[This Transcript is Unedited]

DEPARTMENT OF HEALTH AND HUMAN SERVICES

NATIONAL COMMITTEE ON VITAL AND HEALTH STATISTICS

SUBCOMMITTEE ON PRIVACY, CONFIDENTIALITY AND SECURITY

JUNE 15, 2010

Sheraton Crystal City Hotel
1800 Jefferson Davis Highway
Arlington, D.C. 22202

Proceedings by:
CASET Associates, Ltd.
Fairfax, Virginia 22030
(703) 352-0091

Table of Contents


P R O C E E D I N G S 9:14 a.m.

Sensitive Information in Medical Records

Agenda Item: Introductions

MR. HOUSTON: Good morning everybody. My name is John Houston. I am Vice
President for Information, Security, and Privacy and Assistant Counsel at the
University of Pittsburgh Medical Center.

I, along with Leslie Francis, Co-Chair of the Subcommittee on Privacy,
Confidentiality and Security of the National Committee on Vital and Health
Statistics and CVHS as a Federal Advisory Committee consisting of private
citizens that made recommendations to the Secretary of HHS on matters of health
information policy.

On behalf of the Sub-Committee and staff, I want to welcome you to today’s
hearings on Sensitive Information. We will begin with introductions of the
Sub-Committee staff, witnesses and guests. Sub-Committee members should
disclose any conflicts of interest; others need not do so. So with that I will
turn it over to Leslie for hers.

DR. FRANCIS: I am Leslie Francis. I am Professor of Law and Philosophy at
the University of Utah and Co-Chair of this Sub-Committee and a member of the
Full Committee of NCVHS. I am also currently working on a sub-contract on
non-HIPPA covered entities or ONC if that is a conflict, I disclose it. I am
not sure that it is however.

MS. BERNSTEIN: I am Maya Bernstein. I am a Privacy Advocate of the
Department of Health and Human Services. I work in the Office of the Assistant
Secretary for Planning and Evaluation. I am lead staff to this Sub-Committee.

MS. HORLICK: I am Gail Horlick. I am staff to the Sub-Committee and the
Centers for Disease Control and Prevention in Atlanta.

MS. MILAM: I am Sallie Milam. I am Chief Privacy Officer for West Virginia’s
Executive Branch and I am a member of the Sub-Committee and the Committee.

MS. KHAN: I am Hetty Khan, staff to the Sub-Committee and I work at the
National Center for Health Statistics Centers for Disease Control and
Prevention.

MS. CHAPPER: I am Amy Chapper. I am staff to the Sub-Committee and I work in
the Centers for Medicare and Medicaid Services.

MR. ROTHSTEIN: I am Mark Rothstein from the University of Louisville School
of Medicine and I am here as a witness.

DR. WATSON: Mike Watson from the American College of Medical Genetics in
Washington University School of Medicine.

MS. TERRY: Sharon Terry from Genetic Alliance.

DR. SUAREZ: I am Walter Suarez and I am the Director of Kaiser Permanente,
Director of Health IT Strategy for Kaiser Permanente. I am a member of the
Committee, a member of the Sub-Committee and I do not have any conflicts.

MS. GREENBERG: Good morning. I am Marjorie Greenberg from the National
Center for Health Statistics and Executive Secretary to the Committee. And
welcome to our 60th anniversary week.

MR. WEINSTEIN: Hi, I am Scott Weinstein and I am with the Office of the
Chief Privacy Officer at ONC.

MR. GELLMAN: Bob Gellman and I am a Privacy Consultant in
Washington.

DR. LIEB: I am Edgar Lieb. I am a private pediatrician in Stone Mountain,
Georgia and I am representing the American Academy of Pediatrics.

MS. JONES: Kathryn Jones, National Center for Health Statistics and staff to
the Committee.

MR. VALDEZ: Hi, good morning. I am Edward Valdez. I am a summer fellowship
in the National Center for Health Statistics, CDC.

MR. GEIGER: Hi I am Harley Gaiger. I am Policy Counsel with the Center for
Democracy and Technology

MR. HAWK: Hi, I am Tom Hawk from Maximus and I am working with ONC and Dr.
Francis on a non-HIPAA covered privacy and security study.

MR. CONNOLLY: I am Dean Connolly with Maximus. I am Medical Sociologist and
Director of the Research Division and I am working also on this project.

MR. GRABALTI: I am Mike Grabaldi and I am an intern with Genetic Alliance.

MS. WALDO: Good morning, Anne Waldo, Senior Counsel with Genetic Alliance
and also an attorney in private practice in town.

MS. HESER: Hi, I am Leslie Heser and I am at George Washington University.

MR. RODY: Dan Rody and I am with the AHEMA.

MS. LANHART: Cynthia Lanhart. I am an interm with AHEMA.

MS. ANTUI: Jeannine Antui, Contractor for the Committee.

MS. PRITZ: I am Joy Pritz. I am Chief Privacy Officer, Office of National
Coordinator.

Agenda Item: Opening Remarks

MR. HOUSTON: Thank you all. For background, in 2005 NCVHS held its first
hearings regarding sensitive information. In 2008, NCVHS provided detailed
recommendations on sequestration. In these recommendations there were five
examples of possible categories of sensitive health information that might be
appropriate for sequestration. These categories are domestic violence, mental
health, reproductive health, substance abuse and genetic information. However
these were only examples and we would like to understand whether there are
others.

In 2009 Congress explicitly endorsed this. When in the ARA, it charged the
HIT Policy Committee to make recommendations to ONC on the segmentation and
protection from disclosure, specific and sensitive individually identifiable
health information.

Our hearings are scheduled to take place today and are structured so that we
have four panels to address various types of sensitive information. These
panels are Genetic Information, Mental Health Information, Child and
Adolescence Information, and other types of sensitive information. Additionally
this afternoon from 3 to 3:15, members of the public may testify for up to five
minutes on issues related to the topic of today’s hearings.

If you want to testify, please sign up at the registration table.
Specifically we have asked our panelists to reply regarding the following
questions regarding specific types of sensitive information. These questions
are: What types of such sensitive information are there and why are they
particularly sensitive? Are there particular treatment considerations for the
use and disclosure of such sensitive information? What are the sequestration
and access requirements related requirements related to the use and disclosure
of such sensitive information for non-treatment related purposes? What would
implementing such controls mean for patient control as a whole? What limits if
any would you recommend on the patient’s control? What entities are now
implementing these types of controls and what kind of policies or procedures
have they adopted? Would a policy permitting sequestration of sensitive
information have other practical consequences?

Invited witnesses will be asked to limit their remarks to five minutes.
After witnesses on our parent panel have testified, we would have ample time
for question and discussion. Witnesses may also submit additional written
testimony to us within two weeks of the hearings.

So with that we will start with our first panel which is to discuss genetic
information. Our panelists on this first panel who have already introduced
themselves are Mark Rothstein, Michael Watson, and Sharon Terry. With that I
think Mark, are you going to start or who is going to start?

MR. ROTHSTEIN: I think we are going to go in the order of the program unless
you would like us to -–

MR. HOUSTON: You guys can fight it out, but however you would like to.
Please.

Agenda Item: Panel I – Genetic Information

MR. ROTHSTEIN: Thank you, John. Good morning. It is a pleasure to be back at
NCVHS and seeing so many, I have to get this right, friends and old colleagues.

PARTICIPANT: Former colleagues.

MR. ROTHSTEIN: Former colleagues, yes, they are not old friends; they are
just former colleagues and good friends.

I want to begin by commending NCVHS for continuing to grapple with these
very important issues. As John just mentioned, the NCVHS began hearings in
2005, issues its first letter of recommendations in 2006 on this issue,
although there were other issues addressed in that letter and continued to
study the issue and issued a very detailed letter in 2008 after further
hearings. I believe that Congress would not have included the provision that
John alluded to, Section 3002 of ARRA unless NCVHS did this work. And it is
also not clear to me that this issue would continue to be on the front burner
of other groups without the work of NCVHS.

I want to make three points related to the overall issue of sequestration.
First I believe very strongly that some level of individual control of
sensitive information is essential for privacy and EHR’s and the NHIN. Second,
without adequate privacy protections, I think the success of the entire
enterprise of transitioning to health information exchange, electronic health
records, et cetera is likely to lack adequate public support and I would add
parenthetically, justifiably so. And third, I think there are numerous
complicated and very contentious issues surrounding this and they demand not
only hearings by NCVHS but as perhaps we will discuss later, a great more
effort to study the issue and the ramifications to do pilot projects, et
cetera.

Now I have been asked to talk about the effect of GINA on genetic
discrimination and the need to sequester genetic information and in particular
the employment provisions of GINA which is Title 2. So to give you the
background, the starting point is the Americans with Disabilities Act actually.
Section 102(d)(3) of the ADA provides that after a conditional offer of
employment it is lawful for a covered employer to require that the individual
submit to a medical examination. This examination which the statute refers to
as an employment entrance examination can be of unlimited scope regardless of
the individual’s prior medical condition or the position for which the
individual is applying. At this time the employer also can require that the
individual sign an authorization to disclose all of that individual’s health
information to the employer or the employer’s agent.

Now on top of that comes GINA, enacted in 2008. Section 202(b) of GINA
provides that it is unlawful for an employer “to request, require, or
purchase genetic information with respect to an employee or a family member.
And the definition a employee under GINA expressly covers applicants and
thereby conditional offerees.

So reading these two statutes together, an employer can require that an
individual submit all their health records but not their genetic records. Now I
should also mention the definition under Section 201(4) of GINA of genetic
information. It includes 1. The individual’s genetic test, 2. The genetic test
of family members of the individual and 3. The manifestation of disease or
disorder in family members of the individual. Note that it does not include the
manifestation of disease in the individual for reasons that we can get to later
if you want.

The key question that we need to consider in the context of privacy is how
in the world can the custodian of health information comply with such an
authorization. That is an authorization that says please turn over Joe Smith’s
complete health records but no genetic information. Now if one contemplates the
use of paper records and you have someone who has got an extensive health
history, the magnitude of that problem becomes evident.

First of all, you would have a hard time compiling them from the multiple
sources where the person was seen. As we move to a world of electronic health
information, now we have got at least one file to be working with and the
question becomes can we figure out a way to separate genetic information from
non-genetic information so that the custodians of the health records and it
could be a healthcare provider, a physician, a hospital, et cetera; how can
they comply with this?

And theoretically it is possible to develop the software applications that
would filter out genetic information and send only non-genetic information and
sequester the genetic information in some separate file where it might be
accessible for clinical purposes under other circumstances. But I say
theoretical because nobody has done this, nobody has shown that it can work and
there has been no funding directed to attempting to do this.

I continue to believe that it is possible to do this and for reasons we can
discuss later, genetics actually is a very good case study for the wider
question of is it possible to sequester any kind of sensitive health
information. For one reason because we already have a statute that contains the
definition of genetic information that legally we are required to separate;
where we do not have that definition for other of these sensitive terms.

So then I strongly recommend HHS take a very close look at this problem and
to fund research to develop the technologies happen. Without practical
solutions, this all becomes a hypothetical issue and the promise of privacy for
sensitive health information becomes a losery. We have to have solutions and we
need to work on the development of these privacy solutions as we roll out the
next level of health information exchange. Thank you.

MR. HOUSTON: Thank you, Mark. One point of note before you go any further, I
forgot to add that if people could turn their cell phones either to off or to
vibrate so that we do not disrupt the hearings I would appreciate it. And with
that, I guess it is Dr. Watson.

DR. WATSON: All right well thank you for having me here to speak about this
from a perspective of a genetic service provider. American College of Medical
Genetics represents the Board certified medical geneticists in the United
States who both run diagnostic laboratories and see patients clinically.

This is actually, it sounded like an easy perspective to write when you
invited me to do this. When I began to write it, it got shorter and shorter
because the level of detail into which one could go and what appeared to have
been a lot of prior discussion on this committee at the level of individual
data points and what to sequester and when just seemed like it was going to be
better to allow more time for discussion than for these brief presentations.

In general when I think about this problem and as I was trying to write down
this testimony, I was always struck between that balance between protecting
data for appropriate uses or enhancing recourse for misuse of the information.
And I am not sure we have got that balance right because it is really the
misuse that is the problem and recourse for misuse is probably not as well
balanced at this point as it might be.

In general from a medical geneticist’s perspective, we do not like the idea
of separating genetic information from other important medical and health
information. Certainly information obtained in diagnostic settings is very
important in long term management of patients, emergency situations and such.
So clearly there are scenarios in which we want to be able to access this
information routinely and there are scenarios of healthcare in which genetic
information is not of particular importance. So I think it is this tiered
sequestration issue and who accesses what, when that will be the fundamental
problem we have to sort our way through.

When I talk about genetics I want to make sure, because this is frankly
every time I sit and talk about issues in genetics I end up hitting the same
wall which is genetics is broad; it is acquired disease, it is characterization
of leukemia, of cancer, all the way to heritable disease applications and a few
things in between where cancer susceptibility can be an important
consideration.

So it becomes a very difficult issue of what to separate out. We used
genetics obviously diagnostically. We can use it asymptomatically to identify
those susceptible to disease development. Another broad area would be
reproductive risk and that can be broken down into two categories. One, the
category of individuals who are already pregnant who have prenatal situations
to deal with versus those who are really anticipating the next generation and
the information such as carrier status and such that might be associated with
that; that could be considered somewhat different in that reproductive
information environment.

Another area that I think gets ignored is broader family history
information. Broad family history information is pretty important in
establishing risks for individuals. Even for an individual within a family,
establishing their apriority risk of a condition is often very much tied to
their family history which gives you a sense of the genetic background on which
any particular genetic mutations might be operating. And it is very significant
information but I think it is very different than the information about the
individual in that when we speak to patients individually about their family,
we tend not to have consent from the other family members for that pedigree we
construct around an individual patient. So we acquire information about people
that is not consented, could be in the medical records, and becomes an
interesting sort of intermediary problem to deal with.

Genetics groups historically have had a bad habit of keeping their own
shadow files in their divisional offices and not putting certain kinds of
information into the medical record. I think the GINA and ADA legislation has
dealt with the problems associated with susceptibility that really drove a lot
of that shadow file development and now we are left with groups really looking
to protect that family history information that was not consented. They could
follow somebody around and not be that difficult to tie it to other individuals
specifically in that family.

There are other areas where we have interesting issues developing in
genetics now. One is in the area of public health applications of genomics
where the rules are very different than they are in the private healthcare
system. In newborn screening for instance the state legislature mandates
screening for particular conditions. They then have identifiable access into
patient’s records to assess things such as diagnosis and outcome that can give
them an evaluation tool for their public health program of newborn screening.
So when we talk tiered sequestration, it is not always just how we tier the
different pieces of information but there can be very different issues of
access to that information depending on whether you are in the public health
environment, the private healthcare system, or other aspects of primary care
where it may be less important.

The American College of Medical Genetics has a contract from the National
Institutes of Child Health and Human Development now. To develop longitudinal
information directly from the point of care, a patient identified with diseases
in newborn screening programs, this is predicated on the understanding that we
do not understand these diseases. They are rare for the most part; patients are
distributed all over the country. We have an evidence base about these diseases
that is very much expert based or a best small observational study.

The only way we will truly understand at least the 150 to 160 genes worth of
conditions in which we currently test in newborns is to collect longitudinal
patient information. We are doing that at the point of care. Capturing
information, bringing it in to local data warehouses, sharing it with a medical
record where appropriate and sharing it up into data warehouses in multiple
formats be it anatomized, de-identified or identifiable based on the
permissions allowed to the different people involved whether in caring directly
for that patient, participating in a particular disease specific study group
that is trying to better understand the disease or the public health system
that accesses information for different reasons..

We have learned, I think, from our exercise in developing this project that
we have to have parse data and sequester it in different ways at the level of
individual data points. We can look at a data point where CDC says that is
epidemiological surveillance and I can see it identifiably. And the same point
for understanding a disease in long term follow up with patients becomes almost
a research consented piece of information so one piece of information actually
can have multiple levels of sequestration attached to it, depending upon what
part of the system is trying to access it.

And as we move towards the learning health system, we want to make sure that
the information is not just considered in the context of the patient’s care but
also in how we use that information to improve care into the future. It is
especially important in these rare diseases because they are the ones we know
least about for which we need to acquire much more information from patients
all over the country in order to improve the care of the individual patients we
see in the future.

Now I would say that the next major issue in genetics is really where our
technology is going. Nobody likes the fact that technology drives some of the
decision making but certainly it does in genetics. We have combined two of the
most disruptive forces, which is the incredible amount of genomic information
coming down the pike with information technology. And half the time I think it
is information technology that is pushing the envelope more than it is genetic
information.

I think if you look realistically at the way technology is moving us to hold
genome analysis, you realize that there is going to be at least a window of
time in which acquiring that genomic information is going to be relatively
inexpensive and that will probably be here in about five years. Ideally, these
tests would be so inexpensive that you would not have to save the information.
You could test what was appropriate for any individual’s clinical scenario and
repeat it multiple times.

But right now that is not the case. We are at the point where whole genome
analysis is beginning to overlap with the cost of a single targeted gene test
in an individual. So we are rapidly moving towards having that information and
having to store it. And it seems likely that over time certainly during a
window where cost is going to be quite out of whack with costs of individual
disease and gene testing we could end up with a system in which we have the
information stored and we use it as it is appropriate to that individuals care.

That could be a symptomatic patient coming in where we may want to look at
15 or 20 different genes that could have implications for how one developed a
differential diagnosis on an individual patient. They could come in at a point
in time where they are considering their future risks and any risks that might
be treatable or manageable could be captured in a single visit by looking at
specific parts of the genome that tie to that individuals’ potential risk based
on family history, based on other aspects of their own care.

So I think we are going to have to be very careful in the area of genomics
about what information is important, not just for healthcare but for building
the learning health system. It will help us improve care into the future and it
is that balance that is going to be hard.

And I am happy to talk about sequestering all the way down to individual
pieces of data and who might want to see them and need them but I have got a
feeling we are better off in Q & A at this point. Thank you.

MR. HOUSTON: Thank you very much. Sharon?

MS. TERRY: Thanks very much for the opportunity to testify. I am Sharon
Terry and I am the President and CEO of Genetic Alliance. In this capacity I
interact with about 1200 disease organizations. I do this work because I have
two kids with a genetic disease called pseudoxanthoma elasticum.

I believe, as is true for all health information, that the context for
genetic information determines a great deal of its value and its sensitivity. I
am convinced that genetic information is both the same and different from other
health information.

First it the health context, it is intrinsically no different than other
health information since it is simply another data point. However in the family
and community context there are certainly privacy, security and confidentiality
issues that require careful consideration. Genetic information is at once
personal, familial, and ethnically communal and family and sometimes community
shares the individual’s genetic information.

In some cases this means information is available that was not solicited and
may not have adequate interpretation, either for the family members or from the
community at large. And this is generally not typical of health information in
general.

In two different contexts, inside and outside the healthcare delivery
system, I would say very briefly in the inside, the medical system genetic
information should be treated like any other health information in the course
of treating an individual. It should be used and disclosed to the individual in
the course of treatment. In general if a patient consults a healthcare provider
for a treatment, then he or she should be apprised of genetic information
within reason regardless of the intent of the visit.

There are at least two caveats to this however. The first is that no
healthcare provider should be expected to convey the totality of what is called
the incidentalome, genetic information learned in the course of testing that is
not clinically relevant.

The second is the individual’s right to not know. An individual tested for
the risk of one disease, for example breast cancer, should not be told they
have a risk for Huntington’s disease as a result of the testing.

Outside of the healthcare delivery system, I believe the sequestering of
access requirements related to the use and disclosure of genetic information
for non-treatment related purposes are different than for those in the
healthcare delivery context. Direct access testing allows individuals to know
genetic information. In these cases, privacy should be the right of the
individual and should be maintained through stringent privacy controls.

We are going to see these two systems merge. Genetic information and its
aggregation and the increasing correlation with phenotypes will inevitably
change the normal boundaries between health related and what has been called
recreational genetic testing and information.

The research to services continues on as a dynamic one and there are no
clear cut boundaries. The public has the pleasure or peril of seeing genetic
information increase in relevance before their eyes. We aspire for this
information to become ever more meaningful and relevant in the clinical context
in the future. All health information should be able to be used in the care
context in the provider/patient relationship to be stored in an EHR or PHR with
appropriate controls to allow for accessing for social sharing as in families
and communities or clinical trial participation and other uses. Obviously such
control systems should have a failsafe and allow override in the case of
emergencies.

There are major public efforts with minimal granularity for consumer control
such as the PHR’s offered by Google and Microsoft. I have worked extensively
with one company called Private Access. This company allows individuals to
input clinical information and directs them through the use of an on-line guide
to establish private access controls. The controls can be granular down to the
data element if desired and allow individuals to decide if their genetic
information, mental health information, or anything else they deem sensitive
should be shared and if so, with whom.

Moreover, the controls are dynamic. They anticipate that the users will wish
to change their settings as the circumstances change and as different needs
arise or levels of trust are established. From a simple scenario such as
releasing ones child’s immunization record to summer camp, to making ones
clinical information searchable by selected researchers this online service
today provides a great deal of comfort to consumers who want to put privacy
protections on their information.

A final comment –- while I believe that genetic information is very
similar to other information in many respects and that genetic exceptionalism
is to be avoided, it is important for this Committee to recognize that the
general public does not believe that is so. The public has heard spokespersons
who expressed concerns that the government is running DNA warehouses in the
form of stored residual newborn screening blood spot collections and conclude
that the nation’s newborn privacy and freedoms are at stake.

Many state newborn screening programs have been targeted in these campaigns
and for example a Texas campaign resulted in a lawsuit which resulted in the
destruction of over 5 million blood spots. This represents an unfortunate
reminder that if we are not careful to educate the public and put in place the
proper systems to address their concerns about trust and the absence of
transparency, then bad decisions can occur.

The public distrust is real and will continue to foster and grow unless we
assure that the systems that are built around health information, including
genetic information, allow for confidentiality and control that retains and
builds the public’s trust. Thank you.

MR. HOUSTON: Thank you for all your comments. We are going to take the
remainder of the panel’s time obviously to ask questions. As is the prerogative
of the Chair, I guess I will ask the first question or make the first comment
and then go from there.

I get the sense that genetic information in some ways is different than
other types of medical information insofar as it potentially has the potential
of describing a medical condition that does not yet exist. Or maybe to say it a
different way, there is a potential but not an actual disease that is at play
so you might or might not have predisposition towards some disease state
because of what your genetics say.

And I guess with that said, is genetic information almost akin to
information that might be used in a coronary care setting? I am wrestling with
how you characterize it because obviously there is information you deal with
when you are actually treating the patient for some actual disease but then
there is this genetic information which I guess has some immediate value but it
also has this great long term value and some of it is patient specific and some
of it is more generalizeable to the population. I guess I am wrestling with how
you treat it; what is it?

MS. TERRY: So you are right; it is both. And I think Mike can speak more to
this. It certainly is not just about susceptibility or prediction. It is often
about a real condition and it gives information about what to do around
treatment for breast cancer or colon cancer or metabolizing certain drugs, et
cetera. And it can be predictive; sometimes it is one or the other and
sometimes it is both. So I think Mike’s point and certainly some of the ones I
was trying to make about the context of the information are really critical.
And the good thing is in electronic systems I think we can start to separate
those as we have begun to see with some of the companies that are emerging.

DR. WATSON: Yes, there are conditions for which we can asymptomatically
diagnose someone who is going to get the disease. There are situations in which
we can predict their susceptibility at some percentage likelihood that they are
going to develop a particular condition in the future. But these are starting
to merge together because now we are rapidly learning that there is a fair bit
we do not know about genetic diseases.

If you look at the diseases we screen for in newborns now, every time we
begin to screen in a general population for what we thought was a genetic
disease we understood, we find out that it is a much broader phenotype than we
ever would have expected. And we are now at the point where four states are
mandating a group of conditions to be screened in every newborn where 90
percent of those identified are likely to have a condition that could occur in
the age 40 or 50 ranges for these individuals.

It is no different than the situation we have dealt with in genetics for a
very long time which is as soon as you diagnose someone in a family, you have
got a family. There may be asymptomatic people in those families who have a
later onset form of the disease.

So it is not so much a situation that is developing from screening alone but
we have both these population approaches that find at risk families and we have
at risk families that are identified on the basis of affected people. They both
have the same situations to deal with though and privacy of this information,
when it is a 40 year window to becoming clinically affected, is going to be a
very interesting problem because clearly our goal is to identify therapeutics
and that point in time when one has to initiate treatment in order to avoid the
onset of the condition and that is very poorly understood.

And there is going to be probably what genetics has been as long as I have
been in it which is now about 30 years, which is non-stop translational
medicine. We have learned from every new patient we see and to be able to
access that information from prior patients that we have dealt with is very
important for developing perspectives for future care.

MR. ROTHSTEIN: John, you raised a very interesting question and that has
been much debated for the last 25 or 40 years. When the first genetic
non-discrimination laws were enacted in the 1970’s at the state level, the
world of genetics was quite different and scientists were willing to say there
is a bright line distinction between “disorders and non-genetic
disorders”. And that it would be possible to identify a certain list of
two or three or ten disorders if they wanted to prohibit the use of certain
information about. Today that is not the case and there is no bright line and
it is sort of a flexible continuum that runs and most scientists, virtually
all, would recognize that there is a genetic component of virtually all
disorders and an environmental component of even clinically monogenic
disorders.

