[This Transcript is Unedited]
Hubert H. Humphrey Building
Room 800
200 Independent Ave, SW
Washington, DC 20201
Agenda Item: Introductions and Opening Remarks
MR. HOUSTON: Good morning. I along with Leslie Francis, are the co-Chairs of the Subcommittee on Privacy, Confidentiality, and Security for the National Committee on Vital and Health Statistics. NCVHS is a Federal advisory committee consisting of private citizens that make recommendations to the Secretary of HHS on matters of health information policy.
On behalf of the subcommittee and staff, I want to welcome you to the second day of hearings on privacy, confidentiality, and security of personal health records. We will begin with introductions of the subcommittee staff, witnesses, and guests. Subcommittee members should disclose any conflicts of interest, others need not do so. I'll begin by noting that I have no conflicts of interest.
DR. FRANCIS: I'm Leslie Francis. I'm at the University of Utah and I'm a member or co-Chair of the Subcommittee and a member of the full Committee and I have no conflicts.
MS. BERNSTEIN: I'm Maya Bernstein. I'm the privacy advocate of the Department. I work in the Office of the Assistant Secretary for Planning and Evaluation. I'm the lead staff to this subcommittee.
MR. REYNOLDS: Harry Reynolds, Blue Cross and Blue Shield, North Carolina. I'm a member of the Subcommittee, Chair of the Full Committee, and no conflicts.
MS. MILAM: Sallie Milam, West Virginia Health Information Network and the West Virginia Healthcare Authority, member of the Subcommittee. I'm an N2 contractor.
DR. TANG: Paul Tang, Palo Alto Medical Foundation, member of the Subcommittee. No conflicts.
MS. KHAN: Hetty Khan, National Center for Health Statistics, CDC. I'm staff to the Subcommittee.
MS. CHAPPER: Amy Chapper, Centers for Medicare and Medicaid Services, HHS, staff to the Subcommittee.
DR. TAFFEL: I'm Bruce Taffel, Chief Medical Officer, Vice President for Shared Health.
DR. GROSSMAN: Hi, I'm Joy Grossman. I'm a senior health researcher at the Center for Studying Health System Change, which is a nonpartisan health policy research organization in Washington, D.C.
MR. HOUSTON: Chris Sullivan, are you on the phone?
DR. SULLIVAN: Yes, I am. This is Christopher Sullivan. I am the administrator of the Office of Health Information Technology in the Florida Center for Health Information and Policy Administration at the Agency for Health Care Administration in Florida. I have no conflict of interest.
DR. FRANCIS: While we're at it, is Gail on the phone?
MS. HORLICK: Yes, this is Gail Horlick at the Center for Disease Control and Prevention and I am staff to this subcommittee.
MS. WATTENBERG: Sarah Wattenberg, Senior Public Health Analyst from Substance Abuse and Mental Health Services Administration. I'm staff to the Committee.
DR. SUAREZ: I'm Walter Suarez with the Institute for HIPAA and HIT Education and Research, a member of the Subcommittee and no conflict.
(Introductions around the room.)
MR. HOUSTON: Thank you and welcome to everybody. As I discussed yesterday, I would like to give a brief background on the purpose of these hearings. As you are aware, great emphasis is being put on the improvement of quality care, while controlling health care costs. Part of these reductions are hoped to occur through the adoption of electronic health records systems and the efficiencies that come through their use. Along with the adoption of electronic health records systems, there is a significant interest in the deployment of personal health record systems. Hopes for PHR's include better management of chronic disease and greater patient participation by patients in their care.
At the present, these personal health records systems come in a variety of forms. We anticipate more forms in the future, including greater integration of PHR's with EHR's. For right now, PHR's include PHR's that are tethered to provider-based EHR's, PHR's that are tethered to pair-based claim systems, free standing PHR's, which may be hosted by such entities as Google, Dossia, Microsoft, and others and generally use PHR's that are tailored towards chronic disease management.
It is likely that there will be a significant change in consumer facing health IT over the next five to ten years and that these changes will continue to raise important issues for privacy and security. These hearings are intended to explore the privacy, confidentiality, and security requirements of PHR's and consumer facing health IT today and in the future. The first two panels today will speak to various kinds of PHR's and the privacy and security issues that they have encountered. The third panel will discuss privacy related to federal PHR demonstration projects--that's June 9th? Sorry. My apologies. So we only have two today. Sorry about that. I got ahead of myself.
Invited witnesses will be asked to limit their remarks to five minutes if at all possible. After witnesses on each panel have testified, we should have ample time for question and discussion. Witnesses may also submit additional written testimony to Marietta Squire within two weeks of the hearings. At this time, if anyone has their cell phone in the on position or any other electronic device that would interfere with navigation or hearing, please turn them off. We will be broadcasting via the internet today, correct? So welcome those who are listening. Again, we are also being recorded as well and are being sent to people on the telephone so I would ask that everybody speak clearly and at a level that can be heard.
With that, we are going to start the first panel. I don't know, Bruce or Joy or Christopher, who wants to go first? Want to go with Joy?
Agenda Item: Panel IV: Plans and PHR's
DR. GROSSMAN: I would like to thank the Subcommittee co-Chairs, the members, and the staff for the opportunity to speak with you today. My comments are going to be drawn primarily from a study that was funded by the Robert Wood Johnson Foundation that was published in the March-April 2009 issue of the journal Health Affairs. This study looked at 12 health insurers that were offering personal health records and I just wanted to note that we excluded Kaiser Permanente and other health plans like that so this is really looking at commercial insurers. A copy of the study, I believe, was submitted to the panel in advance. I wanted to acknowledge my co-authors, Teresa Zayas-Caban of the Agency for Healthcare Research and Quality, and my colleague Nicole Kemper.
I'd like to briefly summarize some of the findings and highlight a few of the implications that I think are relevant for the work of this subcommittee and I'm happy to discuss the findings in more detail during the discussion period. As with most PHR's out there, the health insurer PHR's are new and evolving products and they vary substantially in design, but we can draw a few trends from the information that we collected.
First, insurer PHR's are adding data and functionality. Most are beginning, either have or are in the process of planning to auto-populate the PHR's with claims-based medical records and a claims-based medication list. Plans are also moving to provide actual clinical laboratory results. Second, plans are giving enrollees the capability to allow their physician to access their PHR electronically. Some plans are actually also developing a separate physician portal that gives physicians access to the claims-based data, but not to any data that is entered by the enrollee directly. That would require the enrollee to provide access. Some of those portals are being marketed specifically to physicians or emergency rooms and other Medicaid providers, which I think Bruce will talk about. Lastly, health plans are beginning to integrate applications into PHR's. The most common was clinical data support, for example drug-drug or drug-allergy alerts and preventive care or other gaps in care reminders. Those were going both to the patients and to physicians in many cases, and they relied on both the claims-based data and the data entered by the patient or the enrollee. Some plans were also beginning to use the data to identify patients who were eligible for disease management programs.
As with the kind of data and the functionality of the PHR, there was a lot of variation in the control of the PHR data, which I know is of interest to this panel. Just sort of globally, it is true that in general insurers typically gave enrollees control over third party access to the patient-entered PHR data and a fair amount of control over what data elements are shared. At the same time, the health plans, themselves, gained consent for insurer access to the enrollee-entered data as a condition of participation, typically through the privacy agreement and sometimes through specific agreements entered into as part of participating in a care management or disease management program.
There's a lot of detail that we collected on these different types of issues and we can talk about that more in the Q&A period if you'd like. For example, in terms of sensitive information, about half of the plans excluded some type of sensitive information. That really varied across the board. The other plans typically provided that data to consumers. Some restricted the view of providers and may or may not have given the consumer the opportunity to reveal that data to providers if they so chose. There's other examples like that in terms of the variation.
At the time we did the study, there was really no data portability, no ability to export this data to any other PHR's. There was obviously discussion I think people are aware of among the health plans in terms of coming up with standards to be able to do that. Two of the plans announced around the time of the study that they were developing relationships with Google or Microsoft. I think those relationships typically were to export the data. I don't know that there were any to actually import data into the health plan PHR's.
In terms of the potential benefits and limitations to patients and physicians, we weren't really able to identify users because these were so new so we spoke to consumer representative and physician IT experts in local communities across the country typically involved in health information exchange or other efforts. In their view, from the consumer representative perspective was that these insurer PHR's address a major hurdle in consumers using PHR's because they auto-populated the data. At the same time, they felt that consumers had a general distrust about sharing personal health information with employers and health plans as well as concerns about internet security and so perceived these as serious barriers to wider adoption and use of these products. On the physician side, they had--I know that you discussed yesterday, in terms of data quality issues that physicians are concerned about using claims-based data for treatment purposes, although in the absence of other data many acknowledged the value of having at least some data to start with at the basis for talking with their patients. In addition, though, they saw serious workflow barriers to being able to access this data and then to be able to absorb it and review it in the context of a pressured patient encounter. So, again, they saw serious barriers to being able to use this data.
In terms of thinking about what kinds of things might be able to improve or expand uptake of these products, the people that we spoke with had some ideas. Clearly the health plans are aware of these barriers and working to try to design the projects to make them more accessible to the user so they're targeting. Obviously you're going to be hearing from the public payers as well that Medicare is doing a similar kind of thing.
So some of the things that we identified were developing a clear, understandable privacy policies, specifying for example how the data will or will not be used. In the case of insurer PHR's, you can imagine being very explicit about whether employers have access to this data and whether the data will be used to impact on premiums, restrict coverage, or curtail benefits. A second tool that some plans were using, which was real time audit tools to be able to allow enrollees to identify who has access to their PHR, rather than submitting a written request and waiting for disclosure of information at a later date. Third is supporting the portability of PHR data to other platforms or application. One could imagine the reverse also allowing data to be imported into a health plan, a health insurer PHR. I note this in particular because some of the consumer representatives suggested that health plans really have a potential role to play in providing unique tools to patients to help them navigate the health care system, understand their insurance benefits, and manage out of pocket costs. I think some health plans were sort of forward thinking in this direction, but not a lot has been done to integrate the other types of tools that they have on their websites with the PHR. One plan did mention that they were in the process of integrating a cost-estimator and a condition specific provider search engine into the PHR to leverage the data for the patient.
I think on the physician side, physicians noted that with this data and some of the plans with this data portability, it would be possible, potentially, for physicians to be able to auto-populate their EMR with data that they thought was valuable. I think that from the workflow barriers and the value of the data issues for providers, this is really reflective of a broader problem that we've identified in a number of studies that we've done, which is that providers are increasingly being able to get access to electronic data, either from hospital portals or from a large reference lab they use or from health information exchange or from some potential PHR products, but it's a lot of different things coming at them and very few of these products cover all of their patients or for any given patient, cover all of their care. So there are going to be barriers, even when you resolve the interoperability issue, to figuring out how to absorb this data in a workflow and what you're going to import into the system.
I think with that I'll just conclude and I'm happy to answer more detailed questions about the privacy or other issues.
MR. HOUSTON: Thank you very much. Bruce?
DR. TAFFEL: Okay, co-Chairs Houston and Francis, members of the Subcommittee, fellow panelists, I appreciate the invitation to join you for a discussion on a topic that stands, I feel, at the intersection of our nation's goal in health care and that is improving care, reducing costs and of course the vital mission of this subcommittee, protecting privacy.
My name is Bruce Taffel. I am the Chief Medical Office, Vice President of Shared Health. We're one of the nation's largest public/private Health Information Exchanges. I am here first and foremost as a physician and I know the quality of medical care surely depends on the quality of medical information available to the clinician rendering care. More and better medical information exists today than ever before. But this information is stored in silos--from physician offices to pharmacies to insurers--preventing care providers from considering the totality of a patient's clinical conditions and needs. These silos are a barrier for informing physicians and that is the problem.
Within that problem lies this possibility. These silos store enough information to paint a complete, detailed, and accurate picture of a patient's health, if that information is interoperable and made easily available to both patients and clinicians. The purpose, the mission of Shared Health is to use this interoperable data to transform care.
For many that mission remains a vision still to be accomplished. However, for more than 2.6 million patients who participate in the Shared Health Clinical Xchange and the more than 3,800 clinicians who care for them, it is a reality today.
Share Health collects and integrates participants' medical information from multiple sources, including payers, clinicians, in-patient/out-patient facilities, laboratories, pharmacies, and pharmacy benefit managers. We function as a trusted data steward for consumers, providers, and health plans. Our HIPAA status is that of a covered entity clearinghouse with BA relationships with those organizations providing our data. Shared Health delivers this data delivers this data accompanied by innovative clinical decision support tools to the point of care through both an online longitudinal record in integration with EHR's.
Patients can opt out of Shared Health, but only less than one tenth of one percent do so because we carefully and comprehensively explain two things. One, what the benefits are for Shared Health to the patient and two, the stringent safeguards in place to protect the security and privacy of their personal information. Share Health's benefits in terms of both patient health and the cost of care are already clear. Using our platform, clinicians in Tennessee, for example, have lowered readmission rates to the hospital by nearly 30 percent, reduced services needed in the emergency room by 40 percent, and brought down the average length of a hospital stay by 20 percent. Treatment efficiency has increased by 17 percent. Other costs are falling, too. We have seen a 21 percent reduction in ER visit costs and an average of eight dollars less per prescription. In addition, we also track quality. In compliance with evidence-based medicine, guidelines on wellness care also have risen dramatically.
Our security system is the bond that links Shared Health with consumers. It is proof that they can trust us with their personal medical information. Consequently, Shared Health maintains a culture of transparency around privacy and security practices. We educate consumers about privacy in settings ranging from our website to our call center to live meetings. Shared Health provides all individuals with their rights as prescribed under HIPAA, such as an accounting of disclosures outside of TPO, access to their information, and the ability to request an amendment to their information.
Shared Health is further committed to privacy and security where our safeguards even exceed the minimum requirements currently in HIPAA. We absolutely believe that any records that contain a member's medical history, including PHR's, should be subject to current and future HIPAA privacy and security rules.
We provide an audit trail report to each individual who requests it, telling them who accessed their record and when and all information and critical details are logged. We impose a strict authentication process to ensure private patient information is accessed only by authorized users. In addition, we routinely monitor user access and activity and have identified aberrant patterns and triggers that we employ for real time alerts to our compliance department. Finally, sensitive data is filtered from the data input process to ensure compliance with multiple state, federal laws and regulations.
As you know, a number of potential regulatory and other issues will help to determine whether systems like Shared Health continue to transform care. In these remarks I want to briefly mention two. First, for the benefits of health information technology to be fully realized, networks must be as seamless as possible. Consequently, Shared Health favors replacing the patchwork of state regulations with federal standards that would make administration and privacy rules more consistent. The optimal position for sensitive data would be a federal standard that would preempt all state disclose requirements. Secondly, security systems can and must adequately protect patient privacy without causing either needless delays that impede adoption of the technology, interrupt workflow, or potentially dangerous delays in emergency situations.
In addition, Shared Health supports many of the suggestions contained with NCVHS' February 2008 letter addressing individual control of sensitive information. The issues that were brought up in that letter, such as categorized sense of domains, break the glass functionality, and notations for missing data are things that we support. We share NCVHS' concerns regarding making sensitive data available for clinical decision support processes.
Finally, allow me to conclude by saying that the full promise of HIT is immense. Even the remarkable possibilities we have already seen are only the foundation for innovation still to come. In the future, evolving technology will increasingly inform and empower patients, giving them enhanced control of their personal information and treatment. Growing interoperability will relieve patients and their families from the overbearing burden of being the sole messengers of complex medical information. And the results will be remarkable progress toward the goal our country shares: better patient care, delivered more efficiently, at a lower cost. Thank you.
MR. HOUSTON: Thank you very much. Mr. Sullivan?
DR. SULLIVAN: Yes, good morning and thank you. I'd like to extend my appreciation for being invited to this committee and I look forward to providing my testimony on the Medicaid personal health record, which we are planning to roll out in Florida.
Just as a little background, the Agency for Health Care Administration has a five year history of trying to promote health information exchange in Florida and personal health records. Last year, for example, we promoted a website for disaster preparedness looking forward to the hurricane season. In that website, we presented a number of pages on personal health records, what you need in a personal health record, how do you obtain one, and what type of information should you be collecting and storing securely in case of a disaster. So we have had this in our headlights for a number of years and we're really pleased that we've been able to implement and integrated plan that includes both providing claims-based electronic health records to physicians and then using that same database from Medicaid claims to roll out a personal health record for Medicaid beneficiaries.
Again, just as a part of the background, we are planning on rolling out a Medicaid electronic claims-based electronic health record this summer, which we will, for the first time, take Medicaid claims data as well as Medicaid medication history and provide that to physicians for use at their point of care. While we were working on this project, we started kicking around the idea that if we can provide physicians with the claims data from Medicaid, we could also provide patients who are Medicaid beneficiaries with the same level of claims-based information.
As we discussed, we realized that we also could take a personal health record and use it as a way of empowering patients, especially Medicaid beneficiaries, to start taking a little bit of control on their own health care by using the personal health record to put in their own health records, to put in their own notes, to keep track of appointments, and to basically take a much more active role in their health care.
With the planning for the personal health record, we have been very lucky in being able to work with a couple of companies--one in Florida, one based in Denver--we're able to work with Availity, LLC, who has agreed to pick up our Medicaid claims and roll them up into their Availity-claims profile, which currently provides claim-based data from Blue Cross Blue Shield and Humana. What we are planning is to have a multi-payer claims-based electronic health record, which will integrate not only the Medicaid claims, but also Blue Cross and Humana for providers. We find that Medicaid patients come in and out of Medicaid roughly on a six month cycle. The fear of having just a Medicaid claims database is that if they leave Medicaid, then you loose track of their record. This way we feel we can at least have some continuity of care across health plans if a Medicaid beneficiary goes to Blue Cross or Humana.
