Thank you for inviting me to testify on standardizing immunization surveillance data. My name is Paul Tang. I am Vice President of Epic Research Institute, a division of Epic Systems Corporation. Epic is a vendor of health-care information systems, including computer-based patient record systems (CPR systems). I also serve as Medical Director of Clinical Informatics at the Palo Alto Medical Foundation (PAMF), where I practice part-time in the Internal Medicine department. I serve on the Boards of the American Medical Informatics Association, the Computer-based Patient Records Institute, the American College of Medical Informatics, and the Joint Healthcare Information Technology Alliance.
I thought I would begin my testimony with a future vision and work backwards to derive the standards necessary to implement that vision. I envision that by the year 2010, the majority of physicians in United States will be using computer-based patient records. CPR systems will provide clinicians with seamless, secure access to composite health records of their patients. Naturally, health maintenance records, including immunizations, will be a part of the CPR and the system will automatically remind me of preventative health services that are due when I am seeing a patient in my office. At the click of a button, I will be able to order the relevant immunizations, document its administration, update the patient's record, and update the national immunization registry. The update to the national registry will include my unique provider ID, the patient's unique health identifier, the date and time the vaccine was administered, and other relevant details regarding the immunization. Using the national immunization registry, the CDC will have convenient access to the immunization status of regional and national populations in the United States. In addition, because my CPR will have active links to the national registries, the CDC will also have a mechanism to “push” new guidelines to my CPR. I can elect to accept those guidelines and take advantage of computer-based reminders to help me improve my performance on nationally accepted guidelines.
Technically, the scenario I just described is feasible today. Among the major challenges to overcome, I would like to emphasize three: 1) passing comprehensive privacy and confidentiality legislation, 2) adopting unique health identifiers, and 3) setting standards for surveillance data. In your advisory role to the Secretary on HIPAA, you have been clearly dealing with numbers 1 and 2. The goal of this panel is to provide input on surveillance data standards. I propose to address this topic by outlining a phased approach to developing national and regional immunization registries and their connections to CPR systems in the community.
For the purpose of this discussion, I will define three possible phases for interacting with a national registry from providers’ offices:
I. Access to National Immunization Registries
II. Integration with Computer-based Patient Records
III. Computer-based Decision Support for Immunization Guidelines
In the first phase, providers will be able to access nationally maintained registries over secure Internet connections using a web-based interface. Security and authentication procedures would be similar to those used in conducting electronic commerce transactions over the Internet. Amazon.com has processed over 6 million credit card transactions over the Internet. Each provider would need an authentication certificate issued by a trusted authority, a unique provider ID, and a secret password. A password would be issued to the provider only after signing a stringent confidentiality agreement which would include penalties for violating the agreement, such as exclusion from federally sponsored insurance programs. All communication would be encrypted
Because of the universal availability of Web browsers, the costs to providers to access the registry would be minimal. Similarly, the cost to operate the registry is relatively contained, since the registry owner does not have to worry about either supporting or updating the client browser software.
Because of the migratory patterns of patients and consumers in the health-care system forced by the constantly changing payer landscape, immunization registries must be based in large geographic areas at the state or national level. Consequently, we will need to ask providers to submit immunization transactions to their state or national registry on a regular basis. This could be done through an automatic nightly upload to the registry. In return, providers could benefit from this electronic data-collection function by having automated (and perhaps CDC-verified) HEDIS-compliance reports generated from the national registries. Parents could access and retrieve immunization records for schools and camps. Not only would this offload physicians’ office staff, but also, speaking as a father, it would be a major convenience for parents.
