Hubert H. Humphrey Building
Room 303A-339A
200
Independence Avenue, S.W.
Washington, D.C.
DR. GELLMAN: Good morning, everyone. We are going to begin.
This is the Subcommittee on Privacy and Confidentiality. Since everyone who is here will be here later on, I don't see any reason to go through the usual introductions. That will probably occur later or it won't. But in any event, we don't have that much on the agenda at the moment. The subcommittee exhausted itself producing recommendations on privacy a couple of months ago. In the interim period, we haven't been able to get really much done because our staff support was busy with the Secretary's proposal and other matters and we just couldn't get anything organized in the period, but we will begin to be more active as time progresses.
John, do you want to talk about what has happened with the Secretary's proposal of late?
MR. FANNING: The Secretary's proposal went up in October and there have been two hearings, one with the Secretary testifying at it, the other about a week ago, before the Labor and Human Resources Committee with testimony from the private sector about it.
There is a continuing level of attention in the Congress with Senator Leahy working on a bill, which I gather has now been introduced.
PARTICIPANT: Leahy and Kennedy are sponsoring it.
MR. FANNING: Yes.
We will be working with the staff on an ongoing basis to resolve issues and be helpful as we can.
DR. GELLMAN: Jeffords announced he is going to do a bill. Are you guys participating in that in some way?
MR. FANNING: I don't know.
MR. SCANLON: I can answer that.
The Jeffords -- you remember when the Secretary testified, she offered the Department's help in drafting any bills and as a result, about two weeks ago, some staff in the Department met with Jeffords staff and talked through some of the general areas, though it wasn't a drafting session. And he said at the end of the October 28th hearing that he was hoping to have a bill as well. So, he is working on it.
DR. GELLMAN: At the hearing, Senator Bennett announced that he would be introducing his bill in the next session, presumably in January. His bill has been promised for a long time and has yet to materialize. There was a draft of his bill that he has circulated for comments that has changed considerably from his earlier draft and whether that will be the bill that is introduced or whether it will see further changes remains to be seen.
The Leahy bill -- and I haven't seen the introduced version, but I saw a version last week that I was told would be similar, has a number of interesting features to it. Politically, the interesting thing about the Leahy bill is that they tried for a long time to get a Republican co-sponsor and they couldn't.
When I tell you what is in it, you may discover why. One cute feature of the bill is it establishes an Office of Health Information Privacy in the Department of Justice. It provides for segregated information that if a subject of a record, of a health record, so designates that their information has to be segregated. It is not clear what that means.
This requirement applies to anyone who is receiving information pursuant to authorization. So, it actually may or may not apply to providers. It is not clear from the way it is drafted. The information must be segregated, but it is not clear from what.
Disclosures of segregated information are limited to those with the express consent of the patient, but it is not clear if the other provisions of the bill that allow non-consensual disclosure override that or not. If it does, then there are no non-consensual disclosures of segregated patient information and the patient can designated that information be maintained outside of computer or electronic systems.
The segregation provision does not apply to administrative billing information, which may help some and there are lots of questions about exactly what this means and how it would work. And there is nothing in the bill that prevents a patient from designating an entire record as a segregated record and there is no reason why any patient, whatever the requirements are, would not so designate a record. So, we can deem all records under the Leahy bill are likely to be treated as segregated.
Public health disclosures under the Leahy bill are permitted only when there is a specific nexus between an individual and the threat of a specific disease, death or injury. Otherwise, you need consent. Oversight disclosures for health oversight purposes may not identify a record subject. All disclosures must be coded and even the coded records cannot be removed from the premises of the record keeper.
Health research, at least temporarily, seems to be relatively unscathed. It would be permitted under the rules in 45 CFR Part 46, at least for six months and then it might change. There is a new penalty in the bill for debarment of providers and others, who would be prevented from receiving any benefits from federal programs for substantial and material failure to comply with the act.
That would be in addition to civil and criminal penalties. And there is some -- I have read the bill. I hope my interpretation is either correct or not. I hope it is accurate, I guess, is the best way to say it. I am not a hundred percent sure.
Another curious provision is the one that says there is no preemption of laws with greater privacy protection, but then it says there is no preemption of state mental health or communicable disease laws. So, if a state had a law that said all mental health records must be printed in the newspaper, that would not be preempted. And there is no federal preemption for the rights of minors so that whatever standards are established, they could be lessened under a state law.
So, it is a curious mix of preemption and non-preemption provisions, for whatever that is worth.
