[This Transcipt is Unedited]
Embassy Suites Crystal City Hotel
1300 Jefferson Davis Highway
Arlington, VA 22202
Agenda Item: Call to Order, Welcome, Review of Agenda
DR. CARR: We have a very busy agenda today. I would like to welcome everyone to this meeting of the NCVHS. We will go around the room. I am Justine Carr, Caritas Christi Health Care, Chair of the committee, no conflicts.
MS. JACKSON: Debbie Jackson, standing in for Marjorie Greenberg, she will be here momentarily, NCVHS staff, CDC.
DR. SUAREZ: Good morning, everyone. I am Walter Suarez with Kaiser Permanente. I am a member of the committee, and I don't have any conflicts.
DR. WARREN: I am Judy Warren, University of Kansas School of Nursing, member of the committee, no conflicts.
DR. STEINWACHS: Don Steinwachs, Johns Hopkins University, member of the committee, no conflicts.
DR. GREEN: Larry Green, University of Colorado-Denver, member of the committee, no conflicts.
MS. MILAM: Sallie Milam, West Virginia Health Care Authority, member of the committee and no conflicts.
DR. FRIEDMAN: Charles Friedman, Office of the National Coordinator for Health IT.
DR. HORNBROOK: Mark Hornbrook, Kaiser Permanente, member of the committee, no conflicts.
MR. LAND: Garland Land, member of the committee, National Association for Public Health Statistics and Information Systems, no conflicts.
MR. HOUSTON: John Houston, University of Pittsburgh Medical Center, member of the committee, no conflicts.
DR. FRANCIS: Leslie Francis, Law and Philosophy, University of Utah, member of the committee and no conflicts.
DR. TANG: Paul Tang, Palo Alto Medical Foundation, member of the committee, no conflicts.
(Around the room introductions)
DR. CARR: Thank you. I want to take a moment to recognize the enormous amount of work that has been done over the summer since our June meeting.
We have two very important issues today, very challenging, very complex. The co-chairs of the Subcommittee on Standards and Privacy have just done yeoman's work in working to pull the information together. Our agenda this morning is to get a preview of what we will be talking about later on the two standards letters. Then we have Chuck Friedman and Joy. Joy, thank you for accommodating our calendar. Initially we were working to set up this agenda to coordinate with your schedules, but since I see both of you here, I think perhaps I would like to rearrange the schedule and ask Chuck to begin with an update from ONC, and then Joy, welcome, we will hear from you about privacy. Thank you.
Agenda Item: Office of the National Coordinator Update
DR. FRIEDMAN: Good morning, everyone. It is a pleasure to be here. I will be doing what might be called part one of the ONC update, and then I will turn the computer and the microphone over to my colleague Joy Pritts, who will do what might be called part two, with a focus on her work on privacy and security.
My update will be a bit more like something I recall from when I was very, very young, the Movietone News. Does anybody remember the Movietone News? Before they showed the movie, they showed you this set of updates of the most important things that happened, presumably since the last time you were at the movies. So I am going to try to run through some things that I thought were the most important things that happened since the last --
DR. STEINWACHS: Chuck, are these going to be in 3D?
DR. FRIEDMAN: Yes. No, but they will be so vivid that you will think they are in 3D.
I am going to dwell on four things. I am just going to allude, since it happened in July since the last meeting, to the announcement of the 2011 meaningful use rule. I don't know if anyone else was going to talk about that. Karen, were you going to say anything about that? Then I will very quickly review some developments in the land of ONC programs. I am going to hopefully tantalize you with one of the projects being undertaken by one of our SHARP grantees, this is our research program, and then I will just say a few more words updating you on what I talked about the last time, which is the work to develop a rapid learning health system, also known as element three.
Very quickly, of course everybody has this slide etched into their brains. The meaningful use concept is articulated in three states, coinciding with the effective dates of what are seen as an ascending or escalating set of criteria. Stage one coinciding with 2011, stage two with 2013 and stage three with 2015.
I have made a penchant of trying to summarize things in one slide, so here is my one slide summary of the final rule for stage one meaningful use, which includes 15 core objectives that all eligible providers and hospitals much achieve that are expressed as objectives and criteria, and an additional menu set of ten additional objectives, from which any five can be selected. I just wanted to establish that this rule is out and announced and formally set.
The ONC CMS program to get to meaningful use is represented by this figure, which I believe everybody has seen. I won't dwell on it, but I will use it as a basis for giving you an update. The first component of this quick update, I would like to emphasize, with reference to the reference to the regional extension center program, is the very recently announced supplemental awards to 46 regional extension centers, totalling about $20 million specifically to promote the advanced meaningful use at critical access hospitals as part of the initiative to be sure that rural health care sites have the same opportunity to receive meaningful use as others.
In the land of workforce training, I did talk about our workforce training program the last time. In early August we had a very successful workshop in Portland, attended by 250 community college faculty members, where they were exposed to and trained in the use of the materials being developed by our curriculum development centers. This is proceeding very, very well. The community colleges, just about all of them, and that is 84 in number, will be launching their training programs by September 30, and all nine university based grantees, which involves a total of 15 institutions, are in the process of launching their programs by a separately funded grant activity.
In the world of state grants for health information exchange, the office issued a very important statement of guidance to grantees, emphasizing that the primary objective of these grants, certainly in the immediate term, is the facilitation of the advancement to meaningful use and the primary objective is to be sure that all eligible providers and hospitals in their state have at least one option for health information exchange supporting stage one meaningful use. The guidance is longer of course, and I encourage you to take a look at it, but if it has to be reduced to one main point, it is that, which really focuses the program on meaningful use.
Under the standards and certification framework, there is significant progress being made on NHIN Direct, which represents another attempt from the viewpoint of interoperability to focus our programs on what it is going to help eligible providers and hospitals meet the stage one meaningful use criteria. NHIN Direct is a program focused on secure and trusted push grants missions from a place where information is to a trusted destination to which the information needs to move. It is expected that demonstrations of NHIN Direct will begin this fall.
We also announced very recently to authorize certification bodies, the CCHIT, and the Drummond Group. It is expected that the certification processes being carried out by these two organizations will begin this month.
Last but not least, in the land of Beacon communities, you may recall, a first round of Beacon Awards were made to 15 communities. The program is now complete with the announcement, I believe it was two weeks ago, of two additional Beacons, one in Detroit and one in Cincinnati. The 17 that are now funded will be the totality of this program going forward.
So that ends the Movietone News. Let me stop here and see if there are any questions, and then I will move into a very quick excursion through one part of the SHARP program and the rapid learning system.
MS. TRUDEL: Chuck, are you thinking that the two certification bodies will be able to move through certifications of all of the products that come forward by the time that the registration starts in January?
DR. FRIEDMAN: That is certainly the hope. There is the possibility that additional certification bodies will be announced. It is not a closed set for this stage, and it is certainly the intent to do exactly what you said.
DR. CARR: Chuck, could I just ask one other clarifying question? You used the term health information exchange and you used the term NHIN Direct. Could you clarify the definition of those terms and how are the same or different?
DR. FRIEDMAN: Sure. We are increasingly using the term health information exchange as a verb and not a noun, or at least to connote the process and not a type of organization. We are moving away from some of the earlier problems, where HIE was a kind of organization. We are now in referring to organizations referring more commonly to HISPs, health information service providers, as organizations in this.
So that is what I meant by health information exchange. It is the process of moving information from where it is to where it is needed, and there are specific health information exchange -- as a process -- scenarios envisioned in stage one of meaningful use.
NHIN Direct. NHIN stands for Nationwide Health Information Network. NHIN Direct is a project which consists of a specific set of standards and protocols that are being developed to support pushes of information, emphasizing those kinds of exchanges which align with stage one meaningful use from where information is to a trusted destination.
DR. CARR: I think that we have folks on the phone.
DR. FERRER: Justine, I had a question. Can you hear me?
DR. CARR: Yes. Who is this?
DR. FERRER: Chuck, what is the difference between the NHIN Direct and the Connect initiative?
DR. FRIEDMAN: It is a good question. There are two initiatives going on simultaneously, and I believe in a manner that is mutually reinforcing.
I just described NHIN Direct. There is another initiative which we are calling NHIN Exchange. This is a direct maturation of the earlier NHIN efforts which were undertaken by a group of organizations, some inside the government and some outside the government, that have agreed to work together to develop standards and protocols and agreements to exchange information in a secure and trusted manner.
The NHIN Connect is a software application that enables the exchange of information to address the scenarios that the NHIN Exchange group is undertaking. So it is one way to implement the health information exchange scenarios that the exchange group is working on. So NHIN Direct is a software implementation. I hope that is helpful.
DR. FERRER: Very good. The NHIN Direct is not going to be producing the software --
DR. FRIEDMAN: Sorry.
DR. FERRER: -- the Connect initiative, and that is used in the NHIN Exchange as the criteria by which the software will be built.
DR. FRIEDMAN: I think I misspoke at the end. NHIN Connect is a software implementation largely supporting NHIN Exchange.
DR. FERRER: Very good.
DR. OVERHAGE: Just a matter of clarification. As I understand it, both Connect and Direct are a set of protocols that have been agreed to, and there are software instantiations of exchange that have been created with sponsored by the federal government, and there are implementations that have been created by others, which interoperate.
I'm not quite sure I see the distinction between -- both seem to me a set of standards and protocols, and then there are software instantiations of the Connect, but not of Direct.
DR. FRIEDMAN: We are clearly in a world of fuzzy terminology here. As I understand it, and I think we agree, but I want to be sure, Connect is one software instantiation. Okay, then we don't agree.
DR. OVERHAGE: There is a software instantiation, but there are more than one.
DR. FRIEDMAN: There are one than one.
DR. OVERHAGE: And they can interoperate. I don't quite see the distinction between the model that Direct will build on in terms of protocol standards and implementation. That is what I am trying to understand.
DR. FRIEDMAN: Marc and I will talk at the break, come to some meeting of the minds. Marc is just as involved in this if not more so than I am.
DR. FERRER: Yes, but Chuck, if you could publicly let people know what it means, it would be great.
DR. CARR: That is Jorge speaking, correct?
DR. FERRER: Correct.
DR. CARR: And who else is on the phone? Leslie, did you have a question?
DR. FRANCIS: No, I just was concerned about the Connect mis-spoke at the end.
MR. LAND: CDC in the past has had their own software application for interchange of public health records between providers and public health agencies. How does Connect relate to the system that CDC has been promoting along? Will this assume there will be takeover from what CDC has been doing, or can you explain that difference?
DR. FRIEDMAN: I will also ask Marc to comment because he may know more about this than I do, in terms of having the latest information.
My understanding is that CDC is participating in the group of organizations that is participating in the NHIN Exchange work. As such, they are beginning to use the protocols that are being -- the standards and protocols that are part of the NHIN Exchange activity.
Connect, I am getting into the difference between me and Marc, but the overriding point here is that it is built into the assumption about how the NHIN works. It doesn't matter what software implementation you use to instantiate those standards and protocols, as long as you are compliant with them.
So I don't know what -- to the extent that CDC is participating in exchange, I don't know what software implementation they are using to do it, but at the end of the day it won't matter as long as their implementation is compliant.
DR. CARR: Mike, you had a question. Then I do want to make sure that Chuck has enough time to get through his presentation.
DR. FITZMAURICE: My question is where does a provider, his or her billing service, his or her clearinghouse and the health plan, go for the standards and protocols needed to route their reporting of meaningful use measures and their attestations to the government, as well as to exchange it with themselves? Do they early upon the state health information exchanges? Can they use the protocols and the standards used by NHIN Direct or NHIN Exchange to fill in the gaps?
DR. FRIEDMAN: It is a good question, Mike. I think the overall philosophy that is being advanced here is that they have a choice. It doesn't matter which one they use, as long as what they use is compliant with the standards.
NHIN Direct is being created as an easy accessible option to meaningful use, to support the meaningful use exchanges that are required in stage one. But my understanding is, no one has to use NHIN Direct. NHIN Direct is one way of getting it done. The obligation of the states as expressed in the guidance is to be sure that everyone who wants to be a stage one meaningful user has at least one option open to them.
DR. CARR: Thank you. Chuck, go ahead.
DR. FRIEDMAN: It is 9:26. Justine, how much more time do I have?
DR. CARR: Why don't you take another ten minutes?
DR. FRIEDMAN: Okay. Very quickly then, I have mentioned in previous presentations that we have invested $60 million in four research grants under the SHARP program, which stands for Strategic Health Advanced Research Projects. The four grants are noted here.
I just want to tantalize you a little bit with some of the work that is being done by the Harvard Group, which received the award under the category of advanced network and application platform. What they are trying to do can be seen as doing for health IT what the iPhone did for mobile communication, stimulating through the possibility that one might run modules in an EHR that are substitutable for one another, much like iPhone apps are substitutable for one another. Create the kind of vibrant competitive market where within specific functionalities that EHR software must perform, there can then be competition among application developers around those specific functionalities which will at minimum drive up the quality and effectiveness of the technology.
I would venture to add that the new certification criteria that have been announced by virtue of having a modular certification provision anticipate this kind of development.
Here I go dating myself again. One of the reasons that this might be possible is seen in the history of the audio industry, which went from 1960, where the only piece of sound reproduction you could buy was a pretty piece of furniture with mediocre electronics connected in a proprietary way, in five years to systems created through interchangeable components connected by accepted electrical and physical standards. This change happened so quickly that by 1965 or 1966, every single company that was making the furniture based product was either out of business or making components.
So the project that the group at Harvard under Zach Cohaney and Ken Mandel with a very wide range of collaborators is doing is called SMART, which stands for Substitutable Medical Apps Reusable Technology. They are well along toward building what they are calling a SMART platform. What this basically is, you can think about it as a wrapper around any -- that can be placed around any existing system -- this is easier said than done -- which would make it into a SMART enabled platform, and therefore able to accept interchangeable substitutable applications which were designed to run on any SMART platform.
When you think about it, this is not only the iPhone, this is the iPhone concept on steroids. This would be as if you could create interchangeable apps that not only run on the iPhone, but also run on the iPhone, the Droid, the Blackberry and other smart phones. It is an ambitious project, but they are making excellent progress. I think from the viewpoint of the effect that this could have from many perspectives on the technology, this really envisions the kind of breakthrough that we had in mind when we created the SHARP program.
Yes, Paul?
DR. TANG: One question. Is there any privacy channel in there or app envisioned?
DR. FRIEDMAN: Oh, yes. The privacy and security maintaining functionality of the EHR would be preserved if not enhanced by this architecture. You can think about some bright person who comes along with a bright idea about how to implement increased security on an EHR through this approach. This might be done by just inserting that app into the platform rather than having to go back and redesign in some more fundamental way the entire system.
Moving on to the rapid learning health system. I will just remind you all from my last presentation that this is a concept through which the nation might move to very likely a federated model for enabling data to be safely and securely moved among institutions and aggregated for purposes of conducting research, public health and quality improvement.
This is an approach that does not anticipate persistent centralized databases. It anticipates a model whereby information would be morphed according to a set of policies and rules which govern it when and only when needed for specific purposes.
We have coined the term element three, to refer to this project. This term is being phased out, but it is still around. It is recognizing that adoption of EHRs in this program that I show you here could be seen as element one, trusted health information exchange can be seen as element two, and if the goal is a rapid learning health system and one quickly recognizes that element one and element two will not get us all the way there, although they will take us a good significant step along the way, then element three is that bridge. It is what is needed on top of meaningful use, on top of elements one and two, to take the nation to a fully fledged rapid learning health system.
There are a couple of scenarios of what may be possible. Very, very quickly, to illustrate some of the value of this kind of system, supporting distributed research, where a member of this federation could broadcast a research question that could be applied to any organization that has relevant data anywhere across the nation. This kind of system would greatly support the tracking of epidemics by taking advantage of data that will be increasingly routinely stored in EHRs. From a quality perspective, results of care outcome analyses can be fed back to feed a national knowledge library that might create revised decision support rules that could be very quickly instantiated in EHRs. One of the mantras I am beginning to use to describe this is that what has been reported to take 17 years might be shortened to 17 months, 17 weeks, or maybe even faster.
Just to update you on the progress, our very first step in formally planning these element three activities, moving toward a rapid learning health system, is a multi-stakeholder workshops which are being convened for us by the Institute of Medicine. Two of these workshops have occurred and the third will happen in early October.
The three themes which are pillars for developing this system that are emerging probably won't be surprising to anyone. They are technology, governance and patient engagement. This obviously can't work without a fabric of public trust supporting it. The IOM will be publishing a report of the findings of these three workshops, a coherent statement of a vision and a pathway to get there before the end of this year. So I just wanted to be sure that you all knew that we are not only embracing this idea, but beginning a coherent movement toward it, building it out of and on top of the movement to meaningful use and other initiatives and other organizations that are underway.
