[This Transcript is Unedited]
Hilton Embassy Row Hotel
Washington, D.C.
Proceedings by:
CASET Associates, Ltd.
10201 Lee Highway, Suite 180
Fairfax, Virginia 22030
MR. ROTHSTEIN: Good morning. My name is Mark Rothstein. I am the Director of the Institute for Bioethics for Health Policy and Law at the University of Louisville School of Medicine. It is my privilege to chair the Subcommittee on Privacy and Confidentiality of the National Committee on Vital and Health Statistics. The NCVHS is a federal advisory committee made up of private citizens, to make recommendations to the Secretary of HHS on matters of health information policy. On behalf of my colleagues on the subcommittee and our staff, I want to welcome you to today’s hearing on “Consumer Controls for Sensitive Health Records”.
I believe we are being broadcast live on the internet and I want to welcome our internet listeners as well, and also the people who are going to be calling in.
We will begin with introductions of the members of the subcommittee, staff, witnesses and guests. Subcommittee members should disclose any conflicts of interest, others need not do so. I will begin by observing that I have no conflicts of interest.
John.
MR. HOUSTON: John Houston with the University of Pittsburgh Medical Center. Member of the Subcommittee, as well as the Committee, and I have no conflicts.
MR. REYNOLDS: Harry Reynolds with Blue Cross and Blue Shields of North Carolina. Member of the Subcommittee, member of the Full Committee, and I have no conflicts.
MS. WATTENBERG: Sarah Wattenberg, Substance Abuse Mental Health Services Administration
MS. McANDREW: Sue McAndrew, Office for Civil Rights, privacy liason to the Subcommittee.
DR. TANG: Paul Tang, Palo Alto Medical Foundation, member of the Subcommittee and Committee, and no conflicts.
MS. FLOYD: Cheryl Floyd, Executive Director of the Pennsylvania Recovery Organization Alliance. There is no conflict.
MS. CHAPPER: Amy Chapper, Centers for Medicare and Medicaid Services. Staff to the Subcommittee.
DR. FRANCIS: Leslie Francis. I am a law professor and a philosophy professor at the University of Utah. I am a member of the Subcommittee and the Full Committee and I have no conflicts.
DR. COHN: I am Simon Cohen. I am Associate Executive Director for Kaiser Permanente. I Chair the Full Committee and a member of the Subcommittee and I have no conflicts.
MS. BERNSTEIN: I am Maya Bernstein. I am the lead on privacy policy in the Office of the Assistant Secretary for Planning and Evaluation. I am lead staff for this Subcommittee.
(Audience introductions).
MS. HORLIK: (on phone) Gail Horlick, staff to the Subcommittee.
MR. ROTHSTEIN: Anyone else? Dr. Fagnant.
DR. FAGNANT: Yes.
MR. ROTHSTEIN: Can you just introduce yourself briefly?
DR. FAGNANT: Yes. Dr. Bob Fagnant, fellow of ACOG, College of Obstetricians and Gynecologists. Currently living in St. George, Utah and employed at this time by Intermountain Healthcare and have previously been in private practice for 19 years.
MR. ROTHSTEIN: Thank you. We will ask you for your testimony shortly. This afternoon from 2:45 p.m. to 3:15 p.m., members of the public may testify for up to five minutes on issues related to the topic of today’s hearing. If you want to testify, please sign up at the registration table.
Invited witnesses have been asked to limit their initial remarks to 15 minutes. After all the witnesses on a panel have testified we will have time for questions and discussion. Witnesses may submit additional written testimony to Maya Bernstein within two weeks of the hearing. I would request that witnesses and guests turn off their cell phones and any other electronic devices that could interrupt the hearing. Also, because we are being broadcast over the internet and recorded for transcription, I would ask members of the subcommittee to speak clearly into microphones and remember to turn them on when you speak.
To introduce the topic of today’s hearing I want to refer the NCVHS letter to the Secretary Levitt of June 22, 2006. Our letter on privacy and confidentiality and the nationwide health information network. The following two recommendations dealt with the topic of today’s hearing. R6; HHS should access the desireabliity and pleaseability of allowing individuals to control access to the specific content of their health records by the NHIN, and if so, by what appropriate means. Decisions about whether individuals should have this right should be based on an open, transparent, and public process.
R-7. If individuals are given the right to control access to the specific content of their health record by the NHIN, the right should be limited, such as being based on the age of the information, the nature of the condition or treatment or the type of provider.
In this hearing, we hope to promote the “open, transparent, and public process to which we referred in R-6”.
In addition to the June 22nd letter to the Secretary, I want to call attention to specific provisions of the privacy rule. In particular, section 164.50882, which provides an authorization required for any use or disclosure of psychotherapy notes, defined in section 164.501 as quote, “notes recorded in any medium by a healthcare provider who is a mental health professional documenting or analyzing the content of conversation during a private counseling session or a group, joint, or family counseling session that are separated from the rest of the individuals medical record”.
This is the only provision of the privacy rule setting out separate rules for a sub-class of health information. Among the questions raised from this provision are whether it is too narrow because it does not apply to mental health or other sensitive information maintained by primary care or other physicians.
It also raises the broader issue of the feasibility and desirability of isolating, or otherwise applying separate rules to different types of health information. These later issues are distinct from but related to the issue of patient control of health information.
I know I join my colleagues on the subcommittee in expressing our appreciation for witnesses appearing today to enlighten us on these issues.
Without further ado, I would like to ask Dr. Fagnant to present his testimony.
Agenda item: Panel 1 – Records in Speciality Practice -Robert Fagnant, M.D.
DR. FAGNANT: Thank you for inviting the American College of Obstetricians and Gynecologists to testify. ACOG has not yet fully settled on answers to the questions posed by recommendations six and seven and because of this our statement must be more general than specific. You should have some written testimony in front of you, and I will speak not directly to that but on some of those issues.
We would like to be kept informed and will assist when possible as NHIN takes shape. Movement from paper to electronic records has the potential to improve patient safety, to increase efficiency in services delivered by minimizing duplication between providers and to reduce paperwork in medical offices. The need for electronic health records is exasperated by the staggering fragmentation of our healthcare system.
When considering any medical record system, please remember that the patient wants the medical professional to heave instantaneous access to all the necessary information. This is not a dream for the future but is a current expectation of many people. Complications arise of course, when the same people do not want this information available to anyone else.
Medical professionals are expected to put on some sort of data blinders so that they can only notice information that is important problem at that time. ACOG holds patient privacy and the confidentiality of the patient’s medical record in very high regard and respects the fundamental right of an individual patient to make their own choices about her healthcare.
ACOG supports the prior recommendations of the subcommittee, to allow healthcare providers to continue to store information according to the method of their choice. Because of ACOG’s commitment to representing women, we believe that the provider should not be able to a condition treatment or an individual’s agreement to have her health records accessible via the NHIN.
The ability of the patient to delete information entirely raises strong concerns, even to the point of invalidating the entire record from the physician’s perspective. The patient is not always able to determine which information is important.
Moving patient data to electronic form does not take away the physician’s responsibility and obligation to inform a patient not only what the data means, but also how that data could be used.
I have no further statements now but I would like to personally let everyone know that I have been involved in the aspect of implementation and use of electronic health information from selecting a system for a small specialty office when I was in practice in Wyoming, as well as being on a task force for the State of Wyoming, working on a systemwide program in that state. Currently, I am employed by Intermountain Healthcare in Utah, and using access to their entire system.
I appreciate the chance to represent ACOG. I will stay on line and answer questions when you feel appropriate. Thank you.
MR. ROTHSTEIN: Thank you very much. I am sure we will have some questions for you. I appreciate that testimony.
Now I’d like to ask Dr. Taintor to proceed with his testimony.
Agenda Item: Zebulon C. Taintor
DR. TAINTOR: Member of the committee, I am Zeb Taintor, I am a practicing psychiatrist. I am a member of the American Psychiatric Association on the Committee Electronic Health Records. I am also a professor of psychiatry – not serving currently as the vice-chairman at the New York University School of Medicine. I am the president of the New York County Medical Society, which is the countries largest county society as part of the medical society in the state of New York, where I chair the Health Information Technology Committee and task force. We are currently enjoying $9 million funding from the New York State legislature.
The Psychiatric Association is delighted to have a chance to testify on consumer controls for sensitive health records. We are the oldest medical specialty society, representing more than 38,000 psychiatry physicians nationwide. Our members both, set great store by electronic health records and very much favor them because they are settings in which they absolutely indispensable – particularly for handling people with chronic mental illness. On the otherhand, there are some people in isolated private practices who are unlikely to the requirements for electronic billing. We are all over.
Large multi-specialty groups, emergency departments, in-patient settings.
We have been particularly concerned as was mentioned in the introduction, with the issue of psychotherapy notes. We think that carefully structured health information technology systems – not necessarily a national data bank – would be great for improving the overall quality of care and efficiency. I think it will help convert the medical record from a record of past deeds in which a group which I was involved in a contract to look at what was the record used for and by and large, it was used by people who would not get to the patient. Some people who could get to the patient, went to the patient. I think with electronic health records we will see the record become a forward planning much more dynamic document.
I think the privacy issue in particular, is critical because of on-going stigma in equity and insurance coverage. The sanctity of psychotherapy notes as mentioned, that goes back to 1996 where the Supreme Court, Jaffe versus Redmond, established an absolute privilege in federal court for information disclosed by patients to their psychotherapist – which is similar in nature to the attorney/client privilege.
The Supreme Court said, effective psychotherapy depends on an atmosphere of confidence and trust, for this reason the mere possibility of disclosure may impede the development of the confidential relationship necessary for successful treatment.
The U.S. Surgeon General, in 1999, in the mental health to the Surgeon General, wrote, the courts language in the decision in creating a psychotherapist privilege in Federal Court, appears to leave little doubt that there is full-out legal protection for the principle of confidentiality. He concluded, both willingness to seek help in contingent upon their confidence in personal revelations and mental distress will not be disclosed without their consent.
We think that any provision for a national health information technology system, must acknowledge these finding and ensure confidentiality. The privilege established in Jaffe, underlines the importance of the psychotherapist/patient relationship and encourages individuals struggling with mental health issues to seek treatment, and therefore the fundamental and indispensable component to take care.
I think the lay impression is – well, the way this is going to be carried out is that patients will have electronic health records and there will be therapists scribbling notes on the side. I think the reality is that many systems insist that they be paperless and the notes will be stored as mentioned, in whatever medium they are recorded should be kept separate.
I think the other thing that is important in terms of the history of privacy is the HIPPA 1996 none pre-emption requirement that ensures that the state laws, which are more protective of privacy than HIPPA’s basic requirement, are not voided. The non-preemption is an essential feature of HIPPA and any uniform federal standards should maintain that all existing state protection continue in order to provide for strongest possible protection of privacy and avoid any loss of privacy protection that currently exits.
Effective treatment and behavioral health, as well as other disciplines, requires that patients share sensitive information; sexual history, drug use history, and if confidentiality cannot be assured patients will be reluctant to share information that is critical to their care. I think we all know, if we develop a relationship with a patient, it often takes them several visits to tell us what is really bothering them and to fill in key parts of their history.
The notion that anyone can get a hold of this information – and I am not just talking about psychotherapy notes here – I’m talking about medical problems in general, would be objected to by a significant percentage and indeed there is a recent Harrod(?) interactive poll that found that 17 percent of patients withheld information from their healthcare provider because they worried the information might be disclosed. Even ahead of that is the question, do you think that the person you are talking to is going to respect what you are saying and worth divulging your confidence.
Last year the GAO released a report on request of the Senate Finance Committee, Chairman Charles Grassley highlighting – quote, “significant weaknesses in electronic access controls and other information systems controls within HHS and CMS”. That report was called, “Information Security – Department of Health and Human Services Needs to Fully Implement the Program, VIO 06-267, concludes that the medical and financial privacy for Medicare and Medicaid and other programs are vulnerable to fraud and abuse. The report cites an insufficient information security program and inconsistent implementation as the key reasons for the security failures.
The other dimension of this is strict safeguards and guidelines are meaningless without vigorous enforcement mechanisms. There is no way of mitigating the risk associated with the loss of health related information. Breaches in the privacy of sensitive medical data, including that relating to mental health and substance abuse disorder treatment, can have significant personal and professional consequences. Even the possibility of privacy violations erodes an individual’s expectation of confidentiality and medical encounters and the undermines the sharing of medically essential information with ones physician. Apologizing and making improvements once data are lost is not a sufficient response.
Though we have to enforce existing privacy rules and all electronic storage transfer of information must rigorously protect the privacy of patient’s personal information.
Just to editorialize for a while, you all read I am sure, about the Wellpoint and MaGellen loss of a CD containing a great deal of data on 76,000 patients. It was lost in January. When the requirement that it be divulged had to be exercised there was a nice article in the New York Times, unfortunately, a day later, the news that it had been found by these people who were renovating an audio system in Philadelphia. It had been delivered to them and MaGellen sent a couple of security guards, they recovered the disk, so far no harm done. But we also know about the agonizing over the laptop containing the VA data. These things have become so routine that the other week when data on 2.9 million people from the state of George was lost it got only three-quarters of an inch in the New York Times’ national briefings. At the same time, we have to ask ourselves where is the news of the criminal inditements of people who are playing such fast and loose games with the data.
Back to my prepared testimony here. We have a lot of opportunities for success with health information technology system and I think the important thing is to make sure that privacy doesn’t bring us up short.
To address R.6 text, as which you know, our comment is patients may withhold information if they feel if would be easily accessible in a regional or national network. For example, in the 2005 National Consumer Health Privacy Section survey, 13 percent of patients engaged in behavior to protect personal information. In the 2006 Health Industry Insight Survey, 33 percent site medical information accessible on the internet as a primary reason for feeling less comfortable about sharing information with primary care providers. Previously stated, the 2007 Harris Interactive Poll found that 17 to 21 percent of patients withheld information from their health professionals because they worry the information might be disclosed.
We believe the more severely ill the patient the more likely he or she was to withhold information. Given individuals some degree of access control would help to encourage a relationship of trust and may make patients less likely to withhold information from health care professionals.
We support recommendations that pertain to the ability to have granular of patient’s input on privacy and access control. Meaning that the patient would have control over specific elements or parts of his or her electronic health record.
This includes patient control of access to the personal health record, using the personal health record as one possible method to communicate access preferences at the data element to others holding data about them. Audit and logging exchange and developing an access control vocabulary. The ability of patients to control data access to the data element level is particularly important because individuals will have different perceptions about the sensitivity of specific elements of medical information.
I think it is also important that providers don’t know what this would be. To editorialize again, we know that identity theft is a continuing problem. Perhaps stable, but medical identity theft is on the rise and it is very difficult to know what really matters to some people or what will matter to other people who are trying to get a hold of data about those people.
Although electronic health records introduce new risks we believe the potential way out-weighs the risks as long as there is advanced protection. It is odd that we talk about the ability of the electronic health record to do many things and yet, to keep track of some of the issues that we are raising seems to be too much trouble. We think it is worth the trouble.
We would point out that the data in electronic form can be disseminated very rapidly, very easily, and I think that we are going to be debating this for some time.
Now, R-7 deals with if individuals are given the right to control access to the specific content of their health records, via the National Health Information Network, the right should be limited such as being based on the age of the information, the nature of the condition or treatment, or the type of provider.
Our comment on that is in order to provide the best care physicians need a complete picture of potentially relevant clinical details. We all agreed on this and that may include information about medications, hospitalizations, surgical procedures, past or current diagnoses.
In addition, information about employment, family illness, legal problems, financial difficulties, inter-personal relations, life stressors can be equally important for clinical decision making. For a variety of reasons, including concerns about information privacy, patients are often reluctant to share such details. So physicians and patients need an open and trusting relationship. We think that this is essential regardless of the age of the information, the nature of the condition or treatment, or the specialty of the physician.
For a physician to illicit key and clinical information while simultaneously building trust with the patient is not new, in the current paper-based world it is easier for patients to withhold information simply by intentionally or unintentionally not mentioning something.
In a open clinical relationship physicians can explain to patients the need for a complete clinical picture and when the record is under the physicians physical control the physician can convey a more honest statement about who can have access to the information. Unless individuals are given the right to control access to specific elements of their electronic health information patients and physicians will be more uncertain about the potential for broader dissemination of health information. This uncertainty in the associated sense of uncontrollability will hamper efforts to maintain patient trust and deliver quality patient care.
Although some individuals have expressed some concern, the patient restrictions on information access are going to hamper care by impeding knowledge of key medical information. I think the opposite may actually be true. Patients may feel more comfortable sharing personally sensitive information with physicians if such access controls are in place.
In additional, electronic system could have advantages in terms of integrating clinical information across physicians and health care setting. The sure access to clinically essential information under emergency conditions a flag may need to be displayed when physician access to information is restricted.
In case of an emergency where rapid access to information may be essential and the patient may not be able to give consent a sort of a “break the glass” feature for accessing the information should be available. That is even with patient controlled access information could actually become more available to physicians with an electronic system.
We have some other access concerns. With any type of access there may be a chance of patient mis-interpreting findings, being distressed by seeing results without an accompanying interpretation by a clinician. It may be necessary to block some results from view until clinical interpretation and discussion can occur.
For example, in addition to consumer friendly technology translation they need to include information indicating distinctions between lab values that are slightly outside the normal range and grossly abnormal findings. The distinctions is often not clear on lab reports and could be subject to mis-interpretation by those without medical training.
While any system should have provision for an audit trail of all transfers of information and all accesses to protected information, access laws need to include detailed information such as the role of the person who accessed the information, the reason for the access to be meaningful to the patient.
During the course of the treatment, individuals with whom the patient is not familiar can legitimately access information such as professional staff and outpatient medical offices who need to record vital signs or other medical data. Physicians providing cross coverage in the in-patient setting – they need to check a patients laboratory result – would not need to contact a patient unless the result were abnormal in patient dietician, pharmacy staff, et cetera.
Regardless of the level of trust between the physician and the patient, patient’s reviewing access logs would not necessarily recall and recognize such individuals. Probably would not recall all of the nursing staff or consulting physicians who provided care during a hospital stay. This may endanger patient trust to the system if not properly explained.
Of course to editorialize again, this might help patients understand their bills.
It is important to note that individuals other than clinicians can have access to information on a national network, such as insurance companies, family members and administrative support staff. I think this hilights the need for advanced protection. Electronic health information is reduced to all or none sharing rather than allowing for granular access and sharing. Those with potentially sensitive conditions will either have to give up their privacy altogether or be unable to benefit from the advantages of electronic exchange.
In conclusion of my prepared testimony, I think we are balancing this. We appreciate the effort and I think that the important thing is to engage in a continuing discussion that involves a very wide range of people.
Going beyond what has been given to you, I would point out the experience of the National Health Service in Britain, in which the Guardian published last November a survey showing that 54 percent of the primary care physicians did not want to put data in their proposed national information health system. The Guardian carried a number of editorials suggesting that in terms of the opt-in/opt-out provision, that patients should all opt-out.
We discussed this at a New York State Summit – the type we have every two or three months – in January we met on Privacy. We concluded that because of this and other issues, we were not going to have a single state-wide patient identification number, contrary to New Jersey, which is going that route but still has the opt-in/opt-out.
One of the things presented at the New York meeting was a survey of physicians that said, understandably the physicians want all the data they can get on every patient that comes to see them. But I think when you ask that question of physicians, as we have had occasion to do subsequently, you say, well, what if the patient is not going to come and see you again because of their concerns about what has happened to the data recorded at the first visit.
Then, of course, we all want to treat patient’s problems and help them get over their illnesses. We don’t want to lose them. We don’t want electronic health records and loss of privacy to be an occasion for losing patients. Rather than have the patient opt-out of treatment or opt-out of the system entirely, I would prefer to see the sort of granular access that the Psychiatric Association is recommending today.
I would be happy to answer any questions.
MR. ROTHSTEIN: Thank you very much. I guarantee we will have questions at the end of the panel. Before calling on our next witness, I want to thank you especially for coming on very short notice. Ms. Floyd stepped into the breach, I am told, with like 24 hours notice.
MS. FLOYD: Less.
MR. ROTHSTEIN: Less than 24 hours notice. We appreciate your efforts and look forward to your testimony.
MS. FLOYD: Thank you. First I would like to thank you for inviting me today to testify to the committee. Your invitation that you have extended to me shows me your commitment to get consumer input as far as privacy and confidentiality regarding the NHIN.
As the Executive Director of a grassroots state-wide recovery organization and a adjunct professor, I am here today to speak on behalf of the recovery community in Pennsylvania. We have 3600 members in our organization. All of them strive very hard to help support families and individuals in recovery. So, when this issue came across my desk yesterday I found it very important not only to myself, but to our members.
Consumer protection is paramount to the work that we do as we strive to help individuals improve the quality of their life. Their needs and safety must always drive our work. Gaining access to critical information in achieving this goal is often important in making sound decisions of support in a person’s healing and growth. In many instances information is definitely power.
In the addiction field, when you begin to explore sharing of information by records, et cetera, you must address the critical role of confidentiality. It just cannot be overlooked.
Let me tell you a little bit why I believe it cannot be overlooked. As you had spoken just a few minutes ago, people affected by addiction and other disease often face stigma and discrimination that the general public does not experience. The negative connotation associated with being an addict or an alcoholic often have damaging and long-reaching effects.
Even people with years in recovery still find themselves being denied medical coverage, life insurance, housing, employment and access to training and educational programs.
The Federal and State Confidentiality Rules, together, work to remove some of the negative incentives and to minimize stigma experienced by people who are addicted but we still have a long way to go.
Families and addicted persons alike, are often embarrassed and ashamed and see untreated addiction as an evidence of them failing as a parent or as a family – or even a spouse. Even when existing privacy protections, many people with addictions stay out of treatment even years after the problem has been identified by doctors, family members, et cetera, because of their fear of stigma and being labeled.
Substance Abuse and Mental Health Services Administration 2001 National Household Survey on Drug Abuse identified nine reasons why people with untreated drug and alcohol problems stay out of treatment. Three of the nine factors chosen by 48 percent of the people that responded involved stigma and discrimination and embarrassment about their disease.
At the same time that stigma keeps people out treatment, research has conclusively demonstrated that people with untreated addiction increase the cost of health care for drug and alcohol related incidents and illnesses, increased cost in work place, accidents, absenteeism, disciplinary problems, et cetera. I am sure I am not telling you anything new.
In addition, many people who have untreated addiction deteriorate to the point where they end up in criminal justice system. Which definitely costs us in the long run.
So for many reasons, financial and humanitarian, I think it is really in the interest of the committee and of the government, to minimize forms of stigma and discrimination. People should not be treated differently because they have a disease.
Confidentiality is and continues to be cornerstone for which the drug and alcohol bill has been built. This regulation has afforded us the opportunity to treat hundreds of thousands of people that might otherwise not have been able to get treatment for this horrific and destructive disease.
When an individual seeking help for his or her addiction is informed that the information that they share is protected by federal and state confidentiality law, it opens the door for them to share some very painful and very private information that can be critical in their recovery process.
Through this process of exposing their pain and destruction through their disease of addiction, they make room in their lives for the knowledge and skills critical to sustaining their recovery. Those affected by the disease of addiction often spend most of their lives living in fear. Fear of being exposed, of being arrested, of being stigmatized, of losing their job or family or even their lives. If these fears are not minimized with protection afforded by the present confidentiality regulations, how can we expect them to expose information critical in helping them find and sustain recovery.
When a person seeks treatment for addiction they go through an extensive assessment process called a bio-psycho assessment. This assessment covers every aspect of an individual’s life. It is very, very intrusive. It looks at medical history, education, family, criminal, and employment history, sensitive information on addiction and previous treatment experiences, mental health disorders, physical, sexual, and emotional abuse, it goes on and on.
A lot of this information is pertinent to helping the person through the treatment process and through recovery but it is also potentially embarrassing. This information is included in their file. It is really detrimental for many clients to have this information exposed. It is very difficult to share this information in a one-on-one interview with an assessor, let along know that that information could be made available through there records.
When you talk about a person making medical information available through NHIN you will be exposing a considerable amount more for people that have addiction problems. It won’t just be medical information. You will pretty much be exposing their whole life. I do hope that you take into consideration through decision-making process.
Just as spoken already this morning, people who have addiction history have major concerns that other consumers would definitely have, too. People with mental health problems, people that have a history of STD’s, HIV, domestic violence, et cetera. There is a lot of information that is going to be shared – even for women in particular. You are talking about gynecological information, cervical procedures, testing results, et cetera.
That information could be potentially damaging and very upsetting for individuals. So again, we do hope that you take that information into consideration.
I need to talk a little bit about the coordination of information. Anybody who works in the field – not only drug and alcohol but mental health and many other fields – know that insurance companies don’t always use information that is disclosed to them to provide more services or to expand the support. Third party payors and specific insurance companies and MCO’s, along with many other agencies and entities, continually request additional information, and often specific information about client’s addiction, treatment, history, et cetera. This information is consistently protected by 42CFR, which is a federal confidentiality law and regulation that has been in place for many years.
Many insurance companies claim that they need access to additional information to make level and clinical determinations. Often, this information is not needed. The truth is that primary care physicians and trained clinicians should be making length of stay and treatment determinations – not insurance companies or their personnel.
When appropriate clinicians are making these decisions there is no need for a treatment provider to expose an entire file of information on a client. It is just not necessary. Information in these files, again, could be potentially damaging and hinder the access of future services that might otherwise be covered. We really need to ask, do we really want to take that risk with our clients.
