[This Transcript is Unedited]



September 22, 2009

Washington Marriott Hotel
1221 22nd Street, NW
Washington, D.C.

Proceedings by:
CASET Associates, Ltd.
Fairfax, Virginia 22030
(703) 266-8402

Table of Contents

P R O C E E D I N G S (9:00 a.m.)

Agenda Item: Call to Order

MR. REYNOLDS: Good morning. I would like to welcome you to two days of meetings of the National Committee on Vital and Health Statistics. I would like to call this meeting to order. This is the first of those two days of the meeting events of NCVHS. The National Committee is a main public advisory committee to HHS on National Health Information Policy. I am Harry Reynolds. I work at Blue Cross and Blue Shield North Carolina and Chair the Committee. I want to welcome Committee members HHS staff and others here in person and also welcome those listening on the Internet. I would like to remind everyone to speak clearly into the microphones.

Let's now have introductions around the table and then around the room. For those on the National Committee, I would ask if you have any conflicts of interest related to any issues coming before us today would you please so publicly indicate during your introduction and I have no conflicts.

MR. SCANLON: Good morning I am Jim Scanlon. I am the Deputy Assistant Secretary for Planning and Evaluation at HHS and the Executive Director for the Full Committee.

DR. WARREN: I am Judith Warren from the University of Kansas School of Nursing, member of the Committee, no conflicts.

DR. FITZMAURICE: Michael Fitzmaurice, Agency for Healthcare Research and Quality, Liaison to the Committee.

DR. SUAREZ: I am Walter Suarez, I am the Director of Health IT Strategy for Kaiser Permanente, member of the Committee and the only conflict I have is scheduling conflicts because this week is just horrible with H07 meeting in Atlanta and the Health IT Summit happening just down the street.

DR. CARR: Justine Carr, Caritas Christi Healthcare, member of the Committee, no conflicts.

DR. MIDDLETON: Blackford Middleton, Brigham Women's Hospital, Partners Healthcare at Harvard Medical School. I currently serve as a scientific Advisory Board member for Intercomponent Ware which may be a conflict, in some ways, with the Privacy PHR Letter.

DR. GREEN: Larry Green, University of Colorado, member of the Committee, no conflicts.

DR. HORNBROOK: Mark Hornbrook, Kaiser Permanente, member of the Committee, no conflicts.

DR. LAND: Garland Land, National Association for Public Health and Statistics Information Systems, member of the Committee, no conflicts.

MS. MILAM: Sallie Milam, West Virginia Health Information Network, member of the Committee, no conflicts.

DR. SCANLON: Will Scanlon, Health Policy Research and Development, member of the Committee, no conflicts.

MR. HOUSTON: John Houston, University of Pittsburg Medical Center, member of the Committee, no conflicts.

DR. FRANCIS: Leslie Francis, University of Utah, member of the Committee, no conflicts.

MS. GREENBERG: Marjorie Greenberg, National Center for Health Statistics, CDC and Executive Secretary to the Committee.

MR. QUINN: Matt Quinn, Agency for Healthcare Research and Quality.

MR. DECARLO: Michael DeCarlo, with the Blue Cross Blue Shield Association.

MS. JACKSON: Debbie Jackson, National Center for Health Statistics, Committee staff.

MS. HORLICK: Gail Horlick, CDC, staff to the Subcommittee on Privacy and Confidentiality.

MS. JONES: Katherine Jones, CDC, National Center for Health Statistics and staff to the Committee.

DR. FRIEDMAN: Dan Friedman, Independent Consultant.

DR. PARRISH: Gib Parrish, Dartmouth Medical School.

MS. VIOLA: Alison Viola, American Health Information Management Association.

MS. KANAAN: Susan Kanaan, writer for the Committee.

MS. DOO: Lorraine Doo, CMS Office of E-Health Standards and Services and lead staff to the Standard Subcommittee.

MS. BUENNING: Denise Buenning, CMS Office of E-Health Standards and Services.

MS. JONSALEM: Good morning. I am Angela Jonsalem of the American Osteopathic Association.

MR. REYNOLDS: Just to kind of take you through the day briefly, we have the Agenda and after we hear from Jim then CMS and Karen, on the phone. Karen, do you want to introduce yourself?

MS. TRUDEL: Karen Trudel, CMS, Office of E-Health Data Services.

MR. REYNOLDS: Then we will be going through the PHR letter and the ONC update from Dr. Friedman, and during that period of time, Jim Scanlon and I were able to meet with David Blumenthal in the last couple of weeks and talk through how we all are working the same space in a reasonable way, making sure that we all have our own space and then we all collaborate as we need to. I can show you how they have already started using some of our collateral and vice versa. So I will update you during that time as to what went on there. I am very excited about the relationship.

MR. REYNOLDS: Then we will have our Committee discussion and then adjourn for the Plenary. So with that –- does anybody have any questions before I turn it over to Jim? Yes, Marjorie.

MS. GREENBERG: Just one administrative matter, all NCHS employees have to sign a non-disclosure affidavit that they will not disclose any confidential data. As special government employees who are on the NCHS payroll, even though I know you rarely would have access to confidential NCHS data, though you do sometimes meet in the NCHS building, we need you to sign these as well. So Cynthia has one for each of you with your name on it and if you would see her over the next day and give us your John Hancock, we would appreciate it. Thank you.

MR. SCANLON: Good morning everyone. Thank you, Harry. Let me start with the membership status. The Secretary has recently reappointed two members of the Committee. We are very happy to have Bill Scanlon and Paul Tang reappointed for four year terms.


They have formerly accepted and so there is no backing out.

In addition, we had one open seat and the Secretary has appointed Tony Rogers, who is the Director of the Medicaid Program in Arizona to that seat. I think some of you met Tony at our Meaningful Use Workshop back in April, and he is very attuned and has a lot of insights into the health IT part of Medicaid and a lot of ideas for how health IT could improve health and improve the efficiency of the Medicaid Program. He could not be here today, but he will be here at our next meeting.

So that brings us up to a full complement, other than our seats at the Senate, gets to fill, and we have asked our legislative folks to please try to get us someone there as well.

MS. GREENBERG: If I could just comment, that we, of course, as always we have to say goodbye to certain members who have finished their terms and in this case, it is Carol McCall. We would have loved if she could have been here at this meeting as well, but it was not possible for her, but we do have a letter for her from the Secretary and we, as a group, should want to recognize the incredible service that she gave and the creative thinking that she brought to the table and we will miss her. But, I have already informed her that we expect to call on her as an expert, like some of you who thought you had gotten off the Committee forever about ten years ago -- no, once a member, always a member. So I hope we will be able to call on Carol in the future and she certainly wishes everyone well and supports our work.

Agenda Item: Department Update, James Scanlon, ASPE

MR. SCANLON: Let's see, within HHS, let me bring you up to date on leadership. Obviously we have a Secretary and a Deputy Secretary and we have now in place political appointees for most of our agencies -- CDC, FDA, HRSA, IHS, NIH, our Welfare Agency and our Administration on Aging. We do not have an administrator for CMS but hopefully we will have someone there before too long. Where we do not have political folks, we have senior career officials who are managing the day to day program operations.

As I said, back in the spring, we established an HHS Office of Health Reform. That Office works closely with the White House Office of Health Reform. In addition, we have appointed in the past month, a new chief technology officer at HHS. Many of you know him, Todd Park. Todd was the Founder of Athena Health. He participated in some of our Meaningful Use discussions and he is now full-time at HHS. His focus will be on how to use technology to improve HHS programs, mission and operations. We have already begun meeting with Todd within HHS about how to do that.

A couple of words about budget -- we are winding down fiscal year 2009. October 1st is the beginning of the next fiscal year. We are awaiting congressional action on the President's fiscal year 2010 budget. It looks like, if we do not get a formal appropriation before October 1st, we will have continuing resolution probably for a month and then we will see how long it goes from there. We have also begun working on the fiscal year 2011 budget.

In terms of population health, again I think we are doing, at least the plans are to do fairly well. The National Center for Health Statistics, for example, received an increase in their fiscal 2009 budget. An initial one of about 10 or 11 million was requested in the President's 2010 budget and it looks like the House and the Senate are close on that increase. But again, we do not know for 2010. We are working on an increase, we hope, for the 2011 budget which is really in early formative stages now.

The total HHS budget, as you know, is nearly $800 billion but only about 10 percent of that is actually discretionary, the rest is mandatory programs like Medicare & Medicaid and Welfare Programs. Some of the biggest news, as you know, over the past few months has been the Recovery Act and the Stimulus Act. And there are three major portions of that. Let me update you on that as well. You are all familiar with the HITECH part of the Act that provided $2 billion dollars for carrying out a number of activities designed to promote and accelerate the adoption of Health IT. In interoperable Health IT in the U.S., much of that funding will go for standards, for the establishment of a grant program or state health information exchange for regional technical assistance centers to help with the adoption locally of Health IT also, for work force development, for training and for a number of other things. An even bigger part of the HITECH Act was probably 19 billion dollars or more beginning in 2011 for Medicare and Medicaid incentives for providers and hospitals who adopt defined health IT.

Funding announcements for the extension centers, I think you saw those already, those were announced about two weeks ago. Funding opportunity announcements for the State Health Information Exchange Grants have been made as well. We are now working as well on how this program would actually operate in terms of the incentives. What is meaningful use? When is meaningful use? What are the different criteria and how will the whole program of incentives work. It is fairly complicated as you all know.

A second part of the Recovery Act actually had to do with prevention and wellness and it created within HHS a little over a billion dollars -- it created within HHS a prevention and wellness trust within the Office of the Secretary. A fairly large part of the funding there will go to competitive grants to communities for innovative community-based prevention and wellness grants. And again, I think we announced that in a press release, the availability of funds there as well.

A third part is comparative effectiveness research. That part of the Act created about a billion dollars for comparative effectiveness research at HHS. About a third goes to NIH, a third goes to ARC but the other third, more or less, resides as a fund within the office of the Secretary to provide a funding for hopefully, new kinds of cost effectiveness research outside the bounds of the agencies specific programs. And as you are probably all aware, we created a federal coordinating council on comparative effectiveness research. We asked the IOM to give us some ideas about priorities within a framework. That has been published as well. The report of the federal coordinating committee is up on our HHS website. So we are basically in the last step here, where a spending plan for individual projects, are at OMB. Interestingly, in addition to conducting the comparative effectiveness research itself and dissemination in translation kinds of activities, which is often, as you all know, the comparative effectiveness system breaks down in terms of translation and option -- we also have a fairly large amount specified for data infrastructure development as well. This would be, besides the usual randomized controlled clinical trial, for comparative effectiveness research. There are other ways to approach this so we have a number of proposals relating to data improvements and data infrastructure using claims data, using linked health plan data, presumably, using longitudinal datasets and so on. So hopefully that will all be approved by OMB and make its way up shortly.

Just a couple of projects within my own office, we are, as I mentioned previously, we are partnering with CMS -- Karen may update us on this later -- on evaluations of personalized health records systems and the Medicare program. One is a fee per service program in South Carolina and several others are in the Western states. They will be plan-based programs in Utah and Arizona. So, our job is to evaluate how that operates, what are the factors that determine success so that we will build up a body of best practice for what will be most useful. We are well underway with an assessment of health IT capacity and information exchange in community health centers and the safety net generally. We started a study last spring involving pilot studies of exchanging data from the clinical setting to the public health departments. This was done in New York City and that is just in process.

We have also within HHS, we started this I reported in the spring, been looking at the capacity of our own data systems to support health reform. As you know, we support a number of models, surveys and administrative data and we are always looking at how to improve that. A lot of the data that you have seen already was provided by HHS in terms of technical assistance and we will be looking at, in terms of health reform itself, what would be the administrative data, the clinical data and the overall data that would be needed to actually carry out health reform and to monitor community health as well.

And finally, you will remember I reported that we established a while back in HHS, a website, a gateway that provides you access to all of the statistical information in HHS. It basically provides you with links to the agency data. We are now going to be upgrading that and expanding that and trying to get access to the data itself as much as we can while protecting privacy. A number of the agencies provide not only reports and statistical tables and findings but they provide customized software where you can build your own tables and in other cases you will actually get access to public use datasets itself and we are also trying to find a way to make it easier to get access to our research data assistance centers. So let me stop there are see if there are any questions.

MS. MILAM: Your overview was really helpful Is there a schematic or a white paper on the HHS website that has an overview of all of the different ARRA funding pots and what their missions are? Where would you point me for that?

MR. SCANLON: Well, there is recovery.gov. There is a government wide website recovery.gov and part of that is the HHS website, and that will tell you exactly where we are with each of these programs. I only mention the three bigger ones. There are a number of smaller ones as well. But that will take you there and there is a lot of reporting associated with the Recovery Act funds. So you will get an up to date picture there.

DR. GREEN: Jim could you say more about the project that involves exchange of data between provider setting and public health.

MR. SCANLON: This was a project that New York City had and in fact many of you know Farzad(?), who we now have imported to HHS so I hope it does not slow down our study there, we were asked with HRSA to look at the interface, basically, between the clinical setting and public health particularly working with primary care providers, as a pilot study to agree on standards and actually exchanging related to public health departments use. So some of it would be reportable conditions and some of it would be, like in New York City, relating to diabetes for example. So I can get us a full report. Maybe I will get a briefing for the Committee on the full report. Again, I think that we thought that was still somewhat of an underdeveloped link, that interface between the clinical world and this public health reporting in public health world. I think we have a summary I can provide at the Committee and we can arrange a briefing.

DR. FRANCIS: Could you just make a couple of comments about what the criteria are going to be for evaluating the PHR projects?

MR. SCANLON: Well, it will be everything from is it implementable, some of these are more ideas, and use. Even when we reach out to folks, we have outreach campaigns and so on, folks actually have to agree, use it and then they actually have to sign in and presumably stay with it. So we will look at everything from participation in use, what the use is for, satisfaction from the side of the consumer and then to some extent, if we can, we will try to look at outcomes data, but I think that is probably beyond what we are able to see here.

We actually have some interesting findings from South Carolina -- where just marketing to folks obviously does not necessarily get folks to stay with it and even when they enroll, they may come to the website once or twice and not again. So there seems to be some dynamic of actually having a health issue and if you go a fair length of time without a doctor visit or without a health issue, folks do not always visit. We have folks who register once and never visit the site again. We have others who are pretty religious users. We are trying to understand what it is that makes that as well.

For the Arizona and the Utah website, we actually have data where we can see to what extent use of the PHR is associated with changes in utilization and potentially, outcomes as well. We actually have claims stated there. So that is what we will be looking at.

MR. HOUSTON: Is there work on e-visits as well in combination with PHRs and utilization? I know it is an area of great interest in our facility as we are starting to get e-visits mechanism to –-

MR. SCANLON: We had not, John, these are commercially available PHR systems. I am not sure any of them are tethered. We might want to think about that. We often ask in surveys about that but, you know, that is really soft. You do not know exactly -– it could have been a phone call. It is a good idea for future work.

DR. FRANCIS: Just one other quick thought, are you going to be looking at people who did not sign up and if so, what they perceived as the barriers?

MR. SCANLON: Yes. We have focus groups planned. We have had focus groups conducted already at the South Carolina site -- focus groups of enrollees, those who enroll, those who did not enroll, as well as providers who were interested. And I do not have the data, but it just –- again, if there is not a current health issue of some kind, other things like the economy or other things, just take over. But we will have all that written up shortly.

MR. HOUSTON: Just back to the e-visit for one second, one of the things that we are finding very clearly is that there are certain types of visits that can be done by e-visit. And the savings seem to be very dramatic. Other ones, there is no difference. It seems as though they are not well suited for e-visits. I just think, in terms of trying to look at efficiencies and productions, that it is really an interesting area.

MR. SCANLON: I agree. It is an area I think we would want to look in to.

MR. REYNOLDS: Karen, are you prepared to give the CMS update please?

Agenda Item: CMS Update, Karen Trudel, CMS

MS. TRUDEL: Harry, I will provide a caveat in advance, and that is that I am having a certain amount of difficulty understanding almost everybody but you and Jim. So I am going to have some difficulty when we get to questions.

Let me start with the reason that I am not in the room with you today -- that we are moving towards some critical phases in developing the proposed rule for the Medicare and Medicaid Incentives Program for EHR meaningful use. We are currently still on target for our December publication date. There will be a 60 day comment period and we are anticipating the final rule will be published sometime around May of next year. And I know there is a great deal of interest in the definition of meaningful use. Obviously, I cannot say too much about it, but we have used very heavily the background materials that we were provided and recommendations from the HIT Policy Committee, the Standards Committee and the NCVHS in the hearings this last spring, to try to establish an attainable level of meaningful use for 2011, then establish a mechanism for moving forward and raising the bar in 2013 and 2015.

In addition to meaningful use and establishing these criteria, there is an awful lot in this regulation. We will be developing all of the program requirements for Medicare and Medicaid and Medicare-Advantage for eligible professionals and hospitals. We will provide proposals on how providers will sign up, how they will report, when payment will be made and how that will work. There will be a lot of coordination to prevent duplicate payments and we are working very closely within HHS and CMS, working very closely with the Office of the National Coordinator, and inside CMS to make sure that the Medicare and Medicaid and Medicare-Advantage programs are as picked up as they possibly can be based on the law.

We will also be talking about what the quality measures are going to be and how they will be reported. So this is a fairly significant regulation and I just want to say again, that as of right now, we are still on our timeline for December publication.

Moving on to HIPAA security, I think some of you are probably aware that the security enforcement function transferred to the Office for Civil Rights from CMS effective July 27. That essentially was prompted, in part, by some of the provisions in Title XIII of the HITECH Act which established additional requirements for security training and also compliance reviews and audits, so all of the process will be in OCR at this point. We are moving over some of the processes that we are in the middle of. We are completing a set of compliance reviews and moving the results over to OCR.

Moving on to e-prescribing, we are still working with the DEA along with the Office of the National Coordinator on their final rule on controlled substances in e-prescribing. We are having some in depth discussions with them. These are not easy issues to resolve and there are lots of balances to be maintained. So this is a process that has been longstanding, but I just that we are continuing to work the issues and make some progress.

Also we are, as a result of the NCVHS requirements, moving forward with an interim final regulation on MTPDP 10.6 which would allow the voluntary use of 10.6 along with the current version in our backwards compatible process. We think that is probably going to happen sometime early in 2010.

Moving along to ICD-10 and 50-10, we are completing an analysis which will be, I think on our website in the next few weeks, a more in depth assessment of the CMS business practices –- which ones are affected, how they are affected, which ones are affected the most, what is RIF and most importantly, what are some of the opportunities to reengineer our business processes, based on to take advantage of ICD-10, so that will be on our web fairly soon.

We are also in the process of setting up a program management office and we have a contractor on board that is developing a comprehensive outreach plan. And we will be looking to NCVHS to help us with monitoring the progress of the industry on implementing the 50-10 and ICD-10. We are going to be working with you at this meeting to start setting that up.