We have dealt with the distribution of record by requiring that a physician gets patient consent at the point of care in order to access the Medicaid claims records. This was really a good step, we feel, because one, it allows us to get patient consent for having the physician use the health information exchange to look at their records and two, it allows us to provide a complete record to the physician without having to screen for what we would call the supersensitive data, such as mental health notes, HIV, or substance abuse. With the patient consent, then the physician can have a full record of the patient and counter-history as well as their prescription history. This also applies for the PHR, in which the patient will be consenting, so to speak, to have his or her records put in.
We‘re working with Health Trio, who is connecting with Availity to provide our personal health record for Medicaid beneficiaries. We have about 3 million Medicaid beneficiaries in Florida and that is sort of a large number to address a PHR to so as our first phase in our demonstration project we decided to focus on new mothers and their infants, their babies. There was a good reason for this.
We know in Florida that over 50 percent of all the children born in Florida are born under Medicaid. So we know that there is a large population of mothers with newborns who have access to Medicaid services and while the mother may not be on Medicaid after the birth, the child continues on Medicaid. So we felt this would be a really good target audience because new mothers tend to be very interested in the health care of their child, they're interested in information, they're interested in picking up a lot more knowledge about what to do with their child. So in working with Health Trio, we rolled out a two year plan. In the first year, Health Trio will provide a basic client-centered PHR, a personal health record, in which the mother or guardian of the newborn can enter information about the child, can note immunization appointments. They can basically use it as the very common client enters all the information into the personal health record.
We have also had Health Trio work with us to develop a content to the PHR that provides links to a whole range of informational resources for the new mother so that if she desires or he desires, whoever the guardian is, we have, for example, links to the CDC, which provide information on head size, birth weight, growth charts, as well as other links to a lot of other resources. In this way, we felt that we could provide a compendium of information for the parent. Once the child is born, of course the child becomes a Medicaid beneficiary, the child gets his or her own PHR and those two PHR's are linked so that the parent can record information on her doctor visits and then can step over to the child's PHR and record information on the child's doctor visits.
In the second year of the roll out, what we'd really like to do is to then provide a link between our Medicaid claims health information exchange, Availity, and have Availity populate the personal health record with Medicaid claims records. Now, on our phase two of the Availity--of our health information exchange for Medicaid, we not only hope to be able to pull in Medicaid claims as well as Medicaid prescriptions, but we hope to be able to pull in immunization data from our immunization registry in the Department of Health in Florida, as well as other data that we can find either at the government level or from other institutions. The idea being that if we can let the Medicaid Health Information Exchange gather data from different sources and integrate that, then we can provide that to the patient as a record of his or her encounter history with physicians and also on the newborn encounter history. At that point, we also would like to institute a notification system where we can actually send messages to the parent that it's time for the well baby visit, it's time for an immunization check, it's time for other physician visits or provider visits that would be scheduled and the parent can schedule that on hers or we can populate the schedule for her.
One of the issues that we have run into is the privacy and security. In the first phase of rolling out our personal health record, we are going to work with the Health Trio approach, which is using a username password to log in, but we are really looking at some form of two factor authentication once we start loading the claims data into the personal health record for the beneficiary. We are still working out the correct identity management approach, but we know that there are issues of guardianship, who gets to see records, things like that that we really need to work out and really need to address before we get into the second phase. But we felt it was very important right now to be able to provide a personal health record to at least starting with newborns and mothers, then spread that out to other beneficiaries so that we can really promote the whole idea of using a PHR to take control of your own health care and to record and to note and to remember what went on.
Finally, we would like the PHR, in the second phase, to be able to take those records that we have filled in the personal health record and then port those to any health vault that the patient requires, either on the patient's computer or the beneficiary's computer or to a Google Health or Microsoft Health vault or some other health banking method. The idea being that if the patient goes off Medicaid, the record stops, at least the beneficiary can take those patients with him or her and have that as part of a long term record.
So we are working here to try to do something we've never done, which is to release Medicaid data not only to physicians but to patients, and we're also looking to really try to energize a whole group of Medicaid beneficiaries to really take some steps, active steps towards their own health care, the health care of their newborn, and to work towards a much healthier state in the future. So that sort of summarizes my five minutes, but I'd like to thank you for listening and I'm open to all questions.
MR. HOUSTON: Thank you all very much.
MS. BERNSTEIN: Thanks everyone for making it brief so that we have time for discussion.
MR. HOUSTON: Yes, we wanted to spend a fair amount of time with each panel just to have time to ask questions and delve into some of these issues further. I'm going to use my prerogative as the co-Chair to ask the first question and then we're going to go around the table because I'm sure everybody has questions.
This one is, I guess, aimed initially at Dr. Taffel. You indicated in your written testimony and your actual oral testimony as well that you don't store certain types of sensitive information such as STD's and chemical dependencies. This is an area of great interest of mine. You also questioned whether sensitive data should be available for clinical decision support. I know I'm currently engaged with physician's at my health system to discuss just this issue. I guess the question I have is that I understand that especially when you're dealing with mental health information that maybe not all information is relevant or under a variety of laws is something we could make available generally, but is there a certain class of information that is not minimally necessary such as med lists, problem lists, current lab tests, things like that. What type of information is important from a sensitive--for sensitive information types to be available within these types of records?
DR. TAFFEL: I think particularly medications. I get concerned about drug-drug interactions. I also get concerned about where the privacy rights of one individuals may adversely affect another. As an obstetrician, I have concerns about newborns and the privacy rights, certainly of the mother on substance abuse, but on the other hand doesn't the neonatologist need to have this information available to care for that baby.
Those are two examples of areas where I think there's some real concern. Right now we don't load much of this data. We're really waiting to get some guidance, particularly federally. What's going to be done? Can we make this available for clinical decision support? What are the policies around break the glass so that we can load this data and make it available in the right situations for the right purposes? This is a topic, too, as I'm on the Privacy and Compliance Committee for CCHIT, this comes up all the time. The discussion is we need more guidance, we need standards, and this is something that we hope to see soon.
MR. HOUSTON: If I could follow up just briefly. You talk about break the glass and everybody knows what that is, but I guess one of the dilemmas that I hear all the time is that when you're dealing with medications, especially medications, it's not really a break the glass situation. If it's in the record, physicians are saying I need to see it because it's never something that's not relevant or it might not be relevant to my care. Break the glass--I mean is there a core set of information that you've just got to have as a physician? Is there stuff that you need to have available through break the glass and other stuff that you just don't really think is relevant other than within the realm of either drug and alcohol treatment or psychiatric treatment? I'm trying to get a sense on what the continuum is.
DR. TAFFELL: Right. I think medications are critical. Not knowing certain medications can kill an unconscious patient in the emergency department. So that's number one. Beyond that, I think there are--trying to come up with all the possible use cases is very difficult so what happens is we may try to anticipate classes of information that you say well you probably don't need until something catastrophic happens.
My sense is as we move forward with this, we can't let the perfect be the enemy of the good. So I do think it is probably a worthwhile exercise to establish classifications that we can get some consensus on, but also understand that there will be some trial and error and to allow flexibility in the system to make those midcourse directions. So I can't answer all of those. I can come up with a few use cases. Medications, though, I think as far as interactions, to me that is one of the key things that need to be available so that mistakes don't happen.
MR. HOUSTON: I don't know if Joy or Mr. Sullivan have a comment as well?
DR. GROSSMAN: Sure. I think I mentioned this, but I think there was a wide variation in how the different health plans dealt with this. We talked to 12 plans and seven of them excluded some conditions from the PHR's and the physician portals. That was typically all claims related to particular diagnoses or particular types of treatments so the usual mental health, alcohol and substance abuse, HIV/AIDS, and sexually transmitted diseases. Which data were excluded varied by plan. They didn't all exclude all of them.
Then there were other plans that decided to leave it up to the patient as to what to do with that data. So the data were in there. Patients, in some cases, could delete the data or they could hide some of that data. They could do it by diagnosis or they could do it by specific claim. Then the physician view, in some cases it was hidden from the physician view, but there might be a filter and a note indicating that the data had been filtered out, but that something existed, sometimes with the source of that information. In other cases, that was the way it was set up, but patients could actually opt to reveal the data. So it really ran the gamut in terms of what plans were doing and I think the point that Bruce made that plans potentially are looking for guidance and at this point they're each trying to deal with whatever particular state laws they have to deal with in terms of disclosure and come up with a workable product and probably what their vendor has in place. There are a lot of different parameters that go into that.
MR. HOUSTON: Mr. Sullivan, did you have a comment as well?
DR. SULLIVAN: Yes, we address the delivery of sensitive records to physicians and we actually, in planning for the Medicaid Health Information Exchange, spent a lot of time trying to consider the best approach. With the use of Availity and their Humana/Blue Cross platform, those two health plans were screening their data. They were pulling out any record that had anything to do with mental health notes, HIV, or substance abuse, and that was on a routine basis. On the other hand, Availity reported that providers who used this system had some complaints that they weren't being given all of the information.
We spoke with Medicaid. We discussed the whole idea of whether you wanted to keep certain important records from a physician or let the physician have all of the records so that when he or she is treating a patient there is full disclosure. In Florida, we have laws that really are stricter than HIPAA regarding patient consent for substance abuse information, for mental health notes, and for HIV tests and we were well aware of that. We came to the conclusion that if we were to provide the opportunity for a patient to opt in, to provide authorization to the physician to download their health claim record, including the sensitive data, that that would provide basically the coverage that is required by Florida statute. It would also provide coverage as required by our Medicaid state plan and by HIPAA. At the same time, the physician would not be kept from acquiring information that could be vital to a diagnosis. We felt this was the right way to go and actually we are discussing with Blue Cross and Humana that they might want to change their sensitivity policies, their policies towards sensitive information, so that we provide patient consent.
We are going to then move this down to the personal health record level and we feel that a patient in a PHR should be able to receive all the information on him or her. That, really, we should not try to screen for the patient, but the beneficiary should be able to hold all the records that pertain to his case, her case. Thank you.
DR. TAFFEL: If I may, one other thing related to this and I think it's extremely important. As we deal with sensitive codes, we have statutes that say well, anything substance abuse or these large categories, it is extraordinarily difficult to go through every diagnosis code, every laboratory, and every medication and figure out is this sensitive or not? This is a terrible, terrible burden. Not only that, but medications may have two uses and one case has a sensitive use, in another case it's not. So there needs to be some better guidance coming essentially to help with that.
MR. HOUSTON: I know Leslie has a follow up question as well as Sarah. What we were going to do then is go around the room starting with Walter and work around to the opposite side of the table.
DR. FRANCIS: I think I got my answer from Dr. Sullivan, but I just want to be sure. When the patient is seeing the provider, the patient consents and it's all or nothing? So there is no possibility of a patient giving consent, for example, to see medication records, but not seeing any of the rest of what is in the electronic record. So it's just all or nothing and are you worried about the risk then that people will not--that you'll be worse off because people won't give consent?
DR. SULLIVAN: We did consider that, yes. When we ask for patient consent, we also expect the physician to have an authorization form that the physician would hold and we made it all or nothing. In part, the decision to go with patient consent and not screen was in part a technical decision. We are pulling Medicaid data. We had developed a whole list of ICD-9 codes. We actually used the code list that we had gotten from Blue Cross Blue Shield. But the technical issues of trying to screen code and, as was mentioned earlier, to determine if a particular medication was used for mental health or used for say sleep apnea, we didn't feel like we were in a position to do that. We feel like we would rather err on the of providing complete information. We feel that we'll get a pretty good response from patients. We feel that the majority of patients will think it's fine and only a minority of patients would say that we don't want you to look at the records, in which case the patient is free to say that and the physician will not pull down the records.
MS. WATTENBERG: Just to your last point, I just want to get clear about something. So the physician has to have an authorization, but then you're also talking about opt in and all or nothing consents. Could you just clarity for me?
MR. HOUSTON: Is that for Dr. Sullivan?
MS. WATTENBERG: Yes, I'm sorry, Dr. Sullivan.
DR. SULLIVAN: The patient consent form that the physician holds is a 100 percent opt in and then all claims data that we hold on the patient in Medicaid will be delivered to the physician. The patient records in Blue Cross and Humana will still be screened because they have the technical set up to screen the data, but the Medicaid record will be everything that we hold. It will be disclosed to the patient that it is everything.
MS. WATTENBERG: Would it be helpful to have--I understand this issue about the burden of sort of screening for different kinds of codes and stuff. Is it helpful to provide guidance on that to help your IT people do it? Is it better to include that in some of the technical standards development for the architecture for these EHR's, PHR's?
DR. TAFFEL: I think these are largely clinical determinations. I think that some kind of review from HHS or department within HHS to determine what are codes that should be considered sensitive and have hearings on those things.
MS. WATTENBERG: Yes, that's what I mean.
DR. TAFFEL: Yes, I think that would be terrific. Then we would be able to know what are the codes that need to be specially considered and then the programming of that is easy. It's the clinical judgment that's the problem.
MS. WATTENBERG: Okay, then the last thing is this thing about medication lists that John raised, if the technology allowed for assessing drug interactions in the background where there was masking of the sensitive drug, for instance, would that be sufficient?
DR. TAFFEL: It would be a good start. Here's the challenge, if you indicated a drug-drug interaction and then indicated that the drug in question was masked. You say we can't tell you what it is, but there's a potential interaction, then you have got to make a decision into the background as to what the level of the interaction is and should it affect the clinical judgment. One of the issues that go on in these DUR alerts is that there are low level, where really, yes, you can take it so your big toe itches--it's not that important. On the other hand, there are some more serious concerns. So you might do that, but then it puts the burden on the programmer or on the clinician behind the programmer to say let's launch that alert because we think it's significant enough, but we don't know the patient's condition. So there is still some problems. It's better but it's not perfect.
MR. HOUSTON: Walter do you have a quick question? Marjorie do you have a question?
MS. GREENBERG: No.
MR. HOUSTON: Okay, Walter?
DR. SUAREZ: Yes, thank you. I appreciate the testimony and I appreciate especially the shortness of the testimony so we have enough time to ask questions. I have so many questions that I am boiling down those two or three important issues. I'll boil it down even to one.
I just saw this picture and Bruce you pointed out very nicely the concept and the concern of silos and we're about to connect those silos to pipes. All these silos have information about consumers, about patients. What is interesting is that information is in many cases the same information seen different ways. We're about to create, where it used to be I had one record, one medical record, electronic or paper usually, now I have my electronic health record that a provider has, the provider has my personal health record also, then I have a health plan or maybe more personal health records, I have probably my own personal health records some other place. So I have, now, as a consumer, multiple places where my information is. In some places my information is presented as it was supposed to be, which is I am the doctor, I provided you this service, this is how I recorded it in notes or some other way, then I bill that, I send a claim, and in creating the claim I converted that into some codes that then are put through the claims data of the payer, the payer creates its own version of that and presents that to the consumer so now I'm seeing my record from my provider and it's one way of telling the story and then I see my record from a payer and that's a completely different way of telling the same story.
I just thought it would be very important to hear about two things. One is the significance of the need to educate consumers about there are different ways of telling your story and if you see that this type of information reflects something that might not be what you thought was done to you, there are some reasons for that. So number one is the importance of education. Chris, I think the experience with Medicaid population is going to be so critical. Number two is how to integrate all that data particularly, in the cross validation and verification. Now I'm a provider, I used to have my record and I see what I did to you, but now I have also some pieces of information, some of them are contradictory because you added some information that you thought you understood and so you typed it, then the health plan added some, and some other providers added some. So now I'm seeing this record and I'm concerned that I'm going to have to validate and spend a lot more time talking to you about did you really take this drug? Was this test really done to you? So the verification and validation is the second point. I'll stop there. Thank you.
DR. TAFFEL: There's no simple answer as you can understand. However, this leads into what are the data elements that you want to render and what kind of processing needs to be done for those data elements. With regard to the consumer, the other issue is what are the taxonomies, what is the nomenclature you're going to use? We did a project with CMS for a personal health record and there was, whereas for clinical medicine we certainly lack lots of nomenclature standards, but there are some in place SNOMED CT. So you can pick out something to standardize the taxonomy. There are no standards for laymen. So even before you get to this you have to decide what is the nomenclature that is going to be used in a PHR because you give them an ICD-9 code, forget about it. You've not helped them at all.
The other point here is I think that Walter you raise an excellent point. All of this information, some of which we can agree is garbage, even some lab results if you've got a one doctor practice that's got a culture counter sitting on a counter somewhere and it's never been calibrated, how good is that blood count? So one of the things that we do is we process the data. We use a methodology that takes ICD-9 codes and boils those down into problem lists so that we simplify this. For workflow that's critical and for the patient that's critical. If you've ever seen a claim, it is absolutely overwhelming. Not only that, most laymen couldn't understand it and it's just got all this stuff in it. Not only that, but in a standard encounter, maybe they've gone to radiology, there's a bunch of stuff. So you've got to be able to boil that down for both the consumer and the doctor.
The other thing is that we give a lot of thought as to what is our mission, what is our goal? To me there's data that's used in day to day operations. That means a kid comes into the emergency room, has a Colles fracture, goes to the office the next morning, wants to see the pack image on the screen and all of that. To be honest, from our perspective that's not the key. The key to us is continuity of care. What are the conditions that you need to follow, not all these little acute events, which are important, but the key problem with which we deal are all of these chronic conditions and multiple physicians seeing those patients. So we say what are the big things we need to look at and what are the key clinical indicators?
Once you've boiled that down, it's real interesting. We've looked at lab data and said look at all these different lab tests, but when we started to say what really is significant and if you look at what are the types of tests that get ordered most, all of a sudden thousands of pages gets narrowed down to just several pages of lab. So we have to rationalize the data in a way that we can achieve appropriate continuity of care. We have to process that data a little further, find out standard taxonomies and normalize that data. That simplifies the problem a lot.
