Room 440-D, Hubert Humphrey Building
200
Independence Avenue, SW
Washington, DC 20201
Call to Order, Review of Agenda - Ms. Frawley
Status of Health Information Privacy Legislation - Ms. Frawley
Discuss plans for Hearings on Unique Individual Identifier
Plans for Future Topics of Inquiry
KATHLEEN FRAWLEY, Chair
JEFF BLAIR
SIMON COHN
DONALD
DETMER
KATHLEEN FYFFE
BOB GELLMAN
RICHARD HARDING
JOHN
LUMPKIN
ELIZABETH WARD
JAMES SCANLON
JOHN BURKEL
WENDY LIFFERS
LOIS SCHEIN
Agenda Item: Call to Order. Review of Agenda.
MS. FRAWLEY: Thank you for coming so early. I appreciate everyone showing up this morning. What I would like to do is introduce myself and then we will go around and introduce all the individuals here.
[Introductions made around room.]
We have a full agenda. We do want to complete those activities. We will be able to bring them to the full committee this afternoon during the agenda for reports from the subcommittees for actions.
The first thing on our agenda that we need to talk about is, if you remember, we did have the round table discussions on the issues of identifiability of data and also on disease registries and some of the use of that information.
In your briefing book for the full committee under Tab K is a draft letter to the Secretary that we need to review and approve, edit, whatever this morning.
Then obviously, if we are able to achieve consensus on that document, we would come back this afternoon during the full committee meeting and ask for approval from the full committee, so that a letter could be sent from Don to the Secretary outlining some of the recommendations from those round table discussions.
You might want to take a minute to look in Tab K at the letter, to review it, and then we can kind of go through it. Then for the audience, who do not have a copy, you can highlight what some of the recommendations are, so they will have the benefit of that discussion.
There are big documents that go back and forth, so I sometimes forget which ones we have seen. Yes, there was a draft of this that was forwarded out.
Agenda Item: Draft Letter from NCVHS to Secretary.
MS. FYFFE: A suggestion I have, just an administrative suggestion, if you have a draft, you could maybe put a date on it.
DR. HARDING: The first bullet on the second page, what is a simple word test? That is just a question, relying on a simple word test to distinguish. Was that just stating it? Is that what a word test is?
MS. FRAWLEY: Yes.
DR. HARDING: So, you say non-identifiable; that is the test; no definition of how to do that.
MS. FRAWLEY: I think that is an odd use of sort of an idiom of jargon. Why don't we start from the beginning and then when we get there -- otherwise, when we jump around we are not as -- why don't we start with the first three paragraphs on the first page, which is basically our set up in terms of summarizing what the activity of the subcommittee was. Any recommendations for changes there?
Assuming I am not hearing any comments, I am going to move on to the next point.
DR. COHN: Kathleen, you are probably going to have to speak up a little more.
MS. FRAWLEY: That is going to be a challenge, because Wendy and I have to share the mike and I can't pull it any further. Unfortunately, the wire won't move. So, we are trapped.
All I want to make sure is that the first introductory paragraph, there are no comments or recommended changes. Hearing none, we are going to move on to identifiability of health information.
For the benefit of our audience, I will read it and we will go bullet by bullet.
Identifiability of health information. Distinguishing between identifiable and non-identifiable information is at the heart of every current legislative proposal to health privacy, including the HHS recommendations.
First bullet: The distinction between identifiable and non-identifiable data has become much harder to make.
Whether something is non-identifiable depends in large measure on what other information is known or knowable.
Any comments or concerns with bullet one?
Hearing none, I am going to go to bullet two.
The amount of personally identifiable information available from public and commercial sources has grown significantly in most recent years.
The growth has been fueled by cheaper computer power, the internet and the commercial sale of personal information. Comments?
Third bullet: Health and statistical agencies have always been, and continue to be, aware of the potential for identification of individuals from publicly released information, including public use data tapes.
The explosion of individually identifiable data from other sources means that these agencies must constantly reexamine their policies and practices, to guard against inadvertent identification.
Hearing no comments, I will go on to bullet four. Everyone who collects and uses health data must also pay attention to the likelihood that data once believed to be non-identifiable may no longer retain that status.
In particular, institutional review boards should be alerted to this issue.
DR. HARDING: Something about patients continually reevaluate or something?
MS. FRAWLEY: Do you want to add, and continually reevaluate?
DR. HARDING: Well, everybody who uses health data must pay attention and continually reevaluate their by-laws, or whatever --
MR. BLAIR: Continually or periodically?
DR. HARDING: It is almost a continuous process because of the advances that technology offers us. It makes what was once secure suspect, almost on a regular basis, as we heard the testimony from Tanya, the MIT individual that was here. That makes it tough. You can't sit very long on your laurels.
MR. BLAIR: Regularly?
DR. HARDING: Regularly.
MS. FRAWLEY: Why don't we just try this and then we can see how this works.
Everyone who collects and uses health data must also pay attention to, and continually evaluate the likelihood that data once believed to be non-identifiable may no longer retain that status.
DR. HARDING: Fine.
MS. FRAWLEY: Next bullet, which we will probably wind up having to word smith: From a legislative perspective, relying on a simple word test to distinguish between identifiable and non-identifiable data may no longer be adequate.
More specific, substantive or procedural mechanisms may be needed to protect individuals against identification.
I think what we are trying to get to there is our discussion at that particular meeting; that even knowing the definition of identifiable and non-identifiable does not necessarily tell you anything. I think that is what we are trying to get to.
MR. SCANLON: Simply saying that something is non-identifiable doesn't mean that it is.
MS. FRAWLEY: Correct. I think that is what we are trying to say but there might be a better way of expressing it.
DR. HARDING: In the last, could the word "may" be substituted with "are," are needed, instead of the permissive, or whatever the word "may" is?
MS. FRAWLEY: That is fine. Any other suggestions from the subcommittee as far as the first sentence in that bullet?
MS. WARD: I would recommend taking that "relying on" out and just say, from a legislative perspective, more specific, blah, blah, blah, because we are moving it.
To me, that is the intent, is that legislatively you can't be confident if you have in a law or regulation is or is not identifiable. It is more complicated than that.
What we are recommending is that there be much tighter procedural mechanisms to manage that. I think that is the intent. I don't know what that other sort of extended part of that sentence --
MS. FRAWLEY: The problem that we have is that every bill that is sitting in Congress has identifiable and non-identifiable in its definition.
I think that is what we are trying to get to, is that the definitions per se are not adequate; that after you read -- we will be talking about that in a few minutes.
We have six bills floating around in the Congress that all use those definitions. After you read the definition, you are no better informed as to what non-identifiable data is.
DR. COHN: I am not a lawyer, so I am never quite sure whether the jargon is the right jargon. I found myself looking and seeing a lot of these may be needed. Are we saying are needed or may be needed?
MS. FRAWLEY: In that bullet, the second sentence, Richard has recommended that we state, more specific, substantive or procedural mechanisms are needed to protect individuals against identification.
So, we have made that change, but we are trying to figure out for the first sentence. Remember, this is going to the Secretary. So, we want to be as clear as possible in our recommendation.
DR. COHN: Yes, but we haven't changed that first sentence, may no longer be adequate.
MR. SCANLON: There is a way to sort of get both ideas. From a legislative perspective, and then the rest of that first sentence -- from a legislative perspective, more specific substantive definition and procedural mechanisms are needed.
I think the idea is that you need to have a clearer and more specific definition of what is identifiable and non-identifiable in the law, or in other procedures, and then you need procedures as well.
DR. COHN: Definitions and, instead of or?
MR. SCANLON: Yes, but you would say more substantive definition and procedural mechanisms are needed.
MS. FRAWLEY: Just to make sure that we don't lose the point, though, how does this work? From a legislative perspective, more specific substantive definitions to distinguish between identifiable and non-identifiable data, and procedural mechanisms are needed to protect individuals against identification.
The reason why I want to make the point is so that the Secretary isn't trying to figure out what substantive definitions we are recommending.
That would get the point across, that the definitions are inadequate and, additionally, the subcommittee feels that we need stronger procedural mechanisms in place.
Next bullet is: Mechanisms that may be appropriate include the use of contracts or other legal restrictions designed to expressly prevent those who receive data from manipulating it to identify individuals.
The goal is to continue to support socially beneficial uses of health data without impinging on the privacy interests of individuals.
Any concerns on that one? Hearing none, we are going to move on to the next series of recommendations. This is on confidentiality considerations for health registries.
Many health and medical registries exist. They serve numerous purposes, exhibit considerable diversity and operate under different structures.
First bullet: There are laws establishing registries at the federal and state levels, but no comprehensive regulatory or policy structure can be found.
Second bullet: The committee strongly supports the work of registries for research, public health and related purposes.
Third bullet: Any health privacy legislation will affect the flow of health records into and out of registries.
None of the legislative proposals for privacy to date, including the HHS recommendations, expressly address registries.
DR. HARDING: Would it be helpful to somehow or other define a registry for the Secretary? Before we add all that, I am not sure that I have a definition of what a registry is. Maybe the Secretary knows well.
MR. SCANLON: That is the first problem, I think, that there is no definition. It encompasses such a wide range of activities.
DR. HARDING: Could that be in the opening sentence some way, that the definition of a registry is in the air or something.