The last thing I want to mention is health reform legislation. I am sure everybody has seen the fact that many of the proposals, including the Finance chairman's mark, include sound administrative simplification provisions. There is a lot of interest in moving into the realm of operating rules. There are also provisions having to do with electronic funds transfer and other standards that seem to be something that will actually help all of the administrative simplification pieces that are already in play link up and really provide a greater degree of return on investment. So we are looking at that with great interest and anticipating that any legislation may well contain some administrative simplification provisions. That concludes my remarks and I will make every attempt to answer questions.

MR. REYNOLDS: Okay, questions, comments from anyone? Okay, Mike.

DR. FITZMAURICE: Karen, this is Mike Fitzmaurice. Will the CMS business practice report be public?

MS. TRUDEL: Yes, it will. We are in the process. There may be a few things that we will need to redact because they may affect some program integrity business processes that we do not necessarily want to make public. But everything that we can share, we will.

DR. FITZMAURICE: Thank you, Karen.


DR. SUAREZ: Karen, this is Walter Suarez. I have a question about the claims attachments rules. I know there is some mentioning of those on some of the reform legislation. There are also some reactions or comments made about the possibility that instead of being moved through the traditional HIPAA rule-making process, they could be switched, so what ONC does with respect to standards harmonization. Any comments you can make about the claims attachments rule?

MS. TRUDEL: The claims attachment rule, yes, is included and mentioned in some of the health reform provisions. We had pulled that out of the regulation schedule while we were working on ICD-10 and 50-10 so that we did not, inadvertently, place too much of an implementation burden on industry at any one time. We have not actually discussed how to put it back on and when to do that but keep in mind that if we are working with claims attachments with our current legislative authority, the notice and comment HIPAA rulemaking process is the only way that these can become standards that are applicable to the healthcare industry as a whole.

MR. REYNOLDS: Larry Green.

DR. GREEN: Could you say more, Karen, about your report about security being transferred to the Office for Civil Rights, if I understand that correctly and particularly whether or not there are any implications for NCVHS in that change?

MS. TRUDEL: I am sorry I missed the last part -- any implications for what?

DR. GREEN: NCVHS and the way we work.

MS. TRUDEL: NCVHS? Okay. Well I think that the re-delegation makes sense on a number of levels because privacy and security are so synced together. So we had a situation where OCR was handling privacy complaints and CMS was handling security complaints basically generated from the same incident at the same covered entity. And we had what we called a dual process that we used to keep ourselves coordinated. But there was a certain amount of overlap and a certain amount of administrative overhead associated with that and so this actually, in a sense, will streamline the process. Complained against entities should not notice the difference, except when there is a correction action planned that is open, that CMS has been monitoring and we have informed all of those entities that their corrective action plans will now be monitored by OCR. I do not know that there are any implications for NCVHS, except that this now sinks up better with the fact that the Privacy and Security Subcommittee will be dealing with that one office primarily.

MR. REYNOLDS: Okay, any other questions?

DR. HORNBROOK: Karen, this is Mark Hornbrook. This is kind of a far out question. Is there anything in the long range to deep planning for CMS that would allow beneficiaries to download the claims data into their PHR for themselves?

MS. TRUDEL: No we do not have specific plans going on in that regard. Again, I was having a little trouble hearing but I know that Jim Scanlon did talk about our pilot in South Carolina and in Arizona and in Utah and in a sense that is exactly what those beneficiaries are doing. There are downloading claims data, or claims data is being downloaded on their behalf, into their PHR. So discussions about how that could be rolled out on a widespread basis and how we would begin to staff and support that into the future are things that we have looked at in a sense, but as I think Jim pointed out, we do not have political leadership at CMS at this point and we certainly would want to know what direction our new administrator had on the topic of PHRs.

DR. HORNBROOK: Thank you very much.

MR. REYNOLDS: Okay any other questions? Karen, thank you. It sounds like you have got a little bit to do, so you need to get going.

MS. TRUDEL: Thank you.


We have a new visitor. Dr. Steinwachs, would you introduce yourself please.

DR. STEINWACHS: Don Steinwachs, Johns Hopkins University, member of the Committee, no conflicts. Good to be here.

Agenda Item: ONC Discussion, Harry Reynolds, Chair

MR. REYNOLDS: Since we are running a little ahead of schedule and the sidebar is finished we will proceed. I thought I would go ahead and update you on our meeting with ONC so that for the rest of meeting and for the rest of the two days, you can keep that in consideration as you are going through what you did. I will just walk you through what we put together as a piece of collateral. I am not going to share it because it was a discussion paper. It was to start the discussion and to make sure that we at least had our position stated. We talked a little bit about NCVHS strengths -– things like visiting the future, framing an issue, some of the stuff that we wrote to the Secretary.

So we had written an introductory letter to the Secretary so that is some of the things that we listed -– being able to frame an issue, identifying consensus, and evaluating and forwarding standards. We reiterated our process, which was clear, but it is always good to reiterate those things when you are talking about building a collaboration. The fact that that process has worked over and over again, including the meaningful use hearings, which were the most recently conducted on behalf of ONC. The kinds of things that we did in the NCVHS ONC relationship, the very first one, is the fact that we recommended ONC, so that is always a good place to start. So we are still sticking with our story there. The functional specifications we did and then obviously the meaningful use.

In the near future, we felt that things like the Data Stewardship Primer that we are going to be covering tomorrow, obviously, fits nicely into as they continue to move forward, this whole story of privacy and stewardship of data. As you know the gentleman that is going to be joining us that Jim mentioned, was the one that talked about, in the Southwest, that the Medicaid environment would be the stewardships of the individual Medicaid members' data. So those are the kinds of things that we continue to put forward out of our documents.

And then, our privacy body of work that we have done over time, which still much of it resonates, and by the way, John Houston actually did present to the ONC Policy Committee the other day.

So again we will continue to build our collateral. We will continue to deal with the subjects that are important. And then we will let them be used by others whether it is ONC, CMS or the general industry as to how to make things happen.

Meaningful Measures, which is a quality group, has set up for October hearing. The interesting point there is if you look at the meaningful use document and you look out at 2015, it now says efficiency measures TBD. The Subcommittee will be addressing what that TBD might look like and obviously it would be a great piece for ONC to either build on and/or pick up, depending upon how specific we become, pick up on and in fact, incorporate into their work as they are setting out the incentives and what meaningful use is 2013, 2015 and so on. So that is another good synergy.

And then everything that has been going on about this engaging patient populations, with what you guys have been doing on Population Subcommittee and some of those things including the medical home and others, things that very much are the interest of both.

I listed here some of the things 2010 and forward that we were working on. Obviously 50-10 ICD-10 we need to keep track of that. That is, by charter, one of our key things. The other thing though that is important there is that, and Karen reiterated -- I do not remember if Jim did -- it looks like more and more people are trying to discuss getting the thinking about ICD-10 into meaningful use. This whole thing about putting in new systems in doctors' offices, setting up all these things and not taking that into consideration as you are going along, does not seem like it is going to go well.


DR. SUAREZ: Yes, but ICD-10 is actually not really the recommended vocabulary standard or clinical documentation, so –-

MR. REYNOLDS: It was not the recommendation that ICD-10 be the clinical standard. It was the recommendation that as everybody is out there changing these systems, that making sure that you are doing these things in concert so that you do not go back and undo what you had to do -- that is one of the reasons.

MS. GREENBERG: Actually, ICD-9CM and its replacement ICD-10CM is the recommended administrative standard and I think the important thing, from what you are saying, is that it needs to work well with the clinical standard. And I think some of the international and domestic work that is going on about mapping between SNOMED CT, which is the clinical standard, to ICD-10 is really important.

DR. SUAREZ: No, my comment was primarily to point out that absolutely, there is ICD-9 and now ICD-10 for administrative transactions and for purposes of administrative exchanges but the recommendations from the Standards Committee was to accept both ICD-9 and ICD-10 between now and 2013, or by 2013 only accept SNOMED for purposes of qualifying clinical information and exchanging it via EHRs and HIEs. So after 2013 the expectation is that no exchange for clinical purposes from EHR to EHR across an HIE would use ICD-10, it would use SNOMED.

MR. REYNOLDS: My point is that administratively, that sounds good for the learned, but as each doctor's office is trying to deal with it or others, all we are saying is make sure that all these things are playing in the same environment. Make sure people understand. I am not overselling. I am not a clinician and I am not trying to be. It is the kind of thing that is being mentioned.

MR. HOUSTON: I have a question more basic than that. I have this lingering concern over this whole idea of meaningful use and how granular should meaningful use be defined because when you have hundreds or thousands of providers, in trying to come up with criteria that are measureable reasonably across that size of a population, how much depth can you afford to get into and secondly, what standards should be incorporated into a PHR? I thought this was more of a certification question for the vendor and their products rather than one which would relate to meaningful use. I do not know if I am being clear. It seems like there are two pieces, EHR certification and then there is meaningful use and I would think that would fall under EHR certification.

MR. REYNOLDS: Again, I was mentioning it; I was not putting it on the agenda.


I am talking about the conversation that we had and talking about how the ecosystems being changed to anybody -– I am more than happy to have anybody go deeper. So I am mentioning to you the kinds of discussions that came up in the ecosystem and how are we all working in the ecosystem. I do not disagree with anything that is said, and John, to your point, one of the reasons out of the hearings that are going to go on in October as there is a definition of things like efficiency measures, meaningful measures for 2015, the practicality of those, the reality of those and other things are the kinds of things that we are going to be working closely with ONC and I would like to welcome Dr. Friedman.

Yes, Marjorie.

MS. GREENBERG: Well, I have read the meaningful use matrix and everything, but I think Walter's comments really make me focus on it more. I think this is an area that the Standards Subcommittee really has to look at. When you think of all the concern, and still there is concern out there about challenges of transitioning to ICD-10CM and ICD-10PCS and the massive efforts that CMS is undergoing and everything, by 2013 and then you think of the assumption that by that same time in order to meet the criteria for meaningful use everyone will be using SNOMED CT. And very few people are currently using SNOMED CT. It is mind boggling.

MR. REYNOLDS: Walter, one more comment on this –- I think Mike and then Walter. Again, I am giving you an overview. We can dive into this in our later discussion. As I said, we are having the standards hearing in December to go through 50-10, ICD-10 everything about implement, and then how it plays, where it plays and so on. So we were working on the questions for that this morning.

DR. FITZMAURICE: John Houston raised a good point about precision. I think for meaningful use reporting and getting incentive payments, you have to be very precise. When you are talking about exchange of clinical information, the doctors or the medical professionals at both ends have to understand what they mean. I think Marjorie is right, I think there is a role for the Standards Committee in looking at what is possible with SNOMED, working with NOM who is the U.S. representative for SNOMED domain in the United States, to give guidance to SNOMED as to, here are some gaps that really need to be filled and to work through NLM to identify the gaps and get those filled. It may take hearings to identify those gaps.

MR. REYNOLDS: Walter, last comment and then I will move forward.

DR. SUAREZ: Yes, just a quick point to clarify one thing and then to John's question about granularity. The requirement is not really that SNOMED CT will be running natively inside an organization. The standards recommendations are, for the most part, applicable for exchanges between organizations. The only ones that they dived deeply into the organization, inside the organization, are some of the security and privacy requirements that require identification, authentication, audit, control, things like that, that have to go inside the organization and establish some requirements. But all the other standards for meaningful use are related to the exchange of information.

So yes, potentially, an organization will not have to run natively inside the organization SNOMED, but whenever they are going to create a message to send out on CDA or CCR or whatever they use for exchanging a summary record, then they will have to convert whatever they have inside. It could be Excel files, for all I care, but they have to convert them into SNOMED CT.

MR. REYNOLDS: Opportunities.

Chuck, why don't you introduce yourself so that if you make any comments, we will know that you were here.

DR. FRIEDMAN: Sure, sorry I am late. I am Chuck Friedman. I am, at the moment, the Deputy National Coordinator at the Office of the National Coordinator. I think as a lot of people know, ONC is undergoing a reorganization which is not yet fully complete. When that organization is completed , I will move into a new position as ONC's Chief Scientific Officer.

MR. REYNOLDS: But, you are the liaison to NCVHS.


DR. FITZMAURICE: That will not change. I heard that from David, so I thought I would pass it on to you, because otherwise, we would not take any of your comments seriously.


DR. FRIEDMAN: Thank you.

MR. REYNOLDS: So the next thing that we talked about is obviously, and we got a lot of discussion on that today, the whole 21st century health statistics. Everything that we are doing there, the updating of the document, we are going to hear more on that today. Those are things that we need to continue to drive. Those are the things we need to continue, that is that visioning of the future and some of the things that we need to keep going so that we keep something out in front. You know, there is a lot of implementation going on, but there is other stuff to come and that is what I think we will be able to do nicely there.

Some areas we figured that we had discussed that there would probably be some overlap is the area of population health. Really from the standpoint, I know, that in speaking to David, they are very interested in coordinated care, the medical home, so we had already done a lot of work on that. So making sure that we keep ourselves at least philosophically together as to what we are doing and how far out in front we are and where we are and where we could do some things jointly.

We talked some about the possibility of having some of our staff in some of their hearings at points planned or vice versa. So we could split up the work and look at some things to do there.

Quality, from a standpoint, obviously, we mentioned the hearing where we may be starting to work on the 2015 column and then they could pick it up and be part of it after what the quality group is doing.

Privacy, we have already talked about that a little bit. The letter that we are going to be doing today, obviously, fits right into this whole idea of where they are going.

So you can see there are a lot of synergies but they are into implementing and making sure these things happen within this time frame and we need to make sure that we keep the things that we do.

Obviously, we have got to keep an eye on e-prescribed care and mentioned still working with the DEA. So that is one of the things that is most important to us. But it sometimes is mentioned in some language if you look at the meaningful use so there is no subject right now that all of us are not writing the word down one time or another. It is just where do we play, how do we play and what do we play that is really the key thing.

Also the new administrative simplification requirements, and I will play off of some things that both Jim and Karen said, if you look at all the main Bills right now that are out there, NCVHS is prominently noted as well as ONC in certain cases. So we are both prominently noted in the process. We are still in the spot where we want to be which is, you know, using our process, using our knowledge and then recommending things to the Secretary. So that is still clearly in there.

There is a thing called operating rules that is now mentioned on a regular basis where, different than in the past, you would have a rule come out. Let's take -- Walter asked a question on claims attachment, so the rule would come out but then there would have to be operating rules actually adopted because one of the things we wrote in our letters on HIPAA from this committee, was everybody implemented the transaction and implemented the package, but we really did not do business. If you took eligibility you could answer yes or no and you would be HIPAA compliant, but that is not really the business of knowing whether somebody is covered when you go into a provider. So that is in there, looking at a range of 12 to 18 months after a regulation would come through, that there would be operating rules applied and then that would be considered compliance. Okay not just a compliance with the package, compliance with the package and the rules would be compliance. Then you would have the two to X years, whatever, to decide to actually implement it.

The four main transactions that are flowing through right now are electronic funds transfer, eligibility, claims status and remittances. They are in most of the Bills. They are prominent and they are the ones where it looks like people feel you can drive the most.

So the other things we talked about on our relationship is regular communication which we continue to do and obviously we have Chuck as our liaison, so that will continue to occur and so on.

ONC is a customer at times which has been the case with meaningful use.

The autonomy, when prudent, are chartered. So we have certain charters and there are other things that we may prudently decide that we want to move out on and we would use the appropriate courtesy to talk that through, but we will have our spots where we feel comfortable.

And then the coordinated overlap, obviously we do some work –- John just went and testified – we share the same thing on stewardship and some other things. And more importantly, one of the things that we spend a good amount of time on is both committees have to be clear to the health industry as to what we are doing. Because you see there are a lot of times guests are in these rooms and there are audiences, and some of them are having to chase the same subject two or three or four places to actually cover it. So if you are somebody outside in the industry looking in, we are all doing a lot of stuff but where do they go to understand and who has the ball and what does it mean and who is producing the collateral and how does the process work? So that is a thing that we are trying to work through that you know is somewhat confusing to the general populous in the health industry as we do it.

The assignment that came out of there is that, and Chuck was not able to be at the meeting, we are going to work with Chuck and Farzad and Paul Tang, the reason is Paul is on both. So it is kind of good to touch base with Paul since he is sitting in both rooms, making sure that we understand who has what ball. And in some cases we may divide the ball in two depending upon the subject and meaningful use, I think, is going to be that. Some of those pieces of meaningful use, probably the further out pieces, may be exactly a great example of that where we take the ball, roll it around a little bit and then decide how big it is or what it is or what are the issues and then they pick it up and actually move it closer towards pragmatic implementation at a certain time for a certain reason.

With that, since Jim was in the room, I will stop there. You had asked us to get together and we did and I think we have got a great relationship. I am very comfortable that any of us could pick up the phone and talk to each other. Chuck is here regularly so I think that we are pretty comfortable. So I would say to you please be about your business. Please do the things that you know are important. And if we get a sense that they do overlap in any way, we have the appropriate process now to deal with it in any way we need to, at any time we need to, for any way we need to. And if you see new faces at the table now and then, we may be doing things collaboratively –- just another voice in the microphone making a difference. So if we get into it any more than that, we are overselling this thing.


DR. FITZMAURICE: Sounds like you had a really good meeting Harry, and I am glad to see that there is going to be a good working relationship as we go forward.

You mentioned prudent autonomy and I guess based upon respective charters, we advised the Secretary on the other hand the two FACAs of ONC advice David Blumenthal who advises the Secretary. So we all end at the same point, it would seem, that some aspects of our charter would get us more into the agency business such as NCHS or ARC where we are advising the Secretary with regard to the specific programs that might be something ONC might choose not to do or might choose to do through the ONC. So that there is a broader aspect to what NCVHS does then what the two FACA Committees do. But the working relationship is the most important thing.

MR. REYNOLDS: No question and that is why we put it down that way. I mean HIPAA, we own HIPAA so there are some clear things and I think as we stay out front in something like population health, staying out front will be important. So that there are things to pick up and start turning pragmatic and I think the thing that we have had in the past is if we got out front too far, there was not anybody or anything coming behind to pick it up and do anything with it.


DR. FRIEDMAN: O'Hair, now that you reassure me that my comments will be taken seriously –-

MR. REYNOLDS: You are on the record that is all you needed to know.

DR. FRIEDMAN: So you may have brought this up earlier in the discussion, but I would like to re-raise a point that was made at the last meeting of this Committee. I am not sure if it came up at the meeting with David and Jim and others, that unfortunately I had to miss, but it is the topic of data integrity. I forget who on this Committee brought it up, the person who brought it up introduced it in the context of having all of this information now in electronic form. It is not a new problem, we have always had information. The question of interest is -- how accurate, how reliable, how reproducible is it? And that really rang a bell with me so much so that I even remembered it a few months later.


So I just wonder irrespective of whose agenda it is on it certainly would seem to fit very nicely with the agenda of this Committee, whether that should be an item that goes on some list, somewhere. I did not see it on any of the slides for the meeting.

MR. REYNOLDS: Well I would say that that fits nicely into everything that we have talked about on the whole data stewardship and so on.

I saw another hand –- Larry.

DR. GREEN: In light of information, Harry, and progress in structuring things, I would just like to ask for consideration somewhere down the line, that we structure some sort of exchange that goes beyond burdening Paul with holding one seat on each Committee.

