[This Transcipt is Unedited]
Embassy Suites Crystal City Hotel
1300 Jefferson Davis Highway
Arlington, VA 22202
P R O C E E D I N G S
Agenda Item: Opening and Welcome
DR. CARR: Welcome to the meeting of the National Committee on Vital and Health Statistics. I'll encourage everyone to take his or her seat and discontinue sidebar conversations.
I'm Justine Carr, Caritas Christi Healthcare, chair of the Full Committee, no conflicts.
DR. SUAREZ: Good morning, I'm Walter Suarez, Kaiser Permanente, no conflicts.
DR. WARREN: Judy Warren, University of Kansas School of Nursing, member of the committee, no conflicts.
DR. STEINWACHS: Don Steinwachs, Johns Hopkins University, member of the committee, no conflicts.
DR. GREEN: Larry Green, University of Colorado, member of the committee, no conflicts.
MS. MILAM: Sallie Milam, West Virginia Health Care Authority, member of the committee, no conflicts.
MS. DOO: Lorraine Doo with the Office of E-Health Standards and Services at CMS.
MS. TRUDEL: Karen Trudel, CMS, liaison to the Full Committee.
DR. W. SCANLON: Bill Scanlon, National Policy Forum, member of the committee, no conflicts.
DR. FITZMAURICE: Michael Fitzmaurice, Agency for Healthcare Research and Quality, liaison to the committee.
MR. HOUSTON: John Houston, University of Pittsburgh School of Medicine, conflicts.
DR. TANG: Paul Tang, Palo Alto Medical Foundation, member of the committee, no conflicts.
(Introduction around the room)
Agenda Item: National Health Plan Identifier, ACTION
DR. CARR: Thank you. All right, today the first order of business is National Health Plan Identifier Action. Judy?
DR. WARREN: So what we did yesterday in our subcommittee meeting is we went through both letters and taking into consideration the comments that we heard in the full committee meeting, and then tried to get some clarity among the members. And actually we had a very good discussion where we kind of went back to first principles, pulled apart some of the basic issues, especially with the health plan ID, and looked at it from a variety of perspectives, and that helped us get some clarity. We also had Tammy from AMA, and we asked her to help give us some information, and she was very helpful in bringing some of that together and showing us some of the complexity that we were dealing with.
What we will do is try to get printed letters out for everybody. We have them. As soon as the slides come up I'll show you the high points that we changed, and then just scroll through the letters and show you where we made changes from what you currently have in your book.
This is not opening at all.
DR. CARR: Judy, in the interest of time do you want to just talk us through it?
DR. WARREN: Yes, so if you will just bring up the Operating Rule Letter first?
DR. CARR: You can still use your slides to give us the high points.
MS. DOO: Do you want the Operating Rule Letter or the Health Plan ID?
DR. CARR: The Health Plan ID is what is on the agenda.
DR. WARREN: So Lorraine, help me out here because there is a change there at the beginning that wasn't there in the letter that I had last night.
DR. SUAREZ: That is just what looks like a typo and or a quotation or a citation. That first paragraph say, in parentheses, (improve the efficiency).
DR. WARREN: That was a direct quote with the three ellipsis coming in.
DR. SUAZREZ: It should be –
DR. WARREN: We can remove that.
Scroll on down, the changes are made in red text. I chose not to do the strike through's so that people could read what we have done.
DR. CARR: Judy, I am wondering if you want to take us through what are the recommendations coming out and then bring us back to the specific language. Will that work?
DR. WARREN: I'm sure it would work if I could figure out how to do that with not having the slides. Let's just walk through the letter. I think we'll be fine.
We were asked to put in there some sentence about that what we were showing were examples that really were apples and oranges. There was no clear taxonomy or anything in there. And actually that's part of the problem. So we inserted this sentence: "The above listing is provided for illustrative purposes and does not constitute a recommended taxonomy that would assist in understanding what is to be enumerated. There is no gold standard definition for a health plan that can guide an enumeration process and who or what needs to be enumerated."
DR. CARR: I just need to do a check. I think what we want to do is to articulate where we are with our recommendations, what we're recommending, and then to go through the letter. I think to get to the corrections, it's hard to follow the thought process without having the big picture. And so it sounds like those PowerPoint slides are what you use. Is it something that you have a copy of yourself that you could speak from?
MS. DOO: Walter has it and I'll try and open it again while he's speaking.
DR. CARR: Leslie, do you want to introduce yourself?
DR. FRANCIS: I'm Leslie Francis, University of Utah, Law and Philosophy, and I have no conflicts and I am a member of the committee.
DR. WARREN: So, health plan identifier issues, there's no consensus on the details of the entities, organizations, and/or products to be enumerated. That's been a problem. So, over the last ten years industry has evolved and created more products and intermediaries, which has really created some problems in figuring out what needs to be enumerated. So, we recommend that CMS consider entities that are not covered entities that are not subject to its authority as being eligible to obtain health plan IDs. That will handle some of the problems that are coming out.
Next slide. AEF and AMA recently submitted information that demonstrates a potential consensus, and some of these should be pursued. And by recent I mean within the last week, day, this week. Enhancements to --
DR. CARR: Just to clarify, submitted information that demonstrates potential for consensus; consensus about what?
DR. WARREN: Of what a health plan ID should represent.
We're looking to enhancements to Phase II operating rules should help address some of the plan ID issues. And by that what we're talking about is within the standard there are several different places one could put a health plan ID. So what we're beginning to get some understanding is there may be more than one health plan ID that needs to be in a transaction.
Now, I'm using health plan ID at the very global level, because we're still trying to hone in into exactly what it is that needs to be enumerated. There are places within the standard for several different IDs. However, there's no agreement as to what should fit into each of those slots. And so the operating rules would be a good place to clarify that, and then feed that information back to X12 so that they can renew their standard and help us clarify that as one of the processes that occurs.
We recommend that CMS identify and incorporate other provisions of the ACA as appropriate. And so that was one of the things that Jim Scanlon was telling us is that we've been given an assignment of certain sections within ACA. There are other sections that the Department of Health is having to address. And as they're addressing them, they're beginning to find out that they also have need for a health plan ID. And they're looking to us to develop that, but there may be uses that we're unaware of that they're going to have that.
So Jim asked that we consider this and incorporate it. And that was a lot of the concerns that Bill was having, because he's been looking at other parts of ACA.
Okay, the next slide. So we got some help from our friends over the Internet last night about the use of the BIN number and the routing information that needs to go for the NCPDP standard. So the health plan ID should not be used for routing in pharmacy transactions, the existing bin number and PCN must continue to be used for the routing. There is a specific situation in coordination of benefits where the health plan ID is used. There's a place in the NCPDP transactions for this coordination of benefit activity, and it's not for routing. So they will use the health plan ID, but not in terms of routing the transaction.
Similarly, the X12 835 transaction is used to pay pharmacy claims, and the health plan ID will need to be used by pharmacy industry in this transaction. So this is where you start getting the overlap between the retail pharmacy and the non-retail pharmacy transactions.
So those incorporate our major changes in health plan ID. Any questions?
DR. CARR: I know I'm going to be -- I'm nothing if not consistent. But a schematic that shows here's the way the information flows, here's what's broken, here's what the fixes are, and here are the consequences, I think would help us all to understand it. Some of this terminology is a little bit new to us. I mean, is that possible in the next -- can somebody sketch that out?
DR. SUAREZ: I mean, I think the question is in the letter what is it that we needed to recommend. We have 15 recommendations; we talked about them yesterday. There was only one area where there were issues, which was the level of granularity of the identification of the health plans. That was only the issue with the plan ID letter. All the other recommendations we talked about including things like the actually number should be a 10-digit with the last digit being a check digit, and things like that.
We talked about them yesterday. The group felt comfortable with them. The only issue, of course, was this issue of how do we identify health plan. In the letter we recommend two things. One, that every health plan at the legal entity level be enumerated. And then, secondly, that beyond that we don't recommend a specific taxonomy for enumerating components of the health plan, like health plan product. We didn't feel that we had a good sense out of the hearing of which way to go with respect to that. There was a wide variety of perspectives on that. So our second recommendation with respect to that is that CMS would work with the industry through groups that are already moving along to determine which level of plan -- below the plan -- which level of taxonomy to use to enumerate components, or plan products as we call them. That's the second recommendation.
And then we have a third recommendation about the fact that there are entities that are not health plans that need to be identified in the transaction, and that in order to get a number to be identified in the transaction, they need to become eligible to obtain a number. So we make a recommendation in the letter that CMS expand the eligibility of who can apply for a number to include those entities. And those entities are intermediaries that are, you know, that exist in the industry that we talked about yesterday, like repricers and others, who without having any definition of who is eligible to obtain a number, would not be able to be enumerated and would not be able to be identified in the transaction. So those are the three recommendations we make.
The issue that was brought about was the second recommendation of the granularity of the plan product enumeration. And that's what we were trying to address.
DR. W. SCANLON: I think Justine's point about a schematic, one of the issues that it took a while to kind of come to these recommendations is it was hard to visualize how these people would fit together. And given that we're going to have a discussion this afternoon about how do we influence our products, and how do we adjust our products to have them have more impact. I think that there is a potential role to try and be more explanatory to an audience that's not as steeped as we are. So the people that are intelligent can read this and say, I get this.
We can't do that this morning in terms of this letter. There's a question of whether we can focus on the recommendations, which I think are the right ones. We've worked hard to get to these points. And then do a preamble that kind of sets this out in some respects. It may be a verbal schematic, but it's a clear one. And that would be for the executive committee to approve that going forward, because I think it really will add to the power of the letter if we can make clear how these pieces fit together. And it wasn't always clear; it took us a while to get here.
MS. DOO: I concur with that. Partly what I was going to say is we certainly made some effort through the environmental scan, and it's still a very complicated topic. And it's really the standards experts that know it the best. What Judy was referring to, we got a very good letter from AHIP and a very good letter from AMA and a very good response from X12, which we've put into a chart for ourselves to help us so that when it says financial responsibility, here's what the numbers could be. Here's how they are presented in the standard, and here's the recommendation to reconcile it. We can share that with you, which may help a little bit. But I still think that it's appropriate from the standpoint of NCVHS giving us input to focus on the recommendations because it's such a cumbersome process.
DR. CARR: Right. And so I agree that we should, I think with this framing let's look at the letter in terms of the recommendations and get consensus on that. And, I agree, I think a little more work for the background material for the final letter might be done and then approved by the executive.
DR. WARREN: The other thing is, in various testimonies, various people did submit graphics of how they saw this happening. And all of that testimony is on the web. Do you want those graphics extracted?
DR. CARR: If I were the Secretary, I would want to be able to understand the letter as it -- in my hand. I would probably not go to the web to look at those other things. So I think to the extent that it's one-stop shopping, I see it, I get it, I move forward with it. Let's take that offline.
DR. WARREN: Okay. So scroll on down to where the recommendations are. So, in 1.1 we have not made any changes other than to add the word "such" for such enumeration.
DR. CARR: Okay. So let's just read it. Clarify the definition of health plan as specified in the HIPAA legislation for purposes of the health plan ID eligibility and enumeration, including that property and casualty insurers and workers comp plans are eligible for such enumeration.
DR. FRANCIS: Did you mean legislation or regulation?
DR. WARREN: Well, we're not into legislation, we're into the --
DR. FRANCIS: What's the right term?
PARTICIPANT: Legislation. It was defined in the legislation.
DR. FRANCIS: It was defined in the legislation? Okay.
DR. SUAREZ: The HIPAA law.
DR. CARR: Okay. So the first recommendation is to clarify the definition.
DR. FRANCIS: The reason I asked is that the citation is to the regulation.
DR. SUAREZ: So the first recommendation is really to clarify the definition to include this other group.
DR. CARR: Great. Okay, Judy, do you want to read the second recommendation?
DR. WARREN: Work with the industry to reach consensus on names and definitions for intermediary entities. Consider making these intermediary entities eligible to obtain a health plan ID where there is a clear use case for them to be enumerated.
DR. SUAREZ: So, here is the point that I was making that there are some entities that need to be enumerated that are not currently health plans as we know them. And in order for them to get a number they need to be made eligible to obtain that number.
DR. SCANLON: It's this question of elsewhere we talk about stakeholders, and I think it would be probably best for a broader audience to universally use stakeholders instead of industry, because that allows the flexibility in terms of who it is we're asking them to consult with.
DR. CARR: Okay. So the recommendation is to change the word from industry to stakeholders. Is that acceptable?
DR. WARREN: I thought we had put stakeholders through.
DR. SCANLON: But right here it says industry.
DR. WARREN: I need to see the picture to see --
DR. HORNBROOK: Just a question, since I haven't seen the whole thing, is the word intermediary defined somewhere?
DR. SUAREZ: Yes, we describe it in the first page of the letter and give examples.
DR. CARR: Is there someone who has the letter who could read the next recommendation?
DR. WARREN: 1.2 was work with -- and I didn't catch industry there; it should be stakeholders -- to reach consensus on names and definitions for intermediary entities. Consider making these intermediary entities eligible to obtain a health plan ID where there is a clear use case to be enumerated. 1.3 is request industry input through groups such as WEDI, AHIP, NAIC, and the DISMO committee for definitions of products to be used in plan enumeration by October 31st, 2010, or other date as feasible by CMS.
DR. CARR: So, just to be clear, we're recommending to the Secretary that these groups as specified come together for consensus on the definition of product, and that that be done by October 31st? And are they configured to be able to do that? In other words, is there some standard meeting? How does this happen? CMS calls a meeting?
DR. SUAREZ: This is not getting all the groups together; this is getting input from the various groups. And so WEDI is already scheduled to have a meeting next week that will come to provide input.
DR. CARR: So all of the groups will provide input to CMS? And then CMS will decide based on the input?
DR. WARREN: Okay. So we're recommending to the Secretary that they ask CMS, who's been tasked with doing the health plan identifier, to pull these groups together in their deliberations.
DR. CARR: Okay. So that's our recommendation, that these are the --
DR. WARREN: Right, and how CMS does that is up to them.
DR. HORNBROOK: Are self-funded companies considered HIPAA entities under the HIPAA law? So if JCPenney offers its own health insurance to its own employees, pays for it themselves?
DR. SUAREZ: Yes, they're covered.
DR. WARREN: Okay. 1.4, collaborate across federal agencies and departments to develop or identify consensus definitions affecting the identification of health plans, including the Indian Health Service, Veterans' Affairs, Department of Defense, and the Federal Employee Health Benefit Program. And so each one of these entities now, is currently working in this problem space. We just want them all to work together so they come up with the same answer instead of individual ones.
And then we had a friendly amendment, 1.5, written by our really good friend and ad hoc subcommittee member. This is from Jim Scanlon. Coordinate to the maximum feasible the development and implementation of the national health plan identifier with other plan related requirements in the Affordable Care Act, including the consumer health insurance web portal, the health insurance exchanges, and the regulatory requirements for health plans. So that pulls us in with all the other sections of the law.
DR. HORNBROOK: Why is FEHBP singled out here? If you're going to put that kind of energy in here, you should put in every single company that offers group health benefits. And FEHBP is not an underwriter.
DR. CARR: You are talking to 1.4, collaborate across federal agencies and departments to develop or identify consensus definitions affecting the identification of a health plan. So, you're saying if we're giving examples, is this an inclusion list?
DR. SUAREZ: I think what we're saying is that the Federal Employee Health Benefit Program contracts with a lot of health plans. They should be using the same number.
DR. HORNBROOK: Yes, but so does Ford, and GM, and IBM.
DR. SCANLON: 1.3 is about consultation with private sector entities. 1.4 is about consultation with public entities. And so we did try to expand 1.3 to be an issue of stakeholders and have that. And the list is suggestive, such as, okay? I don't know who is the natural organization for the self-insured plans or employers.
DR. HORNBROOK: Washington Business Group on Health?
DR. SCANLON: Well, but I don't think we should go down that detailed. The idea is take the "such as" seriously.
DR. CARR: Was there anyone else who wanted to comment about 1.4? Okay. And we've covered 1.5; now let's go on to 2. It may be good to just read the observation so that the recommendations follow.
DR. WARREN: So the observation relating to terms and definitions associated with entities to be enumerated, NCVHS observes that the health plan identifier should fulfill the original intent of HIPAA to improve the efficiency of the health care system by adopting standards for electronic exchange of health information. As such the health plan identifier enumeration process needs to ensure that the right entities, including at least the transaction recipient administrator, and financially responsible party.
CMS defines the national payer ID, which is pre-HIPAA, as a system for uniquely identifying all of the organizations and pay for health care services, noting this is also known as a health plan ID, or plan ID. And this was a suggestion from Larry that we incorporate that definition within the letter itself, instead of just leaving it in the background information.
DR. CARR: Okay, any comments on that? Okay. How about recommendation 2.1?
