Washington Marriott Hotel
1221 22nd Street, NW
Washington,
DC
Discussion of Privacy Recommendations
DR. DETMER: I think we need to get started. What we plan to do is have an open discussion on the privacy and confidentiality recommendations, and then we will be breaking out to three separate rooms. Actually the data group are staying here, if I'm not mistaken. Where is Lynette? Where do the other two go?
MS. ARAKI: The Subcommittee on Population-Specific Issues goes right outside there to the Thomas Room.
DR. DETMER: Then downstairs is Georgetown Two.
MS. ARAKI: Georgetown Two on the first floor, go towards the registration desk for Privacy and Confidentiality.
DR. DETMER: So it's just a private confidential area.
MS. ARAKI: Right. And the Health Data Needs, Standards and Security will meet here.
DR. DETMER: Okay. Mr. Gellman.
MR. GELLMAN: Everybody presumably has, and maybe most people have actually read, the draft recommendations. It's a long document. Actually what I propose to do here is to say very little and just leave the floor open for discussion. But basically, what the document attempts to do is to state the case very generally, and very urgently, for the need for legislation here. I think if had to characterize the biggest problem here, and we've heard this from lots of people, there is a need for legislation in this area. I think it is an urgent need. I think as we heard again this morning, it's interfering with some of the other decisions that need to be made. I think if there's a single point we need to make clearly it is that we need legislation.
So the draft recommendations makes that point very clearly and says that the committee recommends that this have the highest priority and there be legislative action by the end of this Congress. That is, in fact, I think the one area of I think universal agreement from the hearings was everybody wants to see federal legislation. After that, there was no agreement on anything, except perhaps that every community of users said we want to have legislation and we want to be exempt from it. That may be another area of agreement.
The report goes through a whole bunch of issues. It's not by any means all of the issues that exist because the catalog just goes on and on of issues, and essentially tries to take positions on some of the issues which I think there should be, or is, agreement on the committee. For example, the report recommends that records be made available for research without requirement of individual consent. The recommendations are that public health authorities have pretty broad access to records as well.
There are other areas in which it is known generally, and I think within the committee as well, which there is less agreement, or in which there are very strong disagreements on issues like preemption is one of them. I'm not prepared to say that there's a consensus anywhere on informed consent or disclosures with written authorizations, as I've been corrected by Kathleen. I think that the document reflects some of these differences.
The thought here was rather than take a position rather than have a vote in this committee on some of these contentious issues, we're not the ultimate decision makers, it seemed to me to be enough to reflect some of these differences and let it go at that. If people feel strongly one way or the other about that, we can revisit that issue, but it didn't seem worth the time and the aggravation and the acrimony that some of these issues bring out to try and resolve them all here one way or another. So we tried to reflect different points of view here and then let the secretary and the Congress and everybody else who is sort of closer to the ultimate decision try and fight these things out.
Also, as you try and get into some of these things in more detail where you have more disagreements, it gets more and more complicated more and more technical and more and more ornate as you try and reflect all of the different things. Pretty soon you're into drafting a statute which only makes things even worse. So that's sort of the outline of the major recommendations and sort of the philosophy on dealing with some of the controversial areas. I would rather just see what everybody likes or doesn't like, what you feel strongly about, what you think needs to be changed or adjusted, added or subtracted or whatever.
DR. DETMER: I want to thank the Subcommittee first for the work that went into this, because I think that was the first revision and really quite helpful.
MR. BLAIR: Bob, I thought this was the best position paper that I've ever read of all of the documents I've ever read with privacy and confidentiality. The one paragraph where I wanted to ask you some questions was the one which talked about the fact that a patient has the right to view their record, and the word you picked was amend, which I think of in terms of making a change or modification. It was my understanding from previous discussions in standard committees and here that we wanted to indicate that if a patient wanted to indicate that there was a correction or make a comment about what was in their record, that instead of changing the record directly, we would use the word append corrections, comments to the record. Append instead of amend. Had you thought about that? That's my comment.
DR. DETMER: What does the group recommend on append or amend?
MR. GELLMAN: Let me just make a comment. In the first draft of this, it talked about correct and amend, and that drew some comments from the subcommittee members, who said no, no, correction was the wrong word and there was some preference for the word amendment. It's a difficult situation. I don't think anybody disagrees on the ultimate policy which is that when you've written something in a record -- I don't think this is an absolute universal statement -- but if you've written something in a record, you don't want to remove it, you don't want to erase it. There may be circumstances in which it's trivial and you might do that, but that's not worth dealing with. You want to simply indicate that it's wrong and add the correct information. The word amend may or may not be precise enough.
MR. BLAIR: I think it could be handled in a couple of ways. If, after going through these discussions which you already have, you felt comfortable with the word amend, then maybe within the paragraph you could explain it that you're thinking of a process which involves appending a correction or change.
MR. GELLMAN: Well, on page 8 there is a paragraph that I hope deals with this effectively. It's in the middle. Let me just read it. The right to seek an amendment often makes health professionals nervous because of the implication that information may be erased from a record. The usual procedure is that questioned or incorrect information is clearly marked and amended information is added to a record. In the case of continuing disagreement, the patient may add a statement to the record. The committee supports these procedures. We were trying to make that clear. If that's not clear enough, we can keep playing with it.
MR. BLAIR: Maybe I got hung up because I kept looking for the word append. You did explain it. I guess maybe I had often seen the word append and I sort of looked on that as a little trigger for me because it's consistent with the phrases that I've seen in other references to this process.
MR. GELLMAN: I think we can do that.
DR. LUMPKIN: I had two concerns related to public health uses. I couldn't find, in the prior draft it was easier for me to find than in this one, but let me just explain the concept. There's some discussion in there about not using a person's health data against them. But there are instances in public health where we may put somebody in isolation, directly observe therapy because they are jeopardizing the public health by not taking care of a communicable disease. I just think that we want to leave that doorway open as being different than other instances where it may be used in a punitive fashion.
MR. GELLMAN: I think that's a good point, I think we can do that.
DR. LUMPKIN: The second issue related to public health data, and this is one that gets perhaps at the issue of preemption of states. If we have a national law that is both the floor and the ceiling and we do complete preemption, my concern from a public health aspect is that there is certain data that comes into our possession as a health agency, which because we're now pulling it together, places a certain risk to a certain population, particularly registry data of individuals with HIV, sexually transmitted diseases registries and so forth. A state may feel that there are certain things that require protection over and above what would be considered protection for individuals' privacy.
I guess what I'm trying to get to conceptually is perhaps if we could treat that data once it comes into the health department as being public health data, which even if we go down the path of complete preemption, would allow a state to modify or have a more strict control on the release of public health data than it may on general personal data. There are tons of puzzled looks around.
DR. STARFIELD: Can you give an example?
DR. LUMPKIN: Well, for instance, in the state of Illinois, we believe that reporting of data on individuals with HIV should not be done with names, even though we do that with AIDS. It's a state law. I may not happen to agree with that, but be that as it may, that's an example of a state exemption where the process is even more restrictive than I think any federal law would be. So there may be particular instances, as new diseases develop where the public health system responds, but the privacy legislation on the federal level may not, and individual states would then pass legislation to try to close a potential privacy gap.