MR. REYNOLDS: We are using Paul to start the list with us. Paul is not the conduit for NCVHS sharing information with ONC. It is just that we have got somebody sitting at both tables and as we make our initial list, and get going here and make sure what is what, David just asked that we consult with Paul. But no, Paul will not be the liaison –- for example, John went and testified on PHR. We will have the appropriate liaisons. If we are sharing anything with ONC, it will be the appropriate liaison from the Committee. It will not be just because Paul is on both.

DR. GREEN: Good. I think that is only fair and right. Again, what I would ask for some consideration to, I do not have a clear idea here Harry, but I am not asking for something specific here. As I look at the agendas for the Policy Advisory Committee and I look at our agendas, I just see rich opportunities emerging where I suspect that we will do better working in sequence and together if we have just a little bit more exchange between our two Committees in some manner and I do not know what that is.

MR. REYNOLDS: And I would say this, we are comfortable with that at the leadership level. I would love for you guys to make sure that you help me at the Committee level. We agreed to meet, we agreed to set up a structure, we agreed to make sure the doors are open. There are no agendas other than making a difference and so I look forward to comments now. As I said, you guys need to be about your business. I am really anxious for you guys to help figure out what that could be. I do not think that there is any question –- David said it and we said it –- there is no question that there would be times if there were things going on at ONC where we feel we do have a richness of a background and or have done something to have our people play and vice versa. So all the opportunities are there, we have just got to figure it out. I was not going to set down a prescriptive list of exactly how we would pull all of this off. We tried to make sure that CMS and ONC and NCVHS were in the room and we tried to understand them.


MS. GREENBERG: Does the Policy Committee have any kind of like Executive Subcommittee? I realize they are much newer and actually took, as the historian here, I think it took about 40 years for the National Committee from its inception to develop a Executive Subcommittee, but we are in 24/7 real time now and so those were the old days. I wondered if they had any group like that -- sort of a leadership group or if the Chair meets with the Subcommittee or work group or whatever Chair, because that would be a nice opportunity for the Executive Subcommittee of the National Committee to have a half day meeting with their smaller leadership group of that Committee. So it might be something to think about.

MR. REYNOLDS: Chuck I will let you comment and then I will comment.

DR. FRIEDMAN: So the idea is interesting in concept. I am thinking that the Policy Committee, although others could correct me, does not have an Executive Subcommittee at present. It is also chaired by David who is obviously a Federal employee. The Standards Committee does not, also to the best of my knowledge, have a formal Executive Subcommittee but is has more of a collegial leadership model. So there is something closer to it on the Standards Committee. I think one idea would be to quote this up as a possibility and see if, for the purpose of having this exercise, something that serves to function in the case of the two ONC Committees could be created purpose specific. So I certainly would not rule it out as a possibility but there is no obvious receptor site for it in the structure of the two Committees as I understand it.

MR. REYNOLDS: The other thing I think we heard loud and clear from David and I think it was again a very cordial and open discussion and I thought very fruitful, is that and if you heard Karen today by May 10th there is going to be a clear and precise definition of everything related to meaningful use that people are going to start getting money for. So there is no question that ONC has to keep their eye on that ball.

Now what we also heard clearly, was privacy is extremely important because if you are going to implement all this stuff between now and 2015, privacy is key. So we will always be bound philosophically in privacy. I mean because it is a subject that does not go away no matter what the technology is.

The second is disparities -- ICD-10 PHR is obviously core because when you start doing these EHRs and then you start rolling off the PHRs now, do they have a meeting in the next 12 days over PHR? I do not think so. But remember we are all implementing in the same space. We are all talking about the same space, so let's play on.

If I go back to when I was co-chairing a Subcommittee we would take this and we would come up with a plan as to what we think we should be doing and then whoever we meet with, whether David alone, David and Chuck, David, Chuck and three people that work with them, I am fine with that. You should not be waiting anymore. That is what we did this for -– to not wait –- the game is on, the game is open and we should be able to play, especially in our sweet spots, and oh, by the way, if it is questionable, we have got the right open communication to say who has got it, how do we do it, we take it first and then you and then us. It does not matter.

MS. GREENBERG: I was just thinking that there might be some value in having a little face time with actually some of the members of these Committees because at a staff level, and it is a little different obviously with the chair, and the standards has co-chairs right? -- but sometimes it is easier to collaborate when you have had a little bit of face time.

MR. REYNOLDS: What I heard, they are moving full speed. I do not think they are at that point to start talking about that kind of stuff.

Walter and then we will close this out and take a break.

DR. SUAREZ: I think it is great that we can go along and play along, but I think it would be helpful to create a pictorial roadmap of what are the areas where we clearly have our own space, for example population health, I do not think the Policy and Standards Committee are necessarily focusing on that. On the other three areas that we work on privacy and security standards and quality, there is quite a bit of overlap. For example the Friday hearing on policy was all about privacy and security and the mode of doing it was very much like we do, which is a hearing. So I am sitting in the back and I could picture our Committee holding that hearing rather than them. So there are some areas where there is clear overlap and we should define what kind of space we play on and overall we play on.

And then, in those same areas where they deal with policy issues and standard issues there are some spaces where they are clearly not going to touch on directly, like EHRs is one example, where they are going to deal in EHRs primarily, standards for EHRs -- all there is related to EHRs. They are not going to deal with PHRs, so that is not an opportunity for us. I think we can think of a number of examples where we can identify clearly these are areas where we can contribute without creating duplication or significantly overlap.

MR. REYNOLDS: That would be the assignment to all of you in your breakout sessions as Subcommittees. As I said, be about your business please. If there are any overlaps or issues, we will cover them. And I would add Walter that the richness of that hearing they had the other day was enhanced by the fact that John could bring in our work to add to that.

So here we go. Please do not wait -– game on.

With that, let's take a 15 minute break. Thank you.

(Brief recess)

MR. REYNOLDS: Okay. In the spirit of preparing documentation to be used in new and different ways, I am going to introduce not Mr. Reynolds as it says on the agenda, but Mr. Houston and Dr. Francis to discuss this opportunity that we have in front of us. With that, please.

Agenda Item: Privacy PHR Letter. Leslie Francis and John Houston, Privacy Subcommittee

DR. FRANCIS: Thank you. I am Leslie Francis, Co-Chair of the Privacy, Confidentiality and Security Subcommittee. As you all know, we held hearings on personal health records last spring. We have been working all summer on this letter including conference calls and I am pleased to report, given what you may know about the diversity of opinion on the Privacy, Confidentiality and Security Subcommittee, that this draft has the full agreement of all members of the Subcommittee -- including Paul who is not here and Walter who is here, Harry, John, myself and Sallie Milam who is a member of the Privacy, Confidentiality and Security Subcommittee, although there is an error in the Subcommittee listing in the materials provided to you.

So this is a very time-sensitive topic because of the recommendations that will need to be made by February under the ARRA. Without further adieu, let's open the discussion. John is going to start reading text.

MR. HOUSTON: Actually, we will be more than happy to accept it without any comments.


MR. REYNOLDS: However, the process would not allow you to do so, so you will continue with your reading.

MR. HOUSTON: I will read. It is a bit of a long letter but nonetheless.

Subject: Protection of the Privacy and Security of Individual Health Information in Personal Health Records.

Dear Madame Secretary:

A Personal Health Record (PHR) is an electronic record of PHR identifiable health information on an individual that can be drawn from multiple sources and that is managed, shared and controlled by or primarily for the individual. PHRs may take different forms and are rapidly evolving. In some cases, the PHR is a "portal" view into a provider's electronic health record (EHR). In other cases, the PHR is created and operated by a third party (generally not an entity covered by the Privacy Rule promulgated under the Health Insurance Portability and Accountability Act (HIPAA), which is not regulated or subject to HIPAA protection. Consumers (including patients) often do not fully understand the extent to which their information is protected by law and may inadvertently consent (e.g., through an "I Agree" button) to information sharing and use. Due to these types of concerns, the American Recovery and Reinvestment Act (Recovery Act) requires a report to be prepared by the Department of Health and Human Services (HHS), in consultation with the Federal Trade Commission (FTC), that recommends privacy and security requirements for PHRs that are not operated by HIPAA covered entities. This letter contains recommendation from the National Committee on Vital and Health Statistics (NCVHS) about the privacy and security of PHRs for HHS to consider when creating this report, or considering other policy changes.

DR. HORNBROOK: Can we take this by paragraph or how is your process?

MR. HOUSTON: Yes, by paragraph.

MS. BERNSTEIN: Is it big enough for everybody to see up here on the screen that is in the room?


DR. HORNBROOK: Francis and John, questions of clarification. In passing in this paragraph, it seems to imply that a PHR is a web-based entity and therefore you are dealing with a situation where some web service somewhere has this data in it and there is ambiguity about who can use it and who can access it and who owns it and none of that is stated. I do not know whether this applies to paper PHRs, because somebody could carry around a piece of paper in their pocket or in their wallet, in fact, Blackford and I were talking this morning about the need that all of us should carry a PHR in our wallet in case you are unconscious and brought to the ER. So none of that is conditioned here and it seems like it would be a good thing for clarity purposes to state that this is electronic, that it is or is not web-based -– it is not based in an electronic card that you carry with you, it is not based in some sort of hardware I am carrying with me like a thumb drive or anything. Is that true or wrong? Am I on base?

MR. HOUSTON: The definition that we are using, by the way, which is the definition from the Recovery and Reinvestment Act, does say an electronic record.

DR. HORNBROOK: Is it an electronic of any form? Do you take it that way?

MR. HOUSTON: I guess it could be a lot of different forms. I think the assumption is that most of them are web-based. I understand your point.

DR. FITZMAURICE: It may be just by putting a sentence in there saying that we are going to focus on the electronic health record, realizing that there are other kinds of health records that people may carry around with them to help them in an emergency.

DR. HORNBROOK: Well if we are dealing with web-based that is fine. I just was not sure whether you wanted to go beyond that or not. If you do not want to, that is fine with me. I have no problem with it.

MS. BERNSTEIN: Are you suggesting that people could be using dial-up directly into their provider tethered PHR -–

DR. HORNBROOK: Thumb drive –- they could be carrying it around with them on electronic form in their person. Do we care or not? I do not know whether we do or not.

MS. BERNSTEIN: That is included in this definition I think. It does not say web-based. It just says electronic.

DR. FRANCIS: This covers all electronic.

DR. HORNBROOK: Okay. Another thing is, actually two things, one is that people likely have multiple providers. So the whole point about the benefits of a PHR is you link across independent providers whose records are not linked yet.

MR. HOUSTON: If you will see in here there is discussion about interoperability. So, it is later in the latter.

DR. HORNBROOK: Well, it is just a portal view into a providers, paren "'s" when it could be "s'" records.

DR. FRANCIS: Well, that is only one example of a type.

DR. HORNBROOK: But you are signaling to whoever is reading this that you are dealing with a one to one relationship and you may not -– you may be dealing with a one to many relationships. That is just a question of setting –

MR. HOUSTON: I think it is fair. We will change providers with –

MS. BERNSTEIN: Where are you? What line are you on?

MR. HOUSTON: On the 5th line -- a "provider's" electronic health record –- into providers plural, rather than a "provider".

MS. BERNSTEIN: I think the point there is what Paul was trying to say is that this is an example of the sort that they have at Palo Alto where it is tethered to an EHR and you are just having a view as opposed to one where you do in fact have multiple sources.

DR. HORNBROOK: Correct. That is correct.

MS. BERNSTEIN: I want to make sure I am not messing with Paul's concerns.

MR. HOUSTON: No, I do not think you are.


DR. HORNBROOK: I think we want to include the concept of one to many even though one clear example was a tether which is an excellent example. I am not saying anything about that.

MR. HOUSTON: I do not think it changes Paul's -–

DR. HORNBROOK: It is just a question of flow of the naïve reader into it. You do not have to wait to get to the rest of the letter to get a context point.

The final point is do we want to say and I do not know about this really, do we want to say anything about the benefits of PHRs? This is all pretty threatening, threatening -–

MR. HOUSTON: This letter is specifically to privacy and security. I think we could probably add another hundred pages if we want to talk about the benefits –-

DR. HORNBROOK: No, I am thinking editorially. I mean acknowledging that these things can have benefit as a way of simply saying -– we are trying to deal with something that is going to be beneficial to patients and consumers and their families and yet we want to protect them in this process. We are not dealing with something that is being created just to make things evil, although a lot of this letter deals with pits of evil.

MR. REYNOLDS: I believe we did hear testimony to that.


DR. SUAREZ: On the second page actually we talk about the benefits.

DR. HORNBROOK: I am just trying to deal with the issue that you have the Secretary's attention and you want to set the tone of the letter correctly at the very beginning and you want to be balanced, you want to be insightful. Do you want to point out exactly what you are doing? I mean, you are almost there -– that is all I am trying to point out.

MR. HOUSTON: I will tell you what -– I have a suggestion then -- about halfway down there is a sentence that starts consumers and then in parenthesis including patients. Why don't we say, while there are substantial benefits to consumers –- before that say, while there are substantial benefits to PHRs, consumers including patients often do not fully understand the extent to which their information is protected by law or may be inadvertently consented to information sharing and use.

DR. FRANCIS: Why don't we say health benefits to PHRs.

MR. HOUSTON: We can wordsmith this just a little bit more.

MS. BERNSTEIN: Can I make a suggestion? One of the things we talked about that did not get in here was to have before this paragraph a statement that says hello here is why we are writing to you. This letter makes recommendations and we might have some introductory sentence that says about PHRs -– because this sort of launches right in. Most of our letters have something that says up front we are writing to you for the following reason –-

MR. REYNOLDS: And we will assume that the Subcommittee will do that and bring that back tomorrow and it will enhance the tenure of the later, not try to change it.

Justine, and then Judy.

DR. CARR: I would just try to speak more strongly to the benefits and I would actually put something in right after the first sentence and say PHRs have benefits in the following ways as opposed to just having it as a kind of qualifier of saying something bad.

MR. HOUSTON: We will add an introductory statement.

MR. REYNOLDS: Judy and then Marjorie.

DR. WARREN: So up in your first sentence, you are saying a PHR is a PHR. Is that PHI instead of PHR?



DR. WARREN: Okay you refer it to a definition below as a direct quote and it is not a direct quote. So if you are paraphrasing it, take off the quotes.

DR. FRANCIS: It is a direct quote –-

DR. WARREN: No, it is not. Bottom says electronic health record of individually identifiable health information. The top says electronic record of PHR identifiable –-

DR. SUAREZ: Two different sources.

DR. FRANCIS: No. There are two different sources. The definition comes from the FTC 163 CFR 318, the statutory language is from ARRA which is a different source.

DR. WARREN: Okay but you have got the same footnote. You say it comes from number 1 and you have that down there, maybe the footnote is the one that is confusing. But anyway, to me, I keep reading a personal health record is an electronic record a personal health record. And you do not want to define something with its own phrase.

MR. HOUSTON: To Judy's point, why don't we say this –- a personal health record (PHR) is an electronic record of and then strike the PHR and then put the opening quote before identifiable. All you are doing is truncating slightly the definition to make it more readable.

DR. FRANCIS: Why don't you take out the electronic though?

MR. HOUSTON: No, leave the electronic in there and take out PHR on that first line, the second instance of the acronym PHR. Delete PHR there. I believe it still encompasses the definition.

DR. FRANCIS: Yes, it does.

MS. BERNSTEIN: Do you want to put a little compare down here in the footnote so we know we are comparing two different definitions?

MR. HOUSTON: Marjorie, go ahead.

MS. GREENBERG: You addressed this John but on the other hand when you start a sentence with "while" it always looks like what? And I was looking at the second paragraph on the second page where it says the committee noted that PHR systems were evolving rapidly and served a variety of beneficial functions for consumers and their caregivers. I think that sentence could be moved up to this first paragraph even saying if you are introducing the National Committee that the National Committee, whoever it is, has had a longstanding interest in these PHRs and has noted and you already say they are evolving rapidly and take many forms so just take that sentence out of the first paragraph and then you can get into some of the concerns but I think that will set the stage nicely.

DR. FRANCIS: We will do that.

MR. REYNOLDS: Also one comment I would like to make and I would like to ask the Chairs before we go any further, so as you said, this letter as it is and the beliefs in this letter have been approved by the Subcommittee? Is that correct?


MR. REYNOLDS: Then as individual lines or other things are addressed, I would rather not have individuals in the Subcommittee identify that somebody that is here would have to defend against. So it is the Committee's letter now, then it should be addressed by the Subcommittee because if we go to individual desires then it is not the Subcommittees letter anymore. It is only in there because somebody wanted it. I am just asking that if the Subcommittee brought it forward then whoever asks a question on the floor, the question is on the floor and we deal with it.


MS. BERNSTEIN: Are you saying you do not want me to make the changes?

MR. REYNOLDS: I did not say I do not want you to make the changes. I am just saying earlier there was discussion about what somebody wanted –- it is either the Subcommittee's letter or it is not. So all I am saying is the Subcommittee brought this forward as an approved letter then please defend it as the Subcommittee. You are defending it because you might be upset at what somebody might say.

MS. BERNSTEIN: I am sorry. That was me. I will be careful.

MR. REYNOLDS: I do not care who it was. The point is that puts the person in the room at a disadvantage and I choose not to do that. The Subcommittee brought the letter forward. There is enough representation in the Subcommittee to play this game. So let's please proceed accordingly.

MR. HOUSTON: Okay. Let me continue reading then.

MS. BERNSTEIN: Marjorie made a comment. Do we want to address that comment?

MS. GREENBERG: You can just take that back to your Subcommittee meeting.

MR. HOUSTON: I thought we were going to take that into consideration.

DR. FRANCIS: Yes, we can take it back.

MR. HOUSTON: A lot of these comments we will just take back in raw form and try and incorporate them in our deliberations this afternoon and bring it back to the Full Committee if that is okay. I do not think we want to wordsmith here.

Prior NCVHS Activities regarding PHRs.

Over the past few years, NCVHS has made a number of recommendations about PHRs specifically and about the privacy and security of individual health information more generally. Most importantly, NCVHS has recommended that common privacy and confidentiality rules apply to all entities that collect, retain, use, compile, or disclose identifiable health information, under a comprehensive federal privacy law.

In February 2006, NCVHS issued a report making general recommendations on PHRs. In that report, the Committee noted that PHR systems were evolving rapidly and served a variety of beneficial functions for consumers and their caregivers, healthcare providers, payers, employers, and society more generally. NCVHS recommended developing a framework for characterizing PHRs and educating consumers based on that framework. NCVHS also recommended developing privacy best practices for PHRs and a model notice of privacy practices in a form that consumers could easily understand. For the many PHRs that are not within the scope of the privacy and security protections afforded by regulations under the Health Insurance Portability and Accountability Act (HIPAA), NCVHS recommended voluntary adoption of strict privacy practices and a policy of non-disclosure of information without consumer authorization. Since that report, PHRs have continued to evolve, but guidance regarding privacy best practices has been limited. For example, in December 2008 HHS published a set of privacy principles for health information technology and a model privacy notice for PHRs for comment. But, to date, a final model notice has not been provided.


