[This Transcript is Unedited]
Hubert H. Humphrey Building
200 Independence Avenue, S.W.
Room 505-A
Washington, D.C.
DR. COHN: Good afternoon. I want to call this meeting to order. This is a two-hour meeting of the Subcommittee on Standards and Security of the NCVHS. I'm Simon Cohn, chairman of the subcommittee. I'm just going to welcome everyone here, as well as HHS staff and others listening in on the internet.
I do want to remind everyone, and this was brought to my attention by someone trying to listen in on the internet this morning, that everyone really does need to speak clearly and into the microphone or else no one on the internet is going to have any sort of chance of either hearing or understanding what's going on.
We have a number of items on the agenda for discussion today. I think we are going to start off by talking about the security final rule -- actually, I'm sorry, we will the let Karen do whatever additional updates on HIPAA that she feels are appropriate, but after that we are going to talk some more specifically about the security rule, not so much from what it says -- which I think Karen did a great job this morning presenting a summary of the essential aspects of the rule -- but more as a committee and as a subcommittee, what we need to be doing in relationship to the security rule and I think John Houston, a new member, has brought up some interesting issues and ideas around that.
From there we'll be talking about the ICD-10 cost impact study which you will all remember that we are sponsoring and it will be more in lines of a status update.
We will also have, I think, another discussion on this issue of publishing effective solutions to HIPAA compliance issues especially in relationship to having a better understanding of our status in relationship to the ASCA data base and I don't know that we actually have an evaluation of that data base completed yet but hopefully we will be able to at least get a status update.
And then we'll be talking, I think, about PMRI and what we are planning for for March 25th and March 26th.
I do want to remind everybody about upcoming dates for hearings in 2003. The next hearing dates are March 25th and 26th, and then we have another hearing scheduled for May 21st and May 22nd.
Now that NCHS has actually moved their offices and is sort of stabilized again, we will begin to poll people for availability during the last half of 2003 and so hopefully that will be happening over the next week to ten days that you will receive e-mails about your availability and we'll be looking likely for hearings in the August time frame, October and December.
With that, I think maybe we need to have just brief introductions around the table and around the room for members and then we'll get started on the agenda. I think I've introduced myself. Karen?
MS. TRUDEL: Karen Trudel, Centers for Medicare and Medicaid Services and staff to the Subcommittee.
DR. HUFF: Stan Huff with Intermountain Health Care and the University of Utah in Salt Lake City, Utah. A member of the committee.
DR. ZUBELDIA: Kepa Zubeldia with Claridia Corporation, member of the committee and subcommittee.
DR. FITZMAURICE: Michael Fitzmaurice, liaison to the full committee and staff to the subcommittee. Agency for Health Care Research and Quality.
MR. BLAIR: Jeff Blair, Medical Records Institute. Member of the committee.
DR. HOUSTON: John Houston, University of Pittsburgh Medical Center. Member of the committee.
MS. PICKETT: Donna Pickett, National Center for Health Statistics, CDC, staff to the subcommittee.
MS. BURKE-BEBEE: Suzie Bebee, NCHS, CDC, staff to the subcommittee.
MS. SQUIRES: Marietta Squires, NCHS, staff to the subcommittee.
DR. FERRER: Jorge Ferrer, CMS.
MS. BICKFORD: Carol Bickford, American Nurses Association.
DR. ORTIZ: Eduardo Ortiz from the Agency for Health Care Research and Quality.
DR. RHODES: Tom Rhodes, National Institute of Standards and Technology.
MS. WILLIAMSON: Michelle Williamson, CDC, National Center for Health Statistics.
DR. EMORY: Jack Emory, the American Medical Association.
MS. BARTLETT: Melissa Bartlett, the American Association of Health Plans.
DR. COHN: Thank you. Well, Karen, just to lead off the discussion, is there anything more that you wanted to talk about in relationship to the HIPAA mystery of simplification standards timelines?
MS. TRUDEL: I think that my previous presentation on security was pretty comprehensive. I would kind of do a thumbnail sketch of what is in the other regulation modifications. None of this should come as a surprise to the subcommittee because it's essentially the same as what was proposed.
We did propose to adopt the addenda 40-10-A and we did rescind the national drug code as the standard for institutional, dental and professional transactions and limited them to use in the retail pharmacy transactions.
Unfortunately, in the course of the snowstorms that we had last week, the folks at the Office of the Federal Register who were trying valiantly to get all of the documents printed on time and were operating with a very reduced crew, did wind up with a couple of problems that we need to put out changes for and -- in the modifications rule -- and those changes will be published again in the federal register shortly.
DR. COHN: I understand that those actually are available on the CMS web site.
MS. TRUDEL: The corrected documents are on the CMS web site. It's only the printed Federal Register version that contains the errata, the errors.
DR. FITZMAURICE: Karen, is there a location for the final, complete transactions and code rule with all the changes made to it? Is that on the web site and downloadable?
That is, here is the original one, here's the changes, now is there a document that adds the two together? MS. TRUDEL: You mean a consolidated version similar to what OCR did for privacy?
DR. FITZMAURICE: Yes, I like that term.
MS. TRUDEL: We have not done a consolidated version yet. I'm definitely thinking about it, and in fact thinking about incorporating everything at this point because we moved some things from the privacy section of the rules and moved them into the general sections because of security. So there's been additional movement of text.
DR. FITZMAURICE: You mean out of the privacy rule and into the security rule or just duplicate it in the security rule?
MS. TRUDEL: No, no, no. What we did and it's sort of -- we can't think of this as the privacy rule or the security rule. It all winds up in the same code of federal regulations but certain sections of that code of federal regulations contained private information about privacy and some of it because it now applies to security as well, was moved to another section so, for instance, some of the hybrid entity information is now not in the 500 section of 164 anywhere.
DR. FITZMAURICE: Thank you.
DR. ZUBELDIA: Karen, is there any plan to do a consolidation of implementation guides?
MS. TRUDEL: Not that I'm aware of.
DR. ZUBELDIA: Okay.
DR. COHN: Karen, can you comment at all about either the, I mean, the provider ID or the claims attachment or the health plan ID at this point? I know we should be glorifying and reveling in the completion of the current activity.
MS. TRUDEL: I don't even get to rest on my laurels for a whole day.
The provider identifier is -- the final rule is the one that we are beginning to move through at this point with added speed and the plan ID and the attachments are behind it again, going through the review process.
DR. ZUBELDIA: On the section at the end of the final ruling, the preamble discusses some changes that NHS wanted to have in the rule that are not in the addenda. Do you have any idea what the plans are to have a modification to the addenda or to 40, 50 or --
MS. TRUDEL: What you are referring to is the fact that as we looked at the rule and the implementation guide, addenda changes, we had said in the rule that we were adopting no standard.