Thank you. Any final questions before I turn it over to Joy?
DR. CARR: I am going to ask that we hold questions now so we have ample time for Joy.
DR. FRIEDMAN: I will dissolve myself here, Joy.
DR. CARR: Joy is the Chief Privacy Officer at ONC. Thank you for joining us on somewhat short notice today, Joy. Welcome.
Agenda Item: Update from the Chief Privacy Officer, ONC
MS. PRITTS: My pleasure. Good morning. Thank you for having me here to speak with you today. My name is Joy Pritts. I am the Chief Privacy Officer at ONC. I recognize a lot of you from the many years that I have been appearing in front of the NCVHS before I had this job, and there are lots of new faces too, so it is my pleasure to get to know you. I hope to get know all of you much better, because we are working on coordinating with you very closely in the years to come.
I am going to speak a little bit to you about the duties of my office. Then I am going to give you an update on my office in particular, the office of the Chief Privacy Officer -- can't have too many offices in there -- is doing. I am going to focus on the external activities because I think those would be of primary interest to you.
My position, the Chief Privacy Officer, was created in the HITECH Act. There you can see a summary of the duties, which is basically to try to coordinate some of the privacy and security activity going on, both internally within HHS and with the federal government as well as externally with the states and other entities, dealing with privacy, security and data stewardship of electronic individually identifiable health information. So as you can see, this duty goes beyond HIPAA. This is forward thinking and looking at all of the health information which will be exchanged electronically.
Right now my office has myself in it as well as three staff members, or as of the end of September we will have three staff members. I put this up here is that you can become familiar with these people if you aren't yet. Deborah Lafkyk is our point person on security issues. She has been with ONC for a number of years now. Melissa Goldstein who you may have met or may not. She is currently at George Washington University as an associate professor in their health policy program. She will be starting with us at the end of September. She is going to be a senior advisor on privacy. Melissa has done a lot of work in health privacy and privacy in general, and has worked on a consent paper for ONC and will be submitting a paper on data segmentation in the near future, really in the near future, as in the next few days.
Scott Weinstein is also working with us. He is a legal intern. So here are some names that you might want to become familiar with.
The office of the Chief Privacy Officer is working internally with all of our programs to insure that privacy and security is embedded in all of ONC's programs. So we are working with the state regional extension centers. We are working with the state health information exchange project. We are working with Chuck's project, the SHARP programs, which have security components in them, and in curriculum development. So those are more what I would call the programmatic things that we are doing.
On the more public facing issues, we have started working very closely with the HIT privacy and security -- it used to be the work group, it is now the Tiger Team.
When I got to ONC in February of this year, there had been a lot of work that has been done on privacy and security over the years, but it became very clear very quickly that with our programs, there are very pressing dates that we had to make some very quick progress in this area. So we formed the Tiger Team. We took members of the privacy and security work group. We added some members from the standing work group. In order to insure that we had some cross fertilization with NCVHS, we also made sure that we had John Houston on our Tiger Team as an integral part of our team to make sure we have --
MR. HOUSTON: Leslie, too.
MS. PRITTS: Well, let me get to that part, John. And when John wasn't available, Leslie Francis was tag-teaming with him. So we had a lot of input from NCVHS as we went along to insure that we were not duplicating efforts.
There was an intense work schedule over the summer. When I say intense, this group met twice a week for meetings at least three to four hours each time. So they were devoting an entire work day every week over the summer on this project.
We made sure that we built upon NCVHS' prior recommendations. We did not want to reinvent the wheel here, but we did want to make sure that we saw whether things had changed since some of those recommendations had come out. As we all know, HIT is a rapidly evolving area.
The two areas we focused on over the summer were consent -- and I use that term in parentheses to mean the exchange of health information for treatment. They were focusing on treatment purposes for meaningful use. This is a huge topic. People tend to spin around a lot when this discussion comes up, because there are so many issues that it brings in. We focused on treatment purposes primarily and meaningful use, so we could chop this into digestible bits.
They focused also on issues surrounding consent that had been raised from our programs. These are broad ranging issues but that the programs themselves also needed to have answered.
They had very long and thoughtful conversations on this and discussions on this. The ultimate recommendations are quite lengthy, and I can't begin to summarize all of them, except for the fact that ultimately, they were recommending that the patients have some choice when the provider itself does not have control over when the information flows. Their full recommendations are on the website that is devoted to the privacy and security Tiger Team.
They also looked at data segmentation from a technical view. This was pretty hard to keep under control, but we even had a yellow card at one of our hearings. If you are familiar with soccer, that is when you are getting out of bounds. It was really a very fun technique. But that kept them focused on the technology, because it is very difficult to separate the technology from the policy questions that come up here. But we knew that NCVHS was addressing some of those policy issues, and had already made some of those recommendations in that area.
So what this group did is, they evaluated the technology, what the current technology is, what it can do, what it can't do, how widely it is adopted, the costs associated with it, the work flow. There is a whole day hearing on that. The video on that is available on the Web. It was a fascinating hearing. We hardly lost anybody during the day, and we went very long.
The recommendations are that trhere are promising technologies. They didn't believe that they were quite ready for widespread adoption, but that ONC should conduct more research and demonstration projects arising from some of the information that we heard at our hearing.
The next step for this is, the Tiger Team is going to continue to meet. They are having a slower schedule now that fall is in place. We could not continue to impose on these people to the extent that we had over the summertime.
We are going to meet twice a month. There are a lot of parking lot issues that they would like to take up, including what kind of notice an individual should get. Yes, the HIPAA privacy rule requires a notice, but does it specifically require a notice of how your health information is going to be exchanged, and whether it is adequate to convey what they think is important information to the individuals.
Some additional priority issues that we will be discussing this Friday as to what the calendar will be coming up with. Provider authentication is clearly one of the ones that was on our list.
My office has a list of priority issues that have been identified by some of the projects within our office that we are going to be using going forward to try to address on a calendar going forward. There are as you know numerous privacy and security issues, all of which we wish we already had some resolution on, but time is moving quickly and our projects are moving quickly, and we are going to try to make as much progress as we can.
Our internal process for this is, the Tiger Team works, it goes up to the policy committee itself, which accepts, rejects or modifies those recommendations. Then they come over to ONC. We have put in place the beginning os a process for addressing those recommendations, so that they are dealt with in a prompt fashion. At a very high level we will have a senior leadership team looking at those recommendations.
Some of those recommendations we will be able to act on directly. Some of them we will not be able to act on directly because ONC itself has limited authority. It is a government agency and there are all sorts of other operating divisions in HHS that have specific authority. For example, the Office for Civil Rights is the office that actually writes the HIPAA regulations. So to the extent we get recommendations that say you really need to change the HIPAA privacy rule, we cannot do that. So that is the process that we are going to be using.
In addition to the HIT privacy and security work group, there is also a governance work group which I believe has formed and is beginning to meet. HITECH issues a charge to the National Coordinator to establish a governance mechanism for the Nationwide Health Information Network. The work on this issue is going to be going forward this fall and into the spring of 2011. Again, we are working under tight deadlines because we have the state health information exchange programs which are instructed as part of their programs to engage in exchange across state lines.
We are also participating across the federal government with the Federal Health IT Interagency Task Force, which is comprised of a number of federal agencies that have expertise in the IT area. ONC in particular is working with the Cyber Security Work Group, which is being led by Howard Schmidt, who is our cyber security czar now. We are receiving a lot of very good information from other federal agencies as potential best practices on security issues.
This works on the same committee structure. The work group makes these recommendations up to the task force level, and then those recommendations are made out to the various federal agencies.
We are coordinating the effort with this work group with what is going on with the federal advisory committee. This group is intended more to give the federal best practices and what we have already been doing where our FACA committees have their specific charges under HITECH.
We also are continuing to do some work in the personal health records. HITECH here has a specific mandate for HHS to report to Congress in consultation with the FTC on privacy and security requirements for entities that are not covered with a focus on personal health records.
As you know, NCVHS has had a number of hearings on personal health records in the past, and we intend to build on that, making sure that we do not reinvent the wheel. As a matter of fact, we have Leslie Francis and a group working on this issue with us. We are going to have a workshop in early December of 2010, which is focusing on the emerging ways that individuals are interacting electronically with their health information now, which go a little bit beyond the traditional PHR models that we have thought about in the past.
In our next steps, we are of course going to continue all this FACA activity. We have standards and certification work for meaningful use in particular, stage two. There are privacy and security elements that we are looking at to incorporate there. Those are very -- we have to start working on those now in order to meet the stage two deadlines.
We are going to increase our outreach to other federal governmental agencies, especially in the context of health care reform. So while we have all this business going over here that is really concentrated on electronic health records and how that is working, we also have an enormous effort in the federal government to bring about health care reform.
They do overlap significantly. There is a lot of data that is going to be collected and exchanged, and there is a lot of consumer interface where individuals will have to be reporting some of their own health information for these systems. We will be working closely with those offices as we go forward to try to coordinate those efforts.
We are also going to try to increase our outreach to the state efforts. This is -- for me and as you can see, the size of our office, this is a ongoing process. We have a limited bandwidth, so we are hoping to -- once we get things a little bit more tightly under control on the federal level, to move out more into the states.
I'm done.
DR. CARR: Thank you.
MR. HOUSTON: I just wanted to make one really brief comment regarding the government's work group. I am on it. Also, of note to the committee is that John Lumpkin is heading that up. There is a public hearing on the 28th of September.
MS. PRITTS: I think that is right. I would have to look at my calendar.
MR. HOUSTON: Yes, I think it is the 28th. So it is definitely moving. I think that obviously there is a lot of dialogue. I am trying to push some of the privacy linkages in governance, so I think it is really important that this committee is moving. I think it is going to make some very important decisions.
DR. SUAREZ: Thank you. Hi, Joy.
MS. PRITTS: Hi, Walter.
DR. SUAREZ: I wonder if you could say a few words about the work that is being done on sensitive health information on things that are going on, what kind of expectations does the office have about the development of policies around sensitive health information.
MS. PRITTS: Well, we have NCVHS recommendations from years past on those, and we will be receiving new recommendations. I would anticipate that those would undergo the same process that we are using for the HIT Policy Committee recommendations, where they will come in and they will be reviewed internally as to how those recommendations should be addressed internally with our office.
Again, as I indicated, there are certain things that our office has jurisdiction to do and other things we would need to defer to other offices with in that area. We have been working very closely with SAMHSA. There is money in the budget in particular to develop standards and some other means. I am trying to remember what the Congressional language was, but I'm sorry, it is slipping me right now. But there is four million items that is almost a line item budget for dealing with SAMHSA and some of the
sensitive health information.
We see that as -- although that is a particular type of sensitive health information related to substance abuse and alcohol treatment, that clearly can be a model for addressing other types of sensitive health information. We are working with them to develop how we are going to move forward on a project with them in particular.
And in addition to that, we are also working closely with the White House Office for National Drug Control Policy, ONDCP, because they also have initiatives going forward on some of these issues.
DR. GREEN: Joy and Chuck, both of your reports are just so rich with interfaces for NCVHS' agenda and the planning that we are undergoing right now. So I have two questions for either or both of you. One is, what would you recommend as the way forward to actively manage the interface between NCVHS and ONC? Secondly, what is your budgetary future as the ONC?
MS. PRITTS: I'm sorry, I didn't hear the last question.
DR. GREEN: What is your budgetary future as the ONC?
MS. PRITTS: Start with the first one.
DR. FRIEDMAN: I am unpacking my crystal ball.
MS. PRITTS: I don't know the answer to that, the budgetary future. Do you?
DR. FRIEDMAN: I think what we can say at a very high level is that the two billion dollars which was appropriated to ONC under HITECH is just about entirely obligated at this point in time, through various grant and contract programs that directly map that diagram I showed in my presentation. Those things on the left and on the bottom of the diagram add up to just about two billion dollars.
The future is of course uncertain. Nobody knows exactly what the budgetary process will bring, but that has to be viewed as a one-time infusion of money absent any other information, and we don't have any other information, which we have tried very, very hard to put to best use over two, three, four years, the range of the lifetimes of those programs. ONC has a separated appropriated budget which needless to say is much smaller.
DR. CARR: On to the first question, which I think has great importance for us, the interface with NCVHS.
MS. PRITTS: I believe that we have been working very well together on the privacy and security issues, because we have John and Leslie directly involved in some of our efforts. So there is always somebody at the table who can give the NCVHS perspective on, we have done that.
It has worked well to this point. I don't know that you are comfortable with that or if you would like a more formal relation.
DR. CARR: I think that what you have described is the growing landscape, a topic that has grown year over year in its importance. We are proud of the work that we have done. We want to be integrated. The tempo of work that you are doing and the change in the environment in terms of what is possible, in terms of acts or any new technologies, and the evolution of thinking, is all happening very quickly. We recognize that and we recognize the great benefit of coordinating through your office.
So I think that we are very much about where do we best fit in, how, what topics. Am I saying that correctly?
DR. FRIEDMAN: If I could make one observation again, just looking into the uncertain future, I have expressed to many of you personally and to my colleagues at ONC my belief that as we look ahead to this work on the rapid learning system, the thinking about policies, standards, technologies to support that activity going forward, especially because of NCVHS' traditional attention to public and population health issues, is very much aligned with that work. While I don't see the details of this yet, I am very, very interested as that work goes forward in engaging NCVHS around that work in some appropriate way to be determined.
DR. GREEN: I will just observe that our agenda is an expanding agenda this morning in my view. Our Quality Committee and our Populations Committee have serious issues for discussion at this meeting that are quite definitive on this rapid learning health system. It depends on the assumptions we make about what can and cannot be done and where this is headed.
So the privacy and security interface that is going so well, it seems to me, is a very encouraging exemplary piece of history that I just want to go back and flag. I believe given the tempo and the metronome that is ticking to that tempo, that we should not passively assume that we will be able to informally and indirectly optimize our opportunities. I would just urge the committee and the ONC to think about perhaps just a whiff of active management, to be sure that we coordinate on this broad agenda in the next 24, 36 months.
DR. HORNBROOK: As far as NCVHS is concerned, I know that we want to have access to electronic records for tracking the health of our society. It seems like looking at NCVHS, you have got the traditional kind of survey approach, where you create a sample and go ask people for permission to upload their records for the NCVHS to put into the national health survey or whatever you wanted to do.
I wondered if we wanted to ever think about the notion of tracking the health of people who don't give you permission, through synthetic averaged individuals or some other masking approach, so that NCVHS has a tap on whether the health status of people who say yes versus those who say no are emerging apart.
Then, the other thing I was thinking about in terms of informatics is that many times in disease registries, you promise the person who is reported total confidentiality. I just had experience in Hawaii where there is a cancer registry that say to the cancer patients, we promise not to give you data to anybody without your permission, except in aggregated form, and to SEER as another registry, because there is a SEER registry in Hawaii. They also have a hepatitis registry which they promised the hepatitis patients, we won't tell anybody. Can you link the two registries? No.
From a public health perspective, we have literally promised privacy that forbids us from looking at hepatitis as a cancer risk factor, which seems to me from one perspective as the guardian of health in this country a little bit too much lean towards privacy. It is just a personal example of where we get in our way with privacy issues.
DR. CARR: I think that is an excellent insight into a huge conversation that ties into the learning health system that I think we absolutely would want to talk about. But I think I won't ask any responses on that now in the interests of time. So I am going to let Leslie have the last comment, and then we are going to have a break.
DR. FRANCIS: Very quickly, Privacy is planning to talk to Populations about some of those very questions later today, because we agree with you that the current state of affairs is one that requires re-examination.
What I wanted to do was to say to Joy, first of all, I think it has worked wonderfully well. I wanted to thank you for the level of involvement that we have had, in the way in which it has been structured. Part of what made it work was that we know that there is so much to do that we need all hands on deck.
What we in effect tried to do was to try to think about what the Policy Committee could do with its mix of expertise, and where we had a mix of expertise and traditional history of having worked on it. So in effect, they did the technical discussion and we were charged with looking at how do you actually define categories. That is just a little history of what -- and some of the policy around what is going to happen later today. That is how we ended up where we are with the letter.
DR. CARR: With that, Joy, thank you so much. I hope we will be able to have you come back again --
MS. PRITTS: I would love to.
DR. CARR: -- because obviously there is great alignment, and your overview was incredibly succinct and informative, and gives us great direction. So thanks to you and also, Chuck, thank you so much.
We are going to take a break for ten minutes, and we will come back at 10:15.
(Brief recess.)
DR. CARR: We are resuming after our break. Could you please introduce yourself?
MS. CRONIN: Hi. I am Cathy Cronin. I am from the National Cancer Institute and I am representing Bob Croyle, who couldn't make it today.