DR. MCDONALD: It seems like that can be dealt with more generically. If there's a different level of control needed on public health data, that could be part of the national legislation. I think the whole issue about the legislation shouldn't be so specific as to preclude the reaction to a new disease -- legionella comes up. You wouldn't have individual disease names in the national legislation that would preclude that. You would state it in some abstract form that would make that work. I think it sounds like you've got an issue that should be added into the national legislation, rather than have a free for all.
MR. GELLMAN: I think there are a couple of issues here, a couple of pieces of things that first of all this may not have been said in this document. Maybe it should be, but it's clear I think from all of the proposed bills, the ones that have been introduced, the ones that were introduced last year, even the ones that are circulating in draft, that disclosures that are authorized under the proposals are simply that. They are authorized, they are not required. As a matter of fact, I think in all of the bills, the only disclosure that is required under the federal proposals is you have to give the patient access to his or her own record. Every other disclosure is simply authorized so that no one is required to do it.
So that allows a lot of discretion on the part of record keepers to make decision. Just because it's authorized doesn't mean you have to do it. However, there could be other principles of law that require you to do it. For example, there may be a local state public health law that says you must disclose this information to the public health authority. Again, I think all of the bills have preemption policies that say state public health laws are not preempted by this. I think this document tries to allude to that by making reference to the issue that no one is proposing a federal public health disclosure law to supersede or replace all the local laws and all the local decisions that are made. The goal here is to accommodate those laws I think as much as possible, and I think basically completely those are local decisions and to allow the disclosures for public health. They can be narrower, they can be broader, I mean it's a local call. I think basically there's no other way to deal with that kind of issue. Luckily that happens to be the right answer I think.
DR. LUMPKIN: I think the language you described would be the right answer.
DR. STARFIELD: I wrote two pages of comments which obscures the fact that I think this is a terrific document. I really do. Most of the two pages are just wording changes that I think are pursuant to the meanings that you had. I just hope that you would take them into account when you talk this afternoon.
But there are two issues that I thought really needed to be strengthened in the document. One is the issue of discrimination. I think sort of everybody maybe agrees that the biggest issue in privacy is the fear of discrimination. It's not an artificial fear. So I think that paragraph, wherever it is, somewhere, needs to be strengthened. I think you really need to say that it's a big issue. It's probably the main issue in privacy. It has to be dealt with, although it's not dealt with in the context of privacy. I think that's right, it's not dealt with, but it needs to be dealt with. I think we have to make that point.
The other issue, if I can remember what it was, is the potential for the unique identifier to enhance privacy if it's done right. I think if you have a good unique identifier and you have good safeguards, that it probably will protect privacy better than a lot of different identifiers, any one of which can be breached.
Anyway, I think that probably we're going to have to make some recommendations on the identifier that perhaps you could make some statement about the potential of the unique identifier for enhancing privacy.
MR. GELLMAN: Let me just suggest, I suspect there is no disagreement on the discrimination point. I think everybody thinks that's important. On the ID thing, I think we can find a balanced way of referring to that issue as well.
DR. LUMPKIN: I think on the discrimination, my only concern on that would be to the extent that we look at having privacy legislation separate from discrimination legislation, I think the chances are better than even that some time within the foreseeable future that we will have privacy legislation. I'm less optimistic if it's not bundled in that we will have anti-discrimination legislation.
MR. GELLMAN: Actually, I think I disagree with that. I think we're more likely to get some discrimination legislation before we get privacy legislation.
DR. LUMPKIN: I said anti-discrimination legislation.
[Laughter.]
MR. GELLMAN: That too. I mean the problem here, just to make it clear, it's not that the issue isn't important, because I think it's clearly a major piece of the privacy concern, but conceptually and sort of from a -- it's not just a technical perspective but we kind of have some idea what to do in the privacy area. I'm not saying there's agreement any where on all the details, but the scope and the outline of a bill is there and now we're just fiddling with some of the very important details, but that's there.
On the discrimination side, a lot of the work really hasn't been done. We kind of know what the broad policy is, but trying to implement that policy in employment and in medical care and in schools and in all these other contexts has really not been worked through, the details. It's like the privacy thing, it all gets very complicated very quickly because it's never all just a one-sided issue that you're trying to prohibit things, because the information can be used in a variety of ways both to help and hurt people. Then you've got the problem you've got all different kinds of information that can be used in all different kinds of ways. I just don't think the work has been done there to figure that all out. That's sort of one part.
The other part is the privacy piece is complicated enough, big enough, and has enough people out there already shooting at it that to add a whole set of equally complicated, very difficult issues to it just makes the task impossible. So I think there are a lot of reasons --
DR. DETMER: There's a ways to go, obviously, I guess why don't we weigh this out a little bit. Let's hear some more from some more folks.
MS. WARD: It's one that I feel fairly passionate about, having lived through health reform in and out in a state and sort of a career. I think it's really important public education to let people know that they are important things that go together, but one is not going to create the other. People have to decide in this country whether we want a rationing of health care and we have to decide what kind of protection system we're going to have. I would hope that we would not tie the two together so we can't get anything done. I would sort of confirm what Bob is saying that yes, identify that the whole problem is not solved until we solve the discrimination. We can lock everything up or we can open everything up. We do not solve the discrimination issue that is there because some people get health care and some don't and the market forces and the way we have designed health care delivery in this country are driving the insurers to pick the best to insure. Until we change that tenant, we can't solve the problem. Tying the two together just makes it a black hole we can't solve.
DR. COHN: I guess I first of all came away a little confused by Bob's comments, only because I thought he had started out by saying he thought discrimination would be more easily solved than privacy. I was convinced by his conversation that it was really the other way around. Now, I guess to me, I am personally convinced that discrimination, while not going to be able to be completely solved needs to be somehow addressed. I think we need to go and perhaps urge the Secretary of HHS to go as far as she can in terms of beginning to deal with it, recognizing that we're not going to get a comprehensive solution right at this moment.
DR. DETMER: Is that what you're saying, Dr. Starfield, as well?
DR. STARFIELD: Yes, I was just trying to make a strong recommendation.
MR. GELLMAN: Let me just explain my comment. It was a political comment, not a substantive one.
[Laughter.]
I was making a prediction. I think you are more likely to get legislation on discrimination than you are to get legislation on privacy.
DR. DETMER: Well actually, the law has pieces of that. I mean that's -- IPA(?) has chunks of that already.
MR. BLAIR: I have another subject past the discrimination issue.
DR. DETMER: Okay, is there anything further on that? I think I got a sense that we seem to be -- okay, another point.
MR. BLAIR: This is really more of a question. I had my vendor hat on partially when I was reading through the document. One of the things that I observed was the position that there may be situations where different states may have laws which have higher levels of protection for privacy for mental health, for HIV, for drug abuse, certain areas. As I was reading, I began to think we could handle that on a computer based patient record system, you just have access limited by roles or labels or identities or whatever. So I figured, so it doesn't really matter if a particular state winds up having a higher level of privacy or access restriction than another.