Yet when you look in the implementation guide, the specifications for drug code sets do contain qualifiers for just HCPCS and NDC. I basically -- I won't get into more detail -- and that was done because they were the only two that were actually in use -- are actually in use.
The concern that was raised was that in the future that could be viewed as stifling innovation and if another code set comes up there may be a need to identify some other qualifier and so rather than limit it to the two that are in there now, we say in the preamble that we will go back to the DSMOS and ask them to add sort of a general "other" which is something that is sometimes used in the implementation guides and it will just do that as a DSMA request.
MR. BLAIR: When will they go to the DSMOS?
MS. TRUDEL: I don't know that, but we did say that we would do this in the course of the next update. We are not going to try to do it off cycle.
DR. COHN: Other questions? Comments? It sounds as if Kepa and Mike are both reaching. Your choice as to who goes first
DR. FITZMAURICE: The security rule covers only electronic information. If that electronic information is turned to paper, having been electronic, does it still have to be given the same security as electronic information?
MS. TRUDEL: Well, it has to be afforded the same privacy. We do not, in the regulation that is now published provide any standards or implementation specifications for paper so I guess I would have to say that it would, there aren't any specific requirements in terms of security that would have to be met.
DR. FITZMAURICE: Okay, so if I'm a physician's office and I toss out all the computers and deal only with paper, something I would never like to see happen, at least I could avoid the security rule, but I would go on to say -- I guess I could -- but I would go onto say that the security rule is probably the least burdensome and the most scalable and so if I were to try to avoid any rule, that's the one I would least likely want to avoid.
MS. TRUDEL: I think it's important to remember that for HIPAA purposes or a provider, you are either in or you are out and if you are not a covered entity by virtue of the fact that you do not conduct transactions electronically, then none of the standards apply to you and if you do, then all of the standards apply to you.
DR. FITZMAURICE: But my implication was that if I convert all my stuff from electronics and keep only paper and deal only with paper, I may still be a covered entity for purposes of all the other rules but then I might not have to have a security plan and go through the security risk assessment and the checklist. But I'm saying that's the lest burden some of all.
MS. TRUDEL: If at some point in time, if you are a covered entity and you are conducting electronic transactions, then you must have some electronic data and you would have to meet the security requirements for that data.
DR. FITZMAURICE: Certainly my billing service would if I were to send paper to the billing service and send paper to the billing service and only receive paper or check back.
Again, not a solution to the burden that I think would be advisable to take. It wouldn't be economic to do it.
DR. ZUBELDIA: I want to point out that we talked about the security rule this morning and how well written it is, that also the addenda rule, this final rule or modification of the final rule for the NBC codes and the for the addenda to sections is very, very clear and very readable and I want to applaud the department in the work done in putting that rule together.
I think it's an excellent job and it makes the transition to the addenda much easier.
DR. COHN: More plaudits for good work.
I actually wanted to sort of move and talk about security a little bit. I think the issue here is you remember our title is the Subcommittee on Standards and Security, and I think we've all recognized that the area of security almost by definition overlaps significantly with privacy. Certainly there's, even though we have it, any work has to be done thinking about the privacy subcommittee as part of it at a minimum.
I think the real question I have, and we wanted to bring up for everyone to think about, is what sort of work needs to occur in relationship to security.
I know John Houston, our new member, is joining us today as a guest with our subcommittee. I don't think he wants to join but I think he has a major interest in the area of security
DR. HOUSTON: No, I'm more than happy to join. I just want to work on security, not that I have anything against transactions and codes and that.
DR. COHN: Okay, and let me just sort of frame this. I mean, we've done such a good job -- he just doesn't want to come to all our meetings.
DR. HOUSTON: The rule is you show up as a guest once and the second time you are a member and you get work.
DR. COHN: The third time we assign you leadership activities.
I think the issue for us to mull on, and I was hoping John might sort of discuss some of his views on all this is really sort of what needs to be done. I thought that we need to mull over about sort of the organizational issues.
I think it's something that needs to also be talked about with the privacy committee, subcommittee, tomorrow morning, just because I know there's a fair amount of interest in it there and then probably at the end of the day the executive subcommittee will figure out whether we keep it as part of this group, have a work group, create its own subcommittee or what but I think we are sort of at the point now where we need to be figuring out what is going to make the most sense but, of course, that's all based on what we need to do.
John, do you want to talk about that a little bit? DR. HOUSTON: I'm just going to sort of reiterate some comments I made this morning which is the concern that I have with security and just so everyone understands, one of my express accountabilities at the University of Pittsburgh Medical Center is security. I have a large staff that reports to me specific on information security so I guess I troll in these waters well enough to sort of know what some of the issues are.
And I think that one of my immediate concerns is that to do security in any type of rational fashion, I think people have to have a plan together and probably will need some guidance very early on and I think if anything percolates up, it won't percolate up at the 11th hour or hopefully it doesn't, but we should try to get it addressed very early on in the process.
That's the thing that I see most and the guidance that has to come out of CMS to support these rules I think has to be early.
The other issue -- not issue, I hate to call them issues -- but another reality I see is that you are also now starting to troll in very technical waters and the people that work in them are very technically oriented and I think we could, you know, I think that there will be a lot of questions asked about the specific use of technologies.
I think there will be endless permutations of the questions about everything from authentication to encryption. It will be a nightmare.
Too many times, just knowing my staff, they can get involved, they can get into the minutia detail and get really hung up on it and I think that's going to be problematic. I think also people are going to over- engineer this rule.
I don't think -- not that there's anything wrong -- I think the rule was fantastic the way it was drafted, but I think you are going to see people doing things, wanting to do things or advocating to do things I think are far in excess of what the rule might contemplate so I think guidance early is very, very important.
I'm not sure what, I mean, I would love to think that this committee will have to do very little because the rule is so clear but I just, I have this sixth sense that says that's not the case and I think maybe it's more CMS than this committee that's going to be burdened by this but I think it has to start very early on in this outreach.
DR. FITZMAURICE: I think you're right, John, that this may be the easiest rule to follow and yet I know I have been surprised other times by things that people run into that I didn't anticipate. It happens a lot with the HIPAA rules.
Maybe there's an occasion for trying to list out a series of questions and then ask people to testify on those questions, leave them kind of open-ended so we learn if there's something new from the people out there who are trying to implement it.
I don't know what the timing of such a set of hearings might be, whether you do it soon or whether you do it after people have had six months or nine months to mull things over. You probably know it better than I do because you are dealing in this every day.