Agenda Item: Standards Letters: Operating Rules on Eligibility and Claim Status
DR. CARR: Excellent. Thank you for joining us. Our next topic are the two letters -- that the Standards Subcommittee held hearings that were directed to NCVHS by the Affordable Care Act. Through very diligent vigorous efforts over the summer, hearings were heard and data reviewed and synthesized. We are going to hear -- we have two letters that are coming forward today.
But before we get into the details of the letter, I have asked the co-chairs to succinctly articulate what is it we are being asked to do, what did we hear, what are the considerations, who are the stakeholders, what are the implications and what are potential recommendations. I want the full committee to understand that. I think when we get into the details of the letter, those who may not be as familiar with the standards might be challenged by some of the detail. But I want everybody to understand what is it we were asked to do and what it is that we are doing.
So with that, I will turn it over first to Judy. Thank you.
DR. WARREN: What we are going to do is, we have a set of slides that we spent quite a bit of time trying to elevate to the level that Justine asked us to do this presentation on, so that we don't get down into a lot of details, so that everybody on the committee can understand where we are coming from, so when you do look at the letters, you have some background to do that with.
We also put in your briefing booklets a briefing packet that we had prepared for us so that we could be more knowledgeable going into the hearings, because we thought that would also be of benefit.
Then we did put a set of briefing slides into the packet. This is a new set. These slides you don't have a copy of, but they are kind of lifted out of the slides that you have in the briefing booklet. So if you want written ones of these I'll be glad to make them available to you.
With that, these are the questions that Justine asked us to answer.
DR. CARR: Do you want to say them for people that are on the phone?
DR. WARREN: I'm sorry. Back to the slide, the questions were, what are we being asked to do, we spent a lot of time trying to figure that out ourselves; why are we doing it, why are we doing it, who are the stakeholders and what do they want, and then what are we recommending.
We had two tasks given to us in the Affordable Health Care Act. The first one was to recommend operating rules and an entity to develop those. That slide was just a reminder. Here is the question. It is to further the administrative simplification, so we have given you the actual citation, not line numbers, but citation from the Affordable Health Care Act of our charge.
We were to advise the Secretary -- by we, NCVHS -- as to whether a nonprofit entity meets the requirements of an operating rule authoring organization; review operating rules recommended by the nonprofit entity; determine whether such operating rules represent a consensus view of the health care stakeholders and are consistent with and do not conflict with other existing standards. We were to evaluate whether such operating rules are consistent with electronic standards adopted for health IT, and then to submit to the Secretary a recommendation as to whether the Secretary should adopt such operating rules.
There are several steps of operating rules that are in the law. Each of them have due dates. The first two are the ones that we are going to be addressing today, and that has to do with eligibility and claims status. So, operating rules are defined in the law as necessary business rules and guidelines for the electronic exchange of information that are not defined by a transaction standard or its implementation specifications.
Just as a little bit of background, most of the work that the Standards Subcommittee has been doing on NCVHS since about 1998 has been working on these transaction standards, adopting them, working with the DSMOs. We have had reports coming in. You can see that work reflected in our work with electronic e-prescribing. You can see it reflected when we came back to you to adopt version 50-10 and the NCPDP standard of telecommunications D.0, and then moving to ICD-10. So this is one step more on working on that platform.
So operating rules, why are we doing it. Industry right now has over 1,000 companion guides which increase the complexity and reduce efficiency that we hope to gain with administrative simplification through the adoption of standards. What these companion guides do is, they tell people how to fill out forms, how to submit, who to contact. There are all those business rules around using the standards.
The use of current transaction standards often does not yield sufficient information necessary to expedite the business process. For example, full eligibility information for patients, who to contact about claims status issues.
Our goals for operating rules then are to improve administrative simplification and achieve return on investment for health care. We want to standardize the business requirements to reduce need for companion guides. We want to supply patients and providers better information. We want to provide valuable input to the standards development organizations during the development of updated versions of standards to insure their relevance to stakeholder needs.
Who are the stakeholders and what do they want? The challenge that we have is, the legislative time frame that we have for this is very short. The first two operating rules -- the entity needs to be identified for the first two operating rules by July 1, 2011, and needs to be effective by January 1, 2013. Our letters for recommendation to the Secretary have to happen like this month in order for all of the work -- and we work backwards -- to happen.
Today there is no single authoring entity that has operating rules for both non-retail pharmacy and pharmacy operating rules. This is our framing of the question to try to make it easily understood, so that understand could understand what we were talking about. So there really are two areas of transactions that we need to consider when we select an operating rules entity.
Operating rules that exist for retail pharmacy transactions which are NCVHS standards are embedded in the standards, though there are also payor sheets that appear to be similar to non-retail pharmacy companion guides. So that was information that we elicited during our hearings.
Operating rules that exist for non-retail pharmacy transactions, so this would be inpatient, outpatient. If you went to a pharmacy to buy dressings and other kinds of equipment, all of those are non-retail pharmacy transactions. The organization that has been working at operating rules is CAQH CORE. They do not have the broadest market in adoption or extensive history of open consensus based development process, so that was a concern that we had. There are at least two states with standard companion guides that differ from what CAQH CORE was presenting. Minnesota wonderfully had mapped the differences and sent them to us so that we could understand some of the things that were happening here.
What are we recommending after hearing all that? We came up with three options for NHIN. The first option are three options for the non-retail pharmacy. Option one is to recommend CORE phase two with additional input by December 31, 2010. To have an open consensus process may put CORE at risk for not meeting the deadline. That is just through all the stuff they would have to do to put that in place rapidly, especially if other states -- the examples here are New York, Texas, Minnesota, Virginia, Utah, if they would bring forth changes that they want to have in these, and it would be difficult then for us to approve whatever this unknown set of operating rules would be at the end of December.
Option two is to recommend CORE phase two as it is, so as it currently exists for everybody, under the notion that something is better than nothing, and retrofitting later change is too difficult.
We did hear lots of input from a variety of people as well as CORE themselves, saying that they are very willing to change their processes to become open, become consensus based, and have already started making some of those changes and making sure that we know that those changes are happening. So we feel fairly comfortable with that.
Our third option is to make no recommendation at this time. The Congressional timetable does not appear to be flexible to permit an extended process to enhance the current set of operating rules. So we would miss the first round of ROI.
The other concern I have is that this was a task that was specifically given to NCVHS with a time line by Congress. So we also risk our own reputation, et cetera, for not producing a recommendation.
Here is one of the things that we see could happen. CORE phase two has less market adoption than CORE phase one. However, there are additional commitments to adopt phase two and especially support for the people that are in phase one adoption and moving rapidly to phase two. There is also a lot of support from various industry segments that all of this is moving in the right direction. Lorraine has been keeping a tally of the number of personal letters that Walter and I have gotten addressed to the two of us, and the e-mail has been incredible. I don't think NCVHS has ever experienced before the co-chairs of a subcommittee being lobbied as heavily.
DR. CARR: Oh, yes.
DR. WARREN: We have? Well, we have been. Then there has been a heavy lobby on Lorraine's e-mail as well. So the industry is fully involved in this.
CORE phase one does not address claim status, while phase two operating rules begin to address claim status transaction. If you remember, our charge was to recommend a nonprofit entity for the claim status transaction to develop operating rules.
NCVHS has a responsibility in the law to review and submit to Congress annually information about the implementation of HIPAA transaction in code sets, and that will include these operating rules. So this is another ongoing assignment that Congress has given NCVHS to be responsible for.
The Affordable Care Act facilitates faster time to adopt new versions of standards. I just want to reiterate, this is something that NCVHS has been trying to make happen for a long time. So we were pleased with the faster turnaround in this.
The DSMO involvement -- and these are the designated standards maintenance organizations -- have been working with us very closely. They were established under HIPAA. We will need to make some recommendations for a change in their organization to include the operating rules entity to be involved, so you will see those recommendations in the letters as well.
Other recommendations. These are the key ones. As we looked at this, and we went back to the legislation quite a few times checking this, we are recommending two entities. We are recommending that CAQH CORE meets the requirements as the authoring entity for operating rules for non-retail pharmacy related eligibility and claims status. We are also recommending that NCPDP meets the requirements as the authoring entity for retail pharmacy eligibility transactions.
The reason we did this is, neither organization does the other task. It is clearly split right down the middle, and they have each carved out their territory. So this was our best recommendation that we could come up with.
I must say that both organizations did tell us that they would consider trying to come up to speed to include the whole set, but at this point with the time lines we had, we felt this was the best recommendation to be made.
We also recommend that HHS should require authoring entities to use an open consensus basis process to maintain the operating rules, that we adopt a version of CAQH CORE phase two operating rules for non-retail pharmacy eligibility and claim status as updated with stakeholder input by December 31, 2010. I want you to just hold on for that a minute, because we have come up with two other options that can go in there.
We adopt for retail pharmacy transactions the operating rules incorporated by NCPDP in the telecomm D.0 standard. We recommend that the specific versions of CAQH CORE phase two and NCPDP's operating rules adopted by regulation not be altered until a new version is adopted by regulation. That is allowed for within the Affordable Health Care Act.
We continue to recommend that the designated operating rule authority entities as DSMOs, and require their participation in the DSMO committee. That then reports back what they are doing to NCVHS.
We designed CMS as an non-voting participant in the DSMO committee. That has not happened in the past. We felt with everything that was happening that we needed to have a CMS rep on that committee.
We require CMS to develop a certification process for standards, implementation specifications and operating rules in accordance with the legislation. So they have been designated in the law as that. CMS may designate one or more independent outside entities to provide health plan compliance certification. Until such entities are formally designated, any current certification process should be considered voluntary and not required.
So that gives us the time to move into that arena. With all the requirements coming in, we wanted to be sure that was there.
Do we have another one of the operating rules? Let's go back. We did come up with three other options. We told you the recommendation that we had that we adopt the phase two rules, we look at CORE to bring in the states and to try to bring consensus and to have that all done by December 31 of this year. That is because regulations have to be written and to be put into place. So we are on a very tight time line.
There is concern among the committee that with us recommending these phase two rules, there is no time to see how they may change between now and December 31. So we would be making some recommendations for some rules that we have not seen. So we have tried to put in place some processes for where we would be part of that process.
The other concern we have is that we are asking CAQH CORE to do a piece of yeoman's work that may be setting them up to fail. They may not be able to get all this done by December 31.
The second possible recommendation we can make is to adopt phase two rules the way they are right now. They are going to be a moving target, and we will take a look at their revisions when they come up.
DR. SUAREZ: You had a slide on that before. Do you want to go back to the previous one?
DR. WARREN: These are the options that we have. I forgot that we had put the slide in there, my apologies.
So these are the three options we have of recommending CORE. It would be one of these three. We either ask CORE to take additional input and to bring rules back by December 31, this is where it is difficult to approve the set, or we just recommend it the way it is, or we make no recommendation at this time.
DR. CARR: Judy, could I ask you for one elaboration? A lot of people don't dwell in a world of these types of rules. Can you give one example of what gets simpler with this? The whole point of it is administrative simplification, so just give a very concrete example of today, thus and so happens, but when these operating rules are in place, what happens?
DR. WARREN: I can give you one, and then I would like Walter to give one as well, because he authored a companion guide for Minnesota.
When you look at the companion guides, right now we are asking people to be up on hundreds of companion guides to fill out these forms. So we are still back in the need to hire a lot of people to figure out how to fill these forms out and make sure that they are transmitted in the correct way.
If we go to operating rules, it should replace those companion guides and bring it down to a much smaller number where people can get more direct --
DR. CARR: Let me just see if I understood from the hearings. When HIPAA first came out, there were these fields that were available and presumed would be used. What happened was, there was opportunity for flexibility in how those fields were used and in some cases if those fields were used. Therefore, the electronic communication that should have happened seamlessly took on a life of its own, because there were descriptions of, in our institution we use this and in this state we use that. Further, some people elected not to use some required fields. The net result is that we have created extra work with these companion guides to describe how it will be used here. Further, not using fields breaks the chain of electronic communication and obligates additional phone calls.
Am I saying that correctly?
DR. SUAREZ: I don't know. Karen, do you want to jump in and maybe say --
MS. TRUDEL: I have a very high-level example. The way the eligibility transaction works now, it is perfectly fine for a plan to respond, yes, the person is eligible. That is not very useful for the plan.
There is also the ability in the transaction for the plan to provide a good deal more information in terms of deductibles, coinsurance, whatever the patient is eligible for. That is the kind of value added that is helpful for providers and would move them towards being more willing to implement the transactions and use them.
DR. SUAREZ: Generally speaking, companion guides are created because they are a regional implementation specification. They are implementation guides for a particular transaction, left open for interpretation of many of the segments and data elements in the implementation guide.
So one plan decided that this particular data element they needed here in this situation, another plan said no, we don't need that. Another plan said, we need that plus this other thing. So that created thousands literally of companion guides.
The operating rules, the intent is to reduce or eliminate as much as possible the variability in the interpretation of the companion guides, and consistently require the usage of under reporting and the exchange of data between all the participants, not just one deciding this one we need and this one we don't.
But in addition to that, the operating rules cover four or five additional aspects that are not covered by the standard or the specification, the implementation guide. For example, the way in which the communication between the provider and the payor happened in terms of the technical exchange, the message standard, the security exchange, the telecommunication exchange, all those things that are right now, we have to deal with thousands of different ways of doing that element, get now standardized through operating rules. That simplifies immensely the exchange.
DR. CARR: So as I look at this, what we are seeing is, CORE has a set of phase two rules that we could just say, this is it. Then every state that has other rules, we will just have to align with CORE phase two. Or we could say, as quickly as you can, bring everybody else together to amend those rules through a consensus process, and get it done in three months time. A question is, is that possible to have consensus and to have that speedy time frame.
The third is to say, the acceleration, taking the phase two rules and trying to do it by December, runs the risk of compromise of some of the outcome. It needs more time. If we had more time we could do it, and simply not to meet the deadline outlined.
DR. SUAREZ: Yes. The challenge that we have between one and two particularly, between adopting the CORE phase two as they are today, or adopting it with additional elements. The reason why states have additional elements is because phase two doesn't meet the current expectations.
So the opportunities to find ways in which a number of those, if not all of the items that are the most common issues not covered in understand can be incorporated in the phase two plus version between now and December, that is the one that gets adopted, so as an enhanced version of that phase two that incorporates those elements that are not currently.
DR. CARR: So Karen, could I ask you to comment on what are the implications of not meeting the time line set out in the law?
MS. TRUDEL: We need to have a regulation out on the street next July. It is going to be difficult to do that under the best of circumstances. So if we go past December, we really are in a place where we are not going to be able to meet that date.
So I think the consideration here is that there is a tradeoff between places where what the states are doing actually does add value and adds to the ROI, and places where there may be a distinction without a difference. In other words, part of this is looking for best business practices and part of it, well, A did it this way, B did it this way, and there is really no difference, you just have to pick one.
So I think my question would be, would it be possible for the process to concentrate on that, looking for anything that the states have identified that actually adds to the ROI.
DR. CARR: So you are saying that if you got something by December 31 and if that work was focused on making changes that add value, that the December 31 deadline would work?
MS. TRUDEL: Yes.
DR. CARR: And shrinking the agenda from all the companion guides to top ten best practices that should be added to the phase two, that would be the time line.
Yes, Marjorie?
MS. GREENBERG: Thank you. It is complicated I know, and we really appreciate all the work you and CMS have been doing on this.
I just needed one clarification. If you took phase two as it currently exists, would it include claim status?
DR. SUAREZ: Yes.
MS. GREENBERG: It would?
DR. SUAREZ: It would.
MS. GREENBERG: You had said something about, claim status wasn't currently --
DR. SUAREZ: No, it wasn't currently on phase one.
MS. GREENBERG: It wasn't in phase one. So phase two as is includes both the eligibility and the claim status that are required.
DR. SUAREZ: And claim status.
MS. GREENBERG: Okay, thanks.
DR. CARR: I would like to invite additional questions or observations around the table.
DR. FITZMAURICE: On the slide that comes after this, I wasn't sure who or what was being certified, the authoring organization, the user of the operating rules, the administrative software or the operating rule itself.
DR. SUAREZ: You are asking about the certification, Mike?
DR. FITZMAURICE: Yes. I wasn't sure what was being suggested for certification.
DR. WARREN: Do you want me to answer?
DR. CARR: Yes.
MS. DOO: As part of the AHCA regulations, part of health care reform, health plans are required to certify their compliance with all of the adopted standards and operating rules. So, we will have a process that they will be coming through us, which we will also decide shortly what that will be. So that will give a certification that every health plan is compliant with the standards and the operating rules.
DR. FITZMAURICE: That makes it perfectly clear. If we can get in there that the certification process applies to health plans.
DR. SUAREZ: The first certification I think is due December 31?
DR. WARREN: 2013.