So the question is what should policy makers do as a result of that? I could
tell you that during the mid-1990s, I was the special legislative council to
NIH and I was given the responsibility of recommending legislation to prohibit
genetic discrimination. And my recommendation was that we should not
distinguish genetic from non-genetic disorders and that what we needed was
broad legislation prohibiting what is widely considered to be the main problem
and say employment and insurance and that is the predictive use of genetic
information.

That view of course did not prevail and so we enacted, increasingly at the
state level and then at the federal level through GINA, a law that attempts to
go this genetic exceptionalism path. And even though that is not ideal, in my
judgment that is the hand we are dealt now and the law requires that we
separate this information. If we do not have any better options then I think
that is what we ought to go with. And I also think it is going to be important
to be able to sequester a variety of sensitive types of information, not just
genetic information, such as substance abuse, mental health, STI’s and so forth
and we need to be working with genetic information as sort of a legally
mandated case study for how we can do this.

MR. HOUSTON: Leslie?

DR. FRANCIS: One of our goals in this hearing is to actually make some
suggestions about definitions of categories of sensitive information and how
they might be specified. And the question I would like to ask you is that, this
is for all three of you, I know that obviously GINA brings together in its
definition both what we might call genetic tests, that are at the actual
genomic or molecular level and family history information.

There are a lot of differences between those kinds of information including,
although they are both in the statute, including for example the family history
information that is direct information about another person rather than
indirect and the family history information which may be much harder to
segregate than test results when one tries to figure out how to segregate.

And I wonder whether all three of you could comment on whether despite the
statute, there might or might not be some good sense to thinking about two
categories here; one that I would call family history information or something
like that and the other that would be genetic test results as we think about
the category. Or just comments that you have about including both of them and
so on and whether they are alike or not alike.

MR. ROTHSTEIN: Let me start -– I can tell you how this anomaly came to
be legislatively. As I mentioned, the first genetic non-discrimination laws
were enacted in the 70’s after the human genome project started; the big push
was in the 1990’s. And some states enacted laws that prohibited discrimination
based on the results of a genetic test or the genetic test of a family member.

Texas was a state that enacted a law that said it would be unlawful to
discriminate against an employment and if I tested positive for X or some
family member tested positive for X but it did not include family history so
you were left with the anomalous situation where you could not hire me because
my dad has Huntington’s disease and I am at a 50 percent risk regardless of
whether you know whether I am going to be affected. But if I am tested then
they could not discriminate against me.

So other states and then the federal government when it enacted GINA said
these laws like Texas has are too narrow; they are not protective enough. And
so we have to include family health history so that we capture the history of
genetic related disorders in close family members. The problem is it is hard to
sort of restrain that or cabin that definition because family health history
includes all sorts of things. Congress did not want to take that on. EEOC did
not want to take that on when they came up with their regs.

I appreciate the sense of your proposal, Leslie, but here is a concern that
I have and that is one of the problems that you are going to run into in any
sort of sequestration idea, is that it has to be as simple as possible and as
easily understood by both the generators of the records, physicians, nurses,
and so forth and patients. So if the healthcare providers can understand what
they are getting and what they are not getting, they can ask for additional
consent and so forth and people understand how it works.

And the more that we subdivide it either vertically or horizontally -–
I guess that would be vertically -– the more complicated it gets. So I am
sort of not anxious to break down genetic because we can break down all the
other categories as well. I do recognize the problem that you point out though.

MR. WATSON: So, what he said. We have a history of using family histories
that was there before we started worrying about genomic information. Pairs have
long used family histories of breast cancer and other cancers to guide their
rates for individual -– well who are those people who get insurance,
whoever they are. But they certainly have been rating people on the basis of
family history for a long time.

And family history in many conditions is probably among the best genetic
tests that we have of risk for a future disease whether we have genomic
information or not. Now we are trying to overlay on that a scenario in which
payers have had and rated people based on specific kinds of information that is
genetic to now trying to parse out the actually genomic information itself that
may say that this individual is one of those in that family that does have that
risk and this one does not.

So I think you can approach family history from two perspectives but there
are points where it is integrated. Any time we do susceptibility testing we are
considering the family history and establishing what the apriority risks were
for that person, that is their now posterior risks based on the tests that they
now had.

So it is well integrated in developing a particular risk for an individual
but after that point you have a risk figure and the family history itself is
not of specific importance to that individuals care unless new people are born
into the family that adjust the risk calculations. So it could be theoretically
separated but as with Mark, I think the more we sequester, the less accessible
the information is going to be when needed and cause us significant problems.

MS. TERRY: The only thing I would add is I guess I agree with both of them;
is the difficulty so again working with this company Private Access and looking
at how to sequester information under the auspices or ages of the individual is
an individual’s program. So every one of these electronic systems that we enter
into tend to treat us as individuals and we have found it much harder to figure
out how we link that to the family members because then there are issues within
the family.

So I may want to reveal that I have a BRCA1 mutation and then my sister may
not. If we do link up our records because we should and we should sequester the
same information on the one hand, on the other hand she may not want that
linkage. And so I think when we start to treat family history in electronic
systems, it becomes a much more difficult thing in terms of sequestration.

MR. HOUSTON: Yes I just have one point on that. All your comments are based
upon the idea that it is patient reported family history correct, rather than
your comments which were more related to the thought that there is going to be
some desire or need or want to link to specific patient’s family members
electronically in order to gather their genetic information?

MS. TERRY: My comment is that I think we are going to see both and that
certainly already people are entering information into systems and setting
privacy controls for them. In some cases those individuals want to have that be
and it is sometimes patient entered data and sometimes it is the medical
record. It is both. And so sometimes patients want to link family information
so that the family is treated as a system and in other cases they do not. And
the controls between those are harder to do because it is a fine thing to say I
have the right to do X but to say I have the right on behalf of my family is a
completely different thing.

MR. HOUSTON: Sallie?

MS. MILAM: I have got two questions. The first question — is there any data
about current consumer attitudes about the use of their genetic information in
the treatment, payment or operations scenarios putting public health aside?

MS. TERRY: So the best data I think comes out of the genetics and public
policy center and they have done some both knowledge network kinds of surveys
as well as some town halls and some focus groups. And they have done a lot more
work recently, they and some people at Cleveland Clinic and Case Western and
then at the state of Michigan around newborn screening information and the use
of that data once it is in the residual blood spot phase.

And generally, and this is grossly general and I can get the data to you,
generally the public say they are interested in having their genetic
information used clearly in the context of health related issues; they are also
somewhat altruistic and are okay about having an aggregated for general
population use in the kind of translation that Mike is talking about.

But the public has also said that they are concerned about their privacy and
then have campaigns by people who are specifically targeting this that make it
very volatile. And then they are also saying that they would like to see
results was the other very interesting thing out of the work that Kathy Hudson
did at Genetics and Public Policy Center essentially saying that more people
would participate and allow the use of their information for themselves and for
others if in fact they could receive some results and they did not say what
kind of results.

In the focus groups it seemed to be even just knowing that research was
going on, that translation was occurring, that the public good was being done
was enough for people to feel like they wanted to participate.

MS. MILAM: The second question –- I have been thinking about the kinds
of harms that might result where you have an unauthorized user disclosure
meaning that information is lost on a laptop or it is sent to somebody it
should not be sent to, somebody in a hospital pulls the information and should
not pull it; that is what I mean by unauthorized use. An unauthorized
disclosure would be a lost laptop, or somebody hacks into a system or that kind
of thing. And I have been thinking about what is the kind of harm when the
privacy or security is breached.

And I think about the standard that we have with a fairly new rule from the
office of civil rights that sets forth what to do when you have a privacy
breach. So you look at the harm and it is very contextual and you look at the
level of the threat, and you look at the recipient of the information and the
likelihood of any type of occurrence happening.

So I am wondering if you all could help me understand the kinds of harms
that could potentially result from an unauthorized user disclosure taking into
consideration the likelihood of potential misuse along with the different kinds
of recipients.

MR. ROTHSTEIN: Well the first thing I would like to do is separate the issue
of security from privacy. So what you describe are security breaches and I
think conceptually at least, they are easy to deal with. So conceptually
unauthorized people should not have access to information and authorized people
should.

What I think we are talking about more is on the privacy side where there is
authorized use and in some cases compelled authorized use. So in other words
you have to sign an authorization if you want to get a job or you want to get
life insurance or if you want to apply for Social Security disability. There
are about 25 million times every year when individuals have to sign these
compelled authorizations so what information is disclosed. And if we are now
talking about information that is not abetted(?) in some way, then the whole
record goes.

And even within the healthcare setting there are many kinds of healthcare
providers who do not need access to your entire record. Right? So you get
treated for a sprained ankle; what does that provider need to know about your
medical history?

If you are talking about the biggest harm from a system that does not afford
that, I think it is that people will be dissuaded from seeking prompt care for
stigmatizing conditions. When you think about all the things that people can be
treated for over the course of their life; you know they had a drinking problem
in college, they had some reproductive health issues, et cetera, if you know
that this is going to follow you around for the rest of your life and every
healthcare provider, not just your physicians, every healthcare provider and as
NCVHS has reported, I mean we are talking dozens of different categories and
millions of people. Everyone has access at least in theory to the comprehensive
record and people are not going to be as anxious to be treated promptly for
mental health problems and STD’s and all these other things that we want them
to be treated for.

So the number one concern that I have is sort of a public health concern.
And I think the studies have clearly demonstrated that people engaging in
defensive practices when their information is going to be revealed widely, I
mean I am concerned about discrimination and all of these sorts of tangible
things but most of my concern is on the front end and whether people are going
to get the care they are going to need.

DR. WATSON: And I think my concerns often arise from ignorance within the
healthcare system about what genetic information really means. It is not
uncommon to have susceptibility information misinterpreted, misused, and in
areas where the information is probably much more sensitive to an individual
such as risk for mental disability or other mental issues, the
misinterpretation of that information leading to its misuse is as big a problem
as any.

So I do not know what you can do about ignorance or lack of education but it
is a broad problem within the healthcare system of not actually understanding
the implications of genetic information. We cannot sequester it from people who
are not well informed about what that information means but are in the pathways
where they should be able to access it because they are delivering care. Which
I think adds another layer of complexity to figuring out how to use the
information appropriately.

MS. TERRY: I will add that I agree with that and that the other interesting
thing especially in like the lost laptop scenario is very much I think about
trust. And so it is less I think about the individual’s data that was on that
laptop and what happened to them as a result and it certainly has been
stigmatizing information that could be pretty horrible.

But I think instead we see these scenarios and again like this Texas, and
Florida and Michigan and Minnesota, the cases around newborn screening. I mean
these blood spots, and I have visited these public health labs, they are on
little cards and plastic bags inside closets that have millions and thousands
at least of them but the public believes in some cases that there is the baby’s
DNA warehoused for the government, the state and in this case to use whenever
they want.

And so the kind of escalation of the lack of trust because of a feeling of a
lack of transparency in the case of a lost laptop, a breach, is a really
serious concern not so much again for the individual and what is happening
there but for the public’s understanding. And it certainly could be partially
chalked up to the same kind of ignorance Mike is talking about in the case of
the provider but again, it is important. It is not something that I think we
can just brush aside.

DR. WATSON: I think it is important to understand the public’s perception.
They get a perception of dangers and risks around genetic information that is
driven by what is exciting in the media.

And invariably I think we have seen the public wants to know how things are
going to be used and what the implications of that use are. They start
extremely wary of genetic information but once they understand the potential
benefits to them and society of that information being made available, it flips
from 25 percent in favor of accessing the information to 75 percent.

And you see this general trend across all of genetics. When people’s
information is used in a way that they did not expect it to be used, they tend
to get concerned; the exact same piece of information, when they understand why
it is being used and the potential benefits, they are on board generally.

So I think public education is going to be a very important part of sorting
through these privacy issues so not only do we sit back and decide what are the
scary data points but that people actually know what we do with them and why we
collect them and what the potential benefits of having them are.

MR. HOUSTON: Walter?

DR. SUAREZ: Thank you. As I was listening, I was focusing on three major
areas and I wanted your reactions to this. I think the first one got covered a
little bit with one of the previous questions but I want to be more explicit
and specific about it. So we have a clear and an ambiguous definition of
genetic information for purposes of privacy protections or should we be
recommending that another clarification of the definition be issued
specifically for purposes of privacy protections.

I suppose there is another aspect of employment discrimination and other
types of discrimination but for purposes of privacy protection do we have a
clear definition? Because as I was reading and of course in the law itself the
definition gives this third category of any condition in patient history that
makes it pretty much open to any aspect of it to be covered. That is my first
question and then I will go through the second and third one but if you can
perhaps address that one.

MR. ROTHSTEIN: The definition of genetic information that is contained in
GINA was actually drafted by NIH at the request of Congress and the White
House. So many people could come up with a different definition and there are
lots of things that are questionable about it. Should they have said more stuff
here and less stuff there but that is the definition that NHGRI and NIH came up
with for Congress.

And there are only a few places in which there is more detail given so for
example family history is defined as four generation so it includes fourth
degree family history which is somewhat of an inclusive definition. You could
imagine a narrower one or even a broader one. So that is where it comes from
and I think most of the scientific folks are satisfied. I have not seen a great
deal of objection. Some of the state laws go into detail about what is excluded
because you could argue that gender is genetic and all this other stuff and
there are specific exceptions not including gender and not including this, that
and the other thing that could be construed as genetic.

DR. WATSON: There are lots of definitions that have been developed for
legislation and other purposes and I think it is always important to understand
some of the nuance in that definition because it often relates to what somebody
was scared about. You know when you are worried about FDA regulation of genetic
testing, you end up with a very, very broad definition of genetics that
includes cancer based testing, acquired abnormalities that accrue over life and
heritable disease things.

So I think on the first level certainly the acquired abnormalities within
genetic information are probably much more like any other healthcare
information than they are like “heritable disease” genetic
information. So I think you can immediately move to an area of genetic
information that is an area where you want to place more focus. Many people
have not wanted to do that for fear of being excluded from some area of testing
because their training was in cancer, for instance, and they did not have the
human genetics training to deal with heritable diseases.

So I think it is worthwhile in looking at these definitions to understand
the context in which they were developed and then to sort of step back from it
all and understand exactly what aspect of genetic information you are concerned
about. Family history reflects certainly inherited heritable information and
heritable disease testing and whole genome analysis reflect the heritable
traits of an individual and I think are treated differently than one would
treat acquired information or infectious disease information that is genetic
information.

MS. TERRY: And the other nuance I think in there, Walter, is that when the
GINA definition was written, even that last bit still excluded manifest
disease. And so in the cases where there is a phenotype to go with the
phenotype, that information is not considered protected under that definition
or that law. Whereas of course clinicians and individuals who have phenotypes
assume they are associated with the phenotypes and consider them probably much
more together than that particular legislation does.

DR. SUAREZ: Thank you. I was asking because I was certainly thinking of
whether there is some benefit to having guidance be issued around this issue by
OCR for example or some other agencies as it relates again to privacy itself.

My second question is about the policy itself. Clearly GINA provides a
special class to gaining information for purposes of protection. But in some of
the testimony, it gave me the impression that it was attempting to protect, as
I think Mark put it in his remarks, it attempts to protect the privacy
interests of individuals with respect to their information.

So my question is really about whether GINA and other laws adequately define
the protection of genetic information as it relates to a disclosure of such
information for certain purposes such as treatment or payment or operations. In
other words clearly the protection is being given by virtue of designating it
as a special type of information but I am not sure that it is necessarily
adequately defining that type of a protection. In other words is it a
protection that needs to be given across the board for specific purposes, to
specific individuals –- those kind of conditions.

And would again it be beneficial to have further clarification as to the
policy protection aspects afforded to genetic information or do you think that
it is sufficient with the current description of the policy in GINA as it
relates again to protection of the information?

MR. ROTHSTEIN: Well that is an interesting question. If I may I want to just
go back again to the purpose of the statute and why it was enacted. Before GINA
was enacted it is not as if there were hundreds of cases where people were
being denied employment on the basis of their genetic predisposition to one
form of cancer or another or some traditional genetic trait.

It is because a majority of people in every study that I have either
conducted or seen said they would be reluctant to undergo genetic testing if
their employer could get access to that information or their health insurer.
And that information was going to be used against them.

So it was a statute that was designed not to necessarily redress problems
but to, in the words of the statute, allay the public’s concern that bad things
could happen if they underwent genetic testing. So it was more important to get
on the books something that says you cannot do this and you have got some
rights than to focus on what those rights were and what the field of redress
might be. And so that was the purpose of the law.

Only half of GINA really has any relevance now. And that is the genetic
discrimination in employment side of it. Title one of GINA deals with genetic
discrimination and health insurance. And people were concerned in 2008 that
insurance companies would deny people access to individual health insurance
policies if they were genetically predisposed to some disorder.

Well healthcare reform, which is as you know is going to be phased in,
eliminates that problem so it is not a GINA or a genetic problem, it is a
health insurance access problem as many people were trying to argue even before
GINA.

So Title one has really lost its importance and what we have left is now the
genetic discrimination part of Title two and our concern here is that element
of it that really cannot be complied with and that is limiting the amount of
genetic information that gets to employers.

DR. WATSON: I completely agree with Mark and I think it is that balance as I
said at the very outset between the specific protections that are put in place
in legislation versus the redress that is available to people; probably the
most frustrating thing about the 14 years of GINA development.

MS. TERRY: Twelve and a half.

DR. WATSON: Twelve and a half years of GINA evolution was the continuous
assault on the redress piece down to times when it was so stunningly minimal
that nobody would want it to move forward. And I am not sure that we have got
that side balanced yet. I think the protections and the right words are being
used for protection but it is the recourse for misuse I think that has not been
adequately addressed.

MS. TERRY: Yes I think that certainly was it. So I was the head of the
Coalition for Genetic Fairness that brought GINA forward at least in the
consumer realm. And that piece was certainly the most difficult piece to watch
over those years be whittled down. And I think the other things is that
throughout the course of the twelve and a half years, the definitions changed a
fair bit although we certainly did rely on NIH’s definition and their redress
change as we went through that.

I heard about two weeks ago that there have been about 100 cases that have
been brought forward where people felt that they were discriminated against in
the employment context and zero, as far as I know, in the insurance context.
And there is the one public case in Connecticut where the person is actually
suing. So I think again there is a lot of nuance in here. I am not so sure this
is an important place to focus so much energy.

DR. SUAREZ: I do have one last question because this is an interesting part
of it. As we look at segmenting data vertically if you will, we are going to
begin to find more and more that personally there is going to be the same data
being classified in five different categories.

And so as an example, genetic information or medical history of some mental
health condition can be considered genetic information because it has a genetic
familiar trait. And so it has then a combination of protections of genetic
information acts like GINA as well as mental health protections where mental
health type data is being considered.

And there could be several examples like that where the same data could be
classified four or five different ways for its segmentation purposes. What is
your reaction about the implications that that would have from a policy
perspective more than a technical perspective because I suppose technology will
have its own challenges to try to classify multiple times the same data. And
certainly given the content of the data itself it could change dynamically. So
from a policy perspective, what would be your reaction about that type of a
situation that we will certainly, undoubtedly face.

DR. WATSON: Aside from wishing you the best of luck? No I actually think it
is a bit more complicated than that because any single gene is not doing one
single thing. So we certainly have genetic tests that can while one outcome of
the test may show that you are at risk for Alzheimer’s disease, a different
outcome of the test may show that you are at risk for cardiovascular disease.
So it is that damned homeostasis thing. Genes do not sit there all by
themselves and go do bad things or good things. They actually interact with
everything else which modulates their impact on outcome. So it is going to be
very difficult I think the more we try to layer this, the harder it is going to
be. You know you get up to parsing five or six different levels of access and
it is going to be mission impossible is my sense.

MS. TERRY: I wanted to add that I think that is true and I think there has
to be some basic sense about what is sensitive and how it should be sequestered
or not. In addition to that I would advocate strongly for high levels of
consumer control around this information. And I know there are lots of people
who push back and say consumers are incapable of controlling or deciding.

I think with the right kinds of guides and trust communities built around
information individuals can start to make those decisions and we have seen that
certainly in some of the groups that we have worked with who have built these
kinds of systems.

And I think overall again there needs to be some baseline because most
people are probably not going to want to go in and set their privacy controls
or their private access. But some people will and that will change over time
when you have been diagnosed with something.

I certainly know in my family, before my kids were diagnosed, I did not give
a thought to any of this. I was a college chaplain and now that my kids are
diagnosed these last fifteen years, a great deal of my focus is around so what
does it mean for them to have genetic information around the disease that will
make them blind when they are 40 and how do they go about their lives and what
do we need to let other people know and not know in the healthcare context and
other contexts. So I am very interested in that.

I also think that we should be very mindful about what the generations that
are coming after us think about this information and they seem to have much
less sensitivity around what we call privacy which is probably actually
confidentiality and are much more open and forthcoming about a lot of things.

And my children who are now 22 and 20, one of them working in this field now
essentially says that there is a really different sensitivity and lack of
sensitivity around privacy and information that I think we should also think
about therefore allowing flexible systems where some people care a lot and some
people do not care so much.

MR. ROTHSTEIN: I want to think a couple of minutes about the implications of
your question, Walter, because I think it is an important one.

What would be the effect overall of having information in X number of
categories eliminated from health records? And the aggregate effect, depending
on what categories and what is in there could be substantial. And so I think
that we would be making a mistake to just sort of say this is a great idea in
theory and we are going to rush ahead and do this. I mean the same debates that
we are having here are going on in virtually every developed country.

And I think whatever we come up with needs to be pilot tested very carefully
and it also needs to be accompanied by a tremendous professional education
program which we did not do with the HIPPA Privacy Rule rollout for example.
And consumer education so that people do not reflexibly say, oh, this is neat.
I am going to keep all my docs from seeing everything that I can and now they
are going to be expecting the best possible treatment on the basis of you know
X percent of their health history.

So I do share that view about okay, what are the aggregation costs of doing
this? And that is why the categorization needs to be careful, it needs to be
explicit, it needs to be well understood, well disseminated, and tested.

MR. HOUSTON: Yes. Thank you. I had a couple questions or at least one in
particular.

In parsing Sharon Terry’s testimony, there was something very interesting
that I could not quite come to terms with. You make the statement there is an
explosion of genetic information that is upon us and will continue to increase
as we acquire more knowledge. No healthcare provider should be expected to
convey the totality of what is called the incidentialome –- is that how
you say it? Genetic information learned in the course of testing that is not
clinically relevant.

Then it says the second caveat to your point you were making was the
individuals right not to know. I cannot speak to the legal issue of this right
but in a societal sense it makes sense. An individual tested for the risk of
one disease, let’s say breast cancer, and should not be told they have a risk
of Huntington’s disease.

I guess obviously in this age of healthcare reform and trying to reduce our
costs of healthcare and improved treatment, what if there is a disease that you
do not have symptoms for yet. And there are good therapies and treatments that
would either delay its onset of completely eliminate the likelihood you are
going to get that disease. It is not just data; it is information that is
actionable that we can then use to help treat that patient. I am sort of seeing
some level of contradiction here. And I am just interested in trying to
understand at what point does the needs of society outweighs the rights of the
patient in the privacy context?

MS: TERRY: I really love that question. And I think it is often at the crux
of all of these conversations and it is even at the crux of the one we just
answered for Walter. I think in the case and generally what the clinical
systems, and again Mike can talk to this more clearly than I, allow is that is
if something is actionable, then it is usually reported and acted upon. And I
think most physicians for example, if Huntington’s disease was preventable by
some treatment, probably would want to report that in the course of doing some
kind of array that showed both breast cancer and Huntington’s disease risk. I
think when it is not actionable and when it has a certain kind of gravitas
seriousness is when that information can be withheld and then even the other
part that I did not get into in the limited about of time I had there, was the
incidentialome refers actually to lots and lots of information that we do not
know what it means or what it is going to mean in the future and whether or not
we want to share that.

I think the crux of your question though is a really interesting one to me
and that is everything from seom of you have heard of Patients Like Me where
people are putting their data in. And Jamie Haywood, one of the founders of
that company or organization says, it is the moral responsibility of every
person on the planet to reveal absolutely all of their information. And you
know that is really extreme and sounds insane but in the sense of all of us
understanding as quickly as we can what does this information mean it makes
sense. On the other hand there is the practical –-

MS. BERNSTEIN: You should know that Jamie Haywood testified before this
Sub-Committee last summer.

MS. TERRY: Oh good. Great. He is entertaining and interesting. And then
there is the other extreme that says my information is mine and I do not want
to share it and I do not want it to be aggregated. So I think in the clinical
context I think if something is actionable it becomes important to report and
if it is not, and then there is a lot of grey area.

MR. HOUSTON: What happens if it becomes actionable though? I heard a
testimony that really says that our knowledge and our ability to understand is
going to increase dramatically and continue. So what happens if next week or
next year a genetic that has been previously performed becomes actionable and
again there is a good treatment and to what degree does the provider have an
obligation or should there be some attempt to understand and disclose or to at
least see the patient come back and get treatment.

MS. TERRY: Right. And I think that is a huge question and it is one we are
going to see over and over and over. So even for the diseases we are testing
for now, we are getting back results for example that give mutations but we do
not have mutation-specific or allele-specific therapies. We will someday
perhaps.