DR. HOUSTON: You know, let's just take one part of it. If you were to decide that you were going to implement internal encryption of your network. I know it's not necessarily advocated by the security rule. Somebody is going to make that decision I'm sure.
Those types of lead time on something like that is potentially fierce. The same thing if you decide to change the way you are authenticating, you know, changing the strategy.
I mean, a lot of these types of -- from a technical perspective, can take a long time to implement and can be fairly expensive.
Now, mind you, part of what I think has to happen is to get people to realize that they don't have to throw technology. I mean, some of this doesn't really require that much technology, you have to be practical about it and I think it might be helpful to sort of gauge where people stand vis a vis their interpretation of what they need to do as far as a security rule.
That might be real helpful, in fact, to determine what guidance and required is to try to figure out, okay, for different sized entities that are differently situated with regards to the use of electronic information systems for delivering health care is what do they think they need to do for the rule?
What is the size of the organization? How are they structured? Are they an academic medical center? Are they engaging patients by e-mail and other types of internet based communication schemes? Do they have portals? What do they do? How do they engage their physicians? The physician portals -- do they use, you know, aps that are available by the internet for physicians to go in and do everything from read x-rays to be able to issue orders, things of that sort.
So it would be helpful to get a sense where people even are and what they think they need to deploy. I think it would be helpful but to be, really to be effective it has to be done sooner rather than later because again, if there's a guidance document that advocates doing, deploying a certain type of technology, the lead times often to deploy technology could be years rather than months.
Hopefully we aren't forced to implement it.
DR. SUBELDIA: I agree with J.P. that this ought to be done early. The problem that I see is this subcommittee has already a full and overflowing plate, and this is perhaps what we need to talk about with the privacy subcommittee and perhaps transition security with the privacy subcommittee rather than the standards subcommittee because I don't see that we have a lot of idle time to either have more meetings or put more of this type of testimony in the meetings that we already have scheduled.
DR. COHN: Other comments?
DR. HOUSTON: The other thing, too, could be that we may find there is other ways other than doing testimony to get together this information. I mean, maybe there's some type of survey that could be performed electronically that allows, you know, us to gather a body of data statistically that decides if there is a problem or how actively engaged we need to be in this security rule.
I think that would be helpful. I would be interested to see how people are interpreting this rule in their own organizations.
DR. COHN: I agree. I think that's -- a number ever people have full-time jobs interpreting and analyzing this particular rule. I'm not sure that's -- testimony is a difficult way to get at those specific issues.
DR. HOUSTON: A survey sometimes can be taken wrong and people think it's something that's legally binding but I think to gather and get a sense of where people stand vis a vis these rules I think would be real helpful right now.
DR. COHN: Other thoughts or comments? Steve?
DR. STEINDEL: I'm intrigued about this idea of surveys at least to see what the picture is today and how close things are in place to what's envisioned by the security rule.
I was trying to think if there are any general surveys out there that have been done in the past that have asked about security and I'm not certain. Jeff, has MRI asked any questions on the general surveys concerning security issues with institutions?
MR. BLAIR: It does and it asks what guideline practices and technologies are being used but it doesn't pin it down to a specific institution that's replying to the standard because it's open on the internet. It's pretty good data because you compare it year after year and it's consistent and it's consistent with other surveys but it can't be represented as a scientific survey.
DR. STEINDEL: My comment on that would be that generally speaking it's the sophisticated people that are answering the MRI survey and the equivalent HIMSS survey. We might have a picture of what the elite is doing, but we probably don't have a good picture of what the non-elite in the IT area is doing.
As J.P. said, that's probably what we should be addressing.
DR. ZUBELDIA: The government group has a survey that goes to a series of health care providers. They are not necessarily the sophisticated ones. They have been following that same serious of providers for quite a while now.
I don't know how many questions they have on security, but I'm sure they have some data and then Phoenix Health has a survey for people that are on their mailing lists and of course people that are on the Phoenix health mailing list are people that are actively involved in HIPAA implementation to it's the elite but Phoenix also has been asking social security questions.
MS. BICKFORD: Carol Bickford, the American Nurses Association. When I was at the HIMSS conference this past week, there was a product that they -- and I'm not endorsing HIMSS -- that they had identified as their tool sit which is a compilation of numerous surveys from professional groups that are doing surveys that might be of value.
And I also raise the question as you are talking about the security. What is the relationship top all the significant standards work through ASTM in relation to security where you already have the experts who have been talking about the security.
Can they serve as a resource in giving you a state of the union if you take a look at some of the standards work that's out there already as they have compiled their standards for security.
DR. HOUSTON: I would contend, though, that you almost have to go take the rule section by section, sort of say, ask in some brief form -- here's what this particular section covers. What is your gap, what do you think you need to do in order to comply with the rules? Especially on some of the technical components?
Is there a cost to be assessed and what's the time frame to complete this work? And you almost want to go down section by section. In theory, if people are going through and doing a risk assessment, that's very, getting that information in that form would be very compatible to doing a risk assessment I would suspect.
And then from there you could get a sense of whether people think they are going to -- from just the comments, are people going to try to do things like internal encryption of the networks.
I always want to say that because I think that's going to be a gut reaction on some people is they are going to be trying to deploy technology solutions that are aren't necessarily appropriate and I think that's going to be -- I get it all the time from vendors what want me to do all sorts of bizarre things, you know, in my systems and networks.
Some of it is not bizarre but a lot of it I think is I guess this gut reaction and a lot of vendors try to self fear. You know, solutions to fear. That's part and parcel of my concern.
DR. COHN: As I'm listening to it, I do fear that there is very few ways that we can prevent industry from making bad judgments, either over-engineering or over-investing and I can't think of anything that -- you know, for instance, the good news is that this is a free country, the bad news is that it's a free country. People having individual liberty and choice in some of these cases but having said that, I'm sort of mulling about what it is we need to do versus what it is that CMS needs to be going in terms of guidance and advice.
I certainly think that there may be some value early on to hearing from some of the industry about what they see as the big issues and all of that I think that's maybe where you are trying to get it.
DR. HOUSTON: Yes, which I think does make some sense. I guess the question we will all have to mull over is, is it done better as a separate -- I mean, we are all sort of hearing here -- I haven't heard from Stan's comments or obviously Clem MacDonald isn't here either but the question is, is I'm not hearing widespread enthusiasm from everybody sitting around the room that this group itself should be holding additional hearings on security.
The question is, is a work group the way to do it, potentially that you or someone else could lead or does it make more sense to talk to privacy or does there need to be a technical co-chair other there so that we are handling that.