The other thing that we do is since we have data from several sources, well how do you reconcile this? We've built in the logic that goes out and says what's the best data we have? So for a process event, hemoglobin a1c in a diabetic, we'll go out and say alright, let's look first for a lab results, seven percent, we'll populate that information. If that's not there we'll then look for a g-code or a cpt ii code with the qualitative result and we'll populate that. Finally, if that doesn't exist, we'll go find the cpt code for payment and say look, it was done, don't know the result, but at least you know that it was done. Then in our systems the physicians can go back and say, well, great, I've got the result and improve the information.
So those are some of the things we're doing to help with that, but it's an ongoing effort and it's complex.
DR. GROSSMAN: I guess I wanted to make a couple of related comments. I think on the consumer side, most of the health plans were working to do something similar to what Bruce mentioned in terms of reducing diagnosis codes to something that looks like a patient-friendly problem list with links that explain--where the patient could go to a reference site that would explain what the diagnosis was.
We did have some discussion, most of these because the PHR's had just begun to roll them out, they had maybe 18 months to two years worth of data, but the plans, some people mentioned, that they were trying to figure out over the long run what to do with these acute claims and whether to really focus on chronic diseases and sort of major sentinel events and get rid of the more minor acute situations or take them off the record at a certain point in time. So I think that the plans were thinking about these issues.
I think on the physician side, certainly what we heard from the physicians we spoke with--I mean, this is an issue they've always dealt with. Patients might bring in paper records from another doctor, they get their own lab results, they get something from the hospital, they ask the patient questions. This is an issue for medication reconciliation as well. So physicians are always trying to aggregate all of this data very quickly. I think this just compounds the issue by saying that there are these multiple data sources, some of them will come electronically and because they arrive electronically do people suppose that therefore they are more likely to be the truth than the things that are either delivered orally or on paper. So I think this is going to be a continuing challenge for physicians, even as the technical issues get resolved.
I think that the physicians we heard from said that ultimately what they saw as potential value for this data, for example from a health plan PHR, would be as a starting point for discussion with a patient, to trigger more questions that they might ask the patient, or potentially in some cases for their staff to then go hunt down information that they don't have. We did talk to--one of the physicians was the community health center physician. Because he typically sees patients that he hasn't seen before and he has even less data, he was even more inclined to say this data was of value. We did include one Medicaid plan in South Carolina that had rolled out a physician portal and they were doing the same thing that was mentioned by Chris Sullivan about being about to provide continuity or records for patients who are on and off the Medicaid rolls to the physician.
We did another study looking at health information exchanges and we heard from physicians saying we get inundated with multiple versions of lab tests when the patient is in the hospital. We don't need those in the ambulatory setting, we need to find a way to be able to cull that data and get the final lab results and the important labs that we need. So I think this is going to be a continuing discussion about how to manage this data.
I'll just say one last thing. I'm going to take off my objective researcher hat and put on my active caregiver hat and say that I'm a caregiver for somebody who is on 12 medications. I use an online service to order medications. Sometimes I get them online because I get all 12 at one time and sometimes I need to do a refill quickly at the local pharmacy. It gets listed every time and so the list of his active medications, you know, there's 36 or something like that when I log on. So I think that as you look at other data opportunities, platforms like Google or Microsoft or other things to be able to import data from multiple sources, there is this issue of reconciliation. I think that some health information exchanges and some of these entities are starting to tackle this problem, but it's a problem that I think exists not only for providers but will exist for consumers. The more data we have electronically--it's great, but it also creates these obstacles.
MR. HOUSTON: Dr. Sullivan, did you have a comment?
DR. SULLIVAN: Yes, I've been listening with interest to the discussion and a lot of what has been discussed we really went around and around with in our own meetings, especially trying to put this together with Medicaid. We really think that, quite frankly, by trying to make a decision ahead of time on what data to provide a doctor or not, really bypasses the doctor's own ability to make a decision. We also felt that when we looked at Florida statutes that the type of confidential data that we would have to deal with was very narrow. For example, it wasn't mental health prescriptions, it was mental health notes. So we felt like when Blue Cross Blue Shield or Humana screened all the drugs or prescriptions that might be related to a mental health issue, that was very understandable from their point of view because they were trying to cover all of their bases, but quite frankly under Florida statute and under HIPAA it was not necessary to screen that deeply. Really we just looked at the law, you could screen just for notes or for HIV tests, not for HIV prescriptions.
When you really think about it, if a patient presents and a patient has HIV and the patient gives consent to the physician to look at his or her prescriptions, then with our prescription solution we hope to not only have Medicaid prescriptions, but prescriptions from any provider that is reported. It would be better for the physician, with patient consent, to know that there are HIV prescriptions than to have those prescriptively deleted from the record because of concerns over the confidentiality of those records.
Again, the whole issue comes down to patient consent. What we feel is very important is for patients to understand what they are giving consent to, what they are authorizing, that the physician actually have a paper record of the authorization of the patient. The physician has to testify before he or she pulls the record that the patient has given consent and that they have a consent in hand and that the patient is aware that those records will be used for treatment purposes only. We have health forms of a lot of patients, a lot of consumer, and really their fear of disclosure is when you have negative effects coming back at them--job-oriented or things like that, but when we asked them about treatment in our forums they were very open about the fact that they thought physicians should have information on their medical history.
So that's just our thinking. The complications that arise in trying to screen can be dealt with technically, yes. It becomes a real complicated problem trying to second guess what should be included, what shouldn't be included. That was just our decision. So we actually felt very good about the fact that we are allowing the opt in, we are allowing the patients to make the decision on their record, and we feel that's actually a way to empower a lot of the Medicaid beneficiaries and make them part of their health care.
MR. HOUSTON: Thank you. Leslie?
DR. FRANCIS: One of the areas that Joy mentioned in her discussion that I don't think has been explored quite yet is that some of the PHR's that you mentioned have the functionality to allow patients to say they do or do not want patient-entered data shared. One of the fascinating things about what we're talking about here is the interplay between the various sorts of data that come from professional or claims sources and data that the patient enters him or herself.
Now I take it that the kinds of records that Bruce is talking about--you haven't mentioned yet patient-entered data and I know that Dr. Sullivan what you were talking about was the possibility of a roll out for Medicaid patients of their being able to enter their own data. A pretty easy screen is by source of data. I wonder if you have any thoughts about building in the capability that would allow patients to say I get to enter my own data, but it's my choice whether providers see what I've entered or not.
DR. SULLIVAN: Yes because from the consumer or the beneficiary perspective, the beneficiary will have the ability to determine what to provide to a physician. Of course, we also hope that the new mothers and their babies will actually enter their own observations and then use those as part of a dialogue with their physician.
It is not necessarily the only scenario that the physician doesn't want to use patient-entered data because it's not clinical, but it is patient observation and it is a patient record and we feel that it would actually enhance patient-physician communication. If patients were able to say this is what I have watched with my baby the last two weeks and these are the things that he or she has done and this is what I'm concerned about. But in terms of transferring records to a physician, we do feel that the patient should have full control over those records and be able to determine which go to the doctor and which don't.
DR. TAFFEL: We offer, well we can it a consumer view. It is not bidirectional it is read only. The reason we've decided to do that is that is a deep vault that if a particular customer wants to use that, that's great. However, our preference is to provide data liquidity so that the consumer can choose their own PHR. So given that they want to take this data and send it to Google, we say fine we'll go ahead and do that. So we kind of stay out of the fray in that way.
Still it's a legitimate question. What happens when someone enters data. I think there are three situations that I consider. One is a patient goes ahead and enters fields for some kind of observation, maybe their weight or whatever. The other and I think this in many ways may be even more viable is we anticipate to see more and more home health aides and equipment that will be able to feed data into a database and, in fact, you'll see Google and Microsoft already making those connections. I almost think that that may in some ways be more important. Nonetheless, still there are certain responses to questions and certain health status surveys that are also in their own way, individual applications. So those things are valuable for the physician as well. I'm thinking in terms of asthma. There is an asthma survey that you can do, fill out monthly, and doctors can track, particularly for children, how well they're doing. That I think also needs to be available.
Finally, the thing we haven't talked about is data transmission by secure messaging. I think that things like Relay Health and other similar applications where consumers have the opportunity to message that information into a physician and then the physician can enter the pertinent information to the record is yet another way that this happens. So I think we need to think certainly about what happens when a patient enters stuff into their PHR, should it go to the doctor, and how do we reconcile that with other information? It should be sourced, certainly, and the doctor should know where it comes from, but there are other methodologies of getting that information within that community of information for that patient-centered record.
DR. GROSSMAN: In terms of the health plans we spoke to, there were some examples of health plans that allowed patients to actually email their PHR or selected summary of information. I'm assuming it was secure, but I really don't know a lot about the technology. We didn't probe them that much. But nine out of the 12 health plans either were currently or planned to allow patients to give electronic access to others and that could be caregivers as well as physicians. So not just giving them their password, but actually allowing them their own access to the data. A few of them mentioned sort of break the glass options as well for emergency room treatment or things like that.
There were a couple of plans, I believe, that gave physicians access to the data unless the patient opted out. So most of them were opt in, but there were a few that were opt out. As I mentioned, there were four plans that had the separate portals that just had the claims-based data for physicians. One of those was solely for emergency room doctors, others were marketing it in an ambulatory setting.
I think, in addition to that overall access, there were issues about control over specific data elements to share, once they did provide access to third parties. Seven of the 12 plans allowed patients to either hide and/or delete specific data elements. Those included not only the data they were entering, obviously in the case of hiding it, but also any data that came from the claims that they could delete those or hide them. As I mentioned earlier, with respect to sensitive data some of them created a filter so that physicians could see that some data had been filtered and potentially the source. Others did not at all so if the patient decided to delete or hide that, the physician would not know that that had been done with that data.
Then there is the issue of kind of correcting the data. So some plans said, well, patients can do whatever they want with the data. They can delete it, hide it, if they're not comfortable with it. There were a few plans that said that for the claims-based data that the patient could request a change. There were two plans that said you could request a change and one of those plans, I believe, said that if it wasn't resolved to your satisfaction, the record wasn't changed, that there was an ability to annotate the particular entry so that you could put in what you thought occurred or didn't occur to provide that information to the third parties who have access to it. So again, it's really all over the map in terms of how that issue is being addressed.
MR. REYNOLDS: I have one clarification on a testimony and then I have a question. Doctor Sullivan, you mentioned the Medicaid HIE. Is there going to be one HIE in Florida or will Medicaid have theirs and others have theirs?
DR. SULLIVAN: We looked at the Medicaid HIE as really being a way to pull together health care data sets that are being held by the state government. The Medicaid promotion of claims is really just--and our model would be the first in integrating a number of different data sets.
MR. REYNOLDS: Thank you. My question to the group is so we heard yesterday a lot of testimony and the testimony yesterday said that all data is sensitive and should be accessible. We hear from you that there may be some sensitive data, but it would be good to be some guidance because at some point we need to recommend the pragmatic. Then if you have a brief description or a clear definition of what it is then you can also use consent if a person feels uncomfortable. So I would love an opinion--you know we've written a lot of stuff as this committee on this and now, as it starts to evolve, it's becoming less clear rather than more clear so trying to come up from each of you with some kind of pragmatic statement that if this committee were to send forward a recommendation about sensitive data and the whole process around it, what might that look like from the three of you to do that because, again, it's all over the place. As Dr. Grossman, you said 50 percent of the plans have something, 50 percent don't. So it's a bit of a free for all at the time and it's very difficult to pragmatically implement a free for all. So if you could help us with framing that that would be helpful to me, I know.
DR. TAFFEL: It's a hot potato, but I don't shy away. You know, Harry, I think that first off the big problem right now is 50 different states doing 50 different things and then there are federal statutes. I think the first step is to say to make this effective we need a single statute that helps to define this. That would be very helpful and not only that I think it would at least--and I think in NCVHS' letter in February 2008, which we mentioned, I think there's a good groundwork there. It's saying let's start out with these categories and they make sense. If we can get agreement that those are the categories that we start with and then begin to get clinical input, alright, what are the codes and have continuous review that updates this. CMS does this all the time and Medicare puts out these opinions and updates medical decisions. I think if we would do that within those categories that were recommended it would be a great start and say those are the categories for the United States and here are the codes that fall into that.
I think that's where you go and then have the mechanism in place to allow the flexibility as practical experience occurs to begin to modify that. But I think I was impressed by that in your letter in 2008 and I think that that's a good starting place.
MR. REYNOLDS: Then obviously, not to put words in your mouth, then obviously the opt in/opt out would allow a person to completely step away if they had any concerns at all.
DR. TAFFEL: Well, first off, there's the big opt in/opt out, which is binary. I'm in or I'm out. Then there's the granularity issue. So if we establish these categories, we can allow the granularity to be you pick out a category that you don't want to share and that becomes the protected health information. As you said in the letter, otherwise it's going to get really complex. This, too, we deal in the CCHIT on the privacy side, what is the level of granularity? Does it get down to the point that I want this data point to be seen by Dr. Jones and Dr. Smith, but not by Dr. Brown and Dr. Green? It becomes unmanageable. I think, again, that the concept of categories is a good starting place.
MR. REYNOLDS: Dr. Sullivan, I think Dr. Grossman wants to go last so you're second.
DR. SULLIVAN: Yes, well, I guess we have opposing positions here. I do feel that we are not in a position, at least as a state agency or Medicaid, to adequately determine which records are more sensitive than others. I do agree that all records are sensitive. The so called super sensitive records are super sensitive because they have been addressed in statute and have been identified as being very important records and those that cannot be--you don't want to breach, in particular, these records.
It is possible to set up a technological screening software. I can imagine that it could be one of which has been described already and that we could essentially pick and choose based on either criteria that are external or by criteria that are provided by the patient. I have seen the discussions where the patient should have a right to say I want this part of my record distributed, that part not or I want Dr. X to see these records and Dr. Y to see those records.
Quite frankly, we in discussion had a problem with that. While we want to give patients full control over records, we also feel that physicians need full information in order to make an adequate diagnosis. To a certain extent, if you allow cherry picking as it were of certain records to go to one physician or certain records to another, there also lies a chance of really having a misdiagnosis or of certain critical information being blocked. Maybe it's sensitive to the patient, but the physician will not come up with the correct treatment plan. So when we really phrased it that way, we felt as though all information is sensitive therefore we must maintain the security and confidentiality of all that information, but we do not want to screen for physicians. We would rather allow the physician to have full knowledge of a patient's encounter history.
Again, remember, we're providing claims data. Most physicians we have spoken to are somewhat suspect of claims data, quite frankly, and we recognize that there are issues with the selection with ICD-9 codes or the procedures based on different issues other than the patient diagnosis--for billing reasons or for this is the only way I can get this test done, I need to code it this way. But we feel that it provides the treating physician with information that is, A, currently not available and, B, creates enough of a picture so that at least the treating physician can ask the correct question and can track down the correct information.
I do like the idea of doing some of the summary roll ups of lab reports and things like that. We had worked at one point, as our fiscal agent had called, ontologizing the claims data in their attempt to create a clinical record out of a claims record. That was pretty much frowned upon by most of the medical community that we discussed and talked to, but the concept is there and it could be done quite profitably.
All told, we feel like the method that we have taken holds all data secure, all data sensitive, but we really feel reticent to forestall the physician having complete information. So I guess that's our policy stand at the moment.
DR. GROSSMAN: I'm neither a real doctor, that is an M.D., or a lawyer so I'm a little reluctant to weigh in as a researcher on this topic except to say that I agree with much of what's been said. I would say I think that many entities are dealing with this multiplicity of state laws and that's really complex to try to figure out how to deal with that. Providing some sort of guidance about different categories is helpful because everybody's kind of reinventing the wheel over and over again and it certainly would reduce administrative burden in trying to figure out how you might protect some sensitive data.
I also agree that what's viewed as sensitive data is really based on the patient's perspective and who they share that data with also varies. Sometimes they're not really worried about the doctor getting a hold of it, but they might be worried about their spouse getting a hold of it in a divorce proceeding or custody battle. I was involved in some efforts in Washington state, around their Health Record Bank activity and heard a lot of interesting things from people about the kinds of things they've heard from consumers about their concerns. I think this issue, while narrowly is important and relates to specific laws about disclosure, I think it is embedded in this broader issue about what patient control you need and what are the privacy, confidentiality, and security components you have in place so that you might balance off having that data available to the patient and giving them the right to share that with other people. Or to feel comfortable because they can see an audit trail and know that their data weren't revealed to people so that it's really I'm going to punt and pay as part of a bigger package as well.
MR. HOUSTON: I know we're running out of time, but I want to make sure Paul and Sally both have an opportunity. So Sally if you have any questions?
MS. MILAM: I'm interested in exploring Florida's model a little bit further, given the repeated concerns about the multiplicity of state laws around specially protected information and the challenges that those laws present. Dr. Sullivan, in Florida you indicated that you have something like a universal consent form or authorization process that would cover all of the different areas, especially protected information. Did I understand that correctly?
DR. SULLIVAN: We have just passed in the legislative session this year a bill authorizing a universal patient authorization form, which would cover all of the confidential information. One of our concerns in look at Health Information Exchange and patient authorization was that different facilities would use different authorization consent forms and then there was a tendency for those facilities, hospitals for example, to insist on their consent form. So if you had a consent form from another hospital and you went from hospital one to hospital two, then your consent form could be rejected simply because it was the wrong piece of paper. So what we have instituted is an universal consent form. We will go into rule making this summer in order to hammer out the correct form, although we are modeling it on one that is used by our Department of Health in working with HIV and other services. What we'd like to do is to have a form that is used across the board and anybody can accept it. This does not mean that you can't have your own authorization form, you can use any patient consent form you want, but if a patient has been with a universal authorization form or a provider uses that form, then it would be accepted in any health care setting as a consent form. We want to craft it in such a way that when the patient gives consent, there is clear understanding that the consent would include mental health, substance abuse, or HIV records. That would be part of the patient's background. If we don't do it this way, then we're really in the position of having two or more consent forms, for example, one for general records, one for mental health, one for substance abuse, one for HIV. So we felt if we did it all in one piece, the patient is informed before he or she signs, but then it would cover all of those super sensitive classes of information. But I do like the definition that all personal health information is sensitive and we should treat it all equivalently.