And so I think the ideal system would be one in which all this information
is banked, and these things are triggered with new information and that that is
reported back. Something like in fact, I do not know if you have had 23NE(?)
come and talk to you but essentially in that system, you get an email you know
once a week or whatever that says, now this stuff is interpreted. And of course
it is not interpreted to a clinical level in some cases and in some cases it is
and you may want to act on this information.

So the ideal medical record system I think would also have the ability to
trigger to the physician that they in fact had new information that now makes
whatever they reported to you actionable. Or that they now know the treatment
should be different than what they already did. That also gets into tons of
liability issues around what physicians are responsible for and when that I am
not credible to speak about.

DR. FRANCIS: Just a general observation we have gone back through all of our
prior testimony and will be drawing on that as we put together our
recommendations on sensitive information. Part of how we have constructed this
hearing was based on what we already had and what we did not have. So yes, we
will be taking into account prior hearings of this Committee, both about
sensitive information and also about issues like personal health records. I did
not mean to interrupt.

MR. HOUSTON: I just wanted to add one thing Joy, if you have any question, I
was not sure whether you were staying quiet or you would feel free to ask
questions. The same thing with all the other staff members as well. I mean I
know this is the Committee asking all the questions so far but feel free.

MS. PRITTS: Well we generally defer to the Committee members of course, it
is their hearing.

MR. HOUSTON: But please, we have adequate time and if there are questions, I
would open them up to you as well.

MS. PRITTS: You are covering all the bases.

(Laughter)

DR. FRANCIS: I want to follow up then with a question for all of you that I
am going to call the GINA exceptionalism nest of questions. We are focusing on
the question of sequestration when records are transferred for purposes of
treatment. Mark has I know in various correspondence with me, said we should
focus on that first rather than on, for example, when records are transferred
for other purposes whether it be employer or public health, whatever because at
least with respect to this area, we do not have definitions.

Now with GINA we have a definition and we have something to start with. In
some other areas we also have something to start with -– substance abuse
for example. As we try to define categories of sensitive information, there may
be areas where we do not have anything; any kind of prior definitions.

And so I wonder if you have any kind of advice for us -– it could be
embedded in the special history of GINA or it could be just more generally
about what some of the issues are about trying to define categories of
sensitive information in the absence of a helpful statute like GINA.

DR. WATSON: Yes I think the problem has always been that a single piece of
genetic information can be used diagnostically, and can be used in a family
context to predict reproductive risk.

So any one piece of information that has multiple utilities like that gets
very much harder to separate out and sequester in an information system. I
think that has always been one of the most difficult aspects of regulating
genetic testing, protecting people’s information is the multi-use aspect of it
that makes it very much harder to protect it in one scenario but not in another
scenario of healthcare.

MS. TERRY: And I think in the history of GINA and probably Joy can speak to
this, the duking it out over the definition that we now have and that we
somewhat rely on was an interesting one. And I think we did hear from a lot of
stakeholders so that many of the stakeholder groups felt heard. But we also, of
course, had some serendipitous sorts of things like the night that it was one
o’clock in the morning and they put in the fourth generation in family history
which was quite extreme in a way to define family history that far out. Those
kinds of things became sort of artifacts rather than scientifically based and
decided upon.

So I think in any of the other areas, mental health, whatever it is,
certainly to engage the providers, the consumer groups and then also to listen
to the naysayers who do not want to lump and instead want to split and the
other ones that want to split instead of lump. I think you can come to some
better definition but I do not think you can get to a perfect definition.

MR. ROTHSTEIN: Well besides the definition that we have with GINA there is
also a very practical reason why GINA and the employment setting is a good
case. And that is because predicted genetic information is rarely of any
relevance in employment.

Contrast that with life insurance and so now to take this argument to the
life insurance state, now you have to say okay, notwithstanding the predictive
value of the information, there may be policy reasons why you should not get
it. And if you deal with life insurance, now you are talking about the whole
medical underwriting process of a major industry. So GINA, the information that
we are trying to keep from employers, they do not want anyhow because it is not
of any value to them except in very unusual circumstances.

MR. HOUSTON: Joy, then Sallie.

MS. PRITTS: I just have a quick question -– but there is no such thing
as a quick question in this Bill so I am not going to say that. But something
that was said in this last session reminded me of an issue that we have in
handling all this data but I would like particularly if you could address it to
the extent that you can with respect to genetic information. Which is when we
are talking about sequestering or segmenting data, we have heard repeatedly in
the past that it is much easier to do this with respect to structured data
versus textural data and I am curious to know how you see that coming into play
with dealing with genetic information.

DR. WATSON: Well I think we will always be left with some level of textural
information. I think the electronic health system goal is to minimize textural
information and evolve coding systems that are well developed around
quantifiable kinds of things -– analytical, measures of stuff, anything
that is sort of a quantifiable thing. It is the qualitative things that are
much more difficult to get out of that textural environment. But I think we are
moving in that direction otherwise we are not able to go back and ask questions
of data bases. But textural information is now being much more easily
searchable than it used to be.

So I am always stuck with I cannot keep up with the pace at which IT is
improving our ability to do things with information. What I thought was the
case two years ago completely changes now as we begin to be able to
semantically search against text files instead of the classical forms of
searching against terminologies and data dictionaries. It is a moving target
and I have not caught up with it yet.

MS. TERRY: And I think in my experience especially working with for example
Private Access which is going to the granular level of a data element is
translating those searches and assigning value to those terms so that they are
structured data and that that is the kind of thing that is totally amazing to
me too in that it is quite intelligent in its ability to do that and become
structured from a free text environment.

MR. ROTHSTEIN: I think the answer from my perspective is that we do not know
yet. And my assumption is that it is probably not going to be any different in
genetics –- that is free text versus structured data -– than other
areas but we do not know and that is why we need to do studies.

MR. HOUSTON: Did you want to ask a question, Sallie?

MS. MILAM: My question is really a follow up on Private Access. I am
intrigued with its capabilities. I am wondering if a consumer is presented with
broader categories of choices and if they choose it, the broader categories
which might be easier for some people. If it allows a granular application so
for example if you want a certain kind of genetic information to be withheld
from say a med list or something like that, does it allow it into all of the
applications?

MS. TERRY: Yes, so essentially what it does is it certainly does assign
private access protections in a broad way if that is what the person wants to
do. It also can go very granular and follow the information completely. And the
conceptual design that they have given to us and I am not a techy person but it
is essentially like the friend wheel on Facebook. I do not know if you have
ever seen one of those so essentially allowing various parts of your universe
to interact with each other.

So for example you may want your Nike sneaker device to actually communicate
to your doctor or your health insurance company that you have run on the
treadmill three miles today but you may not want that information to go to
someone else. And so it does allow not only the information data elements about
what pieces of information you want but where do you want them to go.

And so you may want absolutely everything to go to a clinical trial and you
may want your mental health data to not go to your orthopedist or to your
family members but you may in fact want to give your daughter access to your
health record because you are 85 and have Alzheimer’s but do not want her to
see that you had an abortion or that sort of thing.

So it does allow great granularity and follows the trails of information
sharing and can put access controls on that, in addition to providing the kind
of logs that are required in 2011, 2013, 2015 for HIT.

MS. MILAM: Is it in use anywhere yet or is it still data?

MS. TERRY: It is in use. It is in use in one small community with a disease
called Klinefelter Syndrome which is an extra X chromosome for males. And then
it is right now being rolled out to a number of other disease communities
starting first in the clinical trials realm so that is an easy realm in the
sense that these people are diagnosed and seeking treatment much easier than in
a broader system.

There is also a trial of the program itself going on in Michigan where
university students are using the program to say whether or not they would
allow the blood spots of their children to be used for research. Now that is a
completely hypothetical situation and the Klinefelter case is actually in use
and allows researchers to search data bases and gather information so that they
can put together clinical trials quickly.

MR. ROTHSTEIN: Sallie, if I may just comment. In 2008 NCVHS rejected this
model and considered it to a great degree but rejected it because it would take
an EHR and basically translate it into a PHR by giving individuals sort of line
item control. It would increase the privacy of individuals but on the other end
the physicians would have no way of knowing what is in and what is out of the
record.

And at hearings the representatives of all the various medical societies and
colleges and so forth had a real problem with this and the fallback position
was okay. Suppose we categorize certain commonly appreciated sensitive areas
and everybody knows what they are and what they might be and then you could
inquire, have you not told me about your mental health history? So the
Committee has been through this.

MS. TERRY: So what I would say to that and I was not here then, but what we
have seen in the research, and again I will get that to you, Sallie and to the
Committee, is that individual’s do not make those granular decisions for the
most part. And when they understand that again it is about health literacy and
it is about public education -– harder to do than creating data elements
that talk to each other.

When they understand that they need these things to be together for
treatment options, then they tend to keep them together. And the public is much
more interested just in fact in one of the studies that we did at Baylor, when
given the option to change the level of control, people said, I want that
option. Another control group did not get the option. The control group that
got the option never went and changed their controls. They just wanted
permission to retain control of their own data. They did not actually act on
it.

So I think we have not had the social experiment yet and I certainly think
that certainly the provider community in their own interest will want to keep
all the data together. In my interest in terms of research, I am with Jamie
Haywood in a sense, although I am not as publicly obvious about it. I want
everything aggregated all the time so that we can find treatments for people
like my kids and others.

On the other hand I do recognize that people need at least the sense that
they can control it if they want to control it. And especially in underserved
communities, we see that a great deal. For certain communities it is very, very
important that they control where their information goes.

MR. HOUSTON: Thank you all very much. We do have a break now. We will be on
break until 11:00 a.m. when we will have the next panel which is the Mental
Health Information.

(BREAK)

MR. HOUSTON: Let’s get this going again. Our next panel for this morning is
on mental health information and we have two panelists, Dr. Kurt Ackerman who
is with the Department of Psychiatry at Pittsburgh Medical Center and I guess I
probably officially have a conflict because I obviously am from there as well
and asked Kurt to come in and talked to us. And then Chris Toyanagi who is with
the Bazelon Center for Mental Health Law. So I will let you guys decide who
wants to go first with your testimony.

Agenda Item: Panel II – Mental Health
Information

DR. ACKERMAN: Thank you. Co-Chairmen Mr. Houston and Dr. Francis, members of
the Subcommittee on Privacy, Confidentiality and Security and NVCHS staff, my
name is Dr. Kurt Ackerman and I am a Psychiatrist at Western Psychiatric
Institute and Clinic in Pittsburg where I currently serve as Medical Director
of the Adult Mood and Anxieties Disorders Program. Although I have had the
benefit of talking with many individuals at the University of Pittsburgh
Medical Center or UPMC about issues of mental health privacy and access, I am
testifying as a clinician/educator who has worked at the interface of
psychiatry and medicine for the past 24 years. My testimony does not represent
the official position of Western Psychiatric Institute and Clinic or UPMC.

I am honored to have the opportunity to speak with you today regarding the
impact of sharing mental health information between medical providers and the
effect that sequestering mental health information may have on clinical
practice. As you are likely aware, there is tremendous interplay between
general medical and psychiatric conditions. I welcome the day when mental
illness loses its stigma and we would no more consider sequestering mental
health information than we would sequester information regarding other medical
conditions.

As we have not yet reached that time, we must consider the difficult task of
creating standards for exchanging sensitive health information while respecting
the privacy wishes of individuals. In the hope of advancing the same I will
spend the balance of my introduction outlining my response to the seven
questions posed to me.

The first question is what different types of mental health information are
there and where are they found? Given that the majority of psychiatric care is
performed outside of traditional psychiatric settings, the current approach of
defining mental health information based on provider or location of service is
far too restrictive.

A more inclusive approach might define mental health information as any
information gathered or observed related to a person’s emotional, perceptual,
behavioral or cognitive experience and associated physical symptoms. By this
definition mental health information will be found in clinical notes of
virtually all medical health practitioners. At times mental health will form
the majority of a clinical encounter while at other times mental health might
be a relatively small component of care.

In addition to clinical notes, mental health information is found in other
areas of medical practice such as records of pharmacies, laboratories and
insurance companies.

The second question concerns whether there are particular consideration for
the use and disclosure of mental health information. For example, what
information should be made available about a psychiatric patient in the event
that the patient comes for treatment regarding a non-psychiatric issue? As a
psychiatric consultant I have seen many instances where access to psychiatric
information greatly improved the outcome of medical care where lack of
information led to potential or real harm.

To cite one example, patients with Factitious Disorder may feign or produce
medical signs and symptoms in order to assume the sick role. Knowledge of this
condition allows medical teams to focus on objective signs and symptoms, limit
invasive tests and procedures, and refer them for treatment of their underlying
psychological problems.

Given that communication between psychiatry and other branches of medicine
is generally beneficial, the question is how much information needs to be
shared. From the standpoint of patient privacy and trust, it would be advisable
to disclose only the amount of mental health information required to adequately
care for a patient’s medical needs. I would therefore propose the following six
categories of information.

The first category is Medical Information currently misidentified as mental
health information. I would advocate that medical data obtained in psychiatric
settings including medical consults, tests, labs and radiographic images be
classified as general health information. I would also classify as medical
information the assessment and treatment of psychiatric symptoms which are a
direct result of medical disorders such as delirium following infection
remaining or related to steroid treatment.

The second category is Critical Mental Health Information. This information
would be made available to all providers regardless of patient preference
regarding sequestration. At this point I would include in this group medication
lists, allergies, non-allergic drug reactions and dangerous behavior within
medical settings as this information could be critical to the safety of the
patient and others.

The third group is Mental Health Information for General Medical
Practitioners. I would support the development of an essential medical data set
consisting of information which would assist the clinical decision-making of
other medical professionals but maybe sequestered at the patient’s request. In
this group I might include a list of current psychiatric providers, psychiatric
diagnoses, basic treatment plans, drug and alcohol use, psychiatric consults
from medical hospitals, and an index of suicide and homicide risk factors.

The fourth category is Mental Health Information Shared within a
Medical/Psychiatric Team. I would propose open sharing of information within a
functional Med/Psych team. For example at UPMC, psychiatrists are an integral
part of the transplant program. Although the transplant team does not need
access to all mental health information access to their psychiatrist’s
recommendations can be critical and patients can elect not to participate in
the consultation. Access to the complete mental health data set would only be
needed for a small said set of providers. Staff responding to emergency
situations including code responders on in-patient psychiatric units, an
emergency department staff should have access to any mental health information
necessary to evaluate and provide for the safety of the patient. Other
practitioners may also need access to more complete psychiatric records such as
a PCP who assumes care of a complex bi-polar patient. That excess might be
granted on an individual basis.

The final category is Mental Health Information Excluded from Distribution.
In this group I would include psychotherapy notes, personal details of a
patient’s dramatic experience and other sensitive topics that are best
discussed personally with the patient.

Question three is what are the sequestration and access requirements related
to the use and disclosure of mental health information for non-treatment
related purposes. Several groups have access to mental health information and
do not provide direct clinical treatment. These include insurance companies,
business operations specialists, employers and people involved with legal
proceedings. Insurance companies would likely need ongoing access to medical
records in order to effectively manage care. The level of access would likely
depend on the location and type of service. Similarly business offices of
medical facilities would need to access mental health records in order to
ensure appropriate coding and billing. Employers currently have limited access
to mental health information through human resources and employee health
programs such as the Employee Assistance Program. We developed a system that
defaults to open access and it may be advisable to consider separate
restriction of mental health information from providers and employee related
health programs.

The final area of concern involves access to mental health information to
medical providers involved in legal proceedings such as guardianship hearings,
custody or workmen’s compensation cases. Under such circumstances open access
to mental health information might not be in the patient’s best interest
compared to the current system which generally requires specific consent.

The fourth question is to consider what implementing such controls would
mean for patient care as a whole? A policy allowing relatively open
communication among clinicians while permitting consumers to sequester
categories of information could have a substantial positive effect of
healthcare. Access to mental health information will help medical professionals
to have the broader picture of their patient’s health, to focus mental health
treatment on established diagnoses, to reduce the necessity of repeating drug
trials and to increase patient safety by avoiding toxic drug combinations and
adverse drug reactions,. To realize these advantages, consumers need to
maintain the level of trust and disclosure they have with their current
providers. Mental health information is among the most sensitive and personal
elements in the medical record. A substantive change is access might limit the
information that consumers disclose to medical providers due to concerns over
accuracy and privacy of information. Having the option of sequestration as well
as other security measures will help to buffer this concern.

The next question is what limits if any I would place on the patient’s
control? As mentioned previously, medical professionals engaging in emergent
treatment should be able to view mental health information necessary to ensure
the patient’s safety. Similarly I would also limit a patient’s ability to
sequester critical mental health information such as medication lists and
allergies. Several additional restrictions might be considered.

It would be extremely challenging to create a system in which patients are
able to sequester individual pieces of information within notes or individual
notes from providers. Thus it would be important to limit patient control over
categories and details of sequestration. We need to consider how often
consumers will be able to change their choice regarding sequestration, how this
will be disseminated to providers and whether it is possible to remove
information that has been incorporated into other records.

Finally we must consider rights of family and other surrogate decision
makers to alter the patient’s choices regarding sequestration if a patient
loses capacity to make medical decisions.

The sixth question is what entities are now implementing these kinds of
controls and what kinds of policies and procedures have they adopted? I do not
participate in any system in which mental health information is shared by
default and patients are given the opportunity to sequester information.

The closest example in my experience is the electronic health record of our
regional medical system. Within the firewall of our computer system records are
available to all providers including medication lists, labs, tests and notes
which contain mental health information. Patients are not given the opportunity
to sequester information however records from psychiatric facilities are not
included in the system. Psychiatric consultants are restricted from sharing
mental health information obtained from outside sources and patients can elect
not to provide psychiatric information.

The final question is whether a policy for admitting sequestration of mental
health information would have other important considerations? Our primary
concern regarding a policy of sequestration is whether it is feasible to
develop a system which identifies and excludes mental health information
without stripping needed medical data.

For example virtually all neurologic visits for post-drug patients would
include evaluation of depression as 30 percent or more of stroke patients
develop depression. It would be regrettable if their entire treatment record
was not available to other medical practitioners due to sequestration.

Other implications of the proposed system include the need for patient and
provider education regarding the availability of limits of sequestration along
with potential benefits of provider access, malpractice concerns concerning the
extent to which providers are responsible for reviewing a birth to death record
and potential cost savings. Cost savings would come from reduced duplication of
tests and procedures as well as improvements in patient care.

Patients with mental illness are frequently undertreated and ineffectively
treated leading to lost productivity and increased need for medical healthcare.
Greater communication among providers is likely to improve outcomes and
decrease the overall financial and emotional burden of mental illness. Thank
you.

MS. KOYANAGI: Thank you. I am delighted to be here. My name is Chris
Koyanagi. I am with the Bazelon Center for Mental Health Law. We are an
advocacy organization based in Washington, D.C. Our primary focus is people
with mental disabilities so we work primarily around the public sector and
people with serious mental illness although we do focus on and address overall
mental health policy in some areas. And thank you very much indeed for allowing
us to be present in this hearing and to share some views with you and look
forward to an interesting discussion.

We are very pleased to see that the Committee is seriously considering the
sequestering of sensitive information including mental health information. And
I think it is important to reiterate some of the things that were mentioned in
the previous panel. Individuals have a great deal of concern about what will
happen to their information and in many instances this concern is based on real
knowledge of what has happened to someone else. We have significant stigma in
this country about mental health. We have problems of discrimination. People
have lost jobs. People have faced social stigma and ostracization and even
extreme situations where someone’s mortgage was foreclosed and they lost their
house. In small communities this knowledge is often very embarrassing to
someone.

So we are not as opposed to genetic information where it is all rather new.
We are not dealing with theoretical situations. People are worried about their
information being shared and as a result there have been surveys that clearly
show some people will not come for treatment, other people will not share all
of the information that might be relevant with their providers because of these
concerns.

So I think it is very important to figure out how mental health information
is going to be handled within electronic systems. And at the same time we think
that electronic systems hold great promise for doing this and doing it well and
doing it in a sophisticated way.

So our general position here is that we support sequestering mental health
information. We would like to see systems be developed that give consumers
control over parts of their record. The kind of all or nothing consent is
really not going to be very helpful because some of the information is going to
be more critical than other information to be shared with other providers.

And also there is the question of who is to receive the information that is
going to be shared so there is sort of a matrix here of certain types of mental
health information and who gets it. Some parts of the record like medications
are clearly going to be more important to be shared than treatment notes for
example.

We can create some simplicity within the electronic record around these
issues by using various options of how the individual patient can make these
controls. You can have situations where the information is automatically shared
unless they choose to restrict it. You can have situations where it does not
get shared unless they specifically authorize it. So some things could flow
quite naturally if people were not too concerned about this.

Other things there would have to be a discussion between the provider and
the consumer which we think would be a very healthy thing.

And in addition to the data about how concerned consumers are and I think
you heard this in the previous panel as well, in fact if they feel they have
the control there are very few people who do place restrictions on the sharing
of information, particularly the sharing of information where it is so obvious
even to a lay person that this is very vital such as the sharing of medications
among all prescribers.

On the other hand there is a lot of stuff in a mental health record. These
are very detailed documents and many times people will not want information
shared that provides private information about their lives. And remember that
in the mental health field there are people who come in and never have
medications. They come in for therapy and counseling and they may very well
want none of that to be shared.

So I think what we would like to see is the consumer very much in control.
It is our view that this information really does belong to the consumer which
is one reason why we also advocate very strongly that consumers have access to
the information and be able to correct misinformation in their record. I am
very pleased to see that HIPAA dealt with that somewhat.

We also have noted that the Committee is thinking about a notation in the
medical record that some information has been sequestered. And I am unclear
really the purpose of that. I am not sure how it helps a provider to know they
do not have all the information and whether or not that simply makes the
situation more complicated than it needs to be. If there are issues coming up
in the visit, there may be a mental health issue, the provider may well ask
about that.

On the other hand, we have consumers who have talked to us and this is only
anecdotal obviously but has talked to us about situations where their primary
care physician blew off some real physical symptoms because they knew that this
person had a mental illness. And so there can be harm on both sides here and we
need to be, I think, very careful about how this information is shared. But if
we can set up systems and electronically it seems to me we can, so that we know
who needs to know what and how much they need to know and allow the consumer
the role of deciding that they agree with that or they want to put further
controls on the situation, I think that there is a real possibility of doing
something very progressive here.

We do agree with your break the glass feature that in an emergency situation
the entire record should be available to emergency personnel. Our first thought
when we see that is someone comes into the emergency room of a hospital.

On the other hand, how are we going to define emergency or crisis in the
mental health world? We would be somewhat concerned if any provider can simply
declare, I think this person is in crisis. People have up and downs in their
progression. People with serious mental illness in particular might be in not a
very good place but not need to be hospitalized. We would not want to see those
situations declared an emergency so that all information that the person has
tried to sequester is then shared. I think we need to be a little careful about
those situations and how you define an emergency.

I think and I am just glancing over my notes, that I have really made the
major points that I intended to make and you do have my testimony. I tried to
think of some of the categories of information that might be appropriate. I do
not pretend that the Bazelon Center is expert on that and if you decide that
the record should be divided into categories of a certain number. We would
leave that to you for discussion with some of the mental health professional
organizations or individuals.

But I do think having had some conversations with people who deal with
mental health IT that there are certainly limits to the number of categories
you can have. What I hear is something in the region between four and six is a
reasonable thing to do and if you try to get more complicated than that you are
first of all going to make the IT system itself very complex and difficult. But
secondly, in the real world it is going to be an extremely complicated thing to
talk to the individual patients about so many categories.

So we certainly need to be careful how many categories of mental health
information we produce but I think there is such a difference between your
information on what medication you are taking and the information you may be
sharing in a psychotherapy session that we need to think about ways that we can
break the mental health record into some limited number of pieces and then also
to consider who really needs to know and allowing the consumer to make some
choices.

And as I said earlier some things might happen automatically if they do not
stop them but allow them some choices so they feel they have full control of
this information. And we will probably find that very few people exercise that
right and place controls and that when they do many times the person they are
working with, the mental health provider they are working with, can work with
them to help them understand why some things really should be shared with some
people and should be part of what a mental health professional is doing with
certain individual patients.

So thank you very much for inviting me. I look forward to the discussion.

MR. HOUSTON: Great. Thank you for your testimony. Again since I am the
Co-Chair, it is my prerogative to ask the first question and this is directed
at Chris Koyanagi.

We heard Dr. Ackerman speak to the fact that especially in an acute care
setting where there is some type of psychiatric service provided in conjunction
with medical services that often the record is co-mingled and needs to be or at
least his position is really needs to be co-mingled at least to some degree.

What are your thoughts on again where in a situation where a patient is in a
hospital and adjunct to their services being provided for some medical issue
they have to also receive some type of psychiatric treatment and the fact that
that information is often co-mingled within the patient’s record within that
hospital. What are your thoughts on that type of an environment?

MS. KOYANAGI: I think it depends a little bit on what service they have
received. I mean the most likely service is probably a prescription but they
may also be receiving some therapy while they are there and I think the two
things are different.

So I think even within a hospital we need to have the capacity to sequester
different levels of information. And again I think if the person coming into
the hospital, presumably they are being admitted by someone in the mental
health side that they have seen outside but if you are thinking of examples
where they have not, is that right?

MR. HOUSTON: I think the example is where they are in for some type of
medical condition -–

MS. KOYANAGI: And this is the first instance of a mental health issue?

