number, as you said. I think that Ann made some...

DR. DETMER: I don't think we have the authority to do that. We do have the opportunity to make recommendations.

DR. SIMONS: That's what I mean. You ought to recommend. I agree that Ann's comments that any number is going to have problems. I think that's a well taken comment. I - I mean, one option would be, it's my responsibility to go out and get some kind of authentication as to who I am and that is what can be used to store my records. And there could be multiple sources for certifications for digital signatures and so on so that the fear that we will have - that we will each have a unique identifier which will trap, will follow us everywhere could be, at least to some extent, mitigated.

I agree it's a tricky problem and I don't think there's a simple solution. As we were saying over lunch today, it's -- I think one also has to accept the fact that there are going to be some people who will choose not to be identified in our society.

DR. DETMER: Others care to comment?

MS. GEYER: Well, I don't have an answer to your question. I think that's one of the things that I've observed in this whole process is just how much we're all looking for an answer. So you're sitting here and we say, "Great. Give us an answer."

First off, I think we start here with several different approaches that I think we need to take recognition that it comes down to each individual's basic comfort level with disclosing information, including identity on a case-by-case basis. And that there's been testimony - all kinds of testimony - about the industry trying to define what this comfort level is. And that, I think, is a mistake. I think that we should not abrogate individual's decision about that comfort level.

And that's both the challenge and, I think, the opportunity for a solution, which is to find ways by taking advantage of the new technology coming into place to have individual's determine what they will disclose and to accept that we may have to live with that as an industry. I mean, that's really the best statement that I can personally come to in response to your question. It's not very satisfying. You know? And of course, my organization is faced with the same problems that you have, which is, at the end of the day, we still have to make something work for the industry around these issues.

MS. SWANSON: Well, I'm not the expert. But I've been identified, as all of us have, with our IDs on ATM cards and Master Cards and so forth. And what occurs to me with the comment that [they] are transported all over the place, that Ann's original comment: any number will have a problem if you take that from that point of view...

I was traveling once and I was trying to use an ATM card and because of the security problems with that particular bank, all numbers were down and I needed money. So, they had to have a solution that periodically they'd purge numbers and give us new numbers. I'm just giving the implications of whatever number you give out -- and there's a problem -- then the system has to then change. And so then I want to port this data over and maintain an episode of care, but the numbers have changed on the individual. I mean, the number now becomes a life.

The static idea of the Social Security number -- the reason why we're at the end of it, in my limited estimation is because our life isn't that simple anymore. And security isn't what we thought it was. So, it just seems to take on this whole dimension that -- I don't have a recommendation at this point.

DR. DETMER: Lisa and then Jim.

MS. IEZZONI: Ms. Forbes, you raise a really crucial issue that even though our medical records are dictated and transcribed somewhere else, I guess we doctors don't think about it very much. And it's true that a lot of my colleagues, even though we have a computerized outpatient medical record, a lot of them are computer illiterate and simply say that they refuse to write at the keyboard and so they dictate and have somebody transcribe it out.

You know, in the past, there used to be kind of, I don't know whether it was a law or a JCHO requirement that you could not take a physical paper copy of a medical record home. You couldn't take it out of the facility. But what you're basically saying to us is that medical records are in people's homes right now. And, I just wondered what you as a kind of trade organization, whether there were any other people that were interested in this because this seems like it's something that's kind of crept up on us and you haven't -- we just haven't heard very much about it?

MS. FORBIS: Well, first of all, it's been my observation that committees such as this one and others are examining outcomes. Everybody wants to know the outcome and nobody takes the time to understand the process that drives the outcome. And medical transcription and dictation are processes.

Qualified medical transcriptionists are medical language specialists and they process is quite complex. Therefore, there is a critical shortage of qualified people. And with down sourcing and re-engineering and all of that, the outsourcing began. Okay? So, it's leaving the hospital premises. Do you know the qualifications of the people who are doing the work? I would say that if you're in a large facility, the answer to that is no. It is a home-based business and I don't want you to have the idea that there aren't people with great integrity doing your work. What I'm saying is that, with all due respect to all of my colleagues and service owners -- and I want you to know that I am former service owner -- it is my opinion that there is a sleaze factor that's been introduced, if you will. And my concern in bringing this before you is that measures be taken to assure that the sleaze factor doesn't continue and that it become like and ebola virus, okay?

MS. FRAWLEY: I want to follow up on that point because I want to reinforce something Pat just said. I actually was a home-based transcriptionist twenty-five years ago. And so this is not a new practice of industry, but I think there's two things that came out of Pat's testimony that I think we really need to be clear on, is that providers are contracting with services and there's no disclosure in terms of where this work is being done. And so, a couple of months ago, the front page of the Washington Post talked about the fact that an emergency department in Washington D.C.'s work was going to India and the physicians at the hospital had no idea that their emergency room reports were being transcribed in India and coming back. Not that that's bad, it's just that there's no disclosure, that people enter into contracts. And so the patient does not know that there is a contractual relationship, the providers don't know that they're dictating and the work is being done in India or the Philippines or Thailand. And so that raises an issue in terms of just how we handle the flow information.

The second thing is the fact that companies that have been in the business of this for a long time are now sitting on huge databases. And the fact that these companies now perceive that they have the right -- again, they are under contract to the provider, they do not own that information. [But] they see it as their right to go out and market it now. And so, you know, I just - I think there's some important points here because as Pat pointed out, we've never really discussed any of these issues. These are the ones that people just kind of ignore. And yet, it goes back to the whole concept of the unregulated flow of health information.

DR. DETMER: Well, one of our hearings tonight, I don't know, maybe the two of you missed that, but we did have some testimony, actually, about some of this going out to Mexico, India and so forth in one of our...

MS. FORBIS: It has to be, first of all, it's English speaking nations. And I want to tell you that this is not a new idea, either. In 1987, I pursued with AMR, the parent corporation of American Airlines, the possibility and the feasibility of establishing an educational program and a transcription service in Barbados. So that never... That did not materialize. However, it has come along and technology doesn't stop at the borders, as we all know. And so for English- speaking nations, this is an option. But the question is, whose laws apply? And how does the work get transmitted back? What are the safety features? And who is protecting the patient - and the provider, I might add?

UNKNOWN FEMALE RESPONDENT: I'd like to comment on that. The same phenomena takes place even in the electronic world where information on tape is sent overseas for rekey punching. I mean, that's something that's been around. My comments have to do with - I don't think we should try to prohibit or, as, you know, as this process, step in and say how organizations can contract for the conducting of their business. Rather, I would suggest that we tackle these problems directly, as a concern, which is the confidentiality of the information and to say that you can't abrogate your accountability and liability because you've got a contract with a service vendor or an intermediary, regardless of the function of the intermediary. And that, at least, we hold the accountability, we highlight the importance of that, and we hold people to that accountability. That, I think, is a very workable approach.

DR. DETMER: Mr. Gellman talked about the end of the Social Security number. I think we also are, increasingly, a global world. And I think when we talk about how dear California is to us or Virginia or whatever of our great 50 states, it's also apparent that if we can't find a way to also set some international standards and collaborate as an international community, and we're having some interface on those issues, we'll also have, I think, some problems - because that's the nature of our world at this point.

MS. FORBIS: As holders, though, as people who are acting as data repositories, I think that it's very important... Well, and take into consideration that the investors, now, are becoming people who could use this information, who would like to have more access to it. I think that something needs to be said about access to the information and something needs to be said about the audit trails that extend to contractors.

In other words, if - and I, just as we heard previously that some of the resistance is coming from the billing industry, the greatest resistance that we found to our draft standard for confidentiality and privacy has come from medical transcription service owners. So, I think that it's very important that what you establish to happen within a facility extend to contractors. That the audit trails -- no matter where this work is done, that the transcriptionist is identified, that the service it's contracted to is identified. Where is the information going? And who has access to it?

MR. GELLMAN: I'd like to just add a point on this that, I mean, I think the point about not, about using contracts and not allowing the privacy thing to control the way the world operates is sort of a fair point. On the other hand, when you're dealing internationally, you can't, by contract, solve the legal problems because you're putting information in another jurisdiction. And just like here, you can't write a contract and make information immune from subpoena. That's true overseas. And at least one of the bills, HR52, has a provision in it that says you can't send medical information to another country that doesn't have equivalent protection. And that is a provision that's drawn, in part, from the EU Directive on data protection, which also establishes limitations on the export of personal data to other countries. And it's something, and I think the point that Don made is true. You have to really look at this more globally than we ever have before.

MS. GEYER: Well, see, I would suggest - and to counterpoint that - that there are actually some very positive actions that one can take around this issue. I'm not saying that enforcing contracts is one of them. But what I am saying is that what we have here is a contract process. In managed care what we have is a contract process. And that purchasers contract with health plans. Health plans contract with providers. Employees, if you will, contract with their employer about all these things.

And that you can elevate the sensitivity and the awareness and the requirement for concern through the land which you set up standard contracts and a contracting process. And, as an industry, this is something that I feel we've got a fair amount of consistency and agreement on that these are serious issues, that there's room for improvement and that the barriers to improvement are really a matter of what's the good idea? And how do we help as a group make this happen?

DR. SIMONS: Well, do you think that the patient has the right to know that his or her medical information is being shipped overseas?

MS. GEYER: I that's a difficult question to answer. I don't feel I can actually make a statement about that question in my role speaking here. As a person I can say, that isn't where I want to hold the health system accountable - how they do the business. That is not, I mean, speaking now very much as a person, not on my radar screen.

MR. SCANLON: Two questions. First, in the confidentiality area, particularly, substance abuse treatment. There is already a federal regulation that protects the confidentiality of drug treatment records. And I wonder how, Tom, maybe in your experience, how has that worked? What's worked good about it or what's worked bad - what hasn't worked well about it in terms of a model for say, a national law for protection of treatment records? Have you had any experience?

DR. TRABEN: Not a lot. In states, most offices of substance abuse are separated from mental health and they're treated differently. And there's some movement to integrate both laws for those records as well as funding streams and a variety of other issues and I think that would be good.

MR. SCANLON: And a question for Ann. Ann, at the beginning of your talk you talked about the need, you said that standards, EDI and that sort of thing was, to some extent, largely local, applied local and this sort of thing. And I think you talked about the need for some flexibility within the general context of standards. What sort of -- how would that work, specifically, in terms of EDI standards or...?

MS. GEYER: Well, actually, my comment wasn't so much about EDI standards. I'm still an EDI novice, even after there years of trying to understand it. I had lunch with one of my members today and the whole conversation was over my head. which I think is one of the true dilemmas about the HYPA legislation and, I mean, I am a committed individual trying to learn just as quickly as possible and it's enormously complicated.