MRS. MILAM: Two very quick follow-ups because I know we're short on time. When you presented the universal form to the patient and they could, up front, go ahead and allow all information to flow, what was the percentage of patients that did not want their more sensitive, their HIV/mental health data flowing and what challenges did you face in helping to make these forms understandable to the Medicaid population?
DR. SULLIVAN: I'm sorry. I'm going to have to punt on this one. Our roll out for our Medicaid Health Information Exchange will be, at this point, we think in July and our personal health record will be in August or early September so we haven't really had a chance to work with providers or with patients to really get those numbers. We do have, as part of our contract, a metrics reporting, in which the physician will report on issues like that. I'd be certainly happy to make that available. Those are great questions and I really would like to answer them.
We do know from Availity, in its experience with providing these types of records to physicians, that they have about a 97 percent opt in rate. Now, of course, Humana and Blue Cross screen for the sensitive data so it's not equivalent, but we think if they're getting more than 95 percent opt in, that we may have pretty much the same luck or success. As far as materials so that the Medicaid beneficiaries understand what we're doing, we have an editor in house and we are working on crafting those materials so that they are very plain language, they are understandable, I believe we are targeting eight-grade level, and that they could be explained to the Medicaid beneficiary so that he or she really understands what he or she is agreeing to.
Excellent question. Thank you. I'm making a note here so that we make sure we do that.
MR. HOUSTON: I know Sarah Wattenberg wanted just a few seconds before we got to Paul. I apologize Paul. She just wanted to make a statement.
MS. WATTENBERG: I just wanted to--I appreciate the thoughtfulness that everyone is giving to this. I think that for the substance abuse confidentiality federal laws, opt in, binary yes or no is not necessarily sufficient to meet the requirements of consent. SAMHSA will be coming out with some FAQ's on part two in EHR's and how the consent requirements function in that way.
Dr. Sullivan, I'm curious, one of the things SAMHSA is working on is it is difficult to manage consents at a granular level. Would it be helpful if we handle it at the technical solution level?
DR. SULLIVAN: That is one solution, but, again, any technical solution really preempts the physician from having certain classes of information that might be very helpful to the physician. So I'm not certain. I don't want to second guess SAMHSA or say what is actually prescriptively correct.
I can say this. We have developed, through a grant from the Health Information Security and Privacy Collaboration with the Office of the National Coordinator, a HIPAA Florida statute crosswalk tool. This is part of a provider education toolkit we were working on this past year. What we hope to do in about a month is to launch this crosswalk toolkit online so that any physician or anybody could look up a specific issue: patient consent, HIV, mental health, substance abuse. What we are doing is we are going to list every single regulation under HIPAA that applies to that particular issue and then the corresponding Florida statutes that apply to that issue. Then we will flag which statutes are more stringent than HIPAA. What we want to do is be able to provide that information to physicians who, frankly, don't understand HIPAA and equally don't understand Florida statutes. We felt that way at least physicians could become knowledgeable on what is accepted and not accepted in terms of issues under security, privacy of data, confidentiality of specific classes of data.
I know that doesn't answer your technology question, but I guess from our point of view any front end manipulation of the data really preempts the physician from having a full view. I'm certain how to get around that is a social issue not a technological issue.
MR. HOUSTON: We're going to extend over a little bit. I know Paul has a few questions and I want to make sure there's adequate time so we're going to extend it by a few minutes. Paul?
DR. TANG: So let me just start with a confirmation like Harry. Joy, you mentioned that some plans make permission for them to access the personally entered data a condition of participation in their PHR. In your paper you mentioned that some plans use that in premium setting and in underwriting. Is that true?
DR. GROSSMAN: I think what I meant to say--I think I said it--is that they didn't say that they wouldn't do that. We didn't have time, unfortunately, in this study to actually get privacy agreements from all the plans and compare them and do an analysis. I did notice from what I could access on the sites publicly that--for example one of the plans in their FAQ said we will not use this information to set premiums and we had some other plans who said we won't do this, but it wasn't clear to me that they've explicitly said how they would or would not use this data. In their privacy agreements, there's these sort of these you can use our website kind of agreements as opposed to specifically geared to PHR's.
MS. BERNSTEIN: I noticed that in Dr. Taffel's testimony it also sort of talked about this, but you have a statement that says information collected for clinical use should not be shared with employers or insurance companies for the purpose of underwriting except with consent. I looked at it and went, well, why is it okay with consent and when would someone consent to underwriting? Are you asking them whether they are going to consent then they're likely to consent but that's not--that's putting people in a position, which was troubling when I read it.
DR. TAFFEL: Point of fact, every time you apply for health insurance you--we all do--we put ourselves to say we consent to provide information for the purposes of under riding. That is the way the system works. If we get clinical information from a provider, that does not go back to the health plan. It requires explicitly tacit permission. We feel that if the patient or the physician ask that it go--remember, too, one of the things that happens, as well, is in case management and disease management, the case manager and the disease manager will talk to the provider and this is the information we need to use for that. We're not a health plan. If a patient says information needs to go someplace then it goes.
DR. TANG: So my question to the panel is we've talked a lot about claims and clearly the pre-population from plan PHR's is really from claims and the literature also clearly shows how inaccurate they are and that's been acknowledged and you can draw very false conclusions based on that. My question is really when exposing this information to patients we need to have a better understanding--we know how doctors, if given the opportunity to know this came from claims data can interpret that--can patients do the same thing? That to me seems a very important question. The e-patient, Dave, is one example of how a patient reacts. Are there plans to evaluate how they are responding to it, interpreting it, and the harms and benefits from that?
DR. TAFFEL: Again, from our perspective, we have a consumer view. To be very honest, the consumers have not been that engaged in that. The number of accesses that we get to that is relatively small. But, again, we don't have a full interactive PHR. We actually, oddly enough even though we're talking about PHR's, we don't consider ourselves a primary PHR, but we do cooperate with those that have them. Having said that, again going back to the project that we did with CMS, which was a PHR project, there was a lot of effort that went into taking that data and putting it into layman's language and processing that data so that they could understand that.
It's very clear that all the taxonomies, whether you're talking about administrative data or clinical data have very little meaning to the average consumer. That is a big area for standards to come through. In clinical, we've got some standards. We've got NCPDP for medication and Rx norms. We've got SNOMED CT. But for the consumer, there is nothing. I think that is a necessary first step to be able to put this into an understandable format for the consumer.
DR. GROSSMAN: I think this is an interesting questions. Some of the plans have already been doing this on a paper-based version--so sending reminders to patients about preventive care or sending drug alerts or other reminder information to physicians as well. So some of this is merely a transition to an electronic format. Obviously it has the potential to incorporate the patient-entered data, as well, which then compounds this--is that better data? Worse data? What do you do now that you're interacting these two pieces of information?
I think that the consumer representatives viewed at least the reminder data, in particular, as helpful as a starting point to remind patients. I'm not sure without my notes because we talked to a lot of plans to say whether they're doing this in their paper-based versions or they're doing these electronic versions, but some plans said the idea is to go talk to your doctor about this. So the idea is to start the conversation. Presumably, you hope patients wouldn't stop taking pills before they talk to their doctor or go get another mammogram or whatever, but obviously you don't know that.
I think the patient component and education component is probably important. I think the health plans--you know, these are all very new and they have very little experience. There were a couple plans that had been doing pilots with certain employer groups or that kind of thing, but there's not a lot of experience with this, I think, at this point.
I think the physicians had a similar attitude that they have to the paper-based notices that they've been getting or to phone calls, which is that because it's claims-based they often ignore this information and didn't feel that this was really anything different. Although, some physicians did say we don't do a very good job with reminders so in the same way the consumer representatives thought this important that this is a way to trigger us to do our job or to have communication with the patient. I think, like many of these things, I think it's a question of optimal information versus absence of any information and you're sort of in this in between state.
MR. HOUSTON: We are out of time on this panel. The good news, Paul, is the next round you will start. I would say three things before we have a short break. The panelists are invited to provide additional written testimony and actually I would encourage them if possible if we could see copies of consents and other materials it might help us understand how some of that occurs. Also, would it be okay if as we are going through this if we have the opportunity to ask you to respond to some written testimony because I think we're going to have some other questions based on our other panels, as well. So I hope you don't mind that.
Paul you're raising your hand. It has to be brief.
DR. TANG: Can I submit a question for written response?
MR. HOUSTON: Absolutely.
DR. TANG: It's very difficult for provider-based PHR's to get authentication. How do you really know who that person is? I imagine that's even harder for a plan that doesn't have the same in your face kind of encounter. So it would be very interesting to know how the plans authenticate the other person. You talked about using ID and password--how do they authenticate you are really who you are?
MR. HOUSTON: Thank you. With that we will break, but if we could follow up in written testimony that would be very helpful to us.
Break.
MR. HOUSTON: Why don't we get started here. The next panel, which is Provider and PHR's, we have Gail Graham, Anna-Lisa Silvestre, James Walker, and Matthew Wynia. So I don't know if anybody has a preference who would like to go first. If not I'll pick. Nobody's saying anything so we'll start from Gail, since you're closest to the computer.
Agenda Item: Panel V--Providers and PHR's.
MS. GRAHAM: Good morning. Today as we discuss complex and comprehensive issues surrounding personal health record, my message is simple. We in the Department of Veterans Affairs continue to lead and work in partnership with other federal and private entities to offer tools that improve the quality of health care. We assist both providers and consumers by enhancing continuity of care. We do this together working in systematic ways in the service of our consumers: the veteran users, their families, and the American people.
What matters most to the veterans we serve is not the VA's advance technology tools, but that these tools work for them. We established our personal health record with that in mind and we have continued to enhance it in forwarding with the consumer-driven model.
VA's personal health record, referred to as My HealtheVet addresses veterans as active consumers of their health care, empowering them to be true partners in health care. This matters to them and to their families. It matters to the American people who owe a debt to those who have sacrificed so much for our country. As leaders in the development of personal health records, we in VA have gained invaluable experience in establishing our dynamic, consumer-driven PHR. One that embodies the high standards of privacy and security that consumers have come to expect from VA.
At the turn of the 20th century, President Theodore Roosevelt said far and away the best prize that life offers is the chance to work hard at work worth doing. The employers and leaders driving this technology know there is perhaps no more worthy than caring for those who have served the nation in uniform. Our work on behalf of the veteran and therefore their families and the legacy of the American people helps fulfill what our first president called a debt of gratitude to the veterans of our military forces. Ladies and gentlemen, at this time, with those words in mind, I share with you the following video that really gives the testimony from our veterans and their families who have been using our personal health record.
MR. HOUSTON: While we're trying to get that set up, again, because this is a larger panel we want to allow adequate time for questions, if we can try to keep our comments to about five minutes if at all possible.
MS. GRAHAM: We've responded to the questions on many of the things you've asked in previous panels. We've grappled with those as I'm sure you'll hear from my colleagues. I think one of the most important things for VA is that the features, the functionality from the ground up have been determined by those who have used the product and used the services and I think that's a very important aspect to engage all consumer, not just veteran consumers. I'd be happy to answer questions after the panel presents.
MR. HOUSTON: Thank you. Anna?
MS. SILVESTRE: Hi. I'm Anna-Lisa Silvestre from Kaiser Permanente, which is the nation's largest non-profit health plan. Today I'm happy to share that through the use of the PHR on our online website kp.org, we have convincing evidence that consumers will engage in online health services and through the use of looking at clinical data, be supportive in their own decision making and strengthen relationships with their providers.
Today 3 million of our 8.7 million members are active users where about 50 percent of those who are eligible to use online services, those 13 and older. Through proxy we reach another several hundred thousand members so, for example, today I am able to go online and act for my father who is 92 and while he has held a computer in his hand is unlikely to ever get through the registration process and really use online services in a very deep and meaningful way. But through the services I am able to view my children's records and also go on and observe and be part of the care that's being offered to my parents.
We believe that important capabilities of a PHR need to include clinical transaction capabilities such as refill and appointments, connectivity with pharmacists, nurses, doctors and other care providers through secure email, online health behavior change programs that allow members to take action once they have viewed part of their health record, and of course being able to see the health record, itself, which includes immunizations, allergies, medications, and health problems.
Our PHR is considered to be an integrate PHR. I know there have been several terms floating around for what an integrated PHR or portal view into the EHR is. We have active plans to continue to expand the capability to allow for patient-entered data, which would likely be stand along and then through a careful process we'll be looking at what patient-entered data becomes part of the electronic health record. In an integrated system it won't be as easy as a patient being able to say I want all of this in my record, however today members can request a change to their record if they notice an error in their chart or missing information such as an immunization or a surgery that was done outside of Kaiser Permanente systems.
We believe important parts of a PHR include interoperability and portability so we've started efforts to understand how members could request a copy of their health summary be sent. We're testing that with Microsoft today, a very, very small pilot, to really look at whether a copy of the health summary can be transferred safely, securely and whether the data at the other end passes the authenticity and the non-repudiation tests.
To move this forward we're going to need a level playing field, we believe, for privacy and security across all parties who offer some sort of PHR to consumers. Today, as we're well aware, HIPAA covers those largest entities, but PHR vendors at the other end of this space are not required to follow those same rules. I think from the consumer's point of view, to gain trust about having their data moved across various parts of systems, they'll want to understand there's a level playing and they can be assured that security and privacy rules and standards are consistent. We know that consumers will trust and use online services in very great numbers when they believe that trust and security is in place.
In terms of the issues around security, privacy, and confidentiality, we've worked for over ten years in this area. I believe we have probably the largest set of data about what happens when data is exposed to patients and how you handle breaches in privacy notifications. We believe very strongly that there shouldn't be any kind of rule that tells plans or other PHR's that you have to do reporting within a very short time frame. Our experience is that it can often take days and sometimes a week or longer to uncover where data has been tripped and exposed incorrectly.
We continue to have instances where consumers actually don't recognize their own data when they see it online, which would be a little bit hard to believe but people will go in for care or go in for a treatment or procedure and sometimes a doctor's name is put on that ordering procedure and when they get it back online they don't recognize the name of the doctor. So in a number of cases and regularly by telephone we coach and counsel members to understand and accept the data in front of them, which in fact does belong to them.
So I'm happy to talk further about those processes in place. We also have a great experience in managing privacy. I call it the dysfunctional family relationship set. It really spurs a lot of unauthorized attempted access to records. For anybody managing PHR's, there really needs to be a process in place that helps to untangle those. Our systems are set up so that a member is notified if someone is trying to set up an account. Probably one or two times a month we find that an unauthorized person--sometimes a mother of an older teen, sometimes grandmothers, sometimes ex-wives--will attempt to set up an account in someone else's name.
So we're pleased to talk more about any of these areas. Going forward I would say that we're considering also how we are going to accept claims data into the PHR. Today our system is really based on clinical data that is available in real time. So members can view a lab test that was done in the morning and be able to take action on that. Understanding how we're going to accept claims data into the record is I think more of a challenge. I heard other speakers this morning consider that and what I think is helpful is to understand claims data from how it relates to episodes of care in terms of dates of service, where treatment or services were provided, names of providers. In our view, claims data is not actionable for clinical decision making either by the patient or the provider given that claims data is often inaccurate and does not really provide a true view of the diagnosis at the time of the visit.
So I'll wrap up there. Thank you very much for having us this morning.
MR. HOUSTON: Thank you. Dr. Walker would you like to go next?
DR. WALKER: Good morning. In case you don't know Geisinger, we're a health care system, three hospitals, 38 clinics in about 30 counties of rural Pennsylvania. We have an integrated EHR that runs across in-patient/out-patient health information exchange, other forms of outreach EHR, and a networked PHR that serves about 123 thousand patients, about 25 percent of the patients with whom we have an ongoing care relationship.
I think the most interesting theme to you about our PHR is that over the last two or three years it's become obvious to us that the PHR fundamentally is a critical tool in designing and executing value-added care processes. Care processes, which measurably improve quality, which measurably decrease costs and in which both the patient as one of the primary stake holders and the clinicians feel more satisfied with their relationships and the care that's given than they did before.
If you start to look at health care in that way then you obviously need a tool like our network PHR that lets the patient see their medicine list, see their lab results with the clinician's interpretations and recommendations related to them. It enables secure e-messaging back and forth between physicians and nurses and patients and others. It enable care givers to apply for separate access with the patient's consent, and obviously then we have lots of 60 year olds who love the PHR not because their data is in it but because for the first time they know what their 80 year old parents appointments and medicines and upcoming tests and all of those things are. We've actually had cases where 60 year old surrogate users arrange for office visits so early that their 85 year old parents didn't have to be hospitalized for pneumonia, which is almost unheard of. It also provides our 80 year old patients the opportunity, anywhere there's an internet connected computer--so we had an 80 year old who sent me an email that said I can't believe it, I was in Maine and I got sick and the doctor sent me to the emergency room and I showed them my record and they nearly fell off their chairs and said they could take care of me a whole lot better with a whole lot less fiddle diddle.