So let’s look at some of the implications of consumer’s files being posted through an NHIN. When a large number of people suffering from addiction will not seek medical treatment. They will not seek treatment. If they know that there is no protection and that their information could be put in the national repository that would be definitely damaging.
Even in Pennsylvania, we have over 800,000 people that are not getting treatment for whatever reason. Some of it has to do with limited funds, but many of it has to do with not wanting to be labeled as an addict or an alcoholic. If we are already struggling with that – those numbers are going to dramatically increase if we are talking about releasing information that is very personal and potentially embarrassing.
Two, those who do seek treatment may provide partial or inaccurate information because of the concern of where this information will land. I believe that that was discussed this morning as well.
This could lead to additional cost to society through multiple treatment stays and some individuals will drop their insurance coverage and try to access public funds if they think that would help to protect their information.
Three, hospital personnel could make medical decisions based on outdated information – especially if the information reported was from several years previous to that. This could be potentially damaging for patients seeking help.
Four, people who sought addiction treatment services five, ten, even twenty years ago, would also be at risk for being stigmatized, losing their jobs, affecting their relationships with family and friends by breaching their anonymity. That includes public officials, it includes police officers, medical personnel, et cetera. We don’t know what is in people’s histories. If someone went to history twenty years ago and they have been clean and they have been doing really well, do they really want that information exposed? We need to look at that.
Five, in making this information available we will increase the chances of exposure of sensitive material to an already vulnerable and stigmatized population.
In closing, I must say that I respect the intentions of the committee in developing a system that could prove beneficial in meeting the medical needs of patients. I commend you on this endeavor. I do however, ask that on behalf of people affected by the disease of addiction, that you be mindful of the impact releasing client records through NHIN could have on their lives and future. We should remember that consumer protection must come first.
Thank you.
MR. ROTHSTEIN: I want to thank all our testifiers. Now we will open the floor to questions from the committee members. I’d like to recognize John Houston.
MR. HOUSTON: I enjoyed the testimony and I actually have a number of questions. One particular question I have is I could see in large measures that there really doesn’t need to be a need purely from a medical perspective of knowing that somebody has received treatment for addiction. The question I have is are there specifically types of addiction information that is relevant to treatment? Such as, would it be dangerous for an addict be given a narcotic or medication that has shown to be problematic with that addict in the past. Are there things that medical professionals need to know?
MS. FLOYD: Absolutely.
MR. HOUSTON: I would be interested. I would wonder whether you could bifurcate the record so that you make sure that that information is made available?
MS. FLOYD: That is a very good point. Many physicians, and even psychiatrists, need to know that an individual has an addiction. Often narcotics and other benzodiazepines are referred and recommended for clients. It can kick them back into an addiction and create a cycle that we really are trying to avoid.
If a client comes in – I should say a consumer – a health care consumer. I am sorry I am so used to talking about clients. Comes in and needs help – at the point of entry they are vulnerable and many times are not sure what they are signing or what they are agreeing to. So you are talking about a vulnerable population that is often not educated that could pretty much sign over all of their information.
If we are going to go that route it would have to be very streamlined. It would need to be very specific. I think that process not only needs to be explained to a client at the beginning of that process, but as you go through. It is important to know that if you have diabetes, if you have HIV, things like that, when you are talking about treating diseases, but when you are talking about a record a lot of times their addiction treatment file becomes a part of their record. As long as that is streamlined and their whole record is not posted.
MR. HOUSTON: I think that is really important. I just want to make sure in the interest of trying to be overly protective that we don’t recommend such protections that you set the individual up to be harmed by future treatment. I just wanted to make sure that I understood that there really was a section of that information if it was relevant.
Can I ask one other question?
MR. ROTHSTEIN: Sure.
MR. HOUSTON: Zeb, you said that you favored continuing on with the state laws that currently exist related to protection of psychiatry information. I think at some point in your testimony – correct?
DR. TAINTOR: Yes.
MR. HOUSTON: What if in a perfect world would you be in favor of the creation of a comprehensive federal law that applied specifically to psychiatry and mental health information?
DR. TAINTOR: I think as a floor and not as a ceiling.
MR. HOUSTON: So you don’t think we should ever get rid of the state laws that exist?
MR. TAINTOR: I think the only one – I believe there was hurricane Katrina victim who became a cropper in Tennessee because everything had been set up to continue medication and the Tennessee law was a problem. I think as the states are more in this business they will be able to compensate for things like that. I think we are an extremely diverse country and I think it is going to be hard to achieve a federal law that won’t be different from a good minimum standard. I think what we want is still to allow the states to be able to go their own way.
The New York/New Jersey difference on whether or not to have a patient’s identification number is a good example.
If I could get back to your previous question, I think there is no perfect solution for this. Let’s pause at the history of intravenous drug abuse. Jerome Grubman just came out with a very thoughtful book on medical diagnosis. If you knew about intravenous drug abuse you might have a higher index of suspicion for subacute bacterial endocarditis as a medical diagnosis in a patient, and if you didn’t you might not think of it and you might miss the diagnosis. That is relevant. On the other hand, there might be a significant downside for that patient.
I am also keenly aware that when I say patients ought to have control over what is in their record that what matters to a person on Monday, may not matter the following Monday. We are just trying to strike a balance here.
MR. ROTHSTEIN: Thank you. We have many questioner’s lying in waiting. I would ask that you keep your question to three or four minutes so that we can get to everyone.
MR. REYNOLDS: Thank you to all of you. You touched on the things that we have been trying to deal with. I want to ask a general question and have it addressed by all three of you but you can only take up my three minutes.
Dr. Fagnant, when you were talking you used the word “blinders” to data other than needed for the current patient complaint. And then, patient deletion may invalidate the record.
Dr. Taintor, when you were presenting you talked about a carefully structured “EHR” was a term you used, and then potentially relevant information. Which is another term. Ms. Floyd, when you were discussing it you said there needed to definite protection.
As we continue to wrestle with what is good privacy and what is good care as you think about electronic records – how do you draw that line? The word “relevant” is good but every time you step one level down into the detail it starts to come apart. I heard each of you talk about the idea of maybe down to a data element level, that people could decide what was in or out. Step over here for a minute. If you are trying to balance this in a way that you take all the things of each of you said – and there is no way to disagree with any of that on its merit – but trying to put it together and say, not everybody can win completely. What does it look like?
Dr. Fagnant, if you would not mind making a comment and then we will go in the same order that we had the testimony.
DR. FAGNANT: Part of the comments were kind of blocked out by the phone but I will try to answer the best that I can. Can you hear me?
MR. ROTHSTEIN: Yes, we can hear you fine.
DR. FAGNANT: My main concern is as a clinician, is I do like to have data available when I need it. In my opinion the biggest problem with the privacy is to keep the information away from those that don’t need it and then to make it even more difficult is to be able to prevent the information to be processed by the physician who has access who doesn’t need that part.
As to my comment on “blinders” is that when I have access to a record I like to see everything I can. What is there to keep me from accessing things that I don’t need. My ideal medical information system would have everything in the system – all information that we can have available but only allow the people to have access to the information they need when they need it – prevent access to everything else.
The system certainly doesn’t allow that to happen but I think we have to continue to aim at that as the goal and not to say, why don’t we inhibit information and only allow little specs to get in here and there because that would hurt the system.
I don’t know the answer. It is really hard to say how that should be done but I think the most difficult part is to be able to determine which information is limited to which providers and to which people who are not providers.
MR. REYNOLDS: Thank you. Dr. Taintor.
DR. TAINTOR: I’m wondering about the question and to what degree is it related to privacy versus a system in general. To the degree that it is related to privacy, I would stick to R-6 and R-7. So we are basically saying yes to R-6. I personally may be going slightly beyond ATA in terms of saying, let us not have specific rules in terms of blocking access on R-7. Let’s let patients decide.
In terms of a good electronic health record, I think what is so exciting about an electronic health records is that they offer the possibility of providing clinicians, in real time, the data that they need to make a decision. Whereas, records, traditionally, have not been used a lot in decision making because it has been hard to get data out of them -- especially legible data.
The answer to your question comes down to what decision is the clinician making at a particular time? Combining the two, so the relevancy and the structure are all directed at what do you need to know when?
The major consideration for this hearing is how about those other people? What do they need to know and when do they need to know it? I think we have a whole bunch of interested parties, stakeholders. Where I think there is concern is in the administrative – the business side of medicine and data getting handled sloppily, as is reported weekly, and used for non-medical purposes.
You would think the little town of Ogdensburg on the St. Lawrence River, where I visited the St. Lawrence Psychiatric Center for years, would not be a place for information abuse and yet, there is a very fine system used by the Office of Mental Health and low and behold, we discovered a local landlord trying hack in because an ex-patient was a potential tenant of the landlord. This is what I think people are most worried about.
I think where we get into meshing these is in the phenomenon of doctor shopping and over utilization and redundancy of tests and redundancy of treatments. The data on the number of providers that Medicare recipients see each year – and we are looking at potentially thirty percent of health care dollars somehow being related to redundancy or over utilization. I think again, we are going to have to strike a balance there.
In our 26 regional health information organizations that are springing up around New York State, it looks as though we are going to be following HIPPA to the letter and you don’t get any information on a patient unless the patient has given you permission for getting that information. That may undercut our ability to deal with multiple providers and multiple treatments but so far that is the route we are going to take.
MS. FLOYD: I was hoping that you were not going to ask this question but I knew that you would. The truth is I, too, have no answers for this. This is a very challenging process. One that I am glad that I am not in the decision making position.
I realize that there is a specific need to medical information that could be very, very helpful in treating and meeting the needs of consumers. I appreciate that. At the same time, I think that people that work in these specialty fields should be used to determine what this should look like. What kind of questions should be answered? What kind of information should be included? Is it really pertinent? Let us have a discussion about that. I think that you need to go through that work group kind of extensive committee work in order to get there.
I don’t think it can be done by a think tank but you need to utilize all the folks that can help you determine what that is going to look like. My big concern is the breach of information.
Just recently, in Pennsylvania, just a couple of days ago, there was a major hospital system in Pennsylvania that had this huge breach that included client’s names and social security numbers.
MR. HOUSTON: We are laughing because it was the system that I work for.
MS. FLOYD: Sorry.
MS. BERNSTEIN: We all know we saw the news.
MS. FLOYD: But those are the concerns that we have. How are people going to be identified? Using their social security number and their name is completely unacceptable. Questions like that concern us. Who is going to have access to this information? I have concerns that somebody in a hospital setting that works in the laundry department can sit down at any terminal and access this information. Again, you are talking about confidentiality, you are talking about privacy, you are talking about respecting those who utilize our services.
My concern is how the information is going to be monitored and how you determine what information is going to be made available.
MR. REYNOLDS: That would complete my three minutes.
DR. TAINTOR: Just to add something. APIN(?), the various entities in New York State have been enthusiastic about the continuity of care record and about the standards for personal health records. That might help in terms of committee process to define what is relevant.
I must say though, in my experience with the RHIO’s in New York State, I don’t see them moving very much in that direction. I think, again, the issue is what is relevant to a particular decision or care needed at a particular time.
MR. ROTHSTEIN: Let me invite our witnesses to try to be as succinct as possible. That will let us complete our questions and perhaps you might want to address your question to one of the three panelists. That might be an easier way to get everything in. I know everyone has lots of questions. I could take the rest of the time myself.
MS. WATTENBERG: I’m gong to pick on you. I am representing a portion of the addiction and also the mental health field and perhaps other fields as well. When you look at a lot of the data the likelihood of mental health patient dying 25 years earlier than everyone else or an addicted patient having adverse health effects with hypertension, some kind of cancers, liver disease, that kind of stuff. The likelihood of somebody’s quality of life and life just period, is probably more threatened by uncoordinated care than by the potential of a breach or even an authorized disclosure with some adverse implication.
If that is true, and I sort of think it is true but I have not looked at all the numbers but that is what I would sort of guess – if that is true, what is the – I am trying to think about addressing this consent issue in a way that is a little bit different than just parsing the record and so forth.
What would it take to change practice with providers and patients so that they would fully understand the implications of withholding information such that they would actually start signing consents? One of the questions I guess I am getting at, too, my sense is that patients are not fully informed of the full risks and benefits of withholding versus sharing information. I guess one is, do you concur with that and do you think there is a way to change it?
MS. FLOYD: I don’t concur with that. I worked in the addiction field for many years. The agencies that I have worked for have been very specific about the process that you go through with a new client in explaining confidentiality, having them not only review but sign several forms discussing it in groups. It has been pretty extensive all the way through the continual care to out-patient level, I think clients are informed. In Pennsylvania, I know the clients are definitely informed.
MS. WATTENBERG: About confidentiality or also about the risks?
MS. FLOYD: They know about the risks as well. A lot of the clients that come into facilities that are looking for addiction treatment services may be involved with the criminal justice system so they want to know exactly what is going to be disclosed, when is it going to be disclosed, what kind of impact does that have on me. I know in my experiences, we have spent extensive time explaining that.
I think you are talking about what it would take to change that system from the provider’s perspective. I think it would take an act of God and a stick of dynamite. Providers are very, very adamant about this issue. A lot of folks that work at provider facilities have been there for years, they have been in the drug and alcohol field 20 to 30 years, they have a very set perspective of how information should be handled and what should be shared.
I think you will have a difficult time in getting veterans in the field – especially clinicians – to embrace that kind of change. It is going to require a complete systems change on multi-levels. I am really not sure what that would look like but you would definitely have to get the buy-in of – and I don’t want to say regulatory agencies – but basically it would be some kind of state entity or regulatory department that would monitor that kind of thing.
I know when I hear things about changing the confidentiality laws and privacy in exposing information that has not been exposed up to this point, I get extremely concerned. My colleagues do to. When the issue about confidentiality came up in Pennsylvania, I can’t tell you the meetings, discussions, phone calls, e mail dialogues that went on. I think you would have a very difficult time in doing that. I won’t say that it is impossible but it would be a challenge that would take work on multi-levels.
MR. ROTHSTEIN: Thank you. Sue, did you have a question?
MS. MCANDREW: No.
MR. ROTHSTEIN: Paul Tang.
MR. TANG: I want to thank the panel for their thoughtful testimony. I think I have actually changed some of my opinion on some things based on the testimonies. I will expose that a little bit later.
First, I think we would all agree that care of the individual is probably the top concern of the health care professional that is address this particular client or patient. We would expect the health care professional to want to do the right thing for that patient at any given time. I think, in general, applying that value to the information systems containing information. That is to say, we want make it easy to do the right thing at that moment and difficult, at least, or at least punishable to do things that would cause harm to the individual or society.
In order to do the right thing for the health care professional that person has to have confidence that they have the right information to make the decision. From patient to patient, it seems like the health care professional needs to have a uniformed expectation of what information -- how complete is the information that I have. That makes me think that you need to have a way that for every patient showing up I know what I am seeing – upon what information I am basing these decisions rather than patient by patient, what am I seeing.
Here is the change, and in particular listening to Cheryl, I think on balance – although I was very concerned about flagging information, maybe the way to address it as a compromise is to flag what we call “chunks” of information instead of individual data elements.
Chunks might be mental health. I think recovery is part of the mental health chunk, so to speak, and if it were flagged that there is some information that is not being shared that would at least help put me on notice.
One example would be the example you brought up, which is endocarditis, if I am faced with a patient with what we call, fever of unknown origin, and I see that flag – seems to me that I need to “break the glass” action in order to get access to that information that very well bear on this fever that this patient has. Yet, if I am treating a cold, I would have no reason to “break that glass”.
That helps me as a physician better know whether I have the complete information I need today. I am sort of thinking that the “flagging” may be a way – but flagging in bigger chunks than I think you proposed, in terms individual data elements, would help me know where I stand, in a sense. I think the first speaker was sharing the same sentiment. It is really hard to know that I have some, but not all, information and I don’t know for every one patient where that missing piece is. If I know for every patient I will have a flag on sections of there record, that would help me feel better with respect to I may be missing information.
Yet the so called, “break the glass” can give me additional accountability that I have gone into this person’s mental health record as a non-mental health provider. I would appreciate the two of you – and I think the first speaker sort of probably shares that sentiment, comment on this compromise – basically, flagging in bigger chunks and then having the “break the glass” accountability.
DR. TAINTOR: The issue is to what degree is that going to be acceptable to individual patients. I am assuming, although it is not explicitly in anything that I received, that there is going to be a opt-in/opt-out option and one would have to see how that is received. If a lot of people opt-out – again, the opting-out is from information sharing and the primary physician for that patient would presumably, still be well informed.
In terms of the Psychiatry Association’s reaction, we would have to get back to you.
MS. FLOYD: I know on the drug and alcohol side that would be a major concern, as well. The flagging is not so much the issue but being able to go past that and kind of “break that glass”, that you were talking about, and given that information. Again, how do you control that process? There is a lot of information that you might find once you break the glass that still is not pertinent to what you do. So, what happens to that information? Who gets it? Is it documented? If it is, where does that go? How is it monitored? There would be major concerns with breaking that glass.
I do appreciate the need to in order to effectively treat someone you need to know what you are dealing with. Again, I think people in the field would have some concerns. That would need to be monitored very, very closely. You would need to come up with a very specific plan as to how that would happen.
Again, my concern too, is who else is going to have access to that?
DR. TANG: Can I describe just a little bit of what –
MR. ROTHSTEIN: I am afraid that we are going to have to move on but thank you for raising the issue.
Leslie Francis.
MS. FRANCIS: I want to ask a pretty specific question in the spirit that our goal in this session is to look at some of the questions not about privacy generally, but about the issues raised by the specialty practices that we have represented here. As I have been listening to you – to all three of you – on the one hand, I have heard some suggestions about ways that limits might be built in. Whether they are overrideable or not – I don’t want to look at right because that is a more general question.
Here are five ways I have heard, that information might get limited. Time, so that older information drops out or is more protected. The person picks the information – that is what I think Dr. Taintor was suggesting. That it is condition specific, that it is provider specific, and that it is type of information specific. I think Cheryl was suggesting something else about type of information. If I am not wrong about this – you were thinking about the bio social assessment as something that might be more protected than other kinds of information.
The specific question I want to ask each of you is from the point of view of your specialty practice, what type of information, if any, should we most worried about? And, should we try to conceptualize the concern about that from the point of view of well, maybe we should just let it go back in time and then it is not so accessible. We should let patients choose. How should we try and think about dealing with that kind of information?
The obvious kinds of information that comes up in OB-GYN practice, is prior of abortion, for example. I wonder if you could address that kind of specific question of what type of information from your specialty do you think we should be most concerned about and if you have a type of information or types, how would you think we should try and worry about it, at least in the first instance, leaving aside the question of whether there should be some way to break in?
DR. TAINTOR: I think the key issue in psychiatry and mental health is almost certainly diagnosis because it carries such a stigma with it. What I find my fellow physicians care most about is what medications the patient is on and the irony of these two are that, one, most psychiatric medications are prescribed by non-psychiatrists, so that really doesn’t matter and for psychiatric diagnosis it is hilarious because we don’t have biological markers for our diagnoses. We are still a century behind the rest of medicine. So you label somebody as a schizophrenic in the United States – the Japanese Psychiatric Association has abolished the term and most of our European colleagues are talking about first break psychosis as contrasted to schizophrenia, which to them is a much more chronic condition. So I would say that what we want to be concerned about is diagnosis. And by the by, the other day an internist got an advisory from a drug company saying why aren’t you using this medication against high blood lipids, that listed all of the patient’s medications, but all of his diagnoses, including a bunch of psychiatric diagnoses of which the internist was unaware.
MS. FLOYD: I would agree. I would definitely agree. Diagnosis is really kind of a telltale sign. There is stigma that is associated with each disorder and each diagnosis. Somebody may have had a bad experience with a schizophrenic and you are talking about, in a medical setting, treating someone with that condition. I mean, those kinds of things really do come into play.
I have concerns about people being labeled, especially on the mental health side, because it follows them throughout their lives. A lot of times it can be to their detriment depending on who has that information and what is done with it. One of the things I do believe is important is medication. Medication will tell a lot. If somebody is on an antidepressant or a psychotropic medication, that is usually an indication that there is some kind of mental health disorder, or possibly a psychiatric condition as a result of drug and alcohol use. That is broad enough for someone to determine where it is that they need to go, as opposed to not having that information at all. You are talking about medication that conflicts with each other, and sometimes it is lethal. Some people are dying from those conflicts. You are talking about old antidepressants compared to SSRIs, the new ones. That kind of information is very important.
If somebody tells you that they are on methadone, that tells you a lot about their condition. I don’t think you need a diagnosis to attach to that. SO again, if a person is willing to share that information in a medical setting, they almost would need to, to truly treat the client then I am more apt to lean toward the medication piece. But I would not embrace the diagnosis.
MS. WATTENBURG: I would just like to make a note about the federal confidentiality law, which is it does protect any information that would otherwise identify a person as a substance abuser. So when there is a medication and it is only prescribed for substance abuse, then it cannot be shared. When a diagnosis identifies somebody as such it cannot be shared without consent.
MS. BERNSTEIN: Sarah, isn’t that only limited to specialists in substance abuse and records that are segregated?
MS. WATTENBURG: Yes.
MS. BERNSTEIN: As Dr. Taintor said, if it is something prescribed by an internist or a primary care physician –
MS. FLOYD: That does not apply. And just like bupinorphine, physicians are being approved to dispense bupinorphine. That is not going through eh addiction treatment system. So that information is going to be in files and that can be shared much more readily than it would from a treatment provider. So absolutely.
DR. FRANCIS: Could I ask Dr. Fagnant if he ahs any comment?
DR. FAGNANT: Yes, I would like to approach the question from a little different angle. You talked about the types of information and how it should be limited. Hospitals almost always limit information by time. When you look for something after so many years you cannot find it, microfilmed or something else. That doesn’t seem to be a good way to do it, in my opinion.
The provider specific is currently I believe,how is it done mostly now. The doctor keeps the records and he determines how that is given. When I look at old records I always look at who the provider was, who provided that information, and I think that that is a really good limiting mechanism. It has been used, and when we look at electronic information we can use that. I think that is helpful. An example is you look at information where a woman has had an abortion and that should be in her medical record, but how does that come out? Certainly most of us in gynecology and obstetrics have had the couple in the room and say, oh, I see you have been pregnant three times, and the husband looks at the wife and says, gee, no, this is our first pregnancy. So that kind of information can really escape out and damage, but I think it is important when it is looked in the area of provider specific, that kind of helps tone it down. So I think it is important for information to be able to look through that information and use that as a filter.
DR. COHN: I agree with Paul that this has been a very interesting set of discussions. I just wanted to follow up with you about – I sort of half understood your response to Paul Tang and wanted to go into it a little further. I should comment that I am an emergency physician, so I tend to look at things to avoid doing harm in the environment where things actually happen as opposed to when they come back after three or four weeks when you have time to think about things.
I think Paul is asking more about this issue of flagging things – he was talking more about bigger chunks versus smaller chunks, and I will ask him during the break about it. But I am a little confused by your response just because I was looking through your testimony, and particularly looking at the last paragraph of your response to R7 where you actually introduce the concept of flagging certain types of information and restricting it and then allowing sort of a break the glass activity.
I thought you were in favor of introducing that concept as a way to resolve the dilemma of providing restriction and control, but also allowing access when and where you needed it. But I wasn’t sure whether you were agreeing to it or whether you were stepping back from that proposal.
DR. TAINTOR: I think some of the ambiguity may have to do with the whole concept of flagging, what is flagged and for what purpose. In other words, who flags what and why. I think that might be an extended discussion. Bearing in mind that that is an extended discussion, I am looking at that last sentence and wondering if I have sown some confusion about that, because I do in fact mean the last sentence.
DR. COHN: How about the sentence before it – to assure access to clinically essential information on emergency condition a flag may be needed to display when condition access information is restricted. Then in case of emergency, when rapid access to information may be essential when the patient may not be able to give consent, a break the glass feature should be available.
Is that different from what Paul was asking? Are you stepping back from that?
DR. TAINTOR: What I understood Paul to be talking about was that you might have a record, instead of reading a complete family history, you might see a flag saying patient’s request for information on family history is withheld, or something like that. Is that what you meant?
DR. TANG: In your specific case it would be mental health section of the history would be flagged as not shareable.
DR. TAINTOR: Yes, but it could be anything. For example, the number of pregnancies. So the break the glass provision – here is the woman and we don’t know the number of pregnancies, has arrived in a coma and we need to know everything that we can about her, and that might include something gynecological.
DR. COHN: Therefore you would be comfortable with this idea of noting the existence of information with the fact that this is restricted.
DR. TAINTOR: Especially since Paul added the key sentence that he would accept accountability for breaking the glass. The real world in which we are operating is there are all kinds of people smashing the glass all over and not accepting any accountability nor being prosecuted for same.
MS. BERNSTEIN: Could I ask a quick follow-up question? Hal indicated that he intended that such a flag would indicate what the subject matter is that is missing, as opposed to just saying there is a piece missing.
DR. TAINTOR: Well, he said a chunk, which would be a piece.
MS. BERNSTEIN: But if you have a record that says a substance abuse record is missing or psychiatric record missing or gynecological record missing – I mean it is one thing to say a woman has her gynecological record missing because most women have such a record. But if you say an oncology record is missing, you pretty much know the diagnosis. So that is not really hiding anything if you put such a flag on there. So if you just have something that says there is a piece of a record missing and if you want to delve into it you are going to have to ask for more history.