DR. WARREN: Okay, 2.1. Initially enumerate all health plan legal entities as defined in the HIPAA legislation and further clarified in regulation at -- and then we have a citation, and we'll make sure those match up Leslie.
DR. CARR: Okay, comments? 2.2.
DR. WARREN: 2.2 we changed. Determine what level of health plan should be enumerated using input from stakeholders and identify these in regulation. This is the whole problem that we have with what should be enumerated. And we really felt that it needs to have a lot more looking into, because of the intermediaries, and because of the different ways these are used in transactions, we're still not sure after yesterday that it's the product. We were using product in a very generic way, and there was a lot of concern about the use of that particular word. And so we came in to determine at what level of health plan should be enumerated. And so we've already pulled together the groups that should be looking at this. So that's our compromise statement. If anybody has any other way of stating this, that would be --
DR. CARR: Well, it sounds like we don't have -- there's information that needs to be gathered. And we don't have it today, and it will be gathered. And I think it's helpful to identify that that's a key thing for evaluation. Mark?
DR. HORNBROOK: I just assume everybody understands that we have moved in this industry way away from standardized benefits. Most health plans are willing to negotiate a health plan product with any purchaser, tailored to that individual purchaser. So inside Kaiser, every company can have a different specific type of product coverage.
DR. WARREN: There are going to be a lot of numbers. And that's why we took out product level.
DR. CARR: And I think that's why having a schematic of what it is that we're, you know, where these touch points are for people like me, maybe Bill, it would be helpful; hopefully the Secretary, too.
DR. SCANLON: A number of folks, when they think about the plan identifier and the context of the Affordable Care Act, I don't think they would find it useful if it wasn't somehow linked to the products. So even if it's not part of the -- you know, having a firm name -- well, it would just depend on definition, I guess. But if you were not able to link that to the products in some degree and in some manner, are we as a principle saying that we believe, or we heard that --
DR. CARR: I think the end game is that we take work out, so if you don't have sufficient information to understand what the person is eligible for, we've done a lot of work without achieving the goal. So I think that that's really important to state.
DR. TANG: I just want to understand better. How do you do it without getting each one of those variants?
DR. CARR: I think we want to state our guiding principle of what has to happen. Things have to get simpler and we have to be able to know what someone is eligible for. And how we get there may involve a lot of numbers, but it needs further study.
DR. TANG: I guess my question is why does it need further study? How could you not get it down to the product level if I want to know if this person is eligible for this benefit and how much they should pay or not pay? I fundamentally don't understand it. And I think the states regulate the product level, as well, don't they, Mark? You literally have to get that product certified or approved.
DR. CARR: I mean, would it help to have the recommendation say determine what level of health plan should be enumerated using input from -- what level of health plan should be enumerated to achieve simplification or to achieve something?
DR. SUAREZ: We're already stating the observation that the health plan should fulfill the original intent of HIPAA to improve the efficiency of the health care system. So we already stated as a principle of the observation.
DR. SCANLON: I think that this was one of our key recommendations and that it was essential that we do have the word product in it. I mean we originally had it as a health plan. What qualifies as a health plan at the product level to be enumerated, okay? And I understand sort of that it increases the complexity greatly, but what we're saying here is through a consultative process we'll determine sort of what is both feasible and needed. And I think trying to say what's needed would be a much more expensive path. It's better for us to in some respects be ambitious in this recommendation as opposed to sort of trying to finesse it and going some other way. And I also, with this principle, level of health plan doesn't -- product level is ambiguous enough; level of health plan is --
DR. CARR: Are you suggesting an amendment to this?
DR. SCANLON: We go back to the original, which is what qualifies as a health plan at the product level. Determine what qualifies as a health plan at the product level to be enumerated. That was the language in the draft that was circulated.
DR. FRANCIS: Well, I was wondering actually something along the same lines, but maybe a little more vague, which was to determine at what level health plans should be enumerated, rather than -- because it sounds like there are levels of plans in the way it's currently done, and that's kind of weird. So if what we did was say something like at --
DR. CARR: All right. What I'm hearing us say is that we want to make it clear that there has to be sufficient detail to achieve the goals of simplification. And there are many ways to state this. I heard Bill say that to just say at what level the plan should be stated leaves it open, needs a modifier to achieve something. Or we can say product level, but product, the implications of that are --
DR. CRONIN: So instead of (inaudible) product, can you enumerate specific types of coverage that you think are important? And then you would have a finite set of possibilities.
DR. CARR: I don't think so.
DR. SUAREZ: At the bottom of the first page, beginning of the second page of the letter we describe or explain that there are different types, forms, and arrangements of plan components. They include things like lines of business or market segment, such as medical, dental, property, types of products or categories, such as PPO, HMO, indemnity, and specific products, such as PPO Gold or Medicare. So we provide examples of the various levels of categorization that one could go down within a health plan to enumerate. But we explain in that segment of the letter that there is no way to determine that at this point, the right way to do it.
DR. CARR: Okay. So why did we take product out?
DR. SUAREZ: Because that was one of the three or four different ways to categorize health plans. You can categorize by product, by line of business, by product specificity even within a product.
DR. WARREN: Part of the issue is once upon a time we had health plans, everybody knew what they were, and it wasn't that complicated. You know, since HIPAA has passed there have been new ways of doing business, and so we have lots more entities in there that are in the health plan arena. And these are the repricers, the rental networks, and all of these people that work in the background that are now part of these transactions. And so it's trying to find the appropriate things to call a health plan that we can identify that will answer all of the efficiencies that we need.
DR. CARR: Is it possible to say at what level of detail a health plan should be enumerated?
DR. WARREN: Well, but what may also come out here is that it's going to take us more than one in a transaction statement.
DR. FRANCIS: What about levels? That's why it should be levels.
DR. WARREN: Well, but in a transaction statement there are several different slots for different kinds of identifiers. It may be a cluster of identifiers that we need. And we've only been tasked with doing one of those.
DR. SUAREZ: One way to address that is to suggest maybe determine at what level a health plan should be enumerated, and then in parentheses give one or two examples.
DR. CARR: We could, that's a way -- give examples.
DR. TANG: I want to go back to Justine's principle of being simple, which means being understandable. And I think because of what you said in terms of how a health plan used to be one plan, one product, when we call all of these things health plan identifiers, I think actually that's very confusing and contributes to this thing. If we separate from the end user, they just need to know a number to go find out details and call that product number. Then on the back end we can get all the information necessary to support that transaction. Even if just relabeling it helps the understanding, that's a big accomplishment.
DR. CARR: Right. So I think I heard Judy say that -- or Walter -- we've enumerated products, lines of business, and so on. So it may be the term product is already being used for the specific level.
DR. WARREN: Can I just ask Paul to clarify? So you're saying that maybe the use of health plan identifier is what's creating the problem? And if we suggest to get rid of that, and then come up with whatever it is that we're supposed to enumerate --
DR. TANG: Well, to speak of health plan identifier as the back end side, the only thing that faces the doctor and consumer is the product number. It's almost like a UPC code. And when I zap that, I understand what that product is. It really doesn't matter to these folks who the plan is, et cetera. But clearly when you zap this, you're going to find out traceably where to go to the right people to talk about particulars. But that doesn't concern the people who see the UPC code. And to me that almost makes it so much easier this side of the house, and then puts some of the details in the back end. And I don't know whether that's a helpful construct, but it certainly --
DR. CARR: That's a great suggestion. Let me go to Marjorie, then Bill, then Walter.
MS. GREENBERG: I know I've been in other venues deliberating this issue for about 20 years, so it's not surprising that it's so difficult. And over those 20 years, it's gotten much more difficult. And so I can understand why the committee at this point is not prepared to make a definitive recommendation and is recommending that the department has to determine, ultimately, what it's going to recommend. And, of course, then there will be public comment -- I assume. There's no public comment? Okay. It's an interim final rule; so that's it? Well, I thought you could comment on an interim final rule?
MS. DOO: You can, but only if it's substantive changes to be made.
MS. GREENBERG: Okay. But, given all of that, I think in addition to saying determine at what level it should be enumerated, I really support what Justine was suggesting, that the committee give some guiding principles. So, even if you don't want to say it should be done at the product level because of all of the definitional or other issues, ultimately what does the committee feel that this enumeration needs to accomplish? What does it need to tell people who are using the transactions or attempting to -- particularly in looking at the crossover to the additional uses that Jim noted, which I think was a very good addition -- ultimately, what do people need this to identify for them? And because I think there's too much passing the buck, in a sense, saying this is really complicated and you guys have got to figure this out. So somewhere between a specific recommendation and guiding principles. I don't know what those are, but -
DR. SCANLON: Two things. One, I think, Paul, in terms of what you were saying. One of the issues of confusion that we will hopefully clear up in the preamble is that there will not be sort of a single number that a physician deals with. Because that may not be adequate to deal with that physician's needs. There may be a health plan identifier that identifies the company and sort of the type of product, but that particular physician may have to send this particular claim off to somebody else, and that's where the intermediary's role is, and there needs to be a number so they know where to send that claim. And that may very within a product, so it's kind of not like a unique mapping.
So, this notion of plural numbers -- and this has been part of -- we started with legislative language, which is not helpful because the world has gotten much more complicated. And so trying to clarify some of that in our preamble I think is important for everybody then to understand things.
Coming back to this recommendation, the heart of this relative to the recommendation that we added prior in terms of taking into account all of the aspects of the changing insurance world, is the product level. And that's why I think that it's essential that we have it here, because the earlier description, which we made a comment that it doesn't constitute a taxonomy, because it's just this collection of different things. If you go to the wrong focus there, if you get line of business, whether it's medical or dental, it's a total waste of time. Don't even bother to get a number, okay? It's not going to help anybody anywhere. We need to have enough specificity that we know something about what is being dealt with, because if we don't, then we're just collecting data and we're not being able to use it.
DR. CARR: So, are you saying that we put the product level back into this recommendation?
DR. SCANLON: We either leave it as product level sort of, or product level other categories. The word level kind of contains a certain amount of hierarchy, and I think that's the wrong impression. There are product level or other categorizations. I mean, if there's a concern, leave it vague, but I think we get across the sense -- and this is not kicking it totally to the curb and saying we don't have any views on this. It's saying we do have a view: product level is important in the broader context, not just the efficiency of transactions, but the efficiency of the overall system.
DR. CARR: So I have Walter, then Mark, then Paul.
DR. SUAREZ: Well, I was just going to suggest in my previous suggestion about including an example, determine at what level, including product level, a health plan should be enumerated. So, if product level is one of the levels of health plan enumeration.
DR. CARR: Okay. Would that work?
DR. SUAREZ: So determine at what level, comma, "including product level," comma, a health plan should be enumerated.
DR. CARR: Excellent. Okay. So that's good. Okay, now Mark.
DR. HORNBROOK: One of the problems here is that we're stuck with the notion of health plan from the supplier side coming down. I wondered if it would be possible without doing violence to all of the legislation to simply define the health plan -- that word -- from the consumer's perspective, so the health plan is what the consumer actually has, which is therefore a specific product, set of benefits. I mean, remember that you can have a health plan that's a triple option; same underwriter, but three different plans. And you can have consumer directed health plans, you can have network plans -- it's just incredible variety. And I would offer the national drug code as a model, because the national drug code in one number comes down to a specific product from a specific manufacturer and specific dosage for, and they're the root of administration by stringing all of that together because they need to identify a unique pill at a unique point in time.
DR. WARREN: That's what we tried to do in the last sentence of the observation: CMS defined...
DR. CARR: CMS defined national payer ID.
DR. WARREN: Which is the same thing as health plan ID -- as a system for uniquely identifying all organizations that pay for the health care services.
DR. HORNBROOK: But you're still following the dollars down rather than the consumer back. I'm just trying to flip that on it's head.
DR. WARREN: So from the consumer back, my health plan ID is all of those people that pay for my health care services.
DR. HORNBROOK: No, it's the plan that covers my health care.
DR. CARR: Are you saying that the number should have intelligence in it, because I thought we initially --
DR. SCANLON: I think that's a separate issue. I am in total agreement with you. I'm using the word product level to mean exactly what you're saying. If I go and buy a policy and here's my premium, what's the set of benefits, what's the networks, and what's the cost sharing? Those are the things that I want to define the product level, because I want to know what happens under that product.
So we're in total agreement. I guess the only concern I would have is if the word product level doesn't convey that.
DR. SUAREZ: That's why we're trying to leave it generic in the concept, you know, because if we begin to granularly define specifically what a product is, we're already telling CMS to enumerated that.
DR. SCANLON: There's a difference, I think though, between us defining the product, and us basically making the recommendation that Mark and I are making, which is this is the kind of detail that we need. And because the generic -- there's the issue that they could opt for line of business. Again, I would oppose that. I would vote against that because I think that does not provide useful information. Whereas, what Mark and I are saying -- and this is up to the rest of the committee to think about -- but what we're saying is useful information is going to be down at this level of what the consumer has purchased as a policy.
DR. TANG: I want to check my understanding to make sure as you describe the -- actually this product, you'd have to go send your claim over here, and for this product you have to -- Now, it sounded like you were following the fragmented footsteps of health information exchange. And I'm wondering if there's a way to leapfrog that and go to some kind of clearinghouse mechanism instead of first figuring out how to go do the peer-to-peer, the point-to-point, which contains all the knowledge at each of these nodes, rather than just having a product number here -- here's my ticket to going to both get information about the eligibility, as well as send it. But you've shifted that over to a clearinghouse. Is that even reasonable?
DR. CARR: Even the clearinghouse needs to identify what they have.
DR. TANG: Then why did you say that you had to --
DR. SCANLON: Well, I guess this is because some of these issues are way above my pay grade. But in talking about this through the hearings and the discussions that we've had, it became clear that there are multiple purposes going on, including sort of this processing of the transaction. We've heard from the providers about the difficulties that they're having. And the issue is how do we accommodate all of these different objectives? And can you do it through a single number, or do you need to do it through multiple numbers? If there are multiple numbers, I mean there is this question of where do you get the multiple numbers.
We also heard about wanting information, and there is this role for potentially a clearinghouse, which is where a number points to a database. And those kinds of things, I think, are not all in this letter.
DR. CARR: All right. Let's go -- what I want to do, we're on page 3 of 7. I'd like to get through the recommendations and keep notes on what we need. Now, Larry had a comment.
DR. GREEN: I want to refer us back to our environmental scan for this letter. And pages 12 and 13, that's where the use case for using this is laid out and these different levels that we're talking about were characterized, described, and referenced back to the law, and where we are with stuff.
And so, in that table that's on page 12, we have the health plan, and then further down we've got the product. There are definitions of health plan in this scan; there is not definition of product. The closest thing to it is it's what the individual buys. So, to get this into the letter, it seems to me we must incorporate into the letter something that declares what the word product means in this letter to achieve what Bill, and Mark, and others are advocating for.
DR. SUAREZ: I thought it was in the first page of the letter.
DR. WARREN: So we haven't looked at the intro to the letter. We did a lot of that in the introduction to the letter.
DR. GREEN: So what is the definition of a product?
DR. SUAREZ: We actually define different things. We define line of business or market segment, such as medical, dental, property, or casualty, types or categories of insurances programs, such as PPO, HMO, indemnity, Medicare Advantage, Medicaid, and the specific products, such as PPO Gold, inside PPO. So it's defined by virtue of providing example.
DR. GREEN: Okay. So, that's consistent with what I'm saying the environmental scan --
DR. SUAREZ: Exactly, we tried to pull it from there. What I wanted to ask is if in the version 2.2 are we addressing what you're -- Bill and Mark? I think we are telling in 2.2 that CMS should determine at which level including product -- and now we have benefit package in parentheses -- level a health plan should be enumerated. So, does that address at least that concern?
DR. SCANLON: Well, but I think also to Larry's concern, in the original we had a sentence in the observation that products typically are defined by service areas, set of benefits, services and network of providers.
DR. CARR: And we can put that back in.
DR. SCANLON: And I think that is more instructive in terms of what it is we mean by product level.
DR. CARR: Okay, great. Let's add that back.
DR. HORNBROOK: One of the principles here I've heard around the table is that there is an exchange going on between the consumer and the provider, and they want to know the details of the insurance in that transaction. So that might be a principle we should enumerate, that these two parties that are dealing with point-of-service decisions, clinical decisions, need to know what the business aspects are, what the insurance coverage is.
DR. CARR: I was talking about that in the schematic, but to know what is the end game of, you know, after we've done all of this, what gets better. And how will we know that we've achieved our goal? Right, we'll come back to that. Do you want to try number 3?
DR. WARREN: So, number 3 is observations for format and content of the health plan identifier. The NCVHS heard testimony from a wide range of potential users --
DR. CARR: If this will stand by itself, why don't you go to that, and if we need to go back, we will.
DR. WARREN: Okay, 3.1, adopt a health plan identifier that follows the ISO standard 7812 with a Luhn check digit as the 10th digit.