So, clearly, for us the PHR has become one of the ways we engage patients more and more and all of the health care team in really high value processes. One of the things that you find when you start doing that is that you need lots of outside data. You need hemoglobin a1c's from outside and x-ray results and ED visits and discharge summaries from outside summaries so one of the things that we're doing, rather than just dumping all of that on the physician's desk, which is in many ways the operative model, is creating sort of incrementally a data management center where all of this information comes and is preprocessed. Lots of it never needs to go to a clinician's consciousness. Lots of it just needs to be in the record. Some of it is acted on by protocol without any clinician being aware of it. Some of it needs to go to a nurse. Some does need to go to a physician and what we're working out is a system where all of that information is received, analyzed, and then sent to the right place and acted on in the appropriate way.
I think that bears on the discussion that we have here. One of the tricks with free-standing PHR's, with insurer-populated PHR's is that all of that data needs to be interpreted by somebody and, by the way, we don't have a shred of evidence that we can do that in any automated way that is safe and effective. One of the things I'd say is that one of the things we need is research so that when we're talking about, well, we can mask this automatically or we can manage this level of granularity with software, it would be nice to have a study or two that showed that we actually can. Right now we just don't have it.
So on to security and confidentiality. We worked very hard at that. Some of us sometimes think that the information safety office and the privacy and security office work too hard on it, but we have for years now worked very hard at securing information and educating patients ongoing on the efforts that we make to keep their information secure and all of the different options they have to let us know if there are problems. One of the gratifying things about having this information is that occasionally we've had to fire an employee or provide information--someone who was an employee had access to patients records, but often what we can do is provide conclusive evidence that a spouse has not accessed the patient's record when they were afraid they had. So it does cut both ways. and in our experience and in multiple feedback groups of patients over several years, the vast majority of patients finds the access to information both to them and for their physicians and their sense of security about that information very satisfying.
I wanted to comment on the earlier discussion just briefly. I think masking data is a very powerful idea. One of the things that we currently do in our EHR is if a patient is in a study and they're on a study drug, either that or placebo, that's noted in the EHR on the problem list--it says the patient is in this study--but nobody can tell whether they're on the placebo or the active drug. Drug/drug interaction checking runs as if they were on the active drug and if it fires an alert, then the clinician has a phone number that they call 24 by 7. They say I'm seeing a patient and I need to give them this medicine and it's a life saving medicine and I need to know what's going on with that other medicine because I got this alert and I need to know if I can do it or not. That other person, not some automated rule, helps the other clinician assess the relative risk and benefit and, if necessary, breaks the code and tells the clinician whether or not the patient is on the active drug.
Clearly, when we talk about break the glass, it seems to me at least, that we have a broken model in mind. I can say, yeah, I need it and bam go see it. It can easily be a situation like that where what I get is a phone number and if I'm in the emergency room and I've got an obtunded patient, I can see there's a phone number behind this masked information, call that number and say I've got a patient unconscious in the emergency room is there anything I need to know. That psychiatrist or whoever it is could look at that patient's record and say no there isn't or say yes they have two previous attempted suicides with benzodiazepines.
So there are solutions that we haven't really discussed yet that would preserve patient security and privacy in very substantial ways without making that information completely unavailable to people when it's genuinely needed. I'm probably at 5 minutes.
MR. HOUSTON: We're not completely strict on that, but it's keeping to that general timeframe. So if there are any comments you're more than welcome, but otherwise Dr. Wynia?
DR. WYNIA: Yes, good morning. I'm Matt Wynia. I direct the AMA's Institute for Ethics. I'm also a practicing physician. I specialize in infectious diseases at the University of Chicago. First, I want to thank the Subcommittee for inviting me to speak with you today about physicians' views on personal health records. I have to make a quick disclaimer, which is I think the reason I'm here is because we did a survey within the last year on physicians' views on personal health records with the Markle Foundation. So I'm going to give you some results of that survey. I'm also here from the AMA and so I'm going to try to be clear when I'm talking about survey results or my own opinions and when I'm saying this is what the AMA's position is on something because those are not always exactly the same and there are plenty of issues where the AMA does not have a formal position yet. These are new and emerging technologies. The other disclaimer, by the way, is this was a survey on physicians' concerns about and potential barriers to adoption of PHR's so I may end up sounding less enthusiastic when in fact I personally am and I can certainly say that the AMA is strongly supportive of effective patient/physician communication and sees personal health records and other electronic methods as a valuable adjunct to direct communications. We see great opportunities for the use of PHR's to improve patient care.
The survey that we did with the Markle Foundation took place last year in the latter part of 2008. It was a national random sample survey. We asked physicians about a number of issues ranging from potential uses of PHR's to risks and costs of PHR's. We had a section, which I was not intending to talk about, on patient's asking doctors to withhold specific information from their record and patient requests for doctors, when they transfer records from one party to another, to withhold certain pieces--so the masking issue was addressed in the survey. These are all unpublished data at the moment. We gave you some looks at the data in the written testimony and I'm certainly happy to share more details during the day today. One caveat, these are, we recognize, sort of a snapshot in time. As of mid-2008, only about 10 percent of doctors really knew anything about PHR's in a sense that they had a meaningful experience using a personal health record with a patient on a national basis. So many of these physician responses are not informed by actual use, they are more concerns informed by the way they practice and their concerns about flow and their concerns about privacy and so on.
So most physicians did express some degree of concern about incorrect information--that privacy protections might not be adequate, that patients might omit important information from their PHR, that they might be deluged with raw data, and that they could be accountable for being aware of, analyzing, and acting upon these data, by the way, while receiving no payment for any of that work. In our written testimony, again, I provided some detail on each of those, but I'd like to call your attention to two basic issues in my few minutes this morning.
Privacy and confidentiality were very high on the concern list, but we've talked about them a lot already so I'm actually going to focus on two other areas, which are related and have received a little less attention, although they have come up repeatedly this morning. Those are ensuring the quality of the data that you're seeing as a clinician and ensuring the utility or what I think I'll call clinical interoperability. On the data quality issues, many physicians, the great majority--75 percent--are concerned that PHR's might contain incorrect data. The recent stories about using claims data to populate PHR's I think have borne out this concern.
One proposed set of solutions has been that patients should be more proactive about managing their PHR and they should sit down with their doctor and discuss what's in the PHR and reconcile what's in it with clinical reality. That sounds like an ideal kind of solution. The problem is there are patients who are not up to managing their PHR's proactively and where does this conversation to reconcile PHR data with clinical reality fit in the relatively long list of things you're supposed to accomplish in an increasingly constrained patient visit. So in our survey, 60 percent of physicians were concerned they would not be reimbursed for the time it would take them to sit and ensure with the patient that the data in the PHR were high quality data. That could be a significant barrier, actually, to adoption.
This relates, by the way, to the issue of the cost of implementing the PHR. Sometimes we think about the cost only in terms of the cost of buying a system, but using a system has costs as well. So the total cost for a clinician to use a PHR means that even a free product is not really free if it entails time to aggregate, organize, analyze, and then act on the data. So one physician has been quoted saying, "The last thing I want is for my office staff to have to deal with patients arriving at the front desk with multiple proprietary PHR's, in a host of different formats, containing all sorts of unverifiable information."
I think that kind of encapsulates this concern.
Data quality is also related to the sourcing issues that we've discussed earlier and to notification of the clinician when PHR data are being masked. 84 percent of physicians are worried that patients might omit important information from their PHR. So the masking issue is very much in the forefront of many physicians' minds. I don't have the perfect solution to how to handle that, but just to be aware that if we want doctors to use these in clinical decision making, we have to be aware of these concerns.
At the same time, many doctors recognize that no one holds the complete truth. 38 percent said that giving patients access to their EHR records would actually provide a valuable check on the record accuracy. So many physicians recognize that kind of reconciliation of my truth and your truth is a way to build a better partnership and come to a shared understanding of what's going on and how to manage it.
The second issue I wanted to spend just a minute on is interoperability. There's been a lot of discussion about what I would call electronic interoperability, which is to say the ability to transfer data from one source to another and maintain accuracy. That kind of interoperability is very important for reasons that haven't come up much yesterday or today. One of the reasons is that one of the costs for patients and doctors of investing in a PHR is that over time it actually could become difficult to transfer records from one place to another if this interoperability is not handled well. I call this the TurboTax trap. It's because I use TurboTax and I love TurboTax. I have no problems with it so I'm not ragging on TurboTax, but if I wanted to start using Tax Cut software tomorrow, it would be a huge barrier to my moving because I can not translate all of my information from one product to another. I would have to start from scratch and TurboTax has all of my information for the last ten years. I know how much difficultly this would pose because I actually had a computer crash a couple years ago and had not backed up my TurboTax for the year. It was a major problem. It was hours and hours and hours of my time to recapture that.
So if that lack of interoperability comes into play, then this notion of consumer choice becomes somewhat illusory. If you don't have easy interoperability it would be possible to have a PHR product that, for example, could be changed unilaterally after you've made this big investment. Small print becomes a big issue. Transparency--actual transparency in a way patients can understand becomes an issue. It could be that you are, for example, given incentives or even coerced into signing up and putting all of your data into a PHR because of an extra payment that you receive at work and then find later that it's difficult to change to a different product or to limit the uses that those data are being used for. So just saying choice isn't enough. Fair contracting requires standards for transparency, the existence of legitimate options, and easy ways to transfer your business somewhere else.
The clinical interoperability function, though, is more I think what Dr. Walker was just talking about, which is we need to be able not only to transfer data in a pile from one source to another, we need in some way to analyze, organize, and create meaningful utility out of that data as it's being transferred. I think one of the main things that I've come to learn in my work on this topic is that more raw data is not necessarily better. There's a series of studies in cognitive neuroscience on how people make decisions. It is far from clear that just giving me a big data dump that includes all of the blood pressure, glucose, cholesterol, and weight readings for all of my patients taken daily at home, is actually going to improve my clinical decision making. In this regard, I think that effective PHR use is going to require that they include clinical operations to digest and organize and analyze data as they come in. From a clinician's standpoint, a data repository is not actually all that useful. You need to have triggers, alerts, educational products linked to data and so on.
75 percent of doctors in our survey were worried that they could be held liable for knowing all of the information that's in a PHR if they're given the key. So if I get the key to a patient's PHR and I now know that that now makes me responsible for knowing everything in it, including data that are added between visits, then I actually don't want that key, unless it comes with a promise that I will be notified when important data are added and that there is some kind of functionality to screen those data to make sure I'm not getting dozens or hundreds of irrelevant alerts every day. There have been a number of studies recently about how doctors handle alerts. I'm sure you're familiar with these. We ignore most of them because most of them are easy to ignore and maybe should be ignored, but that leads to a pattern of behavior which is not necessarily healthy either.
I think the window of opportunity to address all of these concerns is open, but it's actually short given the requirements of the ARRA to have standards for interoperability published by December. So I'll summarize just by saying, again, I've laid out problems and I sort of want to apologize for that because I'm actually a proponent and the AMA is a proponent of using electronic data interchange and PHR's to improve patient care and the patient/doctor relationship. I think the basic lesson from our survey is that the data in PHR's needs to be of good quality, secure, and in a format that is clinically useful. It can't simply be a data repository, unchecked with piles of information that doctors and patients are expected to sift through and then be accountable for. That could actually be harmful for decision making.
I'm going to stop there because I know I'm over my five minutes. I just have a feeling.
MR. HOUSTON: Thank you everybody for your testimony. We are going to take some questions now and keeping with my prior comment I'm going to start with Paul Tang and work around the table in the opposite direction.
DR. TANG: Great. Thank you. I've enjoyed all of the testimony we've had in the past couple days. I think there's been a palpable difference in what I'm going to describe about this one. We talked a lot about theoretical and theoretical benefits and costs, but here we're talking about people who live and breathe and have real and substantive and quantitative material to present in terms of the benefits and the costs of using these things.
We've heard about the quality of care and the satisfaction of both the patient and the health care team and the penetrates--less than one percent, perhaps, for the claims-based plan provided version and 50 percent in the provider-supplied version. So I'm trying to figure out what are the key differences. We've talked about the quality of the data across the board. We've talked about interoperability and privacy protection, which is the topic of this one. So what are the recommendations that we could provide from a policy point of view. Interoperablity is being covered by the Recovery Act.
Privacy--and I don't think you can regulate quality of the data--but privacy is something that we could potentially regulate. One of the things that Anna-Lisa mentioned is leveling the playing field so that we understand and the patient understands what is the benefit of dealing with a covered entity. There is a floor. So what does the panel think of the need for whatever that vehicle is--regulation or legislation--that would put a floor on how you protect the privacy or confidentiality of health information for the non-covered entity? So that's my question for the panel.
MS. SILVESTRE: Without going into a long discourse about technical standards, what I know about the efforts that we've made and those of other large integrated systems is a considerable investment in understanding the security system behind what you've built. One thing is you've got to bake that in from the beginning. Security and privacy is not something to add several years later. It has to be thought through at the beginning and a continuing investment needs to be made.
I think it's hard for consumers to interpret privacy policies. I think they're not well written. It's like all of us, I'm sure, go to websites and you get this terms and conditions and it scrolls for pages and you go straight to the box and if you really want to do something, you just click the box. We know that some people read it word for word and when ours changes we have people that track the changes but that's a small percentage of people today. So I think standards around lay language in privacy policies would be attainable. If everybody doing a PHR had to write a privacy policy in sixth-grade reading level, that actually would help a lot. I think it's hard to legislate here's how you need to make the investment in the back end, but you could write standards for how you need to explain what's being used, how it's set up, and some standard capabilities that every PHR would need to answer to. Some of those standard questions are how do you store the data, how do you use the data, how is the data shared, and just sort of a template of how you could explain that in a standardized way across all, even without extending HIPAA protection across non-covered entities might be a very good start.
DR. TANG: Let me clarify the question and see if I can interpret your response. So my question is should there be a reg or a law that has a floor on the protection of health information entered in PHR's? Did you say the reg or law should just talk about the clarity of the privacy policy?
MS. SILVESTRE: I think it's both. I think that there should be a floor because I think there should be a level playing field, whether it's HIPAA or not HIPAA. Consumers will trust and use online services, but they have to go in with a feeling of trust and if that's not there--I think people don't understand what HIPAA provides them. I think HIPAA gets bashed a lot and, in fact, I think HIPAA has done a lot of very good things for large systems to help us protect the data and pay attention to how it's protected.
DR. WALKER: Paul, I'd break that into two levels. I think there are some groups that need motivation--we probably all need motivation, some need it more than others do and I think that should be part of the floor. I think the other side of that is if you are motivated to protect patient confidentiality, it's very, very difficult. We probably spent several hundred person hours reviewing national policies, state requirements, and our own existing policies.
One of the things I did was we completely revamped our own general patient protection policies in the light of that review and then created those very complex--maybe they don't look complex to you--agreements that various people can do so that a parent can have access to an eight year olds record. That's critically important. If you have an eight year old with diabetes, having the parent be able to work with the patient and say they drive two hours to their diabetologist, which is nothing unusual, the ability to have the parent and the child work together and sort of keep that care process going in between fairly infrequent visits is critically important clinically, but it took us forever to work out how we could do that. We have colleague organizations in other states where at least their interpretation of the state law is that it forbids them doing that at all.
So I think there are two levels. One is just giving us all a kick in the butt to do it. Then the other is really looking carefully at all the things that make it hard to do well and addressing those.
MS. GRAHAM: I just wanted to add--I won't speak for Kaiser, but for those of us that cross state lines and cross the nation, this consistency in message is very important. I don't think the average consumer knows that you are probably a little bit safer going with a provider-based PHR than not just because of the protections that come with it. I think that normalizing the information that goes to the patients across the country and putting a floor in place so that it's a level playing field. Even to protect those consumers that don't ask the questions is really the right thing to do.
DR. WYNIA: So, three quick points. One, I actually have a statement here that the AMA Washington staff drafted for me so I can say, with clarity, that the AMA supports federal efforts to apply the HIPAA rules to directly cover additional parties involved in the electronic exchange, storage, use, or handling of health information not currently covered by HIPAA. So with regard to PHR's, the AMA is in support of extending HIPAA privacy protections.
I can also tell you a little something about--and this I found interesting, actually, in terms of our survey data--not surprising, two thirds of doctors believe that PHR's might not have adequate privacy protections right now. More surprising, two thirds of doctors--61 percent--said to promote record sharing there should be better enforcement of current privacy laws. You almost never get doctors saying there should be better enforcement of existing law. Now, granted, this is in the context of a survey about these issues, but it does give a sense that there's a little more nuance to understanding both the pros and the cons of the HIPAA regs amongst the clinician community. I think it's common to think doctors don't really understand or know much about these and there's probably some truth to that. We've done other survey work around HIPAA and that's probably true. Nevertheless, the concern with privacy is strong enough that it's driving some doctors to say it should be enforced even better than the onerous rules that we already feel we live under.
The third thing is, just on a personal note, I would absolutely endorse the notion of better transparency and literacy and cross-cultural issues, looking at how we communicate information in consent forms. Most of these are more like notifications because, in fact, when you're signing up for something, you're probably going to sign up almost--you know, if your employer's offering you one of these and they're giving you 50 dollars a month in credit in order to start using it you know people are not going to look at the small print. So if there's something worrisome, it needs to be there.
That goes back to the point I made earlier about changes in these contracts over time--about making it easy for people to block specific uses over time. I almost wonder if one of the models for how you think about these contracts would be the credit card regs that have just been revised. You don't want it to be too easy for someone to change the privacy policy once you are invested in one of these products. I'm just thinking off the top of my head but I wonder if there's something to be learned from other regulatory environments where a change in the existing contract may be of real meaning to the consumer end and they may not feel like it's all that easy for them to walk away from this contract, even though it's changing on them.
DR. TANG: So to summarize, you all seem to indicate you thought there should be a floor that was easy to understand and that was uniform across the country.
MR. REYNOLDS: Thanks to all of you. I've touted you numerous times as we've watched each of you--a lot of us, as we look around the country. You've done a great job so effective immediately, you no longer get to work in your closed environments.