DR. CARR: Do we have an indication as to whether this interim step of incorporating best practices through a consensus process and be complete by December 31 is thought to be achievable.
MS. THOMASHAUER: I am Robin Thomashauer. I am the Executive Director of CAQH. We will certainly give it our best shot. We have been working very closely with the states. We very much understand the needs and what they have done to date, and we will certainly do our best to get it to you by then.
The other thing, we are talking about phase two. Phase two built on phase one. So when you talk about phase two you are actually meaning both phase one and phase two?
DR. WARREN: Yes.
MS. THOMASHAUER: Okay, I just wanted to clarify that point.
DR. WARREN: We need to clarify that in the letter as ell.
DR. CARR: I want to push a little bit harder. I fully believe that you will give it your best shot, but do you have a road map right now of what would be the top ten best practices and who would be the key stakeholders that need to be at the table?
MS. THOMASHAUER: We know who the stakeholders are at the table. We also know what has been important to the states that we don't have. So we could jump right into it. I feel fairly certain that we could get there, Justine.
DR. SUAREZ: I have to say personally, I think the hearings which happened in July serve as a catalyst for a lot of the connections between the health care industry, CAQH and everybody else. I think a lot of work has already started before we even had the discussion about the letter, so the ball is already rolling around convergence of a lot of these key elements that need to be included in any operating rule, whichever gets approved. I am very encouraged by that convening and that type of work that started already.
DR. FITZMAURICE: I am trying to look at how we can have our cake and eat it, too. Maybe that is not the right phrasing, but we could do something like recommend that this process, that is, CAQH to NCVHS to the Secretary, and the willingness of CAQH to move to more openness. Then we could urge the Secretary to examine and give strong consideration to adopting the phase one and phase two operating rules from CAQH. In other words, we are heading a little bit because we can't see them.
DR. CARR: We have a set of phase one plus two today, and we know that there are opportunities for enhancements that states have in place. If we accept phase one plus two, today, that is what goes into effect in July.
If we can do a two-minute hurry-up offense, carrying on Harry's tradition of sports analogies, and let's say we have ten best practices, but we can get a consensus on five, we are five rules better than where we are today. We have to also think about, the committee meets on December 1, so that makes it an even shorter period of time. But if you can do the 31st, I'm sure you could do the first.
DR. WARREN: What the subcommittee is recommending is that we take the option that has the December 31 deadline, so that we can make the best option.
DR. SUAREZ: The previous slide already has that recommendation.
DR. CARR: Would you like to make a recommendation to put before the committee, a motion?
DR. WARREN: I was going to say, just say yes.
DR. CARR: No, I wanted to make it clear, make a motion, and I want a show of hands. This is important. We will miss our deadline, but we will do it in a time frame that we believe will not compromise the ultimate deadline and the ultimate ROI, and we believe that we will enhance the ROI by taking those next few months.
DR. WARREN: So the motion is, the slide is phrased the way we want the recommendation to read in the letter. We do need to make a correction there that it is phase one and phase two operating rules. We want to adopt the version of CAQH CORE phase one and phase two operating rules for non-retail pharmacy eligibility and claim status as updated with stakeholder input by December 31, 2010.
DR. CARR: Any discussion?
MS. GREENBERG: I don't see that we are missing any deadline by making the recommendation.
DR. WARREN: We aren't. The key piece here is, looking at those operating rules when we are done with them by the end of the year. We have been in close touch with them. One of the things that you can do as the subcommittee would be to look at those operating rules and insure that they don't conflict with any existing standards, et cetera, the same way we did that, if that makes everybody feel better. We are going to be in this space for awhile and looking at operating rules.
We do have a directive that we are to continue to evaluate operating rules as the years go by, just like we do the transaction standards.
DR. CARR: Bill Scanlon is testifying at another meeting today and couldn't be here, but he had some concerns. Did you have a chance to speak about this intermediate option with him? Bill's inclination was --
DR. WARREN: I think that is why we came up with the three options. Bill's concern was that we wouldn't see the standards. So his concern was that if we just adopted them the way they were, they weren't considering the states that loudly testified that they wanted to be considered. So he felt that we should not make any recommendation. I think that would be a bad option for us.
MS. GREENBERG: As I understood his position at the time, and I had a call last Friday, was that the committee should make the first recommendation about who the entities are that meet the requirements. But he had concerns about making the second recommendation regarding adoption of specific operating rules.
DR. SUAREZ: I should probably point out, there are two separate parts of this recommendation. The first one is the authoring part. I think that is a very important point, that we are recommending CAQH CORE to be the authoring organization for the eligibility and claim status for non-retail pharmacy and NCPDP for retail pharmacy.
Then the second set of recommendations, because there is not a single one, is, covers several items. One of them is the recommendation about adopting specifically the CAQH CORE phase one and two. But there are other elements. I think his only concern was the phase one and phase two, the other one.
MS. TRUDEL: I think possibly an alternate way to frame the recommendation that might address some of Bill's concerns would be to add on to the point that Mike made earlier, that the recommendation could be two phased. One being that the recommendation could be currently CORE phase one and two, and that the Secretary should examine any additional changes accomplished in a consensus open based way by December 31 and determine whether she would rather adopt that.
So it could be contingent on the process being completed and the Secretary having reviewed it. Then it becomes contingent on the Secretary to do it.
DR. TANG: With an incomplete understanding, do we fulfill what we are supposed to do in that scenario? I thought we were supposed to do that.
MS. TRUDEL: I would say so, because the default recommendation is CORE phase one and two as now specified.
DR. CARR: So there are two ways of phrasing this. One is to conclude our responsibility by this time, we have a letter that comes out that says two things. One is, recommend CORE phase one and two, and second, we recommend that the Secretary seek additional updates by December 31 and as appropriate, to accept them.
The alternative is that NCVHS stay in the loop, review those recommendations, and pass it along to the Secretary.
DR. TANG: Why wouldn't that meet the deadline, meet the full obligation, and be the cake and eat it too?
MS. TRUDEL: It goes a little bit farther, I think, too. I am speaking for Bill and he is not here, but his concern was that simply saying right now that that is what the committee recommends is sort of buying a product that doesn't exist yet.
DR. TANG: That is what I thought this was --
DR. CARR: So the recommendation that I heard was that we will have a recommendation by December 31. That recommendation, window of opportunity for CAQH CORE to come back with best practices from a consensus process from input from the states.
DR. SUAREZ: I think today we are recommending adopting phase one and two as it is.
DR. CARR: Right.
DR. SUAREZ: Then we can make later this year by December 31 a new recommendation. We have reviewed and we have looked at phase two enhanced, and now we recommend that one.
DR. CARR: So we are in agreement that we are recommending CAQH CORE, and we are recommending NCPDP, so that is off the table. What is more helpful, that we say our letter will come in in December when we have seen the product of the consensus, or that we make a recommendation today, write a letter today as is with a follow-on letter in December?
MS. TRUDEL: I very much would like to have a recommendation in the short term with the follow-on.
MS. GREENBERG: Just commenting on Karen's possible alternative, and I appreciate everybody's creativity in trying to make this work, but I think the advantage of keeping NCVHS in the loop is that NCVHS is serving as not only the advisory mechanism to CMS, but also the public advisory committee to which states and other stakeholders can come forward and say, we didn't get what we wanted and it didn't work well.
I am hoping that it will work well and that won't happen, and of course they could always do that to the Department. But I think in a sense we would be ceding that responsibility if we just then turned it to the Department.
DR. SUAREZ: We're not.
DR. CARR: Let me summarize where we are, because we have a lot of other work to do. Karen.
MS. TRUDEL: Following up on Marjorie's point, I was not trying to imply that additional involvement wouldn't be helpful. In fact, it would be very helpful. I was just trying to provide some alternative language in the event that there still are sensitivities.
DR. CARR: I want to give direction to the subcommittee that is going to do some more work today and make the letter reflect what we said. I am going to say what I think we heard and then give the opportunity for an objection, if it is something we didn't hear, and with that ask you to take it forward, and get onto the next topic.
What I think we heard is, there is agreement that NCPDP should do the drug related part and that CAQH CORE should do the operating rules.
DR. SUAREZ: No, the non-pharmacy.
DR. CARR: The non-pharmacy. Second, we heard that we would make a recommendation now on phase one and two, with the proviso that we expect to come back in December with a further recommendation for the Secretary on an update that will be achieved by consensus through rapid work with CAQH CORE for some value added enhanced ROI recommendations to the operating rules.
Is there anybody who is in disagreement of that? Great.
DR. TANG: Just to be clear, and that may or may not be approved by NCVHS.
DR. CARR: That's right. We will come back, having reviewed that with an additional recommendation by December 31. Thank you. You guys, all of you, have just done spectacular work in taking something extraordinarily complex and helping us understand it.
Now let's hear about the health plan ID.
Agenda Item: Standards Letters: National Health Plan Identifier
DR. WARREN: Another easy one. I have to tell you a story. When I heard that we were doing this, I thought, that is great, I know exactly how to enumerate, no problem. There are standards for that, this will be a slam dunk.
The issue is, what is a health plan. I could probably go on the Night Show or something and do a standup on this. In the law what we were asked do to do was to provide input into the process of rulemaking for the establishment of a unique health plan identifier.
To give you a little back story, this was also requested of NCVHS in the HIPAA legislation. Don Dettmer actually wrote a letter, because I pulled it up, his letter was like three paragraphs, one page, that said, here is the way the numbers should be laid out, and go off, the number of health plans. It was never implemented. I am now understanding why. So this is our task.
Next slide. Why are we doing this? Proprietary identifiers are inconsistently applied to different entities within our standards for transactions of -- health care transactions. A lack of a standard identifier contributes to the challenges in efficiently and effectively using the standards.
For example, patients and providers have a difficult time discerning who to contact with specific issues. Providers are unable to match provider fee schedules to remittance amounts. We have to think -- the AMA had done a tremendous job analyzing all of these problems that they were having in physician offices.
The other issue is the reduced ability to conduct studies on impact of payor on health care spending and outcomes.
So our goals would be to comply with HIPAA to adopt a national standard that enumerates health plans the appropriate entity level that addresses business requirements of plans and providers. Then lastly, to insure that the HIPAA standard transactions can be used to their fullest extent with the appropriate plan identification.
So who are stakeholders? There is a need for a better way for providers to manage their business information and for patients to have better information. A balanced desire for adoption -- we need to balance the desire for adoption of a standard identifier with no embedded intelligence, with insuring that needed business information is available.
This is the best practice that is out there. It is from an international standard that identifiers should have no meaning in them. They should just be a set of numbers. We already have a way to distribute those numbers, because HHS has bought the privilege of issuing ISO compliant numbers which gives us the unique identifier. So we would fit into things that are already in place.
There is little agreement on the definition of a health plan, product types or intermediate entities or entities that should be enumerated. We found that there were things happening out there that none of us had ever heard about before, with names that some people knew by heart and other people, we had no clue what they were talking about. One of them was a rental network. I thought, what is that thing? So that is what we were dealing with. So trying to make sense of all these things that people were saying.
So here is what we are recommending. First, the easy one. We adopt the ISO standard 7812 with a long check digit. What this says is a ten-digit number, nine digits are the identifier, the tenth digit is a check digit. We enumerate the plans. Plans are in quotes here because that is the problem as defined in HIPAA. HIPAA does not give us a lot of specific direction in their definition. It is still pretty vague as to what a health plan is.
That we determine what is a health plan at the product level to be enumerated using input from stakeholders. So that is our answer to the second bullet. If we want to comply with HIPAA to do that, we need to determine what qualifies as a health plan, and then to enumerate that, and we are pretty sure it is the product level that needs to be enumerated.
We need to establish a directory database that must be kept up to date by the plans. This is very much like the national provider identifier, so using that same process.
What we heard from the retail pharmacy piece is, within their transactions they do not use a health plan identifier. So there is no place in those standards for one to exist. What they use is the Rx bin number, and they had a strong request that when we adopted an identifier, that we did not break their standard and their operating rules. So we are recommending that for the NCPDP standards, that the Rx bin number be used there and not a health plan identifier.
That is it.
DR. CARR: So you are saying that we are recommending the ISO standard. Again, what is a check digit?
DR. WARREN: It is a way to make sure that you have inputted the previous nine numbers correctly.
DR. SUAREZ: It is the exact identical standard used for the national provider identifier.
DR. CARR: So who is enumerating the plans as identified by HIPAA, and when?
MS. DOO: The legislation only gives the compliance date or a date by which this thing will be adopted, which is October of 2012. I think it is probably not part of the recommendations. Then the question is, the enumeration would either begin then or would have to have been completed by then in order to be used in the standard transactions.
That is something we have to figure out, but it will be enumerated by probably a company and a system that will be developed. Those are all things we have to sort out.
DR. CARR: Enumerate means assigning the number?
MS. DOO: Yes. So a plan would come in and say, I need a number.
DR. CARR: Who will determine what qualifies as a health plan at the product level?
MS. GREENBERG: That was my question also. It sounded like we were going to do it, but the letter says, direct CMS to work with stakeholders.
DR. SUAREZ: Industry is already working on conceptually how to do this and provide input to CMS as well. For example, WIDI next week is hosting a two-day policy advisory group with a large set of industry representatives to discuss specifically that point. So we know generally who is a health plan from a legal entity standpoint, but beyond the legal entity health plan definitions, what are the types of plan products. When we say plan products, we mean different types of products that a particular health plan offered.
DR. CARR: So what is NCVHS doing?
DR. SUAREZ: We are recommending that CMS work with the industry groups, WIDI and others, to define the appropriate level of plan enumeration beyond the legal entity.
DR. CARR: So we are just asked to outline a process, is that it? These are the words from the Affordable Health Care Act.
DR. SUAREZ: We were officially legally asked to provide input to CMS on this. So in the Affordable Care Act, we weren't provided with the directions that we were provided under the operating rules of going down into specifically recommending operating rules and this and that. Here, we were just asked to provide input into the process. What we are doing is providing that input. We are recommending these items that Judy mentioned.
DR. HORNBROOK: I want to go back to medical care organization 101. In terms of the word health plan, there can be a health plan that is offered by a single organization that is a legal entity authorized to sell insurance in a state. That organization could be an insurance company or it could be a vertically integrated health system.
But I can also have companies that are self funded, so Penney's buys the health care for their employees and does the underwriting themselves, and therefore does J.C. Penney become a health plan? Then there is the whole question of, is that kind of health system regulated and by whom, and do they have HIPAA regulations, are they a HIPAA entity.
I think the rules that we just saw, the HIPAA entity rule would tend to move you towards more physical definitions of health systems as opposed to these health plans that are totally virtual, that exist on paper. You can have a company that exists only on paper and it has got a series of contract arrangements. Health Partners in Minneapolis carries hardly any risk, because they pushed it down to the consumer and pushed it up to the provider groups and the hospital groups.
DR. SUAREZ: I can just say that we are recommending that we use the definition of health plan as in the HIPAA regulation, which encompasses all sorts of -- 13 different types of health plan groups or health plan entity type. So if they are an entity that is subject to HIPAA currently and that must comply with the HIPAA standards and must comply with the HIPAA privacy regulations and all this, then they must also get a number to be enumerated and that number to be used in the transactions. So we are not departing from that concept.
DR. CARR: So are you saying that we would address right now HIPAA covered entities and make a note of, there may be others outside?
DR. SUAREZ: Generally speaking, I think we are doing that. We are saying if you are a HIPAA covered entity that is a health plan you need a number. Now, just like with providers, with the health plans you might have beyond the HIPAA legal entity products inside the legal entity that need to be enumerated.
For example, Health Partners has a Medicaid product in Minnesota, or they have a commercial product or they have a self insured product, or they have a Medicare product. Those types of products, the health plan legal entity would have a plan ID and then the products can be enumerated as well, to be identified in the transaction.
DR. TANG: I am not a teacher of health plan 101. I am a student of health plan 101. I have a very innocent question. Is the problem we are trying to solve, to be able to for a patient figure out how to transact the financial coverage for that care? If that is the problem we are trying to solve, does it have anything to do with a plan which is an organization? Is what we are really trying to do is have payment product IDs?
DR. SUAREZ: We are trying to resolve three specific items all with respect to identification of plans in the transaction. We are trying to identify which is the entity that receives the transaction, number one. Number two, who is the benefit administrator that administers the benefits that are being described in the transaction. Number three, which is the entity that is financially responsible, because it could be different than the administrator of the plan.
Those are the three things that we are attempting to identify in the transaction. Those are the things that the transactions identify when sending data between providers and payors.
DR. WARREN: So am I eligible to receive care. What you as the physician want to know is, is this patient eligible to receive care, and will this insurance company pay for it, or will the health plan pay for it. So you want to know that.
DR. TANG: So it seems like all I need to do is know the product ID. Then how you all figure out who does what is behind the scenes. Is it that simple?