PARTICIPANT: Do we need to be specific? What if we need 11?
DR. WARREN: This is a standard with nine digits, and there's no way we can use up all of the numbers.
DR. FITZMAURICE: We might be able to use up all the numbers if we enumerate products and go across time. I mean, what is it, 333? I don't know how many digits that is, but God gave us an infinite number of numbers; why are we restricted to ten digits?
DR. SCANLON: Well, but I think we're not sort of into all of the operational details here. And I think that one of the things that needs to be considered is what's the minimum amount of information that you need to do something. And I think changing these IDs every time a product changes, when it changes completely -- like if I'm buying Humana Gold under Medicare Advantage for 2010, and it's constant for 2010; 2011 it's different, okay? Take the date, and then match it with the ID. Don't change the ID every time the year changes. We know that every year the products change, and virtually every insurance program. So, thinking about how do you pull together information to get you what you need as opposed to making this process so cumbersome that every time you turn around you've got to go get a new ID.
DR. SUAREZ: This is the exact same ID as the NPI. It's the exact same standard, the ten digit -- a ten digit will give you in one row starting with a, say, eight, will give you a billion option -- 999 million, 999 billion. And we would have perhaps two or three rows, so we have three billion options. I think we will be covered for the next several years.
DR. HORNBROOK: Bill just suggested adding in intelligence, that is adding year information.
DR. WARREN: No, no, no; not in the ID. It's in a separate part of the transaction, a separate part of the database. We're talking about one slot in a transaction standard that the ID of a health plan will go into. What Bill's getting into now, is you don't just have that one piece of information. You've got a whole database somewhere that someone's put together that they can put that ID number into. So if you want to query that database, you can query it on the ID number and a date. So don't get databases and an ID number confused.
DR. CARR: So, is 3.1 stated in a way that we find acceptable in 3.2? Okay. And 3.2 makes the statement not to have embedded intelligence in the numbers.
DR. FITZMAURICE: Justine, just a clarifying question: so the Luhn check digit is the 10th digit. That doesn't mean you can't have 15 digits, right?
DR. SUAREZ: No, you cannot have 15. That would violate the standard.
DR. FITZMAURICE: It would violate the standard? Suppose we get up to a couple billion. I mean, I can see that -- I think Mark is right, you can uniquely identify the product without a number and a date, and the number might just as well include the date, or you have those two identifiers that have to be concatenated in order to identify the product.
DR. SUAREZ: You don't need that information in the actual ID is what I think we're saying. You need the ID and that information about the date when that starts and what ends goes in the database.
DR. SCANLON: To get to a billion there has to be more than three health plan IDs for every living person in the U.S. That seems -- that's a future I'm not going to worry about.
DR. CARR: You're saying three per person, you think that's excessive?
DR. SCANLON: Three plan IDs for a person?
DR. CARR: Over their lifetime.
DR. FITZMAURICE: That's not excessive.
DR. SCANLON: No, no. But I'm saying that we don't have to know -- there doesn't have to be sort of a different ID for every year. Each person has a health plan at a given point in time. We know the date, we know the person and their plan; that's enough. I mean, I'm thinking that maybe three million would be sort of more than adequate.
DR. CARR: Maybe I'm not understanding this, but there is a growing literature of people hopping from plan to plan.
DR. SCANLON: And when they do, they -- I mean, we're not tying this to a person. I'm just saying about how many unique plans are we going to have out there. When they do, then their number changes. But the plan numbers don't have to change.
DR. SUAREZ: We're not giving IDs to people; we're giving IDs to plans.
DR. SCANLON: And, you know, think about what's going to be the population within a single plan. It's probably going to be in the tens of thousands as opposed to millions.
DR. WARREN: Just to make everybody happy, if we run out of numbers, we can go to ISO and say instead of nine digits, shift to an OID that is a 32-bit character or 64-bit character, and we'll never run out. So, don't worry about that. We'll shift that back to ISO.
DR. CARR: Thank you. Let's move on to 4.
DR. WARREN: So 4 is about the database that is used to actually issue these numbers. So we recommend that the Department establish a health plan ID enumeration system and process supported by a robust online directory database. This is the same way that we implemented the MPI. Any questions? Okay, 4.2.
DR. FITZMAURICE: Does that mean that when we enumerate the health plans we go to the state insurance commissioners and say give us identification for each product?
DR. WARREN: We've not told CMS how to do this.
DR. CARR: I'm doing time checks here. I know that maybe we have less detail in our next letter, but I want to just keep moving this along so that we have sufficient time.
DR. WARREN: 4.2, direct CMS to work with stakeholders, including other federal agencies, to identify the minimum necessary data elements for the directory database. Consideration should be given to the employer identification number, taxpayer identification number, National Association of Insurance commissioner identifier, source of payment typology, and other identifiers that may assist in supporting the need to appropriately identify health plans and administrative transactions and in the development and use of standards and operating rules.
The database should be sufficiently flexible to enable additional information to be added initially at the discretion of the entity and potentially in the future as a requirement by HHS. So I think that gets at what Mike was concerned about. Any questions?
Okay, 4.3, require the entity enumerated to maintain all information according to a published schedule of updates or more often as appropriate to maintain accuracy. If there are no changes at the time of a scheduled update, the date information was validated should signify that the entity is reviewed and is confirming the data as being current. In other words, the health plans themselves enter their data into this to get their number, and they are responsible for making sure that everything there is accurate.
4.4, make available appropriate information from the health plan identifier directory database to support the sufficient and accurate exchange of information.
4.5, consider for the future requiring that the health plan identifier system enable electronic transactions with the directory database for users or their systems to obtain information and route transactions more efficiently and effectively. So we were trying to look into the future where we actually have information systems talking to each other without people doing that. Any questions.
Okay. Let's go down to recommendations for 5. 5.1, not require the health plan identifier to be used in place of the existing Rx BIN and PCN identifiers for routing retail pharmacy transactions.
5.2, require the use of the health plan identifier on only those retail pharmacy transactions that use ASC, X12, or other non-NCPDP standard transactions. However, versions of these non-NCPDP standards should also continue to accommodate recording the Rx BIN/PCN to facilitate retail pharmacy transaction processing.
DR. CARR: Any comment? Hearing none, keep going.
DR. WARREN: Okay. Down to recommendation 6. So, 6.1, consider the effective date of October 1, 2012 to be interpreted as the date to begin registering for a health plan ID. As such, subsequent phases should include time for enumeration and testing before a final implementation date. Phases should include October 1, 2012 to March 31, 2013 as the enumeration phase, April 1, 2013 to September 30th, 2013 for testing, and October 1, 2013 for implementation. We did this because we've had a condition of trying to make reasonable request, and there was a little -- they didn't say implementation date; they said effective date. And there's some concern about how that should be interpreted.
DR. CARR: What are we doing between October 1, 2010 and 2012?
DR. SUAREZ: Writing the regulation.
DR. CARR: Two years.
DR. SUAREZ: Establishing the system that will enumerate.
DR. CARR: Okay. It might be worth putting that in there, what we're doing in the time before implementation.
MS. DOO: Are you recommend we write the regulation --
DR. CARR: No, I'm just saying we're writing the letter in September of 2010, and the first action will be 2012. So, do we want to say what we're doing between now and 2012?
DR. SUAREZ: So maybe a statement about this will give enough time to develop the regulation and establish the system of enumeration.
DR. CARR: I think it would help support why we're not enumerating beginning today.
DR. SUAREZ: Absolutely. I think that's a very good point.
DR. CARR: Or I would even put your timeline as, whatever it is, October --
DR. WARREN: We can do that. So add two bullets, one for writing the regulation, and --
DR. SUAREZ: Well, I would caution about that because it's like telling CMS this is when you have to write the rules. They can take six months or six years. So I would just say if we give the statement this will ensure sufficient time for publication of the regulation and development of the system for enumeration, I think that will at least give the sense that that's why we are asking that the interpretation of the date in the law be --
DR. CARR: Okay. I'm just saying, if we're asking for that interpretation, I want to have clarity around the reason why. And I think the sentence is helpful. Are there any other comments? Okay, 6.2.
DR. WARREN: Describe in regulation the potential purposes and uses of the health plan identifier, including its uses in standard transactions, potential uses for health information exchange, and other uses. While purposes should not be restricted, the initial focus should be on enumerating entities for use in the financial and administrative transactions.
DR. CARR: Comments? Hearing none, 6.3.
DR. WARREN: Okay. And then 6.3 is we want them to accommodate bulk enumeration of health plan IDs as applicable. That's because a lot of companies already have existing IDs and they have it where they can bulk load it instead of entering one at a time.
DR. CARR: Okay. Number 7.
DR. WARREN: Okay, 7. 7.1, provide sufficient time and guidance for testing of the health plan ID and transactions prior to use.
7.2, allow for a period during which dual use of legacy health plan identifiers and the new health plan identifier is permitted in the transactions.
MS. DOO: The only challenge with this, and I don't think anyone from X12 is here, I don't think the transaction allows for it. So that may be an issue that either the operating rules will work on, or the industry will decide other fields.
DR. CARR: So, do we need to add some qualifying language there?
DR. SUAREZ: That's appropriate at the end: if it's permitted in the transactions. That's appropriate.
MS. TRUDEL: Dual use can actually mean two different things. It can mean that you can send a transaction with one or the other, or it means you can send it with both. You can't send both, but you could do a dual-use period with one or the other.
DR. WARREN: Recommendation 8.1 is encourage the adoption of a health plan identifier in health plan identification cards. That came up quite a bit in testimony that it be used on cards.
DR. CARR: Okay, great. 9.1.
DR. WARREN: 9.1 -- and this is our last one -- is we strongly encourage the industry to enhance operating rules for the financial and administrative transactions to support the use of the health plan identifier.
DR. CARR: Excellent work. Is there any concern that anyone has that hasn't come out yet about this letter? Okay. Hearing none, I think that we've got our recommendations well done, and I think that what we'd like -- we haven't' done a complete read through, so in terms of the final -- how do we do this?
MS. GREENBERG: I think you can vote on the letter and to be finalized with the executive subcommittee.
DR. CARR: Okay. Does someone want to make a motion to approve these recommendations?
DR. STEINWACHS: So move.
DR. CARR: Okay. All in favor?
(Participants affirm verbally.)
Any dissent?
(No response.)
Okay. So we're good with the recommendations.
(Applause.)
Agenda Item: Letter on Operating Rules, ACTION
DR. CARR: Okay. We need to move on to the operating rules, and I guess then we have a break. Are we good with moving along? All right. Moving right along to operating rules.
DR. WARREN: So, in operating rules remember part of our task was to tell the Secretary whether or not an entity met the criteria in the law to become an operating rules entity. So, in the first one, it's NCVHS advises the Secretary that: and 1.1 is CAQH CORE meets the requirements as the authoring entity for operating rules for non-retail pharmacy related eligibility. We put in the standards for that and claim status, and we added the standards in for that for eligibility and claim status transactions. With additional qualifying requirements addressed and recommendations below. Any question there? Okay.
1.2, NCPDP meets the requirements as the authoring entity for retail pharmacy related eligibility transactions, telecommunications standard implementation guide version D.0 with additional qualified requirements addressed in recommendations below. And in parentheses, note the pharmacy industry does not currently use the claim status transaction.
So now, recommendations for HHS. 1.3, require authoring entities to maintain minutes, attendance, voting records, and other appropriate documentation that will help NCVHS conduct verification that the authoring entities have utilized an open, consensus-driven process with broad stakeholder participation, and provided an opportunity for public comment in authoring any new operating rules or new versions of existing operating rules consistent with such processes followed by ANSI-accredited standards development organizations. Please note that we're not requiring them to become ANSI accredited, just to use those processes of openness. Any comments?
And I just want to remind the committee at this point that this law does require that NCVHS follow these entities over time, much of the way we've had to follow the DISMOs under HIPAA. So this is an ongoing responsibility that the committee will have.
1.4, continue to use NCVHS and its open process to evaluate, select and recommend any new qualifying operating rules authoring entities when it comes time to adopt operating rules for other transactions or for newer versions of the operating rules for the transactions for which CAQH CORE and NCPDP are being recommended to be the named authoring entities.
DR. CARR: We won't wordsmith it now, but we think we know what it means.
DR. WARREN: Well, one of the concerns we had was trying to use the language in the law, because they were very specific.
1.5, not require use of additional separate operating rules for use in NCPDP transactions beyond those that NCPDP has already adopted and might develop in the future as part of their implementation guides during normal versioning cycles.
DR. CARR: Any comments? No comments, move on.
DR. WARREN: Okay. 2.1, adopt CAQH CORE phase I and phase II operating rules for non-retail pharmacy eligibility and then in parentheses we've listed the standards. And claim status, again, we listed the status, the numbers for those transactions.
2.2, strongly encourage CAQH CORE to collaborate with relevant stakeholders such as Medicaid agencies and states to identify priority elements and best practices, and in parentheses, those items with the best ROI opportunities to upgrade phase II using this opportunity to pilot new consensus development approaches, and submit the enhanced phase II to NCVHS in time for its December meeting.
2.3, adopt for retail pharmacy related eligibility transactions the operating rules incorporated by NCPDP and the telecommunications standard implementation guide, version D.0.
2.4, require that the specific versions of CAQH CORE -- and that should be phase I and phase II -- and NCPDP operating rules adopted by regulation not be altered until a new version is adopted by regulation.
DR. CARR: Now, if we get recommendations in December, how does that?
DR. WARREN: The regulation will not have been written by that time. We'll just change our recommendation. We have this short window of opportunity before the regulations get written.
DR. CARR: Do we want to clarify that?
DR. WARREN: It's up in the observations.
DR. CARR: Okay, great.
DR. WARREN: Recommendation 3.1, ensure that any changes to the content of a standards implementation guide being considered for inclusion in future versions of operating rules be evaluated by the DISMO committee. This evaluation would ensure that the operating rule is not attempting to add, change, or remove requirements defined by the implementation guide.
DR. CARR: So, the DISMO committee will evaluate it? I mean, we're assuming then when they've evaluated it, that information would be fed back.
DR. WARREN: DISMO reports to us as part of the HIPAA process that we were given. And we'll get into some of that.
3.2, request, consistent with recommendation in section 2 above, that CAQH CORE establish an open process to receive, evaluate, and incorporate into the updated version of -- yes, it should be Phase I and Phase II operating rules -- to be adopted. Additional items received from states and other entities that have adopted standard operating rules, companion guides, implementation specifications or best practices.
3.3, direct authoring entities to enable operating rules to be -- recognize that the content that NCPDP has incorporated into telecommunication standard implementation guide version D.0 meets the requirements for the operating rules for retail pharmacy eligibility transactions.
3.4, direct authoring entities to enable operating rules to be sufficiently generic that they can be accommodated within any type of covered entity business operations.
3.5, direct authoring entities to enable operating rules to be sufficiently generic that they can accommodate needs of various types of providers, in parentheses, for example, hospitals, clinics, nursing homes, et cetera, and various forms of health plans, and in parentheses, indemnity, HMOs, PPOs, et cetera.
DR. CARR: I just want to be consistent, I guess, are you either going to call them authoring entities, or specify who they are?
DR. WARREN: We can do that for clarity.
DR. CARR: Okay, 4.1.
DR. WARREN: How about 3.6? Okay. Direct CAQH CORE and NCPDP, to openly collaborate with health plans and providers to include in existing operating rules requirements for use of the health plan identifier in each applicable field of the standard transaction. So here's where we're trying to bring together the collaboration that's necessary between the two letters.
DR. FRANCIS: The grammar of that one just somewhat confuses me, because you want to have them collaborate openly to include requirements in the existing operating rules; is that it?
DR. WARREN: Yes.
DR. FRANCIS: Okay. Just fix that, because with the comma where it is, I couldn't quite follow what as going on.
DR. SUAREZ: You mean to include, comma, in existing operating rules?
DR. CARR: Let's not wordsmith; excellent point, thanks. 4.1?
DR. WARREN: So, Leslie, if you could let us know where that is, because I'm already confused.
4.1, require that any companion guides deemed necessary by health plans do not conflict with the standards, implementation specifications, and operating rules adopted by regulation and follow a standard format and content agreed upon by the industry consensus across all sectors. The companion guide should be limited to providing basic training to partner facts, such as contact information, website, service phone numbers, et cetera.
5.1, designate operating rules authoring entities such as the DISMOs --
DR. CARR: Just so we have a consistency with what we do. I mean, generic is probably preferable, but if you want to put them in parentheses or something like that.
MS. GREENBERG: What if you say designate any operating rules authoring entities?
DR. CARR: Right. I think when we do a little clean up on this, we'll just get a consistent representation and a definition. So we'll live with that as we're reading it now.
DR. WARREN: Okay. So designate any operating rules authoring entities as designated standards maintenance organizations and require their participation in the DISMO. So they'll become members.