While I was listening to the discussion here, it occurred to me for the first time that maybe they would restrict the access within their own state, but people are mobile and if other states have access to your records as well, then the access isn't there. And it occurred to me that it becomes impossible to really restrict it because the information may be accessed through a health care institution in another state.
The whole thing started to unravel in my mind somewhat. I'm just wondering whether if we're really going to have health care as part of the information infrastructure, whether it is possible for one state to dictate a higher level of privacy protection than another. So that's the question that I guess I'm asking back to you or to anyone else here. Do we simply need to have that statement in there for political purposes because I'm questioning whether technically it's going to be possible to create a system that could facilitate it.
MR. GELLMAN: Well, let me try and respond in part. I am inclined to be quite sympathetic to the point of view that you just expressed. The trouble is no matter what your policy is, whether you want to have more preemption or less preemption, it's not that simple. You really have to break these things down into components. The example we just talked about, we have to accommodate, I don't think there's any disagreement anywhere that I've really ever heard from anybody, we have to accommodate state public health laws and state public health laws are different in every state.
So what you can do at the federal level is to say that state public health laws, whatever they say, are okay, and it's not a matter of whether they are more stringent or less stringent, we're not actually proposing a public health standard for when public health people can get records. That is an issue for the states to decide, so you will have a degree of variability in that area at least. Then if you look at other pieces, you may have the same thing with respect to if a state wants to have a rule that says state police can only get medical records, if they have an order signed by the chief justice of the state supreme court, that's a law they want to pass, well it's really hard to see how any federal bill is going to interfere with that. The federal bill is sort of setting a set of rules and restrictions in that area. If a state wants to add to the rule, they want to add to the procedures, no one else is likely to be affected by it, it doesn't really affect the interstate flow of information. It really is a limitation on a state office . It may not be -- if they tried to do the same thing with respect to the inspector general at HHS, that may create a problem. But there's an area where states can do things if they want with respect to their own employees, with respect to their own offices. All the preemption things, whichever side you're on, they all end up breaking down into pieces.
I think the concern about uniformity that you expressed and how do you implement this in a nationwide environment, in a computerized environment is a very strong argument. I think that that argues against some kinds of flexibility in the state area, but there are other kinds that really aren't affected by that. It may well be that the right answer is to look at these things piece by piece, to consider their effect on other people in other states, on the federal government, on the interstate flow, and where a state wants to do something that doesn't interfere as much, or doesn't interfere at all, it should have more flexibility.
Let me just add, there are other considerations here beyond the pure policy ones. There are a lot of state laws today on AIDS, there are some state laws on mental health and some other things. As a political matter, which may not be a preeminent concern, as a political matter to come along and say all of those laws are wiped out is really asking a lot. There is one area in which I have been totally persuaded that some separate treatment is required and that's for alcohol and drug abuse records where you really have a medical record that is direct evidence of criminal activity. So there are some kinds of restrictions that are necessary, and already are implemented in federal law with respect to those kinds of records that may not be necessary for any other kind of record.
So this whole issue just gets very complicated very quickly. I think the best you can do here is somewhat of a piecemeal approach and sort of leave some of the disagreements about which pieces fall on which side of the line to later on. I think there are probably a lot of pieces we could probably reach general agreement on, but then again we're not drafting a statute now and so working out all these details may not be that essential for us.
DR. DETMER: What we're wanting to do though during this period is to get these ideas out there so the subcommittee can chew on them. So this issue of how far to go on preemption or not or what kind of floor or ceiling we clearly need to get out on the table.
DR. MCDONALD: I think maybe the principle would be that we don't do a blanket preemption statement, that we explicitly state the category and give some examples of the areas where preemption is probably necessary and good and other areas where it's not. In terms of even the drug abuse, we recently looked at our own record systems in trying to decide what is that data. It apparently is very leaky the definition. We were advised by our legal people that if a hospital has a drug abuse center, all the data in the hospital is covered by it, hemoglobins and everything. So we've got to do even more research I think on some of these things.
DR. HARDING: It's complicated. It gets more complicated. I was thinking of Mr. Rubin's talk this morning that the tradition in Washington State is to be collaborative and what was the other word, partnerships and collaboration, which I think is wonderful. I spent a third of my life in California, a third in Ohio and a third in South Carolina. I can tell you that when people smile at you in South Carolina, watch out.
[Laughter.]
You're about to get something that you weren't expecting and they're agreeing with you on everything and so forth.
The point about Wayne's story is that I wish that all of you had had a chance to sit in on the weeks worth of testimony that we had in this process. It has been a wonderful experience to hear all the different sides of an issue with good people testifying on all sides with good intentions, giving us their best opinion and honest, and then the people who are involved in the subcommittee, Bob and Elizabeth and Kathleen and so forth who have done such a good job in getting this altogether.
The point of my story is while this has been very informative, it has also been very troubling. I come to this panel as a private psychiatrist and kind of each day watching the difficulty that my patient's struggle with on the issue of confidentiality and privacy. It's hard for me. You all come from different perspectives and just as good and so forth, but different perspectives, and so have a little bit different orientation. Mine is that personal stuff.
My background, a fourth generation doctor and so forth, is that privacy is primary. Then the rest is secondary. Not that it's not important, all the other aspects of confidentiality and so forth, those are important, but the doctor/patient relationship and the chart is used for treatment and everything else comes behind that at a slightly lower level. That's my bias. That's what I bring into the argument and I wouldn't kid about it. I have a definite bias.
One of the references in this talks about balance and the need for balance. I think I have learned a great deal from Bob and from Elizabeth and Don and so forth about trying to balance this issue of privacy versus the needs of the industry to make things work and to provide good services to people. That's extremely important, but I would have to be honest to say that in this document I feel that the emphasis or the tilt, if you would, is a little bit towards accessibility, the administrative simplification side as opposed to the privacy. That would be how I would read it, there's a little bit of a tilt that way, not off the wall, but a tilt. That concerns me, because again, the primary reason for a patient chart is to take care of the patient and then after that other things are important, but they're after that.
Changes need to be made, and I talked with Don and talked with Bob, in certain areas. I have recommendations, I wasn't as good as Barbara to type them up, but I have them written down here. I wrote on the airplane last night as I came up. Changes need to be made in the informed consent part of this, and again it's the issue of balancing it more a little bit towards privacy.
Preemption, I enjoyed that discussion just a minute ago. Protection for the most sensitive patient records that Jeff was talking about, those areas of AIDS and drugs and genetics and mental health and perhaps sexually transmitted diseases that need to have some way to be segregated. Now, I know that just makes a lot of people's blood boil and so forth to think about segregation of part of the medical record, but to get quality care, you have to have people willing to come in and tell you the truth in order to be treated. If they won't, that's going to be a problem. It's going to cost more, but I think in my opinion it's worth it to have an additional cost if it can increase the quality of care for somebody who can tell it like it is.
What goes in that black box and is segregated out of the record would certainly have to be something that would be discussed. To me, it would be something that would be agreed upon by the patient and the doctor to say this should be segregated. I don't feel I could handle a patient designating just the things that he feels should be segregated. I just don't think that would work, although I certainly am sympathetic to someone who may have brown eyes and both of his parents have blue eyes and that's in the record. Obviously, he's illegitimate, and he may want that part of the record, his eye color put in the black box, and I can kind of understand that, but that's something that he and his doctor would have to discuss fully.