DR. WARREN: That is the way I am looking at it. So if it is simple, then both of us are on the same page.
DR. TANG: But then you don't have to worry about -- everyone who has a product must have an ID, and that is the only problem we need to solve.
DR. WARREN: There is a little bit more than that. The bigger insurance companies may have multiple products. They need to enumerate those products.
DR. TANG: Right. That is still consistent with, every product has an ID. Then we don't have to decide the question that Mark posed. I'm just trying to figure out how to not have to decide all these questions. Is there a way to describe the problem so that -- if every person that wants to offer a product has an ID for that product, isn't that the end?
DR. WARREN: That is some of the premises we were talking about. Then Lorraine asked me to also share with the group, since people were concerned about our recommendation that CMS engage in this whole definition of plan, we have already gotten recommendations from AMA and AHIP, which is America's Health Insurance Plan, with recommendations and a willingness to step forward and work with CMS on developing this. So we have already started setting into motion some of the things that we are recommending. They came forward after the hearings wanting to be part of the process.
MS. GREENBERG: Karen may provide some clarification here.
MS. TRUDEL: I think the other thing that is important for people to know is that there really isn't a consensus out there. During the hearings we heard very, very different notions about what a health plan ID should enable. From one end of the spectrum was, the identifier should tell you where you send the transaction, and if an insurance company has one gateway then they have one plan identifier, to the other end of the spectrum, which is that people want to be able to know from the enumeration process and the database not only what the product was, and whether the patient is eligible, but also how much is going to get paid, where can I go to look at the fee schedule, what network is going to be involved in the care. So there really was not a lot of consensus out there.
MR. J. SCANLON: Just to answer the complexity in terms of the context that Karen raised, these provisions were in the Affordable Care Act. There are other provisions in the Affordable Care Act that were not probably logically related, but they are logically related in terms of health reform.
So I think the committee would do a service if somehow we brought about the link between the potential uses of the plan identifier and some of the health insurance reform. So for example, the portal that would provide information on insurance products available to consumers, they are probably going to need some sort of identifier and database.
The health insurance exchanges, when they come along in 2014, they will probably need some sort of a registry and a plan identifier and set of characteristics, as well as the regulation, all of the regulation of the insurance companies, medical loss ratios and so on, there has to be some way of -- again, what I would not want to see would be an identifier and a database for every one of these purposes separately. It just would be unsustainable.
So I don't know what the answer is. Really it would have to be at a product level to some extent. But I think the committee would do a big favor if it linked these two at least conceptually. In whatever manner we go forward, to the maximum extent possible, all of these other requirements be considered.
DR. SUAREZ: Jim, we did talk about beyond the HIPAA covered entities and the HIPAA transactions, the use of the plan identifier for a number of other entities, entity type not currently referred to as HIPAA covered entities, health plan HIPAA covered entities. Also, other uses beyond the HIPAA transactions, where quality assessment for across payor population analysis, for a whole host of other things.
In our recommendation, these are the highlights of the most important recommendation, but in the recommendation we also mention looking at other uses and other entities that can be identified through this number.
DR. HORNBROOK: Just to take this to its ultimate detail, if you are looking at writing information on what a consumer's options are, in my particular situation it would be Kaiser Permanente plus the intersection with each purchaser, each employer, and the cafeteria of benefits inside that employer.
So you have got essentially a company plus a benefit array that defines the full package that applies to each individual. Now, insurance companies have to operate to know that. It is something they have been working with for years. It is just like the banking industry; they are pretty good at doing that. So it is not beyond informatics capacity, but it is a pretty complex phenomenon.
You also have to add in third party liability, car insurance and property insurance, workmen's comp. Finally you need a code for the person who is paying totally by themselves, there is no insurance company there.
DR. FRIEDMAN: This may not advance the agenda at all, other than to educate me, but if you will indulge me. I hear from the discussion the potential to be over engineering a process and making something brittle. So my question is, what status does having an identifier convey on an organization? Does it convey any status at all other than the ability to identify it uniquely?
DR. SUAREZ: The same as the provider identifier. By virtue of identifying the individual or in this case the health plan, in a transaction, the recipient of that transaction would be able to specifically know where to send the transaction, who is going to pay that transaction, and what are the eligibility, where the eligibility coverage of a particular member of that organization, confirming that that person is there.
But it conveys all that through the information. The number itself doesn't convey anything, just like the NPI doesn't convey anything about the provider.
DR. FRIEDMAN: Right, so why then create any threshold for getting a number? In other words, if you think you are one, then you should get one, because having one conveys no status, and no one will address you if it has no reason to do business with you by virtue of your not having status to conduct whatever kind of business is involved.
DR. CARR: This is what I would like to recommend. I would like to just go around the room and get the thoughts, but not answer, and then take it back to the committee. In a minute we want to get a preview of the privacy letter. So thank you, Chuck, for your comments.
DR. GREEN: I pored over the consultant's contracted report, pages nine through 11, concerning this. I basically just have another question. Is there some reason why this letter cannot use the yield off of that consultation and those definitions there, that start with 6.1 as the definition of a health plan, and it goes to the statutory definition, and then render an opinion.
DR. CARR: I think that is great. So let's take that back.
DR. GREEN: The CMS definition, just to put it on the record here right now, is that CMS considers a health plan to be an entity that stands in relationship to an individual that legally obligates it to pay claims for some or all of the health care provided to that individual.
I really like that definition, as one that is relatively permissive, not overly constraining. Then when you keep going in this document and you start looking at all these other definitions, it unravels.
DR. CARR: So that is helpful information for you to take back.
DR. STEINWACHS: Let me just add my two cents. I like the idea of a product identifier, but since products keep changing, we now trust the insurer to keep modifying and changing those products. That seems to me to be a hard thing to track.
So it comes back to the idea that maybe the identifier has to be what is the insurance entity, and then there may still need to be another identifier for products within that. I don't see how we can get by with one.
MS. GREENBERG: It is very much related to the question that I was going to ask. Given the different purposes that were expressed and desired, is it possible for there to be -- or can the transaction carry more than one identifier, such as Don has suggested, or would that all be handled in the database? As I understand it right now, they have one place to put the transactions and one place to put the identifier.
DR. CARR: I think I want when we come back to be able to say, this is the simplification we want to achieve and to achieve it this is needed because. I just want to go around the room for comments.
DR. TANG: I am going to try to build on that side of the table in a framework that is this lumping thing. So what I hear is, it uses a phone number, the phone number equals the product ID. Who answers the phone doesn't really matter to either the consumer or the provider trying to deliver a service.
So if we can establish a phone number, which is the product ID, that serves a benefit for this user. We do have to figure out who answers the phone. That is a separate piece of information that is useful. I think when we separate those two things, rather than call the whole thing plan ID, we may have to clarify the situation.
So if it is helpful, that is a way to present the recommendation to me.
DR. CARR: On the left side of the table, any further comments?
DR. FITZMAURICE: I am struck with Chuck's suggestion to give an identifier to all who want one. Then I am thinking, what are the criteria for getting an identifier? Would you have to require that the health plan show you a state licensing bureau certification number in order to say, I am a health plan, and can just anybody say they are a health plan?
Then might there be a second variable or identifier for the product? I'm not sure how to define the product, because as some said, they change a lot, and new things will come down the line. I'm not sure you can have a typology that is fairly stable. But I can see giving an identifier to everybody who has been given a license by the state licensing bureau.
DR. CARR: Closing comment, Karen or Lorraine? Not. What I would ask is, if you have not read these two letters, that you read them now with this very informative background, and then you will take back the comments that you heard today, and come back. We will get a draft out and be prepared to comment on it tomorrow.
We will break for lunch a little after 12, but in anticipation of a discussion this afternoon, I would like some framing analogous to the way Standards did it about what is the topic and the letter we are going to discuss this afternoon, and what are the considerations the committee should be mulling over during lunch.
Agenda Item: Privacy Letter: Sensitive Information in the Medical Record
DR. FRANCIS: May I take the initial laboring oar on this as co-chair? I want to pick up to begin with two phrases that I think Chuck used, maybe Joy, spinning around and evolving environment. I think it is fair to say that we have been doing a great deal of recognition of the evolving environment, and that in a context of change there is quite a lot of spinning around. You have probably already in the e-mails that have gone around seen some evidence of that.
Let me give you some process history, and then tell you what is on the table and probably what is the --
DR. CARR: I think they said a great model, this is what we thought our charge was and this is what we did.
DR. FRANCIS: Exactly, okay, right. In 2006, the NCVHS issued a letter that had many recommendations about the NHIN, including some recommendations about doing more with sensitive information.
In 2008, we issued a letter about sensitive information. In that letter we stated some possible categories and recommended further work to select and define categories as sensitive information. That letter, the letter itself, was a follow-up on the 2006 letter. It was not a letter -- the hearings themselves were not specifically about NHIN, but that letter was a follow-up on the 2006 letter.
In 2009, we issued a PHR letter that also mentioned sensitive categories of information, our wanted definitions of categories of sensitive information, and what we took ourselves to be doing in hearings.
Our charge now is to define categories of sensitive information. I give you that context because that is the history of it. We had conversations with the ONC Policy Committee, that they were going to be looking at the technical questions and that our charge, again under a very tight time frame, was to develop definitions of a list of categories of sensitive information, and to do it in such a way that what we do could be taken into account in timely fashion.
In the spirit of going back to a prior chair for analogies, Simon, I want to make very clear that it is not a good idea to drink wine before its time. There are several drafts that have gone around, earlier drafts, that may be drinking wine before its time.
Yesterday, we were not able to meet with Paul until 4 o'clock, but yesterday members of us worked on another draft, which is sitting on your desk. That is where we ended up at 6 o'clock. Please don't assume that the words in the earlier drafts are in this draft. But please do assume that the kinds of comments that have been made reflect what is the serious issue we need to talk about, which is whether a letter that goes forward should be a letter that says explicitly it is about the NHIN, whatever that might be at this point, whether it is a letter that when it goes forward should say it is about health information exchange, whether it is a letter when it goes forward that should say it is about uses and disclosures, or whether it is a letter when it goes forward should say nothing at all about context.
The present version contains references to uses and disclosure, although we have tried as much as we can to strip it of references to context. But I should say that is -- I hope I have outlined that as the issue on the table. You can judge whether this is a premature sip from the cup at this point.
DR. CARR: Thank you, Leslie. Paul and Marc Overhage, I would like you each to raise the considerations that you also have, begin with Paul.
DR. TANG: My concern with what Leslie said is stripping the context from the latest letter of recommendation, I don't think that is fair to the process. Clearly when you ask for information, you ask for it in a context and you shouldn't represent that outside of the context. People always say, don't take me out of context.
So the context for the 2006 letter, which was our charge, and the letter is entitled Privacy and Confidentiality in the Nationwide Health Information Network, we all recognize that was the way we stated this concept in the past. The more current -- and I think Chuck mentioned this -- way of describing it is electronic health information exchange.
The February 2008, also said individual control of sensitive health information accessible via the Nationwide Health Information Network for purpose of treatment. I.e., in both those cases, and particularly in the first letter, which is 2006, we asked for testimony which included a lot of folks including the practicing physicians, about privacy protection when you disclose it in the Nationwide Health Information Network.
That testimony led to the concept of categories of sensitive information when you disclose it. That is carried on through both of those two sets of hearings, and now this current letter as drafted, that as Leslie says strips that context away, I think that is important. In my opinion, we should not strip the context under which we acquire the data. It is essentially repurposing the opinion outside of context.
So my suggestion is to maintain the context, write the information that we have, and the receiver of that information, the letter, and understand it in the context we have got it and can apply it in whatever ways they see fit. It is important to me that the context be communicated with the conclusions and the summary of the data that you uncovered. That is probably the biggest thing where we disagree.
DR. CARR: Paul, could you comment on what are the consequences of using the information in the absence of that context?
DR. TANG: Before, when the early testifiers in 2006 talked about whether there is category of sensitive information, it was in the context of disclosing information. The implicit extensions in this letter talk about segmenting data and with the potential for sequestering data inside the EHR. That is an important difference to the practicing clinician.
The EHR is a tool that was designed to help the clinicians make sure they use all the data to make a perfect decision for that patient. It is the clinician that created this record, not talking about ownership of data, et cetera. Sequestering was not something that they thought they were going to do. They certainly understand that with the Hippocratic Oath they have to maintain the confidentiality of that data that they acquire. So it is the concern that sequestering data inside an EHR is a fundamentally different concept than segmenting data when you exchange it with others.
DR. CARR: So data at rest versus data in motion.
DR. TANG: Data at rest versus data in motion.
DR. OVERHAGE: Thank you. I do agree with all of the points Paul made. In addition I want to highlight one other, which is that as Leslie has helped me understand through some e-mail exchanges over the last couple of days, the objective is to define these categories of sensitive information.
My major concern beyond the ones that Paul outlined is that we have got two anchoring points, it seems to me, in the work that we have done to date. The first is that the committee recommended opt in/opt out as not sufficiently granular for patients. We have also said that extremely fine grained patient specific things are not feasible; we need something in between.
I think my discomfort is -- well, it is more than discomfort, I think my reservations are that there is a long space in between those two options, and we have in the current draft letter picked a place along that continuum that might satisfy some, but certainly not all patients' concerns about control of which information, that I don't think takes into account the costs and implications to the patients in other ways of making those choices.
So my crude graphic is that increasing granularity to the right and increasing difficulty of identifying data in those categories going vertically. I fear that we have chosen a point that is on this flat part of the curve. I don't think we have any testimony that addresses that. We didn't ask that question. Although I wasn't at the hearings and didn't review all of the audio and transcripts, I read the written testimonies. I think that we may have chosen a spot in this letter which is impossible to implement.
Just a case in point, abuse is a good example of that, where as a primary care clinician, somebody who comes into the office, a housewife who looks fatigued or perhaps who has a bruise, I would routinely ask about the potential for abuse. I think that would be considered the standard of care.
Now when I do that, I am going to have to flag or identify that information as being in this bucket. We are going to do that for every patient. There are some patients, and this was the term repeatedly used in the letter, who might want that information sequestered.
So I think that we have got to give thought to balancing the desires of some and the impact on others. If your physician is busy, and you see this every day, trying to take care of patients, and you add 30 seconds to their per-patient care, you have just denied another group of patients care. You have just denied that extra 30 seconds to another patient. You have just increased the cost of care.
There are very real impact and cost of care issues that by making this choice we may be weighing. I don't know that that dimension, and in fact, the categories that we outlined in the letter of the criteria for defining these things, on the top of page five in the current draft that was handed out, don't even identify that as a risk or a problem. I think it just reflects that we haven't addressed those.
DR. CARR: I would like to ask Chuck. As Leslie pointed out, there was a good collaboration with ONC in terms of concepts being articulated by NCVHS and tools by ONC. Following on to what Marc was saying, how do we define that boundary? One easily slips into, in some ways it seems like a logical sequence; you have this information, do you segment it.
But where do you see the boundary, Chuck, in terms of the value we can add, so as to get the concepts across and yet be respectful of the work of ONC, and actually have others as Joy told us after her comments this morning.
DR. FRIEDMAN: No, it is a very good point. I want to interject the concept of skating where the puck is going to be, because we are dealing with a world that is changing. I think Paul outlined a key aspect of that that may be helpful in shaping how we think about this problem. That is, separating the data itself from its context, or in more technical terms, separating the data from the meta-data around it.
If I had to look into my crystal ball and see what the future holds, I think we are headed toward a world where the meta-data around data represented in various information systems are going to become richer. What we should therefore be thinking about is how to portray context, so that the context would hold the key to whether the data can move, as opposed to making a more all-or-nothing kind of statement, which is data of these types can't move. It is under what circumstances as might be captured by the meta-data can these data move.
I don't know if that is helpful, but I think from a more technical ONC perspective, I think that would be a very useful way to start thinking about this problem. I'm not sure I answered the question you wanted.
DR. FRANCIS: That is actually how we are trying to think about it.
MR. HOUSTON: A couple of points, one to answer one of Paul's comments. If you look carefully at the testimony we heard in June, those hearings were not specific to either PHRs or NHIN or HIEs. There was rather a hearing about trying to understand what information we would consider to be sensitive. Again, we tried to remove the context from those hearings to get information. In fact, we did get information that frankly I think is relevant even within the EHR space, as is the case with a lot of past testimony.
I think also, one of the things that I think is important is that we tried not to, as Chuck talked about, impose a context, nor did we -- we steered away from any type of a recommendation as to what to do about this data. We are not saying that thou shalt in some way, restrict access to this data in whatever context. We just simply said, there are a lot of people that are interested in understanding what is sensitive information, so that they can take that into consideration as they are looking at potential technology solutions or policy considerations and things of that sort. So again, we tried incredibly hard to simply say, let's try to define what are potential categories of sensitive information.