DR. CARR: So your singulars and plurals are a little mixed up there now with any, but go ahead.
DR. WARREN: There are plurals; and then there's a singular.
DR. CARR: So designate any operating rules authoring entity as a DISMO.
DR. WARREN: Designate any entity as a designated standards maintenance organization and require their participation --
DR. CARR: -- as a DISMO, single.
DR. WARREN: -- in the DISMO committee.
DR. CARR: Okay, 5.2.
DR. WARREN: Incorporate into rulemaking that, as recommended in 3.1, all future changes to operating rules and standards be made through the DISMO committee to enable changes to be made to the applicable artifact, which is the standard implementation guide or operating rule.
DR. SUAREZ: We should reconfirm that we still are referring to the 3.1 that we meant. We might have changed the order.
DR. WARREN: Yes, we'll check all of our numbers.
DR. CARR: 5.3.
DR. WARREN: Requiring these entities to adopt the standard versioning methodology and phraseology for operating rules similar to standards development organizations.
DR. CARR: Great. 5.4?
DR. WARREN: Designate CMS as a non-voting participant in the DISMO committee.
DR. CARR: Good idea.
DR. WARREN: Okay. 6.1, require CMS to develop a certification process for all standards implementation specification and operating rules in accordance with the legislation, and this legislation is ACA. CMS may designate one or more independent outside entities to provide health plan compliance certification. Until such entities are formally designated, any current certification process should be considered voluntary and not required.
6.2, enable CMS to work with the industry to identify free and low cost options recognized by CMS for validating compliance with standards implementation specifications and operating rules. And I think that's our last one.
DR. FITZMAURICE: Could we go back to 1.1 and 1.2? I don't have that version, but in a previous version I noticed something. On the first one we see, CORE meets the requirements as the authoring entity for operating rules for et cetera. NCPDP meets your requirements as authoring entity for pharmacy based eligibility transactions. They already are. Might we say, meets the requirements as the authoring entity for operating rules for each of the pharmacies?
DR. WARREN: Yes, you're right. The issue with it that makes it hard -- and I think why we have standards -- is they incorporate their operating rules as part of their standards package. So they go at it a little bit differently than anybody else.
DR. CARR: Any other comments? Do I have a motion to approve these recommendations?
(Motion made and seconded.)
Any discussion?
(No response.)
All in favor?
(Participants affirm verbally)
Any opposed?
(No response)
(Applause)
Well done. Well done. Okay, and we're even early I believe, but do not take that to mean you have extra time. I think we'll take a ten-minute break and get back here really at 10:15. We have a lot to do yet today, and we're on a roll. So please come right back.
(Break)
DR. CARR: Let me just check, was there anybody who came who didn't identify themselves?
DR. HORNBROOK: Mark Hornbrook, Kaiser Permanente, member of the committee, no conflicts.
MR. J. SCANLON: Jim Scanlon, HHS Planning and Evaluation, Executive Staff Director for the full committee.
MS. GREENBERG: Good morning, I am Marjorie Greenberg from the National Center for Health Statistics, CDC and Executive Secretary to the committee.
DR. CARR: Did you want to have any comments as we're getting this set up, Jim? We didn't get a chance to hear your comments yesterday.
Agenda Item: Sensitive Information in the Med Record, ACTION
MR. J. SCANLON: Well, let me rather than giving my full report from yesterday, I think what I'll do in terms of future planning, as you remember from our last discussion, HHS is working on our strategic plan for the next five years. It's still in draft form, but I'd like to give out -- and it's available for public comment, I'd like to give a summary of what the goals and the objectives are. Obviously they encompass all of the initiatives we're talking about today. So rather than go through that, I think what I'll do is pass that out, and you'll have it for reference, and then I could discuss it later.
But, again, the five overall goals, as you would guess: transforming health care including health reform, and a lot of the prevention initiatives as well. Advancing scientific knowledge and innovation; this would be the NIH and the FDA types of functions. Advancing the health safety and well-being of the American people; there are a number of objectives here dealing with prevention and welfare and child services. Increase efficiency, transparency and accountability; this deals with some of the initiatives relating to open government initiatives, data.gov where we try to post most of our data, and generally efforts to make HHS activities more transparent. And finally, an infrastructure kind of a focus, which would be to strengthen the nations health and human services infrastructure and workforce. Workforce is a new one. Typically the idea of workforce was thought to be let the market work. You don't have to support physician training; we do support nurse training. And the thought was that the supply would adjust to whatever the demand is. The thinking has changed a little bit now, and so there's more of a focus on workforce. Is the health workforce adequate, for example, in terms of distribution capacity and so on? So, as a general rule we'll be looking at that.
But at any rate, rather than take up a lot of the committee's time, why don't I give this out. We'll get it out to everybody's place and you can look at this in terms of the context of what we're talking about today.
Let me say this too: as you look at our roster, we have a number of potential vacancies coming up by December of this year; plus there are two from Congress, the House and the Senate, along with Harry as well. So normally when we have one or two vacancies we don't really advertise that much and post the federal register notice, because we end up disappointing most people if we're only appointing one or two. But three or more we generally think it's a good idea to publish. So we will be in the next week or two publishing a federal register notice about vacancies upcoming on the committee and encouraging nominations for membership. And we will list in the federal register notice the areas of expertise; those are in the statute itself.
So that will go out as a general rule inviting nominations. And we'll send it around to the members as well, because a lot of you have good candidates. A lot of your ideas have been the source of candidates already, so we'll send that around as well. And then we'll work through the fall in terms of getting everyone appointed.
The two Congressional spots, it's doubtful that with all they have to worry about, I guess it's doubtful they will actually name someone before the elections, but it's always possible. I know of a number of people who have contacted their representatives and Senators and expressed interest, but we can't get into that part of it until we actually get a letter from the Senate or the House. But, again, for the other members, we'd really appreciate your thoughts about the gaps we have and ideas about who would make good members.
DR. CARR: Thank you, Jim. Who's on the phone?
DR. OVERHAGE: Hi, it's Marc Overhage who joined.
DR. CARR: Anybody else on the phone?
MS. CHAPPER: Yes, hi, it's Amy Chapper, CMS.
DR. CARR: Welcome. Okay. I think we are ready. I want to first stop for a moment to --
(Phone ringing; wrong number.)
Has anybody else joined the call?
Okay. By way of introduction, I want to commend Leslie for unwavering fortitude in getting this right.
(Applause.)
History has shown, both in NCVHS and in other venues now and in the past, that privacy is an enormously complex topic, and it becomes even more complex in this evolving environment. We understand more, technology is evolving more, and we are trying to continue the role that we've played for a number of years in helping to inform and guide policy. And this letter is not unlike the others, but like the others we were able to achieve a statement that we felt was representative and added value, and I'm confident that we'll do that today.
But, Leslie, really thank you for just working all evening -- didn't go to dinner, but it's such a statement and it shows the committee in such a great light to have members with this amount of commitment. So, thank you.
So, what I'd like is that you take us through the letter and that we make notes at our places of thoughts that we have. But let's get through the whole thing and then try to come back at is there anything in aggregate that we want to speak about, or is there specific language. And what you have up here are some comments that I made earlier this morning, but they've not really been vetted, so feel free to --
MS. BERNSTEIN: Is this, what I have here, Justine, is your version or is it Leslie's version?
DR. FRANCIS: This is actually Justine's version with -- we were at breakfast, and it is some edits that result from that discussion. Let me preface this by saying that I took myself in drafting to be responding to the kinds of comments that were made in the full committee, as well as the specific directions that I was given in the privacy subcommittee.
I did say at the beginning of that marathon last night, that if we thought there wasn't a chance of coming out of this with a passable letter, I was going to go to dinner and enjoy myself. And I was told that I thought we did, and so I followed those guidance.
Let me just say in terms of the email that I sent out, what seemed to me to be some of the crucial aspects of that. The first was to indicate that any of these judgment -- we need to indicate that this is about contextual access in different contexts. So I'll use the logician's descriptor here. For each of these suggested categories, there is an X such that X is a context in which it would be important to exercise segregated capacity.
From the existential quantifier, it does not follow that for all X or that for any other X that would be a context in which it would be appropriate to use this segregative capacity. So, please, from the fact that there might be a legal requirement for a particular transfer, do not assume that we are saying anything about treatment. Okay? That's critical.
Now, there may be legal requirements for some treatment contexts, but this depends on the context, okay?
Second, the way this is now set up, is we go legal requirements first, and we track the exact statutory or regulatory language of the legal requirements, beginning with the federal and moving on to states. I will say when we get to the states that I didn't have time to do all of the legal research last night. I cited one example of each.
Maya has been heroically sitting in the back here on Lexis, and I have many other examples which what we would do is put them all in a footnote, or in some way or another, we want to indicate that we're not singling out particular states. There are many, many states that do similar things. And these were the examples I could lay my hands on with the Internet capacities I had last night. But there won't be anything that changes in the content. There will be more exemplary states.
The third thing I want to say is that it was very important to make sure that we referred to all the kinds of considerations that we might find out matter at the end of the day. This is a recommendation to develop, that HHS support pilot testing and the development of functional, technical capabilities that would allow for the functional ability to segregate these categories. And I wanted to make absolutely clear that during feasibility development and pilot testing, we may learn that there are insurmountable technical issues. We know there are technical issues now; we don't know whether they're insurmountable because we haven't tried.
We also may find out that the costs are very high, and that given the levels of concerns that people have, the costs don't justify at the end of the day. We may find out that one or another of these categories doesn't do a good job of tracking privacy concerns. We may find out that there are patient care issues that haven't been anticipated or other unintended consequences. And attempt to make that clear.
At the end of the letter we point out -- but I should emphasize that the way this is drafted, it's at the end of the letter -- that we may learn that there's a road not taken, that we should go back to the idea, or go to the idea that different people have different ideas about sensitivity and that there shouldn't be a categorical approach.
Right now, of course, current law does take a categorical approach. And that's why I would recommend putting it at the end of the document, because if we were to move to that approach, it would be a very different structure than what one finds in law today.
Finally, I went to the actual titles of hearings, and titles of letters, and quoted the actual recommendations in earlier letters to make sure that there was complete accuracy.
So here's the overall draft, the structure of the letter. There's an introductory paragraph. There's then a prior history. Then there's tracking federal and state law, with some -- you'll find there are a few new categories in there. There is then a recommendation with respect to -- because we thought it added value to have a couple of categories that don't track law, but that were regarded as being very important. You'll find a mental health category, you'll find a reproductive health category, and you'll find then some overarching, crosscutting issues. The question of identifying a record of somebody who is under threat, as sensitive -- the entire record, you know, having a special flag for that type of record. A celebrity record, which I didn't quote the HIPAA, but that is actually in there. And then there is the question of the importance of some of these capacities for adolescent records. That's it, and we can now go through it.
DR. CARR: And so I think it's very important that we go line-by-line on the introduction. I think on the past history, if you want to just highlight --
DR. FRANCIS: I will do that.
DR. CARR: -- this one showed this, this, and this, and kind of sprint through that.
DR. FRANCIS: Let's look at the introduction first.
DR. CARR: I really am urgently concerned about our time. And I think that every minute counts here. And if you can just --
DR. FRANCIS: So the initial is our standard NCVHS "hi." Then the next paragraph --
DR. CARR: So read line-by-line on the opening paragraph.
DR. FRANCIS: We are writing to recommend that you explore testing and demonstration of privacy controls for electronic health records and health information exchange that will foster patient trust and increase patient participation in systems for records exchanges. Our nation is committed to the increasing development of interoperable health records to improve patient health, health care, and public health. Patient trust is critical to this development and we must invest in technologies that will promote this trust. One possible strategy for advancing patient trust is the identification of certain defined categories of sensitive health information so that health record transfers can occur with contextual access controls.
Protection of some categories of sensitive information in some contexts is needed to meet legal requirements and protection of these and other categories may be needed to accommodate patient privacy concerns. We recommend the selection of certain categories, their definitions in study, pilot testing, and further refinement to assess -- and here's the list -- technological feasibility, effects on patient care, efficacy for privacy protection, benefits and costs, and other potential unrecognized consequences and/or benefits.
DR. CARR: I'm debating whether we should try to go through the whole letter, or we should say -- because the introduction is so key to this. Is there any --
DR. FRANCIS: Maybe it makes some sense to see the letter as a whole so you can see where -- because we try to make sure that the issue of context is all the way through. And we also try to make sure that the road not taken -- I got a little Robert Frostian last night.
DR. CARR: I'm going to keep bringing you back to the letter, Leslie. Congress and the HITECH Act.
DR. FRANCIS: Okay. So, the next paragraph is just the HITECH Act, our prior letters -- Congress and the HITECH Act, NCVHS and prior letters, and the HIT Policy Committee all have recommended exploring the definition of categories of sensitive health information. And then the HITECH Act of 2009, specifically requested development of -- and this is the statutory language -- technologies that protect the privacy of health information and promote security in a qualified electronic health record, including for the segmentation and protection from disclosure of specific and sensitive individually identifiable health information, with the goal of minimizing the reluctance of patients to seek care, or disclose information about a condition because of privacy concerns in accordance with applicable law.
Based on NCVHS's past work concerning sensitive information, we are not offering initial definitions of such categories. What has become clear with the evolution of thinking about this topic is that any data element can be regarded as sensitive by some people in relation to a particular context, and reliance on an approach in terms of categories may ultimately be questioned.
That's an edit that we may or may not want to leave in.
The recommendations below are intended to coordinate with the work of the Health IT Policy Committee, which is separately addressing the technical issues in this area and has held hearing on this topic. The Health IT Policy Committee has also noted the importance to patients of controlling transfers of sensitive information, and that meaningful, granular consent -- and this is a quote from their recent letter -- must be generated out of further innovation and critical testing of implementation experience as it pertains to policies related to electronic exchange of health information.
MS. BERNSTEIN: Do you mind if I hide the changes for now so we can just -- do you want to see all of those changes.
DR. CARR: No, keep going; we're doing fine.
DR. FRANCIS: Okay. NCVHS has held eight -- that change by the way is just the number 8 to the spelled out eight -- to the topic of sensitive information over a six-year period. Okay? These are the hearings and their titles exactly from the NCVHS web page. Based on these hearings, NCVHS made a number of recommendations concerning sensitive information. And the first is the June 22, 2006 letter with R6 and R7 in their actual forms. Then the February 20, 2008 letter with the recommendation that categories be defined for purposes of health information that is made accessible over the NHIN for treatment purposes.
This letter also recommended that, quote, -- and it's the notational part, the break the glass feature, and the development of the technological capacity for re-sequestration and the development of audit capability. Then there's also the open, transparent, and public process to identify the possible categories, and to define with specificity the criteria for inclusion and exclusion within each category. We should take into account both patient concerns about privacy and the concerns of health care providers about quality. And then there are the five example categories. Wherever there are quotes, that's exactly what the letters said.
Then, next, unfortunately there is a recommendation in the PHR letter, which would be quoted there, but NCVHS's website link was broken, and I couldn't download -- the link was broken to that particular letter, so it was therefore not available on the web last night. But it would be the exact quote of that language.
So, next, legally define categories of sensitive information. Numerous federal and state laws require special treatment for specified categories of sensitive health information in various context. Again, the point that this is context related. In these contexts, the records custodian -- and we're not saying who that is -- may find it useful to have the capacity to segregate these categories of information for special handling -- again, not saying what that handling is.
These legally defined categories include the following. So first, there's GINA. And you changed it to "including the following in the category of genetic information." I had said define -- actually it should have been defining the category of genetic information as follows. That's the exact GINA language. Tests for DNA, RNA, chromosomes, or other features of the individual's genome, tests for metabolites, proteins or other factors that are indicative of features of the individual's genome, and the manifestation of a disease or disorder in family members.
GINA prohibits employers and certain insurers -- there is actually a bunch, and in relation to the earlier discussion, that includes ERISA plans; there's a separate section that amended ERISA -- from, quote, "requesting, requiring, or purchasing genetic information thus defined. In order to respond to requests for medical records that comply with these limits, records custodians will need to segregate genetic information that comes under the GINA definition.
Psychotherapy notes, here's the HIPAA regulation definition of psychotherapy notes: notes recorded in any medium by -- In order to come within this definition, psychotherapy notes must be created by a mental health professional and separated from the rest of the medical record. If they're not separated, they're not under the HIPAA definition of psychotherapy notes.
And what is the actual -- again, what would be included is documentation or analysis of the contents of conversation during a counseling session. That includes -- and I did not put that in here, but we could -- both individual counseling and group counseling. But I didn't think we needed to be that specific.
NCVHS recommends that the following not be included within the definition of psychotherapy notes. And what we are doing there is tracking exactly what the HIPAA privacy rule says are not part of psychotherapy notes. And those are, again, quotes from the regulatory language.