The Bennett draft for -- and this is a draft, so, you don't have to take it all that seriously -- has a couple of really curious provisions. First of all it basically exempts the pharmaceutical manufacturers entirely from regulation.
The law enforcement provision is not much different than the Secretary's provision and that was not well-received. The provision that deals with disclosure in civil litigation essentially mandates that all disclosures in civil litigation must be made without any regard for the privacy interest involved. The only factor that would regulate whether records could be disclosed in civil litigation is whether the information would assist somebody in making a case or defense. That is actually a weaker standard than existing law, as far as I can tell.
The most interesting part of the Bennett draft provides that -- it requires -- this is what I might call coerced consent. We have had informed consent. We have had disclosures without consent. Now, we have the provision that I would characterize as coerced consent.
It requires employers and health plans to obtain written consent from enrollees, permitting the use of health information for any treatment, payment or plan administrative use that the employer or health plan sees fit. So, this is the solution to how do we make disclosures or authorized use of this is you force the enrollee to sign a form authorizing it.
I am not quite sure how that would work. I assume if you refuse to sign the consent form, that the insurance company or provider could refuse to ensure and/or treat you. So, I am not quite sure what to make of that.
It seems to me we have two proposals here on different extremes of the issue and I am not sure that either bill -- and the reason I asked about the Jeffords bill is I am not sure that either of these bills or any of the other bills introduced to date will be important vehicles. A bill that will move forward will come from Jeffords and there is no comparable figure in the House as yet. So, I remain pessimistic about the prospects for legislation.
DR. MC DONALD: Is any -- I found from many perspectives the administration bill to be very rational. And there is a few issues -- this is just an opinion -- and I would support it. But no one seems to be proposing a bill like that.
DR. GELLMAN: Well, the theory is that Jeffords may take large portions of the Secretary's proposal, possibly with the exception of the law enforcement and intelligence stuff, which is -- those were the focus of the controversy. And there are lots of other -- the issue, as everybody here knows, is very complex. There are a lot of different dimensions to any bill and nobody could look at anybody else's bill and not find a bunch of things to disagree with. There are just a lot of different ways to cut up the pie and everybody has their own way.
I kind of agree with you. I think the Secretary's proposal, in general, is pretty much middle of the road. It tries to balance all the interests. I agree with a lot of it. I disagree with a lot of it, except for the law enforcement stuff, which I sort of think is off the scale.
If there is a bill that is going to get through the Congress ever, and that is a question, it is going to be somewhere in the middle of the road. So, I think the Secretary's proposal mostly starts out in the right place.
DR. MC DONALD: I guess there were a couple of other bills had been floating, McDermott and some others. Are those now --
DR. GELLMAN: Yes. There is the McDermott and the Condit(?) bill, but they are both Democrats and they are not in a position of authority on the House side to do anything with their bills. And if there is going to be any serious activity in the House, you are going to have to see a Republican subcommittee chairman or full committee chairman step up to the plate and say, okay, I want to do this and I am going to prepare my own bill.
So, the other bills can just be -- all these bills, it seems to me, are just at the moment background noise for something that hasn't emerged yet.
DR. MC DONALD: Is Jeffords a Democrat? I don't know.
DR. GELLMAN: Jeffords is chair of the Labor and Human Resources Committee in the Senate. He is a Republican. So, I mean, that is the usual pattern is that somebody -- a committee or subcommittee chair has to take the lead and provide the staff support and activity for this.
Richard.
DR. HARDING: And a Vermont person with Leahy are the two Senators from Vermont.
Could we -- Jeffords and Leahy are both from Vermont.
Could we ask that when a new bill gets brought that we get a copy?
MR. SCANLON: Well, the draft --
DR. GELLMAN: When the bills become available, I mean, yes, I mean, I would think it is easy to do. You can either get copies or, you know, the bills are available on Thomas, the Library of Congress Internet service. So, it might be as easy as anything if there is a bill in, to just send everybody an e-mail message telling them where they can find it, maybe providing the specific URL to the bill. You know, if people want written copies, then they can get them, once it is introduced.
PARTICIPANT: It looks like Leahy-Kennedy was introduced day before yesterday or yesterday.
DR. GELLMAN: I actually looked for it Tuesday night and I couldn't find it on Thomas. But there is sometimes a day's delay on getting bills in. That is why I don't have a number for it.
Any other comments?
MR. SCANLON: The Bennett bill, the current version, I think it preempts -- it takes the position of preempting state law, doesn't it?