DR. TAINTOR: I don’t think we necessarily jump to those conclusions. In a methadone exchange, I am thinking about methadone being used in chronic pain clinics.
MR. ROTHSTEIN: The last three minutes I will take -- I just want to start with an observation about the flagging issue, which we debated in the committee extensively over the last couple of years. The problem is as Maya suggested that putting a flag is from a patient perspective tantamount to putting a diagnosis or information that is unacceptable.
An alternative would be to say that there are these five areas that patients have the right to exclude information from accessibility and one of that is psychiatric information. Another one is substance abuse and so forth and, therefore, physicians should be alert to the fact that patients have the right to exclude that information and so there are, in effect, automatic flags for everybody and physicians take that into account that, okay, we may not have the psychiatric information. The patient may have chosen to omit that without putting a flag that says there is psychiatric information about a particular patient.
I have a quick question for Dr. Taintor and I wanted to ask you in your experience how has the privacy rule provision that I discussed in the opening, which treats psychotherapy notes separately, in your view, how has that worked out?
DR. TAINTOR: So far, so good. I don't hear any particular complaints about it. I know that you raised the issue of is it too narrow a provision and I think that the comments about diagnoses and some other conditions are why we are here where we are. We are starting from that base.
MR. ROTHSTEIN: Yes. One of the things I want to explore with the primary care physicians is specifically that point, that many of them do see patients for mental health conditions and this provision is inapplicable to them and whether that is a problem
I want to ask Dr. Fagnant one question and it relates to his testimony and something that he said orally as well. In your testimony on page 3, you talk about the value of a complete health record. All the physicians that we talk to and have talked to over the last couple years, they all want everything for themselves, but are willing to concede that others who are treating patients maybe can do with less than the complete record.
So, from you perspective and from ACOG perspectives, instead of looking at it from what you get, looking at it from what non-OB/GYN get about -- for example, sexual history, reproductive history and so forth, is it your view, perhaps, that patients would be more forthcoming with you and your colleagues if they knew that should they break their ankle and be seen by an orthopedist to have the ankle treated, that their sexual history and reproductive history and history of abortions and so forth would not be accessible to somebody down the road.
DR. FAGNANT: I really don't know the true answer to that. The gut feeling and the gut comment everybody says is yes, of course, that will limit it. That is a question that we would ask quite a bit when we were at the task force in Wyoming to decide about a health record there.
I think, you know, the order of the unflagged, flagged that you brought up is probably a good issue and then I think it would be up to a physician to determine if that information is needed and up to the patient to be able to say, yes, I will allow you to offer that. So, my conclusion to that would be, I think all that information needs to be available, but I think that some of that information may be able to be available at the direction or approval of the patient at the time of the presentation of the broken ankle.
MR. ROTHSTEIN: Okay. Thank you.
If I might personally editorialize for 30 seconds, I think that as we start out in the NHIN, building confidence among patients in the confidentiality and the privacy of their health records is so paramount that it may well be that down the road if things work well, people will be more forthcoming with information, but in the short run, there may well be a reluctance to allow everything to be shared with everyone. So, it may be a kind of a sequence thing where we are now dealing with sort of short term issues as we go to this and they may disappear.
I was thinking of testimony we heard from someone from Denmark, who said that they have a broad right, patient, to withhold information or to block information that was rarely if ever exercised by patients but they love the fact that they could do that.
So, that is something for us to think about.
I want to thank all three of our witnesses for a very provocative beginning to the hearing. I want to tell my colleagues that we are having a working lunch from 12:30 to 1:15 and during the break, you will need to complete the menus that are in your materials so that we can have lunch delivered and so that we can work during that time.
We are going to take a break now for 15 minutes and begin Panel II at 11:05. Thank you.
[Brief recess.]
MR. ROTHSTEIN: I apologize for our late start. Our third witness for this panel was slated to call in his testimony and we are hoping that he still will be able to do so. But we are unable to reach him at the moment. I don't want to delay our hearing any longer. So, we will begin with the testimony of our first two witnesses.
Agenda Item: Panel II -- Records in General and Emergency Practice
I want to welcome Dr. Keaton and Dr. Kibbe, both of whom we have heard from before, I believe. I am sure you have heard the issues that we are still wrestling with and we are very anxious to hear your perspectives on the issue of patient control of information and limited access or segregation of certain fields in medical records.
So, Dr. Keaton, if you would proceed.
DR. KEATON: On behalf of the American College of Emergency Physicians, I am pleased to have this opportunity to address the NCVHS Subcommittee on Privacy and Confidentiality regarding consumer controls for sensitive health records.
ACEP is the largest specialty organization in emergency medicine with 24,000 members, who are committed to improving the quality of emergency care through continuing education, research and public education. ACEP has 53 chapters represented in each state, as well as Puerto Rico, the District of Columbia and government services.
ACEP is committed to the development of the Nationwide Health Information Network linking all components of the health care system. To help make this happen, ACEP is dedicating significant resources to supporting standards development and the implementation of best practices. Emergency physicians like myself are playing vital roles in the development of regional health information organizations, which are the local and state building blocks for NHINs.
I will say parenthetically that just from my personal perspective health IT has become my day job, so to speak. I am currently heading the creation of NEORHIO, the Northeast Ohio Regional Health Information Organization. I sit on our state body that is developing HIT for the State of Ohio and sit on the AHEC Population Health Clinical Care Connection Workgroup, the Health Initiative Board and the Connecting for Health Steering Committee. So that this has largely become something that I mix with my dedication to the practice of emergency medicine and our specialty society.
Emergency physicians are patient advocates dedicated to providing quality patient care and protecting the public's health, while also protecting the privacy and confidentiality of every patient's health information. While we respect patients desire to control access to certain aspects of their medical records, we caution against the unintended consequences of a patient controlled policy that could impede our ability to deliver the best possible emergency medical care.
Due to the very nature of emergency care, it is often delivered without the benefit of a patient's vital past medical information. Nevertheless, emergency care providers perform admirably as a safety net for this country's health care system, despite facing many complex issues, including increasing volumes, excessive patient waiting times, overcrowding, lack of surge capacity, ambulance diversions, specialty consultant shortages and limitations in pediatric emergency care.
The emergency department serves many roles in our health care systems as the interface between the inpatient and the outpatient world, we managed the acute and often unexpected medical emergencies and traumatic events that result in hospital admissions. In most settings, over 60 percent of hospital inpatients were admitted through the emergency department. We provide acute episodic care for patients, who either have no access to primary care, either because they are not in their home area or because they don't have access period. And we also provide care for those who are acutely ill or become acutely injured away from their location.
We are experts at acute diagnosis and stabilization and we are also a vital link in the public health network. Moreover, the emergency department serves this role on a huge scale. Emergency departments in the United States serve the equivalent of 40 percent of the U.S. population each year. The overriding reason for the creation of the NHIN, the interoperable electronic health record, is to improve the quality, efficiency and safety of health care of all Americans. Providing patients control over sensitive, confidential information in the medical records has to be of a high priority, but this must be balanced against the need for timely data availability in an emergency care situation.
As you know, emergency department care incorporates a vast knowledge base and its clinical responsibilities are inherently time critical. For implementation of an NHIN to be of maximum value in the emergency department setting, we must not surround it with measures and controls that could render it unusable by both patients and practicing clinicians like me.
ACEP believes network operations should be consistent with current HIPAA rules and should include provisions that facilitate access for continuing care in emergency situations. We believe the subcommittee's consideration of patient control over sensitive health information in the medical records should be guided by the following principles, which we believe are critical to implementation of data systems that will allow us to provide the highest quality care to millions of patients who seek care in the emergency department every year.
One, optimal management of emergency cases requires rapid and I underline rapid access to patient data. Speed and reliability are crucial. If the system is not fast and always available, it will not meet the needs of clinicians and patients. A key finding of the May 2004 Society for Academic Emergency Medicine Information Technology Consensus Conference was that when caring for the emergency patient, in quotations, electronic clinical records should be released immediately upon the certification of a clinician that there is an immediate clinical need for the release of those records.
The issues of security, identification and authentication, as well as patient control, should facilitate that process rather than hinder it. The issue of security, identification, authentication, as well as patient control should facilitate the process of getting the data to the clinician at the point that they need it, rather than hinder that process.
No. 2, the assumption must be made that a patient who is unable to give permission for data access would have done so, had they been able to do so. Our patients cannot always provide permission. The sickest of those patients certainly can't provide permission. Given the nature of emergency medicine, cumbersome or onerous authorization requirements must be avoided. Moreover, it is vitally important that a break the glass policy be included, whereby authorized emergency clinicians are able to quickly gain access to critical information with a doctrine of presumed consent when patients have emergency conditions and are unable to provide consent.
No. 3, optimal management of emergency cases requires access to complete patient data. Clinicians must be able to trust that the data that they are viewing is complete and truthful. A single data point is a set of or a set of data points obtained at a single point in time, is like looking at a still photograph or a single frame of a movie.
When we look at a movie, we are presented with sufficient frames per second to enable the brain to interpret the individual images as continuous action. Editing a movie to leave out or change significant portions can lead the viewer to reach incorrect conclusions. In a similar way to doing incomplete data portrayed as complete can cause the clinician to reach unjustified and potentially dangerous conclusions.
If we know data is not accessible for any reason, the information system must call this gap to the clinician's attention in a very conspicuous manner.
No. 4, emergency physicians must be notified when a patient refuses permission to provide access to some or all of their data. While ACEP does not disagree with the patient's right to withhold information no matter how dangerous that might be, we believe it is critical that the treating physician be notified that the data being viewed is incomplete.
Such refusal alters the point of truth and requires the emergency physician to look at the data differently.
No. 5, public health needs, including syndromic surveillance require reliable access to population-based data. Access to this data must be assured. The secondary use of data should support improvements in public health through surveillance, benchmarking and policy support initiatives. Critical deidentified public health data must be made available to maximize the effectiveness of surveillance systems with or without the patient's permission.
Also, once a risk is identified, there must be a link back from the deidentified data to the indexed cases for the protection of those indexed cases and the public as a whole.
No. 6, some patients were refused permission to access their data because they planned to injure themselves or others. We must provide provisions for allowing access to data critical to protecting the patient and society from harm that could reasonably be expected to occur if critical data were not disclosed. This is a difficult problem that may be beyond the scope of this committee, probably or possibly requiring legislative action.
Emergency patients are a subset of society as a whole. Some have ulterior motives for coming to the emergency department. These include illegal and dangerous drug seeking behaviors, terrorist activity, et cetera. Others may represent a threat to themselves or others due to psychiatric conditions, intoxicants or criminal activities.
No. 7, though not strictly under the purview of this committee, we would like to stress the fact that consideration must be given to the potential court liability risks inherent to the creation of an NHIN. Two major legal impediments must be addressed if the NHIN is to be successful. The first involves liability for breaches of security and the other involves liability for failure to notice or correctly interpret issues that are hidden in the vast volume of newly available results or tests that may not have been ordered by another clinician.
Once again, thank you for providing the opportunity to address these areas of concern to emergency physicians and the patients that we serve. Thank you.
MR. ROTHSTEIN: Thank you very much. We will have questions for sure.
Now, Dr. Kibbe.
Agenda Item: David C. Kibbe, MD
DR. KIBBE: Good morning, everybody. What I would like to do is to read our statement, which is actually quite short and will take no more than five minutes. As you will hear, I will be going back to the basic issues of privacy as a way to set the foundation, I hope, for the more detailed discussion of sensitive health information.
On behalf of the 93,800 members of the American Academy of Family physicians, I am pleased to provide you with with our views on the critical issues of privacy and confidentiality within a health information technology system. I am David Kibbe, former director of the Academy's Center for Health Information Technology and currently a consultant for the American Academy of Family Physicians.
The AAFP is one of the largest national medical organizations, representing family physicians, family medicine residents and medical students nationwide. Founded in 1947, our mission has been to preserve and promote the science and art of family medicine and to ensure high quality, cost effective health care for patients of all ages.
The AAFP views health information technology as one way for physicians to redesign their practices so that they can coordinate patient care and provide for ongoing quality improvement at the practice level. As many of you know and are aware, the Academy has been an innovative leader in our quest to provide health information technology to our members and to transform the electronic health care system as a whole.
Parenthetically, we think we are now in excess of 40 percent of our members using electronic health records from a commercial vendor. This is an opportune time for AFP to testify before NCVHS on privacy and confidentiality in the context of growing debate about health information exchange and the discussions regarding the so-called National Health Information Network, which we are convinced will probably be the Internet.
Family physicians are encouraged by the growing adoption of personal health records, so-called PHRs, by consumers and patients. Speculation also is high that electronic health records and EMRs and software applications of this kind, used by AAFP members will need to interoperate with personal health records. However, there is widespread confusion and even some apprehension about the privacy and confidentiality that will apply to these new technologies. Who owns the data? Who can access the data? When and under what restrictions or rules of confidentiality?
Specifically the subcommittee's concern, does the consumer have the right to withhold health information from his or her providers and under what circumstances? These are some of the issues that are commonly presented to the AAFP's Center for Health Information Technology. We believe that a lack of answers to these questions has become a significant barrier to the ongoing adoption of health information technology by our physician members, what we call the next 30 percent in terms of EHR adoption.
We in this country do not have a uniform set of answers to these and many related questions. Now, what we do have is a patchwork quilt of state and federal legislation and regulatory guidance about privacy. These laws and rules are further confounded by the fact that they are industry specific and, therefore, variable with respect to the kind of personal information being considered.
Unfortunately, the health care industry lags behind some others. In no industry is the issue of privacy and personal information more in need of a thorough revisiting. We believe that it is critical to end this confusion and this unworkable situation. What we need is a comprehensive and uniform approach to the privacy and protection of confidentiality and the security of personal health information.
So, before we can address some of the very specific issues, we need to fundamentally reform our approach to privacy in this country. On behalf of the Academy, I would like to recommend the following four principles as a foundation on which to develop a uniform approach to privacy and confidentiality.
One, the approach should apply uniformly and consistently to any and all persons, organizations and entities, who collect, store, manage and transmit health data and not only to providers and health plans and those other entities specified under HIPAA. It should allow the patient, consumer or individual to control access to the specific content of their health records, requiring that all uses to which that information might be put by the custodian or steward of the data is consented to by the individual.
Third, this approach should assure that any limitations to that right of access and control over access requires, based on the age of the information, the nature of the conditions or treatment and its relationship to issues of public health and national security, et cetera, are clearly and consistently spelled out to the individual at the time he or she provides his or her consent.
Finally, it should include serious penalties, which are enforced in the event of an illegal disclosure of private and confidential information. In our opinion, the HIPAA privacy rule is fundamentally flawed, not due to the oversight of its originators, but due to rapidly changing conditions. Most notably, this is the evolution of the Internet and the worldwide web as vehicles for the collection, storage, management and transfer of personal health information of many kinds, which includes health information that is personal and identifiable.
I would refer any of you who are not up to date on the private sector's activity with respect to personal health records to take a look at The New York Times article yesterday that mentioned the revolution, how Google, Yahoo and other companies who are entering this market in a very big way, in a world in which the network is also the application, web sites and portals that offer enhancements to health content that is free to move about on the Internet are already starting to appear on the market and in addition to what The New York Times talked about yesterday, I know of at least another 50 to 60 companies that are moving that direction.
Private companies are offering consumers web-based tools, such as personal health records that include clinical guidelines and recommendations regarding chronic illness and preventive care. This is a natural byproduct of the new health data liquidity and will probably continue to grow, integrating this first collections of information for the patient also will become very important and drive change in the direction of personal health data management by consumers and their agents, some of whom will be providers, but many of whom could be entities that are not providers of health care.
Traditional or legacy software applications and relational databases will certainly remain useful in health care for a long time to come, but personal health records in the hands of consumers inevitably will boost the economic and political value, both, of moving and exchanging very specific data sets of information beyond the static collections of data that providers and health plans privately format in their own databases. I think we can return to some of that, a discussion about that with respect to what Paul was talking about in terms of data content and specific options, such as mental health.
So, in conclusion, on behalf of the American Academy of Family Physicians, I would like to thank you for this opportunity to talk to you about the challenges we face in maintaining privacy and confidentiality in a world in which most of our key information is going to become on line.
Our recommendation is that we must establish a uniform approach to privacy and confidentiality within the health care industry first and that we do not have today. We have to start immediately or we will continue to have our outdated health care information systems overtaken and we will have physicians overwhelmed when they are unable to find a relevant privacy standard.
Patients who do not trust the disposition of their data and private entities that will move in will move in naturally to take advantage of health information opportunities.
Thank you. I would be happy to answer questions.
MR. ROTHSTEIN: Thank you very much.
Let me just check. Dr. Zaroukian, are you on the phone?
DR. ZAROUKIAN: Yes, I am.
MR. ROTHSTEIN: Thank you very much for joining us. We appreciate your calling in and wonder if you could proceed with your testimony at this time.
Agenda Item: Michael Zaroukian, MD, PhD
DR. ZAROUKIAN: Sure. Just by way of background, I am having a little trouble hearing on your end. So, if I ask you to repeat, please accept my apologies.
MR. ROTHSTEIN: That is fine. We can hear you great.
DR. ZAROUKIAN: But thank you for allowing me the opportunity to offer testimony on behalf of the American College of Physicians. I am Dr. Michael Zaroukian. I am currently the medical director of the Michigan State University Internal Medicine Clinic and the university's chief medical information officer.
As a member of the ACP's Informatics Subcommittee, it is my pleasure to speak to the issues before the subcommittee and offer the viewpoint of the American College of Physicians.
I apologize for not being able to be able to attend in person and I thank you for arranging this remote access to the hearing.
The College is the largest specialty society in the United States, representing 120,000 internal medicine physicians and medical students. ACP is extremely interested in the confidentiality and privacy issues pertaining to personal health information and electronic health records. Control of content and access by individuals to clinical information are critical issues that will greatly influence acceptance and use of the NHIN.
The impact of policies adopted and implemented to address these complex concerns could be substantial with regard to the accuracy, reliability and usability of information exchange electronically.
First, let me state unequivocally that ACP strongly believes in the goal of widespread adoption and use of health information technology to improve health care quality. The College supports the concept of safe and secure electronic health information exchange and advocates that clinical enterprises, entities and physicians wishing to share health information, develop principles, procedures and policies appropriate for the electronic exchange of information, to specifically address the issues before the subcommittee.
The College believes that model language addressing these issues should be developed to inform state legislation. Creating a level of standardization would reduce the variability among state specific policies, which even today add further complexity to electronic exchange of health information across geographic boundaries.
The specific questions raised in your June 2006 report from Secretary Leavitt, Privacy and Confidentiality in the Nation by Health Information Network, relate to the practical implications of policy decisions regarding an individual's right to control access or access to specific proportions of his or her record through the NHIN and the degree of such control. Our presumption is that NHIN will follow the federated model, that patient data will be persisted or stored only within the clinical system in which they are generated and that the NHIN will be comprised of registries of metadata that point to these original data sources.
We will not address the other elements, such as opt in or opt out because the premise of recommendations 6 and 7 is that the individual has elected to make his or her personal health information accessible via the NHIN. However, it is important to note that deliberations and decisions on other issues could directly affect our recommendations. Individuals should be able to access their health and medical data conveniently, reliably and affordably. Further, individuals should be able to review which entities and providers have accessed their personal health information. One model suggested that individuals should control access by choosing either to have their entire record accessible through the NHIN or not, rather than by selecting specific elements of the record for viewing.
We acknowledged that this all in, all out system is unrealistic, given existing state laws and policies regarding the need to accommodate individual wishes, as well as regional efforts underway that already provided significant level of choice whether individuals have availed themselves of these options or not. Therefore, recognizing the incredible complexity required to manage granular access controlled patient data and existing HIE effort, the College recommends that the NHIN consider role-based access models.
Such models should ensure that clinical information is provided appropriately, based on defined privacy algorithms that consider the title of the requester, the role of the requester and the source and type of information requested. This system would include a break the glass type option for true emergencies to allow full access to an individual's record while maintaining a detailed audit trail of the individuals who break the glass and their declared rational for doing so.
Privacy issues are of paramount importance and should reflect preferences of the individuals to the extent that such preferences do not negatively impact clinical care. The College supports specific privacy protections for mental health therapy notes. However, we believe that certain other data types, such as medications and allergies should be represented because they are essential elements of the medical record and critical for effective clinical evaluation and safe therapeutic practice.
The absence of such information or even delayed access could result in otherwise avoidable patient harm. Further, the source of all health information should be identifiable, as well as an audit history of any changes made to this information. For state regulation or other policies dictate the protection of certain elements of the medical record so that they are not visible to an otherwise authenticated and authorized user. The record should specifically indicate the restricted nature of the missioning data and provide a clear reason for the restriction; for example, state law, mental health condition or patient choice.
Even with these indicators in place, we remain concerned about the physician's ability to fully trust the medical record where a patient, who is generally not a clinician has restricted access to clinical information. If there are, in effect, two different presentations of the medical record, patient restricted version and the original source or legal medical record, what are the treatment and accountability implications for physicians? Which presentations will payers turn to for adjudication decisions and determination of coverage and insurability?
If insurance companies won't trust the patient edited data compilation for payment and coverage decisions, should physicians trust them for decisions about care? A major concern is at this time that there are no clear comprehensive standards to support the recommended privacy requirements. A standard structure for encoding all privacy requirements and patient preferences does not exist. One prerequisite for the capacity to manage these elements of the NHIN, the standard privacy reference model with controlled terminologies that specify the exact meaning of privacy terms. Such models need to be developed and tested prior to implementation to ensure that adequate protection, as well as appropriate access are facilitated.
The College is advocating for these features of the NHIN on the basis that providing safe, effective care is dependent on the integrity and content rich value of the legal medical record. We know that medical care in the United States can be improved. The current system of information sharing is ineffective at best and dangerous at worst.
While the ACP agrees with the NCVHS in its 2006 letter to Secretary Leavitt that a new health record system should not afford less protection for privacy and confidentiality than is presently afforded indirectly by the current fragmented paper-based system. The College cautions against reproducing the inadequacies of a paper-based medical record that needless limits access by authorized health professionals to information that can facilitate delivery of high quality care.
Further, the idea also expressed in the June 2006 report that patients will accept that outcomes for the right to withhold information maybe true, but any physician acceptance of such a right will probably only last as long as the first malpractice suit filed on the basis of treatment rendered by a well-intentioned physician using incomplete information.
So, to summarize, the ability of health information technology and electronic information exchange to enhance the quality of care and the efficiency with which care is provided will be highly dependent on trust. Individuals and their health care providers will need to be able to trust that the information is complete, accurate and the best available representation of clinical data for the purpose identified.
Anything short of these objectives will undermine efforts to use the NHIN to achieve the quality improvement that many have projected. To facilitate this trust, we first need to address the significant gaps in the availability of standards, controlled terminology and the reference model to support the desired privacy and confidentiality features of the NHIN.
Developing and testing these foundational elements is essential prior to their implementation. It is also important that we remain aware of emerging implications of improved access to clinical information if improved access may create new expectations of responsibilities for physicians and entities to be aware of and act upon clinical information generated across the NHIN.
Therefore, medical, legal, financial and work flow implications, as well as the reimbursement requirements of such expectations and responsibilities warrant significant discussion and exploration. These are difficult issues and we will need to resist the temptation to reproduce the inadequacies of our existing paper-based system for the sake of expediency or to avoid complexities that can be overcome by good debate.
In conclusion, the College commends NCVHS and this subcommittee for taking on these very difficult issues and for holding this important hearing. We look forward to commenting on other topics as the committee sees fit.
Thank you.
MR. ROTHSTEIN: Thank you very much and I want to thank all of our witnesses. We have ample time, I believe
-- it never seems ample in practice -- but ample time for some questions. We are going to proceed in the opposite order from the first round of questions.
As it turns out, that puts me first on the list.
Agenda Item: Questions and Answers
So, first, I would like to begin with a question for Dr. Keaton and, again, I am going to try to keep the questions for each questioner to three or four minutes and then if we have more time, we can have a second round.
If I am crossing Wisconsin Avenue and I am run over by a truck and taken to G.W. Hospital and the Reagan Institute Emergency Department, they are going to be sort of treating me in the dark because they don't know who -- they can check my wallet and find out my I.D., but probably not very much else about me. So, what we are trying to do if I am correct is improve the lack of information so that we can provide higher quality care in emergency situations when I am unable to -- presumably, I am unconscious and unable to provide additional information.
So, somehow you are going to identify me and then get access to my electronic health record. So, you are okay so far, right?
DR. KEATON: Right. You are the one that got run over.
MR. ROTHSTEIN: Well, yes.
So, what we are going to be doing is improving on the present system and although not maybe getting to whatever the optimum system is because there are all these practical constraints that we are going to deal with. Would it be your position that if emergency departments had immediate access to a continuity of care record with, say, a dozen fields, current diagnoses, medications, allergies, significant history, et cetera, and a break the glass feature to get access to more in the event that you needed more, would that be an acceptable situation for the ER docs?
DR. KEATON: I think that would be a wonderful step in the right direction. Realize that no matter how much information is available, when you come in run over by a truck, my approach to you is going to be the same and that is going to be pay attention to the ABCs so to speak. But there are other critical questions that come in in the CCR or CCD, depending on what standard you have used. I want to know if you are on anticoagulants. I want to know if you have hemophilia.