MR. HOUSTON: And there is some psychiatric consultation performed because of
something either happens in the hospital or some underlying issue. And as a
result there are many different issues that have to be treated at one time,
often interrelated. I just want to understand what your thoughts are and how
you co-mingle or make that information available to the team that is treating
that patient while they are in the hospital.

MS. KOYANAGI: Right. So they have not made these decisions earlier or many
of them may not have because they have not had a psychiatric problem. So we
have the situation where this is the first instance -–

MR. HOUSTON: Well there might have been some other treatment but there is
more of an acute issue arising that needs to be treated as well. I just need to
understand your sense on how much of that record you believe is appropriate to
co-mingle and how much of it still needs to be segregated. Or maybe to say it a
different way, shouldn’t the entire record be made available to the entire
treatment team because of the fact that there are multiple conditions being
treated at one time within that setting?

MS. KOYANAGI: I think I fall back on the need to know. I really think it
depends what exactly is happening with this individual. So medications,
diagnosis; I think in an acute setting and with a single treatment team they
may need to be shared. But I think if there is and most people are not in an
acute setting long enough for much mental health treatment to occur but if they
are receiving services that may involve sensitive information, personal
information, that that should be restricted to the mental health providers.

MR. HOUSTON: Great. I see Walter.

DR. SUAREZ: Thank you. Thanks for the testimony. Just to follow up on that
point because I think here as with every other piece of information in
healthcare the context and the question is everything so in an acute setting
where a patient is hospitalized for an appendectomy but the provider finds that
there might be something important that a psychiatric consult might be needed
during the acute event and that the consult comes and makes notes in the acute
record or the hospital record. So is that called mental health record or is
that called health record or is that called a hospital record?

At this point in the practice there is some clear distinction about a mental
health record whereby the record is maintained by a psychiatrist or a
psychologist and it has a longitudinal process perhaps or some longer history
versus a psychiatric consult or a psychological consult of a patient in the
regular course of care, whether it is acute care or a regular course of care.
So are we expanding the definition of mental health record to now include any
mental health related information that is part of a hospital record or a
regular medical encounter?

MS. KOYANAGI: Well the systems I am more familiar with would be on the
outside. There are clinical practices in the public sector where both primary
care and mental health are delivered in the same site by various providers. And
in those systems it does not appear that it is of any significant difficulty to
separate the mental health and the physical health information.

So I would assume that it should be feasible within the hospital setting as
well. Now you may call in a psych consult but what the consult says and writes
in the record may not need to be shared as long as if there is a condition, the
condition is being treated and it does not affect the patient’s recovery from
the appendectomy there is no need for that surgeon to know that this person
actually did have depression. They were right. The person did have a
depression.

So what is he going to do with that information? And the broader the
information is made available the more likely especially in some small
communities that someone who is in the stream of access to that information
discloses it in some way outside the hospital. So I think it should be
feasible. I have not thought through all the details of doing this but I am
fairly confident that it does not sound impractical to do it and since I do
know some community mental health programs already do something similar it
seems to me there is not really a difficulty in terms of the technology either.
So that would be my response to that.

DR. ACKERMAN: Thank you. Well this is the area that I deal with on a daily
basis as a consultation psychiatrist and I would argue that the surgeon
absolutely needs to know if the patient is depressed. It affects decision
making, it affects their likelihood of doing well in rehab and a variety of
other factors. I would think that there are several important pieces and one of
which is that I think we need to find a way of disclosing to consumers exactly
what it is that they are sharing so that when we approach someone for a consult
we make it clear that we are part of the treatment team and that we will be
discussing not the details that they give us, we are not going to talk about
that trauma history and things like that but things relevant to diagnosis while
we are coming to the conclusion and the recommendations that we are.

The other question then becomes once it is a part of that medical psych
record, is it there forever? In other words the surgeon who consulted me about
his depressed patients certainly needs to know that. What about five years from
now when somebody else in the same facility wants to look at the records from
this past surgery? I think that is something that perhaps would be a little bit
open to discussion.

But the other thing I would like to bring out again is that the majority of
psychiatric care is being done outside of traditional psychiatric settings. And
so I do appreciate that the severe persistently mentally ill population has
particular needs and that we may in fact want to have a different way of
dealing with information that is generated within the silos of psychiatric
institutions however most psychiatric care is done by non-psychiatrists in
primary care offices and other places and we need to think about what to do
with that information.

MS. KOYANAGI: Well I would just reiterate obviously with patient consent we
are quite comfortable with the sharing of any information.

MR. HOUSTON: I do not know if you really expanded much on your role at UPMC
but it might be helpful so they get sort of the context of what your practice
is and how you work in the acute care setting.

DR. ACKERMAN: Sure. I have been involved with the psychiatry consult liaison
service for the past 15 years or so and we run a series of in-patient and
out-patient psychosomatic medicine practices. We have consultation
psychiatrists in about eight or nine different hospitals within UPMC but we
also have psychiatrists embedded within specific programs at the request of
those programs.

So we have psychiatrists in the Transplant Center, in the Pittsburgh Cancer
Institute, in the HIV Clinic and these folks are again consultants so it is at
the request of the physician and with the permission of the patient but they
serve to help integrate the medical and psychiatric needs so that people can
overcome the barriers that are getting in their way both medically and
psychiatrically.

DR. FRANCIS: I want to pursue the definitional question a bit along some of
the lines I did in the prior discussion with the genetics folks too. What we
are about here is trying to figure out how to actually define some categories
so that we can make some recommendations about what ought to get built in as
capabilities in the design of interoperable systems like an HIN so not
necessarily what people would always use but what ought to be there as
capabilities.

And I am hearing from both of you a kind of need to know theme that would
suggest that with mental health information it might be useful to have some
sub-category capabilities so that mental health is not thought of as all or
nothing. The genetics folks said something a little bit different on that. I am
thinking that we should have at least what some folks said something a little
different in the answer to my question about whether family history information
should be treated differently from test information for example. Now they have
the background of GINA. You all have a little bit of legal background too, at
least psychotherapy notes separated out as a sub-category and to the extent
that substance abuse information might be integrated that separated out as a
sub-category and some state law things.

As I heard the sub-categories, I guess I want you both to comment on whether
I am getting it right about a small set of sub-category capacity and whether
those categories would be meds, diagnoses, dangerous behavior to self or
others, and psychotherapy notes and trauma stories and whether I am getting it
right and whether there are other things you might want to add in
definitionally.

MS. KOYANAGI: Well one difficulty is that even the fact of having consulted
a mental health professional kind of gives gain way as well and can indicate
how seriously ill you are if you are into using a psychiatric rehabilitation
program. So where you have gone for services is also an issue.

One possibility is to think of medication, I do not know what Kurt thinks of
this, and diagnosis as a duo because if you know what medications a person is
on you very likely have a clue as to the diagnosis. And if you know the
diagnosis, they are very likely on certain medication so if you had to collapse
categories you might be able to condense those too. I do not know if you would
agree with that or not.

DR. ACKERMAN: Generally you could almost put medications, diagnosis, some of
these things into a problem list. So I think having an accurate medical problem
list which includes a patient’s arthritis but also the fact that they have a
psycho-social problem or depression or whatever and I think can be very useful.
And I think having an accurate medication list can be very useful.

In terms of where I am coming from, in my experience the best medical care
is done when there is virtually open access. It is just I do not know if that
is feasible yet from the standpoint of stigma and other issues that she has
shared with us. At every step that you are limiting things, with the exception
of psychotherapy notes that I really think have no basis in an electronic
health record. With the exception of that area everything else I can give you
examples of where it saved someone’s life to know that piece of information.
But you may not be able to get the buy-in that you need in order to make a
system like that work.

The only other thing that I would say about trying to sub-categorize
information is that in my experience it becomes extremely tangled. So you said
our experience is with substance use psychotherapy notes and other mental
health information. Those are the three main categories. And yet the large
percentage of patients with mental illness has issues with substance use and
even if they do not, we are still recording in every note whether or not the
patient is currently using substances. And so to start breaking them out and
then we find out that we really cannot figure out what to do with the notes
because they actually have information from a whole variety of areas.

MS. KOYANAGI: And I think with all these categories remember that the whole
system rests on patient consent. So in many instances the category sort of
dissolves if the patient says yes to a number of these things being shared.

DR. FRANCIS: Maybe I could just follow a little bit on the –- we are
talking about treatment here and Mark certainly did not want us to be talking
about outside of treatment but when we think about developing sequestration
capacities, one of the things we do need to think about is that people may ask
to have records transferred for other purposes. For example for employers to
support or request for FNLA leave. Do you have any experience either one of you
with the kinds of questions that raises and sequestration capacities? Do you
think it should be all of nothing or how do you think the category might be
defined?

MS. KOYANAGI: Well I think again the audience is the key. If you have got
someone with a serious mental illness, and they want to ask for an
accommodation of their employer they are going to need to authorize the sharing
of whatever is needed if they are applying to Social Security again they are
going to have to authorize the disclosure of what is needed so in some
situations though they may be authorizing a limited amount of information to be
disclosed because it meets the purposes of what they are trying to accomplish.
So having categories would be helpful in the latter case because then they
could say but not the following.

DR. ACKERMAN: And I think there are categories that we will or you guys
actually will decide are treated in certain ways. And I think that there will
be a whole bunch of other stuff perhaps that will require specific consent. And
in talking to folks at UPMC many of them were concerned that they would not
want a system where their employer could just open up access and find out that
they were hospitalized a few years ago for a bout of depression if it is not
currently affecting their job. And so that would really effect what they
disclosed to providers. But there certainly are other times where someone needs
to go on FLMA where they may want to share records and so that would need to be
treated differently.

MR. HOUSTON: Walter, I know you had a question.

DR. SUAREZ: Yes. Dr. Ackerman, thank you for the classification that you
have provided us here. I was thinking that and this applies also to all the
other special sensitive information that we deal with, so there are ways to
categorize information, mental health, chemical dependency information, and
genetic information. And then there are ways to categorize the purpose for
which the information is being attempted to be used, accessed or disclosed.

And it seems to me that the challenge of course is whether for treatment
purposes there should be an all or nothing open access. And there should be
some sort of a consent even for treatment access to sensitive information
whether that consent should be all or nothing or specific to data.

There is also then the break the glass option and I wonder if you could
explain your reactions to that idea. So offering and implementing because at
the end of the day all of this will have to come down to a series of
information security and access control rules that will determine whether
someone is able to access or not this or that.

And someone is going to have to write those rules. And usually that someone
is some technology person that is in some cases deciding by their own views
that this will be the way that this will be accessed based on data policy and
general policy that is given to them. But rather than looking at that from that
perspective, looking at it from a break the glass perspective and seeing that
okay we have mental health information and everything should be break the glass
in the sense that if you are attempting to access the information whether you
are a provider or not, yes, you will be based on your role, allowed to be
accessing the information if you are a physician and provider that is going to
need to access the information for care.

But there will be an audit-trail that will point to the fact that when you
access that and at some time and at some point someone will go back and look at
the appropriateness of that. But rather than creating sub-categories of data
and that raises algorithmically in my mind a complexity of from an information
technology perspective managing access controls handling through a break the
glass type of an approach, a simple break the glass type of approach where if
you offer several categories of medical information, critical mental health
information, and mental health information shared with psychiatric teams.

So if someone is going to attempt to access that, they will be able to break
the glass and access it regardless of what category this data is but there will
be an audit-trail of that access. So is break the glass one of the ways to
eliminate some of the complexities of segmenting and sub-segmenting sensitive
health information?

DR. ACKERMAN: I think from a practical standpoint and I work very closely
with the IT folks at UPMC and they would shoot me for what I have outlined. But
I felt the need to do so from a theoretical perspective. I do realize it would
be very difficult to implement. An all or nothing approach would be the easiest
thing by far to implement.

And I think if you brought out certain elements of a problem list and took
that out of the all or nothing so that everybody gets access to meds and you do
not have to break the glass of anything to find out what meds someone is on;
probably allergies, non-allergic drug reactions and diagnoses perhaps, then the
rest probably is an all or nothing thing. I do not know if you have to break
the glass or just get the patient’s permission to access it. I like the idea of
an audit-trail.

One of the interesting things that I came across in preparing for this was
the idea of whether or not the consumer has the right to know sport of the
results of the audit-trail. So who has been opening various records at
different times? I think that that would help to limit any abuse of this
system.

MS. KOYANAGI: I think we have to be very careful to take note of the
information that we have available of how reluctant people are to have this
information shared. And so if people are going to avoid coming in for care
because there appears to be an all or nothing sharing except in very limited
circumstances, or they come in to see their primary care physician for
something and they very carefully do not share their information or directly
lie about information about their mental health or their substance abuse, I do
not think that gets us very far. And I think there are electronic systems that
do do this kind of layering. And so I think we should take advantage. I mean
the technology is only going to get better and cheaper as we go forward. I
think it would be a mistake to go with the all or nothing approach.

DR. SUAREZ: But again it is a condition. It is an all or nothing concept but
for treatment and for the providers. Do not think about payment and operations
and research and all these other things. It is treatment and providers,
treatment and providers.

MS. KOYANAGI: I know, I know. I am thinking of treatment and providers.

DR. SUAREZ: And that constrained, limited view creating segmentation and
sub-segmentation of data and of course the other side of the risk is whether it
will make it more difficult for providers, and this is physicians that are
trying to provide care to a patient to understand the holistic condition of the
patient. Not just an orthopedic condition of a patient or a cardiologist
condition of the patient. So in that constrained view of treatment for
providers would you change your views?

MS. KOYANAGI: I would not, no. I mean we have thought this through and we
are well aware that people behave a certain way when these kinds of open rules
are in place. And in fact care is not always improved. Sometimes it is harmed
by a provider knowing that the person has a mental illness. So this can cut
both ways. It may more often occur that it is to the patient’s benefit but I
think individuals have the right and should be granted that right to decide
what gets shared.

If you tell them everything gets shared of nothing gets shared, I think they
are in a situation of pressure and things would work more smoothly for them and
they would be more confident in the system and in fact many of them will not be
concerned about things that are automatically going to be shared if you do not
say no such as medications or diagnosis. But there is considerable concern
about the sharing of the information that is what we might call medical, what
goes on in the mental health setting or even the sharing of lists of places
they are going for care. Now I am thinking more of the people who go to a
number of places such as those with severe and persistent mental illness.

DR. ACKERMAN: I would perhaps be a bit more open to the idea but I would
caution that we still have significant issues because it sounds like what you
are talking about is largely where the provider is a psychiatrist or where the
provider is another mental health professional. Still we have the majority of
psychiatric care being done by primary care physicians, et cetera.

So how are we going to deal with their notes; with their comments about
depression, with the medications that they are using to treat anxiety, et
cetera? In that case you are doing it all or nothing for the entire physical
health system in addition to the mental health system.

MR. HOUSTON: Sallie had a follow up and then Maya had a question. So Sallie?

MS. MILAM: To follow up to Walter’s scenario, it sound like Walter was
asking whether consumers might accept an opt out system for mental health. So I
am wondering if we were to take that and I hear your concerns, what if we
layered on the patient’s ability to block specific providers by name? If we had
that in combination with opt-out for mental health does that address it or do
we need something more? Do we need something more granular?

MS. KOYANAGI: I think that in particular medications are a concern. So
someone may be inclined, very inclined to say they do not want the information
shared. They opt out or opt in, whichever way you have written the software.
But on the other hand I think they may very well prefer to have the medication
information shared because of the serious consequences that can occur.

So I think at least some categorization may be necessary but it may be
possible to collapse a number of areas into fewer than I was initially talking
about. As I say I do not feel that I have all the answers on what the
categories would be but I do think there is a big difference between
information on what medication someone is taking if they are going to see
another provider who is likely to prescribe something, that would raise serious
concerns in most consumers minds and the fact that this other provider is going
to know that they have been seeing three or four different service providers
for mental illness because then they are worried about how they are going to be
perceived. How seriously the symptoms are going to be taken and addressed and
unfortunately they may be right because that does happen.

MR. HOUSTON: Maya or I am sorry Kurt; did you have a follow-up comment?

DR. ACKERMAN: Not particularly with regard to that. I think that being able
to sequester providers and perhaps more important than providers probably
sources. So in our area for example we have a greenbrier drug and alcohol
facility. Somebody might want to say I do not want anything from there to be
part of the record. And that is more technically possible from an IT
perspective than separating all substance abuse information where in fact it
would be very difficult to pull it out of the record of virtually all medical
records.

MR. HOUSTON: Maya.

MS. BERNSTEIN: Just quickly, I wanted to get back to the issue of emergent
care and the difficulty in defining what counts as an emergent situation in
mental health. It is not necessarily the same as it is in a physical hospital.
I think when the Committee was talking about this the last discussion we had
when we made recommendations we assumed that an emergency situation is where
the patient comes in either unconscious or otherwise just unable to make
decisions for themselves; either they are not competent because they are a
minor or they are not competent because of some other reason.

And so I am wondering if there is a way to either have to make arrangements
in advance for when that situation might occur so they have an opportunity to
make a decision; in the future should I be in an emergent situation, this is
what I want to happen or they just cannot make a decision at that time. I am
wondering if the same kind of definition works in the mental health context
where you just say how you were talking earlier about how what looks like an
emergency in a mental health situation might now be what looks like an
emergency in another medical context. I was wondering if a similar definition
worked when we think about when is the appropriate time to invoke the break the
glass rule? Can you make a definition of what is an emergent situation
similarly in the mental health context?

DR. ACKERMAN: I think that some of the examples you gave for other medical
conditions are appropriate. If the patient comes in and they are impaired and
they are not able to make medical decisions or it is a physical emergency, or
something like that that the area that mental health brings in at least in my
world that is a little different is evaluation of safety. And sometimes you
cannot tell when the patient comes in.

So just to give a brief example from last week a patient came in and it was
actually a physician and he was brought in unconscious and woke up and said, I
took a couple extra Ambien; I was just trying to get to sleep. Now it turned
out that we knew him because I work at the in-patient psychiatric facility as
well and he had been discharged that morning from the psychiatric hospital
where he had been hospitalized for a suicide attempt. And so looking at how to
view what he is telling me knowing or not knowing that piece of information
would lead to completely separate things. In one case I would probably let him
go especially because he seemed very well put together and on the other hand I
would say wow, not only did he just have a suicide attempt and was just
released but he is not actually telling me the truth about that so I would be
very concerned about his safety. So I think that it is the area of safety that
really would be a little different for mental health.

MS. KOYANAGI: Well I was thinking more in terms of setting some programs
because we have in addition to someone potentially coming into the hospital
emergency room; we have mobile crisis teams and other kinds of crisis services
in mental health that I would incorporate into that break the glass rule. What
I was worked about was whether someone within a mental health program who has
not got all the information for some reason, declaring that a third party might
objectively say is not in any kind of crisis because they feel if I had that
information I could do better. I am trying to move it away from say the
paternalistic potential –-

MS. BERNSTEIN: I am thinking about the example that Dr. Ackerman just gave
though. Say you have a patient that you do not know that comes in –-

MS. KOYANAGI: Comes in where though?

MS. BERNSTEIN: Wherever –- patient comes in unconscious, wakes up and
says, I took a few too many Ambien. And if that patient has a control on their
record that says I do not want my mental health information shared, how does
that physician know to go look and see if that patient was or is it an emergent
enough situation if you do not already know that the patient was just released
for a suicidal incident to know to go look.

I mean that is a case where you know the patient has hidden this information
from you and if it does not look like an emergent situation, you are not going
to break the glass and you have got trouble. Or maybe that is what the patient
can expect because the patient has made that decision in advance and that is
okay. We are legally okay with the fact the patient has made a decision which
turns out to be not in their best interest. And lawyers tend to think that is
okay. Patients have rights and they are allowed to do things that turn out
making bad decision.

DR. ACKERMAN: But for the most part we do not allow suicide as one of those
rights.

MS. BERNSTEIN: But in this case you would not know, right?

DR. ACKERMAN: Well what I would say is that most reasonable clinicians at
least in our area if they are encountering a patient who comes in following an
overdose and we are asked to evaluate is this an intentional overdose or is
this an accidental overdose or were they just using drugs and alcohol and
partaking of their free will? Most of us would be concerned about the
possibility that this was a suicide attempt. The way I understand the way you
are considering the break the glass approach we would then look and see if
there is a flag that says that there is a piece of information that is
sequestered and under those circumstances I would probably break the glass and
just take a look and see is this something that would impact my decision.

MS. KOYANAGI: Correct me if I am wrong but you are talking about someone
brought into the hospital emergency room unconscious, is that not right? — in
this situation?

DR. ACKERMAN: In this situation, yes.

MS. KOYANAGI: Yes and I am saying I have no issue with breaking the glass in
the emergency room because there we can presume that we are dealing with people
with very serious issues.

MR. HOUSTON: But I would suspect there are probably circumstances that are
lesser in obvious criticality that might have sort of the same underlying
issues. I mean as Dr. Ackerman said, the person has been discharged from the
psychiatric facility having tried to commit suicide and he shows up in an
urgent care center for some lesser problem but if when you look into it there
are clear signs that this person has some type of self destructive behavior.

It is one thing to make the bright line case that yes the person is
unconscious, they came to the hospital and they had tried to commit suicide
previously so therefore you can draw that conclusion. But I would think of a
lot of situations where even in a lesser medical situation knowing that that
person had been discharged having just tried to commit suicide, that you can
draw conclusions about that person. Maybe they tried to do it again or their
behavior is such that they need to be recommitted. I do not know.

MS. KOYANAGI: But you are talking about a situation where the person is not
in an emergency by definition.

MS. BERNSTEIN: Yes I was trying to look at how it is you get to know whether
the person was just discharged and under what circumstances. But I do not want
to go on too much because I know other members -–

MR. HOUSTON: I think it is an interesting question. I mean the bright line
cases where the person is unconscious and they turn out to have taken a bunch
of sleeping pills and they have tried to commit suicide again, I guess I am
looking at Kurt sort of thinking are there situations where it is a lot less
clear but boy when you take that prior information into consideration you
realize this person is again self destructive or trying to commit suicide again
or doing things that require them to be re-hospitalized.

DR. ACKERMAN: I think there is a whole range. And I think what Chris was
cautioning about is the one end of the spectrum where for example a patient
shows up with chest pain and a reasonable physician might say I wonder if he
has a diagnosis of panic disorder because some people with panic disorder
present with chest pain? Now I personally would love for that diagnosis to show
up somewhere because I think they would also ask additional questions about
whether this is panic disorder.

You have sort of that one end and then you have sort of the middle spectrum
where people are coming in, they are not caring for themselves, especially some
elderly folks and you are drawn into wondering is this just a lack of resources
or is this depression? Do they need additional help? And those are areas where
we often find ourselves wanting to know what is in place already and what kind
of treatment are they getting?

MR. HOUSTON: You had a follow-up question?

MS. MILAM: I do. It makes me think of the policy considerations and
different health information exchanges that are evaluating in terms of whether
to load all of the data. So for example, a health information exchange may load
all patient’s data that it receives and if there is a consent process and the
patient elects not to consent, information will not be actively shared. So say
we have a situation where a patient decides not to consent to mental health
data so it is not shared but it is still in the system so it is sequestered
however it sounds like in those situations when you break the glass that you
would access that information. Whereas in other places if it is sequestered and
there is no consent, it would not be there to access. Have you all thought
about that or do you have any opinions on that?

DR. ACKERMAN: Again, I think with the exception of the details of
psychotherapy and the details of treatment, I think everything needs to be
available in a break the glass approach. I do not know how I could practice
without it just because I come across so many people who become impaired or
start out impaired.

So they do not all arrive in the emergency room unconscious. Some of them
become delirious after an operation and we need to know did they have
underlying dementia or were they taking certain medication combinations that
would linger and interact with things that we have now. So I think we have to
have the ability to get at the medicine that is psychiatry. Not so much the
psychotherapy side of things but to the extent that psychiatry is medicine, I
think trying to sequester or get rid of it would be unwise.

MS. KOYANAGI: My greatest concerns are on the outpatient side. I think that
the break the glass for the kinds of situations Kurt is describing are
reasonable.

MR. HOUSTON: I had a separate set of questions or a separate question I
should say and it goes back to our first panel and since Mark is still sitting
on the side over there, you are more than welcome to respond if you would like
as I am asking the question.

There was discussion in the first panel about something called genetic
exceptionalism and genetic exceptionalism basically is this notion that and I
am probably going to butcher this, Mark, sensitive genetic information should
be governed by a separate set of policies and laws. Now Mark I think was of the
opinion that that is appropriate. One of the other panelists largely stated
that genetic exceptionalism should be avoided in large measure. I think there
were some exceptions to that position.

And the reason why I bring it up now is that I would think that there are
genetic tests today and in the future that will provide insight into whether
somebody is at risk for or going to have a mental disorder in the future. They
do not have one today and in fact may be treated today such that they would
never have some type of psychiatric disorder.

What is your idea about access to genetic information and such circumstances
and are you for this notion that any type of psychiatric genetic testing needs
to be specifically ordered and performed? Because part of what we heard also is
that a lot of genetic testing I guess there is the likelihood you are going to
find out a lot about an individual by running a genetic test for a specific
condition but yet you may find out information about other conditions simply
from running that genetic test. Am I saying that correctly, Mark? So I would
just like you thoughts on this idea of genetic testing and its implications for
psychiatric information.