My comment had to do with what I believe is a general, fundamental approach to the whole domain of access to information. And that is, that we ought to try and take a minimalist approach. That what is the smallest number of things that we must all agree to do in common so that we can maximize local decision on how they're used, how they're implemented, policies and procedures, local decision making.

I mean, I was fascinated on the presentation on codes and things like that. But, Gretchen Swanson's description of codes doesn't match anything that I've become aware of in all of our discussion of codes. So, I think it just highlights to me that we can't mandate away the necessary flexibility we have to make room for.

DR. DETMER: Lisa Iezzoni.

MS. IEZZONI: Actually, Gretchen, I do want to ask you a question about the coding. How long has ICIDH been around?

MS. SWANSON: 1980.

MS. IEZZONI: 1980. Why hasn't it taken off in the United States? What do you think is the explanation for that?

MS. SWANSON: My belief is that there wasn't a need to look at it until the late '80s, early 1990's. And the National Center for Health Statistics has been an instrumental agency and to try to inspire people here in the United States. It is very widely used in Europe. So, it -- I think it has to do with how we -- it's our philosophy about what we're doing...

MS. IEZZONI: But in nursing homes, like the minimum data set was implemented and that contains even more information about patients' functioning - I mean, how...

MS. SWANSON: How do I reconcile that?

MS. IEZZONI: Yeah.

MS. SWANSON: I think -- not MDS -- but...I don't know. But with the functional independence measure, which is the acute rehab version of MDS, in a sense. That was developed from ICIDH. Many of these functional measurements come from ICIDH for specific population. It was an expedient way to try to control this issue of loss of function within a segment of the industry. Because there's not a national intent to measure and monitor function, then individual organizations have gone out and done their thing. So MDS is an example, from my point of view, an example of that. It can be crosswalked to ICIDH. ICIDH actually represents many more functional concepts than MDS does and has a different, you know, a scale that goes across from all age groups, you know, the developmental ages. So...

DR. TRABEN: If I could add something? I was very intrigued with your presentation. The direction in which behavioral health outcome measurement is going is more toward functional measures than ever before. Part of that is the accountability demanded by purchasers in private sector/corporate world where they're interested in things like absenteeism and work productivity. In the public sector world, functional measures are often more useful as indicators of successful treatment and symptom reduction, especially when there is serious and persistent mental illness. That is, part of the problem that's being presented. So, I'd like to learn more about this.

DR. LUMPKIN: I will follow the good example of my colleague to the right and pass on the left side.

DR. DETMER: Well, I think we'll break, take a break in a minute. I must admit, hearing some of this reminds me of Benjamin Franklin's comments about the way America makes policy. And it does it in an ad hoc fashion. He said, "This nation has never been a nation of plan." And I think it's very interesting, of course, because we're being called upon, I think, from a number of panelists to look ahead and really try to do that.

That's not been, typically, on our nation's repertoire of policy and decision making and such. And so I don't know that we'll be able to do a better job of muddling along. But, obviously, it's not only, I think, political, it's technical. It's process, it's procedural. It's, you know, policy as well. So, a highly complex sort of thing. But I, obviously, if you like complex stuff, this is our stuff. Anyway, thank you all, very much, it's been very useful to us and on behalf of the whole committee thank you and we'll take a fifteen minute break.

[Breaks at 3:16]

[Resumes at 3:33]

DR. DETMER: I'd like to call us back to order and to continue with our last panel of this two day set of hearings. As I mentioned at the start of both days, the history of the way the, the committee has historically dealt with hearings, they allow people in the audience that would like to say things, to sign up at the start of the day. And we will have that session at the end of this day. I know of two people that do want to comment. If others of you wish to as well, please sign up because we'll be doing that as soon as we've completed this panel. In fact, what I think we will do is. No you can sit right there. Oh, I see. Okay. Well you can roll, for a minute until I'm finished with my comments. In any event, what we'll do is hear from each of you and then hear from the other two folks and then we'll just open up what time we have left for the whole set, Okay?

So, how do you pronounce your name, please? Oliva. OK. Dr. Oliva, please?

DR. OLIVA: If you will excuse me [inaudible].

DR. DETMER: Yeah, we'll need to wire you there.

DR. OLIVA: Okay. Sorry. I also wonder why I'm on the provider panel, but I can kind of pose as a provider. I was a provider once. That's it. That's as far as I go [making mike adjustments]. I'm the Director of what's called the Family Health Outcomes Project which is a project based at University of California, San Francisco with a mission to develop a rational approach to delivering care to women and children through the use of information and information and technologies. And we've been a contractor with the State of California and the Federal Bureau of Maternal/Child Health for the last four years. And what I'm going to do today, and in the course of my presentation, hopefully, I will answer or address some of the questions that were raised in the questions that were distributed to us.

But what I want to do is kind of tell you the story of how California came to take its first baby steps towards development of unique client identification and towards addressing the issue of confidentiality in this area, in the hopes that you will just benefit from some of the mistakes and some of the lessons that we learned on the way in your deliberations.

The interest in unique identification started in California in 1991 with a legislatively mandated committee, the AB99 Committee, which received a mandate from the Governor as well to form a blue ribbon committee to look at the issue of integrated and comprehensive children's health care services. Part of the recommendations of that committee were the development of a data system for children that will allow unique identification to allow for tracking, case management and outcomes monitoring.

In 1992, our project received a contract from Maternal/Child's Health branch to begin to develop the methodology to implement the AB99 recommendations. In 1993, a foundation consortium of 13 major foundations in California contracted with the -- with a separate organization in California to look at the development of electronic data interchange standards to be used for inter-agency collaborative projects, which at that time were primarily based on school sites but began to crop up within public health agencies around the state.

What's going on a lot in California now and what has been, is the whole issue of inter-agency collaboration, inter-agency care, which is very similar to what's going on in the private sector with multiple providers and they're under an umbrella providing multiple services to an individual client. That process came up with a number of products that formed the basis for a lot of our discussion as we began to look at the issue of unique identification.

The group recommended a set of core data elements to be used for uniquely identifying individuals across services and confirmatory elements to be used to identify and to locate clients. And then, a larger set of data elements to be used for case management and inter-agency information about a client. And those were done in the form of EDI standards, based primarily on ANSI, although where there were no ANSI standards, we looked at H12 and HL7, I mean, X12 and HL7 as well. Try to speak quickly because I have lot...

DR. DETMER: Yeah, in fact I'm concerned -- you have ...

DR. OLIVA: Well, I won't do them all. Don't worry about it. Right. And then the California [Interhelp] information for policy project, which you'll hear about later from Mike Cassis, so I won't go into any discussion about that.

Let's just say after extensive -- we did what universities do -- which was do an extensive review of the literature on unique client identification, on data linkage, on data standards as part of the process. We convened an advisory group with representatives from all of the public agencies in California, as well as some of the private agencies and developed some criteria for identifying unique identifiers -- some of which are similar to the ones, I think, you've been using: universality, the degree of invasiveness, the flexibility of that particular approach, the discriminative capability, how it could -- how accurate it was in discriminating between people and whether or not it would be able -- we would be able to guarantee confidentiality while using that. We also looked at the financial feasibility of implementing the approach.

We considered five options. One was a client index number, which is basically a master patient index number which would be generated by the state in a random manner as people enrolled for services. The other was the SSN. Another was biometrics scanning. We looked at something called a Common Patient Identifier, which is, again, was recommended by AB99 Committee, which was deriving a number from some data element presented by the client. A set of data elements about the person's name, date of birth, etc., that could be turned into a new number and then that new number be used as a client identification number. The last possibility was a virtual identifier which basically was a unique identifier, but the number never appeared anywhere. The number was just a computer algorithm that was used to link data sets or link visits from one person to another based on a set of core data elements that could be used -- collected on the person, used in an algorithm by the computer and then identify, uniquely identify the computer - the person and then be thrown away. Therefore, there would not be a problem with confidentiality.

The recommendations of our group, which were also the recommendations of California Inter-agency Data Collaboration Project and the CHIP Project, were to actually not adopt a unique common patient identifier, but an approach to unique patient identification through data standardization and a required set of data elements. And what we decided was to recommend a core set of data elements and a more extensive set of data elements and data standards that would go with those data elements. And that these standards then, could be used across multiple programs. And you have there what they are, very quickly, the core elements were, name, date of birth, place of birth, gender, mother's first name and you can see the list of confirmatory elements and you have them in your packet. There's nothing magical about these elements, even a child can collect them, which was the benefit of them. They're elements which someone knows about themselves. They're not a card that someone has to have, but the sum of those elements, when used together, and when used with some of the newer techniques of probabilistic linking and algorithms that can be built with new technology, those set of elements can be used to identify an individual with a pretty high degree of accuracy.

And we felt that this approach would allow for electronic data interchange, because we would have EDI standards that would go with the elements, that would allow linking data sets for surveillance purposes or for tracking purposes, for surveillance purposes. They could be used to link and then the identifiers could be stripped and so the surveillance databases or the research databases could exist without any identifiers. That they could be used for constructing a unique identifier, if one so chose. Or they could be used to construct a virtual identifier.

Now, the other thing you have there, and I'm not going to go through it, is we tested these elements. And we tested them in a number of ways. We looked at the California birth certificates, which are over 600,000 birth records, with a lot of Maria Gonzales and many of them born in L.A. on the same day. And we found that with using the five core date elements, alone, we could get over a 99% match.

We then decided to try to link the birth certificate data with newborn screening data and found that we have a very high, 98+%. And the reason we didn't have as high a percent because a lot of the kids there are called baby boy or baby girl because they don't have a name when these forms are filled out. And so we had to go and use zip code to get a higher level of match, using zip code, which is one of the confirmatory elements we were able to get up into the 99 or 99% range.

We also looked at San Francisco Hospital, Hospital Discharge data, which is the worst, ugliest, most dirty data set you could possibly imagine. Only 44% of the records had useable Social Security numbers. In our hospital discharge data, an aside, we recently looked at Social Security numbers for children, only 46% of the records, or 44% -- I think it was 46 for SFGH and 44 for the statewide hospital discharge database had useable Social Security numbers.

So, again using the approach of a set of data elements that could be standardized. Now, I know there's one issue is data standardization, without data requirements. In other words, data standardization using something like ANSI, which we very much support. And the other is uniquely identifying -- I mean, it's one thing to have data standards for information transfer, it's another to uniquely identify an individual or to unduplicate records or to track somebody across databases. In order to do that, you need to have more than EDI. You have to some required elements. And our sense is that you use whatever elements you can get. Primarily these twelve, which include Social Security number or any other number.

Because when you start to look at un-duplicating and uniquely identifying an individual and you actually get your hands in it, you have to -- ultimately you get down to the point where you have to compare records. And the more elements you have, the more you can compare. But the more elements that are standardized and across databases, the easier it is and the less probabilistic linking you do and the more deterministic linking you do.