I'm almost done, so hang in there. Changes can be made in a lot of areas that I feel would be a modest impact on the industry. Whenever a new industry starts up, there are excesses, I understand that, but we come back and try to deal with them. Sometimes those things cost money, clean air, clean water cost money, but overall it's worth it to increase the quality of our life. Therefore, I think that some of those things like segregating certain parts of the chart would be worth the cost and the delay if it could increase the quality, even though I again understand -- I am pro-technology, I am pro-computer, but I am privacy first. That's the main issue that I get to.
I think a lot of people feel the way I do. We had a lot of people who testified who felt that this kind of privacy issue as being the most important of the two and the balance, whenever possible should be tipped in the direction of privacy. But every person around the table has their own perspective and I respect them all, and know that each of you are doing what you feel is exactly right, just as I'm going to try to do what I feel is exactly right.
I have a number of suggested add-ons to some of the paragraphs, about six or seven of them as a matter of fact that mainly again try to put more balance into the privacy part of the equation as opposed to access or industry or whatever the words were. I hope that I will get a chance to do that this afternoon during the meeting.
DR. DETMER: Kathleen.
MS. FRAWLEY: I just wanted to follow up on some of Dr. Harding's comments. I think that all of us that are on the subcommittee have struggled with all of these issues. These are not easy issues. Certainly having managed medical record systems for a long time have always been in that situation where depending on what state you were in or what record system.
The problem I have with segregation is I have first hand experience where we would handle someone's information differently than every other record. The problem was immediately the public knew that this person was HIV positive or an alcohol or drug abuser. So my concern is that in the attempt to protect the patient, we on the flip side immediately showed our hand.
The personal example is New York State has very restrictive statutes. It basically says in order to get a medical record, you have to have a court order signed by a judge, there has to be a showing, da, da, da, da, da, da. I would get a phone call from the district attorney's office saying to me we're sending a detective over with a subpoena. I would have to call him back and say sorry I need a court order. They would say thanks, you just confirmed what I needed to know.
I just bring that out because I think that segregation is an important concept but if 98 percent of the American public's records are handled one way and two percent are handled another way, you are immediately disenfranchising people of privacy. So I just bring that out for the committee to think about. There's no answer. I don't have the answer. If I did, I would probably be out on the talk show circuit right now.
MR. BLAIR: Well, on this issue, I remember I guess it was two or three years ago -- this is addressed to Bob Gellman, and this is Jeffrey if he can't see me -- you were working on the Fair Health Information Practices Act. I remember you working very, very hard to try to wind up addressing the concerns of special interest groups of folks that were concerned about HIV, the ones we've been talking about. I thought at that particular point, somehow you had managed to get agreement from them that if the privacy and confidentiality provisions were steadfast enough that they would be satisfied and not required to be handled individually as a separate group.
So I thought you had found a way to accomplish that. Is that not correct?
MR. GELLMAN: I'm not sure that that is correct. I think that also, another thing that's happened, we did -- and the context in which we worked on this was a political one, so that's a little bit removed from what we're doing, but we did try to sell that policy to people. There was some sympathy expressed at the time, but there were other considerations as well, as well as some uncertainty substantively. So in the end, we were not able simply to ignore those laws. If you look at the Fair Health Information Practices Act, it does have an exception for mental health and AIDS laws, not quite so well stated and not so clearly stated and that's one of the problems with the draft.
But another thing that's happened in the year since is this issues gotten bigger, it's gotten more complicated, there are more players and some people that were agreeable to something a couple of years ago are not so agreeable to it today. We're not any where near cutting deals and making decisions so life is much more complicated.
DR. DETMER: Dr. Lumpkin and then Clem and then Vince.
DR. LUMPKIN: I think that we need to recognize of technology. One of the impacts of technology is that when you had paper records, handling paper differently identified that record as being different. A machine doesn't really tell the difference. You have the capability of only having those who have right to access seeing even that there's a menu choice there that's available for them. Anyone who doesn't have the right access would never see that menu choice.
So I think that the issue of segregating records electronically or segregating access really to records is different than the issue of what we used to do with paper records. So I think that we need to perhaps note the issue and note the potential that electronic communications, electronic technology may actually give us a chance to give more privacy to those with certain diagnoses and certain illnesses than we could in the non-electronic era.
One other issue which is sort of quasi-related to this, and I couldn't find in the document, has to do with penalties. I don't know if we speak to penalties as being a deterrent or non-authorized use of information.
MR. GELLMAN: It is mentioned in here and there is a provision that has been enhanced in the second draft with respect to a proposal for having higher penalties for abuse of computerized records as a way of addressing what are clearly added public concerns about computerized records.
DR. LUMPKIN: That's the thing I like about you Bob, is that I have this thought and you've already fixed it.
MR. GELLMAN: Someone else already raised the point, so it made it easy.
DR. MCDONALD: I don't know, maybe on a technofile tilt of this, but I would like to support the notion at least in principle of a line. I think it would be technically or mechanically and enforcement impossible if it's negotiated individually because you have some other requirements. Say if mental health text records, the text notes, they're not put in our charts right now, so there's already some precedent for that. I think it might make things a lot easier if we could just decide some things aren't going to have, they're not important to paying, you don't have to send those in for paying, they're not covered by these other requirements.
It gets tricky though, you would say you wouldn't have the mental health notes, but would you want to know they're on Imipramine so you wouldn't give them something else. So there's a point on the border that I would argue a little bit that we need to know, because you're going to kill somebody with a oxidase(?) inhibitor if you didn't know that.
I certainly think there's some argument for saying let's take some categories of data that are very, very anxiety provoking and very, very private and very, very different and talk about segregating them. I don't know how one would do it on a negotiated physician/patient basis though.
DR. MOR: This is a direct follow-up to Dr. Harding, and then what Clem was just suggesting, let me give you a little background on this. When we were in San Francisco, one of the people who was testifying before the committee was somebody from a mental health managed group, who actually had a group of people who worked with him in delivering mental health services, and he was also providing consultation to groups. I think that was it.
I was a little bit disappointed in his testimony because he didn't adequately differentiate what my experience is. My wife is a therapist, so I hear daily about these kinds of conflicts that you allude to. He didn't adequately differentiate between the issues of privacy in a broad perspective and privacy in the context of what the meaning is for an eligibility determination directly related to the provisions of the insurance that that individual has.
That's a very big difference, I think, depending on how the insurance company decides to handle it as a carve-out or a non-carve-out, any one of these potentially sensitive areas. That's an internal managerial decision about how the company chooses to operate and how the customer, the patient chooses to sign up with one and/or the other. I'm not saying that there's a lot of choice these days, but that's really an issue that we have to struggle with in a much broader level about what eligibility is and what right we give others to look over the side, since this is a "public good" that everyone is paying for and grouping their insured payments for. Do I believe if he's trying to rip off the system to get some kind of service that he's not entitled to versus somebody else.