Thirdly, I think there is a lot of experience that I think some people would argue is outdated as to what is sensitive and why. However, I think what we have come upon in my mind is that when dealing with exchanges and EHRs, there is a fairly small group of people that have very strong opinions about information that is sensitive to them. What we tried to do is say, of those people what is the far majority of what they consider to be sensitive, recognizing that any individual might consider a piece of information, however benign to us, to be sensitive.
But if we look at this, what we have defined probably meets the needs of about 95 percent of what people are concerned with, maybe even higher. So if we have a small group of people that are concerned, then we take what represents the vast majority of what they are concerned with, I think we are able to reasonably identify what is in large measure to be those types of sensitive information that we need to be concerned with addressing.
But again, no context. We are not saying that thou shalt apply this to EHRs, to PHRs, to exchanges. It is, here is sensitive information, go forth and use it as you are considering if and how you might want to add restrictions to or allow patients to make requests for additional restrictions.
So again, it is intended to simply be out there as a data point for people to use.
DR. CARR: Sallie, did you want to add anything, or Walter?
MS. MILAM: I think part of what the definitions are intended to address are existing requirements under law today. State law and federal law require special protections for sensitive information. Exchanges are fairly new. A lot of electronic health record systems are new. I don't know that it is decided where these things apply, but we know we have these requirements out there.
So the letter doesn't seek to add any clarification or standards around who must do X, Y or Z. It is about what is mental health information. So we tried to give some very concrete examples of what should fall in those categories and what shouldn't. So it is really to get some up-to-date thinking from people in the respective areas of what might be sensitive.
So it is our attempt to add clarifications to requirements that are already in place by law over which we really have little control.
DR. CARR: What I am still not clear about is, we have the law that talks about these categories, and we have restated them. Marc, can you say what is it that makes this expensive, what language in the letter brings us to a place where we have unintended consequences?
DR. OVERHAGE: If you never use the recommendations in the letter, then it has no implications. That is what I am hearing from John and Leslie and Sallie. There is no use for this, therefore there are no concerns about the burden. Any of the use cases, however you would choose, if it would be used, pick anything that you would use it, requires that the information that they have segregated -- and Sallie, you said that this was just reflecting what is in the regulation.
Yet we have gone another step in saying that certain things are quote-unquote in or out. We have said, if you have an adverse reaction to the drug used to treat this, then that is okay, that is okay, that doesn't get segregated, but other things do.
I think we have gone further than that. If you go through the specific items, sexual activity, great example. Every patient seen in a primary care setting, that is a bit of information that the provider assesses. And given the way we keep records today, and by the way, since there are no boundaries, this applies to paper too, I must identify that information as being segregated. I must tag it. That takes work and effort.
DR. FRANCIS: Can I pick up just on another example to give people a sense of something? Genetic information, I will tell you that there should be an even further update of the version you have in front of you.
The GINA language includes genetic tests and a history of disease in family members. Clearly the latter would require natural language processing of some kind, or it is more complicated to figure out and clearly much more costly.
On the other hand, now the employer is not permitted to request any of that information. So wherever it is in the health care system that a record goes out to an employer, somebody has to deal with the fact that family history information has to be redacted.
So our aim in this letter, and we can talk a lot about how to try to achieve that aim, is to say that there should be piloting and further work on how to do technically. Admittedly, the costs here of software, a kind of meta-tagging, so that you wouldn't have to do it but the meta-tag somewhere would do it, to pick out the information that would have to be segmented in response to a request that would comply with GINA. That is just an effort to put a little flesh on the bones.
DR. OVERHAGE: So I hear you accepting the argument that the effort is important, and it is a factor that we should reflect in the letter.
DR. FRANCIS: Absolutely the cost.
DR. OVERHAGE: So we need to reflect that.
DR. FRANCIS: We should reflect that in the letter.
DR. OVERHAGE: But a second is very important. You described redacting information on request. That happens in one of tens of thousands of patients. Segmenting and identifying the information happens for every patient. So it is a question of whether you do it on the front end or the back end.
Just as a concrete example, the recommendation here that tests for metabolites, proteins or other factors which are indicative of features of the individual's genome, for example, means I cannot share a blood smear.
DR. FRANCIS: That is the GINA definition again.
DR. OVERHAGE: Well, that is fine, but I am just saying, the recommendation here implies that every blood smear has to be flagged and segregated from the rest of the data, because the blood smear is indicative of features of the individual's genome.
DR. CARR: Luckily we have a chance to come back after lunch and continue. In fact, we could even come back early if you want. I have the following people who want to make a comment. Again, I would ask that you make a comment to mull over on lunch, and then I would like to break for lunch so we can start promptly at one.
DR. SUAREZ: I do have two comments. As a member of the Privacy and Security Committee, I have worked on this quite a bit.
The first one is about scope. I think maybe for the first time in my own mind, Leslie, you have clarified the source of the scope issue right now. I think it is very clear now that for the hearings that we had June 15 titled Sensitive Information in Medical Records, we were asked, in coordination with ONC and with the security and privacy Tiger Team, to look at the specific types of sensitive information and order the discussion and definition of them. That was it, that was the charge. We had nothing to do with NHANES from 2006 or from HIEs from 2008. It was specific about, we need definitions from a policy perspective on the categories of sensitive health information. That is what we tried to do with this letter.
The second comment is, Marc, to your point. I don't think the expectation is that now every time you see a patient and have some genetic information you have to flag it. I think the expectation is that this type of data that the consumer will at some point have the right to ask that it not be disclosed or used or shared for any reason, that then the entity will have the responsibility to do it.
We have to do it today in many instances. This is not required that every single instance for every case, for every patient, you have to flag it. This only means that this type of sensitive information as has been defined, even when there is a regulation or an expectation in the law that patients will have the right to segment tests for DNA, then the information systems will have the capability to allow the provider to meet that law. That is all we are saying with this.
MS. GREENBERG: I just want to build a little bit on what Walter is saying. I think the ultimate question for the committee is, is there something that the committee can say about this obviously very complicated, contentious and evolving area that will be useful to public policy in general and to those who have more specific responsibilities to address this issue of what to do about sensitive information in particular.
So I just wanted to point to a few things. I'm not giving an answer to that and you don't want me to at this point, but that is really the question, I think. We know that in the ARRA, the HIT Policy Committee was asked to make recommendations among other things on technologies that protect the privacy of health information and promote security in a qualified electronic health record, including for the segmentation and protection from disclosure a specific and sensitive individually identifiable health information, with the goal of minimizing the reluctance of patients to seek care, et cetera.
Now, it doesn't actually say anything there about the NHIN or HIE or whatever, but obviously there is a context here that this information is going to go somewhere or could go somewhere. But it doesn't say that, it says in the electronic health record.
So since it mentions sensitive individually identifiable health information, the question is, is there a definition for that. Think about the health plan. How can we enumerate health plans if we can't define them? How can we do this, come up with these technologies to deal with sensitive individually identifiable health information, if we have no idea what sensitive information is?
So then we heard this morning from Joy that regarding segmentation, which I assume is related to this very specific issue of segmenting sensitive information, there are some promising technologies, but they are not quite ready for widespread adoption. We need more research and demonstrations. So clearly the policy process as it is moving is not prepared to say X data must always be segmented. There needs to be research and demonstration.
We at the National Committee have held now several hearings, including the one in June, to try to get at what sensitive information is, how you would define it in a reasonable way based on the needs of patients. We did hear from providers as well. Whether everybody was heard from who needs to be I won't say.
So would our know providing this information with all the caveats that were mentioned by -- have been mentioned around the room and have been mentioned by Joy, be useful at this point in time? We have a body of information that comes from testimony, et cetera that will shed some additional light on our view or the committee's view from testimony and consideration as to what sensitive individually identifiable health information might be.
So again, going back to the operating rules, is the risk that by now revealing these findings cause more trouble than not, or would it be helpful now to put that information forward with all the necessary caveats? Enjoy your lunch.
DR. CARR: Thank you, Marjorie. I have Paul, John, Larry and Mike.
MS. GREENBERG: I thought I would have the last word.
DR. CARR: No.
DR. TANG: I just want to comment on what you brought up, Marjorie, in the sense of, nobody is suggesting that the question of whether the segment data in an EHR is not an important one. I would say that if we wanted to explore that question, we should explore that question with the full knowledge of those people we ask to testify.
I only am suggesting that we in our letter put the context under which we got to where we got to, which is having categories of sensitive information that was in the context of exchanging in NHIN, so that we should get the information out there so people will know how to interpret it.
The question to mull over, at least I want to mull over it at lunch, was stimulated by what Chuck said about context in the meta-data. In some sense we got it wrong in 2006 when we said there are such things as predefined categories of sensitive information, and that sensitivity or desire for protection of confidentiality of information is totally dependent on the context. Can an individual, patient or provider, decide whether something is quote sensitive for this moment now, and can those same two people predict whether it is sensitive at some point in the future, just by belonging in the category.
I am wondering whether that was not an appropriate recommendation to make. We made it under whatever circumstances we made it. It could have been find now, but maybe the puck is headed in a different direction and we should consider other things. I need to think about that at lunch and come back, but that is something I would like to propose that others think about as well. We need to raise it.
MR. HOUSTON: Just one follow-up comment. I think that one of the motivations too for looking at this in the context just not of NHIN and HIEs and PHRs and expanding it, is the fact that at my institution we have internally within our EHR environment dealt substantially with how do we manage sensitive categories of information, and putting certain bounds around it to insure that A, we respect patients' expectations of privacy, as well as their expectation that they receive quality health care.
So we have taken an enormous amount of time to try to sort through that, one very specifically in the psych context. There was a lot of deliberation, a lot of discussion. I think that part of my hope in all of this was that we could help give organizations guidance on what types of information they could focus on if they chose to go through a similar undertaking.
I think that had I known then what I know now, I think it would have helped streamline the process. We end up getting to a lot of the same conclusions about things, but it did take a substantial amount of time with a substantial involvement of physician leadership and others to try to get the right answer.
So I was also hoping that we could make this portable in many contexts.
DR. FITZMAURICE: I am impressed with the breadth and the thoughtfulness of the information that is contained in the letter. I am also impressed with the views of Paul and of Marc.
So I am wondering, should the letter limit its scope? It might say something like, in considering how to categorize sensitive information, we sought no input on the cost issues, the work flow issues, or all the implications of the uses of these categories in electronic health records or personal health records. Accordingly, we make no recommendations with regard to specific segmentation at this time.
In other words, we have looked at this and we have seen that these are important to people, but we don't give you any action to take.
DR. CARR: Last one, Mark.
DR. HORNBROOK: I just wanted to reiterate Paul's notion of relativity. Think of someone who gets a diagnosis of a devastating disease, and they just don't have the emotional ability to handle everybody else around them also hearing it. They want it quiet. Think of cultures where the patient isn't even told about the disease. The culture wants the other members of the family to hold that information, not the patient. Think of somebody who is in trouble with the law and wants certain information held from the police department.
I don't think we can get around the issue that it really is individualistic, regulational, situational and not universal.
DR. FRANCIS: Could I make an observation about that? I don't deny anything. I don't disagree at all with what you said and what Paul said.
In an ideal world, it might be a good thing to have people be able to have -- this is a sensitive tag, they work it out with physicians, and that is the end of it. On the other hand, that is not how the law works. So what we are trying to do, and this goes to some of the tensions with the Standards Committee too, we are trying to find a middle ground.
Marc had his chart about the cost considerations. It is really hard to try to find a middle ground. As you think at lunch, one of the things to think about would be, should we give up on middle ground categories?
DR. CARR: To follow on with that, going to Mike's comments as well, I think there are two tensions. One is, what is in the law today, whenever those laws were written, and you were trying to build a trust environment for patients to participate in this new world.
The word meta-data didn't exist probably when the hearings began, and that changes everything. So as we are trying to anticipate and go toward the future, we have to recognize that it is evolving. So I think a key question is, do we say something that is in between granular and minimal, or do we just say something that is safe to say now and tee up other areas that need further attention, and then partner with what Joy is doing. I heard her say there is a lot of work there.
So with that, let's have lunch, and we will meet back here at one o'clock.
(Whereupon, a luncheon recess was taken at 12:15 p.m.)
A F T E R N O O N S E S S I O N (1:20 p.m.)
DR. CARR: Welcome back. We want to take the next 45 minutes to get an update on the discussions that occurred at lunch, continuing on our topic of how NCVHS can add value in this realm of privacy. So I will start with Leslie.
DR. FRANCIS: This is a report from a table that had Marc Overhage, Maya Bernstein, Amy Chapper and Leslie Francis at the table.
There were two things that we talked about. The first was with respect to context, that we might take the last paragraph and put it at the front. The last paragraph of the current letter basically says, here are the recommendations that are in the last paragraph, that HHS undertake further refinement of the suggested categories below, that we study the technical implementation issues, and engage in pilot testing. We can take out ultimately provider/patient education. I don't know, we didn't talk about that. That the context be of these recommendations for definitions, that the next steps are technological development and pilot testing. That way, any implication that this is ready for regulatory prime time would be removed.
The second point, and to be honest I didn't have a copy of the letter. We meant to be sure it is in here, so I want to emphasize this. We all recognize that there is a real cost tradeoff here, so the importance as all of this goes forward of course is recognizing the competing considerations. We meant to have all of those in the letter. So Marc's point about costs, sure, we will make sure that goes in, but the idea was to think of the context of this as using these categories for the next steps of technological feasibility and pilot testing.
DR. CARR: Excellent. Marc, did you want to add anything to that?
DR. OVERHAGE: No.
DR. CARR: So it sort of like continuing the theme of administrative simplification.
DR. OVERHAGE: But it is more than cost tradeoff. There are other tradeoffs, including costs.
DR. FRANCIS: We have those others in the letter.
DR. CARR: Additional thoughts on this suggestion?
MS. MILAM: I like it. The only thing I would add, since this is providing some guidance in terms of technology, is that those who are receiving this guidance recognize that they need to meet any jurisdictional requirements that exist, that this provides high level guidance. They may have additional privacy requirements at local and state levels.
DR. CARR: Other tables?
DR. TANG: The good news is that Chuck gave me permission to blame it on him. He will be back here tomorrow morning. There are many representatives at the table to see whether this is right, but it is stimulated by Chuck's remarks about how important the context of the data is when it is received and particularly how it is used and when it is used in the context of this moment or trying to predict the future.
To retrace our steps as a subcommittee and committee, we thought we could -- and many people would assume that you can come up with some really obvious categories of what people would think of as sensitive information. Then we charged ourselves with, these are obvious categories, let's just be more concrete.
In the process of trying to get concrete, that is of course where the subcommittee had difficulty reducing that to becoming very concrete and very prescriptive about it, which in a sense is how we discovered what Chuck said was so right. It was almost impossible -- I think our table committee felt it was nigh impossible to predetermine what was sensitive to an individual for a context. So is it better to try to force something or to provide the insight that once you go through this process?
As I said, we started out saying there are some obvious things, that turn out not to be obvious when you drill down with the number of people with their diverse perspectives and opinions, that maybe that is not necessarily the right or the contributory way to go.
So the alternative opinion is to offer that insight. I think it is something new that a lot of people would find new, that when you work really hard at it, it wasn't necessarily doing the right thing for one, patient care and two, protecting individual health data according to the wishes of the individual.
DR. FRANCIS: Could I ask you a question about that, Paul? Did you envision that as one more opportunity to pilot? One other thing that could be piloted would be a system under which people could define their own categories. That is something that in the 2008 letter got taken off the table, because it was thought that it was not a middle ground at all, but way too complicated on the provider side and so on.
So another pilot that we might add to the mix would be the possibility you suggest, rather than having that be the only one.
DR. TANG: So I guess what you are saying is, we are recommending that further exploration of this topic be undertaken through demonstrations and pilot. I probably wouldn't put any restrictions on that.
DR. FRANCIS: One pilot could be each of these defined categories. Those could be piloted. Another pilot could be the possibility of having full patient granularity as another option, which is certainly something that -- if people want to pilot that, I think it would be a great idea.
DR. FITZMAURICE: I am with Paul on not putting a whole lot of restrictions on letting people who are thinking about doing it explore the possibility with pilots. But an ethical question comes to my mind. Since I am not a physician or specialist, I don't know how this would be treated.
Let's suppose that you are referring a patient to a specialist. The patient says, don't mention anything about my X condition. He says, this could affect your health care and could be detrimental. No, I don't want you to do it, I want you to sequester that information, don't let it be revealed. So you send the patient information to a specialist, and the specialist treats the patient, and then later on finds out the patient had this condition that would have made a difference.
Is there a moral obligation? Do you feel betrayed if you are the specialist that you didn't have all the information that the other doctor had? This seems to betray a trust that exists today.