So, if you have five, and everybody collects those five in exactly the same way, you'll have very few records that don't link. Then you can go back to a more probabilistic approach or using other elements that might be in the database and build an algorithm. So that's really our approach. And it really is an approach towards -- the other thing that I have to tell you about, really quickly is that we've also developed something called the Common Application Transaction System in California, which is a way to implement this concept. It is a front-end registration, eligibility system for primary care and family health programs which we'll now be extending to CHDP so it will impact the private sector quickly. And in that system, we collect the core and confirmatory elements in a standardized fashion -- there are specifications that go along with it that vendors that can incorporate into their software and that -- we have pilot tested that in Orange County with 60,000 records where all the elements, the core and confirmatory.

We had very little refusal in terms of patient's willingness to give us that information. Patient's sign a consent form, that's part of our process. They sign a consent form which specifies exactly who will have access to that information and where that data will reside. That's part of how we approached the unique identification issue here. We combined the unique identification approach with consent and confidentiality standards, which include written informed consent. And they -- which goes along with it. We registered over 60,000 patients in Orange County, which is highly undocumented. And when we asked the clerks there, apropos of SSN, what do you think of SSN? They laugh. They say, "We usually ask the patient, 'What's your SSN?' and then we ask the patient, 'Is that a good one?' And most often they say, 'No.'"

DR. DETMER: Thank you very much, this is obviously very useful and we'll, may well want to come back for some questions on that. Mr. Schinderle?

MR. SCHINDERLE: Thank you. My name is Dave Schinderle. I'm the Vice President and Treasurer of St. Joseph Health System. We're a group of ten hospitals, nine of which are in California and one out in Lubbock, Texas currently. And we represent about 2,300 licensed beds across those facilities as well as we operate as an integrated delivery system, in the sense that we have foundations for medical care and other hospital based clinic-type arrangements where we represent, currently, within the family, about 300,000 covered members under full risk capitation and including all of our physician relationships. We represent over 600,000 members, currently, and growing at a very rapid rate.

We thank you, obviously, for the opportunity to be here today and to share some of our thoughts regarding some of the questions with which you've raised. Because of those capitation arrangements, we are in a fully delegated status from our HMOs. And what we mean by that is we've accepted full responsibility as an agent of the HMO to actually process any claims. And so we are, in our definition, considered and defined as a payor under the Hypa Regulations and law. This is a unique, distinction which we don't believe most providers comprehend. And there is, probably, close to 300+ provider organizations in this state alone, which are paying claims on behalf of the 14 or so HMOs in this state which offer Medicare Risk Contracts, not even including the other HMOs that may contract with providers in a payment mode.

So, medical groups in this state, as well as hospitals and other groups that are capitated and have accepted the responsibility of paying claims, are really payors. And I think that's a distinction and an educational issue that needs to be addressed with the provider community so that they understand that these regulations will impact them just as much as it will impact the payor community.

The other issue surrounds the data and data sets contained in these transactions. Currently, we do not have uniform data across all payors, providers and transaction sets today. And this is something that we need to work, closely, to address. While we developed excellent standards through the NCX12 process - and I've participated extensively in that development process since 1990 and I can vouch for, I think that that has been an excellent process and one that has produced outstanding results and wonderful implementation guides that are coming out of that process.

But the data sets are constantly changing and we do need define what those maximum data sets are. They need to be frozen for some period of time, annually or semi-annually, so that no payor, provider or vendor can make any exception for one group or another. We need that uniformity in order to make this all work and to achieve the cost benefits that we all are seeking.

This uniformity has significant benefits for us, as a health system. It allows us to reduce staffing and has -- and I will explain in a few minutes, we've implemented quite a few of these standards already and we are in a production mode with many of these standards and we can vouch for the fact that it does produce staffing adjustments. It addresses data quality errors, we have less time playing telephone tag with voice response systems, with payors to research problems to obtain needed information. We have elimination of program testing and implementationn of a myriad of proprietary standards that are still in use today. And we have lower costs - substantially lower costs due to re-engineering activities as a result.

Speaking to the personal identifier, at this moment in time, we would favor, and would recommend to the Committee that the Social Security number at least be used in the interim. Although we support the research that Dr. Oliva has just shared with you, we have -- I was unaware of their work until about ten minutes ago -- but we have separately, as part of our decision support system process, working with Transaction Systems, Inc., and our integrated delivery system, in attempting to integrate the data that is coming in from our medical groups, and the hospitals, and the home health agencies, and the ambulance agencies, and so on and so forth, and we've had to merge that data. And in order to uniquely merge that data, to create a longitudinal record, we have zeroed in on pretty much the same core data elements that they have, and we are achieving the same results that they are achieving as well.

And so, we are comfortable that that does create a very, very positive way of uniquely identifying an individual, at least internally within our organization. We're not sure how effective that that works in a trading partner relationship, when we have to communicate with other trading partners that information. I think that would require some further analysis.

Relative to some current standards that we have implemented, we have implemented the 835 transaction set. We were one of the first in the country to do that -- we were a pilot site for the health care financing administration in that process. We have integrated it entirely into our receivables in cashiering processes. It has been a very, very positive transaction for us in that regards, in that it reduced staffing. It eliminated quite a few FTEs in our cashiering functions, and keypunching -- those folks, in some cases, went off the payroll, and in other cases they were redeployed and retrained to do other processes and activities. It improved the quality of our Medicare logs and our other data in a dramatic fashion, and we've been able to link that to our banking situations.

We've also been able to implement the 837 transaction set for encounter data reporting with our HMOs. We're in beta testing on the 270/271 interactive eligibility transaction set. Currently, we have implemented an outbound 835 transaction for the purposes of paying our trading partners, either electronically or in paper-based, and outsource that through our bank, which has been very successful at one hospital. We've also been able to outsource patient refunds and insurance refunds in the same fashion, using an 835 transaction set.

We've implemented probably eight or ten other transaction sets, which are mentioned here. Most of those are either accounts payable or purchasing related transactions. We've found all of these to be extraordinarily doable, very positive, extraordinarily cost effective in terms of our business operations. Now, not every hospital or business unit within the health system has been able to implement these yet. We have application system issues, and data integration issues that have to be addressed. We are working on those as quickly as we can, and all of our new computer system selection processes require electronic commerce provisions in the RFP, which the vendors have to address. But the vendor community has still been slow to adopt these things, and in many cases, it has been somewhat cutting edge to demand our vendors, and expect those vendors to deliver application software that has built-in interfaces that don't us to build an interface engine which deals with that particular issue.

In terms of the concept of dealing with clearing houses and other issues, and the whole area of uniformity, one item I'd like to add is that we would echo a comment by one of the earlier speakers that there should be some possible certification process for independent testing services which clearing houses pay, or some providers can go to, to deal with getting the strict implementation of both data content, and the implementation of the ANSI standards, so that we can accelerate the implementation process. We think there must be some way to do that so that every potential trading partner in the health care industry can achieve that uniformity if we'll all going to use ubiquitous transmission of data across our networks in a secure and confidential way.

One other item that we'd like to point out is that the cash flow to providers is extraordinarily critical. As we make the transition here, if we pull the plug too early on the current flat files that we're using to transmit claims for institutional and professional claims -- whether that's the UB-92 or the HCFA-1500, or potentially one of the other claim sets that are out there -- and there is not absolute uniformity on the part of the clearing houses and the payers. The people who will suffer will be the providers and their cash flow, and that's an unacceptable outcome.

To that end, we would recommend that consideration be given that we allow the continued use of at least the current claim transaction for probably three years, beginning February of '97, and then sunsetting those in favor of the new transaction sets, to allow our providers and the payers and clearing houses to get a little more benchmark, and a little more testing. As part of the process, we would encourage the Secretary to consider actually formalizing an implementation process during the 24 to 36 month implementation phase, as spelled out in the regulations, in such as way that payers would be responsible for submitting implementation plans to the Secretary, as well as progress reports to monitor how effectively we are meeting our goals and objectives.

In the document, in my formal document that I've submitted to you, I've provided additional comments on each of the transaction sets that are currently spelled out in the guidelines, and I won't go into those details, but if you can read those at your leisure. In terms of the security in total, I think much has been said today. I'm not sure I can add much in that. I think our comment would be this, is that we believe adequate security exists out there, the technology exists -- we just need the -- we just need to do it, and pick one and go with it, and there's more than excellent advice that's been, I think, given to the community, and to the committee over time on this particular issue.

In terms of summarizing some final comments relative to some issues in your last question, we would recommend that the Secretary not entertain any request for exceptions from the Uniform Standards and Processes that he's permitted. We think that that creates problems -- potential problems with uniformity. We also are concerned about the two tier implementation that is currently spelled out, allowing small payers 36 months, and large payers 24 months -- we think that's problematic. If we're going to do it, we need to do, and everybody needs to do it together, in which case, we would recommend, if necessary, seeking Congressional approval to slip that date to either 30 or 36 months, to accommodate a way to do it all at once, rather than doing it in a two tiered approach.

We would also recommend that [Unintelligible] be established for all health care industry partners to educate their constituents, to promote the full benefits of electronic commerce, and to obtain the uniformity. In the alternative, we believe that you should significantly increase the penalties on folks who fail to comply with these regulations. We believe they are far too weak, and if it were up to me, it would be $2.5 million, not $25,000 per violation. There should be no exceptions. Everybody has to do it -- we need a traffic cop, and that traffic cop has got to be able to lower the boom. The Federal Reserve System and the movement of money in this country operates because there's a traffic cop. We must have the same relative to federal mandates in that area.

Two real short last items, and then I will get there. We believe you should also concentrate on the administrative transactions, leaving clinical transactions to later as it was when we have gained experience with the administrative transactions. And finally, we would encourage the Secretary to create technically oriented advisory groups and other processes to obtain the feedback on an ongoing basis, after implementation and during implementation, to make sure that all business requirements are being met, and that we are obtaining total uniformity that is needed for success. Thank you.

MR. BALL: I want to first say that I was very happy to take the invitation to speak before the Committee on a very human level. I've been reading your minutes for years -- it's always nice to put names to faces, so thank you for this opportunity.

My name is Mike Ball. I'm the Executive Director of the California Health Information Association. On behalf of the over 2,000 credential health information professionals, I appreciate the opportunity to be here.

Our CHIA is the state chapter of the AHIMA, which is the professional association that represents over 37,000 credentialed specialists, who on a daily basis manage and protect the health information that is an increasing important component of our nation's health care delivery system. CHIA is very proud of the leadership position that AHIMA has always assumed in the national dialogue, that has continued regarding what federal statutes ought to be passed to insure American citizens have the access to their own medical information, and if this information is adequately protected from inappropriate disclosure. As AHIMA takes the lead on federal initiatives that concern health information management, so does CHIA substantially contribute to the legislative activity and dialogue that concern these issues on this California state level.