DR. HORNBROOK: Just an editorial, you do not need to repeat the full definition of HIPAA. It is on the first page.

MR. HOUSTON: Yes, I recognize that thank you.

Okay, next paragraph.

In today's market, there are many forms of PHRs. Some PHRs are portals maintained by health care providers, through which consumers may view their electronic health records (EHRs). In some provider-maintained PHRs, consumers may only view information as entered by their health care provider. In other provider-maintained PHRs consumers are able to enter their own information –- for example, blood pressure readings taken at home, and depending on the PHR design, the provider may or may not be able to access such consumer-entered information. Other PHRs have the ability to download information from EHRs maintained by the patients' health care providers or health plans, as well as to incorporate information entered by the consumers. Still other PHRs are composed solely of information entered by the consumer, for the consumer's own use. In some forms of PHRs, consumers may also enter information for purposes extending beyond their own use, such as sharing their information with others who have similar medical conditions, or allowing their information to be used for research. The recommendations in this letter are intended to apply only to PHR systems and not EHR systems maintained by a health care provider or claims systems maintained by a health plan, even if the information from such systems can be viewed by consumers through a PHR portal.

MS. GREENBERG: Could you just clarify, so what are the ones that it is referring to –- it is PHR only?

MR. HOUSTON: Here is the dilemma that we had or the issue that we were trying to deal with here. EHRs get tethered to a PHR. There is often simply a view into that EHR. And so then when the patient is viewing data within this PHR they are actually looking at data that actually is -– it is not data within the PHR, it is actually linked directly back to the EHR. So there was a concern that if the patient could readily edit information within their PHR that was actually simply a link back to their EHR, you could be affecting the integrity of their underlying EHR. And if a patient needed to or wanted to change information that was really within the EHR even though it was viewable from the PHR, the patient needed to go through the process that HIPAA describes which is go back through covered entity, contest the fact that that data is accurate and go through the process to have it evaluated and if the provider decided that the information is wrong, they are required then to change that data, otherwise the patient certainly has a right to make a notation and things like that. But that is the reason why we delineated the balance of this letter.

DR. FRANCIS: Can I add to that that is not the same as the distinction between tethered and un-tethered. So this is not a letter that only applies to un-tethered for the following reason. There are some tethered designs that have both the opportunity for the consumer to view portal-wise into the EHR and the opportunity for consumers to enter their own data. We try to be clear later on that if the design of one of those systems and these designs vary too, that if a consumer entered data formally becomes part of the EHR in those systems, then it is EHR and consumers should be told that. On the other hand, if there is a section where consumers can continue to muck around, it does not become part of the EHR, but that might be viewable by a provider, that's consumer-entered data and subject to continued consumer editing change and so on. So the better way to put the distinction is EHR/non-EHR rather than tethered/un-tethered. And please, if you do see a place where we are not clear about that, let us know, but that is the distinction we were trying to capture clearly

MR. HOUSTON: And it is very difficult to describe this and it was with a lot of work to make sure we got it right. I am going to call up one person on the Subcommittee, because Paul really worked with us on this because he deals with this difference all the time. So we really tried to come up with terms that were meaningful in describing this distinction.

DR. FRANCIS: Walter.

DR. SUAREZ: Yes just to add to that too, I also now with Kaiser work quite a bit on these issues of PHR. The point I would like to make is really the fact that data that comes to us begins to be a part of what we call protected health information. So a lot of the recommendations that are listed in this letter are recommendations that entities that are subject to HIPAA already are, in many respects implementing or doing and actually doing far more than what is recommended in this letter because a lot of the data is really in our hands considered protected health information. So that is why most of these recommendations based on that statement that we made apply primarily to EHR systems but are not really linked to the EHR.

MR. HOUSTON: Does that explain things?

DR. CARR: This would lend itself to a grid. I just want to say that. What is in and what is out and why. But I always say that.

MR. HOUSTON: Okay next paragraph.

Understanding the application of the HIPAA Privacy Rule and its limitations is critical to understanding the current state of privacy protections for PHRs. There are limits to the protections provided by the Privacy Rule, but consumers may not understand these limits nor their significance for information patients enter into PHRs themselves. For example, the Privacy Rule does not protect information from certain disclosures for law enforcement purposes, but consumers may assume their PHR information is completely private. Furthermore, only PHRs that are created or managed by HIPAA covered entities (or business associates of covered entities) must comply with the Privacy Rule. Consumers may believe that information they enter into any PHR receives HIPAA privacy protection, whether or not the PHR supplier is covered by HIPAA. Moreover, once information is transferred from a covered entity to a PHR supplier that is not covered by HIPAA, a consumer may not realize that protections afforded under the Privacy Rule will no longer apply. The differentiation between "tethered" PHRs (those that are integrated with a HIPAA covered entity's clinical or claims systems) and "untethered" PHRs (PHRs that are not integrated with a covered entity's systems) is becoming less clear, as PHRs are increasingly aggregating information from multiple sources (including providers, payers, pharmacies and consumers themselves). As a result, concerns have been voiced about the adequacy of privacy and security protections for PHRs, whether or not they are covered by HIPAA.

In order to develop additional recommendations regarding privacy and security of information in PHRs, the Privacy, Confidentiality and Security Subcommittee of NCVHS held hearings on May 20-21, 2009, and on June 9, 2009. The hearings included testimony from experts about how PHRs specifically, and health information technology generally, are expected to evolve. The Subcommittee also heard testimony from vendors of free-standing PHRs, and from representatives of PHRs offered by health care providers and payers. Consumer advocates and experts on the privacy and security of health information testified, as did representatives of the two Centers for Medicare and Medicaid Services (CMS) PHR demonstration projects (in South Carolina and in Utah/Arizona).

MR. REYNOLDS: Michael:

DR. FITZMAURICE: Just an observation, on the paragraph above the one you just read, it starts understanding the application, I read "consumers may not understand these limits…a consumer may not realize that protections afforded…will no longer apply." It seems to me that including a strong recommendation would be educating consumers, because it does not really address harm that may come to consumers, only that they do not understand.

MR. HOUSTON: I think there are some recommendations below that address exactly what you are talking about. It may not be in this overview, but I think there are some good recommendations that we can talk about below.


Four important themes emerged from the hearings: (1) the need for a standard set of fair information practices to govern consumer rights across all PHRs, (2) the need to maintain regulatory flexibility to foster development and innovation in the field of PHRs, (3) the importance of protecting consumers from unanticipated or inappropriate uses or disclosures of health information in their PHRs, and (4) the need to develop a consumer education strategy that will ensure appropriate understanding of the purposes, uses, and privacy and confidentiality limitation of PHRs. To address these themes, it is vital that there be true informed consumer consent, including to any disclosure of information in PHRs. Such informed consent requires absolute transparency into a PHR supplier's privacy and security practices, as well we effective education and understanding on the part of consumers.

Mike, that probably addresses some of your comments?

DR. FITZMAURICE: It does. It is just that one wonders that if consumers are very well educated, then they can look out for their harms themselves, right -- so that because they are not educated we need to look out for their harms.

MR. HOUSTON: I think part of the issue to is that the only way for consumers to be protected is through education because people's need differ so much and what they are willing to tolerate in terms of PHR practices that the education that we decided upon was really one of the most important tools to getting people to really understand their protections and limitations.

DR FRANCIS: Before John reads the next paragraph, I just want to call to your attention that the names of folks who gave testimony are here only for the Committee's information. We dropped a footnote on that and they will be taken out in the final version of the letter.


DR. HORNBROOK: I just have a question about the major subheading for this, Values and Policy. Is the word values meant to apply to the themes, the opening paragraph or is there something else that is talked about values later? The themes to me were not really values.

MR. HOUSTON: Good point.

DR. HORNBROOK: I mean if you want values, you should also put in something which we probably did not talk about and we value PHRs for their benefits. That is not here. I am just concerned about the logical connection between the word values and the content coming below. That is all.

DR. FRANCIS: We could call it policy themes.

MR. HOUSTON: That works. Okay, great. All right, let me move on to the next paragraph then.

NCVHS, the Office of the National Coordinator for Health Information Technology, (ONC), and the Markle Foundation, among others, have separately recommended sets of fair information practices that include consent and transparency regarding information collection, and permissible information uses and disclosures. These information practices require that, as PHRs are maintained for the benefit of consumers, information in PHRs must be adequately secured and not be collected, used, or disclosed without truly informed consumer consent.

Fair information practices discussed at the hearings also include:

-Consumers should be able to receive electronic copies of information contained in a PHR. (5/20 Lemieux, Donner, Marshall)

-Consumers should be able to make corrections to information they have entered into their PHRs or others such as family members have entered on their behalf (5/20 Donner)

-Consumers should be able to exercise control of disclosures at a level of granularity that permits them to protect sensitive information or information they have entered themselves into their PHR. (5/20, Sarasohn-Kahn, Evans, Stokes, 5/21 Taffel, 5/21 Sullivan).

-Substantive changes in use or disclosure policies should require proactive communication to the consumer of such changes and a prospective explicit renewal of consumer consent. (5/21 Wynia)

-Information security, quality, integrity and availability should be maintained through the use of appropriate administrative, technical, and physical safeguards. (5/20 Weitzner)

-The consumer should have the right to an accounting of who accessed the consumer's information, as well as a process to address consumer complaints. (5/20 Weitzner)

-PHR suppliers should be required to take appropriate steps to mitigate a security breach or inappropriate use or disclosure (including providing timely notice to consumers of any privacy or security breaches that may have occurred). (5/21 Taffel)

Finally, certain disclosures or uses of the information in PHRs are likely to be particularly troubling to consumers. Many consumers may object to use of their PHR information for marketing purposes. Some types of health information may be especially sensitive or likely to give rise to stigmatization or discrimination, and as a result, disclosures to insurers (Heywood, 5/20) or to employers (Weitzner 5/20) may appear risky to consumers who fear the loss of benefits or a job. In addition, many consumers object to their information (either individually or as part of a database) being sold without their consent. These uses and disclosures should be specifically identified for consumers and should require explicit consent at the time that the disclosure from the PHR is contemplated.


If consent is to be fully informed, information collection practices, planned information uses, and any information disclosures must be fully transparent to consumers.

Unfortunately, there are numerous reasons why transparency is difficult, including:

-Some PHRs are designed to address the needs of consumers who are older or who have chronic diseases. These populations may have limited familiarity with interactive web technologies.

-At the point of initiation of a PHR, consumers may "click through" privacy notices and consents without fully reading or understanding them.

-Consumers may not be aware that protections afforded to information in one context do not follow information transferred to another context. Consumers may assume erroneously that privacy protections that apply to an EHR carry forward when information is transferred outside of the EHR to a PHR. Consumers also may not be aware that the information consents or restrictions that they make in one PHR do not carry forward if information is transferred to another PHR.

-PHR suppliers typically reserve the right to change the PHR's terms and conditions, including the privacy terms. Consumers who may have invested considerable effort in creating a PHR may find it difficult to change PHR suppliers even if changes in terms are unacceptable to them

-Consumers may not be aware of their rights or the disposition of their information in the event that the PHR supplier is sold, merges with another entity, or goes bankrupt.

-Consumers may not realize that following a link to a site outside of the PHR may reveal their identity or information about them.

-Consumers may not be aware that health information (even without explicit identifiers) may be re-identified using information from other publically available sources.

At 12 pages long, the "Draft Model Personal Health Record (PHR) Privacy Notice" that was published by HHS illustrates the difficulty in providing information that is clear, complete, and also concise. Presenters at the hearings emphasized a variety of problems in relying on this or a similar notice as a basis for ensuring transparency (5/20 Marshall)

DR. C. FRIEDMAN: John, are you taking comments?

MR. HOUSTON: Sure at any time Chuck.


DR. C FRIEDMAN: Can you scroll up to the first bulletin in the list? The point is clear and well taken but I was wondering if you should specifically focus on consumers who are older and have chronic diseases or whether the point isn't stronger if it is made in relationship to anyone who may be unfamiliar with interactive web technologies and then state that this may apply specifically to older folks and people with chronic conditions.

MR. HOUSTON: That is a good point. We will flip the sentences and make them to say populations may have limited familiarity with interactive web technologies for example consumers who are older who have chronic diseases. Thank you.

DR. FRANCIS: Thanks.

MS. BERNSTEIN: Say again -- somebody said something over there?

MR. HOUSTON: Blackford do you want to -–

DR. MIDDLETON: I think both Mark and I had the same reaction to Chuck's comment, really it is not about the elderly as a subpopulation per se, it is really about a computer literacy issue and access to these technologies and digital divide type stuff, which as a general framework might then allow an example to be drawn on the elderly or those with chronic diseases.

MR. HOUSTON: It is more meaningful that way. Good point. Can you provide us with a little tiny bit of language that might -– you talked about the digital divide –- if there is a way to articulate that in this bullet? We are open to comments.

DR. FRANCIS: We will fix it.

MR. HOUSTON: Okay. Recommendations.

NCVHS heard consistently during the hearings that many different constituencies believe it is critically important to develop a clear set of common privacy and security standards for all PHRs that consumers will be able to understand and to rely on with respect to the information in their PHRs.

I. Transparency and Informed Consent to Information Uses and Disclosures

I.A. Consumers should have the right to consent or to withhold consent to uses and disclosures of their information by a PHR supplier. This recommendation does not apply to information in EHRs maintained by health care providers, unless the information has been separately transferred to a PHR.

By the way, when we do recommendations, there is typically a descriptive paragraph below the recommendation. If we really want to talk about a recommendation, let's talk about it after we read both the descriptive paragraph and the recommendation itself.

The need for consumer consent was a consistent theme across the hearings. PHRs should not be structured in a manner that results in disclosure of health information without the consumer agreeing to the disclosure. For example, it would be inappropriate for a PHR website to contain advertising or other links that reveal the consumer's health information -– without the consumer's explicit consent to the disclosure.

However, a consumer's ability to control access to information in a PHR, if tethered to an EHR, should not be allowed to affect the integrity of the EHR. Ensuring the integrity of information in a health care provider's EHR is critical to ensuring quality in patient care. It may not be easy to differentiate between health care provider-supplied and consumer-supplied information, because of the multiple forms of tethered and untethered PHRs on the market today. Therefore, the key criterion regarding whether information becomes a part of an EHR is not the source of the information, but whether it is incorporated into the record relied on by the provider in making treatment decisions. If a tethered PHR is designed to integrate consumer-provided information into the EHR, then this feature should be made clear to consumers before they enter any information. The principle of consumer consent governs information that a patient authorizes to be transferred into a PHR, including information downloaded from EHRs or from claims systems.


DR. HORNBROOK: John, in some cases the value of a PHR may be for a caregiver that has power of attorney for the care-recipient. Is the concept consumer broad enough to cover that situation?

DR. FRANCIS: We mean for it to be.


DR. HORNBROOK: I mean, if you think that is clear then –-

MR. HOUSTON: If you look at the top of the letter, I think there was some discussion but I agree, it needs to be clarified a bit more.

DR. FRANCIS: We will make sure we drop a footnote to indicate that consumer refers to a consumer or their appropriate representative.

DR. HORNBROOK: Thank you. This seems to come across as me talking about my personal information. Of course, we do not want to leave out those folks who are taking care of somebody. They do everything for power of attorney.

MR. HOUSTON: I hate to go up to the very opening paragraph, but at the top it says consumers including patients, we could say consumers including patients as well as or and their caregivers.

MS. BERNSTEIN: We could drop a footnote that indicates anyone using the PHR on behalf of a patient whether it is the patient themselves or a caregiver or family member.

MR. HOUSTON: Well, the nice thing is that when we define it in the first paragraph we defined consumers including patients, we could also say -- that would be a good place to define consumers as broadly as we need it to be. So I think it is a good place.


DR. MIDDLETON: I guess one quick question in this space –- we define the concept of a proxy for access to the tethered PHR and the partner's environment. I wonder if there is anything that we can point to as a statutory or regulatory description of that relationship, which may or may not be familial it may or may not be the caregiver, it may be actually a designated proxy. It may even become sort of one for hire in a new world order of care managers and whatnot. So to the extent that we can find, if you will, the definition of this relationship, it will have legal implications.

MR. HOUSTON: Right. Maybe what we need to do is put a footnote under the definition of a consumer or caregiver to make that clear. That is an important distinction but it also gets fairly technical as well and I do not know how we discuss it without muddying up the letter unless we maybe put it as a footnote.

DR. FRANCIS: Yes, it is complicated because the question of an authorized proxy is a matter of state law.

DR. SUAREZ: Well, there is a term, personal representative, which is the one that is used in HIPAA. A way to describe anyone that has the ability –-

MR. HOUSTON: Maybe we could do that -- refer to HIPAA and put that in there.

DR. SCANLON: You need to tell me why I am reading the italics wrong. The idea that the consumer has the rights, and then there is the issue of EHR owners' rights, unless the information has been separately transferred to a PHR. This, to me, suggests that we need to educate the owners of EHRs that if they give out the information to a PHR, they have lost their ability to use the EHR information.

MR. HOUSTON: Well I do not think that was the intent.

DR. SCANLON: Well, I know it might not be the intent, but that is the way I read that.

DR. FRANCIS: What it should say is that the EHR remains intact. Whatever has been dumped into the PHR is a separate copy that can be manipulated.

MR. HOUSTON: Can I suggest -– I understand your concern, the word unless –- it if changes to until?

DR. SCANLON: It is the idea that this recommendation does not apply to the information in EHRs.

MR. HOUSTON: Right, but I am just saying –-

DR. SCANLON: So what we are saying here is when information either, unless or until, is transferred, then the information in the EHR has something applied to it.

MR. HOUSTON: But, the first part of this 1A -- they have this right until such time -– except where the EHR is maintained by the provider.

DR. FRANCIS: Would it work better if we put a period after PHR supplier and then started -- this recommendation does not apply to information in EHRs maintained by health care providers, put a period, and then say -- however, information that has been separately transferred to a PHR insofar as it is in the PHR, is covered by this recommendation.

DR. SUAREZ: It is too complex.

MR. HOUSTON: Why don't we say –- comma, except –

DR. FRANCIS: That is another solution. We could just dump the clause.

DR. SCANLON: I do think that your intent is to have the EHR owner maintain their ability to use the data that is in-—so if you just stop after, does not apply to the information in the EHRs –-

MR. HOUSTON: It is a matter or integrity. We can drop it but maybe we are trying to be too clear and we made it less clear by –-

MR. REYNOLDS: Well, that has been a consistent theme for the last five years –- is that the EHR belongs to the practicing physician and we cannot undo that -- once it goes into a PHR, whatever the person wants to do with that, in particular, is their business. But, the EHR is still owned and managed by that particular physician that did or did not do it.

DR. FRANCIS: I think the point is actually made clear by -- maintained by health care providers -- because when it is dumped into a PHR, it is no longer maintained by a health care provider, so it works.

MR. HOUSTON: Yes. Okay. If there are no other comments we will move to roman numeral I.B.

I.B. The process of consent to uses and disclosures of consumer information contained within a PHR, and to other PHR supplier practices, should be structured in a manner that enhances consumer understanding.