Okay. The next category is the 42 CFS Part 2. These are the substance abuse treatment records. And again we have quoted the exact statutory language. The section of the federal regulations governing the confidentiality of alcohol and substance abuse treatment records imposes, quote, "restrictions upon the disclosure and use of alcohol and drug abuse patient records, which are maintained in connection with the performance of any federally assisted alcohol or drug abuse program. To disclose, or disclosure, means a communication of patient-identifying information, the affirmative verification of another person's communication of patient-identifying communication, or communication of any information from the record of a person who has been identified."
Record means any information whether recorded or not relating to a patient received or acquired by a federally assisted alcohol or drug program. Treatment need, so there's the definition of treatment. Those are all listed straight from the regulatory language.
Accordingly, NCVHS recommends that the following be included within the definition of 42 CFR. Alcohol and drug abuse patient records maintained in connection with the performance of any federally assisted alcohol or drug abuse program as, quote, "federally assisted is defined in regulations and guidance." That definition changes, so we didn't want to give a specific version of it. And communications of any information from the record of a patient who has been identified in connection with -- that tracks the regulatory language.
DR. SUAREZ: Leslie, just a quick comment on that paragraph where the cursor is. Accordingly, NCVHS recommends that the following be included within the definition. Just to understand, are we saying that this should be the definition?
DR. FRANCIS: Yes, these are what are included in the regulatory language. We did not put anything else here.
DR. SUAREZ: I'm just asking what are we adding?
DR. CARR: Excellent question, but I want us to hold the questions -- just make notes -- and get through all of that.
DR. FRANCIS: What's going through in this section is what we're adding is the pilot testing of the functionalities to try to comply with this. And we fully recognize -- so that's the added value here. We're not changing the definition. This is the definition that's in regulation. What we're doing is saying -- so it may be hard, for example, to figure out how to pick out the communication --
DR. CARR: Let's just keep going.
DR. FRANCIS: The next one is HITECH Act cash payment. This is in the statutory language under the High Tech Act, such as required by law: patients may request restrictions on the following disclosures. A disclosure is to a health plan for the purposes of carrying out payment for health care operations and is not for the purposes of carrying out treatment. And the protected health information pertains solely to a health care item or service for which the health care provider involved has been paid out-of-pocket in full. So, in order to comply with such requests, records custodians will need to be able to separate out items or services for which the provider has been paid out of pocket in full.
The next one; now we're moving to state law. And here we have an example of New York public health laws protection for HIV. There are a multiplicity of state law protections regarding HIV and other sexually transmitted diseases. As I said, we will be citing additional examples.
But this is the exact language with the statute cite there. So, in order to comply with New York law regarding disclosures of HIV-related information, custodians of health records will need to segregate information that comes in the different parts of this statutory definition.
And then the crucial next paragraph, because state laws vary in how they define these protections, it will not be easy to define a single category of, quote, "protections for HIV information or other information regarding sexually transmitted diseases. Accordingly," -- and for every one of the state law defined categories, you're going to find the same accordingly -- "NCVHS recommends that HHS identify the types of information that might be included within this category, the context in which disclosure limitations might apply, and how the particular types of information might be identified for the purposes of disclosure limitations in these various contexts."
For example, -- the example here is of a contextual variation. Under the New York statute, disclosure limitations differ when the information is required for treatment, so this type of information should be identified for separate handling. And Justine added the following language; that's fine with me.
Now, the next category is there are a remarkable number of state law statutes that protect mental health information. This is one example. It is not an atypical example at all. We've got a list now on my laptop with Maya's and we will put in other examples and show that this is a deep concern for many states. And again, we did the same, state statutes vary in the definitions of mental health information to which they give special protection, as well as in the contexts to which these protections apply.
Accordingly, NCVHS recommends that HHS identify the types of information that might be included within this category, the contexts in which disclosure limitations might apply, and how the particular types of information might be identified for purposes of the disclosure limitations in these various context. And then, again, there's the West Virginia example, but as I said, West Virginia is not at all unique in this context. And we will actually give you different examples.
State law provisions regarding access to information in the records of children and adolescents. State laws differ regarding the rights of adolescents and their parents to the health records of adolescents. For example, Idaho provides special rules with respect to access to the records of children who have received involuntary mental health services. Those are both involuntary services in facilities and also in outpatient, so that's why it's stated like that. These limits include, quote, "no person in possession of confidential statements made by a child over the age of 14 in the course of treatment may disclose such information to the child's parent or others without the written permission of the child. There are limits to this restriction in some contexts. Disclosures that are," -- the grammar is off here -- "limits such that such disclosure is necessary to obtain insurance coverage to carry out the treatment plan or prevent harm to the child of others, or unless authorized do disclose such information by order of a court."
Then again, the notation as to state law variation, concluding with, for example, under Idaho law disclosure limits differ when the disclosure is necessary to obtain insurance coverage. So the illustration here is how the state law will require contextual variation.
Here's our concluding paragraph to this: Legal requirements impose special handling restrictions on each of the above categories of sensitive information in some contexts. However, without a definition that allows the capacity for separate management, even where electronic medical records are in place, the current practice is by necessity to prepare in formation in response to requests for this information by hand. This process is inefficient, cumbersome, and expensive.
Alternatively, a custodian may be forced to withhold information when it would not otherwise do so because it lacks the capacity to differentiate the sensitive portion of the record. For example, psychotherapy notes may be filed separately -- just in a separate bucket completely -- or records of treatment for adolescents may not be placed in electronic record systems.
That is something we heard, I will point out to you, testimony from the pediatricians about that one of the great concerns is that because of the inability to put into place separate controls where adolescents might want to exercise consent, that particularly adolescents are massively underrepresented in the electronic world.
In such cases, patients lose the benefits of both EHRs and exchange and other uses of the information, such as for public health or quality improvement may be curtailed.
And finally, we should also note that this is by no means a complete list of categories of sensitive information that have been enshrined in federal or state law. It represents, however, categories that were called to our attention as especially important or frequently protected by legal requirements.
Additional potential sensitive categories. NCVHS heard extensive testimony about the definition of sensitive categories of health information that extend beyond these categories that have found legal recognition. These were categories that were singled out for protection in at least some contexts as important to maintaining patient trust. What follows are two of these categories, together with information that may be important in defining them.
The first one of these is mental health information other than as found in HIPAA psychotherapy notes or state law definitions. Dissemination of information about mental health diagnosis and treatment may pose significant risks to patients, and most people regard it as highly sensitive. On the other hand, the distinction between mental and -- these are the considerations we heard in the hearings -- the distinction between mental and physical health is regarded as artificial. We welcome the day when this information will no longer need to be singled out for special concern.
The definition of mental health information recommended to us in testimony is, quote, "information gathered or observed relating to a person's emotional, perceptual, behavioral, or cognitive experience, as well as associated physical symptoms." And I noted there that this definition is consistent with the definition of mental health information found in some state laws. This information, however, may be difficult to identify for segmentation, as it will be scattered throughout many parts of a medical record, as well as across many records, and would require the use of advanced natural language processing for identification.
Additionally medical notes, test procedures, imaging and laboratory studies performed in a mental health facility that would otherwise be considered medical data, such as evaluation for reported chest pain, should not be included in mental health information.
Then NCVHS heard testimony that in addition mental health diagnoses and descriptions of traumatic events by patients should be included in the definition of this category's sensitive information. NCVHS also heard testimony that a past history of treatment for depression and for bulimia or anorexia should be included in this category. Panelists advocated that information about educational testing and testing for ADD should also be included in the category of mental health information to be segmented.
On the other hand, NCVHS also heard testimony about the importance of some mental health information to current patient management. Panelist recommended that the following critical mental health information not be defined as within the category of mental health information to be segmented in the record: medication lists, allergies, non-allergenic drug reactions, and dangerous behavior within medical settings. Information about current medications is crucial to avoiding drug-drug interactions.
Another expert suggested the importance of a problem list of current care, for example, knowledge of alcohol abuse may be relevant to diagnosis and treatment in an emergency setting. Testimony emphasized that this information may need to be available in emergency settings or when patients with mental health diagnoses are being treated for other conditions.
Now, this is only a recommendation about consideration, okay? So, NCVHS recommends that the following be considered in additional definition of the category of mental health information: psychiatric diagnoses, descriptions by patients of traumatic events, descriptions or analyses of reports by the patients of emotional, perceptual, behavioral, or cognitive states. Those were from the testimony. Except as required by state law, NCVHS recommends that the following critical mental health information not be included in additional definitions of mental health information because of its importance in many contexts: medication lists, allergies and non-allergic drug reactions, dangerous behavior, information for medical notes, test procedures, imaging, or laboratory studies not related to the mental health treatment that would otherwise be considered medical information.
And finally, about psychiatric diagnoses, just what we heard, NCVHS heard conflicting testimony about whether information about a psychiatric diagnosis should itself be included within the category of sensitive mental health information. On the one hand, this information may be important for patient care. On the other hand, it may be very sensitive to patients and they might expect to be included within the category. So, no recommendation on that; it's just the observations and what we heard.
The second category is sexuality and reproductive health information. Information about sexuality and reproductive history is often regarded as very sensitive by individuals. If the reproductive issue is long in the past, its relevance to current medical care may be limited -- only may. Many reproductive issues may expose people to political controversy, such as protests from abortion opponents. People asked me what that meant; that's the kind of thing it means. I mean, abortion opponents will show up at people's houses. And knowledge of an individual's reproductive history may place him or her at risk of stigmatization.
There are actually examples. I could give you case cites of people who have lost jobs when an employer learned about an abortion history. Additionally, individuals may wish to have their reproductive history segmented so that it is not viewed by family members who otherwise have access to their records. Imagine a parent whose child learns that -- okay?
Parents may wish to delay telling their offspring about adoption, gamete donation, or the use of other forms of assisted reproduction in their conception, and thus it may be important to have the capacity to segment these records. I didn't cite there, but I could cite for you the ethics advisory opinion of the American Society for Reproductive Medicine that recommends that as an ethical matter.
NCVHS recommends including under the category of sexuality and reproductive health information the following: sexual activity, sexual orientation, gender dysphoria and sexual reassignment, abortion, miscarriage, or past pregnancy, infertility or the use of assisted reproduction, sexual dysfunction, the fact of having adopted children. Some of this information, for example, sexual orientation discussions, may be especially sensitive in adolescent records if they are accessible to parents under state law.
Finally, considerations applying to entire records. NCVHS has identified three circumstances in which the entire record might be deemed sensitive. It's not just domestic violence; it could be an abstract stalker -- where we heard testimony. In cases of domestic violence or stalking, identification of the fact that the record exists with a given provider might provide the potential perpetrator with the information necessary to locate a potential victim. So might information in the record that is otherwise not sensitive, such as the patient's address or school.
NCVHS heard testimony from victim protection organizations of cases in which the medical records served to provide the victim's address or indicate the area in which the victim had sought treatment, and thus was likely to be found. In several of these cases the result was the tragic death of the victim who did not realize that her record had been accessed.
DR. CARR: Leslie, I think these are -- if we can speed through these, I think they sort of speak for themselves.
DR. FRANCIS: There are the public figures, and then the minors. Let's go to the end.
NCVHS recommends that we use the above categories of sensitive health information for pilots of technical solutions that reflect the content and the context of this information. Aims of this testing should be to understand the feasibility, effects on patient care, efficacy for privacy protection, benefits in labor and costs, and other possible consequences of segmenting these categories and implementing granular patient consent for their use in particular contexts.
Recommendations regarding management of sensitive information will always confront a road not taken. For protecting privacy, an alternative would be letting patients decide what information, if any, each of them considers sensitive. This was the alternative discussed yesterday. In NCVHS's 2008 letter we rejected this approach as unduly confusing and costly. It may be that after pilot testing efforts are concluded and assessed that HHS determines that one or more of the above recommended categories cannot be implemented. It may also be that after pilot testing HHS determines that the strategy of selecting categories of sensitive information should be reassessed. NCVHS stands ready to help HHS in this continued endeavor.
DR. CARR: I'm going to, in order to help do this, I'd like to go around the table and I'd like each person to have one headline of thought about this letter that -- constructive criticism; so one thing that we could do, or one concern that you have.
DR. HORNBROOK: I was wondering whether the reference to cognitive issues or data in the mental health field would be interpreted to include cognitive impairment, memory loss. This is a quality of care issue, because providers need to know that a patient really doesn't remember what they're being told.
DR. CARR: Okay. So, you're looking for specificity at a granular level. Let's just keep going. Chuck?
DR. FRIEDMAN: Sorry I'm late; I'll pass for now.
DR. CARR: That's okay. But I actually want to come back to you because ONC is looking for guidance from NCVHS, and I want to know if we're providing what's being looked for. Sally?
MS. MILAM: On the last page, when we look at the purpose of the letter, limiting it to pilots in technology I think is a missed opportunity. I think it also should apply to ongoing policy deliberation.
DR. OVERHAGE: I was wondering where that was in reference to, in the first paragraph, is that where you were pointing at?
MS. MILAM: We're not there on the screen. It may be in the first and the last.
DR. GREEN: I want two headlines. One is, I wish to express great appreciation to you for doing this. My second one is you called out in one paragraph that NCVHS recommends consideration of, and then there was a list of things. And in other places it says NCVHS recommends the following be included. I'm wondering about the possibility of using that language -- recommends consideration of -- throughout all of those consistently. If there is a good rationale why we want to make stronger statements for some, then --
DR. FRANCIS: Can I actually try the following just quickly --
DR. CARR: I really would like everybody to give their one-time comments, and then let's get in aggregate where we are with this letter. Don?
DR. STEINWACHS: I wasn't here for all of it, but I thought it was really great.
DR. WARREN: So, in the spirit of criticism and as someone who doesn't deal with privacy issues, one of the things I found problematic in the letter is when I'm reading through them, I can't look at it and find where the recommendations are. So, if we could call out and also number the recommendations, so even in your review of the previous letters you identified previous recommendations by their numbers. In this letter there is no way to identify what recommendation is being followed and what one is not. So, I find that very difficult to follow through. And so as a result, even though we've read through the whole letter, I'm still really unsure what we're recommending, because it's so embedded.
DR. SUAREZ: I have two quick notes. The first one is I think in the recommendations, particularly in the ones related to the state laws -- not the state laws -- the categories that have laws and regulations behind them, the NCVHS recommendation talks about include the definition of. And I think it turns out to be a little bit confusing to know if what we are saying is HHS should use the definition in the law, or modify the definition by including only the following in the definition. I think that's part of the confusion.
I noted that in one of the instances we actually quoted back again from the previous paragraph that said this is the specific law definition, and then below we say NCVHS recommends the following definition, and then we quote it again. So, it becomes confusing. What is it that we're recommending, you know, inside each of the categories with respect to the testing and all of that.
The second comment I make is, in many places we say do this for segmentation. Or, you know, the system will segment this. And we don't refer to have the capability of segmenting. I think every instance where we say segmentation or segmenting, if we just say straight ahead this has to be segmented, it give the impression that we're calling upon that. Rather, it should say the system should have the capability of segmenting.
DR. CARR: That's a good correction. Marjorie?
MS. GREENBERG: Okay. I'm not a voting member, but I really want to thank Leslie also. And I know Maya and a few others helped her as well. I think it's very balanced. I think it's very informative and reasonable.
I have the same comment that Larry made that unless there's a good reason for it -- and I guess when you get a chance to respond you'll tell us -- on the two additional categories that you added -- reproductive health is the second one; the first one is mental health -- I think it would be preferable to use the same language. And that is that, you know, should consider including. Why one would be consider and the other recommend, I'm not sure. If we want to change that, if you want to treat those two separately, I think you have to make more of a case for it.
DR. FRANCIS: No, there's no intent to treat them separately. We should just change the second one to be in line with the first. The distinction was meant to track legal and non-legal, and the only reason is Leslie got tired.
MS. GREENBERG: Okay. No, that's fine. And then I also agree that I think what you're trying to say is that those legal ones you think should all be included as sensitive information, but it also has to be clarified that you're not changing the definition or recommending a change to those. So I agree with both of those.
DR. CARR: Okay. And I again thank you for your efforts. I find it extremely hard to follow a 12-page letter. And I think I would recommend that we not go into such detail on the testifier's exact language, but rather synthesize up, these are the types of concerns that were expressed. I think we could also not go into the detail on what West Virginia law says. We could say state laws include an array of things, footnote West Virginia, footnote New York.
And I think that we -- Judy was saying I don't know what the recommendations are, and I don't know that numbering it is going to help it in its current form. I think we need to make this actionable for ONC so that if we are talking about mental health, I would recommend doing an aggregate of mental health. This is absolutely required, this is required in some states, and that leaves us with this gray zone of patients.
I think there are similarities in HIV, and STDs and psychotherapy. There are things that might be related to that or might not be. So I would try to just talk about it as there are the obvious state laws, and there's a continuum. And we need more thought and work on those things that are in those gray zones. So I violated my rule by saying three things, but that's the gist of it. Jim?