I want to know if you have underlying cardiac disease that is going to create certain stresses. There are a lot of things that --
MR. ROTHSTEIN: Presumably, that would be in there and quickly accessible.
DR. KEATON: For that sickest group of patients that becomes very important. If you come in with an acute cardiac event, I would like to know if you have got renal failure because that sends me down in a different pathway looking at potassiums and things like that that might not be on the top of my list. But we are going to approach, I think, the truly life and death -- you have got seconds or minutes to act. That patient you are still going to be forced to respond to in the way that we respond now, while someone else is doing the data mining looking for other vital pieces of information.
If I have the data set that has been worked out with the CCR type of approach and the ability to mine deeper if I need to. That, I think, takes us many, many steps down the field in terms of getting to what we would like the ideal to be.
MR. ROTHSTEIN: Thank you.
My second question is for both Dr. Kibbe and Dr. Zaroukian and the question there are special rules that are in place now for psychotherapy notes and for substance abuse treatments, but they only kick in if there is a specialist, who is doing the treating. Much of the treatment is not, in fact, provided by specialists, but is provided by internists and family physicians for mental health problems. For example, they receive some counseling, maybe prescription meds from a primary care doc.
Is it in your view desirable and/or feasible to apply similar rules to primary care where there would be some protection for a subset of information dealing with these sensitive topics?
So, first I will ask Dr. Kibbe and then a second, Dr. Zaroukian.
DR. KIBBE: That is a very complicated question that you are asking. I am going to take a shot at it. I think part of what we are saying is that it doesn't make sense to talk a lot about control or mechanisms of control if we have gotten the basic issues around privacy and security wrong. In other words, although your question pertains to that issue of what data ought to be given special attention and that is a very important thing to work out, I think that the overriding question is really important and has to be dealt with is that if there are certain entities in our society, who as a result of information exchange and cultural change, are now incapable of being the custodian and steward of health information. In other words, if we have lost control as providers or academic medical centers or even the government at that.
The basic privacy and security rules do not apply to them. We are building a foundation out of very poor stuff and these issues of special protection for special kinds of information will ultimately sort of be overwhelmed by change. Having said that, to answer your question from the physicians -- specifically of family physicians, it is actually fairly irrelevant because family physicians are not in the -- although we treat an enormous amount of depression and mental illness in this country, we are not in general, either in paper or electronically affording the current protections for mental health information for example, that are often afforded and used by specialists.
Does that get anywhere towards answering your question?
MR. ROTHSTEIN: Well, I know what the current state is. I am trying to think what -- I am asking what your preference would be for a new state of --
DR. KIBBE: Our preference would be that the choice would be up to the patient with respect to the data objects and the data elements that he or she wants to be protected and that those protections apply to anyone who is a custodian or steward of the data, regardless of whether it is an academic medical center, a family physician or an internist's office, electronic health record or someone like revolution health, who is neither, but is clearly becoming a custodian of health information.
MR. ROTHSTEIN: So, the answer would be subsumed within your general comments on patient control?
DR. KIBBE: It would. I think we get into a very slippery slope and I also think we also get into sort of like putting a flag in quicksand. I mean, if you wanted to evaluate my personal risk, probably none of my personal health information would tell you very much, but if you looked at the books I buy, you would know that not only do I ride motorcycles, but I ride motorcycles for long distances. So, where is the information boundary around that? Where does personal information that is health related -- and this is, I think, consistent with the earlier conversation about diagnoses versus medications versus laboratory data versus other kinds of information.
Enormous amounts can be inferred from personal information many times and if we restrict this to mental health and substance abuse and so forth, I think that we will find that the rules change as the culture changes.
MR. ROTHSTEIN: Thank you.
Dr. Zaroukian.
DR. ZAROUKIAN: Let me say two things first. Obviously, I am going to be shifting here to describe my own personal, professional views, rather than those necessarily of the College. The other I have to say is I didn't hear again most of what was said there. So, I apologize if I am repeating myself.
But my view on this on a primary care physician and somebody who implemented an EMR system in a large enterprise with two psychiatric clinics, as well as four primary care adult medicine clinics, I think the answer for me is really data related, not per se the role related approach. I think if it is possible to identify and guard information that is deemed to be important to guard in other circles, such as psychotherapy notes and where technology permits that, we should certainly strive to do that. In our system we can do that, which makes the burden for the primary care physician much less to follow the rules that use the technology they have.
That won't be the case uniformly, so I think we have to be realistic with regard to what is available and to make sure that whatever is demanded of other specialties, besides those intimately involved with things like psychotherapy, that it becomes convenient as well as possible to do that. I think that it also breaks down in the issue where you have to translate what you are dealing with to the action you are taking. So, the issue of treatment of substance abuse, for example, will often have an impact that lands either on the problems with the medication list and as I mentioned earlier, we decided that it is very critical that anything that reflects a change in what we call an important clinical list, problems, medications, allergies, et cetera, be reflected where everyone with authority to see the data have permission to see it.
I think patients often base the vast majority of their trust on the provider they have decided to let view their record and I think between those two access controlled privileges, you can pretty much bypass most of the problems. So, where feasible, I wouldn't mind extension of some of these primary care, but I think we have to be careful to make sure that in general the technology allows it and that the education provided associated with trying to protect those data is both feasible and doesn't risk patient quality.
MR. ROTHSTEIN: Thank you.
Dr. Cohn.
DR. COHN: It would be hard not to take this opportunity to thank all the presenters for I think what has been very interesting.
I do want to clarify for just a second about the nature of emergency care because there have been a number of questions addressed as to people getting run over and coming to the emergency room and that is the bulk of what emergency health care is all about.
In reality, at least in my experience and I think probably Dr. Keaton's experience also, the bulk of our people who are able to speak and usually to breathe and you are trying to make complex diagnostic decisions, do they need to be in the hospital, do they need extensive and/or dangerous additional tests, all of those questions and it is really for those people where this additional information really becomes vital. It presents unnecessary morbidity and mortality. It hopefully may reduce health care costs by reducing unnecessary hospitalizations and I am sure that -- chance to respond, I think he may agree with those comments.
I would like to find out if you could comment on that, but I am actually curious because all the presenters I think have talked about the need to get some indication that information may not be complete. I think there seems to be some sort of a recognition that there may be a right of the individual to withhold some information in this world of the NHIN. In our earlier panel we were talking about -- need to get down to sort of the provider level. You probably don't want to use this information that is withheld but the diagnosis da, da, da, da. But we will get more information if we click on that.
What sort of information would be enough for all of you to feel comfortable that the record has value, potentially some information maybe withheld? What are your thoughts on that? Brian, you might start.
DR. KEATON: The first part is I don't think we can ever believe that we have all the information and once you believe that you have everything, I think it gets to be dangerous and you are going to mess it up.
The health information exchange, I think, needs to let the clinician know that there is data missing either because a patient chooses not to allow that information or maybe a data source that we know exists is off line. So, if I am making a call to a RHIO(?) for health information exchange and I know that this patient has pharmaceutical data, but our ex-hub happens to be down, I need to be messaged for that type of thing as well, so that I can address my expectations or I can address my frame of reference.
The more information I have, one of the statements I like to use is that when it is your emergency, the more I know, the better things go. That is very, very true, especially for that patient, who requires a complex decision in terms of admission or lack of admission or a therapy that is potentially dangerous.
I struggle with what is enough. I like the concept of the continuity of care record or the equivalent because for 99 percent of the people that I have to deal with, that is going to give you the information I know, that I need to know. But I think it is an obligation for those of us who run a health information exchange to also notify the clinicians when we are intentionally or technologically shielding certain amounts of information that we know exists from the person who has got to make decisions about that patient's care.
DR. KIBBE: Let me offer a couple of comments, a couple of observations that are probably germane to your question. The first is that the context of the situation are going to completely determine the adequacy of the information about a patient at a particular time. If you are a patient of mine and I am treating you as a family doctor for diabetes and congestive heart failure and hypertension and I have known you for five or ten years, then the information that I need about you at the next visit is the delta. You know, it is what has happened in the interval.
If Dr. Keaton is treating somebody who is coming off the street with a multiple or compound fracture of multiple extremities, then the information explodes in terms of what could be useful over the next 48 hours. I think we just have to sort of give that.
As one of the co-developers of the Continuity of Care Record, I would say that we have gone through an exercise over the past three years of trying to reach some sort of happy medium in terms of trying to reach some sort of happy medium in terms of 80 percent of the time what would be 80 percent of the information that would be very valuable in a whole slew of different use cases in which information would be exchanged between doctors or between a doctor and an individual or an individual and a doctor.
That exercise has been very rewarding I think in terms of sort of getting a sense of are those 17 sections of the CTR adequate, et cetera. Let me tell you very briefly two comments about that that are occurring as we speak. One is that those groups and individuals and organizations that are actually starting to use the Continuity of Care Record to exchange health information between various sources of information are finding that the existing 17 sections are about three times as much information as anybody normally wants. In other words, they are actually shrinking the CCR's structured content to five or six sections and putting that in place.
A recent example of that would be the use by Mennon(?) Clinic of the CCR to exchange information with physician's offices. The other thing is that those same users are now trying to find ways in which the Continuity of Care Record can accommodate the patient's information directly in terms of comments. So, for just in the last 48 hours, we have had this come up as an issue by a very large information technology vendor with respect to can the comment section of the CCR, which is really intended for physician to physician use, I think it is fair to say, can that actually be used so that patients when sending a CCR on their own behalf can add comments in that section.
I think those two things are very, very interesting. The amount of information that we as physicians and providers think that -- it is never going to be enough, but in actuality once we start to exchange information, it may be that less is better and the other thing is unless we can find a way to accommodate the consumer or the individual's comments about that information or the situation or the illness, we will have missed the boat in terms of the use of information technology in this new environment.
MR. ROTHSTEIN: Dr. Zaroukian.
DR. ZAROUKIAN: Yes. We have kind of done this as a natural experiment here. During our EMR implementation, we basically went from a group, an enterprise, where there was a great deal of discomfort or at least anxiety in trying to cross cover for each other, using the paper record in part because the data even within our own system was fragmented enough or poor organized enough to represent a problem and as Dr. Kibbe suggests, there is too much data that is buried or poorly organized can actually decrease the quality of care or make it less efficient.
When we got the essential features that I think I heard in the conversation a few moments ago, if we can count on clinical list problems, medications, allergies, advanced directives, and we can count on them to be accurate, complete, up to data and reliable, then what we found in our system is that if you combine that with laboratory data, you can take physicians who don't know patients of their colleagues and suddenly make them very comfortable seeing those patients on very short notice with no prior background because they do have enough of the essential information to provide almost all of the care they would need for that episode. So, for us, I think, that has been a natural experiment to suggest that that pretty much does give us most of what we need in most situations.
Now, remembering that is an ambulatory environment that is usually not a critical illness is one caveat, but it does speak across a broad array of conditions and problems in adult medicine. I think if we talk about efficiency and decreasing waste and the like, it helps to add another element, which is some of the other important either tests or treatments that might not appear, for example, in a medication list or a set of laboratory tests. So, some prior cardiac catheterizations or imaging reports in some form of structured data, it starts to add additional value. So, I would see that as a sort of a second tier approach and then finally the degree to which some of those data can drive guideline decision supports across an NHIN will also make incremental additions to quality, safety and efficiency.
So, I would see those essential clinical lists as being a core that will get us much further than we are right now and it is still quite feasible, I think, in the structures that are being considered.
DR. KIBBE: Let me just on behalf of my fellow pediatricians add immunization.
MR. ROTHSTEIN: So noted. Thank you.
Leslie.
DR. FRANCIS: I started hearing enormous disagreement between one side saying I need everything and the other side saying our patients ought to be able to choose what goes in and in the last five minutes, I think I have heard virtual agreement and I want to test this out that the most important thing both from the point of patient care and also pretty good from the point of view of privacy would be to have a bare bones Continuity of Care Record that is either immediately accessible, designed in some kind of pool way, either immediately accessible or there as a screen so you don't prescribe a medication that is contraindicated, given what somebody is on.
I guess my first question is is this agreement real? And my -- I mean, that is what it sounds like, that I just heard everybody say. My second question to emergency physicians is there anything left out of that bare bones that would be the most important for us to think about and for the two primary care physicians. We had a little list here of sensitive information, gynecologic information, mental health and substance abuse, all three of which you all might have some access to.
I am wondering about whether we missed anything in terms of other sorts of sensitive information. I think you gave Mark a pretty good answer to what was going to be my other question, which was going to be whether there is a way -- how practical it really is for you all to sort out mental health, other sorts of records. So, maybe for the draft of that with respect to the other kinds of sensitive information.
DR. KEATON: Let me state again, the Continuity of Care Record or even a subset of that provides us with a lot more information than we are getting now and addresses the vast majority of our issues. The other corollary that Mark had brought to the table was the ability when appropriate to either break the glass or dig deeper to get into some of those issues that are much more thorny. You talk about different confidential areas. You might say, well, gee, cardiology and reproductive health, they have nothing to do with each other. But, you know, if somebody is on Viagra and they come in with chest pain, I would like to know not to give them nitroglycerine. So, does that fit into a category or does -- it gets kind of murky when you start to ask those specific questions.
DR. KIBBE: Let me take a shot at it because I think we really are -- with the proviso that you have metadata, whatever technology we are using, there are ways of indicating what additional information would be. So, for example, in the CCR source for every data element is a required tax. So, that information coming to an emergency room physician it would be inadequate with respect to what is in the actual records may almost certainly be a lead to where other information is.
The other point is inference and that is that physicians will infer from, as we have been talking about, the results of laboratory tests or the results or a list of medications what the diagnoses are or vice-versa. I think that one of the really important issues as I have tried to think this through is that it ought to be nothing about me without me.
The cardiology data might be the most important or sensitive data for me and it might be laboratory data for somebody else. How am I as a provider or as a member of society or a legislator in Congress going to determine that. I just think we -- that is what I meant about going down the slippery slope. I can't say as a primary care physician that I would know without a doubt what the most sensitive information is for a patient without asking him or her.
MR. ROTHSTEIN: Thank you.
Dr. Zaroukian.
DR. ZAROUKIAN: Yes. I guess the first thing I would say is since Continuity of Care Record also connotates a specific way of organizing information, I am not sure I can say yes or no one way or the other about how I would see, you know, data coming together. But I think the general principle, whether one says CCR, CCD or some other sort of if you will distilled list of information is certainly something that I think many of us see as an important majority if you will of the information that are needed. But if I heard -- again, I am only hearing in and out parts of the conversation, but if I heard right, I would want to resonate with the fact that while we primary care physicians discussing this may see this one way, some of our subspecialty colleagues are definitely going to see examples in which different information for them is even more important.
So, whether it is the actual image of an electrocardiogram or some other example, it might for them be a much more important issue. The other thing, if you were to ask me what else what else, you know, besides if you will, these clinical lists that at least that I have discussed so far, you know, would be important, I think a lot of my colleagues would say that the past medical history is an important additional example because some physicians might put a past medical history into a problem list that would appear in what we have described. Others would keep an awful lot of rich information in a past medical field, if you will, that does a very nice job of summarizing a patient's history related to various problems, but doesn't appear otherwise in what we might otherwise think of as some of these clinical lists.
On the other hand a social history is often a place where sensitive information may land and might be an important area to, you know, consider whether it is wise to have that part of the process. But, again, if I go back to sort of the common sense approach that I think most patients have and certainly my patients and even myself as a patient is once we have agreed that the specific provider or specific role of an individual within our system is entitled to see information. We trust two things. One is we have agreed that our privacy rights have allowed us to now move to confidentiality and share that information with providers and that every provider that use it treats it in the way that physicians and other health professions, specialists have agreed and promised to do and that as long as there is an audit trail to follow that and a process by which those on the other end of the process go through audits, then I think we can be a little bit less strict, if you will, about what goes in or what goes out.
MS. BERNSTEIN: Dr. Zaroukian, can you clarify if you mean that when someone is trusted to keep records, that they are allowed to see the record and they are trusted with that record? Do you mean that it is only the treating provider or do you mean any provider in that system can see the record?
DR. ZAROUKIAN: No, I mean, anybody who has a reasonable cause to see it. So, for example, that is almost always a treating provider, a part of the team, but it is also known to extend to those who are responsible for trying to improve quality of care in the system or in the clinic or even those who maybe trying to make sure that the system, if you will, the medical record system, electronic or otherwise, is working the way it should. So people know that there is a reason to get into data in detail for treatment purposes. They also know there can be some sort of secondary bystander reasons to see data, but basically that of all the privileges that patients know and understand are reasons for looking at the data. That individual with that specific role is trusted in that role. So, as long as there are audit trail ways of determining whether or not the individual should have been in there, then -- and that those are acted on and they have meaningful consequences that patients can feel confident about, then that has been a strategy that has worked very well for us and I think would probably work in a larger system.
MR. ROTHSTEIN: Thank you.
Paul.
DR. TANG: I just want to thank the panel for also a very engaging discussion. One side comment and one main comment. The side comment is we may want to update our vernacular in terms of CCR versus CCD. The CCD is now the accepted between the multiple candidates organizations and Continuity of Care Document. Correct?
An importance is that it is coded so information can be acted upon by the receiving systems. So, that is a side comment.
The other is mainly just a commentary on another scene that seems to emerge from the three practitioners is that we really have to make sure we can take care of the individual patient and not take our eye off of why we are doing this in the first place. With privacy as a floor, it is just -- it must be there. We absolutely need to balance what are the needs of the patients today and the needs of society that benefit from the combined -- the deidentified information.
The other words that Dr. Zaroukian mentioned was the trust. We have always been talking about the patient's trust in the system, which is another absolute given. We have got to have the doc's trust the data to take care of the individual patient today. So, I mean, I think those themes and those comments have been very useful.
DR. KIBBE: I have one short comment. I want to make sure that your comments are not misinterpreted. The CCR standard is a valid and ANSI approved standard and is not being replaced by anything else. The CDA CCD is a completely different standard and they have different uses and will be adopted throughout the industry in different ways and ultimately I hope that they will become transformable one to the other. This is perhaps a minor point in the discussion but I want to make sure that folks don't think that the CCD has replaced the CCR in the industry because it certainly has not.
MR. ROTHSTEIN: Could you tell us the main differences besides the coding element?
DR. KIBBE: The main difference is the CCR is much simpler than the CDA CCD, which is the correct way I think to describe the --
PARTICIPANT: CDA stands for?
DR. KIBBE: Common Document Architecture. CDA is the parent, if you will, standard for the CDA CCD and is a much more complicated standard that does a lot more things than the CCR either does or was intended to do. So, I think it is important to understand that these are very, very different standards. They are going to coexist in the marketplace for a long time. Ultimately, I think there will be -- may be derivatives of both of them that emerge over time. But because they do very different things in different ways, I think it is not fair at this point to conclude -- you know, the world lives with a lot of different kinds of standards. That is what we have got now.
MR. ROTHSTEIN: Thank you for explaining that.
Dr. Keaton.
DR. KEATON: Just one comment to amplify what Paul had said. We live in a world and we being emergency physicians and the patients that we serve, where we have shrinking resources, which result in boarding in our emergency departments because we don't have room for admitted patients and ambulance diversions and consequently it is not a once a week, it is 10 or 20 times a day in my emergency department in Akron, Ohio, that we are receiving patients, whose medical home is someplace else in the community. We are also taking care of complex patients who have spent their entire life in my system, who develop a very complex problem and disappear to the Cleveland Clinic or university health systems, come back to my community after a four month complex stay and when they have a complication or problem and they come back to my emergency department and I have no access to that information, when you try to get information, you either get a 400 page fax or you get a fellow, who wasn't on the service, but you don't get the person who knows anything about the patient.
That is the very real reason that emergency physicians have been heavily involved in my community, saying we need to do health information exchange by day to day patient care. It is great because it will save some money. It is great that it will do some other things from a system standpoint, but the bottom line is it comes down to we need to take care of our patients better than we are able to do today and health information exchange offers us the best chance of being able to do that.
MR. ROTHSTEIN: Thank you.
Dr. Zaroukian, did you want to comment as well?
DR. ZAROUKIAN: I probably shouldn't because I didn't hear -- I wasn't able to hear enough of what was said to have a sense of the theme. So, unless you want to repeat a question --
MR. ROTHSTEIN: We will bank your time in case you need to give a long answer to Harry's question.
DR. ZAROUKIAN: Again, I don't have a specific comment because I don't know what I would be responding to.
MR. ROTHSTEIN: Okay. Thanks.
MR. REYNOLDS: Mine is just a point of clarification. Dr. Kibbe, you mentioned 17 sections of the CCR and through practical use, you either reduced it by five or got it down to five.
DR. KIBBE: The CCR has up to -- can include up to 17 different sections, diagnosis and problem list, medication list, family history and so forth. They are all optional with the exception of the actors. So, it is possible to have a CCR that has just a problem and diagnosis list, medication list. What I was trying to say was that in practical use, entities that are employing and deploying the CCR and finding that they are shrinking that down to 5 or 6 or 7 and almost never deploying at this point the full 17. At least I am not aware of an implementation where all 17 sections have been deployed in the real world.
I think the reason for that is because people -- just what we agreed upon, which is that people are finding that five or six of those sections with respect to personal health information are adequate, at least they are a lot better than what we have got now.
MR. ROTHSTEIN: Thank you.
John Houston.
MR. HOUSTON: Couple of questions, one to Dr. Keaton. How much care is given in the emergency room where the patient is either incapacitated in a way that they just can't provide information or is so emergent that you just have to have that information and you can't afford to really get into a dialogue with the patient as to whether -- about the information.
DR. KEATON: It probably depends where you are practicing. If I am in my emergency department at Akron City Hospital, where we have an urgent care center that siphons off the less severe patients and we have another facility that takes care of a different subset of patients. So that I am in an area where 35 or 40 percent of the patients come through the front door and get admitted, it is probably 1 in 10. So that when I am seeing a 20 to 30 patient per doc per day, that is two or three times a day that that occurs for me every shift and there are ten of us working shifts in that department.
So, it is a common enough problem that it is one that needs to be addressed as part of the everyday operation requirements. It is not an exception to the rule.
MR. HOUSTON: Paul had asked the question about break the glass and he said that -- I think your answer was that that was acceptable. Is it really acceptable or do you really just simply need to have the information and people need to trust the fact that when you go looking for information it is because you need it in an emergency room setting specifically.
DR. KEATON: I think we were talking specifically about sensitive information.
MR. HOUSTON: Yes, exactly. I mean, I think there is a class of information I think most people would say it doesn't rise to the level of sensitivity. The sort of break the glass items, yes, you know, the things that you -- get out of my way. I need to have it now.
DR. KEATON: There are certainly those cases but usually those aren't falling into the protected areas. The areas that are very difficult for us are those patients who, for example, have altered mental status. Is it psychiatric illness? Is it drug abuse? Is it something metabolic? Is it something structural with a brain tumor? You are trying to sort through and it is very, very helpful to know that this patient has come in with seven additional times with this same presentation, all of which are found to be an exacerbation of preexisting mental health. It helps you down that pathway.
At the same time, you get patients, who will present to the emergency department and you may not know them because they have shopped a number of different emergency departments. But what it turns out is there is a clear habit or clear pattern of drug seeking behavior, which we know leads to a very high incidence of motor vehicle accidents, personal injury, injury to others, et cetera, that you need to be able to fix that into your mind set as you are looking at the patient.
MR. HOUSTON: Would it be reasonable to say that there should be a generalized exclusion for emergency physicians or emergency room staff with regards to access to -- broad access to information that would be available in a RHIO or in NHIN?
DR. KEATON: I think that would be reasonable, but I think it would be something that you would have to negotiate on. I don't know that it is necessary, reasonable, that I need to know a patient's psychiatric history when they come in with a half inch laceration on the tip of their finger. The challenge that I have --
MR. HOUSTON: But also that is your judgment. I guess part of me thinks that you as a physician, emergency room physician, hopefully have the maturity and the position that says I am going to be responsible in what I am going to go looking for based on what I need, but I can't -- I guess what I am trying to get to is there an immediacy issue that makes a lot of the barriers that we are talking about, a lot of controls we are talking about, either dangerous or still impede your ability to provide care that patient care suffers.
DR. KEATON: That is a tough one to answer. I mean, from a practical standpoint, I see, and the emergency physicians see enough patients with enough problems that if mental health disorder is sitting there on the problem list and their problem is a sprained ankle, then I am not going to go run and tell the world we would be interested or change the way I treat the patient based on the fact that that information is there. So, I think maybe the sphere on the other side is greater, that that is really going to be of interest to me. I am focused on the problem --
MR. HOUSTON: Or if I had two versions maybe even -- let's say if there are two versions of the record, you click on the light version and you get the basic stuff and you need to treat somebody who has a broken finger or a lacerated finger or an ankle and then you have the version that is more insightful that you would only call up if you said I have got a problem here and I need immediately to get information.
DR. KEATON: I would kind of lean that towards the break the glass, being a part of the break the glass function.
MR. ROTHSTEIN: I want to just comment briefly about one thing that John said and I think this is important to have expressed and that is we are not in my judgment trying to compromise quality of health care in emergency departments or anywhere else versus privacy. That is not -- because privacy promotes the treatment and the betterment of health in all these different contexts. If people are afraid of their privacy rights, they are not going to be treated for STDs. They are not going to be treated for mental illness. They are not going to be treated for substance abuse and so forth.