DR. GELLMAN: Yes. I mean, one of the problems with all the discussions of preemption is everybody says one bill preempts state law and the other one doesn't, but nobody deals with this in a unitary way. The more preemptive bills still have provisions preserving existing state laws in some respects. I mean, that is, I think, where the Leahy bill got this -- we don't preempt state public health, mental health and communicable disease laws. I mean, basically, I don't think there is any proposal that would preempt state AIDS laws, for example.
Everybody seems to leave that alone and I think most of them also do not preempt state mental health laws, even the more preemptive ones. So, to the extent that there are existing state laws that are stronger, they are likely to be -- at least in piecemeal, they are likely to be in that area. So, whether you are preemptive or not preemptive, those laws remain.
This committee in its recommendations suggested that the preemption issue needs to be dealt with on a case by case basis, rather than being treated at the slogan level because it is not a reflective of what the proposals are and it is simply not something that is going to get resolved as black or white. There are going to be lots of shades of gray. And when you get into the shades of gray, you can discover that there is a lot more agreement about some things than there was at the extremes.
DR. MC DONALD: Just one more about the -- the administration bill had a provision that some maybe thought was radical, but I want to discuss a little bit. There was no signatory required for sharing information for direct patient care.
Just some background on that is we have been trying to work out an arrangement with six hospitals to share information on emergency care. It struck me as funny at the time but when a lawyer we were talking with said actually these current signatures are really no -- they are better off if you have legal law basis because you don't have the same control of these signatures, but on top of that there is -- there is a lot of physicians who are passing things around that are probably not legal in some interpretation, you know, when you send a consultant out to somebody.
So, maybe you could comment on that?
DR. GELLMAN: John, do you want to talk about it?
MR. FANNING: I think it is the very analysis that you have just described that is part of the background for our recommendations. It is going on now. Very often, the signatures are meaningless. People have to sign. They are not fully aware of what is going on and the better control for the patient is, in fact, an external legal control.
However, a note that the administration recommendation does say that the patients should be given an opportunity to object to particular disclosures. That in some ways can be a more effective form of control than the routine signature.
DR. MC DONALD: I just want to distinguish a little bit. The routine signature is sort of carte blanche and I was speaking specifically to the part that said for uses in care it go easier. What I hadn't appreciated and I am not sure I was interpreting it correctly, that the statutory control is a far better one for that kind of stuff than someone just signing sort of these things that end up being carte blanche.
DR. GELLMAN: Yes. I think that is the philosophy and I have been pushing that idea for a long time and I have written a couple of papers here and there on this issue of informed consent. Informed consent, I like to say, is like the Holy Roman Empire, which was neither holy nor Roman nor an empire and informed consent for disclosure, not for treatment, for disclosure, is neither informed nor consensual. The question is what is the most effective way of providing a reasonable degree of privacy protections for patients and the question is are we better off having them sign forms like they do today, which provide no protection for patients and lots of protections for hospitals making disclosures and insurance companies that want them or can we set up a structure in which we regulate how those records can be used. We don't ask patients to consent because we let the statutory provisions control and for those patients that need other arrangements, we allow them to opt out so that they can cut their own deal because most patients will accept the default no matter what it is.
So, it is a sort of perverse or semi-perverse situation where an opt-out actually provides greater protections for patients than an opt-in because as a practical matter, the opt-in doesn't work.
Anyway, I think it is a good idea. The Secretary does, but it is not necessarily one that has been universally -- it also has a lot of administrative benefits in terms of fewer forms and simpler administration, but it is not necessarily something that everyone is yet prepared to buy off on.
Richard.
DR. HARDING: The third alternative is to improve the informed consent process.
DR. GELLMAN: Right. And that is actually part of all the proposals. One of the difficulties with it is that -- and this is sort of inherent in it -- is that the informed consent document that will be required under any of the bills, the notice of information practices, is likely to come in three volumes by the time we disclose everything to patients. It is really hard to get people to pay attention to it.
We had testimony -- who was the guy from the AMA who testified?
PARTICIPANT: Dr. Paul Misano(?).
DR. GELLMAN: Yes -- who was a lawyer and a surgeon and he said when he went in for treatment, he signed a consent form without paying any attention to it and he regretted it later and if somebody like that can't protect his own interests when he signs consent forms, it is really hard.
But the basic idea of giving people more information and allowing them to be more educated in this process, whether it is an opt-in or an opt-out is something I think is universally agreed to by everybody. I just raise the question of how effective it is likely to be, but it is a good idea regardless of whether it is effective or not.
MR. FANNING: I think the bill that we think should be enacted and many of the ones on the Hill call for a statement of information practices to be given to people and I think that is -- that will take a lot of work. But if one right, it can inform people far more effectively than the present arrangement.