DR. COHN: I am sorry. My hearing must be off this morning. I am missing that corner of the room. I am sure what you said is important; I just couldn't hear it.
DR. HARDING: I just said -- we were talking about the definition of a registry. Could that somehow or other, either the definition or the fact that it is hard to define what a registry is, be in the initial introductory couple of sentences there, for the Secretary's sake.
I think we are assuming that she has listened to the hours of registry testimony that we listened to. Right at this minute, I am not sure that I could define what a registry is.
MR. BLAIR: Even if you can't define it, could you do a such as, and give a few examples?
DR. HARDING: Yes, something like that.
MS. FRAWLEY: Let me just make this recommendation and then, Chuck, we will recognize you in a minute. How about, many health and medical registries exist. There is no common definition of a registry, period. They serve numerous purposes, exhibit considerable diversity, and operate under different structures.
I think that was the problem that we had, is that there was no commonality. We went through this whole process and realized that there were people setting up registries and just saying, I am operating a registry. It wasn't clear in terms of that. I offer that as a suggestion.
MR. BLAIR: Even with that, if you could just give one or two examples of things that would fall within the scope.
MS. FRAWLEY: That is where it got difficult, Jeff. That is the problem we were having.
DR. HARDING: I like your statement. It alerts the Secretary that this is complicated. That is what I would like to do.
MR. BURKEL: Another possible suggestion is that under the first bullet, as an uninformed reader, at the very end it says that regulatory or policy structures can be found, and found to do what. Maybe it could be expanded at that point to say, to define a registry, or something to that effect.
MS. FRAWLEY: That is fine, and the more we can add to make it clear that that is what we are struggling with here.
MR. MEYER: My recollections is that the implication is that registries, for the most part, are voluntary. There is not mandated enrollment.
Therefore, there is a consent on the part of those enrolled in the registry, because they have joined it, for some purpose, to forward research in the specific disease or whatever.
While I recognize that in your first bullet that you are suggesting that there are no comprehensive regulations covering that, it may also be appropriate to point out that most evolve from voluntary participation.
MS. FRAWLEY: Unfortunately, Chuck, that is not quite correct. There are a number of states that mandate reporting to registries.
The problem that we have is that in some situations people may not know that they have information about them and, in some situations, identifiable that have been reported to a congenital malformation registry or an Alzheimer's registry or trauma registry or a cancer registry. There are a number of states that mandate that reporting.
MR. MEYER: True.
MS. FRAWLEY: So, it is not necessarily voluntary on the part of the provider who is required generally, through statute or regulation, to report that.
I will give you an example. In some states they will take the registry data and run it across death certificates and compare those individuals who have been reported to the registry versus those individuals who have died with a primary or secondary diagnosis of cancer.
Then the facility could be notified that they failed to report. So, it is not necessarily -- that is the problem that we are running into. In some situations it is voluntary and in some situations it is mandatory. That is what we are concerned about.
MR. MEYER: It was the presentation by the gentleman from the National Association of Registries or small disease registries or whatever, that brought forth this voluntary and research movement and all of that. So, thank you.
MS. FRAWLEY: Thanks, Chuck. Good point. I think that is our problem, is that in some situations we are dealing with mandatory reporting and in some situations we are dealing with voluntary reporting.
Probably the person whose data is being reported is probably the least informed. I think that what our struggle is here, in forwarding recommendations to the Secretary, is the fact that no one has really addressed registries.
It is kind of like this activity that is kind of out there. Yet, we know identifiable information is being forwarded.
What we are going to do is say many health and medical registries exist and that there is no common definition for a registry. They serve numerous purposes, exhibit considerable diversity and operate under different structures.
Bullet one: There are laws establishing registries at the federal and state levels, but no comprehensive regulatory or policy structure can be found to define registry activity.
MS. LIFFERS: One other suggestion. Maybe we can say, that address or define registries, since I think what you are talking about with regulatory information is broader than just definition.
MS. FRAWLEY: Okay, do people feel comfortable with those modifications?
MS. FYFFE: Yes.
MS. FRAWLEY: Okay, bullet two: The committee strongly supports the use of registries for research, public health and related purposes.
Bullet three: Any health privacy legislation will affect the flow of health records into and out of registries.
None of the legislative proposals for privacy to date, including the HHS recommendation, expressly addresses registries.
Hearing no comments, we will go on to the fourth bullet: The National Committee on Vital and Health Statistics believes that it is important that health data be provided only to registries that conduct recognized and beneficial activities, legislation should not undermine the flow of information into or out of beneficial registries, and qualified registries should be brought under any new legislative frameworks, so that data subjects can be assured that information entering a registry will be fairly treated, and so that record keepers can be sure that cooperating with registries is permissible.
DR. HARDING: Comment on the first two. Beneficial is in both of those statements.
MS. FRAWLEY: Right, and then we go to qualified.
DR. HARDING: What is beneficial? I mean, it is a beneficial activity.
MS. SCHEIN: Who is going to define whether it is beneficial.
DR. HARDING: Right, beneficial to the people signed up in the registry, beneficial to the stock holders in the registry? Beneficial medically? That is just a problem. It is a descriptor; beneficial to what?
Maybe that is the best way to say it. Beneficial. I mean, I can't imagine a registry that wouldn't say they were beneficial.
MS. FRAWLEY: That is the problem. I mean, I think that is what we are struggling with, is the fact that we have got all of these different registries out there.
In some situations they are ad hoc. In some situations they are mandated. If somebody has a better term?
MS. WARD: Is there a concern that there are registries out there that are not beneficial or that they may be exempted because there is no comment on them; they don't seem to be included in the laws that we are creating. To me, I don't think that --
MS. FRAWLEY: The concern is that, like Richard could decide next week to set up a registry and decide that what he was doing was socially beneficial.
DR. HARDING: Collect names and then what.
MS. WARD: But is the concern that you are allowed to do that because the behavior of creating a registry is outside of our current laws or that someone somewhere should have a test for what is beneficial and, before you do that, you have to go to X person and say do you believe this is beneficial. I think the latter is a little problematic.
MS. FRAWLEY: The problem is it is both points, Elizabeth.
MS. WARD: How does the committee propose that be solved? Isn't that the point of the memo? Just telling the Secretary that we think they ought to be beneficial is nice, but what is she going to do with it.
How do you manage the world so that an unbeneficial registry doesn't exist?
MS. SCHEIN: Is there any way you can refer back to the second bullet, where we would say health data be provided only to registries that conduct, activities as mentioned above, public health, research and related activities, rather than making a judgement there as to what is beneficial or not; just list activities.
MR. SCANLON: That helps.
MS. LIFFERS: Either that or, perhaps, jumping ahead to the last bullet, maybe adding something to that where it talks about statutory definitions or administrative processes for identifying appropriate registries; that we add something onto that sentence about including, defining some parameters or what are beneficial activities within the registry or types of registries, something like that.
MS. FRAWLEY: I think the suggestion that Lois made probably would solve the problem. If we say, the NCVHS believes it is important that health data be provided only to registries that conduct research, public health, and related activities, kind of reinforcing our earlier bullet.
The second subset, legislation should not undermine the flow of health information into or out of -- we believe beneficial is not the appropriate word?
MR. SCANLON: We could just put such registries.
MR. BURKEL: In the last bullet the word "appropriate registries" was used.
MS. FRAWLEY: Do we feel, legislation should not undermine the flow of information into or out of such registries, with references to our prior modification?
MR. BLAIR: Is procedures for accountability and auditability considered a constraint?
MS. FRAWLEY: We will get to that in a minute, Jeff. There is a bullet further down. The next subset at that point is qualified registries. That may be a problem because we are using a word that we have not previously used.
Qualified registries should be brought under any new legislative framework, so that data subjects can be assured that information entering a registry will be fairly treated, and so that record keepers can be assured that cooperating with registries is permissible.
MS. WARD: I would think we would want all registries to be brought under the law.
DR. DETMER: I agree, you wouldn't want to have just qualified ones.
MS. FRAWLEY: That is fine. Does everybody feel comfortable with that? So, we would change this to say, all registries should be brought under any new legislative framework?
DR. DETMER: Or just registries.
MS. FRAWLEY: So, that point will be revised to, and registries should be brought under any legislative framework and the rest of the sentence stands.
Okay, next bullet. Clearer rules for registries may contribute to more effective research and public health activities, by permitting data from other countries to be shared with registries in the United States.
Hearing no comments, I am moving to the next bullet. Solutions to the problem of registries may include a statutory definition or administrative process for identifying appropriate registries.
DR. DETMER: I just prefer the word issue for problem. I guess we don't really know, frankly, how much of it is -- there clearly is an issue.
MR. BURKEL: Would it be inappropriate to expand the sentence to include, not only the identification, but the appropriate procedures related to the registry?
DR. DETMER: I think what has led -- correct me if I am wrong -- but I think what has been leading the committee was trying to get what came out of the hearings that were held on this subject, sort of trying to go beyond those.
MS. FRAWLEY: Right.
DR. DETMER: I guess, as I recall it, we really didn't get into that. I guess you can do it, but it hasn't really been massaged as an issue by the committee.
DR. HARDING: One of the things that I would somehow or other like to see in here in some way is the encouragement of informed consent.
It is not possible in all cases when you are doing large, but something about, that patients, whenever possible or something, that should be utilized or encouraged.