So, assuring people that they have their privacy is not this abstraction that is going to interfere with their health care. It is going to be promoting health care. I mean, that is at least from my judgment, the intent of it. So, what our challenge is to try to accommodate all of these various interests. I don't want people to think that it is a tradeoff of, you know, privacy, hamstringing these doctors in caring for their patients for just some abstraction.
MR. HOUSTON: Mark, I agree with you, but I just want to -- I think this is such a specific and very important use case, that I want to make sure that as we make recommendations that we are very conscious of the very unique case of emergency doctors, who really are, you know, often in the breach. They really are --
DR. KEATON: Let me make a different suggestion in terms of how I would approach this if I was God.
MR. ROTHSTEIN: You mean like us.
DR. KEATON: The challenge I don't think is technical engineering and social engineering. I think if you have a basic assumption that physicals in the emergency department or elsewhere are caring, well-meaning individuals who are not prone to be the people that break privacy and confidentiality and set up systems from a quality assurance that parallel what we do with congestive heart failure and how we are addressing privacy and how we are addressing all of these issues that are critical to the trust that needs to exist between and among physicians, patients and all the other players in health care, I think you get further along.
So that if, indeed, a patient presents with a condition that doesn't require or justify the exploration of sensitive areas and my physician explores those areas nonetheless. Within that quality process, I should be able to identify that track and deal with that. There may be a very good reason why they went there, looking to see if that patient who had bled on another nurse has HIV. Maybe that is a very good reason.
But I think if you build the treatment of privacy and confidentiality and security into the quality assurance process that already exists in all of our departments, we go a lot further than building a technical solution that builds so many barriers around getting to data that we might need and not be able to get to when somebody's life is on the line.
MR. ROTHSTEIN: Paul wanted to ask a final question. Are you finished, John?
MR. HOUSTON: I just wanted to comment, though, that unfortunately people are going to want to try to build technical solutions and that is the thing that --
MR. ROTHSTEIN: Paul.
DR. TANG: I just want to follow-up on the direction that John was going and that is he was asking about emergency care and I want to remind ourselves, including me, that most of the care is ambulatory and outside of emergency rooms. So, in one Brigham study, 25 percent of outpatient prescriptions were associated with an adverse drug event. So, the errors and the impact and the harm are happening through routine care, not just emergency care and also we used this breaking your leg in Tahoe, that is not what happens everyday. It is the everyday lack of coordination and lack of having access to information that is causing all the gross majority of the harm in this country.
So, I think we just keep having to remind ourselves what we have to do in the first --
DR. KEATON: I hate to keep quoting the Secretary, but don't let the perfect or the enemy of the good really applies to some of the stuff we are trying to do here.
MR. ROTHSTEIN: Any final comments?
Dr. Zaroukian.
DR. ZAROUKIAN: I think, one thing, if I could. One of the biggest comments I would make is to be very careful since trust is such an important thing about having any particular type of physician, have a different set of rules, I think no matter how an individual's role is set up, I can imagine a fairly horrifying scenario that is actually not too far from what we have we have had in the Michigan area, where break glass capability could help prevent an event in which a physician working in an emergency room could behave in ways that are very adverse and all you need is one example of that in the press and you would have a great deal of distrust in the system generated and probably set the initiative back significantly.
So, I think the burden if you will of having to break the glass compared to the benefits and protection when you get down to extremely sensitive data, such as psychiatric substance abuse, sexuality and life style, it is well worth whatever extra 10, 15 seconds it may take to first say why you want to get into those data and, second, to make sure there is a high fidelity audit trail.
So, that would be my biggest comment.
MR. ROTHSTEIN: Thank you.
Any final comments? Dr. Kibbe.
DR. KIBBE: My final comment from the AAFP would be the recommendation to you, the urging that you don't be afraid to go back and fix HIPAA. What we need to have in this country is consistency with respect to the privacy and security obligations that are attached to anyone, any person, any organizations that have personal health information and handles it not just doctors health plans and other kinds of covered entities.
MR. ROTHSTEIN: Thank you. That is one of our recommendations also from our June letter.
Okay. Thank you very much, Dr. Keaton, Dr. Kibbe and Dr. Zaroukian. We are going to take a 45 minute working lunch break and then we will have panel No. 3 at 1:15.
[Whereupon, at 12:33 p.m., the meeting was recessed, to reconvene at 1:25 p.m., the same afternoon, Tuesday, April 17, 2007.]
Agenda Item: Panel III -- Entities Experienced with Consumer Controls
MR. ROTHSTEIN: We are back on the record and back in business. This is the post lunch session of the Subcommittee on Privacy and Confidentiality of the National Committee on Vital and Health Statistics. We are conducting a hearing today on consumer controls for sensitive health records.
This morning we heard from two panels of providers, who described their current practices and their needs and their feelings about the issue of whether certain elements in health records can be segregated, whether they ought to be segregated, some of the practical problems, as well as the problems and issues related to consumer control over information.
This afternoon's panel, we get to hear from one witness, who is going to share with us her experience with Regenstrief in Indy and also another witness, who is going to describe her recent report that she completed for HHS.
So, with that, I want to introduce and call upon Victoria McBroom Prescott to be our first witness this afternoon.
Welcome.
Agenda Item: Victoria McBroom Prescott, JD
MS. PRESCOTT: Thank you for the opportunity to address you today on the topic of privacy and restrictions on data and health information exchange.
I was asked to give you an overview of the Indiana Network for Patient Care, which is called INPC and just to give you a little bit of background on that and the regional statistics, our logical infrastructure, how the data is being used, the legal structure and self-imposed privacy and security constraints, as well as how we handle patient requests for restrictions. Then I will give you a little glimpse of some of the difficulties in implementing restrictions on data.
First, the Indiana -- and I will breeze through this pretty quickly -- it is only 15 minutes also -- I will be happy to take any questions at the end of the time.
MR. ROTHSTEIN: Yes, we will have our question session after you and Joy give your presentations.
MS. PRESCOTT: Great.
INPC is a virtual health information exchange. It was formed in 1997 and it covers central Indiana, which has about 1.6 million people in it, about 25 percent of the state and we are expanding. Basically, the premise of the network was to reuse the data. That is the basic mantra, to reuse it for treatment purposes, research, public health and health care operations, such as quality improvement.
There is no financial data in the INPC and Indiana State laws are very favorable to health information exchange uses and don't require patients' consent in general. Just to show you on the power point here a logical -- about the Indiana law, Indiana law is very favorable to sharing health information for treatment purposes and other legitimate business purposes is kind of the phrase in the statute.
There is no consent requirement for, for instance, communicable disease, other types of data. It really is considered part of the medical record, nothing for mental health records, et cetera.
Yes, actually, it is very close to the minimum HIPAA requirement as opposed to like Minnesota, which has passed a number of state laws that really go far beyond what HIPAA requires.
The next slide just shows you a little bit about how it is logically structured, showing the different data feeds kind of coming into our system. You will notice that we do receive feeds from over 29 hospitals currently, different national regional labs, different outpatients, pharmacies and pharmacy benefit managers, physician officers, the ones that do have EMRs and actually about one-third of all office visits in central Indiana and different ambulatory care centers. We also receive some data from the state department of health and also Marion County Health Department and payers have recently provided their claims data. Medicaid gave us all of their data to use in the health information exchange for treatment purposes and as well as several commercial payers are now members of INPC.
In the center you will see there is basically a data repository, which on the next slide I will show you is kind of a silo type, a federated data model or basically one silo for each data source. So, all the data, for instance, from Community Hospital System goes into one vault and something from St. Vincent goes into a different vault, et cetera. That is how it logically works out.
Then we also have the global provider index. You have to know who the doctor is and we also have the global patient index, which we need to know who the patient is so we can match across it. It is all standardized with the terms dictionary and then basically on the right hand side here, you will see that there is different types of accesses to different type of data for different patients, depending on the situation.
I won't go through all of these because that would take too time, but you are welcome to ask me any question about it as well. Then the basic next slide is to show that there is a big lock and key on the system that you can't just get on line and start searching randomly for patients and their information. So, it is very limited access and we will go into that just a tiny bit as we go on.
Just a few statistics. We have over 95 data feeds physically coming in to the INPC. We have 900 million records on file. We have data for more than 3 million patients. We receive over 5 million clinical messages, like, for instance, test results every month and we have over 10 terabytes of data because we have been in existence for quite awhile and we don't throw anything away.
The legal structure is Regenstrief Institute, which is a medical research institute, is the administrator of the INPC. It is a business associate legally of the covered entities that provide data to the INPC for several purposes. So, we are a business associate on their behalf to deidentify data for research, to transmit reportable diseases to public health, to disclose to providers the data for treatment and to aggregate for quality reporting.
Regenstrief is viewed as merely the custodian of the data. It is not our data. So, the privacy and security constraints that we have in place, the INPC participants have mutually agreed on how the access occurred. So, it is not by state law, but it is basically by mutual agreement and the access for treatment must be based -- our view is it must be based on some type of evidence that the patient is under the treatment of that provider at that particular point in time. So, for instance, the online access to actually go on line and look up a patient, who is admitted -- basically the patient is admitted to the hospital in the emergency department, for example, comes in. We automatically because we are hooked up to their registration system, we receive an admission, electronic message with that patient is being treated in the ER at that time.
We automatically allow and open up that record on that patient for that one particular -- it is limited by time, location and user. So, it is opened up for the time that the patient is in that hospital up to I think it is 72 hours after discharge or no more than 30 days. Also, on location, it is just that particular facility. So, if it is Community Hospital North Campus, it is only there and then it is by user. We have to map the user for the different facilities and the hospitals, you know, provide us with a list of doctors who are authorized at that facility.
So, it is very limited. As far as patient requests, we view it as the provider having the relationship with the patient. The provider has its own privacy policy and providers decide what data to send to INPC and the provider makes a decision on whether to grant requests of the patient for restrictions on their data.
So, how it is structured in the INPC agreement is that any patient inquiries would be referred to the provider. Regenstrief would not itself respond to a patient inquiry or restriction of amendments or anything. INPC participants have agreed that they would not allow the amendment or restriction without talking to us first to see if it is technically and feasibly -- technically feasible to be able to electronically do that restriction.
We are viewed, you know, as the contractor and so we inform them as to what can and can't be done and then they make the decision and talk to the patient. So, any amendments have to be electronic as well.
Yes?
MR. HOUSTON: Quick question. Is this arrangement -- do you inform this as an OHCA, organized health care arrangement, under HIPAA, so that all these hospitals can --
MS. PRESCOTT: No, not to my knowledge. WE are just a business associate of the --
MR. HOUSTON: No, I understand IPC wouldn't be but the hospitals, have they formed some other type of relationship --
MS. PRESCOTT: Not to my knowledge.
MR. HOUSTON: If they are sharing data, I am just wondering, wouldn't that be -- no? Okay.
MS. MC ANDREW: They would need to be holding themselves out as a single entity.
MR. HOUSTON: Or as an OHCA?
MS. MC ANDREW: For instance, a hospital may operate as an OHCA, physicians practicing within that are not -- but unless this whole arrangement is operating -- holding itself out as a single enterprise, it wouldn't necessarily by an OHCA.
MR. HOUSTON: Sorry, but I just had to ask.
MS. BERNSTEIN: [Comment off microphone.]
MS. PRESCOTT: Sure. And there are more than just hospitals that are contributing the data as well. And just a note that most providers do not allow -- do not grant the restrictions if patients request them in general. For instance, this is true not just in Indiana, but other places, like Kaiser, even in their documents on line say we do not grant patient requests for restrictions or data.
What is our experience with patient requests? You know, the INPC began pre-HIPAA. So, we actually had to require patient consent to be able to share this data. During that period of time, less than .5 percent did not consent. Of that percentage, that tiny percentage, 70 percent came from one clerk at one hospital because she didn't like sharing the data.
So, post-HIPAA, you know, HIPAA allows, you know, patient -- doesn't require patient consent to share it for treatment purposes. So, post-HIPAA, the INPC participants decided to no longer require consent. In the four years that I have been at Regenstrief, we have only had two patients request any restrictions to my knowledge. Then what happens when they did request it and the hospital did want to grant that restriction? Well, how we do that is that the patient data is basically not shared at all between the institutions. It is an all or nothing thing.
Physically, the way it happens is there is a date field in each one of the silos. I mentioned the different silos of data. So, the date field is filled in if they have requested their restriction and if their data will not be shared. We don't filter on data elements for several reasons. It is an all or nothing approach because it is very difficult and costly to do, which I will get into more of that when we talk about hypotheticals on the next slide.
But also because an all or nothing choice, we believe, enables a better decision by the physicians. They don't have to worry about, well, gee, do I have all the data or some of the data, et cetera, and it can lead to also a lack of confidence in the health information exchange data that is provided to physicians at point of care, which can affect adoption, of course.
So, just to go over briefly -- I know we are going to run short on time probably -- difficulties that we view in implementing restrictions. I have just got a couple of hypotheticals here. One is if there is a state law or some kind of decision made to restrict, for instance, HIV test results or HIV information. You need to decide which data elements you are going to hide. So, is it just the HIV test results themselves? If you have -- if you are HIV positive, they will be doing CD4 count tests and they are only going to do those tests if you are HIV positive. So, do you also block those?
What about transcribed text reports? There could be a text report, a note from the doctor that happens to mention that the patient has HIV -- is HIV positive or something like that. I mean, to what extent are you going to be limiting, you know -- making these decisions on what to hide. Also, another example is medications. If you decide, okay, we are going to block this medication because it is used for HIV or, you know, whatever the particular condition is that you want the filter on.
New Medications come out all the time. Are you going to block any new medication until a decisions is made by like, for instance, a committee or something on whether or not it is okay to release that new medication? You are also going to have to map the medication, the NBC codes to the medication categories that you are trying to block, which is not simple. Also, there is dual use for medication frequently. Are you going to block it if it is used for one thing but you are really using it for another?
It also limits the ability of the health information exchanger, whoever it is, to detect things like the next -- so you are really limiting things by doing that. Also, the relevance, the patient care, obviously, having the information is very important for care of the patient and affects treatment regimen options and it really is the patient in the best position to choose the details of what exactly to include and exclude in a health information exchange.
For instance, if you want to block all sexually transmitted diseases, I say I don't want anybody to know I have something and you go to the doctor for back pain, well, it would be important for him to know because sometimes back pain is a symptom of an STD or a result of an STD or something like that. So, it is very important, even for things that the patient might not think they want to have disclosed. It is important for treatment. It also helps avoid adverse drug events, complications, additional procedures, pain and death, of course.
So, it also adds cost to the patient and the employer and payer, out of pocket costs and loss of work days as well if they don't have the data and things are done that cause them to have complications.
Some restrictions on data also negatively impact, as we mentioned before, patient care, but also secondary uses, such as research, which was some of these other, quote, unquote, secondary uses have been emphasized as a vital component of a sustainable nationwide health information network. When the NHIN form was done recently by the four contractors, it limits the value of the data because they are not getting a full picture of the patient and it may result in false conclusions that might even be used as guideline procedure for doctors in the future.
Also, it impacts healthcare operations. You can't assess the quality and make improvements if you don't have all the data to analyze. So, that makes things difficult as well. Then public health, to the extent that it is affected by any of these filters or restrictions on data could impact the ability to detect outbreaks and take action on a population basis.
So, the more restrictions and acceptions you have, the higher the cost of the system as well, the higher the cost of the administrative system and the higher the cost to actually participate in the system. It also increases the liability of participants and the health information exchange itself and that can affect the data sources willingness to participate at all.
Then, of course, you lose the ability to use past data. For instance, when we had Medicaid join, they actually gave us ten years back of data on their patients to be able to use and use for quality measures, et cetera. That can be important. It also affects your ability to detect fraud and abuse. If I want to avoid being detected as a drug seeker, then I am going to definitely opt out.
Just to close, the decision on, you know, what restrictions on data should be imposed basically boils down to balancing the rights of the individual with the benefits of the whole population and really the whole health care system and the ability to pay for that system and to sustain that system.
Thank you for your attention and I will put on my flak jacket when it is time for questions.
MR. ROTHSTEIN: I don't know why you would think that.
Our second witness on this panel is Joy Pritts, who has testified before our subcommittee many times and we appreciate your coming back to tell us about this new study that you have completed.
MS. PRITTS: Good afternoon. Thank you for inviting me to speak with NCVHS on the important issue of patient consent. You asked me today to speak about a paper that Kathleen Connor and I wrote called The Implementation of E-Consent Mechanisms in Three Countries, Canada, England and The Netherlands, subtitle, The Ability to Map Access to Health Data.
For those who have not read this paper, it is available on Georgetown University's website at http://HPI.Georgetown.EDU.
MS. BERNSTEIN: For everybody who is on the committee, I have circulated to you and there is a copy in your folder and for the staff or people who may be listening on the phone or on the web, thank you for getting us that.
MS. PRITTS: This paper arose out of the Substance Abuse and Mental Health Services Administration, commonly known as SAMHSA, which is a government office, which is devoted to addressing substance abuse and mental health issues in the United States and ensuring that people get treatment. As I am sure most of you know, SAMHSA also is very involved with the interpretation of 42 CFR Part 2, which is the primary federal law addressing the confidentiality of health information that is related to people seeking substance abuse treatment.
That law went into effect decades ago with the idea that it would encourage people to seek treatment and shelter them from the threat of prosecution. That law unlike the HIPAA privacy rule actually requires a patient permission to disclose health information, even for treatment purposes in most cases. During the evolving National Health Information Network debates in a number of different forums, the issue has come up how are we going to be able to support this kind of a requirement in our developing system and can we do it.
So, what SAMHSA asked us to do is to look at a couple other countries that are a little bit further along in the development of their nationwide health information infrastructures and to look at how some countries who actually do give their patients the right to control their health information, how they were able to do that, primarily kind of from a technical perspective.
In the paper and in my discussion today, I am using the term "consent" to mean permission to share your health information for treatment purposes and "consent mechanism" to mean the method by which the individual can actually exercise that right. We looked at England, The Netherlands and Canada and in Canada in particular, what we ended up doing was looking at Electronic Health Information Exchange Projects in three different provinces, primarily because in Canada, health information privacy is largely controlled at the provincial level. So, we wanted to get a feel for how that was being implemented.
We only looked at treatment for two reasons. One is you have to limit a study like this in some regard because it can quickly overwhelm you. The other is that for most of these countries, when they are talking about their nationwide health information network, this treatment is the area where they have the most established policies.
So, that is what we looked at and we also selected countries where the information was in English because that is my primary language. We won't even discuss my ability to read French and German anymore. What we found -- we also looked before we -- I go into actually what we found on the technicalities of consent mechanisms, we did look a the background of the health care delivery system because you have to look at these issues within some sort of context.
All three countries have some sort of universal health care. It ranges from in England where the NHS, National Health Service, provides the vast majority of treatment for the citizens of England and The Netherlands, for those of you who were around during the Clinton health insurance debate, this will sound very familiar. Their system is based on -- it is universal health care coverage. It is mandatory coverage. All citizens must have health insurance. There are private insurers. They are guaranteed issue so that within the region the individuals must be offered coverage at a set basic price and then they can go about that.
It has not been in effect for more than a year at this point. So, we don't know how that is going, but you can see it is a very different model, insurance model, than it is in the U.K. Also because it is universal health care, the vast majority of health care expenses are paid for by either the federal or the provincial equivalent to state governments. So, a lot of the funding for these projects is actually coming from the governmental entities. Here you see our direct alignment between the investment and the return on investment in health information technology.
A little aside here, there were so many interesting issues in writing this paper that I could talk to you all day about them, but I will just focus on the consent ones today. But I thought that was one of them was the alignment of the incentives there.
All of these countries, even Canada, follow the European Union Privacy Directive. Canada is not required to do this. It elected to do this because it wanted the ability to share its health information freely with Canada, particularly with Europe, Canada and Europe, particularly for research purposes.
Under the European Privacy Directive at a minimum, the government must have in place implied consent to disclose identifiable health information for treatment purposes with an opportunity to withdraw or withhold the information, essentially an opt out. That directive has been adopted very differently in all three countries. All three countries nationwide health information infrastructure have electronic support for patients exercising control over their health information for treatment. It generally consists of coding data in such a way that it is either not sent or not visible. Having said that, it becomes quite apparent that these masking techniques that I will be speaking about today work best with coded data and all three countries health care systems envision data that is highly held in a coded format.
The masking or the -- what they call masking of data is done at different levels in different countries. In some countries, in some projects, it is done at the data source. It can also occur at essential repository or a record index locator level. The different countries apply masking with a very different level of granularity. I am going to go very briefly through some of these so that you can see the wide range of opportunities -- wide range of implementation that has occurred.
In Canada, we looked at projects in Alberta, British Columbia and Ontario. There are three separate provinces. They have three separate laws that -- provincial laws that deal with health information exchange. Yet, they have all agreed to abide by the nationwide privacy and security architecture that was developed by Canada Health InfoWay(?). They have implemented that quite differently, though.
The Alberta Physician Office System Program is a system where the physicians' offices can actually tap into these regional repositories that they have in Canada. They have regional repositories usually at the provincial level for prescription drug information, imaging information and lab data and summary care information. At the Alberta Physician Office System Program, in order to be certified to participate in that program, the systems have to be capable of allowing masking data at a discrete data element level. So, you have implied consent to share the information for treatment and then the patient has the ability to mask data down to the data element level.
The systems are capable of overriding the masking of that information. They log the override, including the user's I.D. date and time and the reason why the physician overrode that masking. As of 2008, the systems also must be capable of allow or restrict access to their data by specific health care providers, using health care provider identification numbers or purpose or circumstance. For example, I mask my information except for emergency situations.
This is also -- I believe this is also the program where by 2008 they have a drug system alert systems, an alert for physicians that tells them when there is an issue with drugs that are about to be prescribed and it is supposed to, by 2008, be able to interact with this masked data. So, even if it is not visible to the provider, they will receive a notification you are about to do something that might be dangerous to the patient. You need to talk to the patient about this. So, there will be that alerting capacity.
In British Columbia, we looked at the PharmaNet System, which is one of these provincial wide prescription information databases. There the citizens have the right to mask their entire prescription record by having their pharmacist attach a key word to the record. So, it is a total opt out. They mask the entire record or what they can then do is they decide who they want to get in -- have access to this information and they give them the key word, which is often called a shared secret. I think you have probably heard that before.
Emergency departments have the ability to override the masking in emergency situations. They can have that key word reset and it sets up a whole other alert system, letting the individual know that their information has been looked at and their masking has been overridden.
We also looked at Ontario's emergency department drugs history initiative, which is somewhat similar, but it is a little bit more limited in the scope of who it is directed to. It was primarily directed to emergency departments. Their individuals have the ability to totally mask their prescription record, which is a total opt out. In addition, individuals can elect to say I am going to participate in the system, but there are specific prescriptions that I prefer not to be shared without my permission. By doing that, they mask certain data elements. Then the individual has the ability to give a health care provider, particularly in the emergency department access to that information on a temporary basis by providing their health numbers.
Consistent with Regenstrief's experience, out of over 1.5 million of the potential -- of the people who could -- whose information was in this database, only 508 fully withheld consent and only 11 partially withheld consent from June 2005 through February 2006. The ability to withhold your data on the system is quite easy to do if you have access to a computer because the forms are readily available on the web site.
MR. ROTHSTEIN: Excuse me, Joy. Do you have a denominator for us?
MS. PRITTS: No. 1.5 million and only 508. So, it is really small. However, it is also -- when Canada was developing its privacy and security architecture for its nationwide health information network, they developed it and then they actually vetted it with consumers through a series of consumer surveys. So, the fact that people aren't utilizing this doesn't necessarily mean that it is not a facet that they thought was important, an important piece of the architecture.
In England, England has a very different development for their nationwide health information network. It is being based on a nationwide database, which will hold summary care records for all 50 million of its citizens. It has been quite controversial and there has been a significant amount of consumer input and back and forth in the development of where this record was going and what kind of controls consumers would actually be able to utilize on it.
In the most recent iteration of this, which was released in December 2006, and that is also referenced in the paper that we wrote. It is a very interesting -- it is worth reading. It is called Sealed Envelopes Briefing Paper and it has -- it includes some diagrams of exactly how they envision the system working. The decision is that first of all people are going to be able to have the choice, whether they are going to have a nationwide summary care record -- they believe that that is something that people have to have the choice whether or not they are going to be included.
Then they are going to be able to opt out of sharing the record. You can have a summary care record, but essentially make it invisible to most people, but it would be available for other purposes, such as public health. If that level of masking is not -- they call it sealing is not ideal for an individual, they also have the ability to what they call seal individual data elements or seal and lock them and sealing and sealing and locking take place generally in the context of a circle of care so that when a document is sealed the individual -- the health care provider, who created that information has access to it.
In addition, the workgroup that that provider does their work with, their nurses and people based on -- will also have access to that information. For others, that information is not available without an override. Again, when information is sealed, it is capable of being overridden by somebody outside of that care group. If they override, then there is a notice that comes up on the screen saying you are about to access field information. Do you want to proceed? If they elect to proceed, it says an alert will be sent to the privacy officer now and then that is what happens. So, they can override it. There is this alert system in place.
When information is locked, it is a little -- it is much tighter restriction on who can have access to that information. When it is locked, people within the workgroup will know of the existence of the information but people outside of the workgroup won't even know that it is there and there is no ability to override that lock. It is very interesting because the U.K. is very aware of the potential health consequences of locking information and not having the potential for an override. They discuss it at length in their paper and they basically say an individual has the ability to refuse to consent to treatment if they know the consequences. We are giving people a lot of notice about what the potential consequences for this are. So, we treat it with this -- decision with the same degree of respect.