I have included for consideration testimony that CHIA recently offered to the California Senate Insurance Committee. The hearing addressed, among other things, the issue of health insurance companies insisting that prospective policy holders relinquish their rights to controlling the release and use of their personal medical information as a condition of participation.

CHIA completely endorses the testimony offered to this committee by Margaret Stewart, AHIMA president-elect, on April 15, concerning clinical coding and classification issues. I personally would add that in my capacity as Executive Director of CHIA, the two biggest factors in degrading the uniformity of clinical coding are the lack of access to published coding guidelines by medical records personnel, and insurance companies arbitrarily determining that valid codes would not be eligible for reimbursement. It just drives us crazy. I recommend, as a condition of participation in Medicare or Medicaid reimbursement, that a health care facility must subscribe to BHA's coding clinic, or utilizes a software solution that incorporates that information into its system. If the hospital doesn't have access to that information, there's no way that they can continue correct coding, if they don't know what guidelines they have to follow. Miss Stewart's call for a central authority to enforce coding standardization for both payers and providers, would address the other issue.

CHI recognizes that the Health Insurance Reportability and Accountability Act is a work in progress, and we're very happy that there are established timelines for things to happen, and we're -- I'm sure Kathleen Frawley is particularly happy about that. She's worked tirelessly on Capitol Hill, trying to get federal preemptive legislation that ensures that at least American citizens have access to their health information in 50 states. As you probably know, there are 22 states that people can't even get their medical records. So I'm glad that those timelines are at least there, and in 18 months, or 36 months, or whatever that timeline might be, it's going to happen. I don't believe that the Secretary will end up doing most of that. I think that the Congress will finally get the idea and push it along, and get it done before the timelines happen, and that the Secretary won't have to do those arbitrarily -- let's hope, anyway.

You asked what was the most important, number one important impact of the requirements of the administrative simplification. To our association, it's going to mean that we're going to be doing a lot more educational workshops, because our people are the soldiers that enforce those regulations, that see that privacy and confidentiality protected for the patients in the health care system, and so, we'll be responsible for teaching them how to do those things -- what the new regulations are. So, hopefully, we'll be able to do that job, just as AHIMA will do the job on a national basis.

You ask, on number two, "Are any of these standards currently priorities for your organization?" Priorities are our raison d'être for being as an organization, so obviously, we would be very, very interested in hopefully contributing to the national determination as to how these things are going to go down.

And then, in number four, you ask, "How can administrative simplification best be achieved while balancing clinical and payment needs, while maintaining privacy and protection for individuals?" I sincerely believe that the answer to that is going to be the longitudinal computer-based patient record. That was the best design, and implemented in every hospital in the country, we'll be able to do those things in a cost-effective way. The main deterrent to that is that, unfortunately, hospitals have to foot the entire bill. In other words, nobody's going out and giving them money and saying, "Create a computer-based patient record for us," although all of the stake-holders in the entire process are going to derive benefit from that, but it's the hospital is going to have to foot the bill, and I think that's unfortunate. I think the government ought to do some kind of funding towards systems, just like the CPRI -- the Computer Patient Record Institute -- is now providing funding for demonstration projects. I think the government ought to step up there and do the same thing, and say, "Let's make the best computer record we can, and let's help you do it." Right now, it's unfortunately all the providers that have to foot the bill. So, I'll be happy to address questions, but I'm not going to be getting beat up by the time cop.

DR. DETMER: Thank you!

MR. KASSIS: My name is Mike Kassis, and I'm Project Director for the California Health Information for Policy Project, and this is a Robert Wood Johnson funded project. There are seven states that are benefitting from this activity. It's something known as the Information for State Health Policy -- it's run by Ira Kaufman and Denise Davis out of the University of Medicine and Dentistry in New Jersey. We are very glad to be a part of that project. It's four years and our grant is just about up, and thanks to this effort, we've been able to extend the life of this activity for two more years, using state funds, and instead of a project, we will be the Office of Health Information for Policy in the California Health and Welfare Agency.

To let you understand exactly what we're all about, the CHIPP Project began four years ago -- every state was different -- our approach was to take a process approach, and we have formed a steering committee, which is comprised of the directors of several major departments of the Health and Welfare Agency, and includes participation of the University consumers, providers, and members of the legislature. So we have a very impressive steering committee that gives us guidance. We also have a health data coordinating council, which is 45 members strong, and represents health players, providers, government agencies, consumers, insurers -- again, the broad gamut of players in the area of health information.

And that process has helped us in many ways to conduct our various project activities, and I'll let you know about those briefly. We set about to do an inventories of government health databases, and we discovered that we have 114 of them in California across our Health and Welfare Agency. That inventory of databases is available on our web page -- I'll give that to you real quick. I will have some written testimony for you, but our web pages, real quick, is www.chipp.cahwnet.gov. Dial in, we just revamped it recently, and we have lots of great new hot links, and some products that you can take with you, one of which is our inventory of databases in California. Doesn't contain the actual data, but it tells you how to get it and who to contact.

We've also done some other activities, and one that I think you'll be particularly interested in is file linkages -- that was probably mentioned in some of the other testimony. We have successfully linked hospital discharge data in California to birth data, and there is no direct link there. It was a deterministic link, but it was based upon such things as admission dates and dates of birth, and whatnot. So, we've been able to link the mother's discharge data, the baby's discharge data, and the baby's birth record. And with that data set alone, a researcher at one of our university hospitals has actually changed practice patterns. They have discovered that certain practices engaged in the delivery of certain kinds of high risk infants has resulted in some problems, and they've been able to actually change practice patters, and improved the quality of health care. I mean, that's tremendous. I mean, I hear horror stories about the release of confidential information, and that's terrible, and we do everything we can to protect it, but it's terrible to hear horror stories about medical care that can be changed and improved, because sometimes we can't get access to the kinds of information that's essential.

We've engaged in some file linkage activities we intend to do more in that area. One area that we're looking at is, give us your data, we will link it, strip it, and give it back to you, which is incredibly valuable. We know that we have a lot of individuals who have data that they can't give. We have data we can't give them. If we can sort of put it in a black box, if you will, create the linkage, strip the information out, and give it back to them, it's useful. They can't identify individuals yet -- they'll have a very powerful set of data and information.

We do other things, too. We publish a fact book on health information in California. Our focus is policy makers. We want to be able to provide information to them for decision making, so you'll see that on our web page, and you'll see some other products that we have on our web page as well.

I'm going to go right to the summary -- the time cop is -- I can see the red lights. Let me make just five or six, seven points. No social security number -- maybe on an interim thing -- we can talk about that. Forget the social security number. Yes, it's a part, as you saw, of core data set, but don't -- forget it, it doesn't work. The core data set makes sense. Stop and think about what you're using it for. We're not using it to verify somebody -- in that case, you may need a photo ID or a fingerprint -- that's a different issue, of verifying who somebody is.

But once you know who that individual is, and you're creating records, a core set of data elements is going to work best, and we are embracing the core data set that Dr. Oliva and, I think, Dr. Abbott the other day presented to you. That works for us. If you don't like mother's first name, you want to go to -- we can talk about that, but, this set seems to work, and it works really well with people. We are endorsing it as being adopted in the Health Department. We're going to adopt it, hopefully across all of the Health and Welfare Agency departments. Our Department of Mental Health, which has never maintained a client tracking system before, with specific IDs -- we'll be using this core data set. It works, and we offer it to you, and we'll work with you and help you, if you choose to make that your recommendation.

Another thing, in the other areas -- with respect to whole issues of data quality, data standards, data accuracy, confidentiality, all of this -- we want you to consider something. Consider, perhaps, adopting an accreditation standard for health data operations, whether it be in a health plan, or a health facility, or a state health organization. If we're going to adopt a set of accreditation standards, which encompass everything, from standards to confidentiality, to access, protocols, whatever. If we can adopt a set of accreditation standards and apply those, then people might feel more confident. They feel confident about accrediting hospitals, we feel confident about accrediting physicians or other kinds of organizations -- that might be an approach to doing it. It's a private sector approach, that means you're going to create a growth industry, but by the same token, you might create something that'll give people a sense of satisfaction, that they know this organization, whether it be a health plan, or a hospital, or even a health data organization, has been accredited by some national or body that's recognized.

Another thing I want to add is, I agree with others regarding the consumer input. Maybe as a part of this process, any major health data organization should be required a part of that accreditation to have a body of representatives -- of plans or providers or whatever -- but also consumer representatives. They should be a part of that, and it's a concept that I've always thought about and embraced over time when we've talked about it, is the best place, sometimes, to protect something is not hidden. If you have a package, you don't want to hide it under the table, because you can't tell if it's gone. Sometimes, the best place to protect something is out in the open. So, if you're running a health data organization, and you want to make sure that your procedures and policies and your data is secure, you want to make sure you have the public eye on it. And that way, people can say, "Hey, we know what this data organization is doing, we can attest to it, we know that their procedures are above-board. We have a consumer representative on the panel," and then people feel better when they know that people are watching.

We agree with the issue of informed consent and the issue of consent, but our approach is only if it affects, or actually touches, an individual. For example, we would not favor consent in the area of collective hospital discharge data -- it's not required right now by statute -- but that would just create an incredible burden for us. But if that access to data is going to touch an individual's life, it's going to go to somebody, and they're going to use it to make a decision on them, or they're going to use it to contact -- absolutely, you have to have informed consent.

In the area of research, where you are going to be looking at a specific individual for the purposes of linking, or for purposes of doing some sort of research, yet you don't want to get involved in the issue of consent, then we have a process for that. We have the institutional review boards, our Committee for the Protection of Human Subjects -- there's a process there. But for other kinds of issues, in terms of data access, we don't believe that consent is the way to go. We do believe, though, and I agree, with [Unintelligible] regarding the issue of stronger sanctions and stronger protections. We have a committee, I think Kathy mentioned it earlier -- there's a joint legislative committee that's been formed in California on privacy, confidentiality, and security, and if -- they're looking at the sanctions that are currently in place in the bill, and they don't believe those, again they don't believe those are strong enough, so we expect to adopt even stronger standards and sanctions. So, anything we can do to make it stronger, and make people realize that we're serious about this thing, because if people don't feel confident about how their medical information is being handled, then they won't even seek access to care and you heard that too.

Another element, and the last point I want to make, is a part of this process would be developing some sort of consumer education, maybe even into the high schools. Teach people about what's going on in their life. Teach them the fact that government does collect information, and it's important, and it's important to them. I had a member of that committee say, "Gee, what if I don't want to turn in my hospital discharge data? What if I want to exercise my privacy right?" And we heard some laughter from the audience, and I had to explain to him that this is a public health issue, that most people are fine with that -- they have no problem with it, and they know the information is going in for a valuable purpose, but they don't know. So we need to educate them, we need to educate people that we have assistance for collecting information, and that they're important, useful, and that they're being protected -- their confidentiality is being protected.