MR. SCANLON: Are you saying fair information practices? Say, where in general, you should try to employ fair information practices, something like that.
DR. HARDING: That would encompass it.
MS. FRAWLEY: I guess that is the point that we have got, if you look at bullet four, third subset: Registries should be brought under any new legislative framework so that data subjects -- that is fair information practices -- can be assured that information entering the registry will be fairly treated, and so that record keepers can be assured that cooperating with registries is permissible.
DR. HARDING: So, fairly treated is the word.
MS. FRAWLEY: I don't want to deflect from that. If we need to put another sentence in, I think it is important that we do that.
MR. MEYER: To address Dr. Harding's issues, even where it is mandated, may it not be appropriate to consider that the patient be informed that his information is inclusive in a registry versus the consent of the patient to join the registry?
That might address your issue better, because there are in some cases where you would never know that you are on a registry.
The recourse may simply be, based on your diagnosis or the outcome of your treatment, you have been included in a registry, might be a simpler approach. So, some notation of that might be effective.
DR. HARDING: I am fine with the wording there, if fairly treated is a buzz word there that encompasses a lot of uniform --
MR. SCANLON: Fair information practices.
MS. FRAWLEY: Yes, and the point we are trying to make is that this would come under a legislative framework. If you look at the different bills that are out there, it lays out the fact that information can only be used for legitimate purposes.
It sets out a schema for when you have to obtain authorizations from the patient. It does exempt certain activities.
If it was a voluntary registry, you couldn't then go and ask the patient to consent to that, because there would be a state law.
Particularly, a lot of the public health laws require this reporting and most of the bills don't preempt in that particular arena, to support our public health initiatives.
I want to make sure everybody feels comfortable with the letter.
Then, obviously, the last paragraph is just our typical closing.
DR. HARDING: I move we accept the letter as amended.
MS. WARD: Second.
MS. FRAWLEY: Thank you. Discussion.
MS. FYFFE: I would like to suggest the addition of one sentence to the letter. As I have been reading this, I know that Secretary Shalala is very smart, and so are her staff people.
Reading through this, if I knew nothing about the hearings and if I didn't attend the hearings, I wouldn't have known that basically what I think we are trying to say is that it is not difficult to identify a person from their health data or from data such as zip code or other data associated with their health data.
I mean, if I had read this letter, I wouldn't have known how relatively easy it is to identify a person on the basis of health records.
I could be totally wrong in my observation, but can we add in just a sentence --
MS. FRAWLEY: All I want to make sure is where you want to add the sentence.
MS. FYFFE: I am suggesting we add it in the section that says identifiability of health information, before the sentence that begins with distinguishing. Say, it is not difficult to identify a person from their health data or from data such as zip code or date of birth associated with their health data.
MS. FRAWLEY: We can't write that fast, though. Can you just repeat it? It is not difficult to identify a person --
MS. FYFFE: It is not difficult to identify a person from their health data or from data such as zip code or date of birth associated with their health data.
That was the message that I got from Tanya. That, frankly, astonished me, at how she was able to identify, what was it, the governor of Massachusetts and some other people.
DR. HARDING: From the driver's license, the public record.
MS. FYFFE: Yes. So, just that one sentence, or the idea in that one sentence I think needs to be put somewhere near the beginning of the letter, so that when someone reads this, they will get that point.
DR. DETMER: Maybe as an example it could go after that first bullet. It says, the distinction between identifiable and non-identifiable has become much harder to make. It depends on what other information is available, for example, duh, duh, duh.
MS. FYFFE: Yes, that would be fine. That would flow.
MS. FRAWLEY: Yes, that would flow better. If you start with that sentence first, it kind of just doesn't fit right at that point.
So, under identifiability of health information we are going to revise the first bullet to say, the distinction between identifiable and non-identifiable data has become much harder to make.
Whether something is non-identifiable depends in large measure on what other information is known or knowable. For example, it is not difficult to identify a person from their health data or from data such as zip code or date of birth associated with their health data.
MS. FYFFE: Yes, thank you.
MS. FRAWLEY: Okay, we have a motion on the table. Do we have any other discussion? Okay, hearing none, all in favor of the motion to forward this letter on with the revisions to the full committee this afternoon for transmittal to the Secretary, say aye?
[Voices heard in the affirmative.]
MS. FRAWLEY: Negatives? Any abstentions?
[No response heard.]
MS. FRAWLEY: Thank you. The next thing on our agenda is just to talk about health information privacy legislation.
Agenda Item: Status of Health Information Privacy Legislation.
MS. FRAWLEY: What I have distributed to the subcommittee members is a chart that outlines the current bills that are in the 105th Congress.
One chart has the United States House of Representatives and provides you with information regarding the Condent bill, the fair health information practice act of 1997, the McDermott Bill, which is the medical privacy in the age of new technologies act of 1997, and Congressman Shay's bill, consumer health and research technology protection act.
It just lays out some of the key information regarding each of those bills.
The second chart is for the Senate, and lays out the Lahey bill, which is the medical information privacy and security act, Senator Jeffords bill, which is the health care personal information non-disclosure, the health care PIN act, and then the latest information on a draft from Senator Bennett's office, which is the medical information protection act of 1998.
I will tell you that that particular column, I have not had an opportunity yet to validate some of the information in that column. My staff prepared that for us, just to provide some briefing information to the subcommittee.
MS. FYFFE: That is the Senate?
MS. FRAWLEY: Yes. So, we received a copy on Friday and my staff put this together for me on Monday and Tuesday, and I have not had a chance to go back and confirm that information as being 100 percent accurate. So, just a caveat there.
MS. FYFFE: This is probably about the sixth Bennett draft.
MS. FRAWLEY: Yes. So, I had my staff write in bold, draft, 6-12-98, because it is a moving target. Just for information, Senator Bennett is having a meeting this morning in his office at 11:00 a.m. with key industry representatives.
Then there is a strategy meeting at 11:45 with public relations staff to discuss the introduction of the bill, which is tentatively scheduled to be introduced next week on June 24.
I just say tentatively because we have been down that road before where we thought a bill was going to be introduced and then it wasn't introduced.
I just put this out to the subcommittee just for information, but it begs a question that we need to talk about when we get to work plan a little bit later in our agenda; whether as a subcommittee we feel we need to be doing anything in terms of weighing in on any of this legislative activity.
I just put that out there and it is on our work plan. We can come back and talk about that. But there are a number of bills out there.
We made a series of recommendations to the Secretary. The Secretary, in turn, made recommendations to Congress.
We know from some of the discussion at the full committee yesterday, in John Fanning's report, that there is some concern as to whether Congress is going to be able to pass legislation by August of 1999 and whether the department will have to begin its process to draft the notice of proposed rule making in this area, since the Secretary has the authority to promulgate regulations.
MS. FYFFE: A question to you, Kathleen, and Jim and others who have been around the process for a few years.
There are not too many legislative days left in this Congress. Are we down to 20 yet, 20 legislative days?
MS. FRAWLEY: I think we are floating around 30.
MS. FYFFE: It is highly unlikely that anything is going to get enacted, because it is so controversial.
MS. FRAWLEY: Again, my only concern for that is that I would say yes, except I don't think any of us expected HIPAA to pass.
If you remember, they were going out of session at the end of July for August recess and the House passed the bill one week and the Senate turned around and passed it the night before it went out on recess.
It caught a lot of us by surprise. Of course, once the House passed their bill, there was one week between the House and Senate activity.
There was a lot of speculation as to what would be in terms of place holder language in terms of privacy. I guess my experience has been never say never.
Just when you think that the process is over, you could be wrong.
MS. FYFFE: One sentiment that I have heard expressed up on the Hill is that we may not have to -- the Hill is saying, we may not have to worry about that this year because, after all, we have until August 1999.
Of course, we are going to have a brand-new Congress. So, as controversial as all this has been, it could even be a challenge next year.
MS. FRAWLEY: Correct.
MS. FYFFE: The whole playing field may shift, depending upon who gets elected.
MS. FRAWLEY: After the November election, in terms of jurisdiction of committees, committee chairs, the whole process starts all over again.
I think that is why there has been such a focus that if Congress was going to do something, they try to do it in this session.
The probability of being able to move legislation forward in the 106th Congress by the deadline becomes more problematic.
I guess my concern for the subcommittee is that we spent a lot of time in our first year holding hearings and crafting a series of recommendations to the Secretary.
Then we kind of put that on the back burner. I don't know, in light of the fact that we have got five bills and one draft floating around, you know, whether we want to do anything.
I just put this together, number one, as a tool just to help us kind of keep track of the different issues and, number two, I don't know if we need, as a subcommittee, to do anything further.
MS. FYFFE: Just one other comment. The Bennett bill could be around in the 106th.
MS. FRAWLEY: The Condet bill, this is its third version. The problem that you have to realize is that if you look at the original draft of the Condet bill from the 103rd Congress, the 104th Congress and the 105th Congress, they are completely different in language.
If you look at the Bennett draft from the 104th Congress or the bill from the 104th Congress and the current draft, there have been changes.
It is really hard, because all of us who work with this understand that it is becoming more and more complex and these are not simple issues.
I just am providing this for information. I don't expect we need to do anything other than I just wanted to make sure that everyone was aware of kind of where we were.