DR. ACKERMAN: I think I would separate genetic testing that is specific to
psychiatry from other kinds of genetic testing. So one area where we use
genetic testing a fair amount is in looking at metabolism. So there is an
enzyme called the cytochrome P450 2V6 system) and some people are rapid
metabolizers and some people are poor metabolizers and it affects the way in
which we can prescribe medication. So if we have a medication that we are
prescribing and there is no affect, it may be that it is actually being very
rapidly metabolized or it is not being metabolized.

And so I think that those kinds of genetic pieces of information can be very
helpful to psychiatrists and whether they have to be ordered separately by us
or not, I will leave for the panel.

Eventually I think we will end up with genetic tests for Alzheimer’s for
example or at least pre-disposition for Alzheimer’s. And so there may be
certain psychiatric disorders that start to look a lot like medical disorders.
I am not sure I understand the difference between dementia and Parkinson’s
disease for example. I think it is only where whose camp got it first;
similarly with delirium.

So I think there are things that are called psychiatric that really are
probably more medical and eventually we will treat them in the same way as we
do other medical disorders. And so the problem with making a distinction is
that I think things will continue to flow towards the medical camp.

MS. KOYANAGI: We have not suggested that within the policies dealing with
genetic information that information on psychiatric illness is to be handled
any differently but we have supported the efforts by organizations that are
concerned about sequestering genetic information. We are concerned about all
genetic information and its potential in terms of sharing but we have never
said that there is something different about that someone may be pre-disposed
to schizophrenia or depression.

MR. HOUSTON: Mark, you wanted to make a comment?

MR. ROTHSTEIN: Yes, first John, my personal view is that genetic
exceptionalism is a bad idea but we are faced with that because of the statute.
And I think the panel members made a very good point earlier talking about
mental health exceptionalism. We would like to see a world where that did not
have to take place but because of the stigma attached, it is in a category of
sort of sensitive kinds information that people want to protect and they are
more concerned about than whether they had a broken leg last year.

There are likely to be overlaps between genetic conditions, tests, et cetera
and mental health status as well as many of the others. I think the most likely
source of that overlap in the next say five years is going to be on
pharmaco-genomics. And that is the role of genes in regulating the degree to
which drugs are metabolized and are more or less effective both for one
condition or another.

So in that situation anyone prescribing would want to have access to that
genetic information whether it is a cardiologist or a psychiatrist. And I think
the way we get at that is not only through clinical decision support which
would presumably check both the sequestered and non-sequestered record but also
by the physicians simply asking you know have you ever had any genetic tests
regarding X, Y and Z? And they can at least give you some initial information
and they might say I do not know and then you might need extra permission to
access that file.

MR. HOUSTON: Regarding genetic exceptionalism I think that the tension is
that if you do not believe in genetic exceptionalism but then you have another
sensitive category that sort of overlaps the genetic category I guess the
question is you should default to the more sensitive type of information. So if
there is a psychiatric association with the genetic test that that would then
fall into the category of sensitive psychiatric information. Is that fair to
say?

MR. ROTHSTEIN: On both categories and I think your conclusion of course has
to be right that if there are two components and one is sensitive and one is
not sensitive, you have to treat the sensitive one.

DR. SUAREZ: What is the two components that are not sensitive? I mean I
raised this issue of if we vertically categorized it and we have that sense
then the reality is we are categorizing data whether we like it or not because
there are laws that make us do it. But the more we fragment and segment and
sub-segment the data, the more we are going to find data that has five
different sub-classes or categories. And so which law is more pre-emptive than
the next? And so it is a challenge.

I wanted to point out one thing which is the essence of what I have been
gathering -– I think we all are going to face the reality that the only
way to address all of this is going to be through four major elements in these
strategies. And this is maybe a question for reaction but if we do not have
time we will just bring it later.

First of all is the type of information and yes we classify based on law but
the other important things are the role of whoever is trying to access the
data, the purpose for which it is being attempted to being accessed, and the
break the glass rule. And so if I am a cardiologist and I have a patient and I
think there is some problem with related mental health and I see a little tab
in my electronic health record that says psychiatric medical history and I
click on that, first of all the system will say your role is as a cardiologist
and you have that role and you can access this data but be aware that you are
going to be breaking the glass. We can provide you access if you determine the
purpose for which you are going to do it and so you click and say the purpose
is for treatment or whatever purpose and then you create the path for accessing
that information.

And that applies to any type of data and applies to any kind of provider and
is specific to purpose of treatment but I am concerned that when we look at
mental health, it is one thing psychiatrists and psychologists with accessing
their mental health data from other patients and all that. But another thing is
cardiologists and orthopedists and other physicians accessing mental health
which in their role as physicians they could access that too.

So that combination of those four elements is what I think at the end of the
day is going to allow us to break through I guess this process.

MR. HOUSTON: Marjorie, you had a comment or question?

MS. GREENBERG: Yes. I know we are at the end of pretty much of this session
–-

MR. HOUSTON: You are the last but take whatever time you need.

MS. GREENBERG: But I want to sort of step back a little and make an
observation and then ask the testifiers. And I thank all of you and the others
as well and I know Mark, you are still here but I do not know if some of the
others are. But a question, putting aside the issue of data to employers, et
cetera but I mean keeping this within the medical or care arena, sort of an
underlying assumption of these two panelists has been that the standard and
maybe not but I mean one might think that today’s standard is coordination of
care.

Now we know this is not the case at all in our system. It is the exception I
would have to say. I think people would generally agree rather than the rule.
My colleagues to the left may disagree and coming from a healthcare system but
for the most part that is not what goes on. And as I think our second testifier
indicated, when information is shared it is not at all clear evidence that it
is used to the benefit of the patient. But clearly the whole idea behind
electronic health records and I would say healthcare transformation is that we
will improve coordination of care.

And yet clearly sequestering information and at various levels of
granularity or not is understanding the reason for it but will potentially not
improve coordination of care. So I think in addition to the issues or elements
you pointed out, I keep coming back to what I have heard from several of the
testifiers, the need for education and the need for not only patient literacy
but clinician literacy, et cetera.

But people understand the implications of different types of information and
the implications of withholding information and the implications of sharing
information, et cetera.

I mean it just seems that without that we just seem to keep going around in
circles and different people will have different views and different strongly
held opinions but we are not going to get anywhere and then also adding to that
the six minute visit type of thing. Who do you feel or what type of
organizations or process do you feel are best suited to try to provide this
type of education and public dialogue, et cetera? Do you see any light at the
end of the tunnel here? Or do you have examples of where this has been
effective or of groups that are really trying to do this? I mean it does not
seem realistic that it is going to happen in your average encounter and so do
you have thoughts on this?

MS. KOYANAGI: Well systems that I am more familiar with would be the public
mental health systems which tend to be organized systems in terms at least of
mental health and sometimes and increasingly incorporating primary care as well
where there is opportunity for significant consumer education. And I think if
we moved electronic records, not just in mental health and other sensitive
areas, people do need and will want to more and more understand and be educated
and literate about some of these issues.

The various software programs that enable people to have their own personal
records and so forth that sort of leading us in that direction with all the
information on health that is out on the web. We are going to see more informed
and knowledgeable consumers and I think within the mental health system it is
certainly the responsibility of mental health providers to be dealing with
these issues with individuals.

And I would just strongly urge the Committee to put the individual patient
in the driver’s seat. I think with the education people will make sensible
decisions. If they do not, that may be a sign that there is something going on
mentally that needs to be addressed by the therapist. And also in this country
we do provide for people being given all the information and we are sure they
understand it and we do allow people to make their decisions. And some few
people may do that but I think the greater good is by people having confidence
to come to the health professions and say I have some issues and I would like
this mental health issue addressed and to know that this is not necessarily
going to end up being talked about in the local diner. And that really right
now is what people worry about when they hear about moving from paper records
where they feel they can prevent their mental health information leaking over
into other areas of life including other treating providers.

As we are moving into electronic systems they are very nervous about that.
And I think we need to be a little los in moving to situations where any
treating provider can break the glass or people feel all I can do is consent or
not consent and nothing will be shared if I will not consent and everything
will be shared if I do. I would just urge you to try to go for something a
little more sophisticated than that.

DR. ACKERMAN: I will just try to quickly answer. I share your concern. I am
very concerned that at every provider visit someone is going to be handed a
sheet of paper where they have to check a box that says sequester or do not
sequester and there is no discussion. I mean I think there are very few people
currently who can have a discussion with a patient about all the pros and cons
of sequestering and access and things of that sort.

So trying to think about what might work, I almost think it is more like
what we are doing with advance care directives. You have to have somebody who
sits down and talks about what the patient’s wishes are regarding care and
really not on an every visit kind of way but is at the provider level probably
trying to discuss that with the patient. And that will be supplemented by
individual providers who need access talking to them and saying this is what I
need and this is why I need it and in which case the consumer will have a
better understanding.

MS. KOYANAGI: We have some of that in mental health. new have people doing
crisis planning, we have advanced psychiatric directives specifically so there
are again, and I am talking the public mental health systems, there are within
those systems individuals who are working with consumers on these very issues.

MR. HOUSTON: Great.

MR. ROTHSTEIN: Just a quick point, the 2006 NCVHS letter not only introduced
the concept of sequestration but it also linked it to role based access
restrictions. And I think that if patients, individuals knew that every
optometrist, podiatrist, and allied health professional did not have access to
their records to the same degree that physicians did, there would be less
pressure on individuals to elect sequestration.

So I just wanted to mention that these two concepts were presented together
and sometimes I think we are just pulling out the sequestration part and the
role based access which is very common in integrated care systems. The NCVHS
recommended to apply it broadly throughout.

MR. HOUSTON: Joy, please.

MS. PRITTS: Since you are looking at the issue of the types of information
and categorization, there is a report on ONC’s website dealing with the
disclosure of state law regulating the disclosure of health information for
treatment purposes. It includes a discussion of the release of mental health
information, focusing on for treatment purposes.

At least at the state level, there has been a lot of thought over the years
that have gone into what information may be shared without patient permission
or with patient permission and categorizing it in those fashions. But also to
the level of if you are sharing it without the patient’s permission, what data
elements can be shared. So that may be something that might be useful.

MR. HOUSTON: Yes it is. Thank you very much. We ran a little bit over but I
think it has been fantastic conversation this morning. We are going to break
for an hour for lunch and we are going to be back here at 1:30, correct for
afternoon hearings. So I appreciate everybody’s time so far this morning and
thank you.

(Whereupon, the meeting was adjourned for lunch at 12:30 p.m.)

 

 

A F T E R N O O N S E S S I O N 1:30 p.m.

DR. FRANCIS: I am Leslie Francis and I am delighted to welcome you all back
to this second half of todays hearings on Sensitive Information in Medical
Records. These hearings are conducted by the Sub-Committee on Privacy,
Confidentiality and Security of the National Committee on Vital and Health
Statistics. Most of the people who were here were introduced earlier in the
day. And as this is a continuation I would like people who were not here
earlier in the day to introduce themselves on the record if you would be
willing to do that.

MR. HOUSTON: It is for people who showed up late.

MS. WHATENBERG: Sarah Whatenberg from SAMPSA on detail to the Office of the
National Coordinator.

DR. FRANCIS: Are there others here who were not here earlier?

MR. DECARLO: Mike Decarol with the Blue Cross, Blue Shield Association.

MS. SEVICKAS: Marie Sevickas, AMA.

DR. FRANCIS: Anyone else? Thank you all.

This session is going to be devoted to children and adolescents and issues
raised by sensitive information in their medical records. We have three
speakers, Abigail English who is the Director for the Center for Adolescent
Health and the Law, Edward Gotlieb who is from the American Academy of
Pediatrics, and Jean Emans who the Chief of the Division of Adolescent Medicine
at the Department of Medicine at Children’s Hospital of Boston and Professor of
Pediatrics at Harvard Medical School. She is going to be joining us on the
phone.

I think our standard practice has then just to go in the order that people
are listed and to ask the panelists to each take a few minutes. We do have a
written testimony that will be entered into the record but just take a few
minutes to introduce or summarize or present your testimony. Is it correct that
Dr. Emans is on the phone?

DR. EMANS: Yes, I am on the phone. Thank you.

DR. FRANCIS: Thank you. I thought I heard you. Can you hear all of us?

DR. EMANS: I can hear you.

DR. FRANCIS: Excellent. So we are going to just go in order and then we will
have an opportunity for lots of discussion. So we will start with Professor
English.

Agenda Item: Panel III –- Children and
Adolescents

MS. ENGLISH: Thank you very much. I appreciate the opportunity to speak to
the Committee this afternoon. I will just very quickly introduce myself. I
think my bio may have gotten lost in the email somewhere. I am the Director of
the Center for Adolescent Health and the Law which is a non-profit organization
that works to support laws and policies that promote the health of adolescents
and their access to comprehensive healthcare. I have worked in legal and policy
issues in adolescent health for about three decades now and I am very pleased
to have the opportunity to talk with you this afternoon.

I have also spent a lot of time working with healthcare professionals around
the legal and policy issues. I was previously President of the Society for
Adolescent Medicine and I have worked closely with the American Academy of
Pediatrics and my co-panelists today.

What I would like to do in just a very few minutes is introduce the legal
framework that I think is important to understand when trying to address how
sensitive information in the medical records of adolescents should be treated.
And I think that there are some complexities associated with the adolescent age
group that do not precisely dovetail with the questions that effect younger
children or older adults. And I am going to try to shed a little bit of light
on where those differences lie today.

I want to say just a few words on consent. I included a lot of detail about
the consent laws and particularly the minor consent laws in my written
testimony. I want to say a few things about confidentiality and the variety of
confidentiality laws that affect the sensitive information in adolescent’s
medical records. And I want to sway something about the specific aspects of the
HIPPA privacy rule that pertain to adolescents and then just introduce what I
suspect will be the basis of a lot of questions related to electronic health
records and some of the issues arising in connection with healthcare reform.

I think that it is really important to understand how significantly the
state laws that allow minors to consent to their own healthcare vary among the
states. They vary in terms of which adolescents or which minors are allowed to
consent to healthcare because they have a particular status. Some states have
five or six or seven categories of groups of adolescents, emancipated minors,
married, living apart from their parents, high school graduates, having
attained the age of 15 or 16; many categories like that in which they allow
minors to consent to their own healthcare and some states have only one or two
such categories.

Similarly when you look at the kinds of services that adolescents are
allowed to consent for on their own there is also a very significant variation.
There are seven or eight major categories, pregnancy related care,
contraception, sexually transmitted disease related care, reportable diseases,
HIV and AIDS, drug and alcohol problems, the outpatient mental health services
and again some states allow minors to consent in all of those areas and some
only explicitly allow them to do so in a few areas. So to the extent that those
consent laws are very closely related to issues of privacy and confidentiality
and to the extent that those laws are very closely related to sensitive health
information, it is very important to understand the degree of variation that
exists. Every state has some laws that allow minors to consent based on their
status and every state has some that allow minors to consent to certain
services but beyond that, there is a real patchwork of –-

MR. HOUSTON: Excuse me –- can I ask a foundational question here that I
think is important?

MS. ENGLISH: Sure.

MR. HOUSTON: Do you equate a minors right to consent with then the corollary
right that the parent does not have the right to access any records that are
associated with the minors consented for treatment?

MS. ENGLISH: That is a really excellent question and that is what I am going
to hope to clarify in the next couple of minutes.

MR. HOUSTON: Okay. Well I was not sure that was going to be part of it.

MS. ENGLISH: Yes well that is actually what I am going to move to now. So we
have this basic framework for consent and if you talk to people who care for
adolescents or who deliver services for this age group they often say the words
consent and confidentiality as if it were a single word and as if there were an
equivalence between being able to consent and being able to expect
confidentiality vis-à-vis parents. In fact if you look at the question
from a legal perspective and you really examine the laws closely, there is not
that same equivalence. So that is I think really important to understand and
underscore.

Confidentiality for adolescents and this Committee knows more about it I am
sure than I do in a whole host of realms. But for adolescents, confidentiality
requirements are determined by numerous different sources of law, both federal
law and state law, the state minor consent laws that I just spoke about and I
will say something about that in a moment but also other state medical privacy
laws and then at the federal level the HIPAA privacy rule and Title 10 Family
Planning and Confidentiality Regulations, the Federal Drug and Alcohol
Confidentiality Regulation. So you have this sort of potpourri of state and
federal laws, all of which have some bearing on the issue that you just asked
about.

The minor consent laws that I referred to often but not always contain
provisions addressing the confidentiality of information. So some of those laws
say minors may consent to diagnosis and treatment of sexually transmitted
disease and information about that here may not be disclosed without the
permission of the minor. Or they may say minors can consent to diagnosis and
treatment of sexually transmitted disease and the information may be disclosed
to a parent if necessary to protect the minor’s health. Or it may not even have
that caveat. So there is a considerable degree of variation around the
circumstances under which minors control the f=confidentiality of information
about care for which they can give their own consent. Those issues, this is
great –-

MS. ENGLISH: Those issues vary again depending on whether you are talking
about access by third parties or access by parents because in some
circumstances minors have a different degree of control depending on whether we
are talking about access to information by their parents or by other third
parties. And that brings me to the provisions of the HIPAA privacy rule with
respect to minors.

The HIPAA privacy rule as you know sets a kind of a floor on privacy
protections and states can provide even greater protection if they choose to do
that. There is one area in which the HIPAA privacy rule does not provide a
specific floor and that is with respect to the issue of when parents have
access to the protected health information of their minor children. Under the
rule typically parents are the personal representative of their minor children
and have the same kind of access that any adult individual would have to that
protected health information for their children.

However in three specific circumstances minors are treated as the individual
in their own right. One of those circumstances is when the minor has the legal
right to consent and does consent. One is when the minor can obtain care and
receive care without the consent of a parent and somebody, either the minor or
a court or some other third party consents and the third is when a parent has
exceeded to a confidentiality agreement between the minor and the healthcare
professional; the pediatrician or the adolescent medicine physician or some
other healthcare practitioner.

In those circumstances when the minor is treated as the individual, the
minor has all the rights of an individual under the HIPAA privacy rule with one
exception and that one exception is as to access by parents to their
information. And on that specific issue, the HIPAA privacy rule defers to, and
I am quoting here state or other applicable law.

So what that does is turn you back to that complex of laws that I referred
to -– the minor consent laws, the state medical privacy laws, the Title 10
Family Planning and Confidentiality Rules, et cetera. And that creates enormous
challenges. It creates enormous challenges for healthcare professionals like my
co-panelists this afternoon, Dr. Gotlieb and Dr. Emans. It also creates
tremendous challenges for people who are developing policies for healthcare
institutions for health plans, for health sites, for hospitals and so forth
because there are these variations from state to state.

I am not here today recommending that we change that in the sense that I do
not think creating some sort of uniform national law about minor consent would
be a good avenue to pursue but I think it is very important that we try to find
ways within this patchwork to develop some simplifying approaches and
simplifying mechanisms to the extent that is possible. And so I will stop after
just highlighting two issues that I hope we will get to in the discussion and I
suspect we probably will.

And that is as healthcare reform is implemented, the National Healthcare
Legislation and other state level health reform initiatives, I think we are
going to see more and not less pressure to resolve these challenges or to
address them. The reason being that there will be increasing numbers of
adolescents with health insurance and there will also be significantly
increasing numbers of young adults who are really sort of older adolescents
-– they are 18, 19, 20, 21 years old up to age 26 and will be on their
parent’s insurance, who technically are adults, who under the HIPAA privacy
rule are adults and who have the right to expect a whole host of legal
protections of their confidential health information but who are on their
parent’s insurance for whom explanations of benefits will be sent to the policy
holder, i.e. to the parent.

And sometimes those explanations of benefits will deal with a sore throat or
a broken ankle and sometime they will deal with sexually transmitted disease or
substance abuse problems or other kinds of sensitive health information. And
that has been a problem of long standing and one that has not yet really been
resolved for adolescents who are under the age of 18 or those who are over. But
as we see more and more young people insured, I think we will see increasing
pressure to resolve those issues.

And then of course the subject which the members of the Committee are much
more knowledgeable than I, the whole question of how both at a policy level and
at a practical level the health information for adolescents can. Should, should
not, could not be segregated in electronic medical records or protected. And
that already is playing out at a practical level in a lot of institutions where
sometimes they are just turning off access to electronic information for both
the adolescent and the parent because they have not been able to figure out how
to resolve these challenges. And I will stop there and we can have more
discussion afterwards. Thank you.

DR. FRANCIS: Thank you. Dr. Gotleib?

DR. GOTLIEB: I am Dr. Ed Gotlieb and I am a pediatrician in Stone Mountain,
Georgia which is really suburban Atlanta so do not feel too sorry for me. And I
was asked at lunchtime to describe my practice slightly. It is me and my wife
and I do mostly adolescents and my wife does general pediatrics. We have a
physician’s assistant and we have two counselors in the office and we have been
there since 1976. And so we are kind of in the trenches if you will.

I am honored to represent the American Academy of Pediatrics today and
responded to the questions you guys have asked in a paper that I have given to
everyone I hope. I want you to know that the Academy is more than 60,000
primary care pediatricians, pediatric sub-specialists and pediatric surgeons in
the United States.

I will talk about some of the things that you asked me in brief. Abigail has
talked a lot about them. I hope I can also answer questions more on the
pediatric side of things although that is not exactly what I was going to talk
about.

The problem for us in pediatrics is our concern of the total integration of
information and aggregation of information. Our children that we take care of
have never lived without the internet. As someone said in the last couple of
days on the web, children can think of the wonderfulness of the internet the
same way they think of a flush toilet –- it is just there. And they can
get to anything you would like on the web and they do. And it has just gotten
very easy. Right now over half of employees scan social networking sites to get
possible employees, which includes my adolescents. And a lot of folks and
certainly my patients think that the whole idea of confidentiality is sort of
quaint.

Our interest in pediatrics is the well being of children and their families
and the authors of the HIPAA privacy rule recognized the centrality of our
commitment to these patient protections by allowing us considerable latitude in
making decision s when state law is quite or ambiguous on matters such as
sexuality, drug usage, contraception and mental health issues. But by HIPAA not
addressing these issues in a comprehensive manner we have been left with more
than 50 individual state laws which govern adolescent privacy and which are
enforced in varying ways.

Complicating it further is the Family Education Rights and Privacy Act,
FURPA, which I think you guys have looked at, which control the school based
health records and because it is a federal law supersedes the various states
laws for the areas that they are interested in. So currently we are setting up
health information exchanges which are already crossing state lines and they
have a potential for removing us, the clinicians, from any direct supervision
of our patient’s confidences. And we are concerned about the stewardship of
this information and our ability to protect our patients and their families
from harm.

On a practice level, we in pediatrics are asked to make decisions and we do
not have a lawyer in the office, on the boarders between a patient’s right to
privacy and a parent’s right to know. And I will give you an example; a sixteen
year old patient comes to me with abdominal pain. She is afraid she is
pregnant. I am afraid she has a tubal pregnancy and when we do the workup she
has appendicitis. Okay so I am compelled by HIPAA and common sense to tell her
parents about her appendicitis. I am restricted, in my case by Georgia law, to
protect her concerns about being pregnant from others including her parents.

It is not possible using the electronic health record that I used to record
that kind of interchange in any simple way. And once it gets out of my
possession that sort of segmentation seems to me to be unlikely.

A 2005 study reported in the AAP Journal of Pediatrics showed an electronic
health record adoption rate among pediatricians of about 21.3 percent however a
survey of American Academy members in 2009 say that only six percent of
pediatricians reported having an EHR and included all the components of a fully
functional system.

In 2001 an 2007 the Academy polished policy papers on the special needs for
the implementation of a pediatric EHR. Unfortunately because of pediatrics
limited market share in the EHR world and the complexity of dealing with our
concerns, we have had limited impact on the design practices of the electronic
health system vendors.

Perhaps things are changing. Last week Dr. Calvin Clancey, who is the
Director of the Agency for Healthcare Research and Quality reported to the HHS,
health IT policy committees meaningful work group their intent to develop a
pediatric record template for children and low Medicaid and S-Chip programs.
Although ARRA high tech funds from the government and stock law exemptions may
increase our market share in the use of EHRs, it has not happened yet.

We have to deal with a lot of other things beside adolescent issues. We are
really very involved with issues concerning adoptions and foster care. We are
part of the team and frequently the first responders. We are there before there
is a glass wall to break and I do not know if you can unbreak a glass but we
have to mediate using frequently ambiguous information about parental access to
medical information in children of divorce.

Information about school and legal difficulties frequently are removed from
patients record in legal record when they reach 18 years of age. It does not
disappear from their medical record. And remember if an adolescent tells me he
is smoking anything he is telling me he is breaking the law. Pediatricians
believe that there is an obligation on our part by extension on EHR suppliers
and the health information exchanges to be able to provide differing levels of
security with increasingly sensitive information.

Although such levels or security are currently implemented with varying
levels of sophistication by hospitals and large closed health entities, the
health information exchanges which are still largely in development have yet to
convince us of their mastery of the task as it applies to children and
adolescents.

I am glad to talk to you about any of these issues or other things that you
have asked in the questionnaire/flyer. Thanks.

DR. FRANCIS: Thank you very much. Dr. Emans?

DR. EMANS: Yes and just to make sure that people can hear me –- so if
you cannot, please interrupt me.

DR. FRANCIS: I think we are fine.