Turning now briefly to The Netherlands, there is currently a limited ability to seal information based on limiting access to records to specific health care providers. That exists today. The Netherlands has kind of -- it is a document locator system and so it is different than either the U.K. or Canada. So, their information now is going to be controlled at a slightly different manner. There will be sealing at the provider level, which means that other people wouldn't be able to necessarily access that information, but primarily, they are going to be using what they call I believe they are authorization profiles and then the way that works is a consumer is presented with a series of options of I am going to share my health information with everybody. I am going to share my health information with everybody but I don't want my brother-in-law, Dr. X, to see it.
It is because he has -- and they can do that because they have provider identification. They also envision using different levels of authority, like you can always share my health information. You can only share my health information in emergency or you can never share it. They are both in England and The Netherlands are actually doing -- of testing their consent mechanisms in real life projects to see how this is going to work in the long term.
This is changing on a daily basis. If I came back in six months, I might have a very different story to tell you, but as things stand now, the premise is that as the -- these three countries move along in their nationwide health information network, they intend for their citizens to have a lot of degree of control over their health information.
That is the end of my testimony. Conveniently timed.
MR. ROTHSTEIN: Thank you both very much and we have some questions for you and we will for this round counterclockwise order again.
So, John.
Agenda Item: Questions and Answers
MR. HOUSTON: A couple of questions.
Joy, did your study go into any review of the way that these different systems are going to provide logging and the ability of a patient or somebody to review who had looked at the patient's record?
MS. PRITTS: We have collected some of that data but it was a little bit beyond the scope of this paper. So, we have some of it that we can pull out. If you look at the paper, there is a section that says something like access control and it briefly touches on the logging issue because -- I understand that you can't just look at consent. You have to look at it within the broader framework of how often are they controlling the data.
MR. HOUSTON: Because I think what is going to happen is this is going to become a really sticky issue and I think in terms of whatever architecture is developed in RHIOs in the United States, it is really going to become a thorny issue of how do we set up a process that is workable, that is sustainable and I would really love -- it would be really great at some point to expand upon that because I think it really is going to be a really pretty relevant topic.
MS. PRITTS: I would suggest that you direct that comment to ASPE at the moment because I think they are thinking of looking at that issue.
MR. HOUSTON: And maybe if Victoria could speak to what Regenstrief is doing in that regard. I don't think you expanded on that too much in your comments, if I am not mistaken. How do they deal with the issue of logging and some type of retrospective review by patients or by somebody who has looked at somebody's data and whether it was appropriate? Was there a process implemented in that regard?
MS. PRESCOTT: Yes There is a full audit trail, as far as who has looked at the record because we all use standard security procedures and things like that. There is no automatic, oh, let's go and look at these -- you know, there is no process in place to go do a manual review. What happens is if there is an inquiry at one of the hospitals and they are concerned that, you know, someone might have done an unauthorized view of data, then we pull the record and provide it to the hospital or whoever did the inquiry and then they take action. It has happened once or twice. It is usually an employee of the hospital.
MR. HOUSTON: What happens if a patient comes to whomever and says I am concerned but I believe my next door neighbor looked at my record and she works for Hospital X or maybe it is -- or maybe it is they are just concerned. They have a concern that somebody has looked at their record and they don't know who. Is there some overarching organization that can do a private review for a patient?
MS. PRESCOTT: Not an overarching organization. Through our relationship, as I mentioned before, it is really the providers that we refer the patient inquiries to. So, they would go to the hospital and say I believe that -- but when we pull the data, it is going to be data that has been -- that data has been accessed by the whole community and we --
MR. HOUSTON: You would direct them to whatever provider had provided care to them in order to initiate that review?
MS. PRESCOTT: Yes and we have never received any direct person inquiries. I mean, most patients don't even know we exist.
MR. HOUSTON: Great. Thank you.
MS. PRITTS: If I could address part of your question, I was sitting here remembering some of the things that I read and one of the things that they are doing in England is their health system is set up for regional health care delivery and within the regional health care delivery, they have what they call Caldecot guardians, who are Caldecot, I think, guardians. It is somebody's name, I believe, or an act or something. It is a name.
They have been charged with reviewing -- almost by being the privacy officers, not quite, and making -- one of the things that they are supposed to be doing in this system as it develops is doing intermittent overall audits, but looking at, you know, picking out some providers records and saying, okay, what has he been doing as a kind of deterrent to make sure that people aren't surfing the system.
MS. PRESCOTT: I should mention something else you just brought to mind. As far as a breach, if there is a breach that occurs in our INPC agreement, we do have mechanisms for disclosing the breach to like all participants if it is a serious breach, et cetera, so that they can, you know, take any action that is necessary. I just wanted to mention that, too.
MS. BERNSTEIN: Does the system look for anomalies? Is there some mechanism set up so that if an unusual occurrence happens with access you can -- some inquiry is generated?
MS. PRESCOTT: It is very difficult to set up an algorithm because there could be really valid uses for things. I mean, we have some basic procedures in place, you know, a hundred thousand hits or something, but that is not really usually going to be occurring, but it is very difficult to figure out which types of hits would be inappropriate. Plus, it is very locked down, the system, the way access is right now. So, it is very unlikely anything would occur.
DR. TANG: I found this -- as useful as the ones were this morning, I thought this panel was invaluable because it has real world experience in data. In the one hand, I think it is real world, a lab for actually doing the -- dealing with aggregate data over many, many systems and the others, the international scene is actually a lab for policy development and I think we learn a lot from them.
I have a question for each party. In the Indiana group, which actually is probably the largest in the county and it may be the world where they are dealing with the real exchange of health information and answering the inquiries back and dealing with the policy issues. We talked about the sensitivity to the context user and I think location. So, is a provider at 1 ED, gets access to a patient data, is that person on his or her honor or does the system restrict it in some way. Describe picking up the location and then getting a proprietary, an ER locum can be multiple locations that you can't predict. So, is it controlled at the system level or is it by the individual providers?
MS. PRESCOTT: It is a combination of both. Actually addresses a range of IP addresses for a particular facility that it is locked down to and it has to be a user that is associated with that one particular facility.
DR. TANG: That is the genesis of my question. It is pretty hard for you at the system level to keep up with the fact that, oh, I just got this job at ED No. 3 and for you to know that I should be allowed to --
MS. PRESCOTT: Whenever an entity joins INPC, they give us the range of the IP addresses and we are in very frequent contact with them on that and they also give us very frequently, sometimes daily, a list of physicians that are authorized. We do the mapping, you know, to our global provider for that.
DR. TANG: On the international -- I really enjoyed your paper because I think it had all kinds of information. One of the pieces you did mention is that changing even daily and before our sessions you talked about having the first draft available like the end of last year and then had to revise it just to present more current information. So, I think that is a good way of tracking what is going on internationally as they struggle with some of these same issues and perhaps are ahead of it as you say.
Many of the things -- you used the word "envision," which I think means that a lot of these things are planned and conceived rather than implementation, implemented at least nationwide. You talked about pilots and all. So, I think one of these we need to consider is or maybe we certainly have to invite it back to find out what is the result of these pilots and experiments because I think in many of our minds, implementation is that is where the rubber hits the road in the devil of details and whether you can actually sustain that amount of granular control as some people are envisioning.
MS. PRITTS: I would really like to do a failed track.
MR. HOUSTON: So would we.
MS. PRITTS: There we have it. We should all go.
DR. TANG: So, as an example the notion that a decision support system can operate off of masked data, that was the hypothesis by one of the countries. I think it was The Netherlands. But interesting enough, 87 percent of the drug interaction alerts are disregarded, either because they are not true or they don't -- whatever the reason is they are, quote, false positives in the sense they are not acted upon. So, one can imagine the provider being faced with we don't know something and all these things, it is just -- I mean, it is one of those gotchas that we would love to see how it plays out.
MS. PRITTS: I think one of the key elements in all of these systems is that there is an underlying assumption that the provider will never have all of the information and you see this from the notices on the web sites. They have -- and I can't remember which province it is, but they have a physician's notice on their web site. This web site will not ever -- the prescription data that you receive will never be totally -- the patient may be getting information off of the Internet. This is a baseline and you need to work from it. I think that is one of the key assumptions that I hear missing from some of the discussion here in the United States is there seems to be almost this assumption that when we go to electronic health records, we are going to have it all and we will never have it all because you know whatever you design to capture the information, your patients will be on the other side, figuring out a way to avoid it.
DR. TANG: One more final comment. There is an interesting concordance in their experience. Less than .1 percent came to restrict -- ask for restrictions and 70 percent which came from one clerk. So, if you moved that 70 percent, it matches identically with the experience that Joy just talked about of the .02 percent.
MS. BERNSTEIN: Yes, but am I correct, what Joy is talking about is patients who are making those decisions and what Ms. Prescott is talking about is providers who are making those decisions. Right? The clerk is working for a provider, right?
MS. PRESCOTT: No, it is intake clerk at the hospital. It is just a clerk who says would you like me to sign these forms and you should mark that one no, because you shouldn't consent to that.
MR. ROTHSTEIN: Leslie.
DR. FRANCIS: I have a specific question for Ms. Prescott and then a question for both of you. The question I have for you is you have a slide here that is called Patient Request and the third and fourth bullet there are -- No. 12 -- are provider decides what data to send to INPC and provider makes the decision on whether to grant patient request. I wanted to be sure I understood that because what I want to know is whether at the time of the provider/patient relationship, there are decisions made never to send data, rather than to send data with restrictions. You see what I am asking. That is that the provider and the patient might decide together that the information about this visit or whatever isn't going to get sent to your network or does all -- rather than they are deciding that it will get sent with a request for restriction.
MS. PRESCOTT: I am sorry. I am not quite following.
DR. FRANCIS: The question that I am interested in is whether there is information that is never making its way into the system.
MS. PRESCOTT: Actually, we are not aware of any. There was a hospital that joined recently, who said that if the patient wants them not to share their data with anybody, then supposedly they are going to market in that system and not electronically transmit it to us, but I don't have any idea as far as how many patients that is or whether they are really going to do that in practice or not. But at least one person at one meeting said, yes, we wouldn't share it with anybody. We wouldn't even send it to you. But all the other participants in central Indiana in INPC they all send us all of those data and there has only been those two that the provider, that particular hospital decided that they wanted the grant and then we just deleted those two patients from the entire --
DR. FRANCIS: That includes physicians as well? You have got a bunch of physicians sending you data. So, you are getting all data from effectively all the health care providers.
MS. PRESCOTT: Correct. It is 99 percent of the hospital care. It is over one-third of the ambulatory care. So, it is not all providers have EMRs. So, we wouldn't be receiving necessarily their data unless they had an EMR because that could generate an HL7 out and send it to us. But some of the large practices like IMUV, who is actually one of the founding members of INPC, along with some hospitals. They do send all of their data. So, it is included.
DR. FRANCIS: My second question, which is for both of you --
MR. ROTHSTEIN: Excuse me. Could I interrupt for just a second. Would it be theoretically possible that if I saw an internist in Indiana in your area and I had a variety of complaints and one of which is some sort of depression, that the provider could agree not to send that complaint and maybe even a prescription, but send all the other stuff. Is that possible? Does that happen?
MS. PRESCOTT: Not from a practical standpoint. I mean, they can choose what to send, sure, but really what happens is we have direct feeds from their systems, their lab systems, their transcription systems. We have a direct feed from pharmacy benefit managers. So, we get all the data that they have on prescriptions that have been there. We have a direct feed from the order entry system with the hospitals. So, we even receive orders that are done. In those particular systems there is really no way that at least I am aware of that you can actually turn off individual patients, plus they send us the data for other purposes. For instance, we do clinical messaging as a service to the hospitals and labs. So, they hire us to take their data and deliver it to the doctors' offices. So, they have to give us all their data so that we can deliver it as well and there is really no way to parse things out.
So, that is why we kind of have it set up to where it is going to be an all or nothing, you know, we will just take the patient out of the system.
MS. BERNSTEIN: If I am a motivated patient and I have a long time good relationship with my doctor and I needed to be treated for depression and my doctor writes me a script on his or her prescription pad and gives it to me and I go pay cash at my pharmacy --
MS. PRESCOTT: That is it.
MS. BERNSTEIN: But my name is going to appear on the prescription. I could pay cash and still have it show up at the PDM, right?
MS. PRESCOTT: You could ask the pharmacy not to file --
MS. BERNSTEIN: Could I do that?
MS. PRESCOTT: They wouldn't file the claim because you paid cash. They are supposed to file the claim, but -- they are supposed to by their contract -- there are other ways to opt out, right.
MS. BERNSTEIN: But the 1 percent that you are talking about is not this kind of 1 percent. I guess there are two-thirds that don't have EMRs. You are not getting those for the moment. But that will presumably change. EMRs will become more widespread. So, the 1 percent of the records they are not getting. What does that represent?
MS. PRESCOTT: There is a lot of data that we don't get. I mean, we are getting a lot of data and we have the most data of anybody in the whole country or world, probably, but we still don't have all the data. I mean there is a ton of other places that -- and other labs and other, you know, little systems within the hospitals even that we have now, you know, that infection control. I mean, there is just data everywhere and we can't -- we are never going to get all the data, as Joy said, but I am not quite sure -- and there are other ways to opt out, like you said, in paying tax and you could do things as well. So --
MR. ROTHSTEIN: I am sorry. I interrupted Leslie.
DR. FRANCIS: My other question is for both of you and I don't mean this -- I don't mean this quite pejoratively, but I have a sort of roach hotel theory of electronic records in the sense that, you know, information checks in but it never checks out.
DR. TANG: Where is the roach hotel part?
DR. FRANCIS: They check in but they never check out. The point behind that is not all of the information that goes in is accurate. There is mistaken information. And I wonder -- which can be very damaging to people and I wonder whether your system has any experience with the possibility that somebody might -- a provider, say, might choose to correct something that has been sent and whether any of the systems that you have studied has any -- you know, there is some effort to rely on patients to look at their record, but I am interested in the provider side and whether (a) the systems you looked at have thought about that question at all.
MS. PRESCOTT: You want to go first or --
MS. PRITTS: Sure, I can go first. I will let you off the hot seat.
With respect to verifying information, I would say that what they are doing in England is before -- they are just getting ready to launch their summary care records and before they publish that information in -- that summary care record information into the nationwide -- they are giving the patient the access to it through the Internet. They have a web portal and they are asking people to review that and let us know what is correct before we upload it to begin with. That is one of the things that they are doing to verify that.
This is an area where -- I looked at this a little bit in England and in The Netherlands and it is not clear what they are going to do to correct it from a provider point of view. That I wasn't able to really pick up on. I could pick up how the consumer fitting into this, but from the materials I was able to get that are publicly available, it is kind of harder to see how the physicians are going to do it, whether they would be alerted that it is not somebody's information. Are they able to pull it off? From my understanding, they can do that. They just don't?
DR. FRANCIS: They just don't? Have you ever seen any --
MS. PRITTS: I don't know the answer to that, if are dealing with that. It would be interesting to find out because, for example, the prescription data system in I think it is in one of the provinces has been active for well over a decade. So, they have been doing this for a long time.
MS. PRESCOTT: Ye, we have -- there are always going to be errors in data that -- you know, codified data entry or whatever it happens to be. So, there is actually a way to electronically amend data, lab results, whatever they are. So, the hospital or whoever it is that made the error would electronically send us the copy and it would have I think it is an HL7. It even says, you know, ignore the previous one, whatever.
Also, actually our HIE has helped identify a couple of errors. There is one physician who said, oh, I see you have prostate cancer. I don't know what you are talking about. So, what happened was we called the clerk or the hospital that had that data and they corrected it and then sent us the electronic amendment. So, actually Health Information Exchange can help a little bit from that standpoint. There are going to be some errors probably when you are talking about matching patients, you know, because there is a whole big discussion about a master patient index, how do you do that algorithm, et cetera.
There could be errors from that, although at Regenstrief, we are like -- they have people who just are devoted to that kind of thing and the appropriate algorithms and statistical matching formulas and things like that. We always err on the side of not having false positives. We will just err on the side of not including the data if we aren't really sure that that is that particular patient.
DR. FRANCIS: So, the principal error that you have experience with is wrong patient type error, more so than -- or just plain data entry problems, rather than say misdiagnosis.
MS. PRESCOTT: Data entry problems typically, but we haven't found tons of errors. We don't even know sometimes that the hospital if they found their own error, they just send it to us electronically and it is processed in the system. So, I can't say that they call us every time they make an error. So, I don't really have firm statistics on that.
MR. ROTHSTEIN: Simon.
DR. COHN: I just have two questions. Perhaps more on clarification just so that the way I understood what was happening. First of all, actually, it had to do with you had made a point about how tight the data access was, using the hospital as an example in terms of access and it opened up and told they were put in the ADT and all of that. Now, I am apologizing. My glasses are pretty good here, but some of your slides -- federated data model slides indicated to me that apparently the physician officers are also having similar access to the data, as well as pharmacies. Is that correct? Am I reading that right? It seemed to me that hospitals aren't the only place that are getting the data. Is that correct?
MS. PRESCOTT: You want to know who accesses the data?
DR. COHN: Yes. Isn't it also doctors' offices and --
MS. PRESCOTT: There are actually a large number of ways you can get at the data and different services that are provided. One of them is the one that is -- and actually in the ER, we also do one other thing. We actually when we receive that electronic message that the patient is in the ER, we actually have the IP address of the printer that is right behind the clerk in the ER --
DR. COHN: I got all that and I understand how you can tighten down in a hospital environment. As I was looking at this one, recognizing that there is a zillion pharmacies, lots of doctors' offices, it seemed to me that maybe the -- unless you have some very good tightening mechanism, you do something where you are checking the previous claim status before they can access a record or something.
MS. PRESCOTT: In the physicians' offices, the way that we are doing it -- actually it has just been approved, well, a few months ago, by the INPC management committee to allow access in physicians' offices for people who are not in the hospital at the time, but they are -- actually the record is opened up when that particular physician has received the lab results on that patient. So, it is using that as the evidence upon which we believe that they are under treatment of that physician.
So, it opens the record up for a limited period of time for that physician. There are other types of mechanisms in here. Pharmacies can't just log onto the -- pharmacies are not accessing the system directly. They are putting data into it, but they are not accessing. Labs are the same. They contribute data but they don't access the data. Public health, there is a whole series of things that we transmit for them, that we could go into. Payers are very, very limited on what they can access. Basically, they can't log on and access. We are in the process of getting ready to roll out the quality reporting project, which is funded through some different mechanisms in Medicare and AQA and all that and they -- it is combining our clinical data that we already have with some of the claims data and looking at specific, basically 26 different quality measures, performance measures of individual physicians.
It is a community effort. The physician community as well as the local payer community have come together to agree upon these set of measures. Then we are using our data to be able to produce those reports. Reports are given to the payers on their particular members and also an aggregate, like how the doctor compares across all the different payers, not just them, kind of like a scorecard and then the providers, the doctors themselves receive a report on their own patients and also their score, you know, across all patients. So, they can actually specific action to improve the quality and know exactly which patients that they need to follow up with, et cetera.
So, those are a few different ways to access the system.
MR. ROTHSTEIN: Thank you. I have a few questions.
Ms. Prescott, how is INPC funded?
MS. PRESCOTT: It was originally funded by a grant from the National Library of Medicine and the original was in 1996-1997 time frame. That has been extended. We keep receiving other grants. So, it is basically funded through a series of grants that is kind of like a patchwork of grants to study the impact of electronic exchange. We have gotten grants to do other things, like clinical reminders, decision support and other types of things. We have gotten grants for the --
MR. ROTHSTEIN: So, the providers don't pay you anything for the service?
MS. PRESCOTT: No. The physicians and hospitals do not pay us for the INPC. Now, there are other services that are kind of built on top of this infrastructure, for instance, clinical messaging that hospitals and labs pay us to deliver their lab results to the doctor. The doctor doesn't pay because, you know, it is the hospitals labs responsibility to get that result to the doctor, but they pay us and because it is like economies of scale, it is a lot cheaper for them for us to do it.
It is better for the doctor because the doctor doesn't have to log on to four different systems to get their results or get some in the mail and some faxed. You know, it is all in one place. The clinical quality, the quality reporting one, the payers are paying us the Health Information Exchange to generate the report. To obtain, there are actually some specific information from physician officers that we actually have to get put into electronic format and some officers obviously don't have any EMRs, so we have to manually data enter some of those like strep results, chlamydia results, pregnancy tests, et cetera, if they don't have that in electronic format.
So, the payers are paying us to do that and then the payers are paying the providers, the doctors, based on their score and their quality improvement. So, those are some of the different --
MR. ROTHSTEIN: Do you ever sell any of the data to researchers?
MS. PRESCOTT: We are a medical research institute. So --
MR. ROTHSTEIN: I understand that, but I mean do you make use of the data in your own research?
MS. PRESCOTT: Oh, extensively, yes, because that is part of the reason for -- to create the system to start with is to have sort of a laboratory to do these tests on to say, okay, you know, are we really improving health care by doing this or having this reminder or implementing --
MR. ROTHSTEIN: Is the research function part of the -- I mean, what are patients told about the research that is done on their health records when they sign up?
MS. PRESCOTT: That is up to the particular hospital, but in our INPC agreement we say that you need to make sure that you disclose this fact that we are using it for research, et cetera. But they usually have those types of language in their privacy policy anyway because they do their own research on the data, et cetera, and we follow HIPAA and actually the INPC agreement goes a few steps further and is more protectionary than even HIPAA is because we require any research that is being done to have an IRB approval and to also include the particular data source at the particular hospital in this research if they want to be included as a researcher on it.
There are other types of mechanisms. The other thing is we don't allow researchers to just log on and download data. We have an entire data analyst group, because we know what the data is. We know that in 1999 we started this type of data and we know that it changed this code and this date. So, we have a much more in-depth knowledge of the data and we can help the researcher understand what they can and can't know from the data.
So, we have a whole data analyst group that will provide or extract the data for the researcher for the approved research project.
MR. ROTHSTEIN: Last question for you and that is you said it was difficult and costly to make more granular decisions in terms of the leaving things in or leaving things out. My question is to what extent is that a function of the legacy, in other words the fact that you started not doing that and it is costly to change over versus the ability and the cost to do it at the outset because my impression from talking to many of the folks who are working in this field now, who are setting up these systems, is basically we can do anything you want as long as we know what you want before we start doing it.
So, do you have a comment on that?
MS. PRESCOTT: Well, they are vendors. We are not -- they will program anything you want, but you will be paying for it, too. The thing is the costly -- from the standpoint of administration, too, I mean, are we going to start asking the providers, who are already taxed for time, et cetera, to have to manage this type of thing and have to do a different type of data entry for those who have to sit down with the patient and spend lots of time explaining this and that and the implications of this and that. I mean, I know there are places, like Joy said in the foreign countries that are trying to do this type of thing, but do we really want to add to the system --
MR. ROTHSTEIN: Yes, some people do.
MS. PRESCOTT: I know, but it is costly. It is also a liability risk. So, you know, if -- we already have enough problems, you know, getting people to be willing to share their data and now you add another layer of liability for them if they screw up and click the wrong box for consent and the patient sees them or whatever ensues after that. So, it is more than just pure cost to administer.
The other thing that I had mentioned before was about the physician not really necessarily having as much confidence in the system if things aren't really going to be there to -- they aren't really sure what is there and what is not and, you know, what they are accustomed to seeing, et cetera. So, there are some issues with that. It also impacts the work flow of the physician, I think. So, you have to really consider that because if they don't adopt it, we don't achieve anything at the end of the day.
MR. ROTHSTEIN: I have two quick questions for you, Joy, as well. On Vicky's slides she has got third from the last a litany of horrors that would ensue if restrictions were placed on this and my question is have you found any evidence in your research of these things in any of the other countries that you studied?
MS. PRITTS: Well, I would start by saying that their focus is -- they are faced with many of the same issues. Let's start with that. All right? Because they do want to use the health information for secondary purposes. I have seen lengthy discussions on where they are going to reach the appropriate balance. In, for example, the issue about patient care was debated at length in England and continues to be debated and there are issues that were raised there are the exact same issues that are raised here. It is just that their philosophy is somewhat different. It is kind of interesting because here is a health care system that takes care -- I mean, they pay for all the treatment. So, in that sense you might consider it to be patronizing, but when it comes to letting the patient actually make the decisions, it is not at all. It assumes that for most patients they will not only make decisions about what care is appropriate for themselves, but what health information sharing is.
They are very upfront with all their literature that this could have an impact on patient care, but believe that it is important enough that where they have drawn the balance is to give the patient the right to consent. With research it is clear that that is an area that is of great concern to everybody, primarily because of health care costs. They have a -- there is a very detailed discussion in the Canadian Privacy and Security Architecture Document of where they are going to draw the line, where they will allow masking to occur in order for that information to be available for research purposes.
What they are trying to do is a line where the information is someplace. It is not necessarily visible to everybody, but it is available in an anonymized basis. They are underlying. It is kind of lurking there.
The costs I haven't looked at at all. The cost of these systems is enormous, as I know you have heard from people who have spoken about this and they have just built it in as the cost of doing business. They haven't identified the consent as something that is an additional cost to them. They just say this is how we are going to do it and that we are building it in up front, which I know is much easier than going back and retrofitting.