The other thing is that there have been a number of hearings held up on the Hill. Don testified in March before the House Ways and Means Health Subcommittee, and we will be responding to some of the Qs and As that Congressman Thomas has asked the committee to follow up.
Richard and I both testified at a hearing on May 19 that Congressman Horne convened before the government management and information technology subcommittee, to discuss the issues.
During that hearing, Congressman Horne did spend a fair amount of time, during a Q and A session, asking about our considerations of the different legislative proposals and what we thought would be appropriate for the subcommittee to do in that arena.
Senator Jeffords then held a hearing on the Senate side on the issue of genetic privacy. It has been reported that he feels that he is probably not going to be able to move a privacy bill through the Senate Labor and Human Resources committee, but has expressed an interest in trying to do a genetic privacy bill, of which there are a number pending in the House and the Senate.
Then Congressman Shays last week held a hearing on the whole issue of institutional review boards, and some of the impact in that arena.
There have been a fair number of hearings held over the last couple of weeks, but again, not kind of really coalescing into any significant activity.
I just want to make sure that everyone is aware of that. Some of us are here in Washington and some of us are not necessarily here following some of the issues.
MR. BLAIR: Will there be an opportunity, either later this morning or later today, for you to give us some clarification of what the NCVHS' position is on whether federal privacy and confidentiality laws will preempt state laws and, if so, to what degree.
MS. FRAWLEY: The only respond I can make to that is that the committee has already gone on record in its report to the Secretary in June of 1997.
The Secretary, in turn, has made a series of recommendations to the Congress in September of 1997. So, I mean, I think that we have already taken a position on that particular issue.
I don't know at this point, you know, whether we want to, as part of our work plan, re-look at our previous recommendations.
MR. SCANLON: These various bills take different positions as well, Jeff. Some of them would have a national -- in essence, a national level, preempting state law. Others, and the Secretary's recommendations, too, would in essence have a national floor and the states with stronger laws would be able to keep those laws. There is kind of a mix of both.
I think the committee has already gone on record, I think. There was a little bit of on the one hand and on the other hand.
MR. BLAIR: That is the piece that I got a little confused, and I don't know if this is the right time to talk about that. So, you can just tell me.
MS. FYFFE: Could you reiterate what the committee's position is?
MS. FRAWLEY: I don't have the report with me.
MR. SCANLON: To be honest with you, to some extent it was a bit of an equivocation.
MS. FRAWLEY: The problem that we had is that at the time the subcommittee could not come to consensus on the issue of preemption.
Some of us felt it should be a floor. Some of us felt that it should be a ceiling. Some of us thought it should be a floor, but.
There are actually three different approaches that the Congress has taken. It depends on whether you want a floor with some additional protections or whether you want a ceiling.
That is the exact approach that the Congress has taken so far. There are three different approaches.
At that time, which was June of 1997, the subcommittee members were unable to come to consensus on that issue.
We chose to report that out to the full committee, as the fact that there was no clear consensus, to the full committee.
We made obviously a series of recommendations in a 20 to 25-page document. There were a number of recommendations where there was a clear consensus and then there were other recommendations where there was no consensus.
We chose, under the principle of fairness, to report that there were differing opinions, not that one was better than the other one, or that one was good or one was bad.
MS. FYFFE: Thank you. I appreciate the recap.
MS. LIFFERS: When we get to the agenda item about the Qs and As in response to some of the House questions, there is a specific answer in there that deals with preemption and basically lifts the language from the report.
MS. FRAWLEY: The other thing, too, is just in terms of preface, that I will ask staff to make sure that everyone who is on the subcommittee has a copy of our report to the Secretary, and also to make sure that everyone on the subcommittee has a copy of the Secretary's report to Congress.
I think it is very hard to be part of the subcommittee and discussing issues if you don't have copies of some of those prior documents.
MS. FYFFE: You mean that big report to Congress that is on the internet?
MS. FRAWLEY: Yes.
MS. FYFFE: Both of those documents are huge.
MS. FRAWLEY: Yes, but I want to make sure that everybody has them. I don't think we should assume that people have them. We will make sure.
MS. FYFFE: I appreciate that.
MS. FRAWLEY: If we can move on to our next agenda item, this has to do with the hearings that are planned to be held on July 20 and 21 in Chicago on unique identifier for individuals.
Agenda Item: Discuss Plans for Hearings on Unique Individual Identifier.
The subcommittee on standards and security has developed a draft which we discussed at our subcommittee meeting on Monday.
We have identified, and staff has been very helpful, in putting together a series of questions that would be provided to any prospective witness.
Obviously, people can elect to request the opportunity to testify orally or certainly would be able to submit written testimony for consideration.
What the subcommittee on standards and security have outlined is a series of questions. The reason why it is before this subcommittee is because this subcommittee has agreed to work with the subcommittee on standards and security regarding this issue.
If you remember, last September when we forwarded our letters to the Secretary -- and there were two letters, one from the full committee and one that was authored by Richard and Robert Gellman outlining their concerns -- we felt it was premature to make a recommendation on a unique health identifier for individuals without the opportunity for input from industry.
We also expressed some concerns that, in the absence of privacy legislation, that we had some concerns about making a recommendation.
The purpose of these hearings is to lay out an opportunity for input.
There is a series of general questions. There is also a series of questions regarding the criteria and characteristics for an identifier.
The important thing for this subcommittee is on page three, and I think there are two areas that I just want to bring to your attention.
On page three there are four questions that are listed under confidentiality and privacy and then there are some questions under approved uses.
So, for the purposes of this subcommittee, I would kind of like to focus our discussion on those.
Basically, what we are asking people who would be interested in providing testimony would be to respond. Again, you can see from the number of questions that they can elect whether or not they want to respond to all questions or focus their testimony on certain questions.
So, under confidentiality and privacy, the questions that have been drafted by staff are:
What are the major confidentiality and privacy concerns associated with the health identifier for individuals and how should they be resolved.
The second question is, what privacy principles should underlie the choice and implementation of an identifier.
Three, the Secretary has statutory responsibility to adopt a unique health identifier for individuals. She is also committed to upholding the right to confidentiality expressed in the consumer bill of rights and responsibilities. How would you advise the Secretary to proceed?
Four, should the implementation time frame for the identifier for individuals be linked to the passage of privacy legislation or regulation.
Those are the four questions that are in the draft document that staff has presented.
Under approved uses, three questions there are, what uses should be approved for the health identifier for individuals.
Should there be limits placed on its use. If so, what should the limits be.
Then a third question is, how would such limits be enforced.
Those are really the questions that have been developed for prospective witnesses. What I wanted to bring before the subcommittee was just to highlight those questions, find out if there are any recommendations for any additional questions.
We still have time, as a subcommittee, to make recommendations to staff. So, I mean, it is not like a closed door today. I mean, I want to bring that up, just to make sure that there isn't anything obvious that people see we are missing in that particular arena.
Then the other thing that I wanted just to raise to the subcommittee was, in addition to these questions, we have recommended that we need to really be very aggressive in identifying consumer advocates and privacy advocates, to make sure that they are aware of the hearings in July.
We do have a second hearing scheduled for September, which will be preceding the full committee meeting here in Washington. We have talked about scheduling a third hearing, date uncertain.
So, there would be a series of hearings that are planned. So, in addition to the questions, the second issue is to make sure if anyone has specific recommendations for constituencies that we need to make sure are aware of the hearings, and give them the opportunity.
We will give the usual notice in The Federal Register. Obviously, we will outreach to groups that have testified before.
Again, we just want to make sure that the concerns that we have had is that this is an open process, that it is inclusive, that any group that could be impacted by this particular recommendation, we want to make sure that people are aware and have an opportunity to participate in the process.
I just throw it open for any comments on the questions or any suggestions for witnesses.
MR. SCANLON: Kathleen, I wonder if the subcommittee would even want to propose co-sponsor with the subcommittee on standards.
MS. FRAWLEY: The question before the subcommittee is whether we would like to co-sponsor the hearings in conjunction with the subcommittee on standards and security.
DR. COHN: I think that is a good idea. I actually had been presuming that that is what was going to be happening.
MS. FRAWLEY: I personally think it sends a message that we think this is important. As opposed to just having it sponsored by the subcommittee on standards and security, I think the fact that it would be co-sponsored by both subcommittees sends a message to the public and to industry that we think this is an important issue.
MR. BLAIR: If there are witnesses that come to us and are interested in testifying, who should we direct them to?
MS. FRAWLEY: Staff.
MR. BLAIR: When you say staff, who on the staff?
MR. SCANLON: Let's see, either Wendy Liffers or Judy Ball. They are putting together the witness lists.
DR. COHN: Kathleen, actually I think this is a classic cross-cutting issue. I propose that we do co- sponsor it.
MS. FRAWLEY: Are you making a motion?
DR. COHN: Yes, I am making that motion.
MS. FRAWLEY: Can we have a second?
MS. WARD: Second.
MS. FRAWLEY: Any discussion on the motion?
DR. COHN: If the two subcommittees of the committee are co-sponsoring, then isn't it a committee activity instead of a subcommittee?
DR. DETMER: I think it depends on which subcommittee maybe wanted to take the lead on it. I agree, by definition it is a full committee issue at that point.
DR. HARDING: There are actually three subcommittees, though, so it isn't required. I was mixed up in the reorganization.