DR. EMANS: So I am Jean Emans and I am Chief of Adolescent Medicine at
Children’s Hospital Boston. We have a very large training program and a
practice that sees over 17,000 visits of adolescents each year. And I think
that my involvement has primarily been as not only a practitioner seeing
adolescents for a variety of services both confidential and not confidential
but also in working with our group on the development of electronic medical
records and a personally controlled health record.

And I think some of the premises that I come with are that this patchwork of
services and confidentiality rules and status requirements across the 50 states
certainly makes it much more complex when one thinks about the implementation
of a personally controlled health record.

And I think that one of the givens from my perspective is that for
adolescents to get comprehensive developmentally services, there certainly has
to be a fostering of positive family relationship but at the same time
promoting young people to actively participate in their own healthcare. And
much of this does mean that they have access to confidential health services
and that they have trust in the system and then obtain treatments for their
health problems.

I think as has been brought up by the two prior speakers the issue of paper
to electronic medical record has really compounded a very complex system where
people before could take individual pieces of paper and put them in a different
part of the chart or in some way label them confidential. Now these electronic
records are more freely available both in a good way for the comprehensive
healthcare but also brings problems in terms of personally controlled health
records.

I think one of the issues that has come about is that a variety of health
centers and services have made rather arbitrary choices related to children and
adolescents and often it is either no access for anyone or just access for
everyone which really makes it problematic for the adolescent. And I put in the
materials that I sent for testimony just a brief overview of six healthcare
systems that have been looked at.

As we have tried to develop what is called INDIVO which is the personally
controlled health record that Children’s is in the midst of developing, is to
try to think about how we would give access to adolescents and their parents
and not jeopardize the privacy of information so kids will get services. And in
the article that I sent along for reading and put also in my testimony was the
conceptualization between our legal team and our adolescent team and our IT
team as to what could be actually practically implemented because we do not
want the system to be so burdensome that nobody can in fact follow it.

And what we came up with was that under age 13 that the parent/guardian
would have access and between 13 and 18 that most information except sensitive
or confidential patient data would be accessible to the parent or guardian and
the patient would have access to sensitive information and other information
with their parents that they were comfortable with sharing. And then at 18
there would be another shift so that the adolescent would reregister and have
total control of their personally controlled health record.

It then becomes fairly complicated to figure out from the problem list or
the procedure list to medications, clinic notes, laboratory results, radiology,
and pathology results who has access to what. And rather than trying to figure
out and have each practitioner figure out what is okay and what is not okay and
you hate to figure out, that one would have sort of central rules in which
certain sensitive laboratory tests and results would be funneled in a
particular way to the person who controls health records.

So there would need to be some sort of a at least standard from the
personally controlled health record the people that were consenting to its use
would know what the rules in fact were. And I think that probably is more
realistic than trying to abide by 50 state laws but rather to have them more
central with parsing of the segregation of the record.

There were a number of questions that were asked which I think have been
gone over by the other panelists but I think that most importantly we tended to
think particularly of practitioners and trying to make sure that adolescents
get the very best care and really in the adolescent age group particularly we
have to think about not just the practitioners and the emergency ward and
segregation from that perspective but much more importantly balancing the
clinical need to know with the parents need to know and the adolescents really
growing and developing and having access to their own record.

So let me end at that point and see if there are questions related to this
complicated issue.

DR. FRANCIS: Thank you very much. I am going to take Chair’s prerogative as
John did this morning and ask the first question.

We are trying to define categories of sensitive information and it is clear
from what all three of you have said about the importance of having segregative
capacity in records involving adolescents. What I would love to know is what
your top four categories would be for us to work on to define in that area. I
am sure I can guess one which would be reproductive but I would really like to
know what other categories if any you would put each of you, at the top of your
list for us to suggest should that the segregating capacity should be designed
into interoperable HIE’s.

DR. EMANS: Does reproductive health include sexual activity, contraception,
pregnancy, STD’s and HIV/AIDS?

DR. FRANCIS: Sure, why not.

DR. EMANS: Okay because then we could get a lot of them into one box. The
other ones that I would mention certainly are substance abuse, psychiatric
treatments and genetic testing.

MS. ENGLISH: This is Abigail English. I would agree with that. I would have
perhaps separated out some of the sexual and reproductive but if we can lump
them together then I think the other top three are mental health related,
substance health related and genetic information.

I think there may be however a distinction between three of those categories
and the fourth which is that I am not sure that there is the same need from the
perspective of the adolescent for confidentiality around the genetic
information vis-a-vis parents. I think there is a very strong need vis-a-vis
third parties but I think that is an important distinction. Whereas the other
three categories are the areas at least where research has documented an impact
on adolescents health seeking behaviors and communications with their
healthcare professionals when they have concerns about information being
disclosed to family members.

DR. FRANCIS: Dr. Gotlieb?

DR. GOTLIEB: I do not know if they listed abuse but that is certainly has to
be a piece of the game. And again in split families there needs to be some
fairly clear rules about how to deal with that. We often are dealing with
inadequate information about what we have to contend with. But I agree with the
list.

DR. FRANCIS: Just a quickie on genetic information. What about information
from parent to child about whether the child is the genetic child of the
parents?

DR. GOTLIEB: There is an interesting article this morning on the web which
talked about children of artificial insemination and that there was twice as
much depression in those populations, 50 percent of the kids believed that they
were part of a medical experiment and did not feel very good about it and many
of them like the children of the adopted, try to go after the folks who are
their biological parent and according to the article at least it said that a
percentage of the kids sat around wondering if the guy in the next row in front
of them is really their father.

DR. FRANCIS: If you have a site for that article it would be great if you
could send it along to us. Thank you.

DR. EMANS: I think the other issue around genetic testing is the reverse
which was kind of brought out in the IBS story which is the mother may be BRCA1
or 2 positive and just not really want to discuss that with the child until
they are 18 or 19. So there may be the reason to be able to segregate family
history as well.

DR. FRANCIS: Thank you. I guess we will go to Sallie.

MS. MILAM: I just had two questions. The first question has to do with a
comment Abigail that you made in response to John’s question about whether
consent and confidentiality run together. And you said in some situation they
do not and I was wondering if there were some common areas where you do not see
them running together in states.

MS. ENGLISH: It is very hard to say that there are common threads across all
states but there are almost every state has some areas where they say either
that information about care that the minor has given consent for should be
shared with the parent unless the healthcare professional determines that it
would be harmful to share it or that it may be shared or should be shared if it
is determined that it would be important to the health of the adolescent. I
think that the two most common areas in which those provisions are found relate
to substance abuse and mental health but they are seen in other areas sexual
and reproductive health and HIV, just not as frequently as with respect to
substance abuse and mental health.

And Dr. Gotlieb did mention and it is an important thing to mention that the
HIPAA privacy rule says that when state or other applicable law is silent or
unclear on the question of information sharing with parents then the healthcare
provider as defined in the rule has discretion to determine whether the
information is shared.

DR. GOTLIEB: And that happens a lot in my office and in all the offices of
folks that I talk to. I mean this is not something that is a sometimes thing. I
guess the two questions that I get from parents that I try and back away from
when possible are is my child using drugs and is my child sexually active? And
my answer is typically why don’t you ask them? And I also tell them if their
child is sexually active or using drugs and they are wondering about it there
is a communication problem. If they are not doing those things there is still a
communication problem and how can we work on that. So those are the kind of day
to day things that happen. It is a lot -– I mean what can I tell you.

MS. MILAM: One last question for the three of you on the panel. You have
spoken to the difficulty of navigating all the different laws in every state
and you do not have a lawyer in your office handy to answer those questions and
states rules laws differ from state to state. Is the mature minor doctrine, if
it were in the framework as an overlay, could that simplify the complicated
nature of the patchwork of the different laws and their requirements with
respect to minors?

MS. ENGLISH: I think the mature minor doctrine is extremely helpful and it
is I believe as a practical matter often relied upon. There is some variation
among different institutions and different lawyers as to whether they are
comfortable relying on it if there is not an actual court case in their state
that has officially kind of adopted it. But I think that as a general principle
it is an extremely useful doctrine.

DR. GOTLIEB: But unless I am misinterpreting, the mature minor doctrine is
categorical. That is to say you are a mature minor for certain things and you
are not a mature minor for other things. Is that not true?

MS. MILAM: Well —

DR. GOTLIEB: That is the HIPAA personal representative, right?

MS. MILAM: I can speak to only West Virginia but you can probably speak to
every state.

MS. ENGLISH: No the mature minor, I think what you were referring to I hope,
and I will clarify my own comment, the mature minor doctrine is one that has
been essentially a principle created by courts according to which if a minor
has sufficient maturity and intelligence to understand the nature of the
treatment or procedures or care being recommended and has the capacity to give
an informed consent and does consent. And the care is sort of within the
mainstream of medical practice, it is not some experimental procedure or highly
complex brain surgery or something, that the failure to obtain the consent of a
parent will not create any liability on the part of the physician or healthcare
professional delivering the care.

And that is a principle that has been officially recognized by courts in a
number of states, not all, and rejected in very, very few situations and has
been adopted by statute in a few states, in a small handful of states. But it
is I think an extremely useful principle.

MS. MILAM: So then Abigail if you could apply that to the HIPAA framework
how HIPPA looks at state law, what is the mature minor doctrine in the context
of consent for treatment tell us with regard to the minors and parents rights
to the records?

MS. ENGLISH: I do not know that the mature minor doctrine is a helpful with
regard to the issue of confidentiality as it is with regard to the issue of
consent except that at least if the minor can give his or her own consent for
the care, the confidentiality is not breached by virtue of obtaining the
parent’s consent. But it does not really speak to the issue of when information
needs to be disclosed to parents; at least not my familiarity with the cases.

DR. FRANCIS: Walter?

DR. SUAREZ: Yes thank you. I have a couple of comments I guess and a couple
of questions. The first one is I think generally speaking we have shifted
somewhat from the previous panels with respect to the discussion on privacy for
the most part as the primary concern was consent and then control of the
disclosure and access to health information by other providers for example by
other groups.

Clearly in the children and pediatric and adolescent care one of the primary
concerns is the ability of the adolescent and child to protect the data from
being accessed by parents, but not so much by other providers. But by virtue of
doing that of course it challenges the provider not being able to bill for the
care of a patient or child and adolescent to a payer when the adolescent is
part of the parent’s policy. So it is an interesting different dimension from
what we have been discussing before.

The question that I have, the first one is about for the most part
pediatricians and two good examples we heard today talked about a lot of common
sense and really a lot of decisions taken at the point of care about protection
of health information of an adolescent is common sense. To what extent it would
be as we go more and moiré into electronic health records and health
information exchanges and all this new information technology areas, to what
extent would there be a benefit to build a comprehensive or as much
comprehensive as possible, series of best practices and examples and areas.

I mean you provided a couple of incredible examples of situations where if
you face this situation, these are the kinds of concerns you should be
considering.

So to what extent would it be valuable to build such a best practice kind of
a resource or whether there is one that I am not familiar with? Is that
something that would be beneficial and that would be a blessing for all of you?

DR. GOTLIEB: Well the Academy is working on that through the Council on
Clinical Information Technology. The question becomes though how do you
operationalize that into an electronic health record? How do you compute common
sense? And it is an interesting question and I do not know that we have the
answer to it but I think that there are ways to start approaching it by knowing
that we need to answer the question.

The other issue that is really involved here is the whole fact that we are
dealing with a very vulnerable population. I mean we are asking the question of
whether an adolescent can make proper decisions which they are going to have to
live with for 50 years. And after all it is going to be on the web for 50
years. We have seen some news articles that suggest that that is a horror story
but it does not have to be. Most adolescents make reasonable decisions most of
the time.

And one of the things that pediatrics has tried to do is be the person
outside of the family who can help arbitrate the issues when it is a question.
I do not know how to operationalize that once we get to health information
exchanges that go from this state to that state. And until we can make some
sensible decisions about that, they do not have to be absolute decisions but
sensible decisions; I think it is going to be very difficult to do what we are
trying to promise to do.

DR. EMANS: I think it is really critical to have the best practices and
standards because I think that Google and Epic Care and other things are
already sort of left the train station in a way and they have left the train
stations without really considering adolescent health services.

I got a call from one practice in New Hampshire saying that a system was
just going to make everything available to the parents starting the next day if
they did not come up with some important reasons why it should not be that way.

So I think that part of the problem is that all of our clinical materials
are often interwoven into a comprehensive visit so it would mean two sort of
levels — one that their sequestered data that is still freely available to
other medical professionals but is parsed from the perspective of consent and
confidentiality. But also that the big players in the personally controlled
health records are unnoticed and their system cannot just sort of forego all of
the really important issues on privacy that have been established over the last
50 years.

DR. FRANCIS: Thank you. A quick follow up and then we need to move you.

DR. SUAREZ: I have a different question.

DR. FRANCIS: Why don’t we let someone else ask and then we will come back
with a different question.

MR. HOUSTON: I do not know. Maybe I am misunderstanding some of the
discussion about the issue of consent and then right of the parent not to have
access to the record. I guess mine is probably more of a comment but as we are
looking at sensitive categories of information and the idea that it needs to be
sequestered, I think the bright line in my mind is that if the child has the
right to consent then I believe that the parent should not have the right to
see the record or else it undermines the whole idea of giving the child the
right to consent.

However what I also think seems somewhat problematic is even if the child
has a separate right to consent but the parent consents because the child has a
relationship with the parent such that the parent goes with the child for
whatever then there has to be I guess a way to not segregate that information
in the record from the parent because the parent is already involved in that
patient’s treatment or in the child’s treatment I should say. And so I am not
sure there is a question in here other than the fact that I am troubled by some
of the discussion.

MS. ENGLISH: Could I respond to that? I would agree with you that I would
like to see the kind of congruence between consent and confidentiality
protection and I think often as a practical matter that is how information is
handled because there is so much professional discretion to be exercised and
those healthcare professionals who at least are experienced in caring for
adolescents would probably also in general agree with the principle that you
have articulated. That is a slightly different question from what does the law
actually say? The other comment I wanted to make is that the HIPPA privacy rule
says that in those circumstances I outlined where the minor is treated as the
individual and the parent is not automatically the personal representative but
the child can agree to have the parent be the personal representative which
would give the parent the kind of access that you are talking about if the
parent and the child are sort of equally involved in the care.

MR. HOUSTON: So if I weave a question into my comment, are you then saying
that what we should consider as being the standard that we would like to put
forth, is that where the child has the right to consent that the record should
be considered to be sensitive and therefore not available to the parent? I mean
is that a reasonable recommendation for us to make then?

MS. ENGLISH: I think that it is a reasonable principle. It is a principle
that in some specific situations is not consistent with existing law but it is
also a principle that could be articulated as what should be the best practice
and standard for guiding the exercise of professional discretion in those
situations where the law grants professionals discretion. And that is a very
broad set of areas.

There are very few situations under state law where a minor has the right to
consent and the law says the parent must be informed no matter what. With the
exception of abortion and that is a whole area unto itself that has been the
subject of extensive litigation on court cases and legislation and so on. We
can sort of put that aside; we can discuss it if you want but it is a separate
sort of set of issues. In all of the other areas the state laws are much more
likely to say either the professional may share the information with the parent
or should share it unless it would be inadvisable or harmful or something to do
so. So I think in all of those situations where there is professional
discretion, the principle that you articulate would be extremely helpful as a
best practice or a standard.

MR. HOUSTON: Thank you.

DR. FRANCIS: Walter, you had another question? And then Sallie has a
question.

DR. SUAREZ: Well I have written actually this point because I think it is a
critical one. I think part of the issues that we might be using terms that
might be creating maybe some confusion in my mind anyway. We talk about consent
and we talk about confidentiality. The way I see it really is you know in many
states there are state laws that give the adolescent and the child the right to
seek treatment and to consent to be treated. That is the specific area.

So given that first step my assumption has always been that as soon as the
patient in that case has the right to seek treatment and consent to be treated
then automatically the protections afforded to a consumer that is seeking care
on the privacy side would come to play. But I see that there are some issues
around that and I think we should have a general principle that whenever a
minor or adolescent is given the right to seek treatment and consent to be
treated, that the information about that treatment should be protected under
the privacy regulation? That is my point.

But I think it is important to distinguish consent in the sense of consent
of protection and privacy and consent in the sense of consent to treat and seek
treatment or seek care. So I absolutely agree that there should be such a
clarification and a definition of a general principle with respect to that.

My question was more about part of the complexities of again looking at this
issue of categorization or segmentation of data with mental health and the
types of data that we have been talking about and how of course adding the
dimension of age I suppose is a good way to put it. And if we add that
dimension to it and we look at mental health data of an adolescent that has
also genetic implications to it and some other implications perhaps, how would
one end up handling from a categorization and from a if you begin to think
about an electronic protection of that data, how would one go about really
marking and categorizing data from so many different points and perspectives,
you know age and now it could be genetic information but at the same time it
could be mental health information and protected by federal and state laws
–- all this complex mapping –- how do you see it really being able to
be separated and categorized and then operationalized into practice at the
point of care.

MS. ENGLISH: I do not really feel qualified from a technical standpoint to
comment on that but I will make one comment from more of a sort of service
delivery system standpoint which is let’s say that you have a children’s
hospital and there is an adolescent medicine clinic in the hospital. And
teenagers come in for a variety of different kinds of concerns; some of them
sensitive and some not. And there has been some kind of an electronic system
set up that is capable of segregating information about mental health or
sexually transmitted disease. The teenager comes in and maybe Dr. Emans can
comment on this further, the teenager comes in and has contact with a host of
different people who are interacting with that electronic system. The
receptionist, the scheduling clerk, the nurse practitioner, the physician, and
so on. And so you train all of those people about what information is supposed
to be marked confidential and what information can just go in the general pool.

And then somebody is sick and somebody gets borrowed from another department
and comes in and is doing the scheduling that day and does not know that when
the teenager comes in for an STD you have to mark and do you see what I mean?
And you can play that out almost ad infinitum. I do not know what the solution
is but I know that those aspects need to be thought about along with the
question that you are asking which is sort of how to you map just the
categorization and again maybe Dr. Gotlieb or Dr. Emans can say more about it.

DR. GOTLIEB: Well you could certainly do some kind of a mapping by state of
what the major rules are that need to be protected. But nobody has done that
that I am aware of, I would be glad to hear otherwise. The other thing is that
if we try and do what you said in your 2008 letter about labeling things as
confidential, if we are really trying to protect the information from a parent
who has access to the rest of the chart, as soon as it is labeled it is a red
flag and so it has to be invisible at some level in that circumstance. And that
is sort of a different issue because then it raises the question of if no one
knows that there is an issue, what do you do when you should have known that
issue when you are trying to practice? It seems difficult.

DR. EMANS: Well one of the ways that we have thought of it and obviously it
has not been done or done well is to have a separate sort of box area or
segregated area for the confidential issues but they remain part of the medical
record except when it is parsed from the point of view of the personally
controlled health record. So that when there is access by someone outside the
system then it is segregated and I suppose it is probably similar from that
perspective to adult records and trying to figure out where to put the mental
health records.

I think that the mental health issues are probably actually lower on
concerns of adolescents than the reproductive health issues that we have talked
about. But I think it does think IT thinking about as to how to make it happen
and then have fairly uniform rules for how at least it is done from a
personally controlled health record across state lines.

DR. SUAREZ: So if I may just one quick follow up on that, at the end of the
day all this comes through an electronic health records system that is required
to have that capability as part of their certification. So my question is
should then we be pursuing that in the certification process of electronic
health records systems, those health records show the functional capability to
create those segmentation functions and then create the appropriate decision
support tools to help the use, in this case a provider, to be able to not just
of course deliver care to the patient by appropriately handle the privacy
protection. Should that be a requirement of electronic health record system
certification?

MS. ENGLISH: I think so.

DR. EMANS: I do, too.

DR. GOTLIEB: You know Gail and I have been talking with vendors for more
than 10 years about including basic things that need to be including
immunization registry data and we get blank stares quite a lot or IP in Atlanta
has just by force of will and the fact that we take care of 500,000 kids in
Atlanta, have gotten the EHR people to write in some basic interfaces with
immunization registries.

The parallel idea is with immunizations in general. The thing that made the
most difference in terms of getting children immunized was a mandate from the
schools that you had to have it before you went to school. So the thing that
would have to happen to do things quickly is for someone to require that it
happen. Pediatricians cannot do that; we would love some help.

DR. FRANCIS: Sallie, you had a question.

MS. MILAM: I have got two questions. So when an adolescent comes to the
office how do they learn about their privacy rights? Is it something that you
share during the visit if you are taking care of the child from infancy on up,
when they start reaching the age where they could you know have issues with
substance abuse or have reproductive questions, is that when they learn about
their rights? Or how does this work from a practical perspective?

DR. EMANS: Right, I think it is probably very dependent upon the practice so
many pediatricians when the young person is 12 years old or 11 or 13 or some
arbitrary age, we will have a discussion with the parent and the young person
about a change in the way in which healthcare is delivered so that they
certainly want to have lots of input from the parents but there will be times
allotted alone to the young person during each visit and there are certain
rules within their practice related to confidentiality. If some other practices
are seeing an adolescent for the first time at 14, usually it is that initial
visit in which there is a conversation about confidentiality. Do practices do
it uniformly? No, I wish they did but I think there are some people who are
still practicing as if everyone is three years old.

MS. ENGLISH: I will just add to that that there was a study a few years ago
by Dr. Carol Ford who is an adolescent medicine physician and researcher
currently at UNC Chapel Hill, previously out in San Francisco. And she actually
did a study in which she asked adolescent medicine physicians about how they
inform young people what they tell young people who come to see them about
confidentiality and she found that there was sort of a significant distribution
across two or three different approaches.

One of which was to say everything you tell me is confidential which is
course legally is not true. Another of which is to say everything you tell me
is confidential unless I think you are going to hurt yourself or somebody else
which is a good caveat to include. And a third was to say nothing at all. And
then she kind of looked at some other issues related to that but I can get the
site of that study for you if you would be interested.

DR. FRANCIS: Could I just quickly follow up on that? When you answered
John’s question earlier you said that you thought that it would be good if when
the adolescent could consent to treatment that meant the information was
confidential from the parent. And I think the hardest case for that actually is
the case of an adolescent who is at risk to him or herself or others and I
wonder whether you did mean to include the case of potential self-harm or harm
to others in the consent goes with confidentiality suggestion.

MS. ENGLISH: I think I did not mean to include that in the sense that I
think that the starting principle should be if a minor can consent than the
information should be confidential with respect to the parents. I think that
there are a variety of situations in which for either legal reasons of ethical
reasons there are exceptions to confidentiality.

One of them is the legal requirement to report child abuse which actually
can create some very interesting tensions in the whole adolescent field around
what is really abuse. Another is the situation that you mentioned where the
adolescent is at risk of self harm or harm to others. In some instances there
are actually legal requirements to make disclosures and even in the absence of
legal requirements there might be ethical requirements to do so.

DR. EMANS: I think that the majority of physicians and certainly adolescent
medicine specialists would wholeheartedly agree that you are going to abridge
confidentiality if the young person is at risk or at risk to others.

DR. GOTLIEB: You know in my own practice, we actually have three rules.
First of all it all starts with trust. We build relationships with kids so that
when we need to talk about confidentiality we can. And in a clinic situation
where folks are coming and going it is harder to do it in a practice where you
have some history with the family and the kid it makes it easier.

But my three rules when push comes to shove I say look, I cannot promise you
that this is going to remain confidential. There is going to be an explanation
of benefits that comes home at some point that is going to blow everything that
we have talked about out of the water, but if it depends on me here is what you
can count on. I will keep your information confidential as long as you are not
a danger to yourself, you are not a danger to others or I think that I need to
blow your confidentiality. And you have to decide whether you trust me to
handle that problem.

DR. FRANCIS: I interrupted Sallie and then I will get back to it. Just as a
quick interruption, we started this 15 minutes late. We have 15 minutes for
public comment. To the best of my knowledge, no one has indicated an interest
in public comment. Am I correct about that? Therefore this session can go until
3:15, okay?

MS. MILAM: So what about the younger child, the pre-teen? What sorts of
areas need to be treated as sensitive or sequestered and how do you manage that
or set that up with a parent and child?

DR. GOTLIEB: Well if you are talking about pre-teens there is a concept we
have not talked about because I do not know where the law stands at all on
this, but it is assent where at a certain age children have a right to assent
to treatment. They cannot consent to treatment but they can be included in the
process and the range of ages and the papers on that go anywhere from about 8
years old to about 12 years old.

But certainly by 12 folks should be able to say something about their own
treatment. And I do not know where that stands in the law at all so maybe you
can help me on that. There is a pediatric literature about that which we try to
take into account. Again, we are trying to teach people how to be responsible
humans so if we can teach them at 8 that they have some say in the matter of
what is going on with them right now, do you want your lab work today or next
week is a reasonable thing to ask of someone.

MS. MILAM: I would also like to hear from each of you how you treat a child
who you think is particularly vulnerable. So as you think about generally how
you approach it and the child may be vulnerable from any number of reasons.
Maybe because of the community, because of a disability or because you suspect
abuse or any host of reasons; if you could just speak to that as well.

MS. ENGLISH: I was going to say something about that in two different ways;
one going back for a moment to the adolescence. We have been talking a lot this
afternoon about young people who have I would say the good fortune to have
essentially families that are in some way involved in their care and regular
source professional healthcare from someplace like Dr. Gotlieb’s office of Dr.
Eman’s hospital.