NCVHS heard considerable testimony that the "click through" processes, while common, do not effectively inform the consumer regarding anticipated practices of the PHR supplier, or uses and disclosures of their information. Consumers may be eager to complete their planned transactions (sometimes not even knowing what the software application does) and simply click "I agree" to the online terms. NCVHS also heard testimony that the ONC draft notice of privacy practices, in its current form, does not yet succeed at conveying information in a way that is likely to be useful to consumers.


MR. REYNOLDS: Kind of a style thing, as I am looking in this section, if I was just somebody picking this letter up, I think I would know that the first paragraph, I mean it is in italics and everything, is a recommendation, but do we want to say recommendation I.A. –- so that if people are picking this up and trying to use it they do not read the whole paragraph and then go back and say, which of these pieces –


MR. HOUSTON: We do apologize because when we wrote this letter we, this became sort of a non-standard format. In the past, through discussion and recommendation, we could not untangle it at the stage where we were at.

MR. REYNOLDS: Well if you will just clarify that then I will back off my earlier –-

DR. FRANCIS: Yes, we will put recommendation before each one of them.



DR. FRANCIS: Just the way that you have it.

MR. HOUSTON: Roman numeral I. C.

Consumers should be informed that information transfers from HIPAA-covered entities or their business associates to PHR suppliers not covered by HIPAA will place their health information outside the scope of HIPAA (though some protections may still be afforded through FTC regulations).

The HIPAA notice of privacy practices given to consumers by providers, health plans and other covered entities has become familiar to consumers. Some PHRs are offered by entities that are covered by HIPAA or that have business associate agreements with HIPAA covered entities—-PHRs offered by health insurers, or by employers in connection with health plans, for example -– and consumers may think of these as just an extension of their health records. Consumers may also authorize transfer of their protected health information from health care providers to PHRs offered by entities that are not within the scope of HIPAA, making the health information lose its "protected" status under HIPAA. Before consumers authorize transfer of their HIPAA-protected information to a non-covered PHR, they should be warned explicitly that HIPAA will no longer apply, though FTC regulations may still apply.

Recommendation I.D. Changes in PHR terms, policies, and procedures governing practices, uses and disclosures should not be permitted without explicit notice to consumers and prospective explicit consumer consent (i.e., a PHR supplier should not be able to obligate a consumer simply by posting revised terms on its website). Consumers should be given a reasonable period of time within which to decide whether to agree to the change, arrange for the transfer of their information, or request deletion of their information.

Several witnesses testified that many PHR suppliers reserve the right to change their terms simply by posting the revised terms on their website. The NCVHS believes that this practice is not adequate as a method for obtaining consumer consent. Some witnesses pointed out that consumers may have invested considerable time and effort in the development of their PHRs, and as a result, it might be difficult for them to change to a different PHR supplier should a change in terms be unacceptable to them.

Recommendation II. Other Fair Information Practices

Roman numeral II.A. Consumers should have the right to an electronic copy of the information in their PHR in a format that allows it to be transferred directly to, or reentered into, a different PHR.

Roman numeral II.B. PHR suppliers develop their products in a manner that facilitates interoperability by incorporating national standards.

A consumer may invest considerable time establishing a PHR. Without the ability to electronically transfer information in a standard format, it may be impossible for the consumer to switch to a different PHR.


DR. SCANLON: Could I ask a question about II.B.? The issue is what is HHS supposed to do about this? It sounds like a nice goal but if I have a PHR and I am marketing it, I do not necessarily want to make it easy for people to go and use a competitor.

DR. FITZMAURICE: I would suggest that, not that I am recommending this, but it is possible for HHS to say, this is part of a set of standard which are required either under HIPAA, under incentive payments, although that does not apply to people who do not want to get incentive payments, but those are the boundaries. This would seem to go beyond the boundaries of those two possible actions.

MS. BERNSTEIN: Or by participating in the standards process. That is one of the things we do.

MR. HOUSTON: Good point. This is one of those odd recommendations that I am not even sure what this has to do with privacy, other than it gives consumers choice. It is something, I agree, but can we impose this —- I suspect that would be a bit difficult to do. I think it is something that we would encourage. I do not know whether –

DR. SUAREZ: When it says incorporating national standards, it is not just technical standards versus change, it is also a national privacy and security standard. Even though it is not explicitly clear, but it teaches supply issue develop their products in a manner that facilitates interpretability by incorporating national standards. Those national standards include privacy and security -–

MR. HOUSTON: I think the intent was only interoperability standards, I thought.

DR. SUAREZ: There is a privacy and security interpretability standard.

DR. FRANCIS: There was also a serious privacy issue that underlay this which is -- suppose that you have established your PHR with one provider. You have invested a good bit of time with that provider. That provider has reserved the right to change privacy practices, and does it in a way that is unacceptable to you. You cannot make the provider go back to the old privacy practices. That is not something you have the power to do. Presumably, what you would want to do is transfer your PHR information to another provider that has privacy practices that work for you. But, if the data are not in some way interoperable, your only choices are going to be that you dump the PHR completely or you are effectively coerced into staying with the privacy practices that you do not want. So this was actually testimony we heard from on that WINEA from the AMA, and it was an important part of our discussion that it should be there, to protect people's ability to move, if privacy practices change in unacceptable ways.

DR. SUAREZ: Yes, I think John's point is really about privacy. What does this have to do with privacy not so much with the ability for the data to be transferred to another provider or to another PHR provider. The point I was trying to make was that part of the interoperable national standards are privacy and security interoperable national standards. The choices that a consumer has made in a PHR with respect to privacy can be electronically transferred – the privacy element in an interoperable way. In fact, one suggestion could be, by incorporating national standards including privacy and security standards.

DR. WARREN: So I have a question -– why don't we just say instead of including, because to me national standards is incredibly open wide here in this letter, we need to say incorporating national standards for privacy and security. And leave it at that and not look at all the terminology, all of the transmission standards and everything else that are involved there. Or if we want to go there, then those need to be specified.

MR. HOUSTON: That was not the point. The point was national standards more generally because they would allow for interoperability which would give the consumer a choice. It –

DR. WARREN: If that is your choice, I think we need something more than national standards. I think you need to point to something that says who sets those.

DR. FITZMAURICE: John, I think that you are hitting other fair information practices, leads you to the recommendation that you would like to HHS to adopt these as fair information practices, maybe not as regulations, maybe not as laws but as fair information practices for consideration.

MR. HOUSTON: That is correct. Chuck I know and then Marjorie had comments. Go ahead Chuck.

DR. C. FRIEDMAN: So I would just share, seeing this fairly cold, and fully taking the point that Leslie made about the benefits to transferability from standards -– nonetheless, this recommendation strikes me as stretching the scope of the document by not falling squarely into the privacy and security space. I wonder if you could take Leslie's point or the point from the intent of the group drafting this, and include it somewhere but not have it rise to the level of a recommendation.

MR. HOUSTON: Maybe I misunderstood Leslie's point, but I think part of our concern is that if you do not have the ability to transfer your records you are locked into a particular PHR which may, therefore, compel you to have to agree to modified website terms that are not of your liking. You sign up, you invest all of this money in a PHR, they change their online terms and even though you do not like them, you cannot move them because you cannot get your data out. I think that was the tie to privacy if that makes sense.

DR. C. FRIEDMAN: No. I understand that, it is just a couple of levels removed. Instead of the focus being privacy and security, the focus becomes the need you might have to transfer to another PHR because the one you have does not adequately protect your data. And that one level of indirection is what is concerning me.

DR. FRANCIS: Suppose what we did was change the recommendation to say that HHS should encourage PHR suppliers to do this, and then expand the paragraph to make the point I made clearer. Would that work for you? We would like to have the point out there in the space because it is so critical to consumer privacy protection. Would that work?

DR. C. FRIEDMAN: Yes, that would be fine. I was reacting more to that recommendation as stated, just sitting there really being about something else.

MR. HOUSTON: Okay. Marjorie:

MS. GREENBERG: Well, I think mostly it has been covered, but one was that I think it is directly related to your point here of privacy, because as you said it locks you in otherwise. If there is no way to transfer to another product if policies change maybe that has to be made a little more clearer. And I think what you are recommending is a good idea to encourage incorporating national standards for exchange of clinical information. So it may be unrealistic to expect, literally to drop the content from one product into another, but to the extent that it is as lined as possible with national standards for exchange of clinical information than it should not be totally impossible.

MS. BERNSTEIN: Is this recommendation in conflict with something, Chuck, that is happening somewhere?

DR. C. FRIEDMAN: No, I was going to the coherence focus of the letter as a whole.

MR. HOUSTON: Walter.

DR. SUAREZ: Well, I was just going to comment that I think that this has to do directly with fair information practices. This is not an extension or, I do not think, personally two steps or three steps removed from the purpose of this letter. Transferability is a fair information practice. In fact, it is part of some of the privacy and security concerns. So I would say that it is still very relevant. It maybe is the concept of transferability is not stated openly or explicitly, but –-

MR. HOUSTON: Yes. Let's try to clarify this. We have some time tomorrow. Why don't we take a shot at this recommendation and bring it back to the Committee and make sure everybody is comfortable with it tomorrow.

Harry, did you have a comment.

MR. REYNOLDS: Yes, you are talking about fair information practices, but there is the discussion out there about certified systems. I think all those come into play. In other words, at some point if you look at the trend line -– the trend line says whether you are a consumer, whether you are a provider, whether you are somebody else, all of these national standards are coming out –- you would like to know about something called a certified system you would like to be able to pick a certified system and you would like to know that there are certain characteristics of a certified system. And so, whether it is fair practice as to how it handles the information, whether or not there are certified systems or vendors or something that you buy, I think it is all wrapped up into this. So, what you are saying is –- as HHS and others build this trend, how do I select the right thing that protects me –- protects me, my investment, protects my information, protects my ability to move from one to the other. I think we want to bring all of that along and oh, by the way, we heard it again and it also includes the privacy of information and whether or not I can move somewhere. That is the overall story if you are looking at all the issues. Now, how we want to pull privacy into that -– that train is already going down a track and I know a lot of people are working on it. So we want to make sure that every time that train moves we have got a car in it that says you have to take privacy and security along with you.

MR. HOUSTON: But we have to be careful about one aspect of this letter with respect to PHRs is -- one of the things that we really have tried to say here is that we do not want to foster innovation and development --

DR. FRANCIS: We do want to foster.

DR. SUAREZ: We do want –-

MR. HOUSTON: We do want to foster we do not want to stifle the development, sorry, I got that backwards. And the concern about certified EHR -– I do not think we wanted to go as far as saying that we needed certified PHRs simply because there are too many kinds of PHRs out there with too many different types of uses and purposes. The fear would be if you had to certify everything that would potentially cause –-

MR. REYNOLDS: I was using certified as a subject not recommending that all systems be certified. I am putting it as a subject. There are subjects and that is one of the subjects and I know, for example, if I am going out looking with one and there is some kind of certification process, I am going to go look at the certified list first. I am not telling anybody to do or not do, but it puts me under a further umbrella of comfort that somebody's looking at what I am saying.

MR. HOUSTON: Okay, I misunderstood. Well, then to that point, would you say then that there should be recommendation about a voluntary certification process?


MR. REYNOLDS: There is a trend line going on right now that includes a lot of the things that we talked about. Just make sure that we list as these things are considered as certification processes, as protections, as fair practice keep in mind that people will be doing these and keep in mind that if they cannot, it causes privacy –

DR. FRANCIS: Real quick, let's put that in the discursive paragraph.

DR. SUAREZ: Just a quick comment. Certification, that is already underway. There is nothing in the regulations of anything that calls for or requires a certification of PHRs. Everything is about HER. When you talk about certification, everything is about HER. But voluntarily, there have been some efforts, I guess, at this point under CCHIT to start and it is already underway. The development of some certification criteria for PHRs is all a theory.

MR. HOUSTON: That is fine.

MR. REYNOLDS: But the exciting thing about our letters –- let's go back to some of the bodies of work that we did four or five years ago. The thinking was pertinence so as we build, these subjects are on the table. We are not recommending it, but if the subjects are on the table, let's stay pertinent as we move forward.

MR. HOUSTON: Okay. Let's move forward. I know we have about three pages left here and we have just a little bit of time left.

Roman numeral II.C. Consumers should have the ability to add, correct or delete information they have entered into their PHRs; this does not imply that a consumer has the right to change directly information in a health care provider-maintained EHR. Rather, the consumer should follow the process set out under the HIPAA Privacy Rule to request the correction of information in an EHR.

When the consumer authorizes information to be added to a PHR, the consumer should be able to control that information. But, this does not imply that a consumer should have the right to change information in a health care provider-maintained EHR, even if it includes information that was entered by the consumer through a PHR. (A consumer does have the right under HIPAA to request correction of information in an EHR.) If a PHR receives information from an EHR, and the EHR source is later updated, the PHR should be updated consistent with the HIPAA Privacy Rule.

Roman numeral II.D. Consumers should have the right to request that all of the information in their PHR be deleted, whatever the source of the information.

MS. GREENBERG: There might be a little confusion here that the HIPAA Privacy Rule does not refer to PHRs, right?

MR. HOUSTON: Yes, but it has a process for –-

MS. GREENBERG: for updating EHRs.

MR. HOUSTON: Right. So I think what we were trying to say here is if you go by that process to update your EHR then to the extent you update your information in the EHR, then the PHR could be updated as a result of that process.

MS. GREENBERG: Yes, I think it is confusing to say that phrase would indicate that PHRs are covered by the HIPAA policy.

MS. BERNSTEIN: No, maybe I can clarify. What HIPAA says is that if you have disseminated information into another source using your accounting of disclosures, you can figure out what those sources are and you can, if a correction is made, you can disseminate the correction to places where the error has been made.

MR. HOUSTON: In the interest of getting done, can we highlight this sentence and maybe then go back and look at it again and see if we can clarify it?


DR. FRANCIS: We will just put in say -- consistently with the requirements of the HIPAA Privacy Rule.

MR. HOUSTON: Yes, let's look at it this afternoon because we will have a couple of hours.

All right. Roman numeral II.D.

Consumers may find that they no longer agree with the privacy and security practices of their PHR suppliers, or may decide for other reasons that they no longer wish to have PHRs maintained on their behalf. Consumers should understand, however, that a decision to delete information in a PHR does not affect the status of information in an EHR maintained by a health care provider, nor other places where the information has been transferred.

Roman numeral II.E. Consumers should have the right to an accounting of the uses and disclosures of their information.

Many presenters at the hearings emphasized the importance of tracking uses and disclosures to consumer trust in PHRs. Consumers may wish to know who has accessed their information as a way to ensure accountability or to facilitate correction of errors.

Roman numeral II. F. Consumers should have the right to file complaints related to privacy and security of their PHRs and be afforded processes to address their complaints.

Roman numeral III. Additional Protections for Information in PHRs

Recommendation III.A. Disclosures of information from PHRs to insurers or employers should require explicit consent immediately prior to disclosure to reduce the risk of unlawful discrimination.

NCVHS heard testimony from consumer groups and privacy advocates about the possibility that information may be used to unlawfully or unfairly discriminate against a consumer in such areas as employment or insurance. Because it is difficult to police against discrimination, and because consequences (such as loss of employment or denial of insurance) can be severe, consumers must give explicit consent to these disclosures at the time they are made, rather than at the time that a consumer signs up for a PHR or when information is transferred into the PHR. This does not apply to uses and disclosures to carry out treatment, payment, or health care operations that are permitted by the HIPAA Privacy Rule.

MS. BERNSTEIN: I just noticed something that I did not notice before which is that in the paragraph we say unlawfully or unfairly and we do not have that actually in the recommendation. We might want to put unfairly as well.

MR. HOUSTON: That is fine if nobody has an objection.

DR. SUAREZ: Well, I was just reading these again and thinking is there a lawful and fair discrimination?

DR. FRANCIS: Yes, there is discrimination -–

MS. BERNSTEIN: There are things that are lawful but not fair.

DR. FRANCIS: Yes, there is discrimination that consumers might consider unfair but that is legally permitted.


MS. BERNSTEIN: We are just talking about reducing the risk, not eliminating it.

DR. FRANCIS: Yes, disability issues.

DR. SUAREZ: I was just thinking we could just say we run the risk of discrimination, lawful or any way.

MR. HOUSTON: People are permitted to discriminate based upon certain criteria though, so I guess there is -– I mean you could discriminate on insurance coverage based upon pre-existing medical conditions for life insurance. I guess you could argue that there is that discrimination though -–

MS. BERNSTEIN: I think that is exactly the reason we chose those adjectives.

MR. HOUSTON: Roman numeral III.B.

Disclosures of a consumer's information for purposes of marketing or in exchange for financial remuneration, directly or indirectly, should require explicit consent immediately prior to disclosure.

NCVHS heard testimony that consumers are especially concerned about the use of their information for marketing purposes. On the other hand, testimony also indicated that consumers may want to receive information about treatments or other services that are available to them. Accordingly, the disclosure of information for marketing should be prohibited, unless the consumer has given explicit consent to any disclosure for marketing purposes. This recommendation parallels the HIPAA Privacy Rule's requirement for marketing disclosures of protected health information.

Nonetheless, advertising is an important revenue source for some PHR suppliers. Advertising may also convey helpful information to consumers about their conditions or treatments. This principle does not, therefore, require explicit consumer consent at the point advertising occurs on the PHR site. Consumers should, however, be informed at the time they establish a PHR whether advertising will be part of the PHR design, as this may affect their choice to sign up for the PHR in question. Under no circumstances should the PHR design allow consumers to follow an advertising link outside the PHR site in a matter that reveals their identities to advertisers, without explicit warnings and consent at the time the advertising link is followed.


MS. GREENBERG: I think I raised this question before, but it has been quite a while -– you are saying here that any marketing should require explicit consent immediately prior to disclosure. So that means that although you say on the other hand consumers may want to receive information about treatments or other services that are available to them, but every time that is going to happen, they have to give consent right before it happens.

MR. HOUSTON: Well, again, this is marketing versus advertising. I think that was the distinction we were trying to make. Advertising where all you are doing is getting something displayed on the screen where there is no transference of information, is not something that we are recommended limiting. What we are saying is to the extent that information is sent to a third party, in order for them to send you something to market their services to you, is at the point where you need to provide consent.

DR. SUAREZ: I think it is important to clarify the difference between use versus disclosure. In other words, the entity that is offering and providing the PHR can use internally the data to produce their own marketing and market whatever their own product to the consumer -- if the consumer, of course, asked to allow for that to happen so that has not been disclosed to anyone. The information about the consumer has not been disclosed to someone else, so that someone else can do their own marketing. The information being used by the entity to do the marketing –- that is a critical, significant difference in the use versus disclosure. So what this is saying is that basically any disclosure that Microsoft will do, if I can use as an example, to some third party to market some new blood pressure cuff system, that is not a Microsoft product, that is a disclosure of health information or a consumers to a third party through due marketing to that individual. That is what this first paragraph is about.

The second paragraph is -- Microsoft having the data about the consumers in their database, can use the data to do marketing so long as, of course, the consumer explicitly has given consent.