The technical requirements for this to work are primarily standards-related. We need a standard data set for immunization transactions and standard message formats to transmit the required information. The CDC worked with HL-7 to develop messaging standards for immunization transactions in version 2.3 of the standards. We also need data standards to insure that we transfer data efficiently and preserve their original meaning. Otherwise, we will not be able to produce a composite immunization record for an infant, who may receive vaccinations in the hospital and at multiple clinic sites in her early years of life. The standards should include a template for immunization records which include core data fields, and their responses, that satisfy the needs of both practitioners and public health officials. Vendors of health-care information systems recognize the need for explicit and specific data and messaging standards to help realize the vision I described above. We support the efforts of the CDC in this regard.
We also need national unique identifiers. I cannot let this opportunity pass without making a plea for the adoption of national unique health identifiers for individuals. The national immunization registry is an outstanding example of a public good that is critically dependent on the existence of a robust identification method for all individuals. To maintain accurate records on individuals who receive care at multiple sites from multiple providers we need a consistent and reliable method of uniquely identifying each person. Once comprehensive privacy laws are passed, my hope is that HHS will move quickly to recommend and implement a national individual health identifier.
At the conclusion of this first phase, all providers would have access to important health data on their patients, and public health agencies would have the needed epidemiological data they need to protect and improve the health of the population.
Even though access will be nearly universal by the end of phase I, looking up immunization records of patients would still require a separate action by providers. Phase II should eliminate the need for provider-initiated activity and instead facilitate behind-the-scenes electronic querying of the information by the providers’ CPR systems. By integrating immunization data within the CPR, this data just becomes another piece of relevant patient information.
Technically, this requires collaboration between the registry operators and the vendors of CPR systems. We would need precise standards in place so that all vendors can speak the same language. CPR systems should be able to automatically retrieve immunization records of patients on a need-to-know basis. New functions would have to be implemented in the registries and CPR systems, and new message formats would have to be added to HL-7. For example, in addition to the messages that transmit immunization information, we would need messages that check for access permissions and support audit functions needed for system security.
The benefits of this further integration would be seamless operation for the provider. In today’s demanding practice environment, we cannot afford to increase the administrative burden on the provider.
By the end of phase II, we would have integrated access and update capability within the CPR. The next step is to put in place a mechanism to disseminate new information electronically so that providers can quickly act on the recommendations from public health agencies in a seamless way.
CPR system vendors are beginning to introduce decision support capability in their products. Patient-specific reminders have been shown to increase provider adherence with guidelines effectively. I can illustrate this by drawing on my experience at Northwestern.
As part of an NLM-sponsored research project, we divided a large general internal medicine practice into two groups. We chose to conduct our study with attending physicians instead of residents so that our results would be more representative of the broader physician community. One group of physicians used EpicCare, a computer-based patient record system, the other continued to use the traditional paper record.
We measured providers’ adherence to the flu vaccine guideline for four years – two years before and two years following implementation of the CPR. We found that the physicians using a CPR system, which included computer-based reminders, increased their compliance with the flu vaccine guideline by 78 percent whereas the physicians using the paper record did not change their compliance rate. The health and cost consequences are well known to you.
This is the kind of results we could all expect to achieve, if we implemented immunization reminders nationally. To do this, we need a reliable method of implementing clinical reminders. My experience at Northwestern, using a commercially available CPR, reconfirms the value of computer-based reminders that was established many years ago by Dr. McDonald. We also confirmed that, although clinicians may be “nonperfectable” (to use Dr. McDonald’s term), they are generally educable.
It is interesting to note that in our study, as many as 20 percent of the patients who received the vaccine, received it elsewhere. This again illustrates the need for regional registries, and standards for exchanging data.
In summary, national and state immunization registries would be valuable assets for public health officials and primary care providers. Linking these registries with computer-based patient record systems would provide a seamless way for clinicians to continuously update the immunization registries and to act upon the latest immunization guidelines as a part of routine practice.
The technical problems are largely solvable. We must turn our attention to the human processes involved in setting standards and policies so that we can quickly bring the benefits of immunization to all populations at risk. I believe that adopting the general principles and recommendations proposed by the CDC will bring us a lot closer to this goal.