DR. SCANLON: A couple of things. I think if we could just make it clearer at the beginning that to some extent these are recommendations for research and exploration, number one. Secondly, that at some point very early in general this would not involve treatment, if we can do that. And third, like Justine if I could have one more organizationally, this is really too long for a letter. I almost wonder if it should be in a report in which we have a cover letter and attach it and say recommendations for research on sensitive information.
DR. TANG: I think this is a very good piggyback to what Jim just said. So, for example, I like the way that the letter started out: We're writing to recommend you explore testing and demonstration, research privacy controls to foster patient trust. That's a perfect statement of what we would like to do with this letter.
What I found missing was we glossed over other possibilities, which I think is an important contribution that we made. We discussed this yesterday on how categories, even though we came up with the idea first, may not be the right approach for a lot of good reasons that were discussed yesterday morning. And I would explain some of that. And I've written a paragraph that we could go over later.
So you start out with one possible strategy, that's good. What did we find that would cause us to think there might be other strategies for you to do the research? It's clear that this didn't pan out like we originally thought. We just need to be able to inform people. And I think that's a big contribution.
MR. HOUSTON: I don't have any comments. Thank you.
DR. FITZMAURICE: I learned an awful lot and got a lot synthesized by reading through the letter. I would go with, was it Don or Judy who said number the recommendations. That would be very helpful to help sort them out.
And consider -- but I'm not sure this is a strong statement -- this also is going to inform policy deliberations and discussions. But I don't know that we want to say this is a policy letter. So I go along with Jim saying the recommendations are for search and demonstrations, but it really does inform policy understanding of the complexities of privacy.
DR. SCANLON: I think I'm sort of along some of the same lines in terms of emphasizing the notion that this is about testing. I would be very uncomfortable with the specificity as a non-clinician if it was for total implementation. But I think that given that it's for testing, it's very, very different.
And part of my -- it's not just my lack of clinical knowledge, but it's also the issue here where dealing, in terms of the problems that we identify, with problems that are due to inappropriate disclosure and discrimination. And rather than attacking those two things directly, we're saying sequester the information. It's almost like we're admitting failure in terms of being able to deal with what the real root cause is.
And there is a price to sort of admitting that failure, that this is no longer a paper record that's been disclosed, this is now an electronic information that maybe through pooling has real benefits for people. I mean think about the genetic exclusion. That person that excludes their information may benefit tremendously from it being pooled with other people's information and something is learned about that particular condition. So I think we've got to -- we're at a stage where we can't deal as well as we want with discrimination or inappropriate disclosure, so this is where we may be.
But I still think sort of the idea that we're testing is the most important thing to emphasize. So making that clear up front, that all of the recommendations that follow are in the context of testing. And I know testing is like in the second line, but I think we need to make it bolder.
MS. TRUDEL: I don't have anything additional to add.
DR. CARR: Okay. Mark Overhage?
DR. OVERHAGE: Thank you. I do appreciate the hard work that everybody has put in to try to get this letter to reflect all of the work that the subcommittee has done to think through this. First of all, I want to support a number of the comments about not losing some of the learning and insight that we've gained both through the testimony, and our thinking about this, and our discussion over the last days. And I think several people echoed that sense that we should include somewhere here that there's a direction or trajectory here, but there are other roads that are perhaps worthy of further consideration. I wouldn't want to lose that.
And then the second thing that I want to -- and again, this is reinforcing more than adding -- I'm still worried about including some of these broader other categories, and in fact I'm even worried about including some of the state law sorts of categories given that it feels like it weakens the message in some ways of take some things that are well defined and work through the issues using these examples of the framework.
It's sort of like we're -- it gets back a little bit to the question of what's the recommendation. It feels like we've put so much on the table that it isn't clear. And I would support the notion of pairing back the categories that we hold out for examples to those few that are clear, national consensus. It just simplifies the world and the context that we're asking people to think about these things in.
DR. FRANCIS: Okay. Could I go through what I've heard and try some things? Could we put the letter back up, please?
The first thing I want to be absolutely clear about is that this is a research enterprise. So let's try to figure out how we can put in -- this is not about what should be done with patients now. So we recommend research involving the selection of certain categories, their definition and study, pilot testing; how about that? Or something that puts in that we recommend that you explore research, testing, and demonstration. So we put research in the beginning.
A second thing that I think is really important is let's go back to my mistake that Larry pointed out. It's under reproduction.
What I'm trying to do -- so I spent time last night under the assumption that there would be a vote on a letter today. And I'm going to want to request, respectfully, that there be a vote on a letter. I think a white paper is a mistake. I think it does several things. First of all, it would take a great deal of time. Second of all, it would say that NCVHS is unable to step up to the plate when we were asked to do so in a coordinated way with the Health IT Policy Committee.
So, I'm trying -- now, I may be wrong about those things, but I'm trying to find out a way that we can get a letter that we could agree to today.
DR. CARR: Right. And as we did with the others, we're going to say what are the recommendations. So let's start with that: what are the recommendations.
DR. FRANCIS: Okay. So we changed the bit about putting in research. Let's go to GINA. And then copy -- right there. Recommendation one, take out the accordingly.
MS. GREENBERG: I think the problem with this whole area is the one that Walter mentioned. What I'm assuming is you are recommending that those items that you then lay out that are in federal law should be included within the definition of sensitive information for this testing and for this purpose. You're not recommending any changes to the definitions in federal law.
DR. FRANCIS: Exactly. Including the following elements of federal law.
MS. GREENBERG: So you need an overarching definition that says we have reviewed those major categories that are in federal law and recommend that all of those should be included in the testing in this process.
MS. BERNSTEIN: Right. As opposed to saying they're in the category, saying that we intend for these that have already been defined in law to be tested and to have a demonstration process.
MS. GREENBERG: Yes. And then as for the issue of a white paper, I just want to put it to rest because I only recommended that yesterday when it seemed like we weren't going to have a letter. My preference obviously is to have a letter. Some of the information, some of the detail could be in an attachment, which would be a report of some type. It could be an attachment, because I think there's a lot of very informative information in here, but I also agree that when you're sending a letter like this, you want it to be relatively crisp. So that is not one or the other; I think we're all working on the letter right here.
DR. FRANCIS: So suppose what we did is say, recommendation 1, NCVHS recommends pilot testing the federal law definition of genetic information, which includes.... Okay?
MS. GREENBERG: Testing what's in the law; right. And you're not changing those definitions.
DR. FRANCIS: Exactly. The federal law definition, which is....
DR. SCANLON: I guess I would ask the question then are we going to make every recommendation NCVHS recommends pilot testing blank? I think that in terms of trying to change the introduction, you'd lose it. If you're going to start to number the recommendations, which is a good idea, and they're going to be in bold, the first recommendation in my mind should be NCVHS recommends pilot testing. It's take what's at the back, the very end, and the pilot testing should incorporate the following. And that's where everything else is going.
MS. BERNSTEIN: Well, you could put it at the end of the statutory section, Leslie, so it refers to all of the statutory things with one recommendation.
DR. CARR: So, Bill are you saying recommends pilot testing, and then enumerate those things, and there's one recommendation with ten segments?
DR. SCANLON: Right. A, B, C, D, E, F, yes, right. It seems to me that's where this letter is going. We go through all of these detailed recommendations, and then we finally say at the end pilot testing. Now that doesn't import what Sallie said about policy.
DR. CARR: I see Chuck, and then Paul, and then Marc Overhage.
DR. FRIEDMAN: So, Justine, you asked me to put on my virtual ONC catcher's mitt and think about what we would do with this when it came our way. And my comment really goes to the pilot testing and research preamble that would seem to apply to several of these recommendations. I'm having trouble visualizing what a pilot test or research agenda would look like.
I mean, we can generate it, but I think it behooves us to generate it and to be a little more specific about what a pilot test or a demonstration looks like. A demonstration of what? Is it a demonstration of how a health information exchange and electronic health record systems would implement the segmentation and sequestration of these kinds of sensitive data? Is that what's being demonstrated? I'm seeing vertical and horizontal headshakes.
DR. FRANCIS: The first question would be is it feasible.
DR. FRIEDMAN: Is what feasible?
DR. FRANCIS: Is it feasible to identify. Actually, that's why the original letter had the difference between segmentation and sequestration. And we actually heard testimony about proposals for developing the technology to separately identify genetic information that meets the GINA definition. So, the initial question would be -- this is not at all meant to be a recommendation at the first step that you pilot test putting it in patient care records. You can't do that now.
The question would be -- Sallie used the language in our earlier discussions of a glide path. And this is about starting on a glide path whereby the first step is you try to figure out the technical capabilities. Then you try to see whether or not you could actually do it in a record that would be requested by an employer. Remember this is all context related.
DR. CARR: Does this make sense: mechanisms to protect sensitive information in the following categories, or something like that? I mean, I hear what you're saying -- pilot test what? So are we pilot testing to protect --
DR. FRIEDMAN: Well, identify, and once identified --
DR. SUAREZ: I think you need to insert also electronic, because right now we have to do this. If we say it that way, it gives the impression that we're not doing what we are required to do.
DR. CARR: So mechanisms to identify, manage, and protect sensitive information in an electronic environment.
DR. FRIEDMAN: Right. And that's a very good start. But I think we need something like a paragraph that really defines how the identification of these types of information, which is so nicely laid out here, translates into things that have to happen in the world down the road.
DR. TANG: I want to help construct how I think the letter should start out, which is basically the Scanlon brothers --
(Laughter.)
What I would first do, I think we have learned through the entire course of hearings and our rich discussions that we've had, with the diverse perspectives we've had, which I think has contributed. I think we've had a lot of learning. And that has led us to question whether the original recommendation of categories is correct. And I can submit a paragraph to help document that.
And that's what leaves us the recommendation of doing further research and pilot testing of -- and I'll address Chuck's question. So what Justine said, which was mechanisms to identify and protect sensitive health information when being exchanged, let's say. And the follow-on proposal I would do as far as the categories is to try it out with two categories we know already need to by law, have to implement. And I think that's all we need because actually they are very rich and will bring up almost all of our issues we've discussed.
So let's -- instead of inventing new ones and having to argue about what's defined in and out, let's take the existing one, see if we can using categories implement that, and be open because of our uncovered weaknesses and the approach of using categories, other methods. And we can sort of enumerate other approaches.
But it would do a number of things. One, can we implement what's currently in law? Two, well then if we can't by using categories, let's try a different approach. Or if we can't find any way, feasible way to do it, one would have to question the way we write laws about sensitive information. And all of those things are really very constructive.
DR. CARR: Thank you, Paul. Walter?
DR. SUAREZ: I want to offer a couple of suggestions. I think the first one is we should not assume that nobody is doing this, and so we need to start from scratch and pilot test. So we should first ask that an assessment be made on how this is currently being done in the electronic world, first of all. And secondly, identify some of the best practices that might exist already in how to do this. By saying how to do this, I just don't mean exchanges. I mean disclosures of health information for various purposes.
I don't want to go to the use part, but just at least to ensure that we're talking about disclosures that are done electronically, from electronic health records through whatever means. And that there should not just be pilot testing and research, but actually evaluating how this is currently being done and identifying potential best practices. I think that's probably going to be a much more direct recommendation.
MS. MILAM: Listening to Chuck's comments about what ONC might do with the letter, I was thinking about Jim Scanlon's comments yesterday with regard to the other letter and how there would be implications possibly for the portal and the health insurance exchange. And I think that would be true of this letter, as well. So we might want to look at our opening comment, particularly with regard to the health insurance exchange. You still have HIPAA covered entities and HIPAA covered information flowing. So it probably would be useful in that context as well.
DR. HORNBROOK: Are we envisioning that the patient could eventually release their own health information through the web? So I would go to my website and say send my medical record to X because I want life insurance, or I want disability insurance, or I want to apply for camp or something.
DR. CARR: It's on the table.
DR. HORNBROOK: I just want to recognize that if somebody has sequestered part of their health record, they forward it without reducing or relieving that sequestration, they could be putting themselves at risk of a partial disclosure so that the benefit they get will then allow the company to deny them the benefit because they didn't give the full record.
MS. BERNSTEIN: Right. Well, one doesn't normally sequester it from themselves, right? If you're making it, you have the control.
DR. CARR: I think you raise a good point. But I think we've got a couple of themes going on here, and a couple of things to clarify. I heard Paul say that to focus on mechanisms to identify, manage and protect sensitive information being exchanged in an electronic environment, as regards to GINA and HIPAA mental health rule.
And a question I would have, because as I read through this, there are thematic elements that are related to mental health or to HIV and so on, which is where the elements reside, whether in the history, the problem list, the medication list, and so on. So whether it's HIV or whether it's mental health, we're still struggling with that. And so I do agree that if we solved it even just -- well, GINA as well actually -- if we had things we learned from those two that we actually have to comply with, we could then build on them for the next round. HIV is not part of this, but I mean they would be applicable to that.
My feeling with the letter is that there are so many things that we've raised that we've heard, and I think that it's fair to say that there's an array of areas. We've got to get this understanding, but we've got to then go back and think about it in the context of all of these things that the testifiers told us. But I think we have to have something to do that is big enough and actionable, and that will have an endpoint that can be built upon.
And so I'd just like to put that out there for additional comment about whether we want to go back to the recommendation that came yesterday of limiting it to GINA and mental health for HIPAA and develop that more fully, or whether we should consider other things.
DR. FRANCIS: Could I just say a couple of things about that quickly? The current design of it, those aren't the only two federal, right? And of course there are many states. So, my own comment about that is of course it's a start, but it's a start everybody knows you have to do. So if we're adding value, I think we would be adding value to calling attention to the fact that beyond psychotherapy notes, there's the pay cash and so on.
DR. CARR: Just to add, because you have the mental health in three different parts. And do we roll that all up and think about mental health. We have a partial responsibility --
DR. FRANCIS: I'll tell you why in this version I didn't. It's because as I heard the discussion yesterday, one of the concerns that people had was that a one size and one context fits all is a real mistake. And I think that's correct. And so although there's a sense in which psychotherapy notes and the state law definition are all related to mental health, they actually are delineated in a different way and the context would be different.
So the analytic framework that I used last night -- and it may be a mistaken framework -- was to really have three categories. The first category is the federal law ones. The second category is the state law ones, which do vary and were the recommendation is that we identify the elements that -- this is further work -- to identify the elements and see what the contexts are in which these elements are, and is there anything feasible.
So that's the second type. So there would be the federal law, then there would be the state law, and then the third one would be we're just giving you the information we have now that you consider for further development another category of mental health information and the sexually transmitted disease. We also have to be really careful not to lose the part that's at the end of the letter, the domestic violence and so one, which is absolutely critical to people's safety.
MS. GREENBERG: I would support the approach that Leslie has recommended. And I think that for all good reasons this letter has taken a somewhat different approach than was originally recommended. It has taken really the approach of recommending what needs to be tested, and I think that seems to be consistent with what most people are comfortable with, but also consistent with what has come out of the HIT policy committee saying that all of this testing is necessary. We're not ready for prime time.
But, I think we do have to remember that the committee agreed with the HIT policy committee, and has been working on for a number of years now even before that committee and before ARRA, try to identify sensitive information and how to define sensitive information. And I think to strip all of that from the letter would be unfortunate and would -- again, I think it's in the context of consideration based on hearings and based on testimony. So it's very balanced and not prescriptive. But I think you could say start this research with these two categories. But to only mention those to categories in the letter I think would be not as useful.
DR. CARR: I'm going to preempt my chair position to just say one thing. I agree with what you're saying. We have identified a growing list of sensitive information, and then use of sensitive. But really on the ONC side of it, when you think about the electronic exchange, you really are talking about five categories: the notes, the meds, the labs, and the problem list. I mean these are sort of the building blocks that you play. Whether it's HIV, whether it's mental health, or whatever it is, those are the variables. I mean, am I being too simplistic?
They're going to be playing with those same building blocks under each category. And that's where the uniformity is, that if we're trying to give a recommendation to say what can you do with these elements of an EHR to protect information, and then pick whatever topic you want.
DR. SUAREZ: I don't think you are being too simplistic. You pointed out exactly the reality. Those are the building blocks. So those were the building blocks for things like electronic health records, the meds, and the allergies, and the problem lists. These are the building blocks for the sensitive health information: the mental health, the GINA, and the sexual. These are the actual building blocks.
They're building blocks in the following sense in that they cover the vast majority of the critical elements of sensitive health information, just like meds and allergies are only part of the medical record, but they are the building blocks in terms of the most critical elements when we need to use electronic health records. So, in that sense I see them as building blocks.
I think, again, offering this array of lists categories, not just to do testing in an artificial environment, but to look at how things are being done, again with this idea of assessing how is it being done currently. What are some of the best practices that are being done with all of these categories; not just two. Why start with two? Why don't we try to cover the core ones that we have already identified to assess, to look at how they are being done, to look at piloting each of those five or so, areas. I think that's the opportunity that we have.