There are a lot of young people, adolescents, who do not have that good
fortune. Either they do not have supportive families or they do not have any
families or they get episodic care in emergency rooms and drop into a clinic
here and a clinic there and they do not really have that sort of consistency
where you can have sort of a nicely, neatly ordered, progressive process for
confidentiality and that includes young people in foster care, it includes
homeless youth, it includes young people in the juvenile justice system, I mean
there are a whole host of vulnerable young people, adolescents.

But addressing your question from the point of view of sort of children of
all ages if you will, including younger children, I think that children who
have been abused physically or sexually I think that children who have a
disability either a mental disability or a physical disability, I think that
children who are living in extreme circumstances like homelessness or extreme
poverty or extremely violent situations of domestic violence even if they
personally have not been abused, there is a lot of sensitive information or
children in divorce and I am not an expert on this particularly but children
who are in very acrimonious situations of divorce and custody battles, there is
a lot of very sensitive information that may find its way into their medical
records and may not be helpful to them to have shared widely.

There is a question about whether it needs to be shared with other health
professionals -– perhaps -– whether it needs to be shared outside of
that and whether their parents are the right people to be making the
determination of how that information gets shared you know is sort of a
question mark because if the parents are the abusers or the parents are locked
in some kind of acrimonious battle or because there are no parents in the
picture, who really makes those determinations. And there is a lot of
information in those categories that you mentioned that may follow a young
person and have implications for their future in a variety of ways. So I do
think that needs to be thought about. I do not know the answer to how it needs
to be handled.

DR. FRANCIS: Walter you had a question?

DR. SUAREZ: Yes I wanted to go to one of the probably significant issues
that we are going to face in the coming months. And Ms. English you have
touched on that by virtue of explaining and describing the situation that now
under the health reform act not just adolescents but young adults will be
covered under the parents’ policies.

So the question is this, is how are we going to be able to handle the
protection of privacy and confidentiality of an adolescent and young adult by
protecting or restrict the disclosure of information to the payer or by the
payer restricting the disclosure of the explanation of benefit information to
the parent. So if you could touch on what are your current practices in those
two pediatric settings that we have here with respect to how do you handle
today some of the billing aspects of encounters with adolescents that require
restrictions on disclosure to parents. And what could be some of the potential
ways in which into the future we can address this perhaps by restricting the
types of explanation of benefit details that payers have to provide in their
data or some other ways. I have not even thought about it.

DR. EMANS: I think it is a very important issue and one of the things that
we did in Massachusetts was to meet with the insurers and make sure for STD
testing for example that they no longer put the name of the test but they just
put lab test if they were sending home an EOB. Medicaid in our state does not
send home EOB’s at all so I think there a couple of ways you can handle it.

One is that an explanation of benefits does not go home; perhaps it is based
on age, perhaps it is based on status or diagnosis but there are some pretty
simple ways to protect the content of the visit. Because otherwise the
practitioner which I know happens in some circumstances has to basically write
off the bill because they cannot bill if it is going to disclose the
confidential reason that the patient consented for care.

DR. GOTLIEB: It would be very helpful if we had the option of asking that an
EOB not be submitted. I think that is within the realm of possibility if it
were part of the insurance form — just a check box. But it would make a big
difference for me.

MS. ENGLISH: This again is an area where my understanding is there is some
intersection and variation in federal and state law. There are some federal law
requirements for at least sending notices to policy holders, beneficiaries.
Some federal requirements about sending at least notices of denials of claims
or reduction of benefits if not EOB’s and then there are some state laws that
require the sending of EOB’s and I think there are quite a number of states
that have established policies of not sending EOB’s in their Medicaid at least
for sensitive services or maybe not at all or only for fraud detection and so
on.

There are some complex issues that need to be thought about. I know that
some states have said that if there is nothing beyond a co-payment required in
other words if it is the kind of a health plan where you pay your $10 or you
$20 or your $30 and there is no other payment that would be required from the
policy holder or the patient then it is not necessary to send an EOM. But
increasingly we see health plans with high deductibles with all kinds of
co-insurance requirements and so in some instances the documentation of the
services is necessary for the policy holder to be getting the benefits that
they are paying for.

At the same time it may be inconsistent with the confidentiality protection
that a 19 year old on his or her parent’s policy is entitled to.

I think that Dr. Emans mentioned the possibility that something would be
documented not as a Chlamydia test but a lab test; of course that always leaves
open the possibility that somebody inquires further and says what kind of test.
What do you mean lab test? Lab test for what? What was the result? But at least
it is a start.

There also is the potential for some services particularly under the new
healthcare reform law that at least a range of preventive services are supposed
to be provided under health insurance with no cost-sharing. And so STD
screening or other kinds of services could if they were categorized as
preventive services for purposes of the health care reform legislation in a
regulatory context; that could be extremely helpful because if there is no
cost-sharing there is much less of a need for the explanation of benefits and
other kinds of documentation.

DR. SUAREZ: All right. Thanks, I think there is too. There are really two
parts of this. One is the billing then by the provider to the payer and the
other one is the EOB then by the payer to the policy holder. And so there are
opportunities to find ways in both data exchanges to ensure that that type of
confidentiality can be preserved, I think. But it is going to be challenging.
Thank you.

DR. FRANCIS: Are there other questions? I have got one last one which is we
have talked a lot about sequestering sensitive information from parents. Walter
made the observation that that is a different set of questions than transfer
for purposes of treatment which the earlier panels discussed.

I would like to just ask all three of you whether there are any categories
of sensitive information in the case of kids that might be different from the
ones we have thought about when third parties are involved. And I guess we have
got FRPA out there but I am trying to think about and just asking you to
speculate about whether you have any ideas about situations in which kids or
parents when they consent to transfer their children’s records might want to
exercise sequestration capabilities that we have not been thinking of.

I guess the one I think of is not the child’s reproductive history but the
child’s birth history that people might want, for example when records are
transferred to sports teams not to have the folks know that the child was
adopted or conceived through artificial reproduction. I do not know. I am
giving you an example of a different category at a different third party. That
is for all three, yes.

MS. BERNSTEIN: The thing I was thinking when we were talking about this is
whether the ability to share information with another provider for the
possibility of that information about the child would be sent to another
provider would increase the possibility that a parent would find out. Because
you would have to actually have some kind of meta-data that says this piece of
data is something that the patient had consent to and the patient asked for
confidentiality and that meta-data has to travel around with that data to the
next provider so that the next provider also does not disclose to the parents
so that if we were to share information with another provider there would be an
increased chance that the parent would find out in a case where the adolescent
did not want them to.

DR. EMANS: I couple of issues for the original question which was related to
what the family, I think that was the question, but what the family might want
sequestered and I think the reproductive history which has been pointed out is
often something that the parents bring up that they are not willing to share.
It is usually around artificial insemination, IVS, surrogate, pregnancies, et
cetera.

And the other is family history; and although I think it is pertinent for an
18 year old to know their family history and what type of genetics are there,
it is I think sort of a forced disclosure if it is within the child’s record
and there is no ability to decide that that is not something that they want to
share with their 13 or 14 year old.

MS. ENGLISH: I am sure there are and I cannot think of what exactly they
might be. The thing that keeps coming to my mind as you asked the question and
I do not think it is exactly the question you were asking, it has been
pertinent for a long time and it is true probably for adults as well and that
is problems that arise during late childhood or adolescence with respect to
mental health issues, with respect to substance abuse issues that are important
to be addressed and important to be treated and might even be resolved during
adolescence but then could sort of haunt or trail a young person into adulthood
and affect employment, affect insurability, and a whole host of other issues
for that young person.

Now I think those are issues for adults as well and to some degree will be
mitigated by health reform and the no pre-existing condition exclusion although
we have not solved the premium problem. So that is what keeps coming to mind
but I do not think that was really your question and I cannot think beyond what
Dr. Emans said of categories of information that are things that would want to
be protected from disclosure to third parties that would be pertinent to
adolescence but not adults.

DR. GOTLIEB: I have an area that I usually do not think about in the terms
that we are talking about today, but issue of education are really important to
kids and parents. I have many, many folks come to my office saying would you
please help me with this problem. I do not want to take it to the school; I do
not want it in this child’s permanent record.

As you know the most common behavioral pediatric problem is ADHD which
affects at least 7 percent of the child population. It causes much
consternation on the parts of children and adults. It is one of the things that
if you ask kids what they are embarrassed about it is homework and stuff like
that when you talk about real world sorts of things that they do not want to
get out into the world. And they certainly do not want it to get into their
record at some place where it has some impact on job and life issues.

So this is something that I do not think has come up in this discussion
before but it is really important to kids in the real world.

DR. FRANCIS: Thank you. What I was really trying to get at was whether and
Maya just put it a little but better than I did in a note whether there was a
category of sensitive information that we might have missed and it sounds like
that is one. Potentially we could call it something like educational history.
Other questions or comments?

MS. BERNSTEIN: Is there anything else that we missed that we should have
been asking you?

DR. EMANS: I think I am thrilled you are thinking about adolescence become I
think in the rush to do electronic medical records they have been forgotten.

DR. FRANCIS: Thank you very much. We are going to adjourn this session until
3:30 and I want to tell our speakers how much we really appreciated them. This
was a wonderfully enlightening session and we will be back in session at 3:30
with panel IV called Other Sensitive Information. Thank you all.

DR. EMANS: Great. Thank you so much.

(Break)

DR. FRANCIS: We are going to get started right away. This is Panel IV of our
hearings on Sensitive Information in Medical Records and this panel is entitled
Other Sensitive Information. Our two panelists are MS. TUCKER, who is a
Technology Safety Specialist at the National Network in Domestic Violence and
Dan Rode, who is the Vice President for Policy and Government Relations at
AHIMA, American Health Information Management Association.

So without further ado I going to give it to Sarah.

Agenda item: Panel IV – Other Sensitive
Information

MS. TUCKER: Thank you. On behalf of Victims of Domestic Violence Stalkings
and Sexual Assault, I thank you for the opportunity to appear today to discuss
the handling of sensitive information contained within health records.

I’ve reviewed the committees February 2008 letter and the recommendations
clearly reflect the thoughtful, deliberate process that the Committee has
undertaken. I am here today representing the Safety Net project at the National
Network to End Domestic Violence. We are an organization dedicated to creating
a social, political and economic environment in which violence against women no
longer exists. Founded in 1995, the National Network to End Domestic Violence,
NNEDV, represents 56 state and territories Domestic Violence Coalitions who in
turn represent 3,000 local domestic violence shelters across the country. So
there is a local shelter in your community, they are a member of their state
coalition, their state collations are members of us; and so that is our
structure.

Since 2005, I have worked as part of the Safety Net project. We are the only
national initiative working to educate victims of domestic violence, help turn
hotline programs, law enforcement, et cetera on the strategic use of technology
in relation to domestic violence. And additionally, we obviously track emerging
issues and work with local state and federal agencies to amend or create
policies that enhance victim safety and confidentiality.

I have been working in the field of domestic violence for over a decade and
have focused on technology and domestic violence since 2005. Sadly, domestic
violence is quite prevalent. Women continue to be the vast majority of victims.
For that reason the pronouns I use today will be she and feminine pronouns, but
I am not denying that domestic violence happens to men as well.

The National Institute of Justice reports that 4.9 million intimate partner
rapes and physical assaults are perpetrated against U.S women annually. Leaving
the relationship does not stop the violence. In fact the most dangerous time
for a victim of domestic violence is when she takes steps to leave the
relationship. Of the women that are killed, 75 percent of them are killed while
they are trying to leave the relationship or immediately after they have left
the relationship. So that is a huge fatality factor. An average of three women
are killed every day by their current or former intimate partner in the U.S.

So the severity of the separation violence obviously often compels women to
stay in these relationships rather than risk greater injury or death to
themselves or their children. Many of those who succeed in leaving their abuser
live in constant fear of being found, which is only exacerbated by the
potential for the abuser to obtain important information about the victim’s
location and activities through large national data bases, like the Nationwide
Health Information Network. So, currently even without computerized statewide
or national health information exchanges, victims are being located through
their health records.

In one situation, a victim took her children to a new physician in a new
town; she had left the relationship, relocated, and she informed the office
manager there that she wanted to pay cash. Somehow, someone, somewhere in that
whole chain of treatment payment, entered the children’s Social Security
numbers into a data base, found that they were still insured under their
father’s plan and he received an EOB. So the medical bills were processed
through insurance, he got the EOB’s, he was able to discover where the victim
and her kids were hiding, he contacted her and then she had to flee again. So,
I mean luckily that it did not have a fatal ending.

There are significant legal protections and precedent for protecting victims
of domestic violence. Advocate confidentiality laws, protecting victim records,
just like attorney-client privilege laws, exist in nearly every state. One
federal example, the Violence Against Women Act of 2005, prohibits funded
domestic violence and rape crisis programs from disclosing any personally
identifying information about victims they serve. And that is identified as
anything that could be used alone or in combination to identify that victim. So
that includes name, date of birth, address, city, state, Social Security
number, phone number, email address, number of children; so any elements that
can be used in combination.

So, today I just want to highlight a few of our recommendations that are
most relevant to the issue currently before this Committee. To begin with we
recommend that domestic and sexual violence be added as categories for
sensitive information. For victims of domestic violence, who sees their record
is of paramount importance. Unlike a blood alcohol level test or HIV
medications, there is no specific medical test or medication that indicates
that a person is a victim of domestic violence.

Sometimes domestic violence is indicated by simply glancing at the list of
providers that the victim met with or the patient met with. Sometimes if that
hospital does routine screenings, it is indicated by reviewing their answer to
the screening question, however more often than not, any mention of domestic
violence, in the health record, is in the physician’s notes. For this reason,
we recommend that victims are allowed to sequester the physician notes. This
will overwhelmingly increase the number of victims of domestic and sexual
violence who are comfortable with participating in health information
exchanges.

We very realistically acknowledge that physicians will be very reluctant to
endorse this system that allows sequestering of notes, as many genuinely feel
that they need all possibly information to treat a patient. However, without
the option to sequester those notes, we are very concerned that consumers will
completely opt out of the exchange, then leaving physicians with no information
so obviously some information is better than no information.

Other aspects of the medical record, lab tests, diagnosis, et cetera will
give medical professionals a general idea of the questions to ask and the
information to consider and certainly all systems have or are developing
procedures and policies to protect, segment, sequester, the IP files, right —
governors, celebrities, other important people, and so protecting victims of
domestic violence simply extends these protections that are already afforded to
others, to victims.

So this ability to sequester their information is extremely critical for
victims of sexual assault as well. For these victims, all information
surrounding that assault, including tests for STDs, emergency contraception,
forensic exam, consultation with a Social Worker, all of those need to be an
option to sequester as sensitive health information. That victim might choose
to disclose certain information to certain practitioners. However she also
might not choose to disclose a rape that happened five years ago to her current
ophthalmologist or podiatrist or dermatologist. While in some cases certainly
an ophthalmologist may say, well I need to know if she has been injured in the
head. Well you can ask, have you had any injuries to the head? And she can say
yes, I was hit on the head. She does not need to say it was in the course of
this brutal, horrible rape.

Additionally, we recommend that records from which sensitive information has
been sequestered are not indicated; are not marked in that way. While we
strongly support the sequestration of sensitive information, we are concerned
that records with sensitive information withheld will be marked as incomplete,
essentially putting a scarlet letter on those patients.

The very concept of needing to indicate that something is withheld from
these records, presupposes that all medical professionals should have access to
all patients complete medical histories at all times. This access does not
currently exist nor has it ever existed and it precariously skirts the line of
sharing information simply because it is possible.

Because of HIPAA’s very narrow definition of sensitive information, we are
concerned that physicians may erroneously assume that any record that indicates
sensitive information, that sensitive information has been withheld, is because
the patient is a recovering alcoholic or has a mental health condition leading
some not-so-wonderful physicians to attribute the patient’s symptoms to
depression or something like that rather than fully investigating the patient’s
symptoms.

One alternative is to label all patient records with a standard disclaimer
indicating that some information may be withheld. But overall we have to get
physician’s credit. They currently ask patients about information that is not
provided to them and there is no reason to believe that they would stop having
these important dialogs with patients.

Additionally we recommend that the security of patient access to their own
medical records, which I realize is a bit down the road, is enhanced by a one
time in person identity authentication. Abusive partners as we know are
cunning, they are manipulative, they are the deadliest of stalkers. If someone
is a stalker, domestic violence stalkers by and large kill more often than any
other, it is because they are determined to have her. If I cannot have you,
nobody will. And so if a friend, relative, or neighbor works in that medical
field, it is highly likely that an abusive partner is going to try to convince
the person to look up information about the victim for them.

One such case in 2003, a 911 dispatcher in Pennsylvania misused law
enforcement databases to locate his ex-girlfriend and her new boyfriend. Even
though disciplinary actions were brought against him, by that time he already
had the information. Armed with her current address, he proceeded to buy a gun,
pass the gun check and fatally shot both his ex-girlfriend and her new
boyfriend. So even authorized users are not immune from misuse of information.

In situations of domestic violence, the patients intimate partner know so
much about her life and can easily answer questions, like maiden names, Social
Security number, city she was born in, and other questions used to authenticate
a users identity. A password and a secret question alone do not provide
adequate security. So we recommend that patients be provided with a pin code
available at any medical office with access to the health information network
and after appearing in person, showing photo identification, then the medical
provider can then generate a pin code, provide the pin code to that patient and
so it is not something she has created or something that she may be frequently
using in other accounts that they abuser could then easily guess.

So, in conclusion, the privacy of domestic violence victims is not an
exercise in theory or philosophy. It is a very real situation that far too
often ends in death. So thank you for the opportunity to testify today. Again
it means so much to victims of domestic violence and stalking that you are
carefully considering all aspects of this issue and are contemplating privacy
protections.

DR. FRANCIS: Thank you, Mr. Rode.

MR. RODE: All right. Good afternoon and thanks for the opportunity. I have
got to figure out how to use this machine here.

I do not have a written testimony this afternoon because the questions came
kind of late and we really needed to do a survey, but I think it is important
that we consider that as something in the future.

MS. BERNSTEIN: It’s not Dan’s fault that he was late. I requested him to
come late and we really, really appreciate him at the last minute, being
present here and making a presentation.

MR. RODE: No, you do not have to say that. I represent the American Health
Information and Management Association, AHIMA. You see the stats up there on
the wall. I just want to mention a couple things about the profession. We work
with data throughout the health care industry and nowadays we go beyond the
healthcare industry. One of the things that I think that has to be kept in mind
today is these professionals are engaged with both paper and electronic health
records. And one of the roles that they have played since about 1928, is
release of information. Knowing the state laws and some of the other things we
have talked about today and how they apply to the release of information. Now
as that is integrated into a health information exchange, we have obviously got
to work through some of those processes as well. But I think to think that we
are going to have a decision making machine that makes all those decisions and
just have a computer to computer, it is going to be awhile.

The other comment I want to make sure everybody is aware of, is there us to
be guidance issued later this summer on minimum necessary and it is very
unusual, unless the person is moving from one practitioner to another, that we
exchange data in totality. It is usually encounters or admissions, so we need
to keep that in mind.

These were the questions that I was asked to look at and that was, when are
we using an alias or some other means of identifying someone in an institution
that we do not want people on the outside to know about. We do not want them to
know that the person is there. We do not want them to have access. And was
there or is there a policy nationally to do this? And the quick answer was
essentially while not doing it we were able to talk with many members and I
will talk about that process, but there is no national policy. We have a
practice brief that we updated in 2001 associated with HIPAA. We have been
waiting for the ARRA to come out, so we can update it again when we look at the
high-tech rules that go into place.

The environment today is paper and hybrid and electronic and so we have got
multiple data systems. It is not one record, so when we are talking about
keeping things private, we have to remember it is the record system, the
laboratory system, the radiology system, the pharmacy system and it may be
outside systems that are serving us. Many of our providers are not yet in an
HIE, so it is a welcome time for you to be looking at how do we deal with these
issues we have heard today as we go through that process and as you have
already heard we have got a variety of federal and state organizations.

So, the practice brief that you have is an attachment and takes an
operational view. It highlights use of the facility directory because, as I
started talking to people, this is becoming the means to do some of this
protection and there are some other recommendations in there as well.

Universally, I was told by everybody, you know it worked better on paper. If
I had a paper record, it was much easier to give a person a John Doe and keep
everything sequestered. It is a lot harder in an electronic or a hybrid system.
So, the jury of organizations that use an alias, either give an alias name or
they give an identification number. And I heard several horror stories about
organizations that finally decided you cannot have too many Jane Does. You have
got to give out other names. And they scratched their head at what other name
to give because of the confusion when you try to put the record and the
material into the record, confusing the Jane Does.

There were several patient safety issues raised, especially in facilities
with electronic health records. If the patient was a repeating patient there
was a problem of how to match the alias record with their previous records or
records in the future. How did they put them together so that they had all the
data together, not looking at sequestering as we have talked all day but in
this particular case okay now that the patient is out of the facility, how do I
make sure I put everything together.

Big hospital in New York City, that I will not name, that you would all
recognize, has had a horrible time with this because they treat chronic
illnesses, but occasionally someone with a chronic illness will be admitted to
the emergency room in a domestic violence case. How do they keep those
separate? That is a real problem for a number of organizations.

Some of them with sequestering, if it is a standalone alone procedure like
cosmetic surgery, and it is one of these pieces that just does not really
impact most other health care, they do not have a problem with sequestering it,
they just put it in a separate record, and identify it to the patient. But if
it is care that needs on-going follow up, as in many of these cases then the
situation becomes a lot harder.

These are based on facility policy, but from what I could tell and from the
interviews that I did, not a lot of on-going training related to this process.
So, if there is anonymity given, how do you train the facility and make sure
everybody understands it? We heard about that a little earlier.

Treatment facilities have to be trained better and they have to deal with
celebrity issues. So the Betty Ford clinic and some of these kinds of
organizations, Hazelton Clinic up in Minnesota, dealing with celebrities tend
to have a few more pieces put together in their policies, how they are going to
deal with them and quite frankly, even how they are going to deal with the
press when the press finds out they are there anyway because the celebrity’s
staff released the information and now we have got people showing up; so what
do they do with that?

All the facilities I talked to, large and small, lift the anonymity, I knew
I could get that out, after patient discharge. So they go back to using the
name of the patient, the correct name of the patient. They do not keep the
alias on-going. And I asked some of them if they flag the encounter or they
flag the record showing that anonymity had been requested, showing that people
need to identify why they need the record as we have just heard, this could
happen after the care is rendered. And I got mixed feelings about that. Some
did, some did not and I think that is an issue I know we want to address and I
hope you will address.

I mentioned the facility directory. A lot of the institutions are not
providing aliases. They are using the facility directory. Especially the ones
that are almost fully electronic. So the folks out at the front desk, the folks
in the laboratory, everyone has a notation when they look up this patient that
anonymity has been requested.

In addition, several facilities have their systems related directly to their
security system. So if you come to the front desk and you ask if so-and-so is
in the hospital, you will soon have a security officer at least watching the
desk to see what is happening in case the, typically many hospitals use
volunteers, if the volunteer begins to get brow-beat they will step in and
somehow try to deal with the situation.

The directory content varies, but the message is pretty clear that nothing
is to be shared. Many facilities also indicate that they think the directory
process has worked. It seems to do exactly what HIPAA said it should do and
that they did not see a problem, but the small rural facilities say you know,
we are just too small and by God if you see somebody in the hospital and you
know them, gee you might mention it to your husband that night and there goes
any chance of an anonymity even if it has been asked.

Electronic controls and access have definitely improved the situation and
again it limits the number of people who have access to the record because you
have to have a roll access and other accesses and again that varies by
organization. A number of the organizations indicated that if they did have a
request for anonymity and they do not and they use the directory but they do
not use anything else, they immediately up the audit. They literally audit all
day to see who is accessing the record and is there any access that should not
take place. And of course, they have identified who did the access so they have
got the ability to follow up immediately and again, some of them tied that into
their security office with a security officer then going in, and they pull them
in with the privacy officer and others and have a discussion.

And many facilities are moving to immediate disciplinary action for improper
access and I did talk two Southern California hospitals, one of which you would
recognize, which is constantly looking at this process and trying to push their
electronic system faster because they think when they get the electronic
system, they will have less access than they have been facing up until now.

So policies work when they are in place. It depends a little on the
environment the understanding of the directory seems to provide good protection
in most of the hospitals I talked to. The process in place that identifies
situations where anonymity is needed to address a request is still mixed I
would have to say at best. To get a clear understanding of whose responsible
for what and a definite need of on-going education and training for everyone in
the mix, employees as well as volunteers which sounds exactly like HIPAA.

So from a standpoint of ourselves, we would like to work with you and others
as needed. We need to coordinate the high-tech requirements that are coming in
we need to update this practice brief just a little bit to deal with some of
the issues we have heard and a lot more education in the form of articles and
other things that we have also heard today are necessary. And obviously you
have heard some recommendations today. We have got that balance of patient’s
safety that we have got to deal with when we restrict our records and you all
have heard that before.

Again, you have got to look at the high-tech requirements because I think
that is going to bring us to a whole new situation when I have to permit access
to a record and I am sequestering information, how am I going to deal with
that? And obviously, as we have also heard today, push for uniformity. I have
given in the answer there linked to the same practice brief and thanks for the
opportunity to bring you up-to-date a little bit. If you would like us to do a
survey, I would be glad to go back and do that.