Once again, I think we need to find everyone who's interested in making sure that we are getting them together in a way and focused on the issues to that, in a way that avoids re-work and leverages the expertise.
I guess what I'm hearing is you are not quite sure exactly what the issue is but your gut sense is that there is something out there.
DR. HOUSTON: We are all just trying to still down what the rule really means and I just know that -- going back to my original comment which is sooner rather than later is important with regards to guidance and with regards to understanding where the pitfalls are because I think what happened with privacy is it really took a long time for people to start to realize, well, gee, I got a problem.
Or these particular issues really have started to rise at a very late hour. I mean, seeing it now, there's --
DR. COHN: But John, the reason there were so many of these problems there is the fact that the rule changed I would say later than midway and with the offering of significant modifications and easing in some cases, clearly it didn't make people want to be aggressive in terms of implementing an old rule that would now be easier.
DR. HOUSTON: What we heard in this room today was a lot of people talking about guidance that's forthcoming. When you and I spoke, I cringe when I hear about guidance coming a month or two before the compliance period was past for fear that the guidance says something that I haven't done or I have done differently in good faith thinking that I had a good compliance position.
And all of a sudden, I get a compliance document that's pretty much, it either causes me or tells me that I have done the right thing or forces me to go out and change. That can be very problematic and again, when we are deploying technology, the earlier you have the rate guidance, the more liking you are to be able to deploy the technology appropriately.
MS. TRUDEL: One possible thing that the subcommittee might want to do as just kind of an entree into this issue is to have us report at each subcommittee meeting on what kinds of outreach activities we are undertaking, what kind of materials we are producing what kind of feedback we are hearing and I share your concern about over-engineering.
If you look at the matrix in the regulation text, it's very clear. Most of the solutions we are envisioning are administrative, they are not technologic.
I think there are only five standards that are technology driven and so at least we could provide an ongoing report of how we are doing, what we are hearing and then maybe get some feedback from you all at the same time. Would that be smart?
DR. COHN: That's not bad. Stan and then Kepa.
DR. HUFF: Just to describe where I think where we are at is pretty much the way John has described it. What's going to happen at Intermountain Health Care is now that this has been published, we are going to do the risk assessment. We are going to go down the list and say what are we doing for this, who are we doing for that.
And then once we do this, we may have questions and my assumption is though, that those questions, you are gearing up within CMS to answer questions that we would have at that particular time.
So the, I think you might get a lot of information to know -- I mean, what that means is that for people like OHC, I mean, we started last week doing that kind analysis. I think where you would be worried is six months out there's 50 percent of the marketplace or something that hasn't done any kind of analysis like that to know how.
And that seems like maybe an area where you would like to have some kind of a dipstick or a barometer that would say how many people have done a risk assessment so that what you would like is everybody to do that sort of thing early in the first few months so that any issues that arise can be discussed and you can get early comment and solution to it.
What you hope is that people don't go a year and then start thinking about what they are going to do. So it seems to me the biggest risk is that people won't do the analysis, won't do the risk analysis early and you end up a questions at the end because people haven't seriously considered what their solution is going to be.
DR. ZUBELDIA: Stan, that's where surveys can help tremendously but I think that there's also another very good tool and that's the Ask HIPAA and the hotline that you have for HIPAA to alert us and to alert CMS and perhaps bring to the subcommittee what are the hot topics that people are asking about, what are the questions that they have.
And there's an easy or good way to tabulate those questions and what are the frequently asked questions so we can perhaps, when there's a hearing centered on those topics that are the most relevant or the most important, urgent, you know, that would be great.
DR. STEINDEL: Karen, I know you mentioned this morning some synergy and relationships between OCR and CMS, the HIPAA office. Have you discussed formalities with respect to the security rule because you have also both acknowledged the overlap, especially in people's minds between the way they interconnect the security and privacy rule.
And one of the things that I see is some of these questions concerning security coming into OCR and not necessarily through the CMS process because of the way they tie those two things together and I just wondered if you have discussed that internally and how you are going to handle it because that might provide some guidance within the NCVHS on how we should structure our relationships, too. MS. TRUDEL: We are still having discussions with OCR about that, and I think the work that's going on with the enforcement regulation is also going to help us all get on the same page with that because we will be using the same procedures and essentially the same rules and we already are, I think, fairly successfully working with them to re-direct calls and transfer questions.
And actually, I think, the biggest challenge that we've had is not security versus privacy and I don't think that will be a challenge in the future. The real challenge that we are having is the policy issues that cover both aspects like who's a covered entity. That gets really sticky and we've been working really closely together on those.
PARTICIPANT: Simon, it sounds from just conversation you have had something this committee could do is maybe with CMS put together a work plan on what entities ought to be considering. As I went through this this weekend, and I've been working with some small physician offices on privacy, part of the problem is they don't even know where to begin and Stan just talked about I'm going to start with the risk assessment and I've got this and I've got this and I've got this.
One thing that's not in the rule, probably doesn't need to be in the rule, but really could help is what do you do first and then to take Kepa's argument and if I don't know what I'm going to do with that, where do I go.
Because the thing I fear most is everybody is going to wait until after the 14th of April and get their privacy done and then they are going to begin to look at transactions again and now we are going to be at October and now we've got ourselves down to about a year and a half and this committee very well knows what the problem has been with people not moving fast enough.
I'm wondering if there's something can be done to give people an outline of where they could go and the approach that they could take because the University of Pittsburgh and Intermountain Health know that, but I'm going to suggest that a lot of the smaller insurance plans and providers don't know that.
And if this committee and the department can begin to assist that way, then we won't see the problems we've done before with getting ourselves to the last six months and everybody is saying I don't have enough time, I'm not going to be able to participate, I don't have everything done.
The other thing that bothers me, especially working with small physician offices is a number of them are now beginning to look at systems or small physician's offices, electronic medical record systems and the rest -- I've reviewed a few of these. They need to be thinking about what put in an RFI for a system that's going to be delivered in the next year or two so that when they have a system come in, they have a system that's going to allow them to meet the basic requirements of security and again I don't think they are going to think that way.
Certainly the associations can do some of this and certainly we will do some of this but I think knowing it comes from the committee is kind of like the comment this morning of it may not say official but the fact that it can be on the web page or the fact that it's coming from some other activity gives it some credence because you know and I know there are going to be consultants coming out of everywhere offering to help folks on this particular rule.