For one thing, the idea is that it will be something in a readable form that you can take home and read at your leisure and discuss with people, for example, not something that you have to sign in a short period of time in order to get treatment or whatever.
They may not all be good at the beginning, but I think they will develop a body of expertise at making this sort of thing clear.
DR. MC DONALD: The two sides -- I mean, you almost can't fix everything, both sides, but the side that it -- when you are talking about the practice problems, the problems of actually taking care of patients, some of the processes could be totally disabling and this thing is actually enabling, the one which allows you -- because when you write a letter to the consulting doctor, the patient is not there to sign something or someone you are calling at night -- I mean, there are all these kinds of situations where you can't get explicit consent, it would make sense. In fact, they don't now. They just do it.
But the other side of it is is that we have recently worked in some small practices and the pressure on these guys is unbelievable. We wanted to introduce a printer, which would print out a document that they would add to their chart, that is, their clerk would. They said that could take five or ten seconds. That will kill us. And they are working on these very extraordinary thin margins as they get squeezed down and actually this group is losing money fairly fiercely even with this, you know, eight minutes a patient and high motion studies up the wazoo.
So, just be aware that these guys are about to break, I mean, literally. Their eyes are rolling and everything. They are looking funny. I mean, I worry about their mental health and if you say now you are going to have this 20 minute discussion with a patient each time they come in, they will do something crazy.
DR. GELLMAN: For whatever it is worth, the law in several states already provides for non-consensual disclosures for treatment and payment, like the Secretary's proposal. That is the law in California. I believe that is the law in Texas and maybe other states as well.
Now when we had hearings in California earlier this year, I asked a couple of people about it and the response was "huh"? They didn't know what the law said and they religiously collect uninformed consents from patients so they can make disclosures.
But I suspect what you said is right, that there are lots of disclosures, at least for treatment and probably for payment as well, that physicians make because they know that it is okay with their patients and they don't have a written consent and it is the only way to make the process work. Otherwise, there are incredible delays and that is one of the reasons for the proposal was to try and reflect a degree of reality in the process.
DR. MC DONALD: Indiana has a law specifically for patient care and, yet, the emergency rooms spend all the time trying to fax these permissions back and forth, wasting actually precious hours when you are talking about people with chest pain because you have only got that four hour window.
DR. GELLMAN: Any other thoughts?
I was hoping that Kathleen would be here to talk about the unique identifier stuff. Jim, can you talk about what happened at the Data Council?
MR. SCANLON: Kathleen attended the Data Council meeting on behalf of the National Committee where this was discussed, but I can give a report.
Well, if privacy is a difficult issue, unique identifier is even more complicated and while the committee heard, obviously, a lot of testimony around consensus in the standards area, at least the transaction standards, truly, this was an area in terms of unique identifier where there was not consensus and there was a fair amount of deep division.
The Data Council within HHS considered this issue at its October meeting. The Data Council considered the recommendations from the National Committee on this issue, which was basically -- the bottom line recommendation was advising the Secretary not to proceed with adopting unique identifier for individuals until after privacy legislation had been enacted.
So, the Data Council, at any rate, looked over the requirements in the law, the positive side of unique identifiers, as well as the privacy concerns and other concerns and they made some recommendations to the Secretary about how one might proceed in this area, both on a procedural level to move the debate along and on a substantive in terms of what unique -- what generic approaches to unique identifiers might be even entertained.
Under almost any option that -- the Secretary has still not decided but I think there is a leaning towards the following model and any of these models would require or at least would benefit from the National Committee holding some hearings on this topic, possibly under the auspices of this subcommittee or possibly under the full committee maybe on an issue of that nature because all three subcommittees, I think, are interested.
But you have heard yesterday that for the transaction standards and other unique identifiers that given the more or less consensus on the -- at least the standard itself, the way to proceed there was through proposed rulemaking.
This is the standard way of adopting a policy like this in HHS. And over the next few weeks, hopefully, you will see notices of proposed rulemaking for public comment dealing with the transaction standards and the identifiers and the security principles and recommendations, as well.
There is an earlier step to rulemaking that is a much more -- it is a rule that is used, it is an approach that is used when there is a need for more consultation, when there is a need for more participation, where there is a need for more of a sort of participatory kind of way of proceeding --
DR. GELLMAN: And there is a need for more cover.
MR. SCANLON: Bob always interprets this.
And it is called a notice of intent that has other names, as well, but basically it invites the industry and the committee to provide comment on whatever options may be provided, as well as any other concerns or issues.