As soon as we have that kind of oversight, somebody else looking at the records is necessary. It makes me extraordinarily uncomfortable, but at some point or another I think to myself well, what is it that we want out of this. I think Clem's idea of having the text here completely separate is important, but somebody is going to want to decide are you and the patient going to jointly decide that this DSM-IV or whatever it is class acts as one or two diagnoses, is that going to be part of that person's permanent record and transmitted electronically, because without it, somebody is not going to be willing to pay for the event, that encounter that occurred. A person can choose to pay for it out of pocket, but that's the world that we play in. I think even if it's a single payer system, that's the world we will play in in some sense.
The next thing is actually exactly what Clem suggested, and I'm not even sure I know the answer to it. It would be interesting to know the answer. If I go into my local drug store and choose not to use my benefit for my prescription drug benefit, but choose to pay by credit card for my Prozac or Imipramine or whatever, does the UPC code from that transaction get stored in the Mastercard files independent of the health file? I think it does, because the only way to find out whether this transaction really occurred for auditing purposes, and that data has been flipped out of the health care system altogether. TRW now owns it. I don't know the right answer to this, but it's clearly more public than just our feeble attempts to try to circumscribe this world.
MR. BLAIR: Bob, would it be possible for us to put a little bit of wording in that section which tends to guide those states that want to seek additional protection. Part of what I'm thinking of was I think it was John Lumpkin, if John is to the left of Clem, who was indicating that technically it's not that difficult for us to restrict access to certain sections of the record. When we do, the person that because of their role or their identity, or whatever, won't even know that there is that -- it won't even display on their screen that there's an additional section because they're not authorized to be able to see that section. So it even addressed Kathleen's point that by inference they won't even know they're being blocked out of something.
When we describe this, if we wind up indicating that it is possible to restrict access to non-authorized people, and if the states wish to wind up choosing to use that approach, we kind of suggest that they're using an approach that doesn't create other complications. That capability is there that can be exercised. I'm doing a little wordsmithing here. Instead of saying segregating, as if you have to have a separate database for mental health or a separate database for HIV or whatever, I'm simply saying that the words we pick are restricting access to that information, or restricting access to that segment of the record.
MR. GELLMAN: Well, this line of discussion, let me try and clarify it because I think it's addressed somewhat already in the document on page 10. We're dealing here actually with two separate issues. One of them is regulating what you can call internal uses by the record keeper, what the record keeper needs to do to carry out its own internal functions, disclosing records to its own employees and contractors and whatever. That kind of activity covers a myriad of actions in any given setting.
Imagine all the people within a hospital who actually have a legitimate right to some or all of a record in a course of treatment, it's a lot of people. It's very difficult from a legislative perspective, from a very general perspective, to write a rule that says exactly who can and who can't get records. The last thing you want to do is have the doctors start consulting with lawyers as they're treating a patient to see who in the hospital actually -- so you've got to build in a fair amount of discretion. Legislative proposals have done this and there's some language in here that talks about general phrases, you can use records that are compatible with the purpose for which the records were collected, or that are directly related to the purpose for which the records are collected, or compatible with and directly related or whatever you end up with.
You end up with a word formula that kind of says what all of you are saying, let's try and restrict who can get access to the records. Let's be concerned about this, but without actually trying to write a really strict legalistic standard because you can't write something that will cover all circumstances. All you're left with at some point is a fair amount of concern hopefully on the part of the people who have the records. That's for internal uses.
For external disclosures, when you're disclosing records outside of your facility to the insurance company, to the state agency or whoever, there you can have different standards that apply there. The broad policy, of course, is that records -- let me make a comment in response to Richard's statement before -- the general privacy policy is records should be used only for the purpose for which they were collected. That's black letter, private, fair information practice principle everywhere. You said that's of course your bias, actually that's my bias too.
The difference is that I've been working on privacy legislation for 20 years and every privacy bill starts out the same way. Whatever it is, we're only going to use the record for this practice. Then you get beaten back as other people come in and say wait a minute, we're using records for this purpose.
Motor vehicle records is a good example. There's a federal law restricting disclosure of motor vehicle records, except there are 12 exceptions to it, because there were 12 communities that were able to make a case as to why they need motor vehicle records and they don't perform motor vehicle functions. You would all look at them, and for most of them at least, everybody would agree yes, these people have a case for why they need records. We quibble about a few of them, but that's what always happens.
Every law starts out with a strict standard. I've just been doing this long enough that I sort of moved away from that a long time ago and I sort of made peace with a lot of these things in the interest of trying to get something through. So I may sound more glib than I really am. If I had my druthers, I would go back the other way, I just don't think it's possible.
With respect to external disclosures of records, you can write some rules about who can get records and what the circumstances are, but you have the same problem in that you cannot precisely control all of the circumstances and all of the terms. You cannot predict in advance every purpose for which someone can make a case. You try and draw a box around it, and this is everywhere in every proposal, that all disclosures outside a facility are restricted to the minimum amount of information necessary to accomplish the purpose. If I'm sending billing information to an insurance company, and there is not a reason to disclose mental health treatment notes, then that would fall outside of this legal standard.
Again, it's not that clear a legal standard, but it is actually better than the one governing internal uses, where I think the idea is you can't do too much better than that. You can fiddle with the words, you get out your thesaurus and add a couple more terms in, but you're not really going to get much more precision. This notion of minimum amount really helps, at least for external disclosures, and it's an attempt to deal with this in a very general way. If someone has a better way of dealing with it, either in a specific context where you can be really sure you've defined it correctly, or in a general way, I would love to hear it.
So the answer is, there's been an attempt to address this. There's already some language in here. If someone has some ideas, let's talk about them, but it's a hard area, and I'm not sure whatever words you come up with, you can do much better than these kinds of concepts to say take care, be careful, pay attention to what you're doing and don't let too much of the information go if you can avoid it.
DR. HARDING: Just a comment and a question for Bob. The comment is I don't think any of the testifiers, if that's the right word, in our hearings said they had any problem with disclosure for treatment or payment, except in the case where the payor was the employer. I think that that issue has to be hit harder, because that's a very complicated situation where the employer is paying the bills, so to speak, and is using that in evaluations or things that go on within -- we had an occupational nurse testify who said that every day, not every day, but frequently he is pressured by his bosses to turn over information about a patient because they want to know what's going on. Why isn't this guy here? Why isn't he here and if you know what's good for you, you will tell us why? He had direct threats and there has to be some kind of protection from that.
The other question that I would ask Bob, or anybody who may know, is the issue of health research. Definitions are always tough, but one of the areas that a concern was brought up is is health research cost containment research. Is that a health research issue or is that something else and how does it fall under guidelines and so forth? Is that an IRB issue or is that something else that is done within an entity? But again, is doing research and doing it on identifiable charts, is that considered real research or is that something else.
MR. GELLMAN: John, can you help with that?
MR. FANNING: Well, this gets down to the point that we have lined up these categories based on sort of historical usage, but on one level they don't make sense. Research on every case of detached retina in the hospitals of Baltimore County by someone who is working at Johns Hopkins and is going to publish a learned journal, that's research. Someone who is studying every case of a certain procedure in the hospital and the outcome for cost containment purposes, in both of those instances, the intellectual process is the same. You're looking for the aggregate result where the identity of the individual is irrelevant to the outcome. And, not only is the intellectual process the same, but the privacy hazard is the same. Yet we treat these things differently. We haven't quite resolved how to sort those things out.