DR. DETMER: If there are a couple that are involved, it is a committee deal at that point. I guess the concern or question I have got relates, I think, to part of what I was hearing Bob Gellman say yesterday, and I think there are ways of dealing with it.
In a sense, as I read this and as I see the committee's role, the Congress already mandated that, in fact, the Secretary would come forward with an identifier.
Our role relates to giving advice on that consistent with, in fact, the law that is already on the books.
I think that there is a possibility -- I guess it is a question for this group -- but if you did have two committees doing it, it might seem even moreso that we really have no question about the idea of an identifier, period, and that we are just now looking at which one we would suggest.
The privacy committee, I think, in a sense has the capacity to look at this perhaps more abstractly, if you will, as a broader issue, although clearly I think the mandate for the NCVHS is to, in fact, advise the Secretary so that hopefully, given the laws as written, she will do a better job.
I don't know quite how to tease all that out, but if you do have the standards and security, clearly you are talking about moving right on along to the standards side of it.
Maybe one way -- I see real good reasons, actually, to have it as a joint activity. I am frankly not unsupportive of that.
Maybe in the general questions allow at least people to testify, to sort of also weigh in and make the case on whether in fact this is even a good idea would be not inappropriate.
It is a public hearing, and letting people make the case on why, in fact, maybe the Congress wasn't as wise as it might have been --
MS. FRAWLEY: Maybe that should be added to general questions.
DR. DETMER: Yes. It is true, for example, when I testified to Health Ways and Means Subcommittee, I was asked, what kind of a job do you think we have been doing.
It is not as though -- I think at times they wonder that themselves and that might be a good general question.
MS. FRAWLEY: Why don't we make that recommendation, then. Wendy is here and will be working with Judy Ball.
Perhaps we could add a general question. I think that is an important point. There has been a fair amount of debate within industry as to whether there is a need for a unique health identifier for individuals.
There is that broader question as to whether or not there should be one. I think that Don's point is good, that we need to make sure that we get that public debate out there.
DR. DETMER: Yes, I mean let the case be made. It is already a matter of law and that is what we are having to do, I think, here. I think it is not unreasonable to let that debate be out there.
MR. BLAIR: Suggestion? Instead of raising it in terms of whether or not there is a need, I think that as we have listened to testimony, no matter what solution for an identifier has come up, one group or another objects to certain aspects of it, so it has been difficult to get consensus on an identifier.
I think if we were to instead phrase it, instead of whether there is a need, we should wind up saying, what alternatives are there to a unique health identifier.
That way we solicit solutions and alternatives instead of just objections.
MS. WARD: I think if you have an alternative, you have to have it based on an objection. I think it is letting people say there is an objection and ask them to please not just come in and object, but then to give us some alternatives.
I like Jeff's idea, but I don't think you can talk about alternatives unless you give people the opportunity to say, I don't like this law; I think it was a mistake, and there are alternatives.
DR. COHN: Actually, I like Jeff's idea also. I was going to comment that I really do like the questions that were developed by the staffers.
I want to compliment them on them, especially number 23, which I thought was actually a very nice way of beginning to get into the question of the Secretary's dilemma of how to proceed.
I think that also begins to address really the question of what should be done, in probably a non-inflammatory way. Maybe those two questions begin to solve that issue.
MS. FYFFE: I think we have to go back a bit to the history of why unique health identifiers were originally thought to be necessary.
That has to do with the use in electronic data interchange. You know, the work group for electronic data interchange and others said that one of the problems in being able to send information about individuals and plans to employers and so forth had to do with the lack of a non-standard identifier for individuals, employers, health plans and health care providers.
In fact, if you look in the law, section 1173 is called standards to enable electronic exchange. B under there is unique health identifiers.
So, really, I can understand the history of this and how we have gotten away from the original intent of the need here.
It started out as really a technical need, to have a unique identification number, a unique address, in order to send all these transactions.
With that in mind, these questions we have come up with, when you say in use in the health care system, I think we need to add a sentence or a clarification that this has to do with the electronic exchange of information. It is not just the health care system itself.
I don't think we would have come up with the need for a unique identifier, had it not been for the impetus of EDI.
MR. BLAIR: Do we have jurisdiction beyond the health care industry, though?
MR. SCANLON: The limitation was -- it is both actually, Kathleen. It is to promote and enable EDI, but it is for use in the health system. It is not meant to extend beyond the health system.
MS. FYFFE: Correct, but you know, the original intent was not to do all the evil things that people have since said are going to happen.
Now, there are always unintended consequences, but I think again in our questions we want to get back to add maybe one sentence to that.
MS. FRAWLEY: I will ask Wendy to follow up with Judy on that. The motion that we have before us is whether or not, as a subcommittee, we want to co-sponsor the hearings with the subcommittee on standards and security. That is the motion that is presently pending.
So, is there any other discussion? Any further discussion on the motion? Okay, then I will call the question. All in favor of the motion that the subcommittee co-sponsor the hearing, say aye.
[Voices heard in the affirmative.]
MS. FRAWLEY: Negatives? Abstentions?
[No response heard.]
MS. FRAWLEY: Then we will ask Wendy Liffers, who is currently serving as staff to the subcommittee, to coordinate with Judy Ball, also express our recommendations from this subcommittee meeting regarding the general questions and also adding some language to make sure we are clear in terms of that. Thank you for that.
The next item on our agenda, which is an important one because we have gone on record as promising a response to Congressman Thomas, is the draft Qs and As in response to the hearing that Don Detmer testified at on March 24, before the House Ways and Means Subcommittee on Health.
We do have a document that was distributed to you which is the follow-up information that was requested by Congressman Thomas.
We have sent a letter back to the congressman advising him that the committee would discuss this at the meeting in June and would then forward a response on.
So, we are under the gun in this subcommittee meeting to discuss this response, and this is the second action item that we would bring forward this afternoon, in the event that we are able to achieve consensus on the document.
What I would like to do is turn this over to Wendy, primarily because she is the staffer who has prepared this document for us to review and comment on.
So, I would like to let her walk us through it and then what we can do is, we have about 25 minutes to discuss the content and to make a decision whether or not we feel comfortable bringing it forward to the full committee this afternoon. So, I am going to turn it over to Wendy.
Agenda Item: Draft Qs and As in Response to Committee Questions to Dr. Detmer following 3-24-98 House Hearing on Health Information Privacy.
MS. LIFFERS: Let me just actually make a couple of quick caveats. I am new to this subject area. What you may see is some rather not-sophisticated detail in terms of this response.
One way I thought it would be good for me to dive into this is that I sat down with Bob Gellman. We basically very briefly brain stormed some suggested responses, just so the group would have something to react to.
Primarily the information here is taken either from the Secretary's recommendations or this committee's recommendations to the Secretary.
There are, frankly, a couple of areas where there are not even proposes answers yet. That may influence what you all decide in terms of going forward this afternoon to the committee.
If you have had a chance to look at this, you may also note that some of the questions are kind of ambiguous and we tried to interpret what we thought the committee was requesting. Again, your input, if you have a different interpretation, is welcome.
We can basically just walk through this, much as we did on the other one.
I apologize a bit for the length on the first one. I know that the preference for the responses to these things is generally to keep them short.
If we can try to pare some of this down and develop just short answers, we might try to get through as much of this as possible.
The first question, basically this was from Congressman Thomas' understanding, can electronic data, if properly protected, be even better protected than paper records.
The rest of the question really starts to delve into whether or not there should be stated preference toward directing movement toward electronic versus paper records, and carrots or sticks, and moving into electronic record keeping, and whether or not -- I guess we as a group need to respond to whether, you know, legislative responses to this are going to be helpful.
What you will see in the answer here is basically some of the statements from the committee and the Secretary that gave some background on why electronic data keeping seems to be the movement.
I don't know if it is best to really try to read through all this or give you a few minutes to scan it and ask for your response, whether you think this adequately addresses the question.
The remaining questions are a little bit briefer, but since this one contains a bit of information, maybe take a few minutes.
MS. FYFFE: Excuse me; what is the due date for this?
MS. FRAWLEY: Today.
DR. DETMER: Kathleen, I think it might be good to just go through them a question at a time, myself, rather than trying to read through the whole thing and then come back, because we are going to have to go through it anyway.
I would like to see us try to get as far along as we can on this. It has been a while since we met, and I know the committee is interested in our thoughts on this.
MS. FRAWLEY: The problem that we have is that the hearing was held on March 24. Congressman Thomas submitted his series of questions at the executive subcommittee meeting on May 21.
This subcommittee was asked, as part of its work plan, to provide the response for consideration by the full committee at its June meeting.
We have gone on record in a letter to Congressman Thomas under Don's signature saying, this will be discussed on our agenda at the June meeting.
MS. FYFFE: Okay, it will be discussed. Does it have to be confirmed? For example, I wouldn't mind, outside of the meeting, having a conference call with a couple of you and Wendy to hash through this in an hour or 90 minutes.
MS. FRAWLEY: The problem we have is that we have to have full committee approval. We can't postpone this to September.
MS. FYFFE: I don't want to postpone it. Is there a way, outside of this meeting, to hash through this and then circulate a draft to other members of the committee? We are really going on record here.