While we have clearly talked about privacy concerns, I think there are an equal number of simple feasibility issues because of the scale involved here, 277 million Americans and growing. So, there are really feasibility cost issues and other issues that I think would be desirable to get industry and health committee input on as well.
So, this more preliminary approach allows you to begin that process and that dialogue without having to specify that the -- we have reviewed alternatives and this is the proposal we would proceed with, in which case you make all sorts of -- you actually propose something. You indicate how you would change the Code of Federal Regulations and you indicate what the impact would be in economic and other terms.
I really don't think anyone believes we are at that stage. I think most people believe we are more at the stage of beginning a dialogue, beginning a process and trying to work through some of these issues.
So, I think this -- I don't want to predict the way the Secretary will come out but I think that the sentiment seems to be, at least among the agencies, that this more preliminary stage of beginning the process, but yet opening it up to more deliberative analysis and thinking and testimony is probably the way to go.
It would put off the issuance of final rules by possibly a few months, possibly longer. One could conclude at the end of that whole process that it still wasn't a good idea to issue a unique identifier without privacy legislation. One could take -- in its hearings could ask people to comment on what would be the candidates for a unique identifier if there were federal privacy legislation and what would be the candidates if there were not privacy legislation, what would be the role of the regulations?
So, it is a way of proceeding where, obviously, you don't have consensus, where you try to get people together and you begin the dialogue. But I think an important part of this, in addition to public comment itself, would be the public hearings and I think almost any option, Bob, I think the Department would ask the committee to hold public hearings.
MS. FYFFE: Question, Jim.
Does this mean that you could be transmitting electronic information about patients and not be able to identify who they are?
MR. SCANLON: No, no --
PARTICIPANT: That would really help for privacy.
MR. SCANLON: This all goes now, if I am understanding this correctly. It is just that -- and there are all sort of identifying information that are used, numbers, names, addresses and so on. I think to some extent the concern that providers -- and Clem and Simon probably are aware of this -- to some extent this benefits providers more than anyone to the extent that there may be one -- you know, one number and other identifying information, rather than other numbers.
But this goes on now anyway. It would go on without the benefit of a standard to the extent that there is not a unique identifier adopted.
DR. COHN: First of all, Kathleen, welcome to the committee.
MS. FYFFE: Thank you.
DR. COHN: I guess I am well aware that there is a lot of -- I mean, there has been no lack of discussion on this issue. Obviously, what there is a lack of consensus. I think there is also actually, I think, some basic issues that the committee needs to explore. I think it is really a major role the committee can provide to help disambiguate some of the issues.
At our recent meetings, we were trying very hard to identify, well, gee, is it a unique identifier that is the issue or universal identifier or is it the linkage that is the issue? What about master patient indexes? I mean, I think we need to go back to some of this to really to see about the utility, in addition to the issues of, you know, trying to separate out the security issues from more the standards view of the whole thing.
I think there is a lot of work to be done personally in this area. I don't -- I mean, it is all a mess right now and I personally, I think, would at least want to review all the hearings that occurred that anything to do with master patient indexes to see if -- we had all thought at all our last session that there might be some solution afforded in there. And, yet, I have seen since then enough other information that has left me once again feeling like I need to revisit that whole topic again.
DR. HARDING: This is one place where we are going to have to call on Elizabeth and Kathleen to especially help with public education because this is a hot bed and it is -- you know, it brings up black helicopters and all that stuff when this topic comes up. And we are going to have really have some good help with education and so forth if we are going to have a good decent debate on the subject. There is too much emotion.
DR. GELLMAN: Right. There is one report that has emerged that is relevant, at least partly, to this and that is the Social Security Administration was mandated by the Congress to review the reissuance of social security cards. They did a report that came out maybe six weeks ago or so. It was very interesting and they looked at a number of different alternatives for reissuing cards ranging from you know, sort of paper cards -- part of the idea here is things that couldn't be counterfeited -- to magnetic stripe cards to smart cards. And the costs for doing this ranged, I think, somewhere in the five to fifteen billion dollar cost range for doing this and that didn't include necessarily all of the costs.
For example, some of the proposals would require everyone to troop down to their Social Security office and get a new card with a photo ID or a biometric identifier or whatever, and that would clearly impose a very large amount of cost on the population at large.
That really helps to a certain extent with figuring out some of the costs that may be involved with different kinds of identity cards and I think it is a very useful report and very well done. I am not sure what is likely to happen as a result but no one is going to look at the numbers and jump right ahead with any of those proposals.