From the privacy standpoint, it shouldn't make any difference. In both of those cases, the person's identity is irrelevant to the outcome. It may be used in the course of matching records or something like that, but if the person isn't going to be affected by the transaction, it's really the same.
In fact, how that's handled in the protection of the research subject community is this. The person doing the study of the detached retina, that will clearly be research because he intends to publish it. If he doesn't intend to publish it, if it's just for internal cost containment purposes, it is not considered research, and an IRB is not necessary. The protection of human subjects people, who after all are applying a set of rules, say well, if you intended to publish it, that shows you had the intention of doing research. Now we're back to the point I made at the beginning that from the privacy standpoint it makes absolutely no difference.
DR. HARDING: My question was sparked from an article maybe you all saw in Fortune Magazine the middle of May where a managed care company took people who had had more than three visits to an emergency room or had spent over a certain amount of money of the company's funds for health over a years time and then wanted to put that whole group on Prozac. And they did. So that group of people who were high utilizers I guess is the word, the theory went, well let's try them on Prozac and see what happens and did so to about 30 percent that accepted that. They improved actually their utilization, but that's cost containment research and I'm not sure it's real research.
MR. FANNING: Okay, first of all, I don't think that's research. That is not research. That is a form of treatment. It's identifying people who in someone's judgment require an additional type of care. That is simply not research. A study of records to show that people who had more than three visits per year and were not on Prozac were costing so much as distinguished from people who had more than three visits a year and were on Prozac, to come up with aggregate results, that is research. The case you've described is not research.
DR. HARDING: What is it?
MR. FANNING: It doesn't matter.
DR. MOR: The latter example was research, bad research, but research.
[Laughter.]
This is a question for Bob. The differentiation you make between internal versus third party or external uses, could you speculate about what that might mean, given the nesting and layering. I mean how specifically are we organizing this document to focus on the provider as the internal -- or the integrated delivery network might consider itself to be the provider in the not too distant future.
MR. GELLMAN: This is a hard issue. I mean the document doesn't get into this in great detail, because it's very legalistic. I can start dividing the world up into all kinds of categories. We've got sort of internal users, and the relationship between -- let's just talk about a hospital because it's complicated -- between a hospital and all the people in the hospital who are providing treatment to patients, I mean there are a million different ways. They've got employees, they've got volunteers, they've got contractors, they've got all kinds of people. So it's really hard to figure out who is who.
You've got external people, then you've got external people some of whom are, like for example the hospital's lawyers may look at records at some point for perfectly legitimate purposes. Whether the lawyer is an internal employee or an external person doesn't really make any difference conceptually. So some of the bills make categories of agents or one of the terms is affiliated persons that a provider uses to provide facilities. Then you have affiliated persons who also have affiliated persons. The chain just goes on and at some level the question is do fleas have fleas and the answer is not only that, fleas have fleas and their fleas have fleas.
The whole chain of being here, of relationships between people is unbelievably complicated. You cannot describe it really because there just too many categories. All you can do is come up with some kind of standards. Nothing that you do is really going to clearly delineate people into meaningfully different categories. It's just a generic problem that you always have -- this is particularly bad for health records, but it happens with every kind of record. As the world gets more complicated, you have more and more relationships with other people performing functions for you. There's only so much you can do.
DR. STARFIELD: I have a question on this point, can I ask it? On page 4, the second paragraph. One of the reasons, motivation for protecting health information is to protect the discriminatory use of the information outside the health care setting, but what's the reason for leaving out inside? A lot of the things we're talking about is discrimination inside.
MR. GELLMAN: Okay.
DR. MCDONALD: To follow-up on the previous discussion, the section describes management uses and research uses. I think the category you just described is a management use. I think the principle there is they've got to run their business and make it work, but there are tangles.
I really wanted to bring up another subject that wasn't addressed, or at least to be accepted by everyone, that the patient has full access to the record and that's not a tradition. I just worry a little bit about us not wrestling with it a little bit, because I know some people write notes that they shouldn't write and have patients read them. That is, they really need to go back and rewrite all their notes. There are just simple things like you say "an obese or something or other woman". Maybe if you just said overweight, that would have been better. There's just all kinds of stuff and we're reprogramming the whole system. I think the current law says it's owned by the writer. So it's not the tradition. I think we ought to at least agonize over what the implications of this are and not to say this stuff that's in an external database, that's a different story. They couldn't go in and edit and change, but there is sort of a problem. I understand the other side is the patient should be able to challenge stuff. I'm not disagreeing with the principle, but I just don't think we should blindly say or blithely say that yes, without at least figuring out how to retrain everybody on how to write their notes, or maybe all write them long hand because nobody can read them anyway then and that works out.
DR. DETMER: A number of states actually have that as this point and the world has gone on. Kathleen, do you want to respond?
MS. FRAWLEY: Yes, that was an interesting point. When I was working as an in-house counsel in a hospital in New York State when we passed our patient access statute, the first thing my doctor said to me is we're all going to get sued, more suits because the patients are all going to come running in here and get their charts. That never happened. The second experience I've had in different states is that when patients have the right to access their records, typically they're presenting themselves saying I would like a copy of my record, but you need to know the second question to ask which is what information do you need. Typically what you will find out is they don't need a copy of their medical record, they need something for an employer, they need something for school, they need whatever. So it's kind of the trigger effect.
But you raise a good point. When I've sat down with patients with their attending physicians and gone through a medical record, the two pages they fixate on in any medical record which is 100 pages of an in-patient hospitalization is the history and physical and it's typically the first three lines where someone is describing the patient. It goes back to the fact that we have to go back to medical school and teach people how to chart, because we've never done that well in this country. So we've got people just writing any old thing in the chart. I can tell you I have had people who have argued up, down, around, sideways, back and forth they didn't like the description that the resident wrote on the history and physical. That's what they want to correct.
MR. GELLMAN: Let me just add a couple comments here. There has been a lot of experience with patient access in states, and especially with the federal government. We had some testimony and there's been some Congressional testimony, have there been problems and the answer is no. Everyone seems to be able to adapt to this. The basic principle that patients should have access to their record, that everybody should have access to personal information about them is largely agreed to. There was a poll taken years ago, 96 percent of the public thinks they should have a legal right of access to their record. You don't find 96 percent of the public agreeing to anything.
The document reflects that, but it also reflects this is an area in which I think doctors and other people sometimes have a significant disagreement, are there circumstances under which I can withhold stuff from the patient because it's really in the patient's best interest. I think that's paternalism, but when I talk to doctors, they think it's very important, they've all got examples. This document just doesn't take a firm position on that. It just says that's one of the areas of exceptions to access on which there are several points of view.
DR. MCDONALD: The details may make a lot of difference. If the patient has to give a reason why, if someone else can take a look -- there are two kinds of things in the chart. One of them is just stupid resident remarks. The other ones are historical traditional ways we describe patients, which is how we're taught, that will not be necessarily appreciated.