Help us understand that as we take the successes that you are clearly stating--and Paul said it eloquently earlier--and now as we try to write considerations to the world out there where there are docs who don't have anything, there are consumers who are not a part of your environment, and we have to bring everyone along. As you take your successes and now you translate it to the rest of the world that's out there that we're trying to move along that doesn't have quite as clear and precise management and agreement process as you do--it's a bit more open out there--what are the things that we need to know and what are the things that we have to make sure get put forward--we'll stay with privacy and security for this time, that really are going to allow the rest of that group that isn't anywhere near where you are come along and make sure that the things are in place to do that?
MS. GRAHAM: We talk about this a little bit in our written testimony but right now for full access to your electronic health record information, for VA we're still in this in-person authentication mode. I think greater clarity for acceptable online authentication would both increase our usage, but we've seen that it is essential for an uptake in the private sector and if we really believe that these benefits can be propagated outside our own organizations we know that is a major hurdle right now--the need for online authentication.
MS. SILVESTRE: We've--at Kaiser Permanente--really pushed the envelope on making authentication as easy as possible. So we've noticed a huge uptick in usage once we went to online authentication that is used by the financial industry. So today if you apply for any kind of credit or open any account online through a financial institution, chances are you can go through a system where you get asked four questions from public databases and if you pass three of those four then you are able to get a password right away and use the services.
That system, which was a very challenging initiative to put in through health care, a lot of queasiness and qualms about asking consumers who are in a medical care situation questions that come from other parts of their life and their past. Let's just say it took over a year to get that through our organization. Now that it's through and we can work with the vendor on fine tuning those questions, that has removed a significant barrier to usage. I think the VA and other systems still require patients to come in in person and sign forms and show identification and that kind of process, especially if we want to reach the huge number of people who don't have very many office visits, what we're really saying is you've got to go drive in and authenticate in person. While that's a very secure method, we can learn much from other industries who are much more advanced in how they use online systems than in health care.
So we tried that. We were first out there. We have a lot of good learning's about it. We should probably publish those so that others can understand. We actually do share pretty openly how that works and who the vendor is and what we've learned.
MS. BERNSTEIN: Can you just give me a quick example before we go on about the kinds of questions you're talking about? Are you talking about, you know, how much is your monthly mortgage payment?
MS. SILVESTRE: Yes. So you would be asked questions. Here are four answers. Tell us what your mortgage payment is. One of my favorites because I did this for a financial institution and I kept having to yell to my husband in the house, what was our address 12 years ago. It was an address form 20 years and that brought up this I didn't like where I lived then, I didn't like my life then, I don't want to have to remember that address. But it does ask you personal questions that come from public databases. I think we're always a little surprised to understand how much of our private data is available.
MR. HOUSTON: I think you referenced in your testimony, though I can't find it, the service that you are using.
MS. SILVESTRE: It's RSA.
MR. HOUSTON: Thank you.
DR. WALKER: Why don't you let me respond to Harry's, if you would? I want to go back to the two level. I think one of the things would be to have a clear floor and you just have to do these things to do a PHR. I think at a second level, if there were a voluntary best practices set that an organization could say we're going to agree to do all of these best practices and if we do all of those best practices--someone could certify that in some reasonably cost-effective way--then there would be a set of tools that would go with that and there would be a consent form and consent form for surrogate users and for children and a whole set of supporting tools. Instead of the organization having to be robust enough or crazy enough to expend a huge amount of resources, creating those and maybe getting half of them wrong anyway, you would be able to sort of have that whole set of tools so that if you'd say, yes, we'll agree to use sixth-grade reading level in all of our communications and to tell them about this and to tell them when there's changes--all of the things you can't get into statute and reg but would be good ideas in almost everybody's mind--then you'd have a situation where an organization would have a very powerful motivation to accept that voluntary set of standards and then have a set of tools to execute them and cut the costs probably by 80 or 90 percent.
DR. TANG: My follow up question to Anna-Lisa is the notion of online authentication using publicly available information--doesn't that seem the antithesis of secure authentication because you, yourself, said you have to deal with the ex-spouse. Wouldn't the ex-spouse have access to the exact--first, wouldn't they have access to their personal information, but more importantly since these are all publicly available why wouldn't anybody be able to do that?
MS. SILVESTRE: Right, let me explain the end to end process. So the online authentication is only the piece that gives you the password. You have to start in our system by giving us your medical record number, your date of birth, and your address. Then you can get an instant password by answering three out of four questions correctly. We also send an email to you saying you just requested a password and that gives the alert if somebody is not who they say they are but it is possible.
In any situation today I have, for example, enough of my parent's personal information. I know their social security numbers, I know their address, I know their phone number, I know their medical record numbers. I could go in a create accounts on their behalf. So we'll never have a secure enough method unless I think you're using biometrics to individually certify that every single person that sets up an account is who they say they are but there are enough safeguards in this system by notifying people when we are sending up something in your name and asking some personal information that prevent unauthorized access.
MR. HOUSTON: Is it possible that Kaiser could submit--do you have something like a white paper that you have on this? It might be interesting for our committee if something like that is available. If it's not, that's fine too.
MS. SILVESTRE: I can see what we can do. Give me a couple weeks.
MR. HOUSTON: Great. Thank you. Leslie.
DR. FRANCIS: Something that you all have touched on but that hasn't gotten maybe as much attention over the course of things--and I'd love to hear your thoughts about it--is audit and notification. That's something that pretty readily available to regulation and also we know that one of the things that really worries consumers is the possibility that somebody might have access to their information and they may not know.
I know one of you, I think it was Anna-Lisa, commented that policies that are really draconian--you have to get it tomorrow are a problem. I think it was you who said something about not wanting to have policies that require--about a breach? Yes. Right. So what I'd like to know is what your policies are about whether you tell people automatically, think you should tell people automatically? What kind of notice policies about who has accessed their data you think should be in place? What you have? What you think should be in place? And perhaps if you have any data about what providers think would be a good idea about what we ought to do about letting consumers know who has seen their data?
MS. SILVESTRE: It is our standard business practice and was before state laws kicked in on privacy--California has some very strong privacy state laws about notification of suspected breach both in the financial and in the health care industry. Our standard business practice is we do notify every patient where we then have a confirmed care where their data has been accessed or shared by others.
It starts to get really tricky because PHI has got a standard definition of HIPAA but is first name only a disclosure? Is last name only a disclosure? What if it was just a partial of your street address or just your email address? We've had a situation where running a test script email addresses were disclosed inadvertently. So that's a tough one where you could say by strict PHI standards that's PHI, an email address, but is it really a breach of your personal health information. It didn't have anything about any part of your care, just one piece about you.
So the more you parse it, the trickier it becomes. If you've got breaches that cross several systems and you have several different data sets, that's where--you know, the more complex the system, the larger the volume that you're running, the more unlikely it is that within a 24 or 48 hour or even 3-day period you're really going to have confirmed what data was shown to what other person inadvertently. Then, again, defining what PHI is.
I think we're all clear that if my personal health record that contains sensitive mental health diagnosis, sensitive health information diagnosis, drugs, street address, medical record number was disclosed to somebody else then that's a clear breach. It starts to break down as you get more into the finite details. So I think it should be standard business practice for any business today to disclose whether your information was shared with someone else. I know I got a notice from DSW Shoe Warehouse--I was quite disappointed that breaches had gone all the way into the shopping realm.
DR. WALKER: In terms of audit and reporting to patients, we audit very carefully who accesses their record. We don't send out that to the patient as raw data. If the patient asks we provide it. That's another one of those situations where no one's actually tested what happens when you give that information to patients.
We had a case years ago in another life where a VIP was admitted to a hospital was there about 36 hours and there were 69 accesses to their electronic record so we assumed we had a problem. We went through it very carefully. It turned out every one of those people had a care relationship with the patient. So the way health care is set up, patients end up being cared for or having contributors to their care who they would have no idea had ever been related to it. So you can imagine sending that list of 69 providers to a patient without any interpretation--what the effect could be of that.
MS. SILVESTRE: We would not advocate for keeping a database alive of who has accessed your electronic health record. The storage space for that alone--and I put that in my testimony--would just be enormous in real time. If you wanted to go in and say who's looked at my EHR within a given system, that's a really big undertaking.
DR. WALKER: But we do that routinely and provide it if the patient asks for it.
MS. GRAHAM: I just wanted to add the PHR for us is very, very different. We make it clear from the beginning to the veteran that while the servers and the databases are behind the VA firewall, it's really their information to control. We are testing delegation. Delegation will include delegating to a VA provider. The only connection that we currently have is by volunteer of the patient wanting the provider to participate. Then also on our electronic health record we tell the provider this person has a My HealtheVet account so that if they want to use that as a teaching tool because we do have teaching aids and health diaries and things within in it. But, as Anna-Lisa stated, in VA we follow the same privacy breach regulations we follow for any information that we hold within our organization.
MS. SILVESTRE: Kaiser Permanente recently took care of a very well known patient in the state of California who delivered multiple children. There were a number of individuals within the care system who had unauthorized access and did access that record. They were all terminated or resigned. So we took really swift action on that and there is also a way within I think most care systems to block access to records for somebody who has a high profile of any kind.
DR. FRANCIS: Excuse me, could I just follow up. Did the patient know of those events?
MS. SILVESTRE: In this case, yes. It became quite public.
DR. WYNIA: I just want to note that, first of all it's fascinating the discrepancy in how easy or difficult it is to maintain an ongoing, active audit process. I think we heard yesterday as well from one of the other folks that they maintained a list of who has accessed the data. The question about whether patients would know what to do with the list of--I think Mark Siegler, ten years ago, showed that something like 75 people have legitimate access to your medical record any time you're admitted to the hospital within a day. Most of those people's names you would not recognize. Whether it's useful to provide that to patients is another question.
We did not ask about audits, per se, but we did ask in the survey about patients requesting that you withhold some of their data from some of the other providers taking care of them. It turns out that's actually very, very uncommon. The vast majority, 94 percent of doctors, said they basically never had that kind of a request. So I don't think, unfortunately, that solves the problem because for that five percent or for that one patient that really doesn't want that information to go to their dermatologist, it's a big deal. But it's not a common scenario.
MR. HOUSTON: Thank you. I'm going to shift gears slightly because I want to talk about proxy for a few minutes. There's sort of two ends of the spectrum with respect to proxy and I look at Gail and I realize that VA only has to do deal probably with one of them, which is the elderly population, but I'm very much interested in both sides. Working for health system in Pennsylvania like Dr. Walker, we had to deal with rights of minors and their ability to separately consent for STD treatment and mental health treatment and things of that sort. I know we wrestle with what type of proxy access do we make available to parents or caregivers--people who are responsible for according care? How much granularity do we have? How much access to the record do we provide? How do we manage it to ensure that not only do we meet the reasonable expectations under the law but also make sure that the patient receives appropriate care? Clearly with the elderly population it's a huge issue as well.
I would just like to get your insight as to how you deal with proxy and what are some of the real world issues that you had to deal with when developing a proxy schema within your PHR.
MS. SILVESTRE: Well, now we could be here for a couple more hours. We are very, very deep into this issue. We've extended proxy, what we call the first phase, adult to adult. So if you are a member within the system you can assign proxy to another individual and it doesn't matter whether they are related to you or not related to you because many caregivers are not related. So we have adult to adult proxy in place. I have that in place for both of my parents.
We have adult to child, however the complication there is that by state law at 13--that varies by state so that's even trickier--then children have a right to receive confidential services without parental notification. So what we're building now is a way to mask the confidential information so that parents can be proxy and view legitimate parts of the medical record like immunizations is probably the most important and being able to email the doctor. So I have a teenage daughter and I definitely would want her to receive confidential services without worrying about her mom in the way, but I also want to be able to email her doctor because she just had a stress fracture and I can't do that today. I can't look up the other medications and immunizations that she's taking. So we need to go in and fix that.
We also need to extend proxy relationships to people who are not members of the system, which brings up another whole level of authentication. How do you authenticate people who don't have data in your own system to reconcile date of birth, name, and address? That will be tricky but I think we will get through it.
An interesting challenge we faced internally is that the legal group is very, very strong on restricting access and wanting to be able to do a very often renewal. So my mom would every two years have to go in and say, yes, I still want my daughter to have proxy access. There are some consumers, very few actually, who want line by line veto with what they can share with others. So there was a husband that didn't want to share his test results but he wanted to share everything else.
MR. HOUSTON: Are you making that accommodation in your product?
MS. SILVESTRE: No, we're not. We're actually going in the other direction. For convenience, because we recognize that it's a hassle to go in and do that assignment, we kind of have an all or nothing approach. So if you want proxy access it will be everything except for confidential teen records, which is protected, or you sign up for everything and we want to loosen the operational restriction for how often you have to go in and validate that. I think it would be a really tricky database to maintain if we allowed consumers to go in and say I only want these kind of records available to others. It's certainly not available in the EHR but we're not going in that direction at a PHR level within the system.
MR. HOUSTON: I really want to hear everyone else, but as you were answering I had one question to interject. Are you going to allow physicians to grant proxy access, especially in cases of parents that might not have their full faculties, such as I have a parent that has dementia or Alzheimer's? Are you going to allow somebody to be able to grant proxy access?
MS. SILVESTRE: Yes. We do that today. That is actually handled through an office visit where you can go in--that would be true for my Dad that I would go in and talk to the doctor and say he can't even sign or he's not aware of what this is but I really need to access his records.
MS. GRAHAM: Right now we handle this with delegation so it's actually the patient that's delegating. They can delegate--obviously for our purposes the individual doesn't have to be within the VA structure. It could be to a non-VA provider. It could be to a VA provider. It could be to one of their children or others. They can make this time limited and they can't have control over the parts of their PHR that the individual has access to. What we're dealing with now with our general council are those other relationships--guardianship, power of attorney, relationship, which I think is more of a proxy. So an individual could grant it just for 24 hours because you're being seen in an ER somewhere, for example.
DR. WALKER: We use delegation and we enable power of attorney to demonstrate that they are power of attorney and have access. That's the only way we give access besides to children under 14 without the patient validating it. It would be interesting--we ought to give the Kaiser policy and our policy to demonstrate how hard it is for very well resourced organizations to go through this and come up with the same conclusions about what is appropriate both from the patient's needs and from confidentiality and privacy and from legal. We'd probably find our stances are fairly different even though we have a brilliant attorney who must spend a third of his time on health IT issues, a very capable privacy and security officer, we involved adolescent medicine physicians, patients, and spent six or eight months working through the process. I'm sure we'd all be confident that there are places that we wouldn't be surprised if someone interpreted it quite differently than we did.
MS. SILVESTRE: I think that would be true. Just to add to that our process is ongoing. We actually have a whole e-log group within the organization that combs through all of the suggested changes to anything. It's really a balancing act between the needs of operations and convenience to patients and at the other end a set of laws that don't always call out a specific statute but they call out a position and then there's interpretation. So I think that's a really good point. I would be interesting to see how we vary having gone through a very similar process.
MR. HOUSTON: If you're comfortable--I don't know if anybody would be willing to share their proxy policies. I know it's something I have great interest in and I think as we're trying to fashion all of this that it would be helpful to us as well. Again, I don't know how much of that is publicly disclosed by your organization.
DR. WALKER: I gave you our sign up forms from which you can infer a fair amount and we're trying to find out what we have else that's written.
MS. BERNSTEIN: Yes, those were attached to the back of your testimony or separate handouts but we do have them. If you don't have one, I will get it to you.
MR. HOUSTON: Yes, I don't remember seeing that but it would be very helpful.
MS. BERNSTEIN: No, I don't think anyone sent one but Dr. Walker. If others want to supply them, we'd be happy to have them.
MR. HOUSTON: That would be very helpful. We have about ten minutes. Walter do you have a question?
DR. SUAREZ: Yes, thank you. Well, first of all, thank you for your testimony. It's been just a terrific couple of days. We have heard throughout the two days a variety of issues around PHR, not just exclusively focusing on privacy and security, but a number of areas including some of the functional aspects of PHR's. This last conversation, incidentally, made me think that all of these requirements seem to apply to providers but not so much to vendors of PHR's--all these proxy issues.
That's the point I want to make and raise as a question because over the last two days we've heard a number of--I asked a number of questions of the panel about the expectation or the need for some minimum privacy and security protections to be required of PHR providers, particularly those that are not subject to HIPAA. HIPPA, as a provider you are all required to comply with that whether it's about an EHR or PHR. They help plan the same thing but there are some vendors that of course are not subject to any of those.
There's one interesting aspect about the vendor perspective, which is the locus of jurisdiction. If I am Google, to give an example, and I have PHR's from patients and from consumers all over the country, what are the state laws that regulate the expectations of that control? If I have patients that are consumers from Minnesota and from Florida and from California and I'm based in Portland, Oregon, for example, what's the law that requires, on the state level, protection or controls? The good thing is there are not too many, if any, state laws--as much as we had a lot of state law and that's what HIPAA tried to address back in the nineties when there were hundreds and a variety of state laws controlling the privacy of health information from the perspective of entities like providers and health plans. There aren't too many, if any, state law requiring or controlling the privacy of personal health records or non-entities that are not covered by either federal or state regulations on health care. So the tendency is to try to extend HIPAA into those entities and my concern, I guess, would be that an extension of all the requirements might not be the most appropriate way to do things because in many respects some of the requirements of HIPAA are counterintuitive to the purpose of a PHR in some aspects or perspectives. You know part of a PHR is really the responsibility of the consumer to protect his or her consent--his or her information from a privacy angle and have that responsibility too.
So what aspects of HIPAA--first question is really do you believe that an extension of HIPAA into PHR--non-covered PHR would be the right approach and if not what would be some of the elements from HIPAA that would be applicable to PHR? What might be some that are not? I'll give you one example, PHR requires all of us as providers and all the covered entities to give a notice of privacy practices to every consumer we see. Should that be something that should be expected by non-covered PHR? Just going down, a few examples of what might be some of the things that might be applicable from HIPAA?