And you and I both know there are going to be some good consultants and there's going to be some not so good consultants so if there's something this group could do to help that process through, I think that would begin to help because quite frankly I would like them to know that if they are not starting the risk assessment by October of this year, they had better start panicking now because it's going to take them a while when they get through it, even though they may be very small systems, it's going to take them a while to figure out what a risk assessment is. Thank you.
DR. ZUBELDIA: One very, very useful tool that I found on the CMS web site s the transaction checklist for providers. It's extremely useful because it tells a provider what to do step by step and it includes things like talk to your vendor and look at your software and see your data.
I think that a checklist like that for security, especially for the small providers will be extremely useful. I know HIPAA is not quite like Y2K but I'm looking at a computer around this room that has a sticker that it passed the Y2K inspection in the last week of November of '99 and I think that HIPAA is going to have that same kind of tendency where people will be aware of security the month before the final deadline and we need to raise the level of awareness.
DR. COHN: Other comments?
DR. HOUSTON: This is totally shifting gears. I hate to ask this question but I forgot to ask the question before and I'm real interested in this. Obviously the electronic signatures were taken out of the security rule and I was sort of leafing through it as we were talking.
I said oh, gee, I better ask the question of what is the intent vis a vis electronic signatures, if at all, out of CMS and that's a technology that I know is an expensive and problematic technology often to implement successfully and is there thoughts on what happened to it and where it's going?
MS. TRUDEL: That's definitely something I should have remembered to put into my presentation this morning and I'll be adding it tomorrow morning.
As the preamble explains, we did recommend is standard for electronic signature. The comments that we got back showed that the industry was not coalescing around a single standard that could be implemented in an interoperable way on a large scale.
And actually, this subcommittee has had one or two hearings on that subject to try to help industry start to think through some of those issues.
DR. STEINDEL: There is an e-gov initiative involving electronic signature and I think it would be difficult at this point in time to push a separate electronic, any type of separate electronic signature initiative.
DR. HOUSTON: I thought that was sort of focused at a different fashion and this e-signature status, the electronic signature standards that were originally in the proposed security rule.
DR. STEINDEL: The focus is shifting somewhat. I think that's the best way to explain it because I know we are dealing with them at CDC on some of the needs we have for electronic signatures.
DR. FITZMAURICE: Steve, is this different than the federal bridge project because you are up there talking to the federal bridge project.
DR. STEINDEL: Yes.
MS. BURKE-BEBEE: Back to the issue of the security update for the subcommittee, I'm inclined to like the idea of a hearing and I would see that probably the end of the year thinking that surveys are nice but do we have the resources to actually do that. I'm not sure.
But what we are good at is having hearings where we bring in possibly people from ACR and CMS and hearing about the status of security within CMS and the status of privacy and how they interlock from OCR bringing in professional agencies.
We haven't mentioned WEDI, AMA, AHA representatives to hear from their professional members about issues that are at hand, bringing in possible vendors seeing what they are being asked by their clients, their customers, bringing in providers.
So that's what I suggest because if you know about it, privacy is coming in April and there will be a lot that we can learn by the end of the year. Transactions are coming in October. There may be something that we are able to hear at the end of the year.
And then we need, I think, as a subcommittee to be ahead of the curve so that we know what it is that the industry needs help from us, whether that's educational components or whatever that is, that might happen if we would have a hearing at the end of the year.
DR. COHN: Are there comments? Thank you for suggesting that because that is certainly one other option we can consider.
The point of this conversation is not to come to the solution right at this moment. I think it's really more get a sense of what is it that we need to do, what time frame, is it us, is it privacy, how do we organize this effort and I think one of the moving parts in all of this is really is a comment that Karen made about the fact that CMS and OCR are still trying to figure out how everything fits together themselves and that to me really is a key piece.
I mean, we don't want to start stretching Karen so thin that we are putting her into two different buckets if we can avoid it, but on the other hand if there's the need for completely accountability for security then it makes a lot more sense to put it into a different place and those are the things that sounds like they are still sort of yet to be determined.
I do think we need to obviously also talk to the privacy people. John, I was actually looking at your badge here, your placard with, sort of thinking in my own mind, now we've got a lawyer who's a techie.
DR. HOUSTON: Scary, isn't it?
DR. COHN: Well, it's not scary but it is impressive.
DR. HOUSTON: I used to program.
DR. COHN: I think we've known a lot of doctors who have been techies over the years and I've programmed, too, in my past and I know Kepa has done more than a little programming in his lifetime.
DR. HOUSTON: We are all dangerous.
DR. COHN: It's probably a good balance to have as we look towards this but we really do need, as I said, to be thinking about it and John, you have walked in and out but we are sort of trying to figure out what to do about security and does it really fit here, does it fit in privacy. This is a separate work group. What sort of activities need to occur, etc., etc.
I think this is something we'll be talking about in the executive subcommittee.
DR. LUMPKIN: We need separate security for our meeting?
DR. COHN: Probably that too, but I think now that the security rule is out, I think we really will need to take a long look to figure out where it best fits, where there's the energy to do it.
I think Kepa did comment very appropriately that as of today, there are a lot of things that this subcommittee is involved with and I don't think anybody is sort of jumping to add something tomorrow but as Suzie commented, maybe by the end of the year but I think there's going to be a number of other options.
And John, I do agree that it's -- we should use your time appropriately and not make you sit through lots of things that you are not interested in for those things that you find that you are really finding compelling. I'm sure you agree with that.
DR. LUMPKIN: I'm more than happy to help out on the security side.
DR. COHN: Yes, we know, you will be used but we just don't know where yet.
Karen, any final comments before we move on to the next item? But John, thank you for bringing this one up.
DR. LUMPKIN: Thank for entertaining it.
DR. COHN: It's the first of a number of conversations.
DR. ZUBELDIA: One comment would be to follow up with privacy to see where this fits. If security fits better with privacy or with standards because at this point I think there's very little --
DR. LUMPKIN: You could sort of line up the pros and the cons of aligning each in each area and talking at lunch even, there's a lot of synergies everywhere and there really is, once you start talking to people, as I did, there are a lot of synergies and a lot of different ways.
Hopefully it's such a darn clear rule that there aren't any issues that anybody needs to talk about, right, Karen?
MS. TRUDEL: One possibility would be to have that hearing that Suzie mentioned at the end of the year be a joint one between the two subcommittees and have that be the point at which that discussion would begin to occur because I know the privacy subcommittee probably has an awful lot of their plates right now, too, with April coming up.
MR. BLAIR: Could I also suggest that that might be also a good time tying together -- or add a third link to the chair which is status of electronic signatures and digital signatures to see in it's appropriate to look for recommendations in that area as well.