With that, I second a lot of the other comments that were made. I will get to you some written testimony -- my life is kind of busy these days, and you'll get it on floppy disk, and feel free to dial into our web page, and thank you very much for inviting me.

DR. DETMER: Thank you very much. The last shall be first, and the first shall last.

DR. NESPOLE: We'll find out. Thank you. I'm Tony Nespole, and I'm Medical Director of California Medical Review, Inc. A little background about our organization. CMRI is a private, not-for-profit physician membership organization, and it's the only physician membership organization that's been represented at these hearings, and I was very surprised to see that. I talked to the AMA -- to Nancy Dickey about that last week, and she was surprised also. CMA is not here.

We are under contract with HCFA to perform the Medicare peer review work in California since the beginning of the pro program in 1984. CMRI provides health care review, analysis, and intervention strategies for other government entities in this state, and elsewhere, university and hospital research projects and managed care organizations. Our primary work used to be sanction oriented -- we were the cops -- but now we're much kinder and gentler, and our primary work is quality improvement, and we are the federally designated quality improvement organization in this state. CMRI believes that the administrative simplification portion of HPPA is a long overdue, fundamental prerequisite to understanding, and the delivery of health care services in our system. The lack of standardized, and validated -- and I'm going to emphasize validated -- comparable health care data is a public policy failure that has cost this nation dearly, in terms of both treasure and suffering. CMRI's hopeful that these efforts will launch a national uniform system of health care data that will make reliable comparisons of patients, practitioners, providers, plans, IPAs, and groups a routine dimension of the system.

Given the complexity of the questions raised by the Committee in our brief time today, I am going to just focus on two dimensions of standardizing the data. One, improving the richness and reliability of the data available, and the confidentiality of sensitive information. CMRI sees a need to expand the list of mandatory data elements extracted from the medical record. We heard earlier that there is a need, from a public health perspective, to collect accurate patient data on race and ethnicity. Such data will enhance understanding of the health care needs of particular communities -- and this is a really big issue in a state as diverse as California. While the problems inherent in schemes to categorize such data are daunting, the ability to identify patients by race and ethnicity on the UB-92 will improve the health care system. CMRI urges the Committee to recommend collection of this information.

The cornerstone of any national data system is the accuracy, validity, and reliability of the data. All of us know, garbage in, garbage out -- we heard that earlier. There is no reason to have a system is the data are not accurate, valid, and reliable. The need for routine checks on the validity of Medicare data is demonstrated by the results of research conducted by CMRI on the reliability of Medicare Part A claims data. In 1994, CMRI concluded a data reliability study to determine the degree of agreement between Medpro data, and the medical records from which it originally came. Before I share details about this study, I'm going to go over the basic processes by which Medicare data are turned into Medpro data, which are the data that HFCA sends to the pros.

The HCFA data trail shows that the basic steps Medicare claims data goes through on the way to becoming Medpro data for use by the PROs. This process begins with the data being abstracted manually by the hospitals from the medical records to the UB-92 claim form. The hospital forwards the UB-92 to the Medicare fiscal intermittent remediary for further processing. The FI then forwards the claims information to HCFA for inclusion in the common working file. From there, the information is processed for inclusion in the National Claims History database. It is from the database that the MedPAR file -- Medicare Provider Analysis and Review file -- is created. Finally, the MedPAR data file is augmented with beneficiary identifiers and death information to become the Medpro data, and this is then shared with the pros. An awful lot of ways down the line that something can get messed up here, and things frequently do happen to the data.

Recognizing that this process generates opportunities for human errors, CMRI sought to quantify the degree of concordance between the Medpro file and the medical records from which it came. A random sample of 267 records was selected for comparison against the Medpro data, based on these records. We developed a medical record abstraction tool, with 48 data variables on it. The medical records were abstracted by experienced personnel trained in how to use the abstracting tool. After the abstraction, the data were entered in the PC database for analysis. Each completed abstraction form was checked against the corresponding medical record by a physician or a review nurse. As a check on data entry, the abstraction forms were entered twice, but two different people.

The results of the study show varying and potentially important differences between the Medpro file and the data in the medical records. Overall, two-thirds of the medical records had two or more differences with the Medpro file, and nearly 40% had three or more differences with the Medpro file. The highest number of errors were for type of admission -- elective, emergency, newborn, etc., and that was 21% of the records. And the source of admission was also a high source of medical error: emergency room as a source, transfer from a [SNIF], HMOs, this source of admission was also a difficulty for us, and it was 17% of the records that showed errors. Errors for discharge destination and indicators for intensive care, coronary care, blood transfusion, and the number of blood units transfused ranged from 7 to 11% of the medical records.

Work with the data shows that some of the errors in the med profile can be overcome, and others will compromise the validity and reliability of study findings. Medpro users must be cautious in the use of variables for which rates of differences are relatively high. Use of such variables as proxies for other measures further diminish their reliability. The study concluded that careful consideration must be given to selecting the specific variable to be used in the analysis of Medpro data, in order to maximize the confidence level in the reliability of detected patterns of care, and in the interpretation of outcomes following interventions and the processes of care.

CMRI's data reliability studies demonstrates that routine checks of the validity of the data are vital to the integrity of the system. There is no doubt that similar problems plague non-Medicare systems, also. CMRI believes that routine, unannounced audits or other accreditation systems of health care data practices and procedures are a vital part of establishing an accurate national health care data system. There's gold in the data, only if the gold is reliable and valid.

Confidentiality. The most sensitive dimension to developing the health care information superhighway -- so-called superhighway -- is the privacy of the health care information. Strong privacy protections are vital to achieving public support for more comprehensive health care information system. How many times have we heard that in the last two days? Moreover, such protections should be in place before computerized patient-specific information is available for analysis. The complexity of modern health care, the increase in the number of practitioners needing access to the medical record, and the expanding use of clinical data all point to the need for strong patient privacy protections.

According to a survey reported recently in the newsletter "Medicine and Health," the public has little competency that the privacy of patient-specific information will be maintained in a reformed health care delivery system. Nevertheless, we all realize that this information is highly sensitive, and that improper disclosure is certainly harmful.

The realization of administrative simplification will require new ways of maintaining the confidentiality of private health care information. The existing state and federal laws protecting patient privacy have strong weaknesses. The most common weakness is that privacy protections are aimed at controlling the holder and the type of the information held, rather than the use of the information to be protected. Such laws do not protect how the information will be handled. We heard earlier about our data going to India, Germany, and all over the world. God knows what can happen to it there. These leaks can leave patients unprotected in a variety of common situations.

Dr. Iezzoni mentioned earlier the fact of confidentiality protection for physicians. And as a physician membership organization, I'm going to speak a little bit to this. Often overlooked in consideration of privacy and confidentiality issues are the rights of the physician whose records are the source of the health care data. Physicians have a legitimate interest in knowing how their records will be used, and in protections against the inappropriate use of data. These concerns go beyond the problem created by sophisticated hackers surfing through medical databases, although such concerns are well-founded.

Physicians' concerns about the confidentiality of medical records go to issues like malpractice, economic credentialling, and other specific issues like social agendas. Pros have first-hand experience with physicians' fears that data may cause them problems. Medicare program rules give physicians a veto over whether the pro can report findings of reviews initiated by beneficiary complaints. In California, nearly all physicians refused CMRI permission to release review findings to Medicare beneficiaries, even when the findings are not adverse to the physician. Physicians fear that the pros' review findings will be the basis for a malpractice claim. While physicians' fear of Medicare patients becoming malpractice claimants is not supported by fact, it is, nonetheless, a major source of anxiety for physicians.

Similarly, physicians are concerned about their data being used for economic credentialling, where plans select and deselect participating physicians based upon how expensive their practice style is. Physicians fear that such decisions will be based on incomplete information, and without an opportunity for the aggrieved physician to challenge the decision, or the process by which it is made. If not addressed by the system, physicians fear such practices could taint the medical record. In other words, they could write the medical record in an extremely defensive way to protect their being deselected by the HMO. CMRI urges the Committee to focus on these fears and to provide due process for physicians before such decisions are final.

Finding the balance between the legitimate use of confidential data and the privacy rights of patients, practitioners, and providers will require new rights of action for individuals aggrieved by improper disclosures and a tough prosecutorial attitude by government officials charged with protecting the integrity of the national health care data resource. CMRI is optimistic that a balance can be struck, and that patient's rights to privacy can be protected in an environment enriched by accurate, valid clinical data. And CMRI urges this Committee to be bold in your recommendations to secure a reliable, valid, uniform, and comparable health care data system for our country. Thank you for the opportunity.

DR. DETMER: I want to thank each of you, and also hope I wasn't too hard on you in terms of trying to keep to our schedule. I think we will use about 15 minutes of our time now before I then call on our public participation. Who would like to start? Bob.

MR. GELLMAN: I would like to ask a question, addressed to Mr. Schinderle. I'd like to read a piece of your statement. "SKAS believes that all health care participants must take appropriate safeguards to protect the dignity and privacy of individuals. The industry has an excellent track record in this area." The question is, how do you know? Are there any standards in this area, and have there been any independent audits that indicate how well people are doing in protecting privacy?

MR. SCHINDERLE: I don't know of any potentially independent studies that would necessarily address that. My feeling, and those of my colleagues, is that we and our colleagues in the health care industry do a very good job of internally controlling that data, and protecting the dignity of our patients, and the confidentiality of that information. Are there problems in the industry today regarding some disclosure of that because of how we have to get reimbursed, and do we get every patient authorization that we should get every time? I'm not sure that we're 100% every time, but I think our track record is outstanding in that regards. I do believe that the newer systems that are being talked about here and being developed in the industry today, do pose safeguard issues that need to be addressed. But I believe that there are adequate security, encryption, and other devices today that are in place that can be implemented, that will appropriately protect that data.

MR. GELLMAN: Well, I don't question your good faith and concern in this area at all. But the reason that I always trip over statements like this is that the only investigations I know that were done in North America -- one was done in Denver in 1976, and one was done in Canada in 1980. Both of them show widespread -- the one in Canada is unbelievable. There's a three volume study of unbelievable pattern of stealing of records, illegal obtaining of records, and largely by insurance and detective companies, and show that there was a lack of control at hospitals and other health care facilities. And I'm not sure that anything much has changed in the last -- I don't have any reason to think that things have changed at all, and that's why I jump on statements like this.

MR. SCHINDERLE: I guess I would be very shocked if that were occurring in our institutions, but I don't know of any studies that we've done internally, where we've actually done that comprehensive type of an audit to address that issue.