DR. CARR: The situation exists today as well. If you go to a foot doctor, you don't mention your history of rheumatic fever necessarily. If you are going to the dermatologist, maybe you are not mentioning your anxiety medication, I don't know what.
The way I see this is that we have a very dynamic world today where all of these things function in an integrated fashion, almost like the autonomic nervous system. We don't think to expand our ribs, stretch those intercostal muscles, open up the trachea, close the epiglottis. We don't think that way, we just do it.
What we are trying to do is to lump or split. We are taking on an exercise where we believe we can identify the component parts and map them to where they go, but they do in many places. So in the dynamic world today, patients sequester information all the time. I have to say, this is a 180 for me, because a year ago I might have said the opposite. But it is a fact of life.
So I think that transparency is our friend. If every record has a tab that says secured information, then there is no stigma. Everybody has that tab and the provider says, do you have any information that is not apparent to me, and they can say yes or no. It is simplistic.
The other point I want to get to is that because this is evolving, this whole concept of meta-data and the technology and the iPhone apps and everything that we are seeing at these meetings happening at such a rapid pace, NCVHS does a great job at teeing up the concepts, the issues, the challenges, and allowing these other technical specialists to work with that to say, did we remember this, did we remember that.
DR. STEINWACHS: Just a couple small things. If you think about research, you allow the person you are collecting information from not to answer some questions or to have the tape stop, if you are recording something, and then start it again. So it is interesting to think about what is the parallel in the medical record context that would say, we are going to put this in a sequestered place, or it is not going to be recorded. That is part of what we are talking about, the person's rights.
It was also interesting at the table, we got into a discussion of how sometimes physicians don't tell their patients what the condition is they have. Psychiatrists don't always tell a person they have schizophrenia. So the record also is caught in a different direction. Since you now can have access to that record, and if for some reason you decide that you don't think it is in the patient's best interest to share this information, I'm not sure what that means, either. That complicates it further.
But it was a discussion around the contextual effects, where it is hard to say always you do X or always you don't do X.
DR. CARR: I don't want to reflect that my comments are suggesting we take a pass. Only to reiterate what Paul was saying, that we thought this was easy, and the fact that we have had so many e-mail exchanges and discussions tell us, no, it is not easy. There are many different dimensions that will go in.
DR. SUAREZ: Just a couple of comments, too. I think we are doing today in different ways control and segmentation and access restrictions. So yes, as a doctor I might be able to see some data, ideally all the data, probably in most cases all the data for treatment purposes. As a receptionist I might not be able to see some data, because that is not what I am able to access. So there is role-based access controls that allow systems to limit who accesses what.
It occurs to me that within focusing a lot on the concept of restricting access or somehow segmenting data from providers for treatment purposes, and that is truly not even the intent or the five percent of the 95 percent of all these issues. I think the vast majority of issues are disclosures about sensitive information or other purposes, not treatment. I think that is where we can provide a lot more headway with respect to the background and the context of this letter.
I think the concerns and the fears that I have been hearing tend to reflect more the risk or the perception that we are restricting access of clinical information from providers, or suggesting in the letter that somehow the segmentations of these categories of data, restrict access from individual physicians and providers for treatment purposes when we are trying to do the reverse. We are trying to identify areas where it is commonly today believed that the sensitive information needs to be allowed to be controlled for disclosures that are non-related to treatment, payment and operations and other things.
So I wanted to introduce that, because I think it is important to take our mind set from that perception that this is all about restricting data from providers. I think we all are very much mindful of the significance from quality of care and patient safety of the need for providers to access all the data whenever possible and as needed. Even in today's world with paper records, providers don't even have access to all the data.
But this letter in no way in my mind was intended to try to portray that. It was on the contrary trying to identify certain categories of information that need to be appropriately controlled for purposes other than treatment.
DR. CARR: Is there a value in us enumerating all of the traps that we fell into, information at rest, information in motion, what is treatment, what is payment and operations. These are all the traps that we fell into. Maybe we don't have to solve them, but we have to say clarity of thought is paramount to what is regulation and what is patient preference and what is required. So just a thought.
DR. GREEN: I want to make three points. The first one is, I want to go on the record as being very sympathetic and highly supportive of the principle of patient autonomy and individuals should be in a position to have authority over critical information about themselves.
That said, I want to make two other points. The first one of these would be, I wish to challenge unstated assumptions in this letter, such as that there is such a thing as knowledge out of context.
DR. FRANCIS: Of what? I'm sorry, it is hard to hear.
DR. GREEN: One would be an epistomological challenge. The epistomologists I think have argued very persuasively that there is no such thing as knowledge without context. This letter assumes that there is. I'm not sure that is a wise position to take.
Another one is that there is such a thing as non-sensitive information in health care. I keep trying to -- forgive me for being a physician, but I keep trying to think of something that the patient has revealed in which they might just prefer that that not be exposed.
Let's take something like age. There are people who come in who don't want to tell you how old they are for various reasons. There is a list of reasons for that. I don't want to get us off track here. My real point is that the whole idea that there is such a thing as sensitive information and non-sensitive information, I remain today unconvinced that that distinction exists in real life.
I want to make a quantitative comment about the letter as it sits. I go through all of the proposed categories for segmentation. I just use the knowledge that I carry around in my head from epidemiology about distributions.
I am quite confident that this letter is proposing segmentation possibilities that will include a large majority of the entire population. We should not go forward with this thinking that this letter is about a small subset of the population. This letter as proposed, I am relatively confident, is about the majority of the population.
I hold this very dear as a physician. I think the radical proposition in the health policy stage of the United States is to try to make care patient centered. That is the radical idea out of the Chasm series of the IOM. It is the fundamental principle, and that is the one that disrupts old ways of thinking and doing things.
The very idea of patient centered care is to be specific to an individual. Patient centered care as a principle has a very nasty qualitative problem, in that it is specific to this individual. The sequestration and segmentation notions, we need to recognize that as we do whatever we are going to do, say whatever we want to say, pilot whatever we want to pilot, we need to be realistic, that we may be working against ourselves to move toward highly personalized patient centered care.
To get very detailed about this, I just simply can't bring myself to be supportive of this letter's statements where it says, the NCVHS recommends the following be segmented. There are just too many exceptions on the list. I think it would be very difficult for this nation's practicing medical community to say that is a really good idea, to put that in a position where that can be segregated and segmented, because of the rolling ripple effects of the clinical enterprise's ability to provide excellent care and support for these people.
So other than that, I really like the letter.
DR. FRANCIS: Justine, may I as the co-chair of this subcommittee make a suggestion?
DR. CARR: Yes.
DR. FRANCIS: I am only making it for myself. First of all, we have had no testimony in the last four years that have recommended the fine granular patient centered. So we could not possibly send that forward as a recommendation, because we have had no testimony that supports it. I certainly wouldn't support that.
DR. CARR: We have testimony specifically against it.
DR. FRANCIS: Against it. We have actually lots of recommendations against it.
The second is that we were trying to be very careful, and quite clearly it hasn't worked, to distinguish treatment as Walter pointed out -- to distinguish disclosure from treatment. What Larry was talking about was about treatment, patient centered care. What we were talking about, or thought we were trying to talk about in the letter, was about disclosures.
So here is what I am going to offer as something I would take on myself to try to draft. There are some disclosures where the law is in place, where it would be enormously helpful for people to have a software methodology that could meet those legal requirements.
The examples I have in mind are the GINA definition, which is there, and the second example I have in mind is SAMHSA, which is also there. I am going to say, I don't think we can get a sensitive information letter. I think there is something that is a trigger that is sensitive information.
I wonder, and I am going to try this out, could we get a letter in which we recommended to ONC that they pilot test and support the technology to develop methodologies to meet the GINA definition and the SAMHSA definition, and say nothing more about anything else.
DR. TANG: A lot of times when you get into tough situations and one thing complicates another, it is a good time to go back into what is the problem that we are trying to solve.
In my mind, in 1996 when we passed HIPAA, what didn't arise in the three-year window they gave themselves in Congress was national a comprehensive privacy law that says whoever touches it has the responsibility and accountability for what they do with it.
We have been working for over a decade to try to make up for that lack. What we have said was, it is too hard to pass that kind of law. First of all, it may not be as hard in 2010 as it was in 1996. Second, is this really easier to try to cope with what we don't have? What we are trying to do is chase after the folks who misuse in harmful ways, when we should just hold them accountable and not have to do so much chasing, and fix the underlying problem.
I would like to raise that again in 2010, what we couldn't do in 1996, but now may be easier and the better of two evils and possibly the lesser of two evils in terms of effort.
DR. CARR: Can you say a little bit more about what is different than if we say you are fully accountable?
DR. TANG: The whole notion of covered entities and only covered entities have certain accountabilities and responsibilities excludes a big chunk of organizations and individuals from accountability, and they are free to use information in ways that society does not condone, e.g., discrimination, and that causes other harms to individuals. If we could make all people who are guilty of those kinds of violations of individual rights that society determines are harmful, then we will be trying to prosecute the harm instead of preventing -- inadvertently preventing a lot of what we are even chasing after.
So we have said that the primary objective is to get information to where it needs to go for the benefit of the patient. Most of the effort and burden of making sure it doesn't do the opposite falls upon the people trying to help the patient. That is what I mean by spending all our time coping with the problem of the burden we have added to this. This is a high cost venture for society. We are making it higher cost and higher effort in order to take care of the patient.
That just seems like underlining the wrong thing to do. We should be penalizing and holding people accountable. We should just go after the people who are misusing the data.
DR. FRANCIS: Of course, non-discrimination law exists. But we have some statutes that attempt to be further up front about what kinds of disclosures can be requested.
That is what GINA does. GINA says that employers and various types of insurers cannot request certain kinds of data. It was a deliberate choice by Congress two years ago as a kind of prophylactic, so that we prevent the request for the data ex ante.
I just want to say that once again, the only question that I was trying to put on the table, and it may be that there isn't enough consensus to get this question on the table, but whether there should be a recommendation that we ask ONC to pilot test technologies that would allow that GINA condition to be met on disclosure, nothing about treatment.
DR. CARR: Let me just give a little orientation check here of what we want to accomplish in the next 15 minutes. I think there is tremendous knowledge in this group about what is difficult about protecting privacy.
I think that our conversations along the way and including today have taken us to some insights that are not really out there and have in a way brought us full circle from where we began. I think we have heard very clearly from ONC that with the many parallel tools coming along, we don't want to be asynchronous. I think we have heard that there is a sense that there are laws and we need to address that.
I would like to ask that the comments in the next 15 minutes be contributions to the Privacy Committee to take back and think about what valuable insights can we put forth from NCVHS that represent a recognition, not the solution, but here are the considerations that have to be taken. So we will do as we did before.
MS. MILAM: Listening, Paul, to your questions, I think I heard you asking a different question than the kind of question Leslie was asking. So I think it would be helpful if we focus on exactly what is the question we need to answer to see what the letter should look like.
DR. SUAREZ: I absolutely agree with Sallie. I think we are continuing to change the way we have been thinking about this letter more and more. Now we are even beginning to depart from the content of the hearing itself, which is the basis for the findings and the recommendations.
We heard the specific ideas and suggestions and comments and reactions about specific categories of health information. The purpose for which the hearing was set, consistent with the request from ONC, to work on defining the official sensitive categories of information.
Larry, to your point, it is not like there is sensitive and non-sensitive. There is sensitive and more sensitive. More sensitive requires a special treatment due to regulations and other reasons. Nonetheless, I think it is going to be helpful to decide as a committee whether we continue the path of helping define categories of more sensitive health information or we step back from it and start talking about pilot studies and harder investigations on certain kinds of data, regulated data, for the most part. I think we are now even departing more and more from the original purpose of this letter.
DR. CARR: When we had the meaningful measurement hearing last year in October, we heard fantastic scenarios for great things to do to measure quality, and not one of them overlapped with the other. We came away from it not saying a word about what we heard, but we talked about what we didn't hear. We said we don't have a national data strategy and we need building blocks to build measures.
I bring that up as an example to say, we invited four groups and said do you have sensitive information. They said yes, but we could have invited 100 groups. We could have invited urologists and gastroenterologists, and they would have said --
DR. FRANCIS: We did that in an earlier hearing.
DR. SUAREZ: We have a body of evidence of at least those four.
DR. CARR: Right, but the list is infinite.
DR. SUAREZ: In future letters we could invite four new groups of categories of people to further this goal. We can go down the path.
DR. CARR: Right, but I'm just saying, we can say the dog that didn't bark, as they had in Sherlock Holmes, is an okay thing to comment on.
DR. BERNSTEIN: I am somewhat frustrated by this, partly because of the amount of work that has gone into it, but a lot of the conversation around the table is asking for things that have already been done by this committee and that are in previous letters.
For example, the idea that what is sensitive to one patient is not sensitive to another patient is discussed in a previous letter on which this is jumping off, or in some detail the fact that not every patient is going to have the same sensitivity. It is not that we didn't recognize it, but we didn't feel the need to -- they didn't feel a need to again put it in this letter.
What happens if data for treatment which we talked about previously, is not shown to a physician, how does the physician know about that? There is an extensive discussion about whether you flag that information to the physician, how much detail you put in the flag and so forth. Role-based access, contextual access controls.
I think having categories of information is -- Leslie has been talking about the GINA law as one example, but there are numbers of examples of this. Psychotherapy notes, is an example of a special category. Substance use records are a special category. The GINA disclosures. The new HITECH requirement that you can pay cash to your physician and have them hide the information from the plan is kind of a special category of sensitive information, but it is whatever that patient decided was sensitive.
We have had a discussion about the fact that -- okay, it is in the law, but before that we said this is very difficult to do. We don't want to have -- and we had an extensive discussion of granularity versus uniformity. When you have granularity, you have more choices available to patients, but it also costs more, it is more complex and more difficult to implement.
Then we had a discussion that said, if you have more uniformity on the other hand, so that everybody is on the same level, you reduce patient choices. Yes, it is easier to implement and cheaper, but we are not getting to the right place.
So the subcommittee has been trying to find a middle ground to identify things that will cover most people most of the time, and that will be used not only for treatment -- we talked about that in a previous letter -- but for other things, disclosures to employers, disclosures to outside auditors that we heard something about yesterday for health care operations by the provider.
We are already required to come up with some kinds of categories, so somebody is going to have to develop the technology for doing this, unless you expect for the rest of all time to be printing it out and hand redacting stuff every time you make a disclosure. I don't think that is the world we want to be in.
So I think what we are trying to do is say, we are going to have to develop this technology anyway, can we give patients some more controls at the same time we are developing this technology anyway, that might be useful for a variety of things. One of them is patient control, one of them is for other kinds of disclosures.
One other thing I want to say is in response to what Paul said about holding people accountable, the bad actors accountable. I don't think anybody is going to disagree with holding the bad actors accountable. The problem in the privacy context is, that happens after the fact. If somebody discloses information and you punish them after the fact, for the patient the information is out there and the damage has been done, and it is a toothpaste tube problem. You can't get that information back once it is out there, and it is very, very difficult to repair the damage to reputation and so forth that happens when information gets out there.
So yes, that is the reason why we have the HIPAA rule, so that we are controlling the good actors. But that is generally what you do and we try to prevent bad things from happening because we recognize that in the case of information disclosure you can't fix the problem after the fact.
MS. GREENBERG: Thank you. I think Maya's summary there was very good.
I agree with everybody, let me start that way. I am the Executive Secretary and I agree with all of you. You know that I love this committee, all 60 years of it. This is one of the reasons why. There could be a reason why you might say you hate the committee, because it is painful. But because everyone is being thoughtful, they are bringing their experience and their knowledge to bear, and as Justine said, that is a real strength of the committee.
I am uncomfortable completely walking away from this, but the decision is the committee's. But I thought I should share with you why I am uncomfortable with that. I think Walter mentioned some reasons why that might not be a good thing to do, or might not be the most responsible thing to do, though it certainly would be the easiest thing to do, that is for sure.
I think although Leslie would like to salvage something, and I appreciate that, but I think it may be too minimalist, although it could be part of what is salvaged.
We clearly have very different views on even what this letter is about, what it should be about, whether it should be, et cetera. But there is so much content that has been thought about. Although we did pull together the past letters and put them into that publication, they just included information on sensitive information, so it was lost in that. But now this is an attempt although in shorthand to bring out everything the committee has said to date about -- and heard to date about sensitive information.
So I am wondering, and it probably can't be done by tomorrow, but if one approach would be to develop a white paper for the next meeting that lays out the past recommendations in hearings, notes all of the difficulties and challenges associated with this, and does try to specify as this letter does what the best thinking seems to be on the most sensitive information, recognizing that sensitive is in the eyes of the beholder.