DR. COHN: Sounds good and as I say, we'll have further discussions tomorrow and I know John you will be there as well as some though not all of the committee members since there's a number of dual memberships.
DR. HOUSTON: Unless it snow substantially.
DR. COHN: Well, actually I'm told that John Lumpkin has a very large hotel room that we could all use for our meetings tomorrow. We are actually sort of questioning whether the government closes tomorrow. That issue came up. Hopefully it will not so it will not be an issue.
With that, let's move on to the rest of the agenda items since we have NHII coming in about 35, 40 minutes. Donna, did you want to update people on the ICD-10?
MS. PICKETT: Just a very quick update. The contract is still winding its way through the bureaucracy. Three of the four agencies that are signatories to the contract have actually signed off.
I received a message earlier this afternoon indicating that the last agency, the National Science Foundation expects to have the contract fully awarded by the 17th of March, but they are looking to expedite that since all the signatures are basically in place.
And then the kick off could occur shortly thereafter.
DR. COHN: Okay, so, Steve?
DR. STEINDEL: What are the implications regarding a May delivery?
MS. PICKETT: My guess is that the May delivery date would not be accomplishable, given the time frames. If it's not being awarded until the 17th of March, May is not possible but once we have the contract awarded and have the kick off meeting, I believe the contractor would be in a better position at that point to give us a better estimate of what is doable.
DR. COHN: Frees up some time at the May meeting. It may also, I mean, depending on where they are and what they think their schedule is and I presume their first act, once they are awarded a contract is to figure out their schedule and likely date of deliverables.
It actually, unfortunately also may mean that we wind up having a as yet unscheduled session to talk about this, the reality would be is if it came in sometimes after the May meeting but before our full committee meeting in June. We might even need to move things or add something at that point or if not, we obviously do something over the summer for a September deliverable.
I guess we'll be talking about this more, at least a little bit more, when we get together in March for our hearing:
MS. PICKETT: We should have much more information by then.
DR. COHN: At least to be able to brief everyone on what's going on. Any questions about that? Any comments?
Our next issue has to do with the publishing solutions about HIPAA compliance issues and, of course, we knew the first step on that one was to evaluate the ASCA data base, at least to begin to interrogate it.
My understanding is is that it is going to be a relatively brief report but Mike and Steve, you had been assigned the responsibility of getting it and beginning to interrogate it.
DR. FITZMAURICE: My part is easy since I don't have the data but I know the data -- Steve is working to get the data. Have you received the data, Steve?
DR. STEINDEL: My part is easy. I don't have the data. No, actually, we have been informed by the CMS contractor last week that the data set was finally cleaned up. It was not in a form that they can transfer to us until the latter part of last week and now it's just the mechanics of transferring the data base from the CMS contractor to myself.
And I am actually anticipating seeing it in my mailbox when I go back to the office on Friday but we have suggested other alternative ways that you could have gotten it to us a little quicker but even if I had gotten it at the end of last week, all I could have said was I have it.
DR. COHN: Comments about that? Questions?
DR. ZUBELDIA: Do we know what are the questions that we are going to ask our data?
DR. STEINDEL: Until I see the data base, it's somewhat hypothetical. I think we have a good idea based on the previous reports, but we need to see what the data base actually looks like. I've asked for a data dictionary, for instance, and she hasn't sent that to me yet to we have to figure that out.
DR. COHN: Certainly, if you remember the outline of activities here was evaluate the data base. If there's some issues that come to us from looking at the data, but also at the same time be talking to others in the industry about compliance issues.
As you remember, we heard from WEDI previously about some of those though at the time we heard from them, the big issue that they were identifying was the fact that the changes to the final rule were not out so now we have that out.
The question is, are there other issues or are things pretty much copascetic for implementation. It sounds like, I mean, I think what we are going to need to do in March on day two is to get this piece moving because clearly we need to get whatever report on this, we also need to hear a little more from the WEDI folk about now that the addenda or finalized and all this, what sort of other issues do we see as other issues.
Are there some compliance solutions that we need to publish or identify from other sources such as WEDI or others that we should be at least noting on our web site and sort of go from there.
Obviously, you remember this is all part of ASCA rule that we are supposed to be publishing solutions to compliance issues identified so we would like to do that so we can move past it.
Is there anything else? It seems to me this is really an item for day two of the March hearings. I do notice that we actually had WEDI listed here but I suspect that the weather may have prevented them from participating or making an appearance.
MS. TRUDEL: Yes, I think one of the things that they wanted to talk about is that they went away from the last hearing interested in trying to pull together a group of people to discuss possible alternatives or improving is the standards update process and I believe they kind of wanted to let everyone know how they are doing on that.
I think they have had one or two phone conversations, teleconferences and I'm sorry that they are not here but I'm sure we will have other opportunities to see how that's going in the future.
DR. COHN: I think when we last saw them, I think we talked at least informally about them coming back and give us an update on March 26th so I think that will once again be another item for that second day.
Now, I'm sorry, Suzie.
MS. BURKE-BEBEE: I was a little bit confused, but I thought, Kepa, you asked about do we have questions that we've got put together for the ASCA data base and if I recall when we had this discussion at the end of last year, I know I have notes. I think, Karen, you took notice of further questions that were suggested at the time of our meeting, our subcommittee meeting so I don't have if those would be of still value or not but I certainly have these notice.
DR. STEINDEL: Yes, I was referring to that when I said we have some idea of what to do with the data. It's just that we think that there may be some more questions depending on the nature of the data. Essentially we start out with cross tabs and move from there.
DR. COHN: Well, now, the next issue is really the PMRI update and moving into plans for the March hearings. Jeff, do you want to lead off this --
MR. BLAIR: I tried to give you at least a glimpse of the status of where we are with respect to PMRI terminologies, sent everyone an e-mail message on Monday indicating the responses to the PMRI terminology questionnaire. There were 36.
I think we are about to have another one being submitted shortly and it pretty much covers everything we had hoped to be able to receive.
Walter Sijanski will be providing us an agenda for March 25th by the end of next week after he has had an opportunity to look through all of the questionnaires.
We are planning on having a full day to receive that analysis and discuss the issues that come out of that analysis.
Some of the types of issues that we are anticipating will come out of it is either whether it's necessary for us to either validate or follow up on some of the information we've received or whether we failed to ask certain relevant important questions where Walter needs to go back to the terminology developers and ask them subsequent questions or the degree to which we should include issues or questions in the questions that we ask the users of the terminologies who will testify to us in May because this is going to be a good lead-in to that or whether this will wind up pointing to and helping us with the folks we invite for May. That's the May 21st date so at the moment that's where we stand with PMRI terminologies. Are there questions?