DR. DETMER: The question is, we really do have time right now to get into it. We may find that we get nowhere, but we may find that we get quite a ways.
MS. FRAWLEY: The point is, we should use our time as wisely as possible. You are being asked to look at response one, which is on pages one, two and a part of three.
A major part of this response is incorporating language from HIPAA and incorporating recommendations that came out of our report based on the hearings that we held in 1996-1997.
So, that is what we are trying to focus on right this minute. If you can just kind of stay focused and if we can get some things done, fine, and we will evaluate where we are at the time of the end of this meeting.
DR. DETMER: I guess the only thing I don't see in this, they are saying if we put a serious emphasis on trying to create a time line in which we move to the electronic era and then deal with the same concerns about individually identified records.
Maybe it is a question of trying to -- I like the answer that I see, but I don't know if it completely answers the question.
One of the questions that I have gotten into, we do have the time line that we are facing. We know, for example, that if Congress doesn't act by next August, regs at least are due the following February.
It seems to me that this issue has been vetted a fair amount on the Hill. So, from my own perspective, at least, it would seem to me that in terms of a time line, candidly it would be preferable to see them act on this, this year.
Now, that is not what they are planning on doing. We are on record saying also that they ought to move forward on this and the department ought to give it a very high priority and try to move on it.
Clearly from our own calendar, we are either going to be working on two sets -- if they do pass something next year, we will have been working on one set of regs and then have to stop and start all over on another set, it strikes me.
I don't know if I am over-reading and over-reaching --
MS. FRAWLEY: You have to look at the question, though. I just want to point it out. We are not talking about privacy on that time line. We are talking about if we put a serious emphasis on trying to create a time line in which we move the electronic era, and then deal with the same concerns about individually identified records.
What I am concerned about there, having sat at the hearing and listened to some of the Q and A when he was questioning you, the impression I was getting was that it was almost as if he was looking at whether there should be a mandate to move toward electronic records.
DR. DETMER: I think that is true. I mean, I think that is true but it is also, it seems to me -- I guess what I am getting is that the rate limiting step to move to electronic records is I personally believe the first piece of it is privacy and confidentiality legislation.
I really honestly don't see how we are going to see that move forward without that, but I am not trying to construct something here.
DR. FYFFE: The first sentence is troublesome in our answer, and it is not correct, particularly the last half of the sentence.
It says, the increased use and need for electronic records that are shared with entire networks of insurers, that is not true.
MS. FRAWLEY: I have no problem with deleting the first sentence. Wendy has already said that she has added some material.
What I am pointing out to you is that the sentence that starts with the reference to the health insurance portability and accountability act, which is in the middle of the next paragraph, and the next page, comes from the law and the committee report.
The first couple of sentences are gratuitous and Wendy has pointed out that she is more than happy to delete it.
MS. FYFFE: I am not trying to be particularly critical of anyone, but I want you all to know that I get calls from Time and Newsweek Magazine that make this assumption; that because of HIPAA, admin simp, records will be available to everybody and shared through big brother networks in the sky. It is not true.
MS. FRAWLEY: We know that and I get the same calls. They call you, they call Jim, they call me. They have like, you know, these speed dials. They just kind of shop around.
I think the point we are trying to make here is that health care is beginning to deploy more and more information technology.
As a result of the deployment of information technology, it is becoming increasingly an interstate activity.
The point is that HIPAA, you know, was enacted and lays out a schema and then, in turn, with some of the recommendations from our report and our testimony.
MS. SCHEIN: May I make a recommendation?
MS. FRAWLEY: Yes.
MS. SCHEIN: We just begin where we discuss the HIPAA and eliminate all those introductory statements about crossing state lines.
That sentence does say that the HIPAA does call for uniform standards for electronic transition, that it be separate standard development other than at the national level.
We don't really have to go into all this interstate information. We are saying that already. It would shorten the response a little bit.
MS. FRAWLEY: That is fine. That is what I was pointing out. Does everybody feel comfortable with that?
DR. DETMER: So, the first sentence is, in its administrative --
MS. FRAWLEY: We get rid of the first several sentences. A-1 would start with, in its administrative simplification requirements, the health insurance portability and accountability act. That is where it would start. Okay.
Page 2 is a complete summation of our report, and the testimony that we received at hearing. This is already public record. This is not something we are creating this morning. Just to make sure, because some of the members of the subcommittee are newer.
DR. DETMER: Actually, if you come back to your point relative to that first paragraph question, really we haven't specifically as a committee dealt with that question.
MS. FRAWLEY: Right; that is the problem.
DR. DETMER: You know, relative to the first paragraph, we haven't really engaged that question. I wouldn't mind seeing us do it, but we haven't done it to my recollection.
So, maybe a sentence relative to the first one, that actually the committee has not talked about either incentives or disincentives to moving rapidly to electronic records. We just haven't done it.
MS. FRAWLEY: Why don't we do this, that at the end of the response, just add that.
DR. DETMER: Yes, and I think it might be worth mentioning that we do have a new work group on computer based patient records, and that that committee may engage that question, but it hasn't to date.
MS. FRAWLEY: Okay, do people feel comfortable with that addition?
MS. WARD: Yes, I think this is not the time or place to start making new assumptions about this whole area without the kind of good debate that we have in the meeting.
MS. FRAWLEY: Okay, second question on page 3.
MS. LIFFERS: This question basically addresses keeping track of who accesses information. Bob seemed to recall that perhaps this group had said something along the way about audit trails.
I couldn't find anything specific in the recommendations. I don't know if there is a different form.
DR. COHN: Actually, I think audit trails were included in the subcommittee on security -- whatever it used to be called.
MS. LIFFERS: The subcommittee on health data needs, standards and security.
DR. COHN: There was actually a two-page report that actually Kathleen was responsible for drafting, that included audit trails.
MS. FRAWLEY: Right, which was signed by Don on behalf of the full committee.
DR. DETMER: It did speak to people being able to look at who accessed their own records. That is what this question talks about; can a patient come in and find out who, in fact, accessed their record, the way I read it.
It seems reasonable that if we, for example, move toward a system which would allow for determination of who accessed it, to make that accessing of the records available, my sense is what you are asking there is can you find out who saw your records.
DR. COHN: My memory is somewhat vague, and I think Kathleen knows more, but I think that was somehow addressed. Maybe I am confusing the letter versus the --
DR. DETMER: Clearly the issue is audit trails. We just need to check. It may be, as far as that goes.
MS. FRAWLEY: It was in a letter to the Secretary.
DR. DETMER: Clearly, it is the audit trail area.
MS. FRAWLEY: The point is that we can say that in a letter directed to the Secretary dated on such and such a date, the committee recommended A, B and C. If we didn't make a recommendation on individuals, just say that. We are not going to be putting words on paper that we did not, as a group, already discuss. Do people feel comfortable with that?
DR. COHN: Kathleen, you are suggesting that this be taken directly from that letter to the Secretary without additional --
MS. FRAWLEY: Correct; what our recommendation was.
DR. DETMER: Right, and if we haven't made a recommendation or haven't really dealt with it, then it is not a piece of our record.
MS. FRAWLEY: We don't want to put something down that we something that we did not.
MS. FYFFE: Who developed these questions?
MS. FRAWLEY: This is an actual part of the hearing.
MS. FYFFE: Orally these were asked by Thomas?
MS. FRAWLEY: Right. Now we are on to Congressman Kluzeka's questions.
MS. FYFFE: It is going to get easier now. I have seen Thomas speak.
MS. FRAWLEY: Question two under Kluzeka, with respect to research currently being done by managed care companies, is that being done with the informed consent of the individuals.
MS. WARD: That is the only answer?
DR. DETMER: Yes. I think that is a fair answer. We don't know.
MS. WARD: As a committee -- they need to ask managed care.
MS. FRAWLEY: I understand that. Let's stay focused because we have 15 minutes left on the agenda for this particular item.
The question is, does the committee have recommendations -- remember, Don Detmer was asked this during a hearing. These are the specific questions from the oral testimony. We are responsible for coming up with a response that we have to present to the full committee.
When we say we have no information, is that an acceptable response?
MR. SCANLON: I think so.
MS. FRAWLEY: Question three, which has to do with the EU directive.
MR. BURKEL: I spotted a typo in our answer on the last line. Rather the, it has.
MS. LIFFERS: I guess the question is, should that last line be in there at all, emphasizing no privacy law generally.
DR. DETMER: I like the answer, personally.
MS. FRAWLEY: Is that response acceptable?
MR. SCANLON: May I suggest that you may actually be making a case for the fact that there are certain ways of meeting this. Could you be maybe not quite so definitive in saying, no, it does not. You could say, the United States may have difficulty --
MS. FRAWLEY: Why don't we take that sentence out.
MR. SCANLON: Right, I don't think anyone can be definitive.
MS. FRAWLEY: Let's take the first sentence out, no, it does not, and just start with, the EU directive. Are we ready to move on to the next question, what would be the impact on this country in terms of trade and research, should we not meet the criteria, and so forth, of the EU directive?
DR. DETMER: I don't think you need potential.
MS. FRAWLEY: Question five. Is it your view at this point, at least, we do not currently meet the specifics of that directive.
MR. SCANLON: Again, I would say, we believe the United States might have difficulty in meeting them.
MS. FYFFE: You could say currently does not meet all of the criteria.