First of all, again, do you believe HIPPA--just an extension the right approach? If not, what might be some of the unique things that are applicable and what might not be?
MS. GRAHAM: I don't think you can just pick up the HIPAA legislation and just slap in PHR. I think you need to do it thoughtfully. I think many of the aspects do apply. I do think they should have a notice of privacy practices that that individual should know if they are reseller of the data, for example. Maybe it doesn't need to be as constraining but I think there needs to be some up front notification of the consumer as they use these tools. I think it's probably just as workable to thoughtfully review HIPAA and determine what portions apply: the notice, the ability to amend, for example.
Speaking from a federal entity, we're still waiting for the day when HIPAA becomes the ceiling instead of the floor because for most of us we're still applying a whole cadre of privacy regulations to this information of which HIPAA is only one.
Certainly, we don't see, even though a large percentage of our population is over 65 but they're still very mobile--partially because now they're retired so they're spending six months here and then three months with their children and then they're going abroad--so I think it's very detrimental to continue to look at these things in a state boundary kind of way. I think where we live just amplifies that. I live in Virginia but I have received my care in Silver Spring and in DC. It just becomes, when you think about it, a really ridiculous way to approach this thing.
DR. WALKER: Rather than suggesting specific elements--I think you raise a good point and I would sort of address it structurally. HIPAA was designed for and is applied to people most of whose professional identity, usually all of whose professional identity is involved in patient care. It applies to people who, most of whom and almost all of whom have actually seen the patients that these rules affect and seen the outcomes of situations where the rules weren't followed. So you're taking a set of rules that may or may not have been designed with some understanding of that context and now applying them to a group of people who do not see patients ever, who have made very large businesses on executing processes, supporting processes that are pretty low stakes processes. If the search in Google doesn't work, what do you do? You don't even slow down. I think there is probably a cognitive problem in terms of when we read HIPAA it probably sounds very different than when other organizations read HIPAA and it would probably be a mistake to think that you could just apply HIPAA to completely different sorts of organizations and expect anything like the same thing or perhaps anything that you intended to happen from it.
DR. WYNIA: I'd like to endorse and expand on that just a little bit. I think that we consider privacy and the promise of confidentiality in health care to be supremely important because people have to tell us stuff that they wouldn't normally want to tell us. They are breaching their own privacy in the promise that we will keep that information confidential and they have to do so. So they're operating under this constraint and they're making a decision that they might not even be completely comfortable with but that is going to have ramifications. So we have to operate as trustees of that information. I don't know if that mindset of trustee-ship exists in all other aspects.
There is this alternative mindset about health information in the consumerism world where people say, you know, look, it's my information. I can do with it what I want. If I want to put it up on my blog I can do that. Why can't I decide whether to disclose it, decide this, decide that. I'm sensitive to that but it leaves this big gap between, you know, what people think they're going to get, whether they feel like they really have choice--if my employer tells me I'm going to be using a PHR, I'm going to think that that PHR is covered by this broad promise of confidentiality within the health care system and that anyone I disclose health information to understands because there is a professional ethic in health care. Everyone I give my sensitive information to obviously understands that this is sensitive information and they will treat it accordingly. I trust them in that way.
There are tons of people out there who have that level of trust across the board in the health care system. And we want them to have that level of trust across the board in the health care system and in this notion of professionalism that occurs. No matter who's receiving my health information, I know that they understand that this is sensitive information. There are plenty of examples where information ended up in the hands of a judge and then on the internet and so on where there just wasn't that sensitivity or sensibility or sense of medical professionalism about the privacy or confidentiality promise that we make implicitly any time we collect information from patients.
I fear that that promise is implied or inherent or assumed on the part of patients, even when they're putting data into a PHR. They're not going to read the thing. They're going to assume that this is health care. It's not like the information I give to the guy who just did my body work--I mean car body work. I just have the gut sense that people think of health care differently and they assume that when I'm giving you my sensitive health information, you will treat it accordingly. You're now in the health care field. You are now are a health professional, whether you know it or now, that's what people are going to think.
MS. SILVESTRE: That's what makes it really tough when large vendors, who I think have appeared before this group, state we're not in health care but they're going to be handling health care data. So to go along, expand and endorse everything that's been said before, I think it's less about--HIPAA's not perfect legislation. It's not perfect within health care but I think it has upped everyone's game about the role of stewardship of data. So I think the elements to go after and apply are what are the required data stewardship roles that any organization has when handling consumers' sensitive information.
I think that's where--I would worry about how large companies with large databases would do one of two things: sell that data or start to target information back to me without my consent based on my individual responses and individual data. We hear this all the time. People don't necessarily want, without asking and consenting first, to start to get a deluge of information just because they've searched for something.
MR. HOUSTON: Paul's going to ask one more question and then we need to wrap it up very quickly. Do you have a short question, Paul?
DR. TANG: Yes, it's short. So you said you that you had some questions or concerns about these companies who say they are not in health care and you say that you are interfacing with one of those companies. How are you thinking about that?
MS. SILVESTRE: How we're thinking about that right now is in the role of portability. So today the data exchange we're doing is very, very small. It's a group of employees who are requesting a copy of their health summary be sent over to Microsoft so that we can begin to understand--because we realized that we're on an island. We have a lot of data. It isn't readily portable or interoperable. I'm actually really enlightened by somebody's thinking I think through this group about how interoperability might actually solve PHR portability issues before PHR has to go figure out portability. In the mean time, we need to not stay on that island. We need to start testing approaches to data exchange. So realistically that's the direction that we're going in is we want to understand what it will take within the organization, what's the consumer acceptance, how do they think about it being sent over, most importantly how's the usability? Is it easy to do? Today it is not easy to do.
Those are very, very small steps before we get to widespread how does other organizations take all that data? What's our role as stewards of that data upon member requests for sending a copy elsewhere? So I kind of separate the two that in a way, it's buyer beware if you're out there by choice, if you've asked us to send a copy of your data. How far we extend our roll as data stewards is something all of us are going to be grappling with and trying to figure out.
MR. HOUSTON: I appreciate the panelists' time. You're encouraged, if you want to submit additional materials. In fact, we'd really appreciate it.
MS. BERNSTEIN: Do we have a moment to request specific things like that? Dr. Walker earlier said that you had a list of those things--if you have a list--of things that you thought there should be on a list of best practices and if you did those best practices--but if you could produce such a thing we would like to have that because it would give us an idea of where we need to work.
MR. HOUSTON: Great. We're going to break for lunch. The plan here is this. It's about 12:35 now. We're planning on having sort of a working lunch because we have a hard break at two o'clock or shortly there before. So we want to get lunch, bring it back here for the committee, and then maybe we can sit down an talk about what our next steps are next meeting, things like that. Leslie has an agenda thing she wants to work through.
DR. FRANCIS: Because Sally has to leave now, why don't I just read out my list here and then we can have further discussion after we bring our lunches back. Number one, if anyone has additional questions for panelists, please get them to Maya because we'd like any additional information from panelists within the next two weeks. If committee folks around the table could send via email to Maya by Monday any further information she'd like to get from panelists.
MS. BERNSTEIN: We haven't asked the panelists to do that but if they are willing to do that it would be lovely.
DR. FRANCIS: And, of course, if panelists don't want to do it that's fine but we can always ask. We've also had some discussion about whether we had anything to say about meaningful use and we thought--John and I--we're not going to go there for now but if people want to in June we can talk more about that.
Maya reminded me that if we want to get a letter in some kind of draft form ready for the September NCVHS meeting, we're going to have to have a set of conference calls over the summer so Jeanine will be sending out requests for calendar things. So expect--we will try within the next week or so to get a set of conference call meeting set up with everybody.
Finally, I think what we're going to be doing after lunch is trying to identify some major themes that we know we're going to want to address. I mean an obvious one is the question of a minimum regulatory floor. Another one is whether extending HIPPA--whether we're going to have any recommendations about that or going another way. Obviously the sensitive information question is a major theme but it might be nice if people have major themes. We will be talking about that after lunch but if you're not here in the time after lunch and want to have things be out there that we should be thinking about in a letter for our discussion when we resume on June 9th that would be terrific.
MR. HOUSTON: With that we do thank the panelists and we are going to break and, again, be back as quickly as possible. Hopefully over the next ten or fifteen minutes.
(Whereupon, a lunch recess was taken.)
Agenda Item: Working Lunch/Discussion
MR. HOUSTON: Since we're all working and this is supposed to be a working lunch--I know Leslie was going to sort of drive the boat.
DR. FRANCIS: Okay. The task that we want to address I think at this point is to begin to sketch out some themes that we think or some overall approaches that we think we are going to want to be addressing. My assumption is we are going to want to do a letter or report about PHR's. Whether in letter form or report form, I'm not quite sure. If it actually turns out to be pretty lengthy, which I think it might, my own sense is that a report form might be better but if we start at that assumption--Paul, you have a comment, though.
DR. TANG: Just on what you just mentioned I thought I would re-bring it into the context of what's going on in the other policy areas. Clearly, ONC has this timeline of February for this report on privacy as it affects PHR's. This was exactly a hearing on privacy as it affects PHR's. I think we really need to get input--formal, committee-approved input into that process. If you work backwards, no later than the September meeting should we have this product. Then if we work from that it seems like as far as we would get would be a letter and that's challenging but doable. So I wouldn't make any decision that wouldn't allow us to meet that timeline.
MR. HOUSTON: Is there any reason to believe that September is too late to provide input? I know that adds other dimensions to this.
DR. TANG: Sue would be the best person to ask there.
MS. BERNSTEIN: Is November too late? Yesterday we were talking about having a draft in September and November might be too late.
MS. MCANDREW: I think the timeline either--September, October, November--is not going to be too late because the other factor that needs to be reflected in this report is, of course, the reaction from both HHS and FTC with regard to jurisdiction over the breach notification aspects of high tech. In both cases, the regulatory framework for recertification will probably not be issued before mid-August and will only be going into effect then 30 days thereafter, which is mid-September. I think the decision making on the report, itself, is going to be a work that is going to be done in the December-January--
MS. BERNSTEIN: After that period, is what you're saying, because you're going to be caught up with doing the breach notice stuff before August and then you'll be collecting comments on it, although we're not necessarily required to--
MS. MCANDREW: All I'm saying is that all of this is going to be happening and there is going to be late-fall to early-winter data gathering that will inform the final structure of this. Of course, in all cases earlier is better, but I don't think that even November is out of time.
DR. FRANCIS: So that would suggest the timeline of first draft of what we're going to have in September for full committee discussion and final approval of what we have at the November committee meeting or hopefully even earlier but at the latest--
MS. GREENBERG: If you identify--try to introduce the subject, as Harry suggested, in the June meeting and then if you have something that can pass the committee in September, all the better, but from what Sue is saying it wouldn't be dead on arrival from November but that's it.
MR. HOUSTON: Could we change--from a format perspective, knowing how hard it seems to be at times to get certain types of documents through a committee, I'm almost inclined to say is it possible to say we have a one page cover letter and then a document that is attached that has bullet points of the things that we find are important concepts with regards to PHR's and privacy and security. I'm just trying to think of ways to get things through the committee quicker because we have this, and I'm guilty of this myself, problem of wordsmithing to death certain things that are of no substantive value. I'm trying to think of a way we can get around that.
MS. BERNSTEIN: I realize that this subcommittee, in particular, our work tends to be the most controversial and tends to get the most discussion, but I also tend to feel that the reason for that is because each of us, individually, feels we're an expert on our own privacy whether or not we call ourselves privacy experts.
MR. HOUSTON: We have an opinion. Everybody has an opinion.
MS. BERNSTEIN: Everybody has an opinion. On standards, I have to tell you, I look at those--I have no idea what's in there or whether they did it right. I have nothing to say about that. I'm not an expert and I haven't looked at it. But on privacy all of us have something to say and we all come from our perspectives and I think it's that time that we spend doing that--I tend to think that figuring out the right word is actually where the issues of the policy really come forward and trying to match the intention--understand the intention of the committee and then trying to get our letter to accurately, fairly represent that intention is challenging for any legislation project, anything.
MR. HOUSTON: But what ends up happening is we have a report that has a bunch of recommendations--I think from the last experience we spent a lot of time, almost a year, trying to get this report through when I think the most important stuff in this particular case is making sure that we have clearly articulated recommendations that are actionable, released for consideration by HHS and FTC. I think if that's what's most important and I think it is, then, boy, let's get that list together in as concrete and well-described terms as possible attach it to a cover letter and say this is what we think because otherwise I think we're going to spend forever.
DR. FRANCIS: I want to just--this isn't exactly disagreement but it's close. I think another important function that we can serve out of this is we got amazingly rich information and something that is a little bit--what I was actually envisioning as a report is not really terribly controversial. I was thinking, actually, a compendium of the rich information that we got would be helpful to whoever has to decide that. I also think we ought to do recommendations. But the recommendations are the controversial part, the report is not the controversial part and we could generate that I think easily by September. That's a record that we want others to be able to have.
MS. GREENBERG: We always ask the subcommittees if they want detailed meetings from the hearing. I would think that you would from this.
MS. BERNSTEIN: Or we might want a summary in a way that we did a summary for the last--
MS. GREENBERG: That you could what?
MS. BERNSTEIN: A summary statement of the information that came out--what we asked and so forth. What I want to know was what came out of it, not the back and forth so much.
MS. GREENBERG: I know but there are two different things. One pretty much goes through each panel and summarizes and another would be more of a synthesis like we did for the meaningful use but we don't have a contractor for that right now. I'm not saying we couldn't maybe obtain one but we didn't bring them in on the front end. We are prepared to at least have someone do minutes.
MR. HOUSTON: Here's my fear of a summary, though, is simply that we all probably have totally different notes of what we took away as being important from this conversation today--in good faith. My fear is that with only a summary, it's a summary of one person's perception of what they heard--
MS. BERNSTEIN: Unless she's just reading the transcript because she wasn't here.
MS. GREENBERG: Right, right, they're reading the transcript. I'm not saying that would be all you would have. You would build from that on your observations and recommendations or something but I'm just being administrative in a way. I just want to get clarified that you do want us to prepare minutes or a summary.
DR. FRANCIS: Yes. I actually think we should try to produce an analytic summary. I know you don't have the staff to do it but I think it's something that one of us could take the lead to write up and others could then add in.
MS. GREENBERG: In lieu of minutes?
DR. FRANCIS: No, in addition--once we have the minutes.
MS. GREENBERG: Oh, well, that's another story.
MR. REYNOLDS: I hope we go back and look at our letter. It was referenced a number of times. So the important thing to me is to either restate that we still feel the same way on those things or adjust them based on what we heard or give additional information about them. I think it's always good for us--if our stuff is referenced then it hasn't been acted on significantly but it's still relevant that we make sure we don't--if we change what we thought, we change it structurally. If we don't, we reinforce it. So I think that's the first step.
The second--John, playing off of your comment about at least initially getting it to the committee as some kind of bullets and some other things--I think the other thing that would be helpful is if you look around the room and you think about the committee, we have one of our doctors here and that's Paul--we have two, excuse me. So the point is that I would like to see, as certain parts of these issues we know that our physician group has concerns and has voiced those concerns consistently--not right, not wrong, just voice their concerns. So I would like to see if we come up with recommendations, John, as you guys were talking about that members of the subcommittee who have been here and agree that that's where we're going would be willing to discuss those areas as the person in context. So you two how docs thing and so on might be a little more helpful getting it through, otherwise it turns into--you know if just the Chairs do it or we just submit it as the group then their first question is, well, nobody thought about it from the doc's standpoint. So that might be helpful as we look at these things so that we share--because a long time ago we decided we would try to do things in the subcommittee and then when you bring that back to the committee in some kind of context--I think that would be most helpful. At times we kind of got ourselves spun around so that might be a helpful way to do it. Again, to get it to the committee, even if it's this June meeting, get some highlights as to the things that we clearly thought we heard even if they're just subjects because then if the group starts having a chance to react, we're going to know where we are on it.
MR. HOUSTON: That's Leslie's point, I guess, of what she actually opened this with--thematically what are we talking about?
MR. REYNOLDS: And, again, I'm not talking about anything other than possibly a summary of the discussion with key subjects so that you've got two or three shots at the full committee to get it. That would be my thought. I know Walter has his hand up.
DR. SUAREZ: First of all, I think it would be very helpful to have detailed notes for us. I've been taking notes myself but trying to capture some of the essence of the testimony will be great. I think there is detailed notes about the testimony and then there's notes about the question and answer that happened. I think those are very important because those illicit some of the essence of the themes. Thirdly, I agree with Harry that we can provide our perspectives based on our own backgrounds but I think we also can bring some of the perspectives of other areas or aspects of all these issues that have been discusses. Certainly I'll be happy to provide that perspective as a physician but I can also provide my own perspective about what I think of other things. Fourthly, I want to mention this and maybe clarify the scope. As I mentioned in the last questioned I asked in this last panel, we heard a lot about things related to PHR's. We heard about functionality of PHR's. We heard about a number of things that are not specific or exclusive of privacy or security. So one question would be do we want to capture those as well? Because in many respects, we might be setting up sort of the this is what the state of the nation is on PHR's across the board or do we want to really focus on the privacy or security aspects?
MR. HOUSTON: I don't think we have the luxury of time to dive into PHR's in general. I understand we have a lot of great testimony but because of the timing I think we have to be laser focused on things that are concerned with privacy and security. I think it's fair game afterward, to talk more generally if we think there are other themes or punt it to the full committee to say we think these are things that maybe should be explored but I think we need to focus on privacy and security first.