DR. FITZMAURICE: Jeff, this is Mike. I wonder, in looking at past surveys, I remember the inventories that you and Nine did, some of the responses got to be quite voluminous, that is, quite big. Are we looking at a typical response that is of the same magnitude?
There is a lot of effort that went into some of the previous responses. Is there a lot of substance and hence a lot of work in categorizing or is it going to be looking at it and then maybe calling them up and seeing if there are some hen's teeth rolling around that we can pull out of them? Do you have a sense for that? Maybe it's too early to get a sense for that.
MR. BLAIR: The only sense that I have for it is that of the questionnaires that I glimpsed through, it looked to me as if the terminology developers gave a considerable amount of time and thought to providing information that was as good as they can.
So I think we are really going to have to wait until Walter does a more complete evaluation of that and that will be reflected in the agenda that he sets up for March 25th when he reviews that with us. So I guess I'm answering your question.
DR. FITZMAURICE: That was a good answer. Thank you, Jeff.
DR. COHN: Other questions?
MR. BLAIR: I would tell you that I am, at this point, very, very happy with the response that we've gotten to the questionnaires, both in terms of the number of the responses and the cross section of terminologies that we've received and so I feel like things are promising for us to at least be able to have good information to deal with as we go through our process of evaluating the terminology. Steve, do you have any other observations or comments?
DR. STEINDEL: My observations would just somewhat at a distance from Jeff since I haven't, except for the few questionnaires that I've received from groups that I'm involved with that they were sharing the information and those responses were very detailed and I'm looking very favorably at the responses for this. I agree with Jeff that a lot of thought has been given it through the answers. I think we are going to get a lot of useful information.
DR. HUFF: One question occurred to me when I saw the list of people who responded, I was very pleased with the exception that I expected response from the
+634UMRS medical source folks and that caused me to ask the question -- I mean, if there were an important terminology that the committee, either by foreknowledge or other thought was important and those guys didn't respond, what's our process? I mean, are they eliminated from consideration?
MR. BLAIR: Well, of course, we invited Betsy, you know, we gave her the questionnaire in case she chose to respond or Stewart Nelson, if he would have done so.
My impression is that the reason she chose not to do that was that she and others views MLS as the vehicle for mapping between the core and other terminologies and that that's sort of part of the strategy. Steve, do you have an observation on that?
DR. STEINDEL: That would have been my observation. I seen to recall, didn't Stewart respond from some other areas on the national library?
MR. BLAIR: Yes, Stewart Nelson provided -- for RX norm and Steve Brown with NDFRT and we have a drug knowledge base. We are sliding into a different subject there, but I think that that's the reason that they didn't feel like they were contributing another terminology, not considering the NMLS a terminology but the mapping vehicle to map between our terminologies.
DR. COHN: Stan, you also were asking for a process of what happens.
DR. HUFF: That was the one -- I was asking actually, I mean I was interested in this particular question but it was, I mean, for instance SNOMED had not responded or two weeks from now something we thought was important as SNOMED hadn't responded, what would our process be ultimately?
DR. COHN: I was actually going to just suggest that it might be once again, recognizing that we have formal and less formal processes that if indeed you feel it's an issue that you should communicate with the National Library of Medicine and ask then why they didn't. I think that's a reasonable thing for a subcommittee member to do.
It's an important terminology that we feel that maybe has not been addressed. I do tend to agree with Jeff and Steve's view that I tend to think of the NMLS as more of a meeting of terminologies as opposed to a separate one but I think we can let Betsy decide on whether it's appropriate to submit or not.
DR. STEINDEL: I don't recall Suzie and Jeff handled the actual solicitations from the terminology people. Did we solicit Betsy at the national library on NMLS?
MS. BURKE-BEBEE: Yes, we did and actually, there aren't that many. I mean, Jeff, I was going to offer to work with you to do that but the list is less than 10. There's one, two, three, four, five, six. That's it. And I would venture to say of those six, well, I didn't even include ICD and ICF because they are coming and I imagine HCPCS is coming so that gets it down to five with MLS is one and I bet you we could get that one, too, so I don't think -- I think we need to follow up, Jeff, and I'll help you if you need that.
DR. COHN: That's more formal then, good. Other issues on this?
I want to talk about a couple of other things that I think we maybe have touched on a little bit earlier today. Any more on the terminology piece and PMI?
MR. BLAIR: Why don't I just mention something else? Because this individuals that have come up to me with questions with respect to SNOMED and I feel like it's sort of an open issue since there's been articles that have been published recently indicating that at least a preliminary or conceptual agreement has been made to I'm not saying anything that hasn't been already in the media and published and so I've mentioned this here.
As the conversation that I had with Walter Sajanski is that at this point I think things are far enough along with the negotiations between National Library of Medicine and the College of American Pathologists that we should assume that by the time we make our recommendations in September there would be some type of an agreement announced by that time.
If anybody feels like that is not the proper way for us to proceed, then that would be a topic for us to discuss. Is that okay with everyone?
DR. FITZMAURICE: Jeff, I guess -- this is mike -- would we do things differently now? That is, we'll probably know in the next couple of months that that's a factor. I don't see that it's going to change very much of what we would do now, we just need to be aware of that. Is that your reading, too?
MR. BLAIR: I just want the to kind of share with you the assumptions that I was going by and that Walter would be going by and again the time frames is that we won't be really banking our recommendations or our first draft of the recommendations would be developed probably in June and July and I guess we would review the first draft in July, the second draft in August and the third draft which hopefully should be our final one in September and I would think that by that time we would hear a confirmation of our assumption,
DR. FITZMAURICE: So what we are saying that we are not ruling out anything because of the uncertainty or because we are assuming something that we don't really know for sure. We are still keeping all of the options open for terminologies to fit a certain function.
DR. COHN: Let me just sort of make a couple of other comments about other things that are sort of on the table. I do want to warn people. The sounds like the second day in March may be -- I wouldn't expect people will be getting out at 12 noon.
We've had discussions now -- I think I mentioned this this morning with the combined health care initiative. I think there's been sort of a conceptual agreement that we will just consider them to be sort of a standing item for every set of meetings we have sort of coming up.
And it's likely though not definite that CHI is going to come to give us a slightly more in-the depth briefing about sort of plans and sort of conceptual work that they are intending to do, sort of going forward with the idea that we may very well get sort of a reactor panel as part of day two to sort of give us their views on it.
That's not 100 percent definite but we think that by March that that sort of discussion will be appropriate and then we are likely to have sort of ongoing discussions with them or soliciting public input in sort of future meeting, future hearings that we have.