DR. MC DONALD: I have been sort of the wild man on the side of having some identifier, but at least I want to take that position. Whether it happens or not, I won't cry, but I think we ought to focus on having the number of not rather than with due respect to the master patient because that would be the fall back. That is what people do now anyway. That is what all the enterprises are buying and that doesn't need legislation for people to use techniques like that.
But still the issue of what you save could cost Social Security $15 billion. What we are really doing now at institutions is they are engendering those costs all over and over again in trying to figure out who the patient is. And every hospital has 10 or 20 percent duplicates and you can't find the records because -- there is a lot of cost currently in the care system.
I accept that, you know, it adds to the risk of privacy and I really would like others to argue back, you know, on that side. We are the National Center for Health and Vital Health Statistics. I mean, that is what our name is, our -- we are not that center --
PARTICIPANT: Committee.
DR. MC DONALD: Committee. I guess we are not that big. But given that, I think we have an obligation to help the statistical process and other bodies and other interests should kind of push back on us. If we start out saying we can't do this, then why the heck are we collecting statistics? Why should we be in this business of collecting -- how can we collect it without knowing who the -- you know, having a real -- we are not counting people twice or three times.
DR. FRIEDMAN: The other part of it that is going to be obviously problematic is the extent to which any unique patient identifier becomes portable to surveillance and registration systems, especially in terms of the kind of political impact.
DR. MC DONALD: I had not imagined you just do this for fun on the side. It wouldn't be part of the care system because then what does it -- you are saying it wouldn't get into the patient registration systems?
DR. FRIEDMAN: Not patient registration, public health surveillance and registry systems, which is --
DR. MC DONALD: Those could be decided independently, I mean, as whether they should or shouldn't or how and why and the rest.
DR. GELLMAN: Well, that is one of the concerns. It is much broader than that. If a new identifier were created for health purposes, that it would be inevitably used for drivers' licenses, welfare and every other purpose under the sun for which the social security number is now ineffectively used. And that is one of the concerns.
On the other hand, there are consumer benefits to having better identification methods. This extends well beyond health. The problem is that discussion of this lapses very quickly into proposals for national ID cards, which in those terms don't sit very well. So, I mean, I think this is a much broader debate than health.
I mean, just to give a basic example, it is quite possible that given the advance of encryption technology that we may all be using public key encryption at some point in the next ten years. How we are going to get there and who is going to sponsor it remains to be seen, but if that is the case or if a lot of people are, not necessarily everybody, your public key and private keys will be several hundred digits long and you will be carrying a card that contains this information.
You may also be carrying a card that contains digital cash. You may be carrying a card that contains identifying information for other purposes, credit cards, whatever. There are lots of cards floating around, lots of ideas. There are benefits to a lot of people from having these things and there are a lot of concerns.
I mean, I think all of this needs to be looked at in that context. Some of this may be coming whether you like it or not.
MR. FANNING: Well, I think it is exactly because all that strengthens your point that we need to sort out at front what we are talking about. Those things will all have to come up but it is important for people to know that what the Secretary is commanded to come up with is not a national ID card and so on. So, I think this strengthens your point, that a big contribution can be simply sorting out the issues.
DR. COHN: Yes. And I actually was just going to comment that I think as part of sorting those issues out -- and thank you, John -- was actually rather than trying to argue with Dr. McDonald about the comments that he made is really the piece that cost benefit plays in all of this, as well as articulation and identification of the issues very clearly and precisely.
I have heard the comments made for many years and I have to think of my own institution that there are certainly a vast number of people who come in with -- you know, want to come in with the same IDs, but I would have to wonder how many of that has to do with administrative issues and how much of it is socioeconomic issues.
Certainly, in Southern California, there are many reasons why many people have the same social security numbers or have the same hospital admission numbers at various facilities. They have nothing to do with the integrity of any of our systems and would not just be solved by a unique identifier.
But one thing, without making a conclusion there, I would just like to say let's add that to the list of things that we really need to identify and sort out.
DR. GELLMAN: I think Jim's comment -- I think this issue will probably have to be dealt with to some extent at the full committee level because it cuts across everybody's area of interest and that is probably going to be the only way to do it.
Let me move on if no one has --
MS. FYFFE: One comment.
I think that one thing that is going to have to be done in terms of coordinating between this subcommittee and the Data Standards Subcommittee is the implications involved in trying to issue a national standard for transmitting information when we don't have a standard identifier yet developed for the patient.