I mentioned to Sallie that in our population surveys at NCHS, people will tell you anything about their sexual preferences, but don't ask them their income. They won't tell you their income. We are not even talking about income now, but that just shows you, it is not necessarily intuitive. But there are reasons for that.
I think there is more agreement on a lot of this letter than we are giving it credit, and to put it aside would be unfortunate. For example, and I don't know, maybe there is not 100 percent agreement on this, but as opposed to looking at the things that this letter says should be included under the definition or considered under the definition for sensitive information, what about the things that the letter says shouldn't be, or that the committee doesn't think should be.
I have always heard that once you know a person takes a medication, you know they have a condition, so right away that is sensitive information, although the risk of not knowing what medication the person is taking and then prescribing medications or other things is so high, that this letter actually says allergies and past histories of medication reactions, current medications, are not included in the definition. I think if there is consensus on that, that is a very -- that is not something that is out there as a position. I think that is a very thoughtful and responsible position personally.
So I guess my feeling is that the only recommendations that would come out in this white paper or this other next version that I am talking about are for possibly further study in certain areas, possibly additional hearings which the committee might carry out, certainly demonstration projects, plus the body of knowledge and where there is consensus that is reflected in here and in the previous letters or reports would be there for people to say, the National Committee has identified these areas where there is agreement, not in the form of recommendations, but in the form of definitions, et cetera.
I still come back to the fact that there are -- somebody is going to do this. There is legislation that says we need policies for doing something with sensitive information. Somebody has got to decide what that is. It could just be as everyone defines it, but that is irresponsible in a way. That is what I think this letter is saying, letting people say medications. That is fine. If you don't want to tell people what medications you are on and they are treating you, maybe they can say I can't treat you. There are costs to certain types of behaviors.
So it seems to me that as I said, maybe really limited on the recommendations, but really strong on the findings and observations in more of a white paper type of format could contribute, and might be a possible approach.
DR. GREEN: I like Marjorie's suggestion about not losing the richness of the observations and the findings about the complexity of this in some sort of format, whatever is suitable.
I also want to go back and support what I heard Leslie saying just a few minutes ago. Leslie, fix this if I am distorting what you said, but bear with me. On page four of the letter I think you have created a splendid timely definition of a problem that needs urgent attention with the phrase, the lack of sequestration capacity.
I have a logic model from NCVHS that goes like this. The National Information Network is a stunning, stunning opportunity to use health information to improve population health and individual health. We have been figuring out how to get this done now for a decade plus, we have been working on this.
Along the way, we realized that for the national health information highway to function, for us to get to the value we seek, the American people are going to have to trust this sucker. They are going to have to believe that it has their interests at heart and it protects their interests.
A particularly troublesome spot is when an individual person within this country thinks there is something in their health record that is sensitive to them and threatens their well-being in some way or another, and they wish to have a mechanism whereby they can protect themselves from harm, some way or another.
So we then made a decision along the way where we said we don't think it is possible to do that data item by data item, but we might be able to figure out a way to do that if we created segments of information, some of which were more sensitive than others.
So that is my recounting of the history that I know. This letter makes a very strong point that the lack of sequestration capacity threatens the trust of the American people, and is achieving what we are trying to achieve out of these huge investments at the ONC and elsewhere.
I heard you say you wanted to get out of this something for the ONC. That defined the audience for me. An immediate audience for the recommendation would be the ONC. An immediate problem to address would be the lack of a sequestration capacity. The recommendation could be to conduct pilots immediately about strategies that would allow us to sequester some information. By the way, we have got a list of possibilities that you might want to use for your pilots.
DR. FRANCIS: That is exactly what we were hoping to do with this letter.
DR. GREEN: That could be done in about two paragraphs.
DR. FRANCIS: Well, we have to have the list of the categories.
DR. GREEN: But if you also have this background paper about those categories, you could say we are happy to refer you to such-and-such a place about the possibilities.
I think the letter goes beyond our abilities to make hard recommendations about what to include and what not to include. But I believe it makes a strong case that there is an urgent need for pilot testing of sequestration capacities.
DR. CARR: The Chair would like to be able to recognize the next speaker. Leslie.
DR. FRANCIS: What I would like to try to understand, because it is possible that I will end up doing some of the working out of this, I don't want to spend a lot of time trying to write something that nobody is going to be at all happy with. So let me just try to test out some understandings.
DR. CARR: If you could, I would like to annote what you are saying. What I want to hear is if there are people in the room who are not in support of that, I don't want to spend a lot of time developing something that they are not in support.
So my thought was to pause after Larry's thing and say to Marc or Paul or what Larry described and what your concerns were, are we on the same page or not.
DR. FRANCIS: So that was pilot testing, that we need sequestration capacity and that is pilot testing and technology development, right?
DR. CARR: It was the statement that the lack of this is an issue. An add-on is, maybe we need some pilot testing. I am just breaking it down. Because we heard the objection from Marc on this earlier, I would like Marc to comment on it.
DR. OVERHAGE: I apologize for having to step out and not hearing all of Larry's well developed and thoughtful comments. I think that captures some of the key issues. I think it is a good way to try to identify how we can move forward.
DR. CARR: That's great. Paul, do you have any concerns about making that statement?
DR. TANG: I guess I would have to add that the context be part of all of the pilot.
DR. FRANCIS: We could say pilot testing in different contexts.
DR. CARR: I just want to know, are we on the same page. We have a proposal. We have a sense we want to add context, we want to talk about pilots. Is there anything else that should or shouldn't be there?
DR. SUAREZ: Does the proposal only do that?
DR. CARR: We will get there.
DR. SUAREZ: One thing, we defined sequestration to be the technical part. We defined segmentation to be the way in which the information will be classified. So testing sequestration techniques or technology without an understanding of what is the policy definition of the data that is to be sequestered is going to be challenging, I suppose.
So my addition to your suggestion, Larry, is to also include that definition of what is it that needs to be tested in terms of sequestration, with respect to the categories and the definitions of them. Without that, we are testing sequestration of data that --
DR. CARR: There are a couple of other proposals out there. Marjorie thought there would be value in saying, as you approach these sensitive things, here is something we believe should not be sequestered. Is that something that ought to be in the letter? Any objection or for or against consideration? Just let me wrap up around the table. Is that something we should consider?
MS. GREENBERG: The things that you have already said in the letter.
DR. FRANCIS: That is what I was going to ask actually. If what we are going to try to do is say some things about categories, we I think need to know from everybody around the table whether there are any of these categories that should be dropped completely, whether there are any categories that should be added, and whether there is anything that was said about one of the others, this was what I was trying to follow up on there, that should be dropped completely or anything that should be added.
MS. MILAM: Thinking about the tension between the status quo, where we have defined categories in law, where from the testimony we heard they don't always match, I am hearing from a lot of the physicians around the table, they don't need the contextual needs, and they may not be relevant today.
I wonder if as part of these pilots we could revisit -- this gets back to what Paul said -- the old HIPAA preemption issue. When HIPAA was passed, we ended up with preemptions. So we have different rules in different places that sometimes get in the way of health information exchange, and put in place the difficult implementation specifications, constructs, barriers, and may not be relevant today.
So I am wondering if part of the demo could include a comparison of these categories versus the ability to have everybody have the same rules, but allow the patient to identify information sensitive to them based on the context.
MR. LAND: I look at some of these categories from a public health perspective. Some of these are already required under statutory. For example, on the birth certificate, we have assisted reproduction on the birth certificate. We have past pregnancy history on the birth certificate. Then you have all your other public health laws in terms of genetic testing and newborn screening and so forth.
So I get concerned here; we say these are sensitive, but we already have agreed in a public arena that they are to be collected for certain purposes, that we have a mixed message here.
DR. BERNSTEIN: There is nothing in there that says they shouldn't be collected.
MR. LAND: Well, I have the same argument that Marc has. If we are taking the first step, then what is the second step? What is the implication here?
DR. BERNSTEIN: I just want to ask a question about that. If assisted reproductive technology for instance is in the birth records, that is not something that is automatically disclosed though in vital records for many states, is that correct?
MR. LAND: It is being disclosed outside of the medical records to another entity in the public health department.
DR. BERNSTEIN: But it is not a vital record you get in the newspaper when your birth is --
MR. LAND: No, none of this is being disclosed anyway.
DR. BERNSTEIN: I just want to ask one question about the conversation. I want to understand how the proposal that is on the table differs from what is in the conclusion to this letter written now.
DR. CARR: Were you here for the before lunch discussions?
DR. BERNSTEIN: Yes, I was. But this says that we recommend HHS undertake further refinement of the categories, studies of their technical implementation, pilot testing, and provider and patient education. That is what the conclusion of this letter is. It sounds like what we are proposing.
DR. CARR: We said we want the conclusion to be the opening paragraph.
DR. BERNSTEIN: Yes, I understand that. But we are talking about changing what this letter is when it seems like the letter is doing what you are asking to change to. I am missing something.
DR. CARR: I am trying to get on the table what are the areas of consensus. You will then have building blocks to take back to work with and see what we can come up with.
DR. TANG: I am going to refer back to Marjorie's comment and particularly Justine's about how can be of use to the community, including ONC, and build on what Sallie said and what Larry said.
Larry pretty much said what is not helpful and possibly in his mind is not correct about what we did, which was attempt to define sensitive categories, period. So what I think we might offer in contribution, which is following Leslie's lead, is, that is probably a major statement. If we understood what makes categories inadequate or insufficient in helping people protect their information, and what would make it sufficient, and Sallie mentioned context, I think that is a new contribution that hasn't been in the popular discussion about this topic.
So in Marjorie's white paper idea, I think that is the concept that we are putting forward, and would need to test, rather than test something that some of us think may be an old and unwise way of approaching the problem.
So I guess I am hearing a little bit of a -- I hear the pilot testing and developing more understanding about, but I'm not sure I hear the right thing that we want. I know that is what you are trying to get out.
DR. CARR: We are at 2:15. We have work to do in the Standards Subcommittee, Populations. Is there a cadre of people who are not in Standards and Population who are available, who could meet with Leslie to begin to work on something for discussion at the privacy meeting at 5 o'clock? Is that the next step?
DR. FRANCIS: I need more guidance, I think. Here are the three questions that I don't have a feel for at all. One question is whether there should be a strategy of defining categories. A second question is whether these are ball park the right categories. A third question is whether there are some aspects of these categories that are just way wrong-headed as they currently sit.
It seems to me that unless there is clear full committee consensus, we don't know where to go on that.
DR. CARR: Let's do a straw man now. Your first question is?
DR. FRANCIS: Should we continue to try to come up with tentative definitions? All we are doing here is suggesting pilot testing of some definitions, and technological feasibility of categories, should we keep with a categorization strategy.
DR. CARR: So we are going to make an attempt to say these are the categories and these are the considerations?
DR. FRANCIS: No, should we continue with a concept of categorization, where what we are doing -- whatever it is we are doing with it, whether it is about disclosures, meeting legal requirements, whether it is about thinking about this as tentative and pilot testing, or should we abandon any thoughts of categorization?
DR. FRANCIS: Is there anyone in favor of abandoning any thought of categorization? Is there anyone who thinks we should abandon a strategy of defining at least some categories? Not an exclusive list, but a list of at least some.
If Paul thinks we shouldn't, we are not going to have a consensus letter, so that faces us with the question of where to go.
DR. CARR: What were questions two and three?
DR. FRANCIS: Question two is --
MS. GREENBERG: Did Paul say he was against it?
DR. CARR: Yes.
DR. FRANCIS: -- are there any categories here that you would have us take off the list, and are there any categories that aren't on the list that you would have us include?
DR. GREEN: Yes.
DR. FRANCIS: Okay, which ones?
DR. GREEN: Most of them I would take off as categories. Sexual history, social history, those as big categories, I would take them off the list as saying you should necessarily pilot test that. So categorization, I have heard no one propose a better idea for how to get to prudent sequestration other than to do categorization.
This list, it is my opinion that this list is not achievable regardless of how well ONC and the vendors might do in creating the capacity to do it. That is why I would take some of them off.
DR. FRANCIS: So suppose we started with a list of four. We took those two off the list. We took the sexual history and the social history off the list, and we started with genetic information where there is GINA, substance abuse where there is SAMHSA, because those are two places where there is clear law, the mental health where there is law in many states, and the psychotherapy notes, and the STDs --
DR. SUAREZ: STDS is sexually --
DR. FRANCIS: Yes, that is sexually transmitted diseases, that is not sexual history, that is not reproductive history.
DR. CARR: There is law on genetics, on SAMHSA and in most states on mental health.
DR. FRANCIS: On mental health, and there is also law in most states on STDs.
MS. GREENBERG: What has the committee contributed if you are only citing the law?
DR. SUAREZ: Larry, I don't know if what you meant was the entire categories or the way currently the category is practiced. Clearly sexual quality and reproductive health information is an extensive category. There are laws that affect that data. But maybe the way we are defining it in the letter is bothering you.
DR. GREEN: Genetic information is inherent in any family history. Mental health information is part of virtually every visit that any human being makes to a doctor.
DR. SUAREZ: You are close to voting against categories, Larry.
DR. FRANCIS: Yes, why are you objecting in the first place?
DR. GREEN: Just find one that is narrow enough for pilot testing. I believe what we are really after is the technical capacity to sequester, and that our means to get there requires some segmentation of the database that can be sequestered.
So for pilot testing, I don't feel like we have to solve the problem of all the information that we might want to segment, but we do have to find one or two or three types of examples.
DR. FRANCIS: So let's pick. What would be the types of examples that we should pick?
DR. GREEN: I like the idea of dealing with something that is already the law.
DR. FRANCIS: So GINA, the GINA definition.
DR. GREEN: It seems to me from a policy perspective, that makes eminent sense. That is something that we are being told we have to do.
DR. FRANCIS: So we will do the GINA one.
DR. CARR: So we have that. Paul, if we say we need to learn more and we are going to use these two examples to help us learn more, substance abuse and genetic, which are already law?
DR. TANG: That's fine. When I say no categories, it is other than prescribed by law.
DR. CARR: Okay, good.
DR. FRANCIS: Should we try the STD and the mental health ones too? I want to know. Should we just stick with GINA and SAMHSA?
DR. CARR: I think so, because they are very clean. You have a third point.
DR. FRANCIS: Okay, we will do GINA and SAMHSA.
DR. CARR: Your third point was -- ?
DR. FRANCIS: The GINA definition includes family history information. That is a hard one. So it would be a good one to test. SAMHSA includes not only the current treatment in substance abuse, we tracked the exact federal language in SAMHSA part two, the part two regulations. Okay, we will do that.
DR. GREEN: I want to resurface Marjorie's suggestion, because I believe that this Privacy Committee work is quite substantial. I think it is better than just about anything else that I am aware of. I would not like to see us lose that. Marjorie's suggestion about possibly creating a manuscript of some sort that becomes an NCVHS document of our testimony, our hearings and our findings and that sort of thing, I still think that is a good thing to have.
DR. CARR: I agree with that. Marjorie also had the suggestion, would it be out of context to say we don't believe you should sequester meds from med lists?
DR. FRANCIS: That is all off the list, because those were all in different -- we were trying to be, we thought, leaders there, because we were trying to balance the patient care questions. That is why that was in there.
DR. SUAREZ: Morphine and methadone.
DR. FRANCIS: Right, but that is why that was -- so that capacity will be developed in a way that meets SAMHSA, not in a different way, given the guidance that we currently have. That is going to produce something -- I don't know whether I can write or try to even draft a summary.
DR. CARR: I think we have a plan. I think we heard about the SAMHSA and the genetic and what we put forward. Then I think the plan about a white paper to pull together in a more opportunity to reflect. So the closing word, Marjorie.
MS. GREENBERG: Let me just say, if you want to stay with this multi-pronged approach and do some type of white paper that I described the expectation would not be that Leslie has to write this white paper. I would think that Leslie could oversee a contractor or a consultant, a writer, who would take the materials and --
DR. FRANCIS: That would be very nice. Can you hire us one, please?
MS. GREENBERG: Yes. No, I don't want to leave that on the table that we are then expecting Leslie to do that.
DR. CARR: Very good point.
DR. TANG: Larry, you have to join the Privacy discussion this afternoon.
DR. GREEN: I am going to Populations.
(Remarks off the record regarding dinner arrangements.)
DR. CARR: Now we need to adjourn. Bill, do you want to announce that you were here, just for the record?
DR. SCANLON: Bill Scanlon, National Policy Forum, member of the committee, no conflicts.
MS. GREENBERG: Jim and I probably should also, since we both got here after the -- Marjorie Greenberg, National Center for Health Statistics, Executive Secretary to the committee.
MR. J. SCANLON: Jim Scanlon, Deputy Assistant Secretary for Planning and Evaluation, staff director for the committee.
DR. CARR: So this full committee is adjourned.
(Whereupon, the meeting was adjourned.)