Obviously we talked about enforcement and I think that's a discussion that we need to have with the privacy subcommittee tomorrow because it sounds to me like the enforcement stuff is moving forward and it's probably time for us to think about having some sort of a session hearing with privacy to sort of solicit any public input that needs to be occurring or concerns of the public around, hopefully from the industry, relationship it's enforcement rules before they turn into an NPRM or otherwise. We've been doing that, all sort of moving forward.
There's also the issue that we need to find some time on and I don't know that it's going to be March or when but I think we are all sort of aware that there's been a fair amount of conceptual work that evolves around the claims attachment piece and some of it I think is probably requiring there to be rewriting of NPRM's.
We are aware that the last time we talked about this or saw it was about two years ago. And recognizing that there's been some sort of fundamental rethinking of approaches around that, I think it makes sense for us to try to get representives from X-12 and HL-7 and if there are other interested parties come forward and sort of both brief us as well as provide us with input so that at such point as we do see an NPRM we'll know how to respond. Jeff?
MR. BLAIR: The conversations that I've had with a few of the folks that have been working on health claim attachments, one of the things that would be extremely helpful to them, if they had some feeling from HHS as to what their window is if they do do an update to their input to HHS. Do they have six months? Do they have nine months, do they have a year to do that? And then that could help them a great deal.
Because they don't want to upset -- they waited so long for the NPRM so come out -- they have hesitated to move forward because they never knew when it was imminent or if it was imminent so if HHS is able to give them some guidance on that, that would be very, very helpful.
MS. TRUDEL: We have already had some discussions with HL-7. The version that they are working on right now is not balloted and it has not been pilot tested.
However, if they wish to bring to the Secretary's or the committee's attention that they are working on a new standard and that they would like to be allowed time to have it mature, then we've said that they would just need to send us a letter to that effect.
DR. COHN: Okay, so I guess we'll sort of have to see where they are and what their views are about all of that.
MS. BURKE-BEBEE: Simon, was there anything more we were going to do with the complementary and alternative medicine? I've been getting e-mails and phone calls about any additional hearings or discussions that we may be having.
DR. COHN: I think -- I'm just sort of I think reflecting our last meeting. I didn't think that we -- we didn't identify an action item out of that last day of hearings except that I think we felt that either at the end of the year or the beginning of next year that we were going to be revisiting to sort of see what was happening in the industry at that point, recognizing I think what we heard was some providers were sort of satisfied with what was going on.
Another set of activities was going onto test a new standard so we needed to sort of see how that was all going.
MS. BURKE-BEBEE: Are we as a subcommittee interested in the one and only waiver that has been given? The alternative link and how that's going somewhere down the road?
DR. COHN: Well, I think that was a two year pilot so I think we were interested in about a year to sort of see how they were going. If I am misunderstanding things, please --
DR. ZUBELDIA: I think they offered to report back every three months. But necessarily we don't need that many reports.
DR. STEINDEL: It was my impression that we were going to be hearing from them concerning what's going on with the waiver process sometime in the latter part of the year and I viewed that as between October and December but that was just my mental picture.
DR. COHN: Yes, that's probably, I mean, we have to look at the minutes but I think we made sort of statements at the end of the meeting and I don't mean to misstate it, but I think I remember sort of towards the end of this year as being a time that we would want some sort of an update and I don't remember whether we said that and/or early next year or not.
MR. BLAIR: What I was curious about today when we heard from Ed Sondik that they had done a survey in the area of alternative medicine and if any results from that survey are going to be available in the time frame that we are working because that would be useful to us.
DR. COHN: Is that study already done?
MS. BURKE-BEBEE: I don't know but I could check on that.
DR. COHN: Could you check for that and if there's something available, we would love to see copies of it.
Is there anything else going on? Is there anything else we need to put on the agenda for March?
MR. BLAIR: One thing I guess I would like to ask with respect to -- Carol Bickford, are you here?
MS. BICKFORD: Yes, sir.
MR. BLAIR: Alternative medicine -- we received the presentations on that but, of course, they also responded to our invitation and submitted it as a PMRI terminology candidate and it's also a consideration within some of the nursing coding systems.
So Carol, I was wondering if you have any comments or guidance or suggestions to us in terms of the role that the ABC codes might play as being considered as a PMRI terminology.
MS. BICKFORD: From the perspective of nursing the ABC codes has included the interventions from home health care classification, the Omaha system, and then also the nursing interventions classification so they have done a lot of the mapping work up front and teasing out what are common concepts.
And they have worked with the developers to make that in place so there's sort of, they are doing similar work like SNOMED has done in integrating the nursing languages into their product as well.
I don't know that the committee necessarily needs to do anything but just appreciating that they have already begun to consolidate some of the multiple views that we have in nursing.
There are nurses that are very interested in participating in the demonstration project and have signed up to be able to reflect their practice because that capability now so we'll have some nursing components reports through that process. Does that answer your question?
MR. BLAIR: Thank you.
MS. BURKE-BEBEE: I keep having these ideas. Maybe I should stop. I know Jerrod Adare with her CHI project has been in touch with us but I'm not sure that I'm clear on future updates about CHI being a participant in the CHA, CHI initiative I can say that we are very interested in what's going on with the PMRI work right now and so, in looking at that, I'm wondering how we could get an update from CHI, from Jerrod Adare if that is on our plate.
DR. COHN: We were actually planning for that for March on the second day. Maybe Jerrod or staff or whatever and I guess I was, it sounds like you and Steve probably need to coordinate -- you haven't spoken, okay -- you need to coordinate that.
I guess I would also look to both of you to sort of help us put those sessions together for the 26th meeting. Anyway, and I guess, beyond that, obviously I think Karen and I will be talking about sort of the discussions with WEDI and all of that and getting them all scheduled up.
We'll probably also need conversation around the claims attachment and probably as Karen and I having that conversation and seeing if it's appropriate to get them and if there's ways to make the schedule such that we can include something around claims attachments.
It would either be for there or May, depending on how that all works. Obviously Jeff and Michael and Walter sijansky are putting together day one.
Now, is there anything else we have missed in all this? Probably get things sort of assigned so that no single person is overwhelmed.
I think with that, any comment? Going, going, gone.
Obviously we'll have ongoing conversations around security and hopefully over the next week, couple of weeks or whatever we'll have a slightly better sense of where the home for that will be and how we move forward with it and John, obviously there will be ongoing conversation so I doubt it will solved by the end of the day tomorrow, but you never know.
With that, I think our meeting is adjourned. Thanks very much.
(Whereupon, the meeting was adjourned at 4:20 p.m.)