I mean, there are a lot of minor or major issues involved in that. So, that is --
MR. SCANLON: Presumably, there is a baseline of activity, electronic claims processing that goes on now and I think it will be important to know what that baseline is, what identifiers are used now. For example, if 85 percent of these transactions use a social security number, plus name and address and other things, that would have implications for, you know, what would be needed further. So, I think the baseline -- you know, if we didn't adopt a number, this baseline would continue and grow, it would be important I think in the hearings, Kathleen, to find out what that is.
MS. FYFFE: Okay.
DR. GELLMAN: Let me move on just to talk about what we are likely to do in the subcommittee in the near future. I am hopeful of organizing a couple of days -- I don't want to call them necessarily hearings. I sort of have in mind, rather than doing a hearing, doing something more of a workshop.
I would like to maybe do an event sort of in this structure with sort of a round table with committee members and others. Two of the issues from the work plan that I would like to tackle first, one is the question of what is an identifiable record. It is a difficult issue. It has come up from time to time and I think that it was discussed here somewhat yesterday and I think it is a good issue that is not likely to get a lot of attention at the policy level.
I mean, I learned yesterday from Betsy Humphreys that there were some activities going on among the agencies, looking at this and I think we need to find out more about that and draw on their experience. So, that is one of the issues.
The second issue that I would like to try and deal with is that of registries. What is a registry? How should registries be controlled? How should registries be able to get information? This is a largely unexplored area. I keep asking people, you know, if there is a registry of registries and no one seems to know. And no one has got a definition of "registry" and ultimately for purposes of legislation or for policy and other contexts, someone is going to have to decide what is a registry and how do we draw the lines in such a way that we are neither over- inclusive nor under-inclusive and, again, the other aspect of this is what rules should apply to registries.
Nobody has really tackled this in any of the bills drafted to date. Registries tend to be lumped in if you ask the question and can get an answer as research -- under the research rubric, but registries aren't all controlled through IRBs and it may not work neatly and maybe it should and maybe it shouldn't. I don't know what the answers are, but it is an unexplored area and my thought is if we can work this out is to try and have a two-day event, sort of back to back, possibly sometime in January, maybe the second or third week.
I don't want to try and schedule dates now because I think it is a little bit premature. I think we need to do more preliminary work to find out who we can find and how we can organize it. But I think the two-day structure works so that people can come to town and participate in two days and then go home, rather than have separate days. It just requires a lot more travel and time.
I think these are two very important issues that cut across all the legislative proposals. The identifiable record thing just comes up everywhere. And I think actually we can make a contribution to the public discussion of these issues simply by shedding light on it and whether we can come up with some kind of consensus about -- maybe even a recommendation, I think it is much too early to say, but, I mean, just casting more light on these problems will be useful.
If anyone has any thoughts -- yes.
MS. WARD: I would like to make sure we know exactly why registry as one application of how we arrange people's names and things about them is going to clarify and help us. What is the outcome we are looking for. Registries are lists of people. And if we want to recommend that, there are certain kinds of lists that are legal and certain kinds of lists that are not legal.
We could make this whole conversation worse by deciding there is one subset of identifiers and people and persons that we make an even more explosive issue over. So, I don't disagree that if it is an area of confusion, let's see if we have some clarity, but what is it going to actually do for us, what is the assistance, if we could just be sure we get that straight.
DR. GELLMAN: I think the concern is legitimate. I don't take the proposal as prejudging anything in any direction, but you can look at this at a very basic level, saying if there is going to be legislation that regulates the disclosure of health records, then the question is a registry is going to be able to get records. Are you going to require consent for registries? Are you going to allow them to get disclosure without consent and, if so, what procedures are going to apply and then what is a registry?
If you have got a direct marketer with a list of patients with Alzheimer's disease, is that a registry? Is that a registry we want to authorize? Is that a registry we want to recognize? Is that a registry we want to prohibit?
Then we can -- there are lots of examples of registries that have a -- in a public health or research purpose or even an administrative purpose, that we may want to say those are good things. I don't know where the lines are.
I think this is going to be a very difficult thing from a public policy perspective to come up with a definition for. I think a registry is likely to be something that falls in the category of we know it when we see it, but that doesn't work too well when you are writing a bill.
DR. COHN: I actually wanted to speak to that. I think that these are both very good topics for discussion. I tend to think of registries as being a very -- actually, an important issue for us to talk about. I think when we all -- you know, in our mind's eye when we all have perhaps paranoid fantasies of databases of the future, what we worry about is the ability to sort on very sensitive topics and, indeed, registries are really actually the post-sorting by those subjects and the nice compilation of those.