The third thing are facts and knowledge that everything ranging from some of the psychiatric diagnoses, some of the -- I just think not many people know about it I guess, because still most state laws, copyright is still owned by the hospital, it's still owned by the doctors and there's still some constraints on it in many states.
DR. DETMER: My comment I guess is for any more, in nature nothing is free. I really think that there is a downside to almost every dimension of this. I think the issue is which is better serving the needs at our time and I think at our time it's kind of clear, but I hear what you're saying.
I want to make sure, before we run out of time, that we talk a bit about the oversight office issue, that we talk about cost. One of the things that came up at our hearing out in California was in the midst of not just this issue, but generally what we do, but it also relates to this issue, there are cost implications with a number of these issues that we're talking about. At any rate, I would like to make sure we do those.
Simon, you had a comment.
DR. COHN: I will withhold my comment.
DR. DETMER: I don't know who would like to talk about that, but I think the oversight issue needs a little discussion.
DR. STARFIELD: Is there something in the document you want us to refer to?
DR. DETMER: Page 17.
MR. GELLMAN: It's administrative oversight.
DR. DETMER: I think the language talks about Health and Human Services, what are other branches of government that might be better choices or not. Certainly, HHS is not a monolith for those of us who have related to it over the years. John laughs. But it's not as though HCFA is necessarily tightly bound to HHS. It's an important question I think, this issue of an oversight entity and what that should look like. I'm not positive our language has done as much justice to this as it maybe should, but if people don't have anything to say, that's fine.
MS. FRAWLEY: We discussed that on the NRC study committee, because we thought there was an important role for government to show some leadership. What we were concerned about is when we looked at a lot of the European countries, the fact that there is a person or an entity that consumers or patients know. Right now, in our country, you have to really maneuver the legal system to exercise your rights.
I know in the NRC report, we thought this was a good opportunity for the federal government to show some leadership. We thought there should be, whether it's John Fanning as the privacy advocate working with the U.S. Office of Consumer Affairs, and we kind of laid out some scenarios in the NRC report that we thought were useful. I think that we should come up with some language that recognizes that people should not have to run into court to enforce their rights. There's got to be a way, and also that there's some public accountability, which is the flip side of once this starts to roll out that there's somebody kind of monitoring what's going on.
MS. WARD: Certainly because Washington is on the border of Canada, we spend a lot of time researching Canadians. There is a Canadian equivalent to this. When they made major changes in their privacy and health information access laws, they created an advocate position and it's been very successful. They also have a national health insurance program in that state. I think it's very similar to many of the states have created omnibus positions to oversee the incredible expansion of long-term care and those kinds, and they have proven to be effective consumer protection offices. I liked this part and I think that's a concept that --
DR. DETMER: You favor it in DHHS or some other part of government, and if so, why or why not? That's really what I'm asking. I think it is a fine idea. The question is where would it be if we're going to recommend it.
MS. WARD: I think we have to ask a federal government structure person to say where is it most independent, where can that person really function and take that suggestion.
MR. FANNING: Let me just comment briefly. The Office of Management and Budget has published for comment a paper which raises the question of whether there should be a government wide entity for this that would deal with all privacy issues, not simply health issues. They're looking for comment on that and also comment on the structure and function. I think the leaning in the administration would be that it should not be a regulatory agency as such that could tell a private company to change its way of dealing with records, but it would be a central reference point and advocacy point and could also do research and in depth inquiries on cross cutting issues. That's one form.
The other would be should there be one for the health world that deals only with the health world.
MR. SCANLON: And one doesn't preclude the other.
MR. FANNING: No, one does not preclude the other.
MR. GELLMAN: There are actually, John laid out two of the functions, you can divide this world up a lot of ways. One is there are lots of general privacy issues and there's not just health privacy, but there are all the other kinds of records. Second, you've got a health privacy function, which really can be divided up in several ways. One is what Kathleen talked about, providing assistance to people. It's a place to go, it might be an administrative appeal. In a country like this with lots of eligible people and lots of records and lots of institutions, trying to be an ombudsman just for health records is an enormous function. You need a gigantic agency to do that.
Another function that will be inevitable under this, and this is one area that has drawn some fire from people, is who should write the regulations under the legislation. There will surely be regulations. HHS is both the obvious candidate and has drawn fire because it will be subject to its own regulations. One of the questions is if you don't like HHS doing it, who else do you want to do it? If you want to have a general privacy agency, some kind of privacy commission of the type you talked about in Canada, writing the regulations for this law will be a gigantic job all by itself. It's not clear that that function can be given to a general privacy entity, even if one existed because it's an overwhelming function and requires a lot of specialization. So you've got a lot of hard choices here and no obvious answers in terms of what the best thing is.
DR. BRAITHWAITE: I can speak from current experience on two points here in the discussion. One is that HHS is not a monolith. That is, when people believe we can't give the police function to HHS because HHS, in other words HCFA, is also a payer that has to be subjected to these things, you must believe that there are parts of HHS who behave very differently than HCFA and they're in conflict a great deal of the time. In fact, many of the times that we can't get something out of the department it's because there are conflicts between various agencies and HCFA versus some other agency is a common scenario.
We are in the process of actually writing general regulations for the health data standards. In that process, HCFA, because they know a lot about how health data standards are being used, are playing a great part in that, and because they write a lot of regulations, they have the expertise to help us write those regulations. On the other hand, they're doing that under the oversight of an interdepartmental group of people, which is sort of modifying anything that might come out with a "HCFA twist" on it, to make sure that it comes out as a general health principle that applies to the industry in general. So far I think that's working very well and could serve as a model for the privacy side as well.
MR. SCANLON: To extend the discussion a little bit more, within HHS there is also this concept sort of that comes up in privacy and it's this functional separation. We have research agencies that develop research policy, for example, for other agencies and for the country at large. Other agencies are subject to that. We have the FDA that regulates other federal agencies, so this idea of a regulator and a regulated is not an unusual situation for any federal agency. HHS already has an apparatus to actually carry out some of these things in terms of civil rights enforcement, consumer affairs and this sort of thing.
DR. MCDONALD: Would you like suggestions of agencies that should not do it?
[Laughter.]
There's one, I don't think it should be the Justice Department. I think actually, I think there's a lot to be said for HHS or something like it, some of the other agencies that deal with health just because the content knowledge is such an immense part of all this.
MS. WARD: I was just going to say, I think recommending a new agency to be created would be foolish, likely to not be acceptable.
DR. LUMPKIN: I can testify that HHS has not been seen from the state perspective to be in collusion with different parts of its agencies.
[Laughter.]
We would like to see that happen that you get one line from HHS. But what about the Inspector General's Office? That's Justice.
MR. GELLMAN: No, the Inspector General is at HHS. The Inspector General has a very law enforcement perspective. It's not much different than having the Justice Department do it.
DR. LUMPKIN: Never mind.
DR. DETMER: Other topics?
DR. HARDING: For Bob again, the last thing, the safety valve, is that a standard thing to put on the end of every bill or is that something special?
[Laughter.]
MR. GELLMAN: One answer is it's not unprecedented. It's not necessarily normal. When you have a really complicated bill, there's another way of accomplishing this and that is you simply let the secretary somewhere write regulations, whoever it happens to be, and they simply solve problems in the regulations. It has been known to happen that regulations will ignore, override or do other kinds of damage to the statutory language, and they will either get away with it or they won't if challenged.