The ability to use - it is just problematic with an EHR system because most of the data in all these countries in paper format right now. So, the benefit of masking versus withholding the data is that when you mask the data and it is in the system, you can go back and use it. If you withhold the data and it is never put into the system to begin with, you lose that capacity.
MR. ROTHSTEIN: Last question for Vicky. Then we are going to -- I promised staff a chance to go on a second round. Then we will take other --
I assume that you have got --
DR. TANG: Mark, this is on this particular point.
MR. ROTHSTEIN: Sure, Paul.
DR. TANG: So, it is just a quick comment. So, in the U.K., one, they haven't implemented it yet. That is an important difference, whereas, INPC has. The other really important from a cost point of view is the U.K. is a centralized database. So, they control all of it versus having to -- literally, where you have to control all of the EHR systems in the country in order to preserve -- in order to implement what they have done.
MS. PRITTS: It is a centralized database and not. As it turns out, I mean, it is always promoted and when you read about it, it says it is a centralized database. The summary care record is on one central database. There are also what they call detailed care records, which are held at the local level, which have additional information in them and which also have a whole series of issues addressing patient control over those records as well. So, there is some discussion now over how much of that information is going to flow up.
DR. TANG: So, the policy that you talked about was conceived for the central database, they haven't talked about with the details of their record yet?
MS. PRITTS: I know it seems like it is backwards, but that is accurate. It has not been discussed in nearly as much detail as the summary care record.
MR. ROTHSTEIN: Very brief question. I assumed that in your network, you have got some providers who provide substance abuse treatment and also psychotherapy treatment for which separate health records need to be maintained and a granular access opportunity. So, how have you managed to comply with those legal requirements?
MS. PRESCOTT: Well, we definitely comply with the law. I have to say that here. But under psychotherapy notes of HIPAA we -- the physician is required, the psychologist, whoever, is required to keep those physically separate and I am not aware of any being put into the system and specifically actually in the INPC agreement, we say you will not be sending us the psychotherapy notes. So, that is automatically not included and the same with substance abuse. What is really troubling with -- Joy has heard me say this before, is that there are some facilities that are dual use. I mean, they do substance abuse, but they also do lots of other different types of care and because of the part 2 problems, not problems, but, you know, my view is it is a problem because we can't get the data. I mean, we can't get legitimate data because we -- same facility that also does substance abuse. So, I will put a plug in for that.
MS. WATTENBERG: So, you have these substance abuse treatment facilities and you are telling them they can't deposit their records with you. They can't participate in the system even if the client wants to and gives consent?
MS. PRESCOTT: We don't receive that data from those facilities. We have no way to --
MS. WATTENBERG: [Comment off microphone.]
MS. PRESCOTT: It is also in the agreement actually that we are discouraging anyone from sending us those because we don't have ways to -- now, if their system would filter it before we receive it, but still with Part 2 it is not just a simple consent and you are done. You could do whatever you want with it and you could do treatment and research. I mean, there are some major issues with how far that consent goes, how downstream you have to reconsent. There is actually language you have to include, et cetera. So, that is why we just don't even want to touch it at this point in time.
Now, if there is a client of our clinical messaging system, we have to deliver their patient's transcribed report to the physician, but that is all we do with it. We just totally block the whole facility. We just don't include it in the data sharing INPC portion of what we do. But they could potentially be a clinical messaging client for us to deliver the stuff to the doctor.
MS. WATTENBERG: If there were in HL7 a consent standard, would that help?
MS. PRESCOTT: I guess there would have to be a SAMHSA sanctioned, you know, ability to do that and I would love to see it if they could somehow parse the substance abuse records from other records at the same facility. That would really be helpful.
MS. WATTENBERG: Yes, I mean, we are working on that. So, I am just curious from your point of view if that would help solve your problems.
MS. PRESCOTT: I think we would have to probably have longer discussions about data elements and how it would be implemented in things, but that would definitely be welcome.
MS. WATTENBERG: Okay.
MS. BERNSTEIN: That leads me to want to ask another question, which is in any of the European countries do they have sort of specialty sensitive record logs that are not part of the data record or like the psychotherapy notes?
MS. PRITTS: As a general rule, all health information is treated the same. That means -- and that goes hand in hand with and the patient has the right to control all health information. So, it is the patient who decides, along with their physician in those cases, I mean, that is highly, highly encouraged what information if any they will withhold.
I wanted to go back and address this last part. In many states, it would be difficult for a patient to avoid fraud and abuse detection because the information that goes through the pharmacist automatically is going to a central reporting database as to the prescriptions that that individual has. So, in many states there is a central database that collects the prescription data on all patients for your kind of suspect medications. An individual could not, even if they wanted to, avoid that detection because it is not done with any control authorization from the patient. It just happens.
MR. ROTHSTEIN: Gail, are you still with us?
MS. HORLICK: The last hour or so it has been a little hard to follow. There was a lot of static. So, I was mostly listening to the Internet. I think I have gotten the gist of it and I will participate in the discussion, but I don't have a specific question.
MR. ROTHSTEIN: Okay. Thank you.
Other questions? Sue?
MS. MC ANDREW: I was just interested in the data silos that you are maintaining on behalf of each of the providers and what happens in the actual data exchange? I am assuming that this is the data that they have agreed to share and that each system is nonetheless maintaining their own system. So, if a doctor, who has had a patient put into the hospital and the patient has been released and then he back in his private practice wants access to that record, he can query the system and -- does he replicate that then in his own database? I mean, do you wind up having the system -- the same information repeated over and over again within the system because somebody has access to it and has stored it independently or is this kind of a view and not sure method?
MS. PRESCOTT: It depends on the physician. For instance, our clinical messaging system allows a variety of ways to receive lab results for a patient. You can receive it by fax, which unfortunately 10 percent do. Most of them will actually log on to our web site and they can print those out or copy and paste, whatever, and then there is the few that have a true EMR that can receive HL7 seeds. So, we will actually generate an HL7 and it will go into their EMR system. But that lab would have only been generated once and go in. Now, as far as a direct download of HL7 from INPC, that does not occur. It is kept in the way it is displayed here and that data is logged on -- the user would log on to view the information. They can print it out, et cetera. We are the EMR for some particular hospitals, but in general, no, it is not just downloaded into another system.
MS. MC ANDREW: So, in order to recreate the information that was available for that episode of care, how would that be done if they don't download and store the information on their own system?
MS. PRESCOTT: They can either print it out, they can only have access to view it for that period of time and if there is some kind of for instance a dispute or a patient sues them for malpractice, we can generate the record for them that was viewed at that particular time. But it would be nice to be able to have integrated, interoperable systems. I totally agree with you that is not duplicated, but we are not there yet.
MR. ROTHSTEIN: Harry, are you with us now? Do you have any questions, Harry? Did you get a chance to hear much of the --
MR. REYNOLDS: I will just wait for general discussion. Thank you.
MR. ROTHSTEIN: Okay. Thank you.
Any other questions? Maya?
MS. BERNSTEIN: I am wondering, Ms. Prescott, you were talking earlier about when you gave your initial remarks, you talked about what happened before. So, I understand it, Regenstrief was created with grant money in 1996. Did I remember that right?
MS. PRESCOTT: INPC.
MS. BERNSTEIN: Regenstrief has been around longer than that.
MS. PRESCOTT: Yes, over 30 years.
MS. BERNSTEIN: So, before HIPAA, presumably -- well, I guess I could ask, under Indiana law were you constrained to have consent that -- you were required to collect --
MS. PRESCOTT: The hospitals were.
MS. BERNSTEIN: What the experience was at that time that you had to do that, you had to do business by using consent and how has that -- it has been removed, but what was the experience at that time, if you know, given that is what we are talking about for the e-consents and how would patients -- I guess you could have an all or nothing consent.
MS. PRESCOTT: It wasn't all or nothing --
MS. BERNSTEIN: -- patients were asked to sign a consent, they could sign a more specific consent or not.
MS. PRESCOTT: No, it was just one -- it was actually in our original INPC agreement, the actual -- as an exhibit, the actual language that they needed to give on the form, the hospital needed to give on the form to the patient. So, everybody had to use the same form and it was an all or nothing -- sorry?
MS. BERNSTEIN: That was dictated by INPC.
MS. PRESCOTT: By the group, yes.
MS. BERNSTEIN: If I am a patient and I scratch out, mark at the margins, you know --
MS. PRESCOTT: Then we can't process that. Exactly.
MS. BERNSTEIN: Thanks.
MR. ROTHSTEIN: Thank you both very much. It was very informative and stimulating as always.
We have no public testimony. We have members of the public, but we don't have public testimony at this time. What I would like to do is dispense with our break -- we will take a ten minute break and then let me suggest what we are going to do. I want to take up the issue of where we go from here with the information that we heard today at the hearing. Do we need additional hearings? Do we need more witnesses? Do we want to think about action items? Do we want to --
MS. PRITTS: I have to leave, but can I throw something on the table before I go?
MR. ROTHSTEIN: Please.
MS. PRITTS: I think you are all familiar with the AHRQ funded 34 state survey on privacy and security practices and policies, which is now winding up and I think that it may be useful for you to hear as a practical matter what the states and providers have been doing with respect to consent, regardless of what HIPAA requires.
I found it very interesting -- the results of the study have not been released yet, but they are coming out next week. So, they are something you may be interested in.
MR. ROTHSTEIN: We are now on a ten minute break and we will resume then.
[Brief recess.]
Agenda Item: Subcommittee Discussion
MR. ROTHSTEIN: We are back after our ten minute break and the question for discussion is what now. I want to thank Maya for putting together a great day's hearing. I thought all the witnesses were really good. Usually we have a few, well, that are not -- yes, who are disappointing. But I thought all of the witnesses were very good. So, now the question is what do we do? Do we want to -- we have several options and so --
MR. HOUSTON: Can I make a suggestion?
MR. ROTHSTEIN: Yes.
MR. HOUSTON: Rather than what do we do, maybe the better question to ask is can we draw any conclusions that weren't us making a recommendation?
MR. ROTHSTEIN: Oh, well, yes, that is part of it. I mean, did we hear anything today that we think would form the basis of an appropriate recommendation to the Secretary? I mean, if so, then we can think about what that might be.
Another thing is did we hear anything today that sparked our interest to learn more and are there people that we need to hear from, et cetera?
MR. HOUSTON: To that, I would say personally that in Joy's presentation was very helpful and I think Paul agreed with that and some of what they found. What I also think as you and I discussed at break briefly that this multi-state analysis now that it is coming to a close, if there is any information that can be gleaned from that work, that it would be nice in an extended fashion not just for an hour or two because if we really had enough time to really get a sense of things, if we can engage them maybe for half a day even to really sit down with us and describe what they surmised from this activity, this multi-state activity and, again, I think there are probably three or four topics we would be interested in trying to query them on. But we really need a fair amount of time, I would think, to do that if we can find the right people to come in.
MR. ROTHSTEIN: I think that is certainly true and we would want to talk to the folks at AHRQ who are supervising the project, although my impression is and I could be wrong, that most of the states did not address the kinds of issues that we talked about today. I mean, they dealt with other things, which we may want to consider. But I would be surprised if what they dealt with affected our topic for today.
Sue, do you --
MS. MC ANDREW: I think probably consent or an opt in, opt out may have come closest to an overlap. I mean, it is -- you know, they must have at least done the surveying in terms of the particular state laws on specialized sensitive data and what is there. My sense from looking at some of the preliminary reports is that at least with regard to their laws on sensitive data that they really weren't looking that closely for solutions because they didn't -- they liked their laws and they wanted to keep them. So, they weren't looking for a way of harmonizing them out of existence. I don't think anyone there was recommending rolling back to the HIPAA floor.
MR. ROTHSTEIN: Harry, are you with us?
MR. REYNOLDS: Yes, I am.
MR. ROTHSTEIN: I would like to ask you, you were one of the movers behind today's hearing and ask you whether this hearing sort of was what you had in mind and what your impressions were.
MR. REYNOLDS: I think it was actually one of the better hearings that I have been in period. What I really liked is I thought that there was a good mix of -- there was a good mix of the concerns that we heard, but it probably had a more pragmatic slant to it that allowed you to start maybe seeing a way that this could actually work, rather than a lot of what we have heard in the past have been issues that almost appeared insurmountable at times, but I think when we started talking about, you know, what a record might look like and the fact that whether that could be the base and then you could -- even that base minus some of the things we were worried about, psychiatric and other things, that wouldn't have to necessarily be in there.
It starts to look a little more pragmatic that we can draw something up and at least have a good honorable debate on how it could play itself out, rather than just seeing all the reasons that it can't and won't. So, I thought it was great. I have actually changed my thinking. Paul mentioned that earlier. I have actually changed my thinking on some of this. I think it is a lot less scary to me now as to how we would make something -- maybe make some recommendations that could actually happen because I think for a reason that we really keep pushing on this is left to the speed that people are already doing things.
A lot of what we talk about today is going to get run right past and there is no way to come back and pick it up and make it right later, I don't see. So, Mark, thank you. Maya, thank you. Absolutely brilliant process. I was very pleased with everything.
MR. ROTHSTEIN: Harry, let me follow up on this and ask you do you think it is appropriate as a result of what we heard today to be thinking in terms of recommendations to the Secretary?
MR. REYNOLDS: I think today, well, at least for me, today, gave me a basis for us to get together whether we have some others in the room or get together and actually then go ahead and do the working session on what we believe out of what we heard today because, you know, taking what we heard today and starting a bit, we haven't really talked about it. I feel much better and I start to see a structure and a process that we could talk about and I think there is more of a synergy than some of the things that we had to put in some of the recommendations before. But that is looking only through my eyes right now. I haven't necessarily heard everybody else on the committee. You know, they may not agree with anything I am saying right now, but I feel dramatically different as far us making a difference going forward than I have, but, no, I don't feel like starting to write a letter right now is the right thing. So, that is my thought.
DR. FRANCIS: I got a sense -- this is Leslie -- I really want to second what you just said because I have got a sense that we had a consensus on a core of information that actually in most respects does not implicate, although I want to really follow-up on that some of the kinds of sensitive information that we started out looking at.
So, I got the sense that we were pretty well getting close on the idea that, for example, information about allergies, information about current medication utilization, that is the one that is the hardest. But the question for me to look at would be to see whether that consensus around something like a skeletal continuity of care or continuity of care document, record, whatever you -- whichever version of that, I would want us to have a really hard look at that to see if there are sensitive information issues that are raised by that because -- but it seemed to me that was looking like a kind of consensus that we could use as a recommendation for how to build an architecture that had some kind of automatically available information, but thereby genuinely furthering the good patient care objective, but at the same time doesn't get you close to the questions about, for example, a diagnosis of mental illness, which people thought was not necessary. Not the emergency room physician, the primary care physicians, they didn't think that diagnosis was necessary. The substance abuse people and the psychiatrists both thought it was very important not to have that there. So, I think we ought to try to get a sense on what the actual contours of what I really was beginning to think looked like agreement or pretty close to it because if a recommendation on that could be built into an architecture, there is actually a way to stop what could be a train to something that creates a very nasty opt in, opt out, you are with us or you are against us kind of electronic health record system.
MR. REYNOLDS: Mark, I think if we had a good debate around the core, the core is also something you could easily explain to people showing them also that some of these fringe situations and I am only using fringe as the fact that they would not be part of the core, are going to be more and more difficult to include in every discussion with everyone as to what data would be available, wouldn't be available and so on.
DR. FRANCIS: Nobody suggested that --
MR. REYNOLDS: I am just simplifying but I am just drawing -- I am trying to play off that same comment Leslie made.
DR. FRANCIS: There is a lot of -- I think we should also be looking at whether there are special categories of sensitive information, but part of what interested me was that most of what I was hearing about the core, this is what I would really want to have a hard look at, the corety(?) way of what treating physicians wanted to get access to quickly was not the kind of sensitive information.
MR. ROTHSTEIN: I have two comments. One, I agree with both of your comments. We had a hearing -- and, Leslie, this obviously predates you -- in Chicago, when we were going through this and heard from many of the medical specialty colleges and at that time, there was pretty widespread reluctance, not just from the ER docs, but from docs period, to contemplate a system in which they didn't get all the stuff, all the time.
I really sense a change in that and a willingness to recognize that maybe they don't need all the stuff all the time and maybe for public health and other reasons they really ought not to get all the stuff all the time. So, I am very pleased about that and the prospect of coming up with some sort of way for all of us to be satisfied that the clinical needs and the other needs are met.
The only thing that gives me pause and it is not a showstopper for me, but I just want to raise it, and that is the business models for many of these health information exchanges that are springing up are based on their ability to deidentify and sell total records. I mean, that is what is --
MS. BERNSTEIN: Not all of them.
MR. ROTHSTEIN: No, I said a fair number and the figures that we have been given by ONC are -- mentioned at our last full committee meeting. So, I don't know whether that is true or not. Maybe that is just a guess, but if in fact that is true, then there is going to be a lot of pushback on the concept that we are sort of floating around here, that, you know, these central repositories don't need everything when their financial model, at least for some of them is based on having everything and then deidentifying it and selling it to, you know, BioTech or Pharma or whoever.
MS. BERNSTEIN: What I heard today was not maybe quite that positive about the core group of elements. I mean, I heard there is a standard that has 17 elements. Some people are using that. Some people think it can be less, but what I think I remember Dr. Keaton saying was that would be better than what we have now. But I didn't hear him say that would be okay and satisfactory.
MR. ROTHSTEIN: He said that that would take care of 99 percent of the cases.
MS. BERNSTEIN: Okay.
DR. TANG: Can I piggyback on that when I am next?
MR. ROTHSTEIN: You are next.
DR. TANG: This is Paul. I would like to concur with what Maya just said. First of all, the 99 percent you heard came from the ER doc and that is just like you explained before. We heard from the specialists and they would like to have a more complete record. The ER physician and perhaps the family physician, especially the ER doc was willing to settle with we might call the summary record in the U.K. I would agree with that in terms of what is useful to their episodic care.
But for a broader coordination of care, as you know, chronic disease management and coordination of care are probably some of the top priorities for health care and just having the summary care record would not serve those needs the way it is envisioned in terms of what we should be doing in crisis management and coordination of care. I just want to echo sort of what -- let's not get -- change our direction based on one or two testimonies.
MR. REYNOLDS: Mark, this is Harry. I agree with Paul. The only reason I was talking about starting at a core, if you start at the whole record, we have already been there and pragmatically you have a hard time moving forward, if you start at the core and then build on it, understand what really it does or doesn't make a difference and, you know, where it really gets untenable and I agree with Mark's comments on the RHIOs. They started where we are going to get all the information then and use it as we see -- you know, deidentify and so on. So, that is everything. We are now talking about a core. I would feel much more comfortable building -- at least having an honorable discussion from the core up because the discussions when you take all of it into consideration. It just brings too many complications in to every discussion and you basically have a very difficult time moving forward at all, other than having a general discussion.
DR. TANG: I agree with you, Harry, on that. In fact, that is mirroring the experience in the U.K. So, they are starting with their summary care record and as you heard from Joy haven't really even touched the, quote, detailed care records. That does seem like a logical way to proceed.
DR. FRANCIS: As I understood it, there are different questions about what gets in in some way with linkages and what different people can get. I think one consensus was limitations on who can get anything. Another consensus was on when you don't have the opportunities for consent what you would sort of get in a quick pull up, for example, in an emergency room.
Now, I thought another consensus was that there should be some more stuff available maybe with very, very -- well, it is the break the glass model, when there is kind of a strong need to know justification for patient safety from somebody who is directly involved in the patient's care. I am just trying to think of what some of the things were that it seemed to me that there is some consensus ought be built in from the beginning.
I guess what I would like us to do is to think really seriously about what now are some architectural things that need to be -- whatever gets built, it has got to get built this way as it is getting built because if it doesn't -- if things don't get put in on the ground floor, it is going to be almost impossible to get them changed.
MR. ROTHSTEIN: I have a question that I don't know if anybody on -- you know, at the hearing or on the phone can answer this and that is whether any of the currently available sort of off the shelf systems have a way of automatically generating and updating the CCR. In other words, I mean, it is not static. It has to keep changing. So, how does that -- do we have the ability now so that when I get a new diagnosis , a new prescription, a new allergy or something, that it is automatically updated somehow. Is that available anywhere?
MS. BERNSTEIN: Somebody talked about updating clinical lists when you have a change that affects anyone of the clinical lists that that needs to be updated.
DR. FRANCIS: I thought something that was pretty unsatisfactorily answered actually that I got a sense that people just haven't thought about it very much is not only how you update but also how you correct and how you -- if misinformation goes out or partial information goes out, how you trace and fix that. I don't know if that is something we can tackle, but it is clearly a huge set of issues.
MR. ROTHSTEIN: It tackled us is more accurate.
MS. BERNSTEIN: I wrote a note earlier about --
MR. ROTHSTEIN: Harry, let me go back to your suggestion on next steps. So, it is your view that we ought to just sort of keep this information on file and revisit it at some point, but not go forward and try to develop a recommendation right now?
MR. REYNOLDS: No, I am saying you need to build it out further right now, just not turn it in -- in other words, everything that Leslie said, Paul said and I recommended and I think maybe Maya said, begs that we still need to sit down and say, okay, now let's try to talk about this thing from this core idea up and where does it come apart and where are the clear demarcations. So, for example, I think it was you that made a little bit ago, where there would be something that you could get if you would add -- if somebody is doing patient care, you could get it, but you couldn't use it for secondary use in that core record.
So, Mark, I would be more into us setting up a hearing and whether we would have somebody, you know, in other words, for example, if you took some of the presenters we had today and had them in a room with us for a day as part of a hearing and we basically, philosophically built this business type architecture, not a systems architecture that Leslie is mentioning. We took our time to do that because the problem is this is not being adjudicated anywhere else in this fashion. That is what I think the industry and everybody is crying for is to have somebody be willing to adjudicate it. How would it and will it work and what does that mean? Where do you really kind of fall off the cliff and say, you know, here is your stopping point? That is just my feeling.
MR. ROTHSTEIN: My question, Harry, is or my concern is that even if I agree with you in a general sense is the level of specificity that would be required beyond the sort of expertise and mission of the committee and is it more in, you know, what the Secretary should be doing based on our kind of more of a sort of framework of recommendations.
Let me explain. I interpreted what Harry said to be a suggestion that we have another meeting, get in a bunch of experts and kind of hammer out what exactly this thing would look like, this core set. Maybe I am representing. So, you can correct when I am done. All that I am saying is maybe that is not our province and we should just make a more general recommendation.
MR. HOUSTON: I think we need to be fairly specific. I don't think we need to go into a ten page treatise on this. But I think right now people are really looking for guidance on this particular issue. I think there is a whole group of issues that people are looking for guidance on. You know, as I said, I am a little afraid to keep punting things, even if we provide a general recommendation and expect the Secretary to walk away and do something because I just think that there is just -- we might as well tackle it because it is going to come up.
DR. FRANCIS: I came into this thinking that I was going to be convinced that the way to go was to recommend a limited set of types of information that should be essentially opted out so that what we were going to try to do for example was figure out how to deal specifically with the problem of mental health records in primary care physicians offices and/or that what we were going to try to do was get a subset of types of information like how many pregnancies in OB/GYNs offices that were just kind of automatic opt out, regardless of what the patient said or got some kind of special protection in the way that on substance abuse and psychotherapy notes do. I first thought the concept of this hearing was going to be -- we were going to try to figure out how to broaden that out.
I am not sure but the way I am rethinking this is that it is much better to start with a -- it may not be the full list, but a very limited list of information that somebody might get in the emergency room when they dial it up because I became pretty -- I thought what I heard anyway was that it is really not very easy to figure out how to disaggregate the psychotherapy equivalent notes from the primary care physicians or to make the list of the OB/GYNs and that both of the primary care physicians thought the only way to go if we were going to go that way, which is something we could look at, is patient consent on everything.
MR. ROTHSTEIN: My view is that doing the CCR is not the only thing that we need to do. It is a necessary but not sufficient response to this. When I go to my internist and my internist wants to refer me to a cardiologist or a neurologist or some other specialist, I want the specialist to get more than just a CCR. I want the specialist to get a bunch of stuff but I might not want the specialist to get a few of the sensitive things that are in my --
DR. FRANCIS: What I was thinking of actually is that there is the sort of automatic goal and then the rest of it is negotiated on a consent basis or the emergency break the glass.
MR. HOUSTON: By the way, I am not arguing that we -- I am not saying that we need to develop the CCR. That wasn't my -- but I think that -- I guess my thought was is we need to in some way either develop a process, a very clear process by which we can get to how we handle access to a variety of types of data or come to conclusions about how to provide various types of data or we need to make some high level recommendations, use cases almost, where certain types of data have to made available. I will give you an example as you -- you know, I think there is a very compelling case about what data availability in an emergency room, which is something frankly we haven't talked about and I think it is very clear from simply the testimony today and I know other physicians, who I have talked to in an emergency room environment as to the compelling need for data. Now, I think there are some bounds on what even he said they need, but I think there is a bright level concept, a bright level, you know, idea that, you know, you have to be very deferential to emergency room doctors and their need for quick access to a lot of data, lest we, you know, we make -- they are unable to treat these patients, especially those who are unable to speak for themselves and we might even say that, you know, that is even a special use case is that when a patient is unconscious, the patient would have approved of -- you know, because he is unable to speak for himself and those are the types of things I think we can weigh in on and I think they are recommendations that need to be made.
Now, there are obviously other cases where it is not such a compelling need and maybe we set up the criteria for evaluating what type of data that is provided based upon -- but we still need to do something.