MS. BERNSTEIN: Can I just clarify which section of the high-tech act you’re
talking about when you talk about, at the end there.

MR. RODE: Well we have got requirements now —

MS. BERNSTEIN: You are not going to breach notice?

MR. RODE: We have got the breach notice, but in the high-tech we have
patient access to the electronic record. We have an accounting for disclosures.
We have the patient’s right to pay cash and ask that we not forward information
on to the payer, but it does not necessarily address other protection. So those
pieces coming in are going to complicate this.

MS. BERNSTEIN: Thank you.

DR. FRANCIS: Walter?

DR. SUAREZ: Yes, great, great topics. Thank you so much for this testimony.
I think this was excellent to look at other important dimensions. Here again I
think we are talking about yet a new aspect of sequestration and that is
sequestering the whole record, not sequestering only portions of the record.
Which is something I wanted to point out about the domestic violence and
because I think I saw two aspects of that.

I mean, I think that is great, Kaiser has some experience with celebrities
in California, of course, and so we and others have very strict policies. I
think that electronic health record has helped us actually significantly
ensuring even farther protection and determining any attempts to even
inappropriately access or use or even disclose that type of record.

But going back to the question for domestic violence and abuse, I think
there is, if I understand it correctly, there are two aspects about marking the
record. One is that the record of a patient with domestic violence information
in it should be considered a special record as a whole, because demographic
data in that record has nothing to do with domestic violence but it is the most
critical aspect of preventing any potential negative effects to the individual.
So we are talking about sequestering the whole record in some instances and in
the sense marking it and blocking it and not just certain data but the entire
data.

MS. TUCKER: That would be ideal.

DR. SUAREZ: And that is one part of it and then, of course, then there is
the second part which is whenever a provider is going to see a patient that has
experienced domestic violence, that portion of the record is also a question
about sequestration of that. In other words is it appropriate for that other
provider three years down the road, you know, regular medical visit, to have
access to that history of domestic violence or not and whether the patient
should be given the right to restrict that type of information.

So, I wanted to clarify that there are those two elements of a record of a
patient that has experienced domestic violence. It really, the full record, in
particular things like demographics and location and addresses and things like
that which again had nothing to do with the violence itself. And so protecting
the full record and then also looking at whenever the record is going to be
accessed for treatment purposes of identifying some data as some special
circumstance data. Is that correct?

MS. TUCKER: Correct.

DR. SUAREZ: Okay because I think there was some discussion mostly about the
protection of the domestic violence portion of the data, perhaps, throughout
the testimony, but I —

MS. TUCKER: Right, I mean, I would say ideally the entire record would be
protected. You know, as folks, I will figure out this whole electronic
environment and things like that. I would say at minimum the domestic violence
information needs to be protected, but as I testified, you know, that is if the
abuser is looking.

I think we are talking about too, who it is being protected from. To be
protected from the abuser, the whole record needs to be sequestered. To respect
her confidentially, then the domestic violence portion needs to be sequestered.

DR. SUAREZ: Okay. And then just a quick follow up on the anonymity part,
then I did not see any discussion about the implications or the, well the
significance that moving into health information exchanges and NHIN type of
environment will have with respect to anonymity.

So clearly for the most part, the focus is on how entities will be able to
handle internally and for disclosure purposes special medical records, let’s
call it that way, I guess. But could you comment on into the future in an HIA
environment where entities are going to be expected to share more and more
records and if not the full record, at least, record location type of
information.

You know this anonymity becomes even more important because now we are not
just trying to protect access of that special record from within but from
outside as well.

MR. RODE: Well first of all the only two hospitals that were in a network
were actually in a large system, so you could say it was a network within a
system, one represented here. That is a different circumstance, but in reality
there are a lot of questions I think that rest right there, Walter, and that is
why I said, right now I think we are handling them in some other systems,
usually having a release of information component that sits down with the
clinician to determine what are we going to release for this purpose.

If we are talking an automatic release back and forth in a HIE we have got
to come up with not only a means to recognize these requests, which we do not
have right now, we do not have codes or anything else attached to the record
that would identify a requesting physician or another end. We will use the
typical emergency room physician. They need the record. We need to send the
record. How do we let that physician know of the record and is that physician
required to follow the regulations and the laws, potentially in another state
when that comes up?

These are all open questions right now and this came up last year in our
legal EHR seminar as we begin to look at what are the accesses to records and
the legal requirements there as well. How do we work that out? I do not have
the answers, all I could tell you is we are anxious to be involved in those
discussions because we have been trying to protect these records for a long
time. We think there are some ways to do it, but it is going to take agreements
within the networks, it is going to take all sorts of kinds of things; which by
the way you all have within your organization. And you have a disciplinary
process as well –

DR. SUAREZ: Very well, sometimes even publically explained and exposed. But
yes, indeed we have, we have a very strong disciplinary approach to handling
inappropriate internal access or uses of special sensitive records across the
board of course, also about sensitive information and other things.

But the question was really about, you know, so, Marc Anthony is now in
Florida and his record is actually in one of our facilities in California. I am
just making this up, it is not his,

(Laughter)

this is not, you know, something, but it is that situation and then in
Florida they are trying to find out where the record of this person is. And
even trying to access that information in the more restricted environment would
be very difficult. Even if the provider and you know the person would agree to
a break the glass, the ability to identify the possible location of a health
information record about it, a person like that, a celebrity or VIP or that
kind of situation, is going to be a challenge.

Of course, you know, I am not sure that they happen that often necessarily

MR. RODE: But right now we do that on a very manual process that has been
honed over years within an organization. We have to deal with how do I identify
that place in Florida, how do I know that it is a legitimate request, what is
it that they are asking for, it may be a part of the record, I do not have to
have sequestered.

So right now you are doing that by hand and this is going to take putting
some agreements together to begin to address it.

DR. SUAREZ: I need just to close up, although those elements apply whether
is a celebrity or not, I mean identifying with attempting to request the data
and authorizations and identifications and appropriate identification of the
role of the person and all those things will happen for every record across
HIEs and within NHIN. It is just that it gets even elevated into a special
level when dealing with special records.

DR. FRANCIS: I want to make sure that questions for Sarah get asked first,
because Sarah, right now, because I know Sarah needs to leave at 4:30. So I
know Sallie has got a question and I think Sarah Wattenberg had a question. So
if it is for Sarah Tucker – good go for it.

MS. MILAM: As I think about the harms Sarah that you identified with in
appropriate use or disclosure unauthorized use or disclosure of domestic
violence information and I think about a sequestered record and roll base the
access together as Mark pointed out, I still, I wonder if what you are
suggesting is something more. If you think about a women presenting at a new
provider’s office that information may be being in the system if it is an
electronic health records system coming from another provider she may want that
demographic information available today.

So it is almost sounding like perhaps what you are asking for are
protections like substance abuse protections. Consent at every use or
disclosure onward. Is that —

MS. TUCKER: Yes, exactly. Thank you for helping me clarify that.

DR. FRANCIS: I do actually have one that I would like to ask which is, we
have talked about a sequestration of the entire record, and you talked about
being a victim of domestic violence as a separate sequesterable category when
information is transferred through an NHIN or transferred for purposes of
treatment. I wanted to ask you whether you think there other sensitive
categories of information that we might or might not have thought of that could
be particularly important for victims of domestic violence to sequester when
information is transferred. And one, obviously that I would have in mind, would
be any sexual activity, information, or even a prescription drug information
for contraceptives if your abusive ex-partner knows or might infer from that
that you are having sex with someone else.

MS. TUCKER: Exactly. Those as well as okay, as well as sexual health
records, abortion, contraception; trying to think of other things that would
set the abuser off. Yes, morning after pill. Exactly. And you know I did not
get into it in my testimony, but in some situations and I did not get into this
because it is messy but in some situations it is the children and the
demographic information of the children. It is messy because we know custody
situations are messy and she often does not have sole custody or his parental
rights may not have been terminated or whatever. But often abusers find them
through the kids enrolling in school in a new area.

MS. BERNSTEIN: So now it makes me think about whether the children’s records
themselves, not just the mother’s record and the mother has three children ages
three, seven, and nine, but the children’s medical records themselves, which if
the parental rights have not been terminated, maybe the abuser still has
legitimate legal access, et cetera.

MS. TUCKER: Right. If there is any way that we could indicate that those are
some sort of special protection on them.

DR. FRANCIS: Other questions?

MS. BERNSTEIN: Well, we were saying that some of this stuff is messy and you
did not go into it. I kind of am now wanting to go, ok well, maybe you want to
talk a little bit about the messy stuff.

MS. TUCKER: Anything involving children is messy.

MS. BERNSTEIN: So things that we had not thought about with other kinds of
categories or unusual things. That is sort of looking for. So I tend to think
of the demographic stuff, Walter is talking about the fact that demographic,
the location particularly, or anything that would lead to the location of the
women is particularly sensitive. And not necessarily that she is per say the
victim of domestic violence. I mean, the fact that you got beat up, for
example, there might or might not be particular shame in that. But the location
stuff has to do with her current safety.

MS. TUCKER: Unless if it is a situation where the abuser is, or feels as
though he is, of some standing in the community and would be angry that she
went to seek medical attention for the abuse. And so, if he is angry that she
sought medical attention, then certainly that could increase her danger.

MS. BERNSTEIN: Oh, okay. So I think there are lots of ways that information
comes out of the record that would somehow change the situation of a women that
you might not think of unless you were in that situation or trying to protect
the woman or thought of that in the way you did because now you are talking
about things that sort of did not occur to me directly and ways that a woman
might be put in danger through a medical record.

MS.TUCKER: Right. Right. But yes, medications is a big one and you know the
other thing that gets really messy, yes lab tests as well as mental health
records, especially of children. He may be concerned if he has been, well, and
this is not only in domestic violence, but in incest cases and things like
that. If the child is going to disclose to the therapist that there has been
abuse, then the person perpetrating the incest of course does not want that to
come out. So, attempts to access mental health records.

MS. BERSTEIN: This might not be exactly be on point, but I learned recently,
and I am not sure it is correct, that if you are a parent of a minor child and
you want the minor child to get mental health counseling, that both parents
have to consent to that; if both parents continue to have legal custody. I have
no idea if that is true. There are various nods and you know questionings
around the around the table but that could be another —

MS. TUCKER: Part. I believe for the most part that is true. There is a
section of the violence against women act that, if the child is seeking, if the
mom is seeking counseling at a domestic violence shelter, and also seeking
counseling for the child, and that only the non abusive parent must consent.
But I imagine that that has been and will be challenged by legal.

DR. SUAREZ: I would think it is state by state. There is no federal law that
I am aware of.

MS. BERSTEIN: No federal law that I am aware of. Okay so, I live in the
District of Columbia and the friend who told me lives in the District of
Columbia.

MS. WATTENBERG: Sorry. I was just asking if he meant for custody, the joint
custody thing, if that is what he was asking.

DR. FRANCIS: Yes the only federal consent law that I know about one parent
or two parents has to do with research. I would assume it is a state law. Maybe
just a more general question then to Dan as well. Are there categories of
sensitive, you have been here listening to us as we have been ruminating over
potential categories of sensitive information. Are there categories of
sensitive information that we have not thought of or categories that we have
mentioned that you think we should stop thinking about?

MS. BERNSTEIN: That is a good question.

MR. RODE: I do not know if you can stop thinking about it but I think the
issue still gets back to the patient’s safety balance against the sequestered
balance and then unfortunately because we have such dispirit systems right now,
the ability to flag in one system or not flag in another the ability to apply a
break the glass rule, it is horribly inconsistent. Institutions are putting
this together on their own. We can send out best practices they can second
guess this piece but it is so different in so many places that when we get to
Walter’s point about how do we then exchange information in an organization,
how do we look at a directory to locate a file then the whole inoperability
piece can come to a halt.

And I do not know if this is a legislation or something that we could begin
to build standards around to handle some of this but we have got to address
that issue. And I know you have been trying for a long time. I have sat through
most of these meetings but it is really one that requires that attention
because right now folks are doing it on their own.

And quite frankly as I talked to some institutions I was really surprised
how well they were doing. I really thought it was good, especially some of the
county hospitals which get the gunshot wounds and the gang pieces where they
have done. There are some really good practices out there and we have got to
update our best practices. But we also have to address this now that we are
looking in this process and I know too well on the domestic violence and I am
glad that you had Sarah here. That is an issue that follows the patients so it
is not, gee I can move to another state and then it is all taken care of.

As the doctor said this morning we are so used to the internet right now.
Data can be shared and you know I worked with the court system a couple years
ago because the federal courts were making all their information digital and if
one of these issues came up in a court trial, all that medical record
information would then become a court record which was digitized.

MS. BERNSTEIN: And court records are totally public.

MR. RODE: And they are public and I met with the, I cannot remember the name
of the federal court system association but we met with them to see if there
was a way to sequester data even in a federal court trial so that only certain
parties had access to the information.

So as we got internet access now to a lot of this stuff, we have to make
very sure of how we build the firewalls and in that piece as well because it is
another place — it was never a problem when you had to go down to the
courthouse and look up the record. Now it is a problem.

And again, the other side of this we did not talk about in this session is
physician offices. This is one place where I hate to say it but the docs are in
better shape than most of us because having an interview and knowing the
problems of a family and having the closeness that was discussed in the
previous session, most physician’s offices can do a much better job of
sequestering data and keeping things where they need to be than our larger
facilities.

And having most of my history in University teaching hospitals, the larger
the facility, the harder this whole process becomes. So we have got a
uniformity issue and then we have to go beyond that.

DR. FRANCIS: Walter?

DR. SUAREZ: One point you know you made me think about as you were talking
is the challenge and in front of me also is one from the testimony on medical
notes because I mean it is easy to codify what kind of drugs a person is
receiving or has received and what kind of conditions or what kind of treatment
procedures that have been done by codification and all these. But in many
medical notes there are written on medical records there is in three paragraphs
there could be two elements in a paragraph that are sensitive and the rest are
not.

So when I say, you know, patient 85 years old, Caucasian, came with this and
that, there could be a description of two elements in there that are of some
level of sensitivity in those notes and so as we get more into the electronic
health record that will allow us to type and enter those medical notes you know
we are going to find that it is going to be very difficult to sequester
selective portions of a note that might disclose some sensitive information and
at the same time if we sequester the entire medical note because it contains
one word, then it creates a safety issue from a care perspective.

So it is going to be very difficult if we get more and more into expanding
the electronic incorporation of medial notes that are outside of any qualified
type of disease or condition that a patient might have.

MR. RODE: That may be something though that first of all I think we will be
able to codify or not codify but use terminologies on the notes so there is a
way to certainly sequester. And this morning’s testimony pointed out that
mental health information could be in your family physicians -– how are
you doing, I have been really depressed lately, blah, blah, blah, blah. And the
next thing you know, I have got a nice new drug and in the physician notes I
have now got a mental health note.

So I think we have to address some of that in the discussion you are having
but we also need to begin thinking about maybe how we document. And is there a
documentation process that would allow us to segregate some of this information
as we put it into the system instead of trying to sit here and figure out now
that it is in the system, how am I going to keep one party or another party
from accessing?

So I think that we need to look at the very beginning of how do we gather
the information? How do we put it into the record and then how can we make the
system work for us to do some of this?

DR. FRANCIS: Could I ask both of you about flagging? Sarah took a pretty
strong position that flagging would be counter-productive at the level of
sequestration of data types. But you did not take the position that flagging
would be counter-productive at the level of this is a record to handle with
special care.

I wonder if both of you could comment a little bit more about the wisdom or
well we are pretty strong in our prior testimony, the testimony that led up to
the 2008 letter. We heard some pretty strong views from the provider community
about how it was important for them to have notice that something might be
missing.

MS. TUCKER: Real quick comment on the earlier question about categories and
others to sequester. This is outside my realm of expertise, but perhaps
adoption. I do not know where that fits into medical records, but just throwing
that out there.

I am not sure that I fully understand your question on flagging.

DR. FRANCIS: Well so flagging, you said that it makes sense to flag the
entire record if there are worries that this might be somebody who could be a
victim of abuse because people need to know that it is really important that
this record not get where it should not get. But you opposed the idea of saying
about a record that there has been a sensitive category mask.

DR. SUAREZ: So you are in favor of unidentified flagging as it is called?

DR. FRANCIS: Right. Or of sequestering certain categories of information
without flagging the record to let it be known that a category has been
sequestered.

MS. BERNSTEIN: With a notice to the physician that something is missing.

DR. FRANCIS: When records go for purposes of treatment.

MS. TUCKER: Exactly and I think that is because the current HIPAA categories
are so stigmatizing in the sense that they are substance abuse, they are mental
health, but am I wrong?

MS. BERNSTEIN: No I am just trying to figure out what part of HIPAA you are
referring to that have categories like that if there is in HIPAA?

DR. FRANCIS: Well there is special protection for psychotherapy notes.

MS. BERNSTEIN: Right, there is special protection for psychotherapy notes.
This committee has made recommendations that those were examples of kinds of
categories that you might want to sequester.

MS. TUCKER: I believe there was some in either HIPAA or the Recovery Act,
there was something about substance abuse as well being mental health.

MS. WATTENBERG: HIPAA defers to 42CFR Part 2 which is the substance abuse
law. So in the preamble it essentially and then there is a lot of substance
abuse stuff in the health care recovery act. So I do not know what you are
referring to.

MS. TUCKER: Okay, so I may not have my citations exactly correct but from
our current understanding the two main categories right now of sensitive
information are substance abuse and mental health which are both very
stigmatizing categories. And that was where that recommendation was coming
from. We are not opposed to it if there is a more general or if A, there are
more categories that are added to reasons that it might be sequestered or B, if
there is a general statement that says we are not opposed to a general
statement saying some information may be missing from this.

MS. BERNSTEIN: On every record.

MS. TUCKER: On every record which, you know, right.

MR. RODE: I use the word flagging two different ways. One, flagging as in a
directory so that anyone accessing the record knows that it is to be handled in
a special way as you were talking about. And even the advantage of an
electronic system is I can build in my access controls a means to protect that
much better than I can in my paper system that we have now. So when we get
through this hybrid world we are in right now and get to electronics that will
make it easier within the organization.

As to flagging that information is missing we have had to take our cue from
the physician community that is obviously very concerned about making decision
s based on information that could affect that decision. Now how you could build
a decision support mechanism to say okay these are the flags you should be
interested in, do not worry about these others. That is really pushing the
technology at this stage, but I think we have to have the ability to let people
know that information is not there when it can impact care. And then it is a
question of okay now that I know that, what are the various options that I
have?

DR. SUAREZ: I guess the question is whether the information that is telling
me that there is information missing should be detailed enough to tell me that
there is mental health information missing or there is substance abuse
information missing or there is you know, some reproductive health information
missing. And I absolutely see your point about in the flagging we are talking
about an NHIN environment, an HIN environment where I am going to be trying to
access data from other providers and requesting data. I know that you have data
about this patient, the patient is here, I need to see that data and then that
other provider said or yes I do have data, this is the data that the patient
let me show you but be aware that we have data that is of this nature that is
not sharable.

And so that immediately flags, that is the kind of the concept that
immediately tells me that there is mental health data in that record that might
be —

MR. RODE: Since the decision to put a flag in is a conversation between the
patient and the clinician, then I think the commission has to take a role of
would that information be important to someone that might have to make a
medical decision. If I have got a mental health case and I have got somebody on
psychiatric drugs, I think the question is obviously yes, is a domestic
violence case one that needs to necessarily be flagged?

I think again it is the discussion between the individual and the physician
what is the impact of that decision? And I know at another hearing someone
suggested, well we just tell patients look you could die if you do not release
this information and let them sign a consent. I do not know if I would go
there. But I do think that the clinician who is seeing the patient now and is
being requested to sequester that information needs to make a decision, is that
going to be important to someone else down the line? We have to depend on you
as a physician, to make that decision.

DR. SUAREZ: Yes, but at the higher level, on the HIE world it is an HIE
policy as well. In my HIE in Minnesota, for example, our, yes and again it is
an example, in the state of Minnesota HIE, the policy is that you do not
disclose the type of information you are withholding for your blocking. You
just say, like a general statement, be aware that this might not be a complete
record. But not be aware that there is mental health data.

So it is a HIE level policy decision that needs to be devised and discussed
and defined to determine whether in that particular HIE that kind of disclosure
is permitted or not.

DR. FRANCIS: I want to thank members of the panel. I know Sarah needs to go.
So thank very much for coming. If there are further questions for Dan, if Dan
can stay for just a couple minutes I will just invite that.

MS. TUCKER: And I am also happy to take follow-up through Maya or Gail.

DR. FRANCIS: That’s great. Yes there is an opportunity to submit any further
information on the record for the next couple weeks. So thank you.

MS. TUCKER: Thank you.

DR. FRANCIS: It is two weeks right? Any other information?

DR. SUAREZ: There is another category of data that I do not know if it has
been identified and then I wonder if you can comment? Maybe it is participating
in clinical research. So if I am participating in certain types of clinical
research it of course discloses what kind of conditions I might have. It is a
kind of data that might be worth considering with respect to special treatment
I guess of data. What is your perspective on that?

MR. RODE: I would agree with you that it certainly needs attention because
it can disclose that type of thing and it is not unusual in a tertiary care
facility or a university facility to see mental health patients for instance
involved in a research protocol.

Now when I served in an IRB we used to actually demand that that information
be sequestered. Again thinking more on an institutional basis -– this was
before HIE so I think we really need to think about that and quite frankly the
medical community, the physicians and clinicians really need to be more
involved in some of those decisions than I am seeing in some states right now.

DR. FRANCIS: Could I ask you one other question? One suggestion we heard
this morning is that it may be particularly important to sequester information
about the type of provider? Even if it is not about the medication that was
prescribed say. So if you have been treated at the X facility, it makes it very
clear to people that you were getting a certain type of treatment. This was in
the discussion on mental health treatment.

And I wonder what your reaction is to that distinction particularly in light
of the provider argument that we need access to all. So when records are being
transferred for purposes of treatment, do you think it matters whether the
location of the treatment as opposed to things like the problem list that was
generated there or the medications that the patient was on and so on?

MR. RODE: Unfortunately we have facilities and physicians who are identified
by psychiatric care, alcohol treatment what have you. And I think it raises the
same issues that we have already talked about this afternoon within a health
information exchange, again I think this is now a discussion between the
patient and the physician. And that discussion has to include what the
implications are. I hope we do not build an electronic health records system
that fails to allow us to pick up the phone because it is possible to indicate
information is not there; call this number, it does not have to be identified,
if needed. I think we are trying and it reminds me of when I used to do EDI
work, we are trying to do everything with this electronic system. And I think
we are forgetting that there are other ways to communicate and we need to
consider those; that this cannot just necessarily be an electronic to
electronic transaction. And that there may be situations where we just have to
pick up the phone and do it. And again we are talking exceptions here. I do not
have the statistics of how many psychiatric patients there are in the country
versus general medicine patients but that should change it.

The other thing that is happening is the medical home. And I can see
eventually that if medical home catches on, I might want you to identify my
medical home physician because I know personally my family physician
communicates with all three specialists that I see and he has a very good idea
of what is going on and I communicate with him on a constant basis so that we
know what information I am comfortable with or not.

So as we get into some of these models I might have an advocate in the form
of my family physician who can also help to make some of these decisions. I do
not have to do it on my own as a patient. I have got a clinician who understand
the system and can help.

So I think we have to think about the system in its entirety and not just
the electronic health record or the health information exchange. We have got to
think about how it works throughout the process if medicine.

DR. FRANCIS: Sarah?

MS. WATTENBERG: I just want to clarify something. So under the 42CFR Part 2
law, the name of the specialty substance abuse treatment program is protected
by federal law when it actually identifies somebody as a substance abuser. So
that already is in there.

Now mental health laws often are done at the state level and they often
mimic the 42CFR Part 2 substance abuse laws but I do not know whether or not
that element of those laws is part of what is reflected in the statement of
health laws. Even in the stringent ones I do not know if they go that deep into
it.

MR. RODE: There is a lot more work that needs to be done on the health
information exchanges and some states are very good. They have got broad
committees, they have got HIM involvement, they have got mental health
involvement and they are looking at these. Some states unfortunately have not
gone as broad and I think some of these questions are not being raised where
they need to be raised.

So I hope the information here can be shared with the state HIEs as well.

DR. FRANCIS: Thank you very much.

Unless there are further comments or thoughts I am going to thank everybody
who has been here. It has been an extraordinarily rich day and I would not want
to sequester any little piece of it. So we are adjourned for tonight –-

MS. BERNSTEIN: But before we do that, we want to talk about the meeting
tomorrow where this sub-committee is meeting tomorrow at 3 o’clock in the
afternoon on the schedule after the full-committee meets tomorrow for two
hours. Do you have anything you want to talk to your committee members about
that meeting?

DR. FRANCIS: All right. I think it would be lots of fun to come prepared to
try to – my own thought would be from 3 to 5 or at least from 3 to 4:30,
we should come with some thoughts about recommendations for a letter. Ideally
what we would want to do is have some recommendations for a letter, draft it,
and have it be ready for the full committee meeting in September. This was hard
logistically. Thank you all.

(Whereupon, the meeting was adjourned for the day at 4:40 p.m.)