MS. GREENBERG: I understand that. The point is this idea which is in the recommendation but is not covered in these paragraphs. It is the same concept as the one above which is very clear to me, that any time that your data is going to be provided to an insurer or an employer, you should be able to know about it before it happens and approve it. But, the way you have this –- if that is the same thing with any marketing information to you, because that is what it says in the italicized words, then you would be incapable of saying to your PHR provider, I would like information about diabetic products to be provided to me and that is fine.

DR. FRANCIS: That is not a disclosure.

MR. HOUSTON: Well, actually there is another way to look at it –- if you are saying, I want diabetic information disclosed to me, that would be an authorization if there was some third party out there that would have to provide that information -- that, in my mind, would be an authorization to allow them to communicate.

MS. GREENBERG: But you might want to say that up front, rather than every time that information is going to be provided to you which is what this says –- immediately prior to –

DR. SUAREZ: Well, anytime the disclosure of the data is going to happen.

MR. HOUSTON: I think, what we heard was that there were concerns that doing it up front was not necessarily meaningful because that often, you click through at the beginning when you sign up for a PHR, maybe is the wrong time to say, oh sure, okay fine, I am signing up for everything.

MS. GREENBERG: This says every time your information is disclosed to the marketer, you have to give permission.

DR. SUAREZ: Exactly.

MR. HOUSTON: There was testimony to –-

MS. BERNSTEIN: And thereafter, they might continue to send you things.

MS. GREENBERG: Okay. So you could disclose it to them once and then you recognize you are going to be getting information from them many times and it does not require you to approve every one of those. Okay, that makes sense.


MR. HOUSTON: Harry, we are almost at noon. I know there is an ONC update at noon with Chuck. We have another page here.

MR. REYNOLDS: You have got seven minutes. And then what we will do is stop because I know Jodi is calling. We will have the update and we have to have time at 2:30 to -–

MS. BERNSTEIN: The last recommendations are probably less than the earlier ones.

DR. FRANCIS: Yes, go fast.

MR. HOUSTON: Okay, Yes, I will read really fast.

DR. FITZMAURICE: Suppose in Walter's case, Microsoft does not get the data, but Microsoft has invented a new glucose monitor and comes to the PHR provider and says, I want you to send out to all the patients who have diabetic in their record, my advertisement for this glucose monitor. Does that require the patient's authorization? Since it is not being disclosed outwardly but the PHR provider is using it to get to you.

MS. BERNSTEIN: It depends on whether they are covered by the new rules.

DR. SUAREZ: That would fall under the second paragraph.

MS. BERNSTEIN: There are new rules for that under the HITECH Act actually.

MR. HOUSTON: All right. Let's move forward.

Roman numeral III.C.

PHR products should be designed to allow consumers to identify designated categories of sensitive health information. The consumer should then have the ability to control the disclosure of the information in these sensitive categories (including in emergency situations).

NCVHS previously recommended that when information in medical records is transferred for purposes of treatment via the NHIN, individuals should be able to request sequestering of certain defined categories of sensitive health information. Examples of such categories include: domestic violence, genetic information, mental health information, information about reproductive health, and substance abuse. Similar design functionality should also exist in PHRs, but with the ability vested in the consumer to determine whether a health care provider may "break the glass" to access the categories of sensitive information in emergency situations.

MR. REYNOLDS: I would like to see you move the fourteen footnote up into the recommendation. I mean if we are referencing ours and people may just take out the recommendations and use them. I would rather them refer back to what we named sensitive categories and not have to read the paragraphs.

MR. HOUSTON: Sure, we will do that then.

MS. BERNSTEIN: You want to move this language that refers to the letter?

MR. REYNOLDS: No, I am just saying footnote 14.

MS. BERNSTEIN: Footnote 14 wants to go into the text?

MR. REYNOLDS: I want it into the text of the recommendation.



DR. SUAREZ: I think it would be helpful and this is for consideration, I just noted that in III.C. –- it says, have the ability to control the disclosure. It should be -- the use and disclosure of the information in these sensitive categories.

MR. HOUSTON: That is fine.


MS. BERNSTEIN: I want to make sure –- can I just capture that. I was making a note about the other.

MR. HOUSTON: Roman numeral IV. Uniform national standards for essential protections for privacy, confidentiality and security in PHRs

MS. BERNSTEIN: I need to capture Walter's comment, I am sorry.

DR. FRANCIS: He said use and disclosure –

MS. GREENBERG: under the III.C., the third line, the third word -- use and disclosure.

MS. BERNSTEIN: Thank you.

MR. HOUSTON: Roman numeral IV. A. Consistent with the other recommendations provided herein and established in a manner that supports PHR innovation, national privacy, confidentiality and security standards should be established for PHRs.

A primary benefit of PHRs to consumers is the ability to access their health information when they are away from home. Consumers should expect the same level of protections for their information wherever they access it. Presenters at the hearings voiced considerable concern about the difficulties for PHR suppliers who operate in multiple states, when there are differences and inconsistencies in privacy laws among the states.

Although this letter is directed specifically to PHRs, NCVHS also heard considerable concern in testimony about difficulties encountered by providers operating in multiple states when EHRs are subject to differences and inconsistencies in privacy laws among the states. As the NHIN develops, the need for national uniformity is likely to increase. Because of the interplay between PHRs and EHRs, NCVHS believes that there should be common national privacy, confidentiality, and security standards for both EHRs and PHRs, and that these standards will facilitate PHR/EHR integration and use.

MR. REYNOLDS: That sounds a lot like a recommendation.

MR. HOUSTON: It is a recommendation.

MR. REYNOLDS: Well it is not –-

DR. FITZMAURICE: It is the word common. You are saying there should be uniform federal standards –- uniform common standards across states as opposed to letting each state have its own standards.

MS. BERNSTEIN: Can you talk into the mic, John?

MR. HOUSTON: I was not sure what Harry was saying.

MR. REYNOLDS: No, I am okay.

MR. HOUSTON: So we do not need to do anything then?


DR. FITZMAURICE: But it does raise the question, do you want common national standards or do you want to permit states to override them?

DR. FRANCIS: This is a complicated question and we spent a lot of time talking about it. HIPAA is currently a floor not a ceiling and it would require legislation to make that change. So I think the next step territory we did not want to go there in this letter.

MR. REYNOLDS: Now, John I think I do have something.

MR. HOUSTON: Go ahead.

MR. REYNOLDS: We all of a sudden bring EHRs in the last sentence of the comment at the bottom. Because of the interplay between PHRs and EHRs NCVHS believes that there should be common national privacy, confidentiality, and security standards for both EHRs and PHRs. So that is different than the recommendation. The recommendation is only focused on PHRs. So it is bringing a new subject and it is putting it under the same thought.

MS. BERNSTEIN: Have we not previously made that recommendation regarding EHRs?

MR. REYNOLDS: Well, if we have, let's note that we did. The point is it is a new category stuck down here like it means something and we either recommend it or I am not sure what point we are making.

MR. HOUSTON: Why don't we say roman numeral IV. A. the actual recommendation –- if we said something to the effect of consistent with other recommendations, including previous recommendations regarding EHRs or recommendation right here as well as previous recommendations regarding EHRs.

MR. REYNOLDS: Well, I am comfortable -– take it under advisement, just the point is, we added a strong statement down there that sounds like a recommendation and adds a new category.

MR. HOUSTON: This afternoon, we will go back and look at this and try to rectify this, because I think it is an important point. We will come back with our changes to that.

MR. REYNOLDS: Okay, hold on one second. Jodi, have you joined us on the phone?

MR. HOUSTON: Okay we have a little bit let to do so that is good.

DR. WARREN: Can I ask one question? On this one do we really need EHR in that recommendation? Think about it this afternoon when your group meets about whether or not HER needs to be there.

MR. HOUSTON: Good point. Okay.

Roman numeral V. Security standards

Roman numeral V. Security standards similar to those that are required for information covered by HIPAA should be extended to PHRs.

Among witnesses that testified before NCVHS, there was strong consensus about the importance of common security protections for all health information repositories. Information security, quality and integrity should be maintained through the use of appropriate administrative, technical, and physical safeguards. All of the witnesses who commented on this topic felt that the HIPAA administrative, technical, and physical safeguards provide a reasonable framework. This recommendation does not imply that PHR suppliers are covered entities under HIPAA or that they should be treated as such on other matters.


PHRs take multiple and changing forms in today's market and contain increasing amounts of sensitive health information about consumers. The development of consistent and effective protections governing PHRs is of great importance. NCVHS will continue to study this area and to make further recommendations about consumer education and information practices as appropriate.


And we always sign it Harry Reynolds so we can put him on the hook personally.

MR. HOUSTON: Or John Hancock, whoever.

DR. SCANLON: I asked a question and since I do not know what the security standards for HIPAA are -– what this means for users -- since I have in various contexts had to, in order to log in, put in a random number. There are lots of security standards depending upon the circumstance -- whether the ones for HIPAA will be a barrier for us on the part of the people who want to use a PHR.

MR. HOUSTON: The HIPAA security centers, just so you know Bill, are really intended to be technology neutral and flexible. I think the expectation is that, it is more of a framework for types of things that people need to have in place with regards to –- right now covered entities have to have in place for their EHRs. It does not necessarily dictate that you must use a particular method for doing strong or stronger authentication. But, again I think to the extent that the HIPAA security standard is involved, at least it is a common framework in which to –-

DR. SUAREZ: The other important thing is that HIPAA security applies to entities that are the subject of HIPAA, not the consumers. So as a consumer I would not have to log in and use my rascality little thing. That is actually as a provider, as a physician I have to use it, but not as a consumer. So the expectation will be that those same security requirements apply to the entity that offer PHRs.

MR. HOUSTON: Sallie, do you want to say something?

MS. MILAM: One thing we might want to double check in our Committee meeting is the recent recommendation from a Policy Committee that has really specific, technical standards for authentication, password controls, that sort of thing, to see if to validate this statement against those recommendations coming out, because they are getting a lot more granular and then a lot more specific than the general HIPAA Security Rule.

MR. HOUSTON: Okay with that we need to move on to ONC if we can.

DR. SCANLON: I was just going to say to Walter that what I am saying that I do not want the user, the consumer, to have the same standards as the –-

DR. SUAREZ: No, this would not apply to the consumer.

DR. SCANLON: I do not know if I can get all that in here.

MS. BERNSTEIN: Well, if we change the recommendation—

MR. REYNOLDS: Okay, just hold on a second. Did you guys hear Bill's comment?

DR. SCANLON: It is basically so that Walter's point be clear. What we are not saying is that the same standards that may apply to physicians and insurers, are going to end up applying to consumers. Whereas the recommendation right now maybe –-

MR. HOUSTON: Can I suggest maybe a second -–

MR. REYNOLDS: Well, let's do this. You heard his comment. Let's make sure you cover it in your meeting this afternoon. I need to move on to ONC.

DR. FRANCIS: We will make sure we do it.

MR. REYNOLDS: And if anybody else has any comments, please give them to the Committee Chairs or anybody on the Committee.

MS. BERNSTEIN: Members are welcome to come to the Subcommittee meeting if they are available.

MR. REYNOLDS: All right. That would be true too.

DR. FRANCIS: Can we just say -– great work?


MR. REYNOLDS: We can say that also yes, well done.


DR. FRANCIS: Thank you.

MR. REYNOLDS: Instead of taking the opportunity to realize that this first time we have read a privacy letter that nobody hurt each other in the first reading, it is a marvelous occurrence. Thank you very much to all of you. Chuck, I would like to have an update. Jodi, are you on – have you joined us?


MR. REYNOLDS: Oh great, good to have you with us today. Thanks for joining us.

DR. C. FRIEDMAN: Okay, hi Jodi. This is Chuck, thanks for joining us.


Agenda Item: ONC Discussion, Charles Friedman, Ph.D. and Jodi Daniel, J.D., M.P.H.

DR. C. FRIEDMAN: So what we are going to do is update you on several of the activities going on at ONC. Currently, which pretty much equates to our work implementing HITECH, I tend to divide the world of ONC/HITECH into four areas.

Area one, broadly is what might be called national coordination through a permanent ONC.

Area two, is the whole domain of payment incentives to providers and hospitals who demonstrate meaningful use. This is, of course, an area that brings in CMS, but I include it in a complete exposition of what HITECH is.

Area three, embraces the six supportive grant programs that were authorized in HITECH and item for already referred to many times in this meeting, are enhanced privacy and security revisions.

So, I find it useful to divide this universe into these four categories.

Jodi and her remarks and updates will focus primarily on the first area, what I call national coordination through a permanent ONC. This includes, Jodi will not touch on all of these areas, spontaneously, but she may or I may, in response to your questions.

This includes the two federal advisory committees, the revision of the strategic plan, the process to adopt a first set of standards certification criteria, and implementation specifications. The creation of the position and office of the chief privacy officer and the governments of the nationwide health information network and others -- that complex of activities is pretty much what comprises AREA 1 under what I call national coordination.

So, Jodi with that list to pick from, why don't you update us in those areas in which you would like to delve.

MS. DANIEL: Okay, that's a lot Chuck and thank you for having me come and talk with you all.

I was planning to focus primarily on updates from these federal advisory committees on health IT that are providing advice directly to the National Coordinator. And the activities which we have to date with respect to the World Banking for adoption of standards and certification criteria. We may address some of the other information as time allows.

So, I think we have talked with you all, John Glasser and I, giving you an update sometime over the summer on the two Committees that we have in place, the Health IT Policy Committee and the Health IT Standards Committee. Just to refresh your memory, with the Health IT Policy Committee, we currently have three work groups, The Meaningful Use Work Group, the Certification and Adoption Work Group and the Information Exchange Work Group. All of them have been submitting recommendations up through the Full Committee and most notably, as we talked about the last time we updated you, they were recommendations relating to Meaningful Use Objectives and Measures that were submitted to the Full Committee and that the Full Committee were graded on and made recommendations on to the National Coordinator.

So I will say what is going on with those. I am going to interject the FACA discussion and the regulations discussion because they are so closely related since the advice inputs into our regulatory process.

So now that we have those meaningful use recommendations from the Policy Committee, ONC is working very closely with CMS and CMS is drafting the regulations for the incentive program to encourage adoption of meaningful use of certified EHR technology. In doing that, CMS is including in their regulatory effort, a description and definition of meaningful use which is what an eligible provider or hospital would need to comply with and demonstrate in order to successfully obtain the incentive payments. So we are looking very closely at the recommendations that came in from the Policy Committee. They did a lot of really wonderful thinking and gave us some great input in a very short timeframe but as I said we are working closely with CMS as they are developing their regulations for this incentive program.

So just a little on process -- the CMS regulation will be notice of proposed rule-making on their incentive program and meaningful use definition and the target for that to come out is in December of this year. So coming up, right around the corner and both are working feverishly to try and get this nailed down. So that is the Policy Committee and Meaningful Use.

Of note, the most timely topic, is their most recent hearing which they held last Friday where the Policy Committee, the Full Committee received testimony on privacy and security issues primarily focused on privacy issues as it relates to health IT and health information exchange. The goal is really to solicit testimony and get a broad base understanding of the various issues that the Committee may want to consider and some various perspectives on those issues. Some of our Committee members are expert in privacy and security issues, others are less expert so it was sort of a listening session, understanding what the issues are and helping to think through what the Committee wants to take on here. The panels we had were focused on patient choice, control and segmentation of data, the second was use disclosure and secondary uses, and we did have John Houston come and testify but he was able to inform the Committee somewhat, on some of the activities that NCVHS has done in that area. The third was models for data storage and exchange, aggregate data ID identification and the fourth was on transparency audit and accountability. So it was covering the whole gamut. The testimony was fairly broad-based although they drilled down on some specific issues.

What is happening now, is a group of folks that helped organize this hearing are getting together to try to think through priority setting and triage. So what are the areas that the Policy Committee might want to take on as a priority and then are there particular work groups that should consider those issues. I also want to note that Paul Tang is the Vice-Chair of the Full Committee and has been also leading the group of folks that have been organizing the hearing, so he is also, obviously, bringing to the table the work NCVHS is doing so that we are making sure that we are learning from testimony you have received and recommendations you have made and not trying to duplicate efforts there.

Switching to the Standards Committee side, on the Health IT Standards Committee there are three work groups currently, a clinical quality work group, clinical operations work group and a privacy and security work group. And they are supposed to take direction from the Policy Committee as far as what priorities they are supposed to be focusing their standards and certification recommendations on. And so they have made recommendations specifically for standards for implementation specifications related to the meaningful use criteria that the Policy Committee came out with. We look at those as very helpful inputs to us in our rule-making efforts on standards and certification criteria. The clinical operations work group came up with a lot of the standards required for meaningful use, the clinical quality work group were looking a the measures that were set forth in the meaningful use and coming up with some recommendations on standards in that area. And the privacy and security work group has been coming up with recommendations in privacy and security of kind of all of the areas you would expect acts of controls, audit, authentication, management, et cetera.

They all made recommendations for 2011 but also looking forward to future years and some recommendations of where the standards might be headed that we may want to try and regulate them.

Now, transitioning from the Standards Committee to our regulatory process, I told you about the CMS regulatory process for the incentives program, including meaningful use. ONC is working on a companion regulation for standards implementation specifications and certification criteria that would be tied to certified EHR technology. Our standards reg is also scheduled to be released in December of this year. The difference is that will be an interim final rule as opposed to a proposed rule. It will be an inter-final rule although we will be expecting comments on the interim final

rule and will be incorporating those comments and be developing a final final rule. But it is final when it is published -– it is called interim final because we accept comments on it. These two regulatory efforts need to work hand in hand and so CMS is working with us on ours and we are working with CMS on theirs and we are trying to make sure that they are well aligned, because they are all influencing the same program, the incentive program for adoption and meaningful use of the technology.

There is going to be a third regulation in this suite of regulations. We are required to come up with a certification program and so we are going to be developing a notice of proposed rule-making on the process, the certification process itself as opposed to the criteria. And how one would become a recognized certification body and how products would get certified. That will be the third in the suite of regulations. The goal is also to release that at the same time as the other two in December of this year. And that will be a proposed rule which we will accept comment on and then finalize.

The one thing I did not mention on Health IT Standards Committee is that there is a new work group that was recommended and headed by Denise Chopra focusing on implementation and adoption issues with respect to the standards. And so we are working on trying to put that together. So that is a new fourth work group of the Health IT Standards Committee that is forming.

So that, in a nutshell, is it on FACAs and Standards and I am looking at the list that Chuck sent for us to see if I could say anything else about other things that might be helpful. The strategic plan, this is something that I believe Chuck has already briefed you on from our prior strategic plan, ARRA requires us to update that strategic plan clearly with all the new mandates and programs that are set forth in ARRA. That strategic plan needs to be updated to reflect those and to address current thinking in light of the Recovery Act. So we are planning to do that. The statute also requires that we get public input into or state holder input, to weigh into that strategic plan.

So we are thinking about how we are going to do that at this point. And this is a process that is just starting underway, the revision of the strategic plan. So I do not have many details to share at this point.