MS. GREENBERG: I think that's why you should have full minutes because that will pick up everything. Otherwise, if you were just going to pick up on the privacy and security issues, all of that other rich testimony would only be in the transcript. The other thing, though, it would be very worthwhile, in addition to Harry was suggesting going back and reading the privacy letters, to look at the committee's report on PHR's, which was several years ago but much of it is still relevant.
MR. HOUSTON: And sensitive information because I think that was the other one that was referenced as well.
MS. GREENBERG: That's on the web.
MS. BERNSTEIN: In talking about scope and the richness of the information that we got in the last two days, the testimony that we collect as a subcommittee is not just for the subcommittee. It's for the whole committee, we just happen to have arranged this particular meeting. That's sort of going to what Harry said, but we need to think more globally and look back at our letters and see what's useful. The information that we collected that's not specifically relevant to this subcommittee may be relevant to other subcommittees that want to look at it or follow up on it so I think we should think of ourselves as acting on behalf of the full committee when we arrange on of these hearings--
DR. SUAREZ: If I may very quickly say something about that because the Standards Subcommittee would be interested in some of the standards concepts that we're discussing.
MS. BERNSTEIN: Even if I admit I may have tuned out a little right there.
The second thing I wanted to say is that Carrie mentioned our stuff--some of it hasn't been acted on by the Department but it's being quoted in the private sector. Even if the Secretary hasn't acted on it, the private sector is acting on our recommendations. This committee is very well respected. The group of experts that we have here--and this subcommittee, in particular, develops what I think have been very useful--and all that hard discussion and wordsmithing and all, which is difficult and contentious is apparently very valuable out there in the world. So I think somebody's glad somebody's doing it.
The third thing I wanted to talk about just process-wise is things that we can do to make that less difficult. We tried to do some of those things in those last letters that I think we should do again. One of them is to invite the Committee members to our calls--other Committee members, who are not on the Subcommittee to our calls. Not all of them took us up on it but some of them did who were particularly interested. The other thing we can do is circulate the drafts and invite other committee members to comment on that so that even if they don't pay attention, they were at least supplied and had the opportunity to get prepared as to what was going to be talked about at the September meeting and perhaps at the November meeting if it goes like that.
MS. GREENBERG: Our process document that we labored over. I can send that to you if you need it.
MR. REYNOLDS: Let me comment first, so that I don't forget to say it, this was an amazing two days. This was really a great cross-section of what's going on so thank you to everybody that was involved.
Second, I think it's really, really important for us to make sure that we position this in that although, I agree with Maya, the industry has picked it up, but they are not standards. They are not certified. In other words, the things that we have recommended have been picked up and used by segment of the industry and some of those segments of the industry are government but they are not--as we heard over and over again and as we questioned, they did not receive the seal of approval. So as we go to this next really fast movement we're about to enter, just with what we heard and the reference to things we had talked about before and so on, having that now be picked up whether it's through some other committees, whether it's directly be the Secretary of something, then makes it happen. That's what I think is the key. So, yes, I'm really excited about what we did and it is getting picked up but now is the time to get it plugged into the right place to say this is it and then it starts to happen.
MS. BERNSTEIN: I think because of the report we have an opportunity for that getting picked up much more than we have in the past where there wasn't some particular issuance that we were coming out with.
DR. TANG: Are we ready to move to themes? Just to reiterate what everybody said about the value, I think it's been a very productive two days. We've heard from all those sides and I guess what I keep going back to is some of the summary questions that we asked this panel, which is I think the status quo is not good enough. I think there is action required in order to protect the public's expectation.
No matter who you are when you give up private information we just in this society have this expectation. It comes from the Hippocratic Oath. In order to meet the public's expectation and fit they way they behave--that is they give up confidential, private information with the expectation that it's maintained in a secure and confidential manner. I think there does need to be a floor that covers everyone. It so happens that HIPAA is a floor above where I'm imagining this universal floor to be so it really doesn't change anything for the covered entities but that in order to help grease the skids for use of health information in ways that benefit the individual and population, which is the goal of the whole HIT movement, one consideration is to recommend, whether it's law or legislation, that establishes a floor. Ideally, and I think you heard that from everybody yesterday and today, it should be uniform. So that would imply a federal--implies a bit more than that but let me stick with it would imply a federal regulation or law that would establish privacy protections for health information no matter where it's stored.
MR. REYNOLDS: Can I make one friendly amendment to what you said? I think this is where maybe we've gotten a little bit in trouble in the past. I love what you said about the consumers and the public but I think what we also are saying is something that allows the caregivers to feel comfortable and allows those that are building the tools that will be used--the products and tools that will be used to also be successful. So I think that's the thing that we're really trying to get to because with the stimulus money people have to adopt things. So we want to satisfy the public and the consumers and what they want, we want to satisfy the caregivers that they can still give care and get the right information they need, and we want to be able to give a clear direction to those that are building the capabilities so they can start. That's what we heard. If you don't tell me what I need to do or don't give me some framework, how do I--how do I build to a ghost is basically what happens that keeps changing all the time? So if you would take those other two additions as an amendment it gives the whole thing because you already said the public and then I added the caregivers and the people that are developing the answers.
MS. WATTENBERG: So you're saying the floor would be not above HIPAA or above HIPPA? So what do you mean it would be stricter or less strict?
DR. TANG: So there are a lot of things that a covered entity has to do that is totally unrelated to a patient, a consumer so it's very unlikely to involve anything and that's why I don't think, for example, we "extend HIPAA". I think there needs to be some principles that get codified in law or regs that would protect health information no matter where it goes.
DR. SUAREZ: I wanted to make a comment because my sense is what we need is a privacy and security protection framework for personal health records that are not subject to HIPAA. Personal health records that are by providers and payers, they are already covered by HIPAA and there is everything and anything about privacy and security that applies to Kaiser on its role as a maintainer of data for user of EHR that applies for a PHR. What doesn't exist is a level of protection for consumers when the data is being maintained by a vendor of a PHR, independent.
I started my own analysis of the what I categorize as about 40 plus privacy requirements on HIPAA and a number of them are not translatable to a PHR, stand alone PHR. My sense is and what I heard more was that we need--we already have regulations on the provider and payer side. We are protected from a HIPAA perspective. We need something that provides the same level of protections applicable to a private vendor. That's what I heard.
MR. HOUSTON: To follow up on what Walter just said, I think one could argue that you could spend--the entire theme of this could be the need for some type of floor or some type of regulatory framework. Then we could drill down in into or recommendations specific to everything from proxy to sensitive information. The only area that I would probably disagree with you Walter is that I'm not sure that this is only for entities outside of HIPAA. I think there needs to be some common framework that an entity or entities can point to and say this is the way we're going to conduct business. If you have Microsoft or Google out there and they're interacting with a Kaiser or a UPMC or whomever, there almost needs to be some uniformity as to the way that they can expect to interact, which says to me that the framework isn't just for those who are uncovered. It has to be the touch points and I think we could spend a lot of effort and it would be very meaningful to say here are these items that need to be part of the legislation. We heard a lot of testimony that I think could give us that--
DR. SUAREZ: Yes, but when you're looking--and those are some of the questions I would point to them. When you look at the models, Kaiser, for example, has its own PHR built out of an EHR product that they have but Mayo Clinic, for example, and a few other providers actually use the platform that is provided by Microsoft or by Google. In so far that Microsoft and Google provide them that, they become a business associate of Mayo and they become a business associate of the Cleveland Clinic. So that kind of extension applies to that segment of all the Google-type products but then there's Google that sells to my wife who is not in the Mayo Clinic and she goes directly to them, that's outside the sphere of a business associate. So that is why I was trying to draw the line of what is it that isn't covered currently--
DR. FRANCIS: Could I interrupt and just suggest a framework of topics rather than resolution to topics. Topic number one would be we need to have a common floor that protects the expectations in some way or another of at least the following stakeholders: patient, caregiver, plans and product developers. Second of all, we need to address the question of HIPAA fit or non-fit. That's the issue we were just talking about and I'm not saying how we need to address it but the question is whether we're just talking about entities outside of HIPAA? That's one of the questions, there, another question there is whether the proper starting point is HIPAA or whether it's not HIPAA. I think most of us think there are a lot of issues about whether it would be HIPPA but on the other hand there are some benefits to HIPAA so we need to explore that space. I'm not saying how we explore it.
DR. SUAREZ: My whole point was the main theme should be we need a framework--a privacy and security protection framework for PHR's, stand alone PHR's--
MR. HOUSTON: Agreed. Put a period right there because I see a lot of nodding of heads that say yes and then the next level down is thematically what do we think needs to be part of that framework and it's interaction with fit versus non-fit HIPAA.
DR. FRANCIS: Then the next question to ask are what are the parts of that framework that we want to address. I take it one topic, anyway, that came up--I don't know what we want to do about this--is the question of levels of consumer control, granularity, sensitive information. That's a topic.
DR. SUAREZ: The first thing we can do is split privacy and security in the following sense--when you look at security some of these people are--if you look at the 42 implementation specifications of the security rule, these people apply them in a much better way than many hospitals in this country and many providers. These people meaning the people that actually offer PHR's. So from a security standpoint, the security types of protection that are afforded by HIPAA or others would be--
MR. HOUSTON: Walter, Walter, we only have less than a half hour. Can we get sort of the major themes out without any discussion? I think if we went around the table and said give me one and we could sort of build that up. I understand the conversation but we don't have a lot of time so let's just throw out blank themes. If you want to start with Amy and just say two or three words and then you have to go to the next person.
MS. CHAPPER: How about authentication?
MS. KHAN: Standards for interoperability.
DR. TANG: Clear attribution of the source of the data and its integrity.
MS. MCANDREW: Skip me and come back.
MS. BERNSTEIN: I thought Hetty was going to say education. What I want to say is we heard a lot about sixth-grade sort of level of education--meaningful communication.
DR. FRANCIS: I think we need to address the level of granularity of control, whether there should be any by source, by type of information--a return to the question raised about the sensitive information letter.
MR. HOUSTON: I'm going to say proxy access.
DR. SUAREZ: One I think was important was and I'm looking at it--verification and validation.
MS. BERNSTEIN: Of people? Of data?
DR. SUAREZ: It is the multisource verification of disparities in the data.
MR. HOUSTON: That was Paul's.
DR. SUAREZ: Maybe that was Paul's already.
MR. HOUSTON: He had attribution of source and integrity, but verification of people is also--
DR. SUAREZ: Well, that's authentication.
MR. HOUSTON: Well, authentication is something a little bit different but we won't go into that because that's talking about a solution.
DR. SUAREZ: Then the one I would add and I don't know if this was put out already, audit-ability.
DR. FRANCIS: Can you add notice to that?
MS. GREENBERG: Some of these people say it's higher, it's lower, and I don't know really what's intended. I do think that you're dealing with a different situation with PHR and the EHR and the applicability of HIPAA in that the HIPAA allows a lot of disclosures without consent--
MS. BERNSTEIN: What's your topic?
MS. GREENBERG: --treatment, payment and operations. I don't think that's being suggested at for PHR's, it's much more consent driven.
DR. FRANCIS: How about this as a topic that maybe you raised, which is the relationship between PHR's and EHR's.
MS. GREENBERG: And then, of course, the issue is if when the PHR includes EHR information it gets complicated. Then I think there's also stuff related to claims data and the whole education of the consumer and communication with the consumer.
MR. HOUSTON: Okay, I hate to cut you off but we were saying like three of four words and you got about 20 in.
MS. GREENBERG: Have I said too many?
MS. WATTENBERG: Data utility.
MR. HOUSTON: What about sensitive information?
MS. WATTENBERG: She already picked that up.
MR. REYNOLDS: Clear definition of sensitive data.
MR. HOUSTON: Excellent. We can go around again if people--Amy do you have anything else?
MS. MCANDREW: Clear definition of PHR.
DR. FRANCIS: I've got the list to read so far but go ahead.
DR. TANG: Accountability and enforceability.
MS. CHAPPER: Masking or deleting data.
MR. HOUSTON: By the patient? Okay. Again, different than authentication, I think we still need to be able to do some level of identity proofing with respect to how people get credentials. So identity management is maybe the best way to describe it.
MS. BERNSTEIN: Do you mean people who use--not the patients but--
MR. HOUSTON: Both. Patients masquerading as other patients or caregivers masquerading and caregivers for patients. I think there has to be some--not just authentication because authentication says I'm authenticating an account, you are who you say you are as an account owner. I'm talking about people who try to set up accounts. So it's the intake of people setting up accounts, which is an issue we heard today.
MS. BERNSTEIN: Yes. I was just trying to differentiate from the people who are theoretically authorized users who are managing the system--the people offering the PHR's as opposed to the patient or caregivers who use the PHR.
MR. HOUSTON: That's identity management.
DR. SUAREZ: One that Hetty mentioned, which is standards, but I'm not sure if it was mentioned in this context of we need standard nomenclature to communicate with patients.
MR. HOUSTON: Is that a privacy issue?
DR. SUAREZ: It is a privacy issue in the sense of allowing people to understand what it is they are agreeing to.
MS. BERNSTEIN: I think it's related to what I first said about coming up with the right level of communication to the patient.
MR. HOUSTON: Okay, again, we're just getting things out. Sarah or Marjorie?
MS. GREENBERG: That's an interesting question as to whether that's a privacy issue but I think in my mind this hearing was dealing with PHR's, it was certainly dealing with privacy and security, but part of that is transparency and usability and all of that to consumers and communication between consumers and providers, et cetera.
MR. HOUSTON: So if we say transparency to consumers as being the topic point because, again, we're just trying to throw concepts out.
MS. GREENBERG: It relates to Sarah's usability, of course--data utility and usability.
DR. TANG: I thought we established a scope and I think that's out of scope.
MR. HOUSTON: Tell you what we're going to do. We will publish this list and let people take shots at what's in scope and out of scope. This is just a raw data intake right now. Sarah?
MS. WATTENBERG: I think it's been covered, which is consent-driven--
MS. KHAN: Just a clarification, I know Amy spoke of masking but I don't know if she touched deletion specifically.
DR. FRANCIS: And correction ought to be added there, too.
MR. REYNOLDS: I'd like us to also look over this list with a filter as to what did we hear that also affects EHR's and anything else that's going on right now because we talked about privacy. The last three panelists have whole systems that do more than PHR's. They're doing care. They're doing everything else. So were there any of the things we heard that are more far reaching than just a PHR or something that we've talked about.
MR. HOUSTON: Let's do one more then what I can do is summarize this and we can email this out because I have it all typed in already. Leslie, I'll send it to you. We can massage the list and then get it out.
DR. SUAREZ: This is very related to privacy, which is ownership versus stewardship.
MR. HOUSTON: Good point.
MS. MCANDREW: One point that really didn't come up at all in the testimony but is something that we will have to grapple with is the security standards around communications with the consumer themselves and the role of email and encryption in that environment.
MR. HOUSTON: I'll tell you what we're going to do now. I think we're almost out of time and I know Leslie had some other things we wanted to do. Leslie and I will work this list and send it out. We can add to it. We can give our comments about which ones we think are in or out of scope. From that, then, I think we can refine that list pretty quickly. I know, Leslie, you had some other things you wanted to talk about so why don't we--
DR. FRANCIS: Well, the only thing I wanted to say about that is that we may think some things are out of scope in terms of recommendations but we may have found useful information in the testimony that we would still want to make sure doesn't get forgotten. So we would just do a digest of the testimony on some points. What I think we'll do with this is send it around to anybody, if people want to add themes we could have a kind of analytic summary that we present in June to the full Committee to say we're going to be preparing recommendations on these topics. If there are things you think we should be considering, if you want to have input we're going to be having scheduled conference calls over the summer. Please sign up to be included in those calls so we work with Harry's concern that we have the Full Committee on board as soon as possible.
DR. SUAREZ: Maybe as a suggestion, we can have two lists. One is this in-scope list. Then there is another list, which is another set of themes that we heard that we think it would be helpful for the whole committee to know about. Now we don't think they are really part of what we're supposed to be doing in the privacy and security, but we think they're important. I know the Standards Subcommittee will be interested in some of them and maybe the Populations. I don't know.
DR. TANG: Same point. So if you would distribute those, remember it's not going to do any good if we don't make our deadline. The way that we will miss our deadline is by going off in other areas. But if you preserve the second list that will ensure that it doesn't get lost.
MS. BERNSTEIN: Do you want us or the co-Chairs to come up with that separation?
MR. HOUSTON: I think we can very quickly work through this list by email. I really do. Then I think we can make some decisions and put it back out for review. I think this could happen pretty quickly and then come up with some reasonable breakdown.
DR. FRANCIS: My personal thought is we should have this resolved by June 9th, although there will be new information that presumably comes up on June 9th. Marjorie?
MS. GREENBERG: Two point. One, of course everything always relates to everything else, at least in my head. At the June 9th meeting or 10th and 11th of the full Committee, we're bringing forward this compendium on data stewardship for approval. It will not have recommendations in it but data stewardship came up several times so I also think you can use the lens of this hearing, also, to see whether the things you want to pull out of that that could go into this framework of recommendations.
The other thing is I'm just confirming that obviously we would not have the minutes for you by the June 9th meeting because we hope to have the transcript. I'm confirming that you do want us to do the minutes, we'll work with our contractor and have that happen.
DR. FRANCIS: Confirmed.
MR. HOUSTON: Okay. I know a bunch of us have hard breaks at two o'clock. We have ten minutes left and I want to make sure that we get everything else through that we need to. Leslie what else is on your agenda?
DR. FRANCIS: I'm ready to go. Any final comment from anyone? Paul? Harry?
DR. TANG: Just a logistics question. Is it possible to have this piece on the agenda of the Full Committee on the 10th rather than the 11th. My daughter is graduating so I can't be here.
DR. FRANCIS: The final item of business for today is to thank everybody who has been here including our wonderful administrative staff. Please join me in saying wow, what an amazing job. Thank you.
(Whereupon, the meeting adjourned at 2:00 p.m.)