DR. GREEN: I want to hit the pause button. I want to go back to what I interpreted about 45 minutes ago as a near moment of progress in the purpose of this letter. I want to make the following argument: this is a hell of a good letter. It's a long letter, but I believe Leslie and John and this committee have presented us this morning with a proposed letter that is responsive of what we asked them to do. That's my personal opinion.
I do not think at this point we should rewrite this letter or deconstruct it. I believe what is required at this moment in our story is that this letter requires a little reorganization and some reformatting, and that we should accept a couple of limitations. One, it's going to be a longer letter. Secondly, it is not going to define the pilot testing.
Third, in the last 30 minutes or so of conversation I heard a very important adjustment in the letter, and it was to follow up on Bill Scanlon's suggestion about focusing it on research and stuff. We need to include in it that bullet that we recommend an assessment of currently attempting approaches. That needs to go into it in addition to the pilot testing.
DR. FRANCIS: Absolutely.
DR. GREEN: If we did that, the letter really comes down to, I believe, three recommendations. And what Leslie has written here and presented this morning can be organized under these, I believe, to our benefit and to help deal with Justine's point about you've got to know what we're recommending here; it's kind of messy.
But it comes down very close to being we're recommending research focused on segmentation and sequestration strategies to achieve privacy and confidentiality requirements. It's something like that. And that has two components. One is, an environmental assessment of the state of the art and where we are with this, and the second is pilot testing some stuff.
It secondly says this research needs to be cognizant of and aligned with existing federal and state law. And the third recommendation basically is that we say here are areas that we recommend you consider for the pilot testing. And that's where we've been arguing whether there's going to be two of those, or five of those, or whatever. But that's basically the three recommendations.
Those are the bold, bulleted headlines that need to be 1, 2, and 3 in my opinion in the reformatting. However, I don't care how it's reformatted all that much just so long as it retains this fabulous amount of information. This is a very good piece of work, and we should not deconstruct it at this point. We should actually vote on it, and approve it, and move it forward in some manner.
DR. CARR: Well, let's not get ahead of ourselves here.
DR. TANG: Can I ask a question? Yesterday you had some different words and talked about how you didn't think that these categories could help. What's the reconciliation that went on?
DR. GREEN: The reconciliation was quite substantial in my opinion. The one is the way context was brought into this throughout the letter. This is really strongly stated that this is context-dependent stuff that we're talking about here. That helps a great deal.
The second one is not saying these are the categories of private, sensitive information that need to be defined -- NCVHS recommends as the information that needs to be protected. It says we need to figure out how to segment and sequester if we're going to use our previous recommendations about using categories of information.
If we're going to use these categories, we've got to start getting clear whether or not we can find them, whether we can sequester them, and to do this testing we're going to have to identify some areas that we can look at. The Secretary, or ONC, or someone else could decide to only test in one area. We're not saying you've got to test all of these areas and all of this has to be done.
This is a research recommendation. I think we're staying in our skin. I think it builds on the prior work. And although I like brief letters, I like things that just come out with two recommendations -- we've already handled a couple of very long letters. Let's handle another long letter.
DR. FRANCIS: I would second Larry's motion and I would volunteer to work with Larry to craft the exact language that Larry just stated.
DR. CARR: Larry has just been recruited. Thank you. That was very helpful.
DR. SUAREZ: I would second Leslie's second.
DR. CARR: Okay. But wait; we're not there yet because we have a couple more discussions going on. I believe I had Chuck.
DR. FRIEDAN: Yes, Larry just really moved the needle I think.
DR. MIDDLETON: And Justine, this is Blackford on the phone.
DR. CARR: Blackford Middleton. Wow! Where are you?
DR. MIDDLETON: I'm calling in from South Africa.
DR. CARR: That's dedication. For that purpose I'm going to let you jump the line in front of Judy. Go ahead, Blackford.
DR. MIDDLETON: Thank you very much. And I apologize I couldn't be there in person. I came to Medinfo, which was terrific, and I'll tell you about that later. I have read the letter and I've been following this conversation today only for about the past half an hour.
But I guess the main question I have is someone could just repeat perhaps the conversation you've already had about how this letter goes into some form of evaluation and testing phase for implementation. I think, while the categories are sensible, there certainly is a huge implementation consideration or implication to be assessed as this moves forward. I don't know understand from today's conversation how that will be handled.
DR. CARR: Yesterday, Blackford, we had extensive discussion about the burden, human factor burden, or cost, whatever resources needed to achieve this, whether it be in the setting of an office visit and so one. And so for that reason, we've added that part of the analysis; what is the effort, cost needed to achieve these various scenarios. Is that helpful?
DR. MIDDLETON: That is. And I guess the principle I would just like to espouse, which other may feel, is to the extent that we can recognize the value of privacy and security and confidentiality of data, it does have to be measured against, of course, the burden of maintaining that privacy, security and confidentiality, whether it is in technical terms, you know, provisions technically, or human terms. And as long as we are aware of that, I think we can arrive at something that is practical and doable.
DR. CARR: Well said. Did you get the copy that was sent out last night, Blackford?
DR. MIDDLETON: Yes, I did.
DR. FRANCIS: I sent it to the full committee distribution list that I had.
MS. GREENBERG: It should have gone to the liaisons. I didn't get it either, so there may have been some breakdown.
DR. FRIEDMAN: So, as I was saying, Larry really did move the needle and reflected many of the things I was going to say. I would just add one point. I'm hearing an emphasis on projecting this on information exchange, but it's very important to note this is not just an issue for information exchange. It will be important to emphasize that disclosures within and institution are strongly affected by this.
DR. SUAREZ: Well, disclosures within an institution would be considered uses within the context of HIPAA. But absolutely, I think this doesn't stop or start at the exchange.
DR. FRIEDMAN: Right. It's not restricted to matters relating to movement across the boundaries of institutions. It's intra-institutional as well as inter-institutional.
DR. SUAREZ: Essentially we had that in the original letter, uses and disclosures, but we started to move away from uses and try to focus more on disclosures. But I think we all agree with your perspective.
DR. FRANCIS: The beginning actually says electronic medical records and health information exchange.
DR. CARR: Do you have a concern about that, Chuck?
DR. FRIEDMAN: Just that we keep the scope broad.
DR. WARREN: So, I've been sitting here looking at the letter. And I don't know whether you're aware or not, but you have 16 recommendations in the letter. And when you look at the recommendations that you're asking us to do, they're really kind of fragmented.
DR. FRANCIS: I'm sorry. I can't hear you.
DR. WARREN: In the current letter you have 16 recommendations. I counted them, highlighted them, I can check them with you. I took everything that says NCVHS recommends and highlighted it. And when I look at those recommendations, as I pull them out, it really fragments this whole discussion. Or at least in my mind it does. So I was very relieved when Larry took what I was beginning to struggle with and broke it down to the basic three. That I think really should be the recommendations, and then take these 16 and blend them more into the discussion, because they're all about creating definitions. They are about identifying what data is there. And I think if you keep that, but take out the word recommends, you'll have a real crisp one.
And then at the end of the letter you can write his three recommendations without having to do a whole lot more reconstruction of the letter. I agree, there's a lot of information that I did not get the first time around that made me more comfortable with it. It was just finding all of these little pieces and not being able to figure out what I was supposed to agree to.
DR. HORNBROOK: On the research issue, I haven't heard anybody talk about research on patients. I mean all of this disclosure stuff, one of the key actors is what are patients going to do. They're the ones that have to make the decisions about what's sensitive and how to implement that. So, the letter seems to be talking about the research from the informatics side, as if somebody had a big information exchange, how are they going to prevent data that's sequestered from entering the exchange stream. But Chuck is right, from a patient perspective, how the data moves even within their own health care institution is important to them.
Inside our medical group we have a long history of discussions about disclosures within the medical group. And at one point mental health information, including your diagnoses and your drugs, were protected and a primary care physician couldn't see that. They didn't know a person was being treated for depression.
So they've reconsidered that, and now primary care can see everything because they made a very successful argument that's part of high quality care. You need to know a patient's full medical history. What is sequestered is the literal content of fantasies, and discussions within the psychotherapy. So that record, section is walled off. We need a higher level of security to get to it.
And I'm thinking here that you need to think about a research agenda for the EMR vendors. How in the world to they create the tools to sequester whatever block of information you want to block off? And how do patients then get how to interface with that? Is it even possible for a patient to understand what you're talking about here?
DR. CARR: So we're going to -- your points are well taken, but we've got -- I mean, part of the assessment is what is feasible to do. And you're raising a good point about patient input. And you're also actually recommending Kaiser as one of the landscape entities that we would look at.
Okay. We are approaching -- I want to ask, is Marc Overhage back on?
(No response.)
Okay, Paul, did you have a comment?
DR. TANG: May I read a paragraph? What I'm trying to do is make sure that the learning is about whether there are alternative categories that get put in there. So if I can read the paragraph that's up -- it would be the second paragraph. So, after paragraph one that says, one possible strategy is such and such --
DR. FRANCIS: Let me get to where you are. You're where?
DR. TANG: It's your second paragraph on the screen. In the middle it starts with the on possible strategy, and that's fine. And then the "we recommend selection of certain categories," what I would do is propend that with a phrase: "To further explore the feasibility and implications of using categories to segment data, we recommend," et cetera, just to say that's not the only way.
The paragraph that I would add is: "As we began to specify the details of categories, we immediately uncovered questions about whether to include a particular data element in the sense of the category. We assume that the data that most people would consider sensitive would fall into one of a few categories of information. However, as we probed the inclusion and exclusion of data in a category, we found the classification scheme would propose to be inclusive, but not very specific, i.e., there's a fairly high probability of segmenting data as sensitive when the data element is not particularly sensitive to an individual, and when it's sequestered, it may adversely affect patient care decisions. For these reasons we're not convinced that segmenting data based on categories is the best approach to protecting certain data elements that patients may consider sensitive and not want to share. We recommend that the Secretary undertake further research to explore other methods of protecting sensitive data that may not depend on the use of categories.
DR. FRANCIS: May I just make a comment about that? First of all, recall that we're talking about context different controls. So we're not talking about necessarily treatment. And what you suggest, number one, doesn't track the law, and number two, we actually don't have any testimony that supports that alternative. So, that could be -- we could say something about how as part of -- what I was going to say is as part of the current best practices we see whether anybody is doing that -- we could certainly do that -- and take it from there. It's certainly part of the landscape.
DR. CARR: I'm confused. There's a fundamental dialogue that's going on here that doesn't sync out. I thought I just heard Chuck say that we've got to think about the continuum. And I thought that's what Paul was saying, that we're not just going to have a category that it's all the uses and all of the elements. And I don't see a divergent; I see that a kind of conformance.
DR. SUAREZ: I think you're talking about two different things. What Chuck was referring to was uses and disclosures, not about granularity. It was not about categories or not categories; it's about whether the data is to be protected within an organization or also externally.
DR. FRIEDMAN: Yes, I agree with Walter.
DR. GREEN: I think Paul's suggestion could be incorporated to advantage, and it would improve the letter in the following way. The letter actually has as a strength its focus on building on prior work, where we were, what we thought, and says we've got to come to terms with this. Either we can or we can't do it by category. And if we're going to do it by category, we have to have the capacity to segment and sequester. So we recommend that that get going. We need to recognize that we have reason to believe that this may not work, and that other approaches may have to be taken.
DR. CARR: No, that's what Paul was saying, though. That's just exactly --
DR. GREEN: But where I want to push back just a little bit is, I don't think we should recommend in this letter a new area of research for which we don't have support. This letter stays inside its skin if it stays with categories, stays with sequestration and segmentation. But I think we should incorporate into the letter what Paul just said, which is fundamentally we are no longer as confident as we once were that this is doable, feasible, practical, helpful. It may not achieve the desired end, and we may have to be prepared to study other approaches. I think that should be put in the letter somewhere.
DR. FRANCIS: That is at the end. That is the final paragraph, and that's exactly what I was trying to --
DR. TANG: There's actually a difference between, I think, the motivation for Bill saying this is about research, this is not about the solution -- it's got to have a motivation, because if we were always right about the categories, and the way that we constructed law as by categories, then we would just go implement it.
So when you say it's not supported by law, it may turn out that -- I don't understand that comment because there are certain things that they want to protect. How you do it is irrelevant. Also, we can only restate things that have been said in testimony. We obviously have an assimilative role here.
My purpose of bringing it up in front is the same that Bill said, we're not done yet. We understand that actually -- we've discovered through this process that categories may not work. And that needs to be said up front to set up the argument for why we believe this letter primarily is about research on figuring out to protect information.
DR. SUAREZ: I think, Larry, you said it very well. We all agree, I think, that we need the capability of doing segmentation and sequestration. I think we all agree on that. There could be three different levels -- or more perhaps. One is segmentation or sequestration of the whole record at one end. The other end is segmentation and sequestration of data elements. And in the middle there's some way of organizing the data elements to make them be able to be sequestered and segmented. And we think that today some organizations, some HIEs are in this end of the spectrum saying all or nothing; that's wrong. We don't think we should go to the individual data element level, because that's wrong. And we need to find a good middle ground with a series of categories of data.
Now, it is understandable that one data element could be in one or more categories at different times and for different contexts. But we still have to have the capability to segment and sequester data based on categories of data, at least as we see it feasible.
DR. CARR: What I would like to do now is to summarize the contributions that have been discussed today that would be worked into the letter through the efforts of Leslie and Larry. And then I would like to entertain a proposal to accept the letter with the changes as recommended. There will be some rework. And then I would like a show of hands for acceptance of the letter.
So, I'm going to read at least what I understand to be the additions that we've come up with. The recommendation is NCVHS recommends research and pilot testing that will address mechanisms to identify, manage, and protect sensitive information being exchanged in the electronic environment. That's one recommendation. And those recommendations would include an environmental assessment, pilot testing, alignment with current federal and state law, and patient input. So that's one thing.
The other was that the letter will incorporate mention of all of the areas that have been identified. And the decision about where to test it could be one or all of those areas.
Now, I heard Paul's language saying that we used to think we had all the answers with categories. And now we think that categories don't quite do it, and there's a continuum. And Larry was going to take that and incorporate that into the letter. What else?
MS. BERNSTEIN: Well, that's what I wanted to respond to, that specific last statement. I think that the organization of the letter when we worked after hours last night, the reason that we put the federal law up front is because -- we didn't think of it as the fact that we don't know the answer or whether this is going to work or not as the motivation for doing this. The original motivation comes to us because the law requires us to do it in certain cases anyway. And so we're going to see how to do -- I mean, if it doesn't work, we've got much bigger problems than just finding another way. We have to change the law, because we can't actually implement what the Congress has asked us to do.
DR. TANG: And can you say what law you're saying you're trying to implement?
MS. BERNSTEIN: Well, for example, GINA.
DR. TANG: But GINA didn't say categories; they said kinds of data.
MS. BERNSTEIN: No, GINA is an example of a category that you have to do something with and manage separately. Paying cash is an example of type of record that you have to learn how to manage. If we learn how to manage -- I mean, we can learn how to manage those.
But the other point I want to make is that we don't want to hamstring those people who are testing or doing research or whatever to only those narrow things that have already been agreed to by the Congress, the President, and so forth. We want to be a little more open about the possibility for it.
As Walter suggested in particular, this is already going on out there. The developers are already developing this stuff. And we should look to what they're doing, see what the best practices are. I mean, I thought that was a great addition today that we hadn't captured in a letter before. Recognize that this is actually already ongoing and we're really expanding on this and asking the Secretary to support that work.
DR. CARR: We need to take a next step. I'm going to let Marjorie have the last word, then I'm going to ask Larry to make a proposal.
MS. GREENBERG: I do think it's very important that we clarify this last point, because just what I hear is -- and with respect to everybody's points of view, this letter states that there are already categories that have been identified. The committee has made recommendations about identifying sensitive categories. These are the categories that are already in law. There are other ones that are already in some state law, and there are others that we heard about in testimony.
The committee recognizes that at the end of the day after testing, et cetera, taking this categorical approach could be problematic, and it says that. It isn't a simple approach, and it needs a lot of study. That's what I think the letter says.
I hear Paul saying he would like the letter to say that we now realize that identifying sensitive categories is probably not the right approach. I think he has come to that conclusion. Those are really different. And so, I think the letter -- either you have to vote on two versions, or vote on the first version and then if it doesn't pass, try another version. But I think, with all due respect to the chair, if you tell the people trying to revise this letter to incorporate Paul's position, then it's a different letter.