Similarly, on this chief privacy officer, it is something that the statute requires us to adopt. I think it is actually great to have somebody who is going to be focused purely on privacy and health IT within ONC. I think it is going to be very useful to have a position clearly focused on that. ARRA requires us to have that person in place by February of next year. It is something that David Blumenthal is very committed to and we are hoping to beat that deadline, although I do not have any specifics to announce at this point.

I think that is it on the stuff that I am supposed to cover although I would be happy to take questions.

DR. FRIEDMAN: Okay, thank you Jodi. What, Harry, I would propose we do, is take some questions from Jodi and then when those are finished, I would like to update the group on our grants program.

MR. REYNOLDS: Okay, if she does not take all your time.


DR. FRIEDMAN: Well, if there are a lot of questions, that would be fine.

MR. REYNOLDS: Hey Jodi, this is Harry -– one question I had –- you are doing the rule on certified EHRs right? You did not say PHRs.

MS. DANIEL: Correct.

MR. REYNOLDS: That is fine, based on our earlier discussion, I wanted to make sure I had that right letter.

MS. DANIEL: Yes, the standards and certification criteria that we will be developing through regulations will relate to electronic health records, not personal health records.

MR. REYNOLDS: Okay, that is good. Thank you.

Questions? Leslie –- please speak into the microphone.

DR. FRANCIS: I was interested in your comment that the privacy work group was going to be putting together a set of priorities and I wanted any further thoughts that you might have about how we would coordinate well, because our own privacy, confidentiality and security subcommittee this afternoon is going to be looking to some further work on priorities as well and if you had any thoughts that we might find useful, so that we are not each treading the same path, rather than selecting useful complimentary paths.

MS. DANIEL: That is a very good point and it is something that we have talked about with the folks that helped organize the hearing to make sure that we are figuring out where there are areas of priority and then how best to address them and how to make sure that we are again, building up your work, complimenting your work, but not duplicating effort. So, I echo your thought. Somebody from my staff, Jonathan Ishee is planning to attend your meeting this afternoon to make sure that we know what you are talking about and can bring that back to the table. We just had the hearing on Friday, so we do not have a game plan yet to share that you could use in your discussion this afternoon, but hopefully I do not know where you are and whether or not you are trying to make decisions today or this is ongoing dialogue. I would say that maybe we could just have some talk offline, also including Paul Tang who has been sort of heading up this effort for the Policy Committee before we made a recommendation to the Policy Committee on priorities that we run it by you all and see where we might be able to be complimentary.

DR. FRANCIS: Thanks.

MR. REYNOLDS: Okay, Walter?

DR. SUAREZ: No, actually that was the same question.

MR. REYNOLDS: Okay, anybody else have any questions? Jodi, thanks that was a great update, very comprehensive because nobody is bashful about asking questions so you covered a lot of good stuff. So Chuck, please.

DR. C. FRIEDMAN: Thanks very much Jodi, I really appreciate it.

MS. DANIEL: Okay thank you, bye-bye.

DR. C. FRIEDMAN: Bye-bye.

So I thought I would say a few words about the grant program to compliment what Jodi said about some of the other activities. I think I mentioned in the update I gave at the last meeting and I am sure you have all committed it firmly to memory, that there are six grant programs called out in HITECH. You all passed the quiz last time, but I will repeat that again. There are actually four mandatory grant programs. The program of implementation assistance, otherwise known as the extension program, that program was announced on August 20th through the issuance of a funding opportunity announcement. I will come back to that. The second of the mandatory programs is a program of grants to states to promote health IT – that program emphasizes health information exchange and it too was formally announced on August 20th through the issuance of a funding opportunity announcement. Another statutory program which has not yet been announced, is a program to build the health IT work force -- stay tuned. The fourth statutory program is a program that emphasizes research related to health IT. This is called in the Act the program of enterprise integration centers. It is a program that is put under the care of NIST and it too has not yet been announced, but also stay tuned for that. There are two, call them optional programs. They use the language MAY in terms of whether they are established or not. One is a program of grants to states and tribes for the purpose of giving loans to support health IT adoption and the second program that uses the MAY verb is a demonstration program integrating health IT into health professions education. It is a companion program to the mandatory health IT work force program coming at education from a different direction -- in this case, the education of health professionals.

So let me just say a few words about the programs that we have released and maybe I will say a few additional words about the work force program that is forthcoming, what I can say at this point, which is not much. So the extension program funding opportunity announcement announced the awards totaling $598 million dollars. It is expected that approximately 70 regional extension centers to support health IT adoption would be established by these awards. Applications to establish these regional extension centers are going to be accepted in three sequential cycles and each cycle is going to consist of two phases.

First, the submission of preliminary applications and then a submission of final applications from that subset of preliminary application submitters that is given the green light to submit a full application. The first cycle of preliminary applications has already begun. The deadline for submission was September 8th. So that has passed and the first set of preliminary applications is in. If you read the funding opportunity announcement something that would strike you very quickly I believe is the priority afforded to primary care providers including physicians and other providers with prescriptive privileges and there is a clear goal set in the funding opportunity announcement to support over the first two years of operation of the centers, an excess of 100,000 primary care practitioners in adopting health IT with the hope that they will attain meaningful use.

The regional extension centers will not operate completely independently of one another. They will, in fact, form a consortium and will work together and share their learning and experience. The consortium will be coordinated through an entity called the HITREC, we love our acronyms, which stands for the Health IT Research Center. I would say that most people believe the word research in the title is a bit misleading. The HITREC certainly will take an investigative demeanor in what it does, but it will exist primarily for the purpose of providing central resources and support to and supporting and coordinating the efforts of the consortium of regional extension centers. So that is the regional extension center program.

The second program that was announced, the program of grants states focusing on health information exchange, announces awards that could totally $564 million dollars. These awards will be to states and territories or their designated entities. I believe the number of states and territories eligible for these awards is 56, it might be 57, but I think it is 56. These awards will be processed through a single application cycle with the applications due on October 16th. Just coming to some of the highlights of the funding opportunity announcement, there are five specific aspects of a health information exchange called out in the awards. The approach is quite comprehensive. It includes governments, finance, technical infrastructure, business and technical operations as a fourth, and legal and policy issues as a fifth, so it lays out a comprehensive approach to promoting at a state and territorial level of health information exchange. And the general model that the states or their designated entities will follow in doing this work will be driven by both a strategic and operational plan that each one will be required to produce as a basis of the activities that they will subsequently undertake. In each of those five areas I mentioned, there is laid out in the funding opportunity announcement, a set of key accomplishments relating to health information exchange which each entity is expected to achieve.

Just one quick word on work force -- it is clear from the funding opportunity announcements that we are conceptualizing even the extension program, the state HIE program and the work force program as kind of a triplet. We hope, obviously, to announce the work force program soon. Several published studies and other estimates we have seen estimate the shortage of the health IT work to be on the order of 50 or 60 thousand in terms of what will be necessary to support not only the work of the extension centers, but the entire movement nationally toward meaningful use of health IT. So there is educational work to be done and as I said, we hope to issue this program funding announcement soon.

So that completes a quick run through of our grant programs and the very exciting things that happened last month. Harry, I would be happy to entertain any questions.

MR. REYNOLDS: Okay, questions?


DR. FITZMAURICE: You mentioned, Chuck, the research related to HIT –- the integration and integration enterprise integration centers of NIST. Is there any information about that? Has NIST begun work on that?

Dr. C. FRIEDMAN: No. There is no detailed information that I can share in this meeting, Mike, but I can tell you that that planning of this program has begun and as I said, we are hoping to announce it as soon as possible.

MR. REYNOLDS: Okay, we have got Larry and then Judy.

DR. GREEN: Chuck, a conceptual question about the extension service – I have seen in the last month, a couple or three more publications that go back through a hundred years of agricultural extension. It seems to be a quick hitting flurry of interest and activity about this. These papers are raising the issue about that every county in the United States presently has an extension service structure already in place that developed over a hundred years through agriculture and that it includes health as one of its pillars. What is the thinking –- is there an interaction expected or possible or probable or maybe -– what is the interaction between this extension service that already exists and the extension service to be created?

DR. C. FRIEDMAN: It is a great question, Larry. I have to be very careful about how I answer that because there is a funding opportunity announcement on the street and an active competition underway. I would call attention to the language in the funding opportunity announcement that weaves a great deal of flexibility, or applicants for these centers to be creative in the way they put the centers together and draw on a wide range of resources. I cannot quote you chapter and verse, I have it here and we would be delighted to point you to this section where a wide range of entities, as examples, are specifically denoted as having potential important roles to play in putting these centers together. So I think it is safe to say that the intent was to leave the applicants to draw on the resources as best they can, that they have available to them, as they put these regional centers together. We did not say, this is the chemistry of a regional extension center and it has A, B, and C and that is how you make a center. So we are looking forward to seeing what comes in.


DR. WARREN: So mine is kind of a clarity question, Chuck -– help me understand relationships because the Department of Labor has just issued a grant opportunity to train health IT work force. Now that is going to be the third one that you release. Is there collaboration between the Department of Labor and HHS on these? I mean, how do we know how to make sense of all this new stuff that is coming out in the government?

DR. C. FRIEDMAN: Again, I have to be careful, Judy, because the Department of Labor does have a funding opportunity—and

DR. WARREN: And I am talking about that high level collaboration between the two departments -- that is all I am asking.

DR. C. FRIEDMAN: Right and I can say that we are in contact with them, but I need to emphasize that when the HHS program is released, it will be a program with its own criteria and characteristics.

DR. WARREN: And that is what I needed to hear from you. I did not want you to go down deep.

MR. REYNOLDS: Any other questions?

Larry Green, again.

DR. GREEN: Conceptual question about the number three the HIT work force building off of Judith's -– is there a concept that the HIT work force is destiny to become an integral part of the health care delivery team?

Dr. C. FRIEDMAN: What do you mean by the health care delivery team?

DR. GREEN: What I mean by the health care delivery team builds off of the -- to err is human, the quality chasm, and a decade of published work that says that you get the high performance health care delivery system only by working effectively in teams, that it is a team sport from here on out. Then, it links to the HIT is the critical technology to get to the high performance team and now we need the people that know how to do this actually do this amazing thing called work together.


That is what I am talking about, so to beat it to death, we can have a grant program that focuses on computer science training and administering health care IT systems, that sort of thing, that occurs in splendid isolation, the way we intended to do this for a hundred years. You know, God forbid that the nurses and doctors would ever work together on a training program you know. Is this going to be another one that siloed pretty much, or will there be opportunities in this work force development to try to do something to promote the teamwork. This is very crucial to the overall policy objective, in my view, and my question really is –- is it possible that that grant program would actually encourage the HIT work force to be developed in a way that encourages them to become integral members of taking care of people?

DR. C. FRIEDMAN: Yes, thanks, Larry. I am actually going to take what you said as both a statement and a question.


As a statement, it is good input for us because this program is not yet announced. It is a statement that we can take to heart in designing it. Second, to respond as much as I can to what you said as a question, I mentioned that the three programs, the state HIE program, the extension center program and the yet to be announced, work force program, are referenced in the two announced FOAs as a kind of triplet that is going to work together. I think if you read the extension center program announcement particularly and how it is going to operate, add to that the statement that these are a triplet and will be designed to work harmoniously and in a mutually supportive manner, I think you will come to a conclusion that I think you would find satisfactory given what you said in your statement.

MR. REYNOLDS: Okay, Judy has a comment that needs no answer from anyone and then we will break for lunch.

DR. WARREN: It is one of those things that I feel passionate about, and when it is mentioned I think we are in a new era of defining the health team and part of one of those team members is the health informatician that really makes what happens that clinicians need and provides that bridge into the computer technology or the computer science people who really do not know what we need. We have a very unique work space and we need to start adding thinking about our teams in a little bit of a different way. And if you follow some of those spectacular failures of EHRs, et cetera, its most of time, there was not a good translation or attention paid to what clinicians needed.

MR. REYNOLDS: Okay, the last point of business before we break for lunch. Well, first thing is thank you, Chuck.

DR. C. FRIEDMAN: Thank you, Harry.

MR. REYNOLDS: Who is going to dinner tonight? Put your hands up please.

(Whereupon a luncheon recess was taken at 12:45 p.m.)

A F T E R N O O N S E S S I O N (1:45 p.m.)

MR. REYNOLDS: Okay are we set. The people that actually know what they are talking about are here. So welcome back and we are going to hear from Dr. Friedman and Dr. Parrish on updating our health statistics for 21st century report and I appreciate this because I have to use this an education session for me to get completely up to date again and I can say what we have done during my tenure.


Agenda Item: Updating Health Statistics for the 21st Century Report, Daniel Freidman, Ph.D. and R. Gibson Parrish, Ph.D.

DR. FRIEDMAN: Thanks and when you see Don Detmer and John Lumpkin you can blame part of this on them.

MR. REYNOLDS: I will tell them that we have it back up again because they did not quite understand how important it was but we brought it back and now we are going to make it important. I will get them.


DR. FRIEDMAN: We are going to try to be relatively brief. When I was a Committee member my favorite presentations were the ones that were quick and went under time. So I will try to follow that.

We are quickly going to review the purpose of the project, the process that we went to and our findings and we are doing this under the assumption that folks have or will review the report that is in the agenda book. So we are not going to slavishly review everything.

The purpose of the project is to support observation of the Committee's anniversary through assessing progress on the health statistics vision report recommendations, since its publication in 2002 and then reconsidering and revising the vision in light of developments since 2002. The first phase of the project is the one that we were undertaking and the purpose was summarizing progress on vision priority recommendations, reconsidering those priority recommendations and then suggesting next steps for the Committee regarding reconsidering the vision.

The process that we went through, and we have already explained this to you, was first of all a review of the literature, second working with the Committee and the Subcommittee on selecting 8 priority recommendations from the initial 36, selecting interview topics for key informants, selecting key informants for us to interview and also selecting NCHS experts for us to interview. That selection process was iterative, particularly with the population Subcommittee and the population Subcommittee staff.

We conducted 12 key informant interviews that lasted anywhere from 20 – 60 minutes and the folks who we spoke to, their names and positions are listed at the back of the report. People were very generous with their time and we felt positive about the range of views that were represented. And then we also spoke with 9 NCHS experts and then finally we reviewed the findings with this population Subcommittee and Committee Staff.

Now I am going to poll the Committee quickly and this does not require any discussion or a vote, on whether or not folks want me to quickly review the 8 priority recommendations that were chosen by the Committee.

You do –- okay.

Well you, the collective you, choose 8 of the 36 recommendations through a voting process that you may recall.

The first recommendation that you choose was developing systems to actively monitor the population's health and potential influences on the population's health in order to identify emerging problems. Now, again, this is a subset of 36 recommendations from the 2002 report.

Second, to assure that appropriate measures of functional status and well-being are included in ongoing systems that a part of the health statistics enterprise.

Third, to develop person based longitudinal datasets and surveys, in order to develop portraits of influence on the population's health, throughout the life cycle.

Fourth, develop a tool box of privacy, confidentiality and security best practices for use throughout the health statistics enterprise.

Fifth, support and fund on-going multi-purpose data -collection systems and data integration efforts.

Sixth, adopt or if necessary develop standards for data elements commonly used in all methods of data collecting, for electronically transmitting data, for presenting and disseminating data and providing electronic access to data.

Seventh, develop and fund a research agenda to explore new data-collection strategies that can rapidly and flexibly provide data on emerging influences on the population's health, assess the validity and reliability of items used in key on-going data systems and estimate any loss in accuracy from early publication of provisional incomplete data from on-going data collection systems.

Eight, to develop methods to validly and reliably estimate important indicators of the health and of the influences on health of state and local populations.

Now the key informants that we spoke to had some general comments that applied to all of the recommendations. And this summarizes those general comments. And the feeling was, first of all, the recommendations needed to be better explained to a broader audience. That explanation needs to include why the recommendations are important and needed. The recommendations need to be strengthened. The recommendations should be tested through pilot projects and especially, that they should be specified through the inclusion of outputs or products and a specific roadmap of how to get from here to there. And that latter point was especially emphasized essentially specified and talk about how we get from here to there. Now there were also some general comments that were provided, we asked folks about the impact, since 2002 of health information technology on health statistics. And here is what we heard and these were pretty close to consensual comments. First of all, that HIT has not significantly impacted health statistics broadly since 2002. Second, that HIT holds huge unrealized potential for health statistics. And third, that HIT should be used to improve communication of health statistics to communities.

Now based upon what we heard and we are not going to go through the report in detail, but based upon what we heard from the key informants, we have reformulated those 8 recommendations into 3 more overarching recommendations. So let me quickly go through those.

First to improve strategies, data sources and systems to actively monitor the population's health and potential influences on the population's health. Objectives of the health statistics enterprise should include identifying emerging problems, measuring access quality efficiency and value of health services and identifying and targeting health inequities. The health statistics enterprise should meet at least 4 requirements where appropriate provide person-based longitudinal data where appropriate multi-purpose and support multiple data users, where appropriate align with data standards for clinical records and incorporate privacy, confidentiality and security best practices.

Second, assure that appropriate consistent and comparable measures of functional status and well being are provided by the health statistics enterprise. These measures should be valid and reliable as well as comparable and consistent across the health statistics enterprise.

Third, develop and fund a research agenda to explore new data collection linkage, analysis and communication strategies that can rapidly and flexibly provide data on the population's health. The agenda should include methods to and I am going to circle back around to this notion of a research agenda in a moment. The agenda should include methods to assess the validity and reliability of population health items used in key ongoing data collection systems and in electronic health records systems. Address the effects of non-response and missing data, estimate any loss in accuracy from early publication of provisional incomplete date from ongoing data collection systems – I am just going to put a little bracket and make a comment here.

One of my former employers many years ago was Blue Cross and Blue Shield of Massachusetts where of course we worked with claims data and every year we worked with incomplete claims data in doing actuarial projections. And one of the things that is striking for those of us in health statistics are the differences between how actuaries deal with claims data in terms of working up completion factors and making projections from incomplete data. And what we do and do not do in health statistics. And finally, estimate important indicators for state and local populations.

Now those are the restatement of those recommendations. Again, based upon our discussions with the informants, there were a number of new recommendations that they focused on. These included conducting research on new data collection techniques and especially more flexible and cheaper means to obtain data that augment traditional health statistic surveys, methodological innovations, survey and dataset integrations, health statistics and electronic health records. Need to link and integrate health statistics with clinical care through health information technology. Needs to devote analysis and research to uses of electronic health records for health statistics. And research on mining techniques to extract health statistics from electronic health records. Health statistics and personal health records (electronic health records). Need to devote analysis and research to uses of PHRs for health statistics. Decision support based upon health statistics should be built into personal health records. I should say in terms of the EHRs NCHS has made some investment in a workshop and a project relating to uses of EHRs for population health monitoring and research purposes. New recommendations, organization and support for the health statistics enterprise. Again, this reflects what we were told by our key informants who emphasized that any new recommendation relating to the organization and support for the health statistics enterprise should emphasize the "shameful lack of funding for health statistics in federal agencies". Roll of data collection dissemination and analysis and research needs to be elevated at HHS. And training in health statistics needs to be increased. In academic training and public health in bio statistics needs to be better attuned to health statistics. And this is certainly a large gap.