MR. KASSIS: I think that speaks to accreditation. I think that whole process of looking at yourself and what you're doing, especially in the area of when we're talking about computerized information that's becoming even more vulnerable, and I agree. And I think that I would probably go with you and say yes. Overall, how are we doing? Probably okay, but then I can also, on the same hand, recount to you a whole bunch of instances at this hearing that I went to -- the very first thing was a news report from a San Diego TV station, which went to a Dempsy Dumpster right behind the medical laboratory, and they pulled out records, and they actually contacted patients, and said, "Did you know that this information was sitting there in a dumpster?" But you're always going to have your horror stories, and you're always going to have your exceptions, and that's true.

MR. SCHINDERLE: I would agree. I mean, we have a director for security who's attached to our Information Systems Group, who does go out and do random audits, and we frequently, to my annoyance, change our passwords way too often on our computer system -- I'm getting to the point where I can't remember my own password any more. And so, there are a lot of things that we are doing proactively to attempt to do that. We have a long way to go yet, we're not as far along as I know we would like to be, and I know that some of the newer systems that we're acquiring and installing now, we are asking and demanding our vendors to give us much higher levels of security and control in those regards, especially our new client-server networks.

MR. GELLMAN: I think the point of accreditation is a very good one -- I think that was a good point. The investigations that were -- and new technology will make a lot of this easier, and to have controls, and to follow up, but there are still a lot of paper records in a lot of places, and the two investigations that were done were only successful because the people doing them could only issue grand jury subpoenas or search warrants to find out -- it wasn't issuing search warrants to hospitals -- it was issuing search warrants to detective companies and insurance companies that had illegally acquired the information.

MS. FRAWLEY: I just wanted to follow up on one of Bob's comments, what we heard from this panel. The National Research Council that was one of the findings that we came up with -- we did go after organizations and ask them what their experiences were. And while they felt that they were doing a good job, that as we started to get into the dialogue, we began to realize that they had really no data to validate where they're coming from. But I do think that the idea of, obviously, as the panel has pointed out -- the Information Security Program -- but the accreditation piece, I think, is an important one, is that as an industry, we've got to develop some standards in this arena, and then really hold ourselves accountable. I know that was our concern when we went out on the site visits, is that we were listening to a lot of rhetoric, that we do a good job, we're concerned, but nobody could show us -- other than kind of pointing here and there, particularly to medical record departments, in terms of how they were handling information, so i think it is important.

MR. BALL: I think what this law did, too, is a step in the right direction, and that is to make much more onerous the penalties for compromising information. In other words, in today's world, it's impossible to protect information to where it can never be gotten to. So the thing that you have to do is, first off, do the retrospective -- you know, review to see who got in, and then make them accountable. And then, the onerous penalties like $250,000 for compromising is the right way to go. Here in California, we just introduced a law that would raise the penalties for compromising patients' medical information from $3,000 to $300,000, using the model of Kenny Kassenbaum to move us in that direction. We hope we're successful in that, but, in other words, I think that's the right direction. I was just saying that you can protect it -- you just know you can't. All you can do is retrospectively watch to see who got it, and make them accountable, and make sure the [Unintelligible, cough] you're going to get burned.

DR. MOR: I'd like to follow up on the accreditation idea. The Joint Commission has a new accreditation standard for outcome systems, but I don't know that they have anything in place like you've just suggested. Would that be an appropriate mechanism, or what?

MR. KASSIS: Would what be an appropriate mechanism?

DR. MOR: The Joint Commission.

MR. BALL: Right.

MR. KASSIS: Exactly, I think that would do it, or ...

[?]: Except that they only do hospitals.

[?]: But I mean that approach, or [Cross-talk]

MR. KASSIS: I think that the Centers for Health Statistics, certainly when they go out to the various states and review their programs, they have some standards -- there's a lot of people I think who are looking or may have touched upon it, but there's a lot more that can be done. We'd be very supportive of that.

DR. DETMER: Jim?

MR. SCANLON: A question for Dave. Dave, you indicated that you thought that the EDI standards would progress a little more easily and swiftly, with some sort of incentives to be provided to health care industry partners. What sort of incentives did you have in mind? Tax incentives?

MR. SCHINDERLE: Obviously, that would be very helpful from the perspective of deferring some of the cost, as Mike described. There is a heavy cost -- it is not, by our experience, at least, as heavy as some would make you believe -- but there is an up-front cost to converting your current way of doing business to a new way of doing business, and then re-engineering your processes around that to obtain savings. And by our experience, those savings are at least 3 to 4 to 1, or more, once we've gotten through the initial start-up cost. But there is some heavy up-front investment of time, energy, and money that needs to do that. That would be one approach. The other approach would be potentially for early implementers some incentives that can be given in the form of reimbursement on the provider side to go in. We think that there should be some incentives to payers to get out the word, all the way down to every third party administrator, Taft-Hartley Trust, every review organization that's independent of the process -- all of these parties need to be brought to the table and given some incentive for how to make these changes.

MR. KASSIS: I caution the Committee in that respect. I agree with that, but you have to understand that when people are looking at incentives, or even disincentives, corners tend to be cut, so I would be careful in that. I support it, but I would be careful in that, because if I'm running an organization, and I've got to meet a deadline, or I'm looking at getting a bonus if I can meet a deadline, I may just have slipped that.

DR. OLIVA: I just want to mention -- we had some dialogue with vendors around standards, and in terms of this common application process, and the vendors felt that it would cut costs tremendously when they were developing new systems, if there some standards. They were very interested in ANSI standards -- they felt that if those standards became industry-wide, then the cost to individuals after they developed the initial software, or the implemented the initial specifications, would be much less than now, where they have to go and develop a whole new system for each new client. And so they'd welcome -- they would welcome standards.

MR. SCHINDERLE: Part of the problem that we've had, though, that we should share a little bit is that California has been ahead of the game, especially in managed care, for example, and we've been asking for the vendor community to respond to our managed care needs in the California market for some years. They have been unwilling to do that, because the other 49 states don't need the software yet, and so, there hasn't been enough critical mass -- okay, one of the things that we hope this legislation brings to the table is the critical mass that is necessary to move the vendors to re-address their systems, re-engineer their systems, to make them electronic commerce capable. Right now, there are some absolute barriers in some software products, especially some older Legacy products, of getting your data out. I mean, our accounts payable system was like a brick wall. I mean, you couldn't go through it -- you know, the only way around it was to replace it. And so, it's -- some of those things exist, and we do need to work our way through.

DR. IEZZONI: I wanted to address a question to you. Whenever you talk about data quality, everybody nods their head and says yes, but a lot of people who don't understand the coding process may think that what you were talking about was fraud -- fraudulent coding. And I don't know, do the HIPAA address fraudulent coding at all?

MR. SCANLON: There was a section of HIPAA -- it's not part of the [Cross-talk].

DR. IEZZONI: But my point was going to be that there is a big section on fraud, but there's no section on data quality that's not fraud. You know, that suggests that we're supposed to support data quality that's not fraud, and let me share with you that I actually am a P.I. on a project funded by the Agency for Health Care Policy Research that has you guys as a subcontractor. And you are having two of your trained record coders abstracting ICD9CM codes on the same records, and your two coders are disagreeing. And we have asked for a little [Unintelligible] about why there are these disagreements, and we are told that there is an art of diagnostic coding. And so, there is going to be some finite level of disagreement in the coding procedures. And so, I guess my question to you is, okay, we've decided that we're not really talking about fraud, because HIPAA has other provisions that will be dealing with fraud, and what you're kind of really talking about -- are you talking about fraudulent coding, or are you really talking about this art of coding? And how would you suggest incenting people to move the art of coding forward in a system where we're increasingly becoming standardized?

DR. NESPOLE: I'm not so much talking about the art of coding -- I'm talking about the science -- the actual doing of coding. The errors occur because people will input data, and all of these steps that I mentioned -- they'll input it into the data file erroneously. And if the organization doesn't have a quality improvement process in place, a TQM process in place to always better -- make better their data input statistics, then it's only going to get worse. I mean, what we're looking at is how to make the data more accurate. And the only way you can do that is to say, well, 96% -- and I think our data inputters are somewhere around 96%, 97% correct in the data that they input into our data system.

The only way you can make that better is if you encourage them to say, "That's not good enough. We want 97% in the next six months, and six months after that, we want 97.3," and you put a goal for them to achieve, and maybe you have to put a little carrot out there for them if the goal is achieved. That's part of the whole process -- to make them feel good about it, put a little extra money in their paycheck, but whatever it is, it's total quality improvement, and that's what I was really talking about.

MR. BALL: The problem -- and he was talking about source of admission, if you remember, and things like that -- the problem with the nation's database, if you will, or the information that hospitals have on patients, is that demographic data is collected by the lowest pay, highest turnover position in the hospital -- and that's the admission clerk. In other words, they're the ones who are responsible for putting most of the information that he's talking about that's wrong. And the problem is, you can never train them, because they're moving about every six weeks. In other words, so you spend a lot of money trying to teach them to do their work, but you don't spend the money to pay them to do the work, and keep them there, and have them be good, trained employees, because they're always trying to get to the next position in the hospital. So, that's a problem we'll have to address as a nation, but, in other words, it's one of the most difficult things. And what you said about the art of coding, you know, the clinical coding is basically interpreting narrative into a computer compatible format. And the only reason that you have coders is because the translation is so difficult that you have to have that, and until we get the national language, we'll always have that problem, as far as I'm concerned.

DR. DETMER: I wanted to come back, because I think it really tracks on something you said earlier, and something you said now. It came up yesterday. I really just want to, before I close this panel, make the comment -- I also think our country really does need a national strategy related to the "H" in the NII -- the health piece of the National Information Infrastructure, and I see a set of bricks that are missing there. One is the computer based record, and financial incentives, and tax issues, and help facilitate its dispersion. Netherlands has like 90+% of physicians using computer systems at the primary care level -- for all their transactions. So, you're using their actual care data for all of these purposes -- government and otherwise. Obviously, we have a set of privacy, confidentiality, security -- both law and policies -- procedures and processes that we need in place. We have a set of issues that relate to data dictionaries, and the process by which we keep those dictionaries up, and get them served to the users. So there's a reliable, absolutely format that they can get when they -- There's a cluster of these issues that, together, in my mind, really do coalesce to form a national strategy that we really ought to look at -- that it needs to be public and private. I think there's no question about that. At any rate, I want to thank each of you for participating in the process. I think since this is, in fact, the last of our formal panels, I am going to open it up to three other speakers, to just say that I think we are going to really try to do our very best to, in fact, stretch how far we can, and how [Unintelligible], Lord knows, but do I think that certainly that the testimony that we've heard over the last couple of days from the panelists -- and I'm sure the last three speakers, as well -- has really been quite useful to us. I think all of us have a sense of both -- renewed sense of both humility, as well as challenge, as far as what we face, and probably the anxiety of finding the time to huddle up, and actually do our own kind of work at this point. We've had a lot of these hearings, but I think they've been very useful. And the quality, and the sincerity, with which everybody's come at it has been terrific, and again, thank our people who have helped organize this for the West Coast. So, thank you, and if I could, I'd like to call first -- there are three names I have here, and I'll call them in the order I've got them: a Dr. Phillip Marshall, and if you'd please move up to the mike, there, it would be great.