So, I think we probably need to look at them to make sure about the natures of protections that ought to be afforded to that area.
DR. MC DONALD: I think it is an excellent idea and it is actually especially good because it is something I think we can forget. I forgot. As you say it, I don't think I can even figure out what it is now that you have said it. I thought I knew what it was, but --
So, it also be so to have a spectrum of what things that are currently required or significant -- the cancer registry is the one that comes to mind. I guess you will have some real challenges there, but the other side of it -- and this is maybe not something for this committee -- is that registries produce a lot less than -- I mean, they don't do as much as everybody thinks they are going to do. There are some pretty trashy registries and they usually contain more than the name.
I mean, they are more than a list of people. They are a piece of the data. I mean, registries have been sort of a sacred cow. You have to have them, but if you really look at what has happened in 20 years to some registries, the number of -- the information coming out of them --
DR. GELLMAN: There is another aspect to this that I don't think we can deal with much, but a little publicity on this may help. That is the EVE(?) data protection directive becomes effective in less than a year and it may prohibit the export of personal information from Europe to countries that do not have adequate privacy laws. Now, what that means and how it is going to be implemented is very much up in the air.
But international disease registries could very much be affected by this because the flow of information from Europe to the United States into registries or for other health research purposes or other kinds of health purposes potentially could be restricted or cut off and it may be that there is a need for registries themselves to begin to pay attention to this and to develop their own kinds of privacy rules, which may not be very different than policies they operate under now.
I don't mean to suggest that registries just hand out information willy-nilly, but they may be able to demonstrate -- they may need to demonstrate that they actually have rules and policies in order to satisfy other countries, at least with respect to international data flows.
So, that is a piece of this puzzle, too. I think the way we will proceed with this is we need to do a little more work behind the scenes to try and plan this out and that we will try and come up with some dates and we will basically communicate with people by e-mail to see if we can come up with some dates.
I think mid-January is probably the earliest we can get anything done because the end of December is always useless.
If anyone has any thoughts about people who ought to participate in this in terms of people who are thoughtful on either the identifiable record issue or the registry issue, let us know and we will try and pursue it.
MR. FANNING: Bob, you say two days. Devoted to each topic or --
DR. GELLMAN: One day for each. You know, these are issues you could go on forever at any level of detail and, you know, two days -- a day apiece is, you know, a reasonable balance for all of this.
And we will see who we can get and what we can find and what it looks like once we get down to the details.
Richard, do you have a thought?
DR. HARDING: While I agree with both those things, I was thinking, you know, the burning issues that came up in the testimony was how to identify or make non-identifiable records. Registries came up some, but the issue that really burned it seemed like to me was the employer use of health information and then who owns the record, who owns that thing.
Those were the -- that got people stirred. Does the HMO own the record or who does? And we would like to look at some of those, too. We can do it in order or something, but those were important ones, it seemed like to me.
DR. GELLMAN: I don't disagree. I mean, there are lots of important issues. I think actually the employer issue is much more multidimensional than the other ones. I mean, the identifiable record thing goes pretty far, but the employer stuff is -- I agree with you, it is an important issues and it goes far afield and that can be next.
MS. FYFFE: Isn't the question of who owns the record determined by state law?
DR. GELLMAN: Maybe, but I think the issue of who owns the record is to be -- is very unimportant. The question is what are the rights and responsibilities of record keepers and record subjects and who owns the record. Who owns the piece of paper doesn't really tell you anything.
Most black letter law is that the hospital owns the record, but that doesn't mean the patient doesn't have an interest in the information and possibly a right to see it and have a copy himself or herself. So, ownership just doesn't get us very far, but it still remains an issue in some respects.
DR. COHN: I would certainly second the issue around the employer use of information as being a -- I mean, I know for the constituencies that I talk to, that is a very big issue and certainly one that we hope to see addressed in legislation to some extent, but it may be useful to have the committee shine a light on that area.
DR. GELLMAN: Okay. Well, we will try and do that one as the next -- in the next set of issues after these.
Any other comments, questions, ideas?
MR. SCANLON: Before we adjourn, Bob, let me introduce Judy Galliway, who has joined my office to work with John on privacy issues in HHS. She has started to look at some of the state laws, whatever compilation may exist of what state laws now provide in terms of confidentiality protection.
DR. MC DONALD: I would just like to compliment the committee -- I am not on it, but it is really a -- I think you have done spectacular work very carefully and well wrought on paper, too.
DR. GELLMAN: Any other comments?
[There was no response.]
We are adjourned.
[Whereupon, at 9:31 a.m., the meeting was concluded.]