DR. CARR: Okay. Let me just clarify, because I'm not hearing this the same way. I think that our vernacular led us to talk about categories because that fits with our experience. And categories are a roadmap. I mean, it's not the law. The law is about GINA, or the law is about HIPAA. To me, the categories are a roadmap leading us to these sensitive areas. And as we're seeing, even beyond the law there are more sensitive areas. And as we have our discussions they're extremely context sensitive areas. So, while the categories provide a good starting point, it's not an endpoint. And so I thought that was what Paul was trying to say, that we may not find the term category to be as -- it will always guide us, but it should not limit us, because there is sensitivity --
MS. GREENBERG: I think the letter says that now.
DR. CARR: Right. But I want to be really clear because I think you think that there is a difference, and I think we're saying that the taxonomy of categories brought us to this point. Our experience, our insights, our dialogue and our understanding has evolved to say that taxonomy of categories, while helpful, may not be complete or sufficient. So, let's just clarify that. Am I saying that correctly?
DR. TANG: Yes. And the whole reason for bringing it up front is to justify why we would ask for further research. If we were already convinced and further convinced that categories is the way to go, we would just pilot, test, and implement rather than understand the implications and the possibilities that there may be other ways of looking at data, other than a category that you can predefine. That's what I'm trying to say.
DR. FRIEDMAN: I'm concerned, and this gets back to something we were discussing yesterday and I'm now seeing, now that I see the new letter, is still in play. There's a risk, in my opinion, by virtue of the way we frame this up front, of setting this up in a retrograde way that doesn't reflect the way people are already predominantly thinking about this problem. And the idea that one would assign a kind of data in some permanent, persistent way to a category, whatever that category is, is running counter to I think an emerging view that any element of data can take on attributes by virtue of its local context expressed technically in its local metadata.
I think we have to reflect in the report that kind of thinking, which affects the way people frame the challenge both from a policy perspective and a technical perspective. I don't think this is a substantive change to the report. It's just the way it gets framed up from the outset.
And I'm a little bit on thin ice here in saying what we would say about the specific elements of data that are called out in the report. I still think there is something important about all of -- something very important about all the categories of data that are called out. But it shouldn't be implied that these have some permanent, persistent property.
DR. CARR: Okay. So now, Marjorie, are you in agreement that what we heard from Paul and what we heard from Chuck resonates with the direction that we're going?
MS. GREENBERG: I have to admit I'm a little confused. I think what Chuck said is fine. It's a nuance. It relates to what is already said in the letter, but something could be sensitive to anybody. And something that's sensitive in one context may not be sensitive in another context. Address was given as an example in the letter. You know, that could be very sensitive if someone is trying to track someone down to abuse them or something. I'm okay with that.
I heard Paul say -- but maybe I'm wrong -- but I heard him say that he would like the letter to start off by saying after we've really studied this we really don't think categories is such a good idea. That's what I heard him say.
DR. CARR: Okay. So we want to clarify that. Are we throwing out the concept of categories altogether, or are we saying that categories bring us part way there, but not all the way.
DR. TANG: Do you want me to read it again? I believe that I've said what Chuck said exactly. And the reason is because we need to alert people -- the entrenched stuff. People came from categories; that's why we have certain laws that feel like they're categories, and it could be not true. And that's my alert. It's just an alert to the reader. If you bury it at the end, you haven't done -- that's what Chuck is saying.
DR. SUAREZ: I think it's going to be important to point out to that we refer to here categories are attributes of data. We're not, by virtue of saying categories here, we're not negating the fact that they are attributes of the data.
MS. BERNSTEIN: Also, more than one might apply. What I heard Chuck saying is more than one might apply. We're not -- if it's mental health, that doesn't mean it's only mental health and it's always mental health, but that the attribute might change. It could be more than one attribute in one of these categories. That's part of what I heard you saying.
DR. SUAREZ: We're very much in line with your concept that the categories are attributes of data.
DR. FRIEDMAN: I don't feel like I have any fundamental difference with Paul, with what Paul is saying. I'm saying, say it up front in the way you frame the problem. And what Paul is putting at the end is a logical deduction from the way the problem would be framed from the outset.
DR. TANG: No, actually it's in the end. I'm proposing to put it up front. So that's why we vigorously agree.
DR. GREEN: I move approval of the letter with the following understanding. One is that the initial framing will capture the reason we're writing this letter now. And we're writing this letter now because there's been very little progress on prior recommendations and work related to privacy and security and remains a serious concern that threatens the utility of this nation of the national health information network that we're going to a lot of trouble to do.
We're writing it now because we have learned more about it, and it's kind of a confusing mess. We believe that there is a need for the Secretary to initiate some research efforts that would include an assessment of the state of the art now, where they field is and where it's moved, and also some pilot testing of strategies that have been previously proposed and instances are required by law, both federal and state.
So, that captures Paul's intent, I think, about the framing that where he makes it very explicit that this categorization thing may not be the way to think about this thing at all. And it leaves room for Chuck's point that data that have attributes don't require this step or whatever. It doesn't foreclose any of that, but it does position the letter to be driven off of our prior work, the hearings, the testimony, and what exists. It stays where we are.
With that framing, then the letter will be reformatted to simplify and call out the recommendations to enhance its understandability and that will be reviewed and approved by the Executive Committee.
DR. WARREN: Second.
DR. CARR: Okay. All in favor? Oh -- discussion, sorry.
DR. TANG: We spend a lot of time on words in all of our letters. I would like to see if I can get approval for the words that I'm writing to express what Chuck and I feel about -- I'll read it.
MS. GREENBERG: He's actually recommending an amendment to the letter.
DR. CARR: Let's hear it again. So what we've heard is that the recommendation includes incorporating the content of Paul's paragraph.
DR. WARREN: We have the motion that I seconded.
DR. CARR: The motion that we just heard captures Paul's intent.
DR. GREEN: So to get very explicit, Paul's comments – we have to fix this right now if this is wrong, Paul. Paul's comments are not saying abandon categorization and start a new approach. He is saying that we're not making enough progress on this thing, and that it's possible that this whole categorization idea is not going to work. So we frame our letter with that reality, but it is not a recommendation that we abandon categories.
DR. TANG: Right. And I'd be happy to read the text if that helps people. And I am recommending that it be up front, and it's very much in concert with what Chuck said. It is something that we have discovered through this process, and because there are so many people, I think the way he said it, that are sort of entrenched in some of the former ways, like we were, we need to bring this to people's attention. That is the contribution.
DR. CARR: What I've heard is that the letter as it stands is not what's up for a vote. The letter that is up for a vote is the content of that with the specificity on the recommendations to be as I mentioned earlier, and a framing paragraph in the beginning that points to the fact that our learning's have brought us to a place where categories are helpful, they are not always sufficient to help us get to sensitive data.
MS. BERNSTEIN: That is the very question, I think, that this letter is whether we are there yet. Paul has already, I think, gone to a place where he's determined –
DR. TANG: Can I read it again and let people decide.
MS. BERNSTEIN: We've heard it already. It's on the record.
DR. CARR: So, there is discussion about what we recall hearing, and so in order to enlighten this discussion we will ask Paul to re-read that.
DR. TANG: As we began to specify the details of the categories, we immediately uncovered questions about whether to include a particular data element in a sensitive category. We assume that the data most people may consider sensitive would fall into one of a few categories of information. However, as we probed the inclusion and exclusion of data in a category, we found the classification scheme we proposed to be inclusive, but not very specific (i.e., there's a fairly high probability of segmenting data as sensitive when the data element is not particularly sensitive to an individual, and its sequestering may adversely affect patient care decisions.) For these reasons we're not convinced that segmenting data based on categories is the best approach to protecting certain data. We recommend that the Secretary undertake further research to explore other methods of protecting sensitive data that may not depend on use of categories.
DR. STEINWACHS: Can I just make a suggestion? This is going to be -- you've made a recommendation, Paul, for a way to say it, but it still has to be put into the letter and integrated. And it then comes to the executive subcommittee. And you are on the executive subcommittee. I think it's almost impossible to approve the paragraph, and then say Leslie and Larry are going to go rework the letter and then bring it back to the executive subcommittee. So, you know, I think we agree on the concept; at least I certainly do. And we ought to go ahead with the vote.
DR. FRANCIS: What I just wanted to say about that is where I get off of this is a recommendation that says that we reject categorization.
DR. STEINWACHS: We've got three recommendations I think. This talks about the rationale and the concerns.
MS. GREENBERG: I just think we have to recognize that we can't send a letter that basically has all of this discussion about categories and fundamentally undermine the letter in the first paragraph.
DR. GREEN: I agree with Marjorie; we can't do that.
DR. SCANLON: I think we could modify what Paul just said by saying, investigate others in addition to, and that would cover it.
DR. CARR: I think that we are not prepared to accept the exact wording because we have to see the flow of the letter, but we are prepared to accept the statement that our understanding is evolving, and that in addition to categories, there are other dimensions. There may be, and we'll learn.
DR. SCANLON: Could I just say from a procedural perspective, I think that while in the past we have said we're approving something and we're giving it to the executive subcommittee to approve, this is a bigger change than what we've done sort of in the past. And I think from a good procedure perspective, what we should approve is in essence a charge to revise this letter according to this charge, and then the entire committee gets it and we approve it without -- we approve it either via email or over the phone. There's at least one precedent for that in the past that I remember.
DR. SUAREZ: If I may say, I think we have 90 percent of the letter pretty much in consensus, if I understand what I heard. I think the only part that is not defining wording is the introduction, except the clear points that Larry makes. That is where we are; we are 95 percent there.
DR. CARR: Yes, I do agree. I mean, is there anyone here who feels that there's anything that will appear in this letter that needs further discussion before we go. Chuck?
DR. FRIEDMAN: I just want to make it clear that what I'm about to say can all be handled in the framing. But it's very important to get the framing right. I am very concerned that unless we get the framing right people will read this letter and say these guys are stuck in the 80s, and it dawned on them that maybe something has happened since 1980, but they're not quite sure what it is.
So, I think we have to, instead of saying it that way, acknowledge that there is a different view of the world that captures data in context. And we can say this in a way that makes it technically possible to do the kinds of things envisioned here. Then we have to find a way to say, but calling out these specific kinds of data would sort of default to sensitive, even though context can change that. Or other kinds of data that default to non-sensitive can be made sensitive. That's the point that we want to make.
Identifying those data that default to sensitive is a major push forward by this report. It's just how we write the first two paragraphs, and I think that can be very easily done to reflect the sentiment Paul is trying to convey -- and others. I just don't want people to say, oh my God, they're stuck in the 80s.
MS. GREENBERG: All good discussion; it will all be in the transcript. I guess, as the executive secretary, but I defer to the chair, I think there was a commitment for an up or down vote on the letter. We have a -- and so to say no, just give them a charge, I think doesn't advance us very much. But it might be. If people vote against the letter, than that's a second motion.
We do have a motion from Larry. We have a second from Judy. I think it's time for an up or down vote on the letter, and then see next steps after that happens. That's my view.
DR. MIDDLETON: So, just to clarify, is the movement or the proposition then on the letter as amended by Paul's language, or as originally stated?
DR. CARR: No, the letter will be amended by the recommendations that came forward today about specificity in terms of the pilots and what they're intended to accomplish and by the addition of some framing, two paragraphs as Chuck just outlined, to demonstrate that we're not in the 80s, but that we're aware of the evolving landscape. And thirdly, that we trim some of the narrative to put in footnotes where possible.
DR. MIDDLETON: So another point of order or clarification, this vote then only votes to move forward with the process; it's not voting on a final letter, is that correct?
DR. CARR: No, it's a vote that we have communicated clearly to the final writers, Leslie and Larry, the intent and expectation of the committee, and that we give them the right to go ahead with this letter. But it would still go to the executive subcommittee before the final release.
MS. GREENBERG: The vote is on the letter with all the caveats that have been described, though no specific language that has been offered. It would not have to -- if it passes, it does not have to come back to the full committee. It will go be reviewed by the executive subcommittee for, you know, finalization like we often do. That means that all the members of the executive subcommittee, which includes the liaisons, that includes you Chuck, will have an opportunity to look at it and say, "Oh this wasn't what we thought," and you know. But it's not going to come back to the full committee, and the executive subcommittee --
DR. CARR: Will exercise its right on behalf of the committee.
DR. TANG: I didn't hear -- you said it did not include my edits?
DR. CARR: It includes your concepts up front as framed by Larry's statement and Chucks. So it sounds like Paul's asking are we going to have it just at the end of the letter, or is it going to be in the beginning of the letter. And I thought I --
DR. GREEN: It's going to be -- the concept will be part of the framing, as will Chuck's point.
DR. CARR: The introductory framing comments. Not his specific language, but the concepts. It may or may not include his language. Okay. I'm going to just call on one at a time so that we get this count correct. Mark Hornbrook, do you support that; yes or no?
DR. HORNBROOK: Approve.
DR. CARR: Sallie?
MS. MILAM: Approve.
DR. CARR: Larry?
DR. GREEN: Approve.
DR. CARR: Don? Judy?
DR. STEINWACHS: Approve.
DR. CARR: Justine, yes. Paul?
DR. TANG: I'm afraid I'm with Bill. I can't -- that amount of change is --
DR. CARR: Okay. Leslie?
DR. FRANCIS: Approve.
DR. CARR: John?
MR. HOUSTON: Approve.
DR. CARR: Bill?
DR. SCANLON: No.
DR. CARR: And are we missing anybody? Blackford?
DR. MIDDLETON: No.
DR. CARR: Okay. Marc Overhage? Okay. We have 13 people voting; is that right?
(Counting)
Twelve, with Blackford it's 12. So we have three no's and nine yeses. What did we say last night, 25 percent, 75 percent?
DR. FRANCIS: You said four no's and you would move it forward.
DR. CARR: Yes, so I think we go forward with the plan that Larry and Leslie will aptly represent the discussion today, and this will come back hopefully within the week to the executive subcommittee for final approval.
DR. STEINWACHS: Let me just ask, the executive subcommittee is going to do the final approval, but will the letter be circulated to the full committee at the time the executive subcommittee gets it, too, so that there's an opportunity for non-executive subcommittee at least to talk to those and talk to you.
DR. CARR: Sure. Larry?
DR. GREEN: Is there any reason why we would not, having done that, then invite the response of the entire committee to look at it?
DR. CARR: We're going to circulate it and invite the response of the full committee. Our motion was that it goes to the executive subcommittee, which is how it's done almost more for logistics, but I think the actual circulating will give ample opportunity for input from everyone on the committee to members of the executive subcommittee.
MS. GREENBERG: Actually, I thought what Larry was going to suggest is if those who have voted against the letter, once they actually see the final version, then their comfort level is raised, they could change their vote, I think. They don't have to.
DR. CARR: Well, they're just saying -- yes, we're still going to review the letter.
DR. SCANLON: And I thing our vote -- or at least my vote is on the process, not sort of on the substance of the discussion. And I think it's more of how sort of external parties would view our deliberations. But if you listen to the discussion we had, which was rich and varied, and then you ask sort of, okay, what does this imply for the letter, it's very difficult to envision that it's going to imply for the letter. And so there's this question of voting with, sort of with confidence in terms of what is on the table.
DR. CARR: So, let the record reflect that Bill and -- Paul is that your, do you share Bill's view that it's a process issue? And Blackford, are you voting because you don't support the letter or because you don't, you prefer a different process?
DR. MIDDLETON: I don't support the letter as it's currently written, and I thought the process was -- I mean what I understood was that the executive committee would still receive a revised letter, so my final determination I could offer at that time.
DR. CARR: Okay, right. So really no one is voting against the content until we see the final letters.
DR. TANG: I mean, I'm like Blackford, which is, I'm not happy with the content now, and I'm not happy with not being able to vote on the content. And I just got and email or text from Marc and he's voting no.
MS. GREENBERG: That is not the way we vote.
DR. CARR: I think we just have to get the next iteration, and there will be an opportunity -- well, let me ask you what's the process then? If the letter's not satisfactory to the executive subcommittee, what's the process?
MS. GREENBERG: The executive subcommittee would have to recommend that it ask the committee to reconsider it.
DR. CARR: Okay. So, if it's not acceptable to the executive subcommittee, it comes back to the full committee.
MS. GREENBERG: Yes, the executive subcommittee has the right to say, we were given this charge, we aren't happy with what we got and take it back. The committee could then say, no, we told you the first time to go with the letter, or it could say, fine. But you have that right.
DR. CARR: No pressure, Larry and Leslie. Do you want to state a timeframe? I said within a week, if we could get the draft within a week; does that seem realistic? Thank you.
Moving on. I think we're at the end of our -- we've exceeded the end of the hour. There are a couple of things that I think we'll do the subcommittee -- we have an executive committee retreat this afternoon, and we'll do the subcommittee report outs at that time. We'll postpone the updates from the summer meetings.
Are there any other comments? I thank you all. The amount of work that went on in these two days is really exceptional, and I applaud the efforts and thank you for them and look forward to our December meeting. Adjourned.
(Whereupon, at 12:45 P.M., the meeting was adjourned.)