DR. MARSHALL: Thank you to the Committee for allowing me to speak at this public forum, for coming to the coast, where no doubt, most of the technology solutions to your recommendations will arise. My name is Phillip Marshall. I'm a public health and preventive medicine resident from the Silicon Forest -- Portland. I want to thank the Committee in advance for defining a set of core data elements, both clinical and administrative, that have been shown to be useful in health care transactions -- I think that will be an extremely important step forward.

And I'll also thank you in advance for making recommendations with regard to general expectations for security and privacy, health care information. I say general expectations because if I read the Committee correctly -- and correct me if I'm wrong -- it seems that you're more interested in defining a general set of expectations for security and privacy, rather than specific technology solutions, which may come or go, in order to achieve those expectations -- and correct me, again, if I'm wrong. For instance, transactions over the World Wide Web, when it comes to medical information -- obviously the web today really cannot support massive transactions with regard to clinical data. But the technology is racing forward, and will soon, hopefully, be able to enable that kind of security. In addition, I'd like to second Dr. Shortliff's comments yesterday, when he stated that heavy constraints on researchers and clinicians in using medical record data for research purposes would really impede our ability to observe and improve our health care system. And so I, personally, would like encourage you to encourage in any way you can some latitude with regard to using medical record information -- and linkable medical record information in the use of research by clinicians or researchers. With that, that's the end of my comments. Good luck in your deliberations, and I look forward anxiously to the results.

DR. DETMER: Thank you, Dr. Marshall. Just to respond to one of your questions. Go ahead, and I'll follow.

DR. LUMPKIN: I just wanted to take exception from the Silicon Prairie that some solutions may come from other locations.

DR. DETMER: First of all, I wish you all the best -- you're a resident, you're heading into this, obviously of -- we will need people on these issues for a long time, and I'm glad that you are here to get a good seminar in all of this. Actually, I think we intend to try to go as far into, not just principles, but also recommendations in as fine agreeing as level as we actually feel we can, as a group, do it. So, right now, we may have to back off as we start really getting to reality and time [leaps], but at the moment, we're hoping to not just essentially stay at 30,000 or 10,000 feet, but to actually hit the ground occasionally in our recommendations. So, at any rate, if that's relevant. Claudia Tessier?

MS. TESSIER: I'm Claudia Tessier, Executive Director of the American Association for Medical Transcription, and your question at the end of the day yesterday, regarding the banking industry's advancement in technology, compared to that of the health care industry, gave me a good deal of food for thought, so I've got some ideas to share with you in that regard.

The banking client has more control over the financial data and funds than the patient has over his or her health care record, so that the banking industry has had to be more accountable. Consider these characteristics: the client has freedom of choice regarding where they bank; there is close to universal access to banking services; investments are insured; the client can move some or all of the money at will; the client can monitor transactions at will; can identify and correct errors readily, easily. Can have multiple accounts with a single I.D. So the client determines the sharing of information among institutions. Indeed, client may choose a PIN number to limit access to the account information and to transactions. For hackers who routinely challenge the system; and there are impressive audit trails.

In summary, the technological -- technology facilitates the delivery of services, and the client is in control of where they receive those services. Technology also facilitates the monitoring of the accountability of the institutions. Ergo, I would suggest that client control and institutional accountability have contributed significantly to the technological process within the banking industry, and perhaps these are factors that we should give some attention to in the health care industry, as well. Thank you.

DR. DETMER: Any questions or comments before you run away? No? Okay. Thank you very much -- I appreciate it. Dr. Marcia McClure?

DR. MCCLURE: Hello, thank you for this chance to speak with you all. It seems that I'm the last speaker of the day, so I'm sure you all have this great sense of excitement as you bolt for the door. I wanted to say, first off, thank you for this opportunity, for you all to come to the West Coast to meet us all out here. We appreciate that opportunity to meet with you all. I want to say a little bit about what I'm about. Marcia McClure is a doctor, but it's a Ph.D., so in this distinguished group of distinguished characters, I need to make that stipulation. I am with a consulting firm, MMI, which actually represents and works with the payers, the providers, and the health care plans. So you can see that I have very much a vested interest in knowing what happens with the administrative simplification activities here. Thank you for this opportunity.

I'm here to ask some questions, and I'm hoping that you'll bear with me as I go through them. One of the reasons I'm asking these questions is because, in two weeks, I'm going to be standing in front of a group of people: the International Employees Benefit Health Plans Organization, and I'm going to be presenting to them clarification on the -- guess what? Administrative Simplification Act! So you all know, right now I have this palm-sweating responsibility of making sure that, in fact, I'm able to interpret as best possible what we have today in front of us. And so, that's why I'm going to ask you all a few questions, and maybe add a few asides as we go along, if you don't mind. I'll try and do it quickly.

One of the first points I wanted to make was that I recognized in the legislation that we're looking at it being an encouragement for the standards and the recommendations for electronic transmission of health care data. I would have loved to have seen something a little bit stronger than "encouragement." I think that you had made a point about perhaps looking at there being some incentives, as we get from this 30,000 foot, down into that detail in the sand -- I would really like to see, if it's possible, to look at some possibilities for incentives, so that we can have those people who are going to be responsible for, in fact, digging into their pockets and trying to make sure that they are able to comply, that they have the capability of doing that, and they have an incentive to do so. That can be tricky, however -- it would be something that I know that many of the people that I would be working with would be very interested in seeing happen.

Point of clarification. Am I looking at EDI or electronic commerce when I take a look at this legislation? To me, EDI -- electronic data interchange -- is, in fact, the exchange of information, computer to computer, without human intervention. Electronic commerce would be the activated voice response, we would be looking at maybe the fax -- I'd like some clarification on what does this actually mean? Are we looking at a method of transmission for electronic data interchange, that is a standard activity? What does that mean? Again, you all probably will have some greater insights into this, because you've been working with this legislation for a bit here.

Tape or diskette? Not sure what it means, so please, if you could clarify that. I think what I'd like to see is a definition of the purpose and scope for exactly EDI versus electronic commerce in this legislation. If you want to see compliance, it's going to be necessary for those people to comply.

What constitutes a small plan? When I look at some of those exceptions, and that extension of time, I know someone's going to ask me, "What do you mean by small plan? Do I constitute one? Who's going to actually develop that criteria?" That's going to mean, again -- that's going to have an impact. They will make that? Okay, thank you.

Who's going to pay for that technical assistance that's being provided by the Secretary, if that's determined that the person or organization is unable to comply? And what sort of criteria is going to be used for selection? Anybody know on that one? I was seeing some big bucks that could be involved with that technical assistance. Also, a way in which to waylay getting that implementation -- that was a concern for me. Anybody?

[Unintelligible answer and laughter]

Okay, next. What committee's going to review the compliance that takes place with this legislation? Has there been any determination, of who's going to actually be that traffic cop to see that there is compliance? It's you, John?

(Cross-talk.)

DR. DETMER: And, in fact, we actually have a plan in implementation that we're planning and implementing right now. But I think -- keep in mind that this Committee's been in existence for a very long time. There's also a senior level group called the Data Council -- NHHS -- that I know will also clearly be tracking this, as well.

MR. SCANLON: It's surprising that -- you'd be surprised -- well, you wouldn't be surprised -- how much competitors report on other competitors in terms of the clients [Unintelligible] contract world. To some extent, it's almost a self-policing effort. It certainly happens in the contract world, where one contractor sees another who is cutting corners, or whatever, or hasn't complied fully, and they won't hesitate at all to report that.

DR. MCCLURE: Oh, okay.

MR. SCANLON: So, some of this will be reported by others. I don't think we're going to establish a police --

DR. DETMER: And we have no action -- ours is a reporting authority -- we report, but there is a way to track it. We can speak as we wish.

DR. MCCLURE: Okay. One other point that I wanted to make was that, there does need to be -- and this is a point I wanted to make -- there does need to be easy access to the standards, easy access to any codes, updates, modifications, in order to see a successful implementation.

I would like to see, in fact, continued reporting out of how successful we have been, what are the barriers, what have been the great success stories, so that we can, again, begin to instill some real interest, and get these people jazzed about complying, and getting ready to go into the electronic commerce, and into the EDI world today, so that we're able to exchange that information more effectively, more cost effectively, and so that when I'm there, doing that palm-sweating responsibility in terms of this administrative simplification activity, I'm able to say that this group is going to take the information that was shared here today, and bring it forward with some specific recommendations, not only at the high level, but also down in the dirt, so that we come back with some specific, identifiable, and implementable ways in which to make this legislation work successfully. Thank you very much.

DR. DETMER: Thank you very much. I'd also like to comment -- I think that we really are seeking to stay at this, even on the timeline, which everyone acknowledged that's outrageously tight for the timelines. I'll have to say, I think we've also goaded and prodded the Department, but I think they've really hitched it up on this, as well. Now, I don't know if their ardor will stay at this same pitch it's at as this moves forward, but I've been really impressed. I think the Department really has taken this very much seriously, and it's a very large task -- I mean, there's no question about it. So, probably, it will be some mix of satisfaction and dissatisfaction, but at least for the scale of the effort that was kind of put on the plate of the Department by this law, to date, I think it's been pretty impressive. Others want to comment?

DR. MOR: I'd like to comment. I've heard a couple of times people talk about the issue of incentives to goad the rate of compliance, and given Mr. Schinderle's experience in St. Joseph's of the financial gains from re-engineering, it seems to me that it would be kind of a foolish waste of money to actually incent people to make the benefit, because then you basically end up, in a relative sense, penalizing those who take it on the chin to be the first to do the re-engineering.

DR. DETMER: Before I call on out last speaker -- also comment that we do have web sites -- I think you know, it's listed back there. Obviously, we will have no shortage of critics as things move forward, and that's not said cynically. I think that's a true statement -- it's a very complex issue. To the extent that you have really specific, specific advice on things that you see, please let us know through our e-mail address and so forth, because I think we clearly can't do this job for all of us without the best efforts of all of us. And you've been hardy souls and have stayed at this stage of a two-day hearing, so we know you're committed, so thank you very much. Yes? Ms. McCaffrey?