MS. BERNSTEIN: Can I just jump in just for a minute? I had a little side conversation with Simon earlier today, sort of about this, and I am not following the issue, but it seemed to me that there is apparently a standard out there that is in use, at least in part, that has 17 categories or whatever we heard, that is in use by at least part of the community. I am not following this issue. So, I am really not familiar with it, but Simon sort of whispered to me that there is some political hot potato related to this that I need to know what it is. I am concerned that we jump into this issue without knowing whether there are standards groups already working on it.
Somebody who is sitting on the standards and security group, I don't think it has been taken up there, but there may be some other group working on this. So, people are looking at it confused, but I would like to know if the Department has already said something, whatever. I don't know that anyone knows. I don't know. So, I am feeling uncomfortable a little bit going down this path without having more full --
MS. MC ANDREW: I don't profess to actually know that I don't follow all the certification, except to the extent that -- I mean, through the AHEC process, they have been certifying standards and products and I thought that this continuous care record, whatever nomenclature you want to use for it, was one of the things that they had actually pushed through.
MS. WATTENBERG: There was a new second round of THIT that is going through an approval process. One of them is our standard -- and she is saying that one of the other ones that was accepted for review for standardization this year is the CCR. I know some workgroup is doing -- but I don't know which one.
MR. HOUSTON: Let me say this. One of the concerns that I have here is that, you know, there is a -- without this type of even more general information about specific use cases like the emergency environment. My fear is there is going to be a gut reaction that -- there are going to be recommendations that are going to be made at some point that they are going to severely restrict the ability of emergency room personnel doctors to get at information and that concerns me.
MS. BERNSTEIN: I doubt that is going to be -- I mean, I just --
MR. HOUSTON: There is too much already I think that I hear out there about, you know, the opt ins or
the --
MS. BERNSTEIN: I am on vacation. I get into an accident. I end up in the ER. I mean, everybody uses that as an example. So, I think it is in the sort of foreprint of those kinds of things that might be exceptions to any of the rules that you are talking about.
MR. HOUSTON: I don't think it is an exception. I think it is a great example of the fact that we need to make sure that in these compelling critical cases, whether it be ED or maybe there might be other ones, where we just need to make sure that there are a set of rules that need to apply.
MS. BERNSTEIN: I don't think you meant to say "ED."
MR. HOUSTON: Emergency department.
MR. REYNOLDS: I am concerned that people are misreading what I have been saying and that is not where I am going. I am not interesting in picking a standard. I am interested in using a data set that we now at least understand it. So, whether it is from one standard or another standard or what it is, you have got somebody that looked at this whole stack of information and I have been through the CCR and it is a tough read. It has got all the information you could imagine, but if it is not down to a base set that looks like something -- if you just use the data that is in there for this discussion, forget -- I don't even care if you ever say CCR again, but the point is we need to come up with a feeling as to whether there are degrees of data, which I think we may be getting closer to and what would be the rules and regulations and everything else that we would want around is what I am talking about.
I am in no way -- I understand the standards and I understand the standards committee. I am not interested in comparing the privacy committee and the standards committee, but if the privacy committee doesn't have something concrete to have a real discussion, then it remains at theory and it remains at the whole record and it remains at where everybody is having the problem, which is we are not able to move forward. I mean, the industry, not us.
MR. ROTHSTEIN: Harry, I am in total agreement with you. I think what I would like to see us do if it comes to a recommendation is to endorse some content and I think you and I are saying the same thing.
MS. BERNSTEIN: To that end, one of the questions I have been thinking about at this hearing, we heard from a lot of doctors today and I am wondering if there is anyone that you didn't hear from that you want to hear from on this topic. We didn't hear, for example, from the VA. There were groups that came up in the conversation when we were setting up this hearing that we didn't get here at the table today. I am glad everyone is pleased with who we did get, but it certainly is not the whole, you know, field of possible opinions or experiences, if we can call it that. So, I am wondering if you think or I am asking the committee, the subcommittee, to think about who else you would like to hear from or was there a hole in the testimony that you would like to fill at another hearing or in some other way.
DR. FRANCIS: Well, here is -- I am not saying I would want to do this, but here is a possibility that I thought we talked about. If we wanted to think about let's just say mental health record and how you broaden protection for mental health records beyond the current psychotherapy and substance abuse exemptions. We didn't hear from any patient groups on that point.
MS. WATTENBERG: Well, we did hear from Ms. Floyd.
DR. FRANCIS: Oh, I guess that is right. Yes.
MS. BERNSTEIN: She runs a clinical center, but she --
DR. FRANCIS: I guess I took her to be on the treatment side. I wasn't sure about that.
MS. BERNSTEIN: She is a strong advocate. She is a social worker and she is running a clinical center.
DR. FRANCIS: I don't know whether we want to do that or not.
MS. WATTENBERG: I guess my question is what are they going to tell us that we don't already know.
DR. FRANCIS: I was just saying as a model of what we didn't hear from that and there, of course, two reasons for wanting to hear from such groups. One is that we think we would learn a lot or learn something we need to know and another is that get buy-ins.
MR. HOUSTON: Well, the buy-in aura adds credibility to a letter that you would provide.
MS. BERNSTEIN: It is worth it to get them on the record in part.
MS. WATTENBERG: If you go back over the past couple of years, haven't we already heard -- I mean, is the idea that for each letter we send we are going to rebring back all the same people to testify more specifically on something or what? Because I think that is part of it. We have heard -- not you particularly, but --
MS. BERNSTEIN: I think that is up to the subcommittee if they want to be refreshed, but we can certainly go back and analyze the testimony that we have heard. For each time in my experience and this is only the last year and a half years, the subcommittee has picked a particular topic that resonates with them and leaves aside other ones that maybe -- could be taken up later. So, we did, for example, I don't know, when I was first on board hear from several patient advocates of various -- and, you know, maybe some of their testimony has been worked into things that we -- things that the subcommittee has already recommended, but maybe we can go back and look with the current question in mind and see what is there to reap some benefit from, again, without having to come back to it, without having to haul them in again and hear from them again if they are going to give similar testimony.
DR. FRANCIS: I would be happy with going back and have people go back through the record or somebody telling me where to go back through the record.
MR. ROTHSTEIN: We can guess as to what these people would say if they came in and testified, but, nevertheless, we have never asked them to address this specific issue, I don't think. For example, whether substance abuse in the nation in the record of primary care physicians should be entitled to some heightened degree of protection, whether mental health information in the primary care physician should be typically treated and so on and so forth. I don't know that we have asked them that.
DR. FRANCIS: Whether information about medication should be viewed differently from information about diagnosis, social history and so on because I -- one of the big take-aways that I got here was that the most important information to have in the ready to hand for somebody is some way to screen for medication interactions and allergies, but somebody is allergic to ragweed or penicillin, I haven't heard people suggest particularly sensitive information.
MS. BERNSTEIN: So, it is life threatening if
you --
DR. FRANCIS: But it is not sensitive information. So, it is not information that people have suggested we could have down there.
MR. HOUSTON: There is a side issue to this, too, and I am not sure how to say this, but I think one based on what you just said, Mark, I think we have to be concerned about is with the advent of these pair based medical records that are largely built based upon diagnosis and what other type of -- what is it when a pair based record is -- the claim is all -- claims based data is typically or -- my concern is what we are hearing is is that diagnosis isn't important and may in itself have a level of sensitivity that causes issue and there is an incredible increase in popularity or at least creation of these claims based records going out there. They are sort of becoming in vogue in some ways. Is that a side issue that needs also to be discussed? Maybe it is in a different letter, but I just thought about that and it does seem to be -- there seems to be a conflict here that we maybe need to be concerned with.
MR. ROTHSTEIN: This is an interesting discussion. It raises a sort of a philosophical question for the committee and that is --
MS. MC ANDREW: It does seem to me, having gone through many years ago 52,000 comments -- it seems to me at the end of the day the problem that you are going to be confronted with as we go down this road is there are the usual suspects of what is the data. You can screen that from the variety of state laws that are out there addressing it. But at the end of the day, it may all come down to what the individual -- what are you going to do with the stuff that the individual themselves feels is sensitive. It is a very particular issue for them.
That practically destroyed any attempt to categorize what it is you are going to give special treatment to. That is what we foundered on when we were originally designing the privacy rule and came back to the one size fits all. Specialty people go have at it at your more local venues.
The only reason -- it is kind of an interesting conversation -- the only reason we really don't separately with psychotherapy notes had nothing to do with treatment. It had everything to do with payment and the compromises that we were willing to draw between the mental health providers and the payers in the battle over what information was necessary to go to the payer to support these claims. That is how we designed the definition of what is a psychotherapy note because we considered that actually to be irrelevant for most treatment purposes, other than what the psychotherapists themselves were personally delivering.
MR. ROTHSTEIN: Because the payer is going to get the diagnosis.
MS. MC ANDREW: Is going to get the medication.
MR. ROTHSTEIN: And doesn't need to know what in somebody's childhood could cause the --
MS. MC ANDREW: It is easy to keep it out of the record as a whole. It was just kind of interesting trying to visualize the psychotherapy note treatment -- I mean, protections in a treatment setting.
MS. BERNSTEIN: It gives the psychotherapist some more control but the practice is to require in many cases to require a treatment, so called treatment plan. It gives the practice nurse some control over how much data they are going to give up. But they still have to give more information than just diagnosis.
I was going to give one more example of what Sue was talking about. One of the groups that I was trying to get here, which we had a scheduling conflict so we could not get someone to talk from the domestic abuse advocacy community and the reason that I wanted to bring them here, they generally don't care so much about the content of the medical record itself, which is what we have been talking about, what they care about is location. Pretty much all they care about is being able to locate the patient. So, if you know that a patient showed up at a particular clinic at a particular time or their home address or other kinds of things about their location that are in the system, for example, if the system is expanded to make appointments for patients and law enforcement or other entities, it doesn't really matter who, can get into that system and know the patient is going to show up a particular time for an appointment, say, that is a great gain for the people who are victims of domestic abuse because abusers come in all forms, doctors, you know, policemen and so forth.
So, it was a different kind of facet of the kind of what counts as sensitive that we have been talking about and even though it is another specific category, which everybody has their own version of what is sensitive, it was a category we don't normally think of as sensitive in the same way. So, I wanted to have somebody come and talk about that.
MR. ROTHSTEIN: I think it was sensitive.
No, the philosophical question that I was raising earlier was what is the purpose of our witnesses. Do we get witnesses to persuade us and make the case or provide the evidence base for our recommendation or do we get the witnesses and provide the evidence base for the Secretary's ultimate decision. I don't know. It could be both, I suppose, but there are provisions for the Secretary to get his own evidence and methods --
MR. HOUSTON: We have to try real hard to try to come up with what we believe are sound reasons, recommendations that don't necessarily require that additional -- I understand there are going to be a lot of cases where still additional work needs to be done, but I guess I just hope that we can do as much as we can so that it doesn't have to.
Part of our role here, too, is to try to listen to what we hear and use our judgment and our experience, our collective experiences to come up with what we think are sound recommendations. I don't think we necessarily need to have the nth degree of testimony, but I think we have to be comfortable that our experience and testimony make reasoned recommendations.
MS. BERNSTEIN: Can I ask a question? Paul, are you still there?
MS. WATTENBERG: One of the things, you may want to wait until the HCPC paper comes out because one of the issues that always crops up to undermine any idea or suggestion or recommendation is this whole thing of how does relate to the inconsistency of state law. One of the big issues for that group was, you know, sharing across state boundaries when you are neighboring states and so forth. If we are going to hear from another group, I am not sure how much you will hear from the HCPC group, but it, I think, would be helpful to hear from them, but coupled with that is the question of how is this relating to what the AHEC privacy and confidentiality group is working on at the moment.
MR. HOUSTON: That is interesting. We have talked about that so much. I think it is a matter of scope that makes what we are doing and what they are doing differently. So, their view of the world -- I mean, I look at this particular topic as being one of those sort of seminal topics that we need to resolve and I am sitting back there as everybody is talking and I am thinking, you know, this almost maybe does become one of those big letters like we did -- I hate to say it, but NHIN letter that we did last summer, maybe this is one of those that has that weight to it and needs to have that amount of effort and maybe is of that size and tenor. It might be a whole range of 20 to 30 recommendations.
MS. WATTENBERG: I mean, the field is waiting for this, whether they are looking for to us or looking to the AHEC we do here, that people are just feeling stymied because they don't know where to go, what to do, what direction to move forward in.
MS. BERNSTEIN: They seem to be moving forward anyway.
MR. HOUSTON: In a vacuum. Regenstrief, interesting enough, Regenstrief is lucky in one sense because they are working on a set of state laws. They are very similar to HIPAA, which say you don't need this additional patient consent. Somebody it sounds like made the decision, whether it be hard or not that, hey, we are just -- that is the model and we are going to go forth and it is going to -- we know that I believe on a national basis (a) that it isn't going to fly both from a public perspective, as well as from a complying with state laws perspective.
DR. FRANCIS: Did I hear her correctly also that the way they have dealt with the psychotherapist notes and the substance abuse notes is that they just don't get records from certain providers altogether, which is not exactly optimal if that provider has prescribed I don't know, you pick whatever psychotropic medication. The patient has had a nasty allergic reaction to it and that is just followed out of the system.
MS. WATTENBERG: It is something I raised at the HCPC meeting where she also was, which is one of the principals really should be that you should not exclude classes of individuals from the electronic health system that you set up based on the ease of the technology to support them.
MR. REYNOLDS: Can I make another comment at some point?
MR. ROTHSTEIN: Please, Harry. We were waiting for you.
MR. REYNOLDS: You had asked something earlier what our charge was. I think it was all the above, plus I think there is one thing that is clearly missing and everybody can list all these groups that are working on certain things, but there is one problem. There is an industry out there that is implementing using no clear structure as a basis. Each one is picking their own and they are deciding what does or doesn't happen.
The second thing that has gone on is we wrote a letter to the Secretary that we all believe and I think others believe is a good framework but it has got limited if any traction. The reason I think it is is there is a little ground there where we didn't go the one step down and really try to look at a pragmatic way to make this work and I am again not picking a standard or anything else. So, we stayed at one level, which is where we really should have been. The others are implementing, which is a scary world to be in and nobody is willing to step into that middle and that is exactly why I don't see under the current structure, I don't see anything actually being created related to privacy in the next two years if somebody doesn't step in that middle group and have at it.
DR. FRANCIS: I think it would be better to have a set of recommendations that aren't perfect than to have none.
MR. REYNOLDS: I am in the same place. I am willing to have the debate if in the end decided by the committee we don't have recommendations, we will know that there may not be any. It won't be that we didn't go after it.
MR. HOUSTON: Let me say this to Harry's first point that he made. I think there is a certain amount of naivete of some of these groups that are moving forward right now or maybe naivete is not the right world, but they are going forward with a certain attitude towards what they believe is right or the way they are implementing things and I think that it doesn't necessarily hold water in a national sense. I think we need to make some -- these recommendations I think have to set hopefully the bright light of the standard of what we think needs to be in place.
MR. ROTHSTEIN: I also think that many of these groups are really operating in good faith but they lack the expertise, the perspective. They haven't thought about a lot of these issues and we have a health information exchange in Louisville that is starting and there are very good people involved in that, who I respect and I think have a lot of integrity and so on and I have tried to stay not involved because I thought there were all sorts of conflicts of interest, but they asked me as they were moving along and they asked me to meet with them and talk about stuff and I raised some issues and, you know, about 14 times in 15 minutes they said, oh, we hadn't thought of that.
Now we need to go back to square one and we didn't realize that that would be a problem or this would be a problem. So, to their credit, they are willing to sort of reexamine these issues and so part of the problem that Harry identifies is not that there are people with suspect motives or their commercial motives or whatever. It is just that we have now got dozens of different groups all trying to do the same thing and without necessarily thinking through all the issues that we have heard from over the last years.
MR. HOUSTON: Mark, you were much more articulate than what I tried to say earlier, but it is right on point and I think every time they go to an NHIN conference, you are bringing a whole new group of people up to speed, who have never thought of the issues before and there is maturity of thought that until somebody enunciates a standard, puts out a white paper that is really clear and articulates these issues and provide a reasonable of guidance, I think there is going to be this continued starting at zero and some are going to get it right and some are going to get -- but there are going to be multiple approaches, many of which I think are going to be either fundamentally incompatible or are going to turn out to be either not workable or are going to really be problematic from a patient perspective.
MS. BERNSTEIN: Yes, it is my experience that some of them don't even have the basics of HIPAA down. It is very troubling actually.
MR. ROTHSTEIN: So, now what, exactly? I sense a consensus that we really need to not let go of this issue, that we need to come up with something that is going to be valuable, not just for the department but for other people as well. Now the question is how to do it. Who do we need to hear from? What do we need to do on what type of schedule? How is that going to affect all the other projects that we have?
MR. HOUSTON: My recommendation would be that if you look at our letter from last summer, we really had a whole group of recommendations and then we had a lot of supporting text around recommendations. I think that we could reasonably sit down and start to fashion recommendations. Some of them would be hypotheses until we -- which ones needed more thought on, but we could fashion a set of how many recommendations we thought were appropriate and try to come to some consensus, which ones we feel good about, other ones, which we think we need to work more on and then use those as a basis for putting together either more testimony or a supporting document around it because those are really the things that seem to matter most in the end. I think we could probably in a couple hours, three or four hours, come up with probably ten recommendations that I think we all feel like need to be made out of just what we heard. Maybe some of those would be ones we -- maybe we need to delve more into it and let's focus on these with some additional testimony.
MS. BERNSTEIN: Three or four hours. I was thinking how long it took us to come up with the recommendations we did do, some of which --
MR. REYNOLDS: Yes, but I think the difference is recommendations that we came up -- we were going -- we only had the huge picture to face and I think this is a whole different deal.
MS. BERNSTEIN: So, you are saying we should try to drill down like we have been doing with this particular issue.
MR. REYNOLDS: Yes, because if we don't nobody is doing this, guys. I am telling you. Mark, you made a great point. Sixty percent of the RHIOs are talking about having all the information and the interesting thing is that out of the four consortia nobody has said a word about exactly which one of the privacy ideas they had would be a good one. So, those have now gone away. So, you have got everybody doing a bunch of stuff and nothing is sticking. That is why I just think -- and I want to make sure that whatever we do going toward -- at least my opinion is we have got to leave some time for all of us to make sure we discuss it because if you think about it, we have heard more testimony and spent more time kicking this thing around honorably than all these committees put together. am not sure what else new we are going to hear that is going to revolutionize what we are thinking.
MR. ROTHSTEIN: I have a proposal. We have got two letters that are in the pipeline that we need to have completed for June. We have got a conference call scheduled for April 27th and I think we have basically reached closure on the first letter, which we need to get the revised version circulated. Then the second letter I don't think it is -- the second letter is the Furple letter, which I don't think is that controversial but I have been wrong before.
What I would like to propose is that I will make an attempt to try to put together some skeletal recommendations with no pretense about the quality of them or the justification or almost anything, just for purposes of our June meeting so that when we have our subcommittee meeting in June, we can start picking at them and deciding of the ten which six we want to drop or whatever.
DR. FRANCIS: I was going to make another little suggestion, which is that each of us could send you one --
MR. ROTHSTEIN: Or more.
DR. FRANCIS: And help you out. If we all went away from here with the thought that we have an obligation to send you one thing that we think might be a recommendation --
MR. ROTHSTEIN: That would be wonderful. If everybody can send me some ideas and it doesn't have to be -- send it to Maya and she will sort of put them altogether and send them to me and we will work them through and it doesn't have to be in polished prose, just an idea. I think we ought to do this. So, we should make a statement on that.
Harry, does that make sense?
MR. REYNOLDS: Yes, but I would ask one other thing. Maya, if you wouldn't mind catching back up with Dr.Kibbe and have him send you the information that they felt were in those --
MR. ROTHSTEIN: The five main fields in the CCR?
MR. REYNOLDS: Yes, just whatever that data is just so we at least --
MR. REYNOLDS: I will get both the 17 and the 5 because it might be useful to --
MR. REYNOLDS: Again, it is not a bad context to at least consider to talk through with, not necessarily picking --
MR. HOUSTON: Are there other meetings planned around the full committee in --
MS CHRISTIANI: There is a quality workgroup meeting on the 19th of June.
MR. HOUSTON: Is that before or after?
MS. CHRISTIANI: Before.
MR. HOUSTON: Is there any possibility that we could try to spend the day after or sometime around so that we are not talking about trying to work on the recommendations and plan or do something --
MS. BERNSTEIN: Am I correct that we usually have our little workgroup meeting at the same time as the Quality Workgroup meeting because there is no overlap? Can we do that on the same day?
MR. ROTHSTEIN: I have a problem because I have another conference that I was the chair of that is going to be held on the 21st and 22nd in Louisville. So, my plan was to only make the first day of the NCVHS meeting and fly back to Louisville on June the 20th.
MR. HOUSTON: Could we do something on the 19th?
MS. BERNSTEIN: Usually, the full committee meetings are at least a day and a half, right? The full committee meeting is exactly when?
MS. CHRISTIANI: The 20th and 21st.
MS. BERNSTEIN: Until when on the 21st? Noonish. MS. HORLICK: I was wondering if everybody is going to be sending your information and recommendations probably pretty soon after this discussion, I know we have the call on the 27th, but it seems like if they are just going to be very rough recommendations and you are going to get input from a lot of people, then maybe we could schedule another conference call in May to just sort of begin to flesh them out a little so that could move ahead. It is a long time from sending it now and then waiting until whatever time you have at the June meeting.
MS. BERNSTEIN: Assuming both letters are complete and we don't need that time to finish our letters before June.
MR. HOUSTON: Obviously, Mark is going to be down there for the 20th. Is there a possibility the 19th would work, that we could all maybe meet down there and really try to --
MR. ROTHSTEIN: I have no problem doing it before the meeting. I have a problem doing it after the meeting. I could do it the 18th, the 19th. That is not a problem.
MR. HOUSTON: I think we do need some face time where we can just sit down and talk.
MS. BERNSTEIN: My only concern -- of course, we need to hear from Paul, Harry and so forth and Simon. My concern would be about the staffing, whether the staff can support two meetings on the same day.
MR. ROTHSTEIN: What is on the 19th? What is our overlap?
MS. BERNSTEIN: We do not overlap. I believe that is the other group that meets at the same time.
MR. HOUSTON: Let's at least float this.
MR. ROTHSTEIN: The other thing that we can do is try to circulate another -- Jeannine, another schedule to try to schedule another conference call.
MS. CHRISTIANI: Would this be more of a working session on the 19th?
MR. ROTHSTEIN: On the 19th, yes. It is not going to be a hearing. We are just going to get together and talk things over.
MS. MC ANDREW: They were talking -- I haven't seen any confirmation of this -- as moving the Confidentiality, Privacy and Security AHEC workgroups to the 19th.
MR. HOUSTON: There are three of us now that can't attend then.
MS. MC ANDREW: It came up at the end of the last public hearing.
MS. BERNSTEIN: See, I had written down those dates that I had. Okay.
MS. MC ANDREW: Curt apparently had a conflict on the 28th. So, they were looking for another date.
MR. HOUSTON: I think we need to take this time because it is clearly time we can be all in the same room, hopefully, and make some progress on this.
MS. BERNSTEIN: Harry, do you have any idea whether that day works for you?
MR. REYNOLDS: What day is that again?
MR. ROTHSTEIN: Before the full committee meeting.
MR. REYNOLDS: What day you talking about, Mark?
MR. ROTHSTEIN: June 19th. It is a Tuesday before the full NCVHS meeting on the 20th.
MS. BERNSTEIN: That is all right. We still need to hear from Simon and Paul anyway.
DR. TANG: Yes, I am back.
MR. ROTHSTEIN: Paul, we were thinking of meeting together to discuss recommendations coming from this meeting on the 19th, the day before the NCVHS meeting. Are you available?
DR. TANG: I have a potential conflict but I can try to find out whether it has been confirmed or not.
MR. ROTHSTEIN: Okay.
MR. REYNOLDS: It looks like on the 19th, June 19th, yes, I can be there.
MR. ROTHSTEIN: Please hold that open everyone.
Paul, I don't know if you were on when we discussed this, but the plan going forward now is to try to work on possible recommendations dealing with the issues that we talked about today and the way we are going to do that is everyone is going to draft a couple of skeletal recommendations, just some ideas on what you are thinking we ought to be going with this and send them to Maya and then we will sort of -- she and I will kind of aggregate them by issue and just put some sort of points to consider together and maybe we should be thinking about a conference call before the June meeting or not?
MS. BERNSTEIN: I would think that depends on how we do with our letters.
MR. ROTHSTEIN: Okay. Let's wait until we see how we do with the letters on April 27th, which is our next conference call and if we move most of those letters through, then we can use the next conference call to talk about these recommendations. If not, we will have to schedule one to finish up the first two letters.
DR. TANG: Is the April 27th call already scheduled?
MS. BERNSTEIN: Yes, it is that 1:00 to 3:00 p.m. Eastern Daylight. I believe Jeannine already sent that confirmation out a week or so ago.
MR. ROTHSTEIN: That was based on the poll of the available dates and times.
So, if there is nothing else, I certainly do want to thank the staff. I want to thank Jeannine for a great job putting this together. Thank Maya for work with the witnesses and our AV and our recording people. Thank you both. Until next time, we are adjourned.
[Whereupon, at 4:25 p.m., the meeting was concluded.]