In Italy, a very quick story, they really passed a National Data Protection Law of the European omnibus style. That was Public Law X.3 and Public Law X.4 said and the government can make any changes in the law we just passed. That was how they got it through the legislature there.
This is an attempt -- one of the problems that happened with privacy legislation is especially in an incredibly -- I can't imagine a circumstance or an area more complicated than the health area. If you make a mistake, if you don't foresee everything and all of a sudden someone comes up and says we need to disclose records for this purpose, that everyone would agree is reasonable, it's important, it may affect someone's health or safety, and we look at a the law and all of a sudden you never thought of that.
That's why some of the provisions that have come about have come about because someone came to us and said well what about this. John and I would stare at each other blankly and say we never thought of that, so there's another provision in the bill. That's where they come from. I'm sure there are things that no one has thought about and this legislation can pass, because of the direct relationship between people's health and safety and the functioning of the health care system and the expense, that's where this idea came from is that -- it's not a general exception. The idea is that the secretary, or whoever is going to be the regulator, can do this for a limited period of time, enough time so that the Congress can come back and do a technical correction if necessary.
DR. HARDING: There can be errors of commission as well as errors of omission. This is the Secretary you're talking about doing this?
MR. GELLMAN: Right, do you have another person?
DR. HARDING: No, I wanted it to be very high, somebody that would take that very seriously to override a legislative --
MR. GELLMAN: I agree. It would have to be very carefully done. The language here, which isn't exactly legislative language, but it's pretty close, sets a very high standard. It's not wily nily, you have to meet one of several difficult to justify conditions and it would be limited, the length of time until Congress can realistically come back and have a chance to amend the law. If Congress doesn't want to do it, then the regulation will die of its own accord after a period of time and will go back to the way it was. So there's an attempt to not give too much authority to override the law to somebody on a permanent basis.
DR. DETMER: Would you rather not have that in there at all?
Hortensia, and then Clem, John and John. Then I think we're going to have to get close to wrapping it up.
DR. AMARO: I just had a question based actually, Barbara, on one of your comments. Number four, and Robert, if you have a comment on this, I would like to hear it as well. You mentioned that I didn't know if this came out of some concern that you had that there may have been certain interests that were under represented. Not having been there, I just wondered were there certain interests that you think weren't really fully articulated and could you tell us about that?
MR. GELLMAN: Well, there are a zillion interests affected by this bill and there's no way you can hear from everybody. The way the hearings were organized was we tried to identify the main users of information, the researchers, the public health people, the law enforcement folks, the providers, the insurers, the employers, the main categories. We had a panel for each of those and then we had a whole day, basically two panels of privacy and public interest advocacy groups. You could have, if you wanted to operate this way, and even within any different category there are lots of different points of view. Everything is never represented at a hearing.
I think we did basically as good as we could do with this. I think the suggestion of laying this out is perfectly reasonable. I don't have any problem with doing this, and there's always somebody to complain that they didn't get heard. They may well be right and you can only do what you can do.
DR. STARFIELD: Let me just say why I put that in there and that was it came out of the concern about the lack of emphasis on the importance of the discrimination issue, that was all.
DR. MCDONALD: I just want to speak in favor of Section O. This system is at least as complicated as a conveyor belt. Just remember what happened in the Denver airport. I think we ought to have these in all the laws.
[Laughter.]
DR. LUMPKIN: I think I would like to agree on Section O. I had a recent incident where we had a young woman who earned her living on the street. We found out that she was HIV positive and may have spread her illness and the laws in Illinois do not have a safety clause. I had no way of revealing her identity to go to court in order to get an injunction. It created a negative feedback loop in which there was no way to get out and protect the public.
As it turns out, some of the facts of the situation weren't exactly as they originally appeared. We found the solution, but frequently as an administrator reliant upon a legislative body that cannot act very quickly, you have real life threatening situations that require the ability to act in ways that weren't thought of.
DR. HARDING: My concern wasn't that it was a bad thing altogether, but that it not be wily nily used.
DR. LUMPKIN: I agree.
DR. HARDING: It has to be an exceptional circumstance.
MR. FANNING: My point was going to be the same thing. This is a very good contribution here I think. This test is a good one. Unforeseen threat to health or safety, a major economic disruption or manifest unfairness, that is meant to be a fairly high test. I think another measure to prevent it from being used too easily is to require that it be done by regulation, which means it has to be announced to the public for comment and then the secretary might be talked out of it for example.
DR. DETMER: We've been exceedingly modest about not referring some of these things for the continuing oversight of the national committee perhaps.
[Laughter.]
I think your point is well taken. Probably adding something that it is in fact to be a --
MR. GELLMAN: I like the word exceptional circumstances. I think that's the intent and I think we can do it.
DR. DETMER: Okay. We could go a little beyond this, if you would like, if we have really germane additional items. I think that this has been a terrific discussion in my view. I thank all of you. We don't have to break if there are still germane other points.
DR. COHN: Briefly, first of all Bob, I think that overall this is an excellent document. As you know, I've already commented on previous versions. I was, however, just looking at K, employers and thought that -- I think we feel strongly in favor of having employers subject to page 15. I just felt as I was looking through this, where you started referencing a case can be made for resolving some of these issues through, I thought it sounded a little too lax, more like this needs to happen rather than a case by made.
MR. GELLMAN: Okay.
MR. FANNING: Can I comment on that? Bob outlined earlier this new concept, not new concept, but the concept that the information could be used only for the purposes for which it was collected. I think the immediate necessary implication of that for employers is that if an employer gets information for the purpose of processing a claim, the insurer is a payer and may not use that information for any other purpose. The simple fact that the information exists within a particular corporate entity doesn't mean it can be given to anyone or used for anyone just on that account. So that's the way I'm thinking of working that out. To cover employers as such is not terribly meaningful. To the extent that an employer is a provider, the rule applies, and to the extent that the employer is a payer, the rule applies.
DR. DETMER: Perhaps an example like that would be --
MR. GELLMAN: There have been a couple comments here about employers. I don't think there's really any -- I doubt there's any significant policy disagreement about the sensitivity of health records in the employment situation. Working that out isn't all that simple in the context of things. There are a whole bunch of issues. This kind of goes into the complexity of discrimination. Work place privacy issues with health have a lot of back and forth and other concerns that again haven't been worked out in detail.
It's one of the reasons that this sort of pussy foots around the issue a little bit, and maybe it can be stronger and still preserve this, that there are a lot of conflicts and problems that really haven't been thought through. So to say let's just do it may be a little strong, but I think the concern is there. I think the concern is perfectly reasonable and I doubt anyone disagrees with it.
DR. DETMER: Okay. Well, thank you all very much. What we will be doing then is breaking into our break-out sessions. Again, Health Data Needs and Security is here; Privacy and Confidentiality downstairs; and Population-Specific Issues at the end of the hall.
Then at 5:30, we will be adjourning for the day. Tomorrow, we will come back seeking to literally get closure on these items that we've discussed all day today.
[Brief recess.]
[Reconvene in break-out sessions.]