MS. MCCAFFREY: When Dr. Nespole was speaking, I realized there was something I did not include in my presentation, that is something that we spent a lot of time on, and that is the quality of the data coming into us. And what I would like to suggest is to encourage or have participation of a lot of the vendors. I wanted to just tell you about an experience I had at HIMSS in San Diego in February, where I attended the meeting, and there were 3,000 vendors or something -- it was humongous, and it was very successful for them.

I went up to two of the major vendors who handle medical record programming type things, you know, where they have various modules for medical record information that we would capture, or that is in the UB-92. And I said to them, we are, as a state agency one of the things that we spend a lot of time doing is taking along our little scrub brushes and scrubbing the data, so to speak, and identifying the problems -- you know, the male hysterectomies and all that kind of stuff.

And so because that is something we spend a lot of time on, I said, "How can we encourage you, or who can we talk to in your company who would be interested in really making sure that there are edits -- on-line edits -- that when the information comes in from that clerk that we were talking about, that that information says, 'No, you can't have this,' or whether it goes at the clerk level, or later into the medical record module, where it says, 'No, we can't -- sorry, you've got something wrong here.'" And I had one vendor say, "Okay, we'll talk to you," and another vendor said, flat out, to me, "We are not interested in doing edits, because none of our hospitals have demanded that, that we do that. We are just not interested. It's not a demand, so, sorry," and they walked away from me. I was really disappointed, because my altruistic nature is to say, "Everybody wants to have clean data." Everybody in this group is always talking about that, but in fact, the vendors are not supporting that, so I would really encourage you to, in some way, engage some of those -- at least, some of the big vendors, for health information data, so that they will encourage that kind of -- that seems like a really simple little thing to do, and although a lot of it has more to do with the definitions, which Dr. Nespole was talking about, a lot of it has to do with just flat-out wrong information getting combined. So, thank you very much.

DR. LUMPKIN: I think that's a very important point, because what we should see come out of this effort towards administrative simplification will be a dramatic change in the industry. We had someone who presented yesterday who mentioned the fact that there are a number of people who are looking for certain things in billing systems that they couldn't find, and so they stayed with their old system. This will force a change. They will not be able to continue to do the kinds of things they've done before, and so it's going to be very incumbent upon the purchasers of these new systems to say, "It's not just good enough to add in the EDI components to it, but if we're now going to develop a new system, let's actually make a system that will provide some assistance to our business processes, the re-engineering component of it. You can't just rewrite it -- you have to re-engineer it.

DR. IEZZONI: Can I just make one statement? I'd like to actually congratulate California. It's the only state that I know of in the country that does routinely does [Unintelligible] studies to look at the quality of the hospital data,, and to train hospital people -- it's really quite impressive. So I just wanted to congratulate you on that.

MR. SCANLON: I wonder if I can ask Dave a question -- Dave, you've raised the issue -

DR. DETMER: But I've sent him back to his chair.

MR. SCANLON: Dave, in your comments, in the area of standards for claims, which you said was probably the biggest concern, particularly in terms of cash flow for providers and others, in terms of any delays that might result. But you suggested a strategy where you would allow a standard to be adopted and announced, but you would allow for other existing formats to be used up to that point. Would you explain that a little bit more? You would allow current formats -

MR. SCHINDERLE: The current claim standards, generally speaking, although there are hundreds of "versions" of the UB-92 and the HCFA-1500 forms that are used by payers and providers around the country, but we have a relatively efficient system today -- it is not perfect -- it doesn't go to all payers, not all payers receive or accept, and a lot of them have unique requirements right now that is driven by the marketing of their insurance policies that they've written, because there's no standard "employee benefit agreement" out there, so, as a consequence of that, uniqueness has crept in to some of these issues. The clearing houses industry today, and others, and even HCFA, has a very high performance rate that's taken years and years and years to develop, and it has -- it's fairly high quality, and it attributes to significant cash flow, comfort, and confidence on the part of the providers. We clearly believe that we need to standardize, and we need uniformity, and we need all the nuances to go away, and have a standard set of data sets and codes, and a maximum data set that everyone can program to, to get the vendors to do what they need to do, and so on and so forth. In order to facilitate that, I believe two years is a little aggressive for the vendor community, and the clearing houses community, and the payer community to be able to make all the changes that they need. And so, while they are concurrently using the 837 transaction set for claims, for those who aren't quite there yet, or still need some further testing, I think we need to allow a little bit more time for the claims transaction.

Now, for the other transaction sets that are enumerated in the law, I think we can be more stringent about encouraging folks to make the immediate migration to the X-12 standard. Because there is no comparable -- for most of them, there are no comparable standards out there, and let's just go for it. Our experience has been very positive when we've attempted to do that. And we've found that our trading partners have been able to work with them fairly well, as well, and I think that before people have bad habits creep in, we should just go do it. But in the claims area, I don't think the Medicare program should risk the fact that on the Part A side, they're getting 90-something percent of their claims electronically -- you know, they shouldn't risk that disruption and volume and productivity and cash flow until we are absolutely confident that we've got all the bugs out, and fully have tested, and completely implemented in a standardized way of doing business.

DR. DETMER: In the spirit of Lisa's comment, I want to give each of the Committee members a chance to make their own comment before I adjourn. I think this has been a good experience for us collectively, but also us individually. Bob.

MR. GELLMAN: I want to disagree -- I mean, you came to California in search of simple answers, and we didn't find a single one.

DR. DETMER: Thanks a lot, Bob.

MS. FRAWLEY: I'd certainly really thank Kathy and Ann for helping coordinate all this. I think what was helpful for us is the fact that we have been exposed to some other thinking, and I thought what was particularly helpful for me was just the proposal, in terms of unique identification system. I think that was very helpful for us to hear that, and also, some of the comments that we heard -- I just figured out, we've heard from 44 people. I just counted up the number of people that we talked to over two days, so I think we'll all kind of overwhelmed at this point. But I still think it was very helpful -- I really appreciate the opportunity to come out here and get another perspective, and I thought that people were very candid, and I appreciate that.

DR. MOR: I want to second that. I thought this was far more fun than the meetings in the Hubert Humphrey Building.

(Laughter - Cross-talk.)

Two things, actually -- it was very encouraging to hear the unanimity about the singularity of standards, that everyone said there should be limited exceptions to any, and that there should be uniformity across the code sets and standards. That's not necessarily what we heard as much of in Washington. And secondly, the emphasis in so many different ways, from so many different constituencies, on confidentiality was very encouraging, and I have to really think about that.

MS. GREENBERG: Also, I think the Committee always benefits greatly from any of its hearings, but I think we were out here a year and a half ago, and some of you were here, and I'm really happy to see you again. That was a very beneficial hearing for us, and it definitely helped shape the Committee's recommendations on the [Unintelligible] element. I was very interesting in hearing how Dr. Oliva's project has progressed, and I know we cited it in that report, and I think it will -- obviously, it got everyone's attention here.

It's, in some ways, easier, but not as much fun to put on meetings in Washington, but we really can't do this without the kind of support that we had from [Unintelligible] and from the Consortium, and we really do appreciate that. To the extent that you're in touch with your other state counterparts -- certainly on the West Coast -- but we encourage you to encourage them to really let the Committee know what their interests are, what their concerns are, if there are draft recommendations out there -- respond to them. Every one of these standards is going to have a Notice for Proposed Rulemaking, and all the recommendations of the Committee will be published in the Federal Register. So, there really is an opportunity, as we go down the road, to comment, to give input. I think we do gain a lot and, from a state perspective, and I certainly know that I have -- Dr. Detmer mentioned at lunch that I was kind of quiet, which isn't my normal state, but I really have been taking all this in and processing it. And I have to agree with Bob, though -- I was hoping you would solve our problems, and sorry that you didn't. But thanks again for inviting us out here, and I'm hoping that in a few years, we'll be back again.

MR. SCANLON: Again, I'd like to thank all the witnesses who came before us these past two days. I think it's been an excellent hearing -- I think we've gotten a lot of insight on what actually works on the ground. We have a state that actually passed a medical privacy records law, and the world didn't come to an end. We have a state that's fairly deeply into EDI, and again, the world didn't come to an end. It's a question of when, but not a question of if, and how. And I hope we can call on you again as we proceed on all of this. The Committee and HHS, in drafting -- I think the job's been given to HHS, really to work with the industry and to work with everyone else -- not to simply issue another regulation that applies to a federal program, and I think the kind of information and insights you've been giving us -- and I hope that you continue to work with us. This is the sort of thing that could make it work. So, thank you all, and special thanks to Kathy and Ann for helping put it all together.

MS. COLTIN: I'd like to add my thanks as well. Not only have I enjoyed the refreshing change in venue, but I think the change in format, as well -- I think our previous hearing have tended to be more focused on a narrower set of topics at each hearing, and it's been more of a depth versus breadth approach. And I was particularly pleased to hear some of the cross-fertilization of ideas across the various issue areas that we've been investigating, and the comments of later speakers on remarks made by earlier speakers across a wide range, and I think it argues for having a balance in what we hear about the depth and breadth approach to input. So, thank you all.

DR. LUMPKIN: I'd like to echo the comments of my colleagues on the Committee, and thank you for coming out here. First, I'd like to say that there was a comment that I heard today that I don't think I've heard before, and I think that was one that Dave Schinderle said. And he kept on referring to a maximum data set, and we've spent a lot of time talking about a minimum data set, and we need to perhaps cogitate a little bit on that aspect of administrative simplification, and not lose that concept. I think if there's one lesson that I learned, is that while there are many things that have happened in California that perhaps -- if we think about things that may be earth-shaking -- if we were to put seismic safety and these earth-shaking data changes all together, we might actually be able to control them.

DR. IEZZONI: Do I have to say anything after that? I echo all the comments of my colleagues, except that one. And I don't want to say anything more, because I want the audience to know that at 7:00 o'clock we have a meeting at the hotel, [Meeting details].

I really want to thank you -- these have been a great two days.

FEMALE VOICE: Obviously thanking Kathy and Ann, who really made it possible. I want to, just on the record, thank Carolyn Rimes, from Health Care Financing Administration, who was not able to come, but worked very closely with both Kathy and Ann in putting together the agenda, and you pointed out it was not a small number of people, and great, I think, diversity of perspectives, and I echo what Kathy said about the interest in looking at all the issues. And also, I want to thank Lynetta Rocky, who was very helpful in getting this all together as well, and Betty Darling -- are you there, Betty? And also -

DR. DETMER: Now Lumpkin would call you a real darling, for a lot of reasons --

(Cross-talk.)

DR. DETMER: Bill do you want to make a comment as well?

MR. SMITH: [Unintelligible]

DR. DETMER: And I think we've also got a very hardy recorder, too. Okay, that was off the record. We're adjourned. Thank you very much.

(Adjourned 5:30 p.m.)