MS. FRAWLEY: Okay, so we would modify our response to say that we believe the United States does not currently meet all the criteria of the EU directive. Acceptable?
Okay, Congressman McCreary. Question six. I want you to expound a little bit on the question of preemption of state laws.
I am a little concerned about what I perceive to be the Secretary's recommendation that we have a national law, a national standard, but that we allow the states to enact stricter standards.
How is that going to solve the problem of uniformity? It seems to me to be contradictory. Can you expound upon that?
MR. BLAIR: Can you read the answer to that? I am very interested in that.
MR. SCANLON: A definite yes and no.
MS. FRAWLEY: This is just for the purposes of the subcommittee's discussion. This is verbatim from our report.
DR. DETMER: Yes, we came down firmly on both sides of that, unequivocally.
MS. FRAWLEY: This is in our public record. This is not something that staff decided to draft.
MR. BLAIR: A definite maybe.
DR. DETMER: Yes, I guess maybe that first sentence could say, it was the most difficult conflict identified at the hearings we held, and didn't yield a clear answer.
MS. FRAWLEY: That is the equivocation.
DR. DETMER: That is where we came out.
MS. FRAWLEY: So, what we are going to respond on six is, preemption of state laws was the most difficult conflict identified at the hearings we held, and didn't yield a clear answer.
The NCVHS addressed preemption specifically in its recommendations to the Secretary as follows, and the next four paragraphs are from our recommendations.
MR. BLAIR: You don't have to read them all.
MS. FYFFE: I would just add in the date that we sent the recommendations to the Secretary, reference that letter or that document.
MS. FRAWLEY: Thanks, Kathleen. Question seven. Can you briefly, if you feel comfortable doing this, either on the part of the commission or on your own part, outline for us the reasons for having a national standard.
MR. BLAIR: For what; national standard for what?
MS. FRAWLEY: That is the question, Jeff. I am not going to debate that. I am just reading to you from the Congressional Record what the question was.
DR. COHN: That actually relates to the previous question where we are talking about national standards.
MR. BLAIR: Okay.
DR. DETMER: Is the rest of this also from the same report?
MS. LIFFERS: This is basically some of the findings just in the introductory materials from the committee's report.
DR. DETMER: Okay, that is what we could do is just reference the report and the date.
MS. FRAWLEY: Yes, we have to have a reference to a date.
DR. DETMER: Then, I guess since we are sending it back, mention -- it says on the part of the committee or my own part. I think we ought to say something like the committee's position on this, so it is obvious that it is not my own view.
MS. FRAWLEY: Okay, question eight. Can you talk about needing to guard against discrimination in a number of areas, including insurance. Most people, when they apply for insurance, are they not asked to reveal any health conditions that would have an impact. So, what is the problem on discrimination in insurance? If you see that as a problem, perhaps we should move to some sort of community rating. That would resolve that. Do you want to comment on that.
DR. DETMER: Probably, again, we ought to preface this, the committee's discussions have included the following, because I made some comments at the hearing that were personal views, but I identified them as that. It might be good to just say the committee's reflections on this follow, or something.
I think it is useful, actually. I think it is good to --
DR. COHN: This language is taken from our report.
MS. FRAWLEY: Yes.
DR. DETMER: You know, it could say something, to the extent that we have discussed this matter, the information follows.
MS. FYFFE: The word "instead" in the third sentence of the second paragraph, should that word be deleted, so the sentence begins, an already complex health privacy bill?
MS. FRAWLEY: That is fine.
DR. DETMER: I think it is particularly smart to refer to this as dated. There has been continued work on the anti-discrimination legislation, not by the committee, but certainly there has been quite a bit.
MS. FYFFE: Again, where you say the committee urged the Secretary.
MS. FRAWLEY: We already know that. Staff has already made the note that we are going to incorporate the date of our report.
Question nine, Congressman Bachero's questions. When they ask a question with regard to -- and this may be somewhat premature -- since we are trying to figure out what confidentiality and privacy to be, and how we address it, certainly some of what we want to protect will have to be done through statute -- e.g., state preemption.
Some areas are best left to regulation because they may need to change periodically and statutes would be too difficult to have constantly amended.
Do we have any sense right now, Dr. Detmer, what areas are clearly left to regulation versus statute? What should we not do? Is there any particular area that you could identify for us.
The following response is in our recommendations to the Secretary. We will note the date of those recommendations and the Secretary's report to Congress, which was September 11, 1997. That much, I know the date on that one. That is, again, from the report.
Hearing no comments, we are going to move to question 10, with regard to the whole issue of the data we collect and how we keep all that information, electronic paper, et cetera, what do you do with the non-profit, the community-based clinic, that already survives on a shoe string budget, if we determine that the best way to keep information safe is to go toward some electronic mechanism.
How do we help those that are barely surviving to provide health care, to now get to the point that they will abide by statute or regulation requiring them to provide protection to protect information.
DR. DETMER: again, I think we have heard testimony about this being a problem, but I don't think the committee itself has either engaged in looking for cost information or developing cost information.
MS. FRAWLEY: So, then we should just frame that as our response?
MS. FYFFE: Can't we also point out that the HIPAA law does not mandate providers to do this? They don't do this until they feel like they can afford to do it.
MR. SCANLON: The EDI part of it, but for privacy legislation, they would be.
MS. FYFFE: Yes, but I think they are talking about shoe string budget and electronic mechanism. You don't have to do an electronic mechanism if you don't want to.
MR. SCANLON: That is probably the answer. We could just say that HIPAA does not mandate that providers engage in EDI.
DR. DETMER: I think that is worth putting in. I think it is also worth following, though, that this issue of cost was raised by people in their testimony but we as a committee have not reached a formal -- either pursued cost or generated research on it.
MS. FRAWLEY: So, we are going to have a two-pronged response. The first part of the response will indicate that the health insurance portability and accountability act of 1996 does not require providers to exchange information electronically.
MS. FYFFE: Does not mandate that providers.
MS. FRAWLEY: Right. Second is that, while there were issues raised regarding cost at hearings held by the subcommittee, there was no recommendation made by the committee on this issue.
MS. WARD: When we make this statement about the law, would we reference the part of the law, where that actually comes from?
MS. FRAWLEY: Staff will do that. Anything that we are referencing, staff will make sure we have dates and the appropriate references.
The point is to get through the substantive content so that we can bring this forward, because we are really -- unfortunately it is an issue that we, as a subcommittee, have to deal with.
I apologize that there was no advance on this, but be this as it may, we are sitting here and we have got to plug on.
This is the question from Congressman Thomas, and this goes back to the fact that there are a number of statutes on the books, and the staff has listed, and then he proceeded with his laundry list -- the privacy act of 1974, the Americans with disabilities act, the controlled substances act, and most recently the balanced budget act.
Did the committee review those, and can you give us any lessons learned from the implementation of these earlier federal statutes in terms of either their applicability or difficulty of converting.
Do you have any cautionary words about the way in which we might approach this particular area of privacy, vis-a-vis what we have done in the past, in what may be seen as somewhat similar or related areas.
MS. FYFFE: Don't give me the Reader's Digest answer.
MS. FRAWLEY: The bottom line is that we did not examine the privacy act or any other laws in any depth in developing our recommendations. That is the short answer.
DR. DETMER: I think that is what we go with.
MS. FYFFE: Yes.
MS. FRAWLEY: Do we feel comfortable with that? All right. I should also note, the balanced budget act hadn't even been passed yet when we did our deliberations, but that we don't need to get into.
Moving right along, we are on question 12. While you look at these various particulars, the other thing I am most concerned about is the balance between statute and regulations.
If you could create some bright lines for us so that would be most appropriate in legislation versus areas that probably are going to be changing, and we can review, and lock up in legislation in the future, or perhaps might lead to legislation.
You have our response. Those are specific quotes. Again, we will duly note dates.
All right, back to Congressman Bachero, question 13. Was there a great deal of discussion about what you do after the privacy information has been disclosed.
What about the person who has a mental history, and those records are disclosed, or has the AIDS/HIV virus. What happens in that case when the cat is out of the bag?
Did you propose or discuss what should be the remedy in those cases.
Then question 14, if you continue, if you could give some close attention to giving us some strong and specific recommendations on sanctions, because there will be all sorts of special interests in trying to fight to either make them very strong or very weak, and it would help if we had some good guidance from those who are examining the whole issue.
Give us a sense of how strong or how weak we should be in regard to sanctions, if we find that, in fact, information is disclosed.
The response to those two questions that were posed by Congressman Bachero is as follows. You have an exact quote.
DR. DETMER: That looks fine, again, with the usual business of date and where sort of business. IT seems to me that maybe what we could do is obviously we won't have this rewritten so that it will be ready for the full committee.
MS. FRAWLEY: Don, Wendy has indicated that she should be able to, after this, go back and revise the document.
DR. DETMER: Oh, really? Fantastic.
MS. FRAWLEY: We have excellent staff here.
DR. DETMER: Wonderful.
MS. FRAWLEY: We have hard workers here. So, Wendy is going to go back. She is going to revise the document based on the discussion that we just had, indicate the appropriate dates that we need, make the necessary modifications.
The question that is before the subcommittee now is, do we feel comfortable as a subcommittee, moving this forward to the full committee this afternoon as an action item.
That would be our second action item for consideration this afternoon.
DR. DETMER: So move.
MS. FRAWLEY: Second?
MS. FYFFE: Second.
MS. FRAWLEY: Thank you. Discussion? Do you feel comfortable if I call the question? Okay, all in favor say aye.
[Voices heard in the affirmative.]
MS. FRAWLEY: Opposed? Abstentions?
[No response heard.]
MS. FRAWLEY: So moved. I hate to kind of be a task master, but it was something that we needed to get done.
MS. FYFFE: Excellent job, Ms. Task Master.
MS. FRAWLEY: It is not my normal style. I would like to have a little bit more discussion, but we inherited this and we were under a time constraint.
The last document that you have that I passed out is a document that is called NCVHS subcommittee on privacy and confidentiality 1988 work plan.
I also handed out an article to you that is information from BNA's health care policy report on the pharmacy group to work with Congress to enact consumer protection standards, and there is a reason that I handed that out to you that I will explain in a minute.
Agenda Item: Plans for Future Topics of Inquiry.
MS. FRAWLEY: What you have before you is our work plan from the subcommittee. What I have done just for ease, I went back to our minutes and pulled out all the recommendations that we have made as a subcommittee to date in terms of issues that this subcommittee has agreed that we would address.
The first issue was to follow up on the round table discussions held in January regarding identifiable data and data registries.
Our task was to review the letter and the briefing book under Tab K and to forward that on, if we felt comfortable, for approval at the full committee meeting. That will be our first action item this afternoon. That is done. So, we can take that off our work plan.
The request for follow up information from the House Ways and Means health subcommittee, again, the task was to review the responses drafted by staff, approve them, and forward them on for consideration of the full committee. That was our second action item, which we have completed. So, that is done.
The third item on our work plan was, we have raised the fact that we believe that confidentiality and privacy issues related to pharmacy benefit management, and use of prescription information merits activity in this area.
So, I have just outlined, under activities, that we may want to have a hearing or a round table discussion to elicit information on industry practices, and issues regarding confidentiality and privacy.
That is why I gave you the copy of the article from BNA. Not to put Roy Busowitz on the hot seat, but the article just points out that Roy's organization, the National Association of Chain Drug Stores, is committed to privacy and confidentiality, and working in this arena.
We thought it was important because it was an issue that was on our work plan, that we might want to take some activity in this area.
The question that I raise to the subcommittee is, do we want to have a hearing; do we want to have a round table discussion; do we want to have a briefing at a subcommittee meeting; what would the committee like to do.
MS. FYFFE: Wouldn't a round table -- let me clarify. A round table is similar to what we did when Tanya was here.
MS. FRAWLEY: Correct.
MS. FYFFE: That was really good.
MR. SCANLON: There was more opportunity for interaction.
MS. FYFFE: Yes, very informative.
MS. FRAWLEY: So, then what we can do is plan to schedule a round table discussion. What we will have to do is ask staff to coordinate, because we do have a master calendar of hearings and full committee meetings, and not to over-burden anyone's schedule, since we all sit on more than one subcommittee or one work group.
The idea would be to have a round table discussion and we would ask the appropriate representatives -- the National Association of Chain Drug Stores, the National Council on Prescription Drug Programs, other pharmaceutical groups, and certainly would look to probably some input from some of our, you know, participants in industry, to come forward and have a round table discussion so that we can really understand the flow of information and really be helpful in this arena.
We obviously would follow up, then, with a letter to the Secretary with any recommendations that would come forward to the full committee. Do people feel comfortable with that recommendation?
[Voices heard in approval.]
MS. FRAWLEY: Okay, next item on the work plan we have accomplished, which is the unique health identifier for individuals.
We have reviewed the list of questions. We have made recommendations to staff to bring back on incorporating some recommendations for questions.
We have voted to co-sponsor the hearings with the subcommittee on standards and security. So, that is essentially completed on our work plan.
The next item is the relationship between the confidentiality of health information and health care anti-fraud activities.
The recommendation on our work plan was to propose a hearing or a round table discussion to elicit information. The good news is that Kathleen Fyffe has already volunteered to lead the activity in this area.
The question before the subcommittee this morning is what we would like to do in that arena, so that Kathleen can go ahead and work with staff.
MS. FYFFE: Actually, I would prefer a round table discussion, but I would defer to the committee's judgement on that.
MS. FRAWLEY: Do people feel comfortable with the recommendation for a round table discussion?
MS. FYFFE: This would expand on one of our hearings we did have a group of people --
MS. FRAWLEY: Right, there was a first hearing we held in January in Virginia.
MS. WARD: So, this would expand on what information we got from those entities?
MS. FRAWLEY: Correct. Okay. Then the last thing on our work plan is that we did some brain storming in early 1977 on a number of issues, just to bring people who are newer to the committee up to speed.
When we did some brain storming for our work plan, the other issues that are outstanding that are reflected in our minutes and our reports to the full committee are the issues of health privacy in employment, certificates of confidentiality, provider confidentiality, off-shore exportation of clinical data for transcription, data mining, and use of information for marketing.
Those are all sitting out there on the subcommittee work plan. Obviously, we only have X number of resources.
So, the question before the subcommittee is, we have now identified the fact that we are going to have a round table discussion on pharmacy benefit management and use of prescription information, and we have agreed that we will have a round table discussion on the confidentiality of health information and health care anti-fraud activities.
The next question is, keeping in mind our work plan, is there a particular item on that list that we would like to move forward to the top of our agenda.
It is health privacy and employment, certificates of confidentiality, provider confidentiality, off-shore exportation of clinical data for transcription, data mining, and use of information for marketing.
DR. COHN: I vote for number one on that list.
MS. WARD: That is where I was heading because back home or what we have heard here, when you ask people what are you worried about, they will say, discrimination in my insurance or my employer discriminates against me.
To me, that is a theme that I have been hearing for five years from the public and we have just barely scratched that issue.
I think one of the most important comments we got from one of our previous hearings was from the Occupational Nurses Association, information I had not hear about.
MS. FRAWLEY: Okay, so we will add that to the top of the list. The question that we have is we would like to go with hearing, round table, briefing, what type of activity would the subcommittee like to move forward and do we have a volunteer who would like to take the lead role on that.
Okay, let's start with the simple one. Do we want a hearing, a round table discussion a briefing?
MS. FYFFE: On all of these?
MS. FRAWLEY: No, on health privacy in employment.
MS. FYFFE: Round table.
DR. COHN: I presume that this is really a discrimination discussion as opposed -- I mean, a piece of it is privacy but a lot of it, I think, has been referenced in our previous work as really a discrimination issue. Is that correct; the focus of a round table or a discussion on this?
MS. WARD: I think that is one of the consequences of getting access to information, perhaps an employer should not have, but that is just one piece of the issue.
Is there access occurring that shouldn't occur? Where is it occurring? What are some of the consequences of that, all of that list of things that have been presented to us.
DR. COHN: I think this is a big issue. I am not sure whether a round table -- I think there actually are people who want to come in and testify about some of the issues around this.
DR. DETMER: It seems to me that you know your issue. We are bumping up against 10:00 o'clock. Maybe what would be good is to elicit somebody to head it up and see if they could then help shape the agenda and go from there. I think it is wonderful what you have accomplished.
MS. FRAWLEY: Do we have a volunteer? Simon keeps raising his hand.
DR. COHN: I wanted to bring something else up. I did not want to volunteer.
MS. FRAWLEY: So, we have no volunteers for this activity. Then I will say that Richard and I and Wendy will assume that responsibility and we will come up with something that we will send out to you via e mail or whatever your preferred vehicle of communication is, to take a look at.
Obviously, this will come probably more into our 1999 work plan, because we have already agreed to hold round tables on some more issues.
So, we are not talking about something in the short term. It may be a little longer term.
DR. HARDING: This will be health privacy in the work place or something like that?
MS. FRAWLEY: I think we can flesh that out and put it out to individuals.
DR. COHN: I just wanted to, I think, add in all of this, because I am feeling a little bit pressured in terms of both the work plan and the discussion today.
I know we had a lot of things that needed to be acted on, but I would like soon for us to have some time where we can just talk about the work plan and priorities and brain storm a little bit.
I don't want this to be so pressured that we don't have an opportunity to do that in an early time frame.
MS. FRAWLEY: I think that is an important point because, not to make you completely crazy, I have three other things that I just kind of jotted down, just to kind of keep us on the radar screen.
Again, if you look at some of the discussion that we had on Monday and Tuesday, we did receive some materials yesterday on the EU directive and the presentation that Bill Lawrence gave to the Data Council.
We also received a document on privacy and the national information infrastructure, and we do have a work group, as part of the full committee, on that issue.
We have also heard reports at the full committee on genetic privacy, and some of the work ongoing in terms of the human genome project. Those are also things that we need to add to our radar screen.
It is not that we will have time to discuss that, but I think that, as Simon pointed out, we will need to, as a subcommittee, plan some time when we can sit down and articulate a vision for this work plan and kind of lay out some priorities.
I did want to at least put something together, just for the purposes of this morning's meeting, just to guide us through that discussion.
Is there any other business that anyone wants to bring before the subcommittee? Hearing none, I declare the meeting ended. Thank you all for your participation.
[Whereupon, at 10:05 a.m., the subcommittee meeting was adjourned.]