Now, based upon what we heard from the key informants, what we heard from the NCH experts about changes in the priority recommendation since 2002, Gib and I have a number of straightforward next steps to suggest.

The first, is not so much a next step as a reaffirmation. It is our feeling is that the core concepts that NCVHS put forward in the 2002 vision report in the 2001 report on information and health, really remain valuable and useful frameworks. The notion of the health statistics enterprise that was put forward in the 2002 report, the thoughts that were presented there on the influences on the population's health and then finally the concept of the national health information infrastructure with the overlapping health care consumer in population health dimensions. Now, I should say in the interest of full disclosure, that I do, as it were, have a dog in that fight, because I participated in writing both of those reports.


But having said that, the frameworks are still good.

Second, NCVHS should specify means through which EHRs and PHRs HIT generally can improve health statistics. And how health statistics can improve clinical care.

Then finally, and this was something that we had talked about at the very beginning of the project, that NCVHS should sponsor a series of high focused workshops or hearings with each of those exploring a really highly specified topic. Such as conceptual development of the population health dimension which has not received a lot of attention in the past 6 or 7 years. Again, parenthetically, Gib and I are working on a paper that we are going to be submitting for pure review in probably around a month that deals with that and then builds upon some of NCVHS' ideas from just about a decade ago.

A second topic for a workshop or hearing could be formulating a broad research program. With the emphasis on program here rather than agenda for improving health statistics. Maximizing the contribution of the health statistics enterprise to improving health care quality, access and efficiency. Using EHRs and PHRs to improve health statistics and using HIT to increase the contribution of health statistics to clinical care.

So what we would say is that each workshop or hearing should focus on a single highly specified theme, clear statement of purpose for each. And we would suggest both soliciting invitations for presentations as well as having open invitations. One thing that in my experience the Committee has not done, was solicit brief proposals, a paragraph or two, for topics for presentations and then essentially choosing which ones are most appropriate and that may or may not be a popular suggestion but it is something to think about. Providing presenters with specific questions and a very brief issue papers for each topic and then perhaps based on the content of presentation, selecting a smaller number of participants to develop brief working papers that could be published by the Committee.

Se that is where we are and we would be happy to end it to entertain any questions or comments or suggestions.

MR. REYNOLDS: Judy and then Mark.

DR. WARREN: So one of your key informants, I think it was on the third recommendation that you were making, you talk about assessing the validity and reliability of population health items and un going data collection in electronic health record systems. So, where in all of this should we put the education of our clinicians in providing data integrity or valid reliable data when they actually come in and document on their patients and we want this to be able to be then aggregated up to a population health statistic.

DR. FRIEDMAN: Well, I am going to turn to my clinical colleague here.

DR. PARRISH: Well, certainly there is the issue of accurately documenting the clinical care that is provided whether it is diagnostic work, laboratory work, treatment modalities, whatever. When I was in medical school, I actually took epidemiology in my second year and as a part of the medical school curriculum, I was at UCLA and gained a pretty good appreciation for, in fact, the importance of the kinds of data that are generated in the clinical setting for use in larger population studies and health statistics as well. So I do not know, I think that trying to do what can be done to get that message across in medical education is important.

DR. WARREN: Careful, there are other people besides physicians giving care.

DR. PARRISH: There are indeed.


MR. REYNOLDS: Well you walked around there. We have all been there and you are not alone.

DR. WARREN: I have gotten others on that, so do not feel bad.

DR. PARRISH: I think it is important and I think particularly as was emphasized in the presentation here that there is a real opportunity for sort of a interaction between what we know in terms of health statistics and the provision of care because it can help to guide diagnosis, it can help to guide what is done in terms of specific –-

DR. WARREN: So as we get more of the health team members documenting, and we now have maybe 5 or 8 or 10 people, physicians, nurses, physical therapist, respiratory therapists, social workers and we are all documenting –- if we document from our own silos you may not be able to aggregate data that should be the same because they have documented it differently or with different levels of commitment to the data integrity. And I think that is kind of one of our next challenges is how do we get across to all of our students, this commitment to data integrity and not just chart something because that is what is next.

DR. PARRISH: Well and I think one of the points made toward the end of the presentation was also having some research that is actually done looking at what we do have now as well as what we might have in the future and how that can be used given some of the difficulties you just described in terms of pulling information together and then trying to aggregate it for the purposes of health statistics. That is a very good comment and a good point.

MR. REYNOLDS: We have got Mark, Justine, Dee and Blackford.

DR. HORNBROOK: Could you think about the issue of currency of data for both clinical and population health management? I mean the H1N1 situation we are in right now. It seems like –- is it just the CDC's responsibility to protect us from that epidemic or is there a general responsibility for all the health care system to be prepared to deal with H1N1 or any other epidemic that comes along. The same issue with medical homes, is there a way to get statistics in real time about people's access to their medical homes –- do they have it or not? And then finally the integration between personal health needs and disaster preparedness – I mean I am assuming that in Katrina, we lost a number of lives because people were separated from their health care providers and their information and there was not an adequate preparedness for that. I am wondering if in dealing with this health statistics issue if we have an opportunity to educate our various audiences about the fact that their health, their own personal health is part of an informatics system and a disaster preparedness system and a quality assurance system even a drug safety system that they need to be responsible for as members of our society. Or am I just preaching to the choir?

DR. FRIEDMAN: All questions and firm positions I will refer to Gib here.

DR. PARRISH: Well, the issue of timeliness of data, and I think that is what you started your question with, I think is a very key question –- it is something that has hounded health statistics for awhile given the way that many of them are collected and again one of the things that we suggested was that there needed to be a careful look at innovative techniques for obtaining some or the information similar to what you described to in a more timely way.

And Dan alluded in his remarks to this issue of incomplete data and trying to work with that, rather than having to wait until the very last birth or death certificate comes into the system. So I think that there is research that can be done in this area to try to improve our use of what we have at hand.

Certainly, CDC has been working on methods of gathering population based data from pharmacies, over the Internet in terms of the Google approach to the flu in the last year, to try to get at least some indicators of where a disease may be heading or if there may be something new that is coming out. But I think that all of these things are ripe for further exploration.

There have been suggestions that there might be attempts at population based surveys using the Internet in an informal way and you could even use existing surveys to look at the validation of those. So, again yes, I think that in fact these are good things to be exploring in the next 5 to 10 years with HIT that we have now and the advent of the electronic health records.

DR. HORNBROOK: I am just trying to deal with the privacy advocates that want to go to the extreme of restricting access data for all just because of the right to privacy without acknowledging that there are conflicting objectives that would even them to be healthier.

DR. PARRISH: Well actually let me add one thing to that, one of the comments that we heard from actually at least 3 or 4 of the key informants, was that they felt that the privacy issue was one less of regulation and much more one of communication. That there needed to be a lot more effort put forward to actually communicate what privacy is about, what the important uses of the data are and how to frame that better than it has been framed to date. So that came up repeatedly in our conversations with people.

MR. REYNOLDS: We will just go around the table because everybody wants to talk and we have got time, so Larry you put your hand up, so we will just come right around.

DR. GREEN: Could you comment a little further about this assumption. Listening to your presentation and having read the Shaping the Health Statistics Vision 7 or 8 years ago, the take home message from your presentation that you need to repair for me if it is wrong, is that we are at a juncture in history where our approach to developing health statistics has the opportunity to change substantially. Is that a consensus statement -- is it correct or not?

DR. FRIEDMAN: I think that that is true. We have the opportunity to build on what we have been doing well but also trying to think prospectively and expansively about how changes in the collection of data for health care can affect health statistics in the future and it is a difficult discussion. The answers are not always clear because there are certainly some uses of data from health information exchange and electronic health records that are fairly obvious -– lab data, STDs, but there are other uses that are less obvious and maybe more difficult to realize those uses. It is a subject that needs to be really honestly explored. By honestly, I mean really looking at it critically and saying what can we do with electronic health records and personal health records and health information exchange and perhaps what can't we do or what can't we do right now. Part of that revolves just around the nature of our own health care system because what one can do in England, or Canada or Sweden with electronic health records for population health purposes when you have full population coverage and provincial or national health identifiers is different than what can do when one does not have those.

MR. REYNOLDS: Blackford.

DR. MIDDLETON: Thanks for a terrific report and analysis. I just had a couple of questions and maybe a couple of requests. You know one of the things reading the document and thinking about health statistics as we have traditionally construed them is that that is a very well known and sort of accepted term I think within the Beltway. You know what it means and within the confines of this organization we know what it means et cetera. But I think you are pointing to a much broader definition of health statistics.

So I wonder if actually we need to think about changing the label in this kind of document and perhaps elsewhere wherein it might arrive at or support additional funding in extending the sphere and scope of the traditional health statistics notion. I think that would be very powerful, it is your intent but I do not have a suggestion on the new label, but it is a request.

I think the second thing, what I look for in this document or maybe tell me Mr. Chairman if it is appropriate to look for this kind of analysis in this document, but I think the call is clear. The clarion call for increased funding and support and the important and the relevance is clear. What is not clear is where are we failing from a management analysis today in the national health care information infrastructure, and particularly with respect to health statistics, gathering, use and dissemination and et cetera.

So is there something that we need to do, or some insights that we might offer based on the collective expertise, particularly of folks in the business about what is working with respect to the current national architecture for health statistics and allowing us to focus our comment on the management side of that as well. What is working well at the federal level what is working well or not at the state level and even what might be working well or not at the community level.

I think that raises the question that also, what is the public/private connection here for health statistics or the broader conception of health statistics. I do not think that was commented on. And this then might lead to recommendations about not only management in structure but appropriation which would be the final goal.

DR. FRIEDMAN: Blackford, if you have a couple of minutes later, we just want to you separately on one part of that.

DR. MIDDLETON: Certainly.

DR. FRANCIS: Thank you for a great presentation. I just have a comment which gets back to Chuck's comment earlier about data integrity. As we are preparing for our hearings on meaningful measurement we are looking at the supply chain of the making of a data element and I think that I was struck by the importance of data definitions and then education and sophistication of the whoever it is who enters it – doctors or administrators or other health care professionals. As we envision what could be and certainly enamored very much by the immediacy of electronic data, we need to balance how much do we invest in the construction of the data elements because the rest of it all falls on that. So thank you.

DR. WARREN: I want to play off of Larry's comment because I really do think we are at a paradigm shift through the way we look at health data. For me to separate off of Chuck and say this is health statistics and this is clinical and this is administrative really is some of the old world thinking and we have tremendous innovations in programming languages, tremendous innovations in hardware and servers, tremendous innovation in the way that we are beginning to put databases together that we did not have 5 years ago. And so for us to still think about paper data collection or some of these or some of the problems we had with that sort of troubles me.

I would like to push this to where we really do kind of look into the future and see the change between the way that we currently collect clinical and statistical data which is still primarily paper based in this country, and start shifting that into electronic and information system base and start getting our health profession students ready for that new future because right now we really are kind of not which tells me that we really are close to that huge tipping –- whether it is the tipping of an iceberg or one of my favorite cartoons and I show my students is the chicken and egg thing and the chicken says, wow, paradigm shift and there is the broken shell that is beside him. And I think that is kind of where we are. It is an abrupt shift and it is coming fast.

MR. REYNOLDS: This has been an interesting area to me because I am not a doctor and I am not a statistician. And there is a big gap between, and I think everybody has touched on it, a big gap that I do not think most of the industry is looking at this to where everybody is building new systems and building new thinking and building new ways of collecting data and doing all that and a lot of us in our day jobs to that. It is hard to learn this. And so I liked your idea on some of the hearings and we are about to do a primer on data stewardship but there is not necessarily for the masses -- there is not a primer in this field, and so I can comfortably tell you, a lot of people are spending a lot of money right now. But neither can they walk as far to everybody that is good at this. Nor is anybody that is good at this coming back far enough to talk to them.

And so as I sit here, for the 5 years that I have been on the Committee, this is probably the area that I wish I could help the most but I do not even know how to start doing it. As somebody that is in the business, I am serious, and so consequently this is a lost subject in the day to day operational environments of many places. And so therefore if it is not prepared, if it is not captured, if it is not used in a way and brought forward in a way that it can be used, then even with additional money it might not help as much.

So making the group swell, use the things like meaningful use and you mentioned LTD and you mentioned a few other things that I know I have seen on the thing, so you get this idea that if some of these things become part of the fabric so that just by the process of doing health, we capture some of this and we keep some of this and we use some of this. It might be very helpful. And so I know, whether I am voted down or not, I know I will vote when we have any of these hearings, is almost that I am happy to be the model –- you know health statistics for the dummies, I am more than happy to be there, I have been there plenty of times in my life and will be there tomorrow for something else.


But I think this whole idea of how do we help the industry bring it to that environment, not necessarily have that environment continue to remind the industry that nobody is helping, because I would not know how to help. And so I think that is going to be exciting as we look at how we update this. It is -- teach those of us that aren't, how to help, and then maybe we will help a whole lot more and maybe we will help just as a by-product of what we are doing and not have to come up with anything magic and mystic.

It would just be nice to be able to give it to you in a way. I mean we have created incredible numbers of standards on the HIPAA stuff and everything else that is going on. Well, what are the kinds of things that can be automatic? Are things like the continuity care document -– is that, I mean I am showing my ignorance, but that kind of stuff is flowing out but it is not flowing out at least that I can tie it to this end. And so I think that will be very exciting to me as we update this. And then we hold some hearings to help that gap. It is a struggle. Every time I hear this, I am nodding my head, but I cannot help. And so I think that it would be good to get a lot of other people maybe to that point and if it is just me, please somebody take me aside and help me. I will be happy to take that too.


So that is my comment.

Marjorie, we are going to keep going around if we could.

MS. GREENBERG: I do not mean to be light about this, because I think you are dead on, Harry. But I was just going to say that we are going to be driving down to Charlottesville and be together for the next three days, so maybe we can bring a statistician with us and do some in car training or something.


MR. REYNOLDS: Hey do you have an audio book I can borrow?


MS. GREENBERG: We are going to have a captive audience I mean for a number of hours. But seriously, I want to thank Gib and Dan, whom Debbie Jackson and I who have been sort of shepherding this project along, refer to as the "boys"


And I will say since I last saw them or they retired from their respective jobs, they have gotten younger which is probably a lesson for all of us. But, I want to thank the "boys," no, I want to thank the doctors or really doing a superb job on Phase I here of this effort as Dan said, I do not want to minimize how difficult their work was, but it was certainly made easier by the enthusiasm of everyone whom they wanted to talk to about this which was encouraging to me that people who were not just health statisticians or people in population health specifically, how really receptive people were to their request for the key informant interviews et cetera. And I also want to thank the population Subcommittee who has been kind of the home for this and I hope will continue to be.

I think that this discussion really resonates with our discussion at the June meeting, doesn't it seem like a long time ago, that June meeting -- it certainly does to me. But we met at NCHS as you may recall and there was quite a bit of talk about the lack of resources for research in improving health statistics and in improving population health and I think this really resonates to me with what several people have been saying because I think the opportunities are potentially huge to harness all these new sources of information, but without the ability to do the research that is needed to validate that in fact, the information that you are getting from all these new sources either can replace some of the traditional methods or at least can very robustly supplement them.

I think one should appreciate the anxiety that people in this field feel about every time they hear, this is a paradigm shift this is going to be a new thing, we do not need birth and death records the way we have known and loved them, we do not need health interview surveys we do not need health examination surveys, that is the extreme, but you do hear that a lot. And I for one, do not believe that is the case and I kind of doubt anyone around this table thinks that is the case, but on the other hand if we are going to harness these new methods and approaches for collecting information and both have them improve the way we collect some of our traditional sources.

In some cases we place or amplify, there has just got to be research done to show that in fact we are getting information that can be used in the way that health statistics have to be used. Not sort of convenience samples and here say or if you have seen one x you have seen one x, but really can be used to generalize about the population with the denominator and a numerator. I know I am singing your song here and Dan's head is going up and down and I appreciate that, but it is true. I think that I cannot fault my fellow colleagues who are statisticians for kind of going, wow, when they hear about the brave new world out there because there is just no good evidence that this can work.

So, if we want to see this happen, we just have to put the money into the research that will allow it to happen because I believe that it can, but I do not believe you can expect people to take it on faith. And a lot will have to happen to make it work.

MR. REYNOLDS: Okay, Leslie. Dan were you going to comment.

DR. D. FRIEDMAN: A quick comment, Gib and I both completely agree with that and several years ago NCHS funded a project that I was fortunate enough to do on national strategies for electronic health records and their potential for population health monitoring and research. And I spoke to a lot of folks in the U.S., Canada, Australia and New Zealand and England, and one of the comments that was most memorable was made by the them head of ONC, David Baylor, who said to me, you know when it comes to health statistics it is really all about the denominator. And that is a point, again particularly in this country where we do not have, we are not going to have universal coverage of electronic health records and that is an extraordinarily important point as we think about how we can use electronic health records for statistics purposes.


DR. FRANCIS: We have skipped over confidentiality in between privacy and security and as I understand the ideas, privacy is about whether there is the initial access to you that gets your data into the system. And confidentiality is about the protections when that information moves around. And what I want to ask you is what this vision involves the use of aggregated data sets in new kinds of ways and the incorporation of data, the integration of kinds of data that have not traditionally been integrated into population statistics. Now, I share the view that there are all kinds of benefits to this and that the sort of idea well my data ought not to go into this kind of thing, that is not what I am talking about.

What I want to ask you is -– when you talk to informants was their discussion about the new kinds of harm that might come on the confidentiality side and how some of those might be addressed? In particular questions like, re-identification when data sets get merged of individuals, or the ability to figure out information about small groups who might then be stigmatized, people who live within a 2 block radius of, whatever. So do you have any thoughts for us about how to try to address those new kinds of harm from this very powerful set of ways of using data.

DR. PARRISH: Well yes, there were a few comments in this area. There has been some work for example at NCHS specifically directed toward dealing with the kind of potential problems that you are talking about –- re-identification or the ability to combine data sets in order to identify individuals. And, both software has been developed as well as analytical methods to, in fact, perturb the data a bit if you will in order to make it much less likely that a person can be identified through though methods. Some of this work has also been done at the census bureau. So I think that people are aware of that, aware of these issues, research has been done and should continue to be done, specifically looking at this, and how to in fact, deal with this.

I mean, one of the advantages of the aggregate data sets are in fact, that they are aggregated. And that, as you aggregate them up, you of course the chances that you will be able to identify anyone in particular and there are certain techniques, for example now in state health departments that as people look at data for specific groups, and you reach a point where that data might be used to identify people in fact the data is either suppressed or it will not return an answer to a query of the data. So, these are things that are important to keep in mind. But I think given the potential uses and benefits of the data, that really we need to focus on dealing with those techniques, trying to do research in them and get them out there in widespread use. so that we can take advantage of the data.

DR. SCANLON: Let me add my thanks to the two of you for doing an incredible job in this report. I think you have helped us think about seriously about what our next steps need to be.

I would like to pick up on what Larry and Leslie were talking about in terms of this being a transformative moment or a tipping point, because I really think it is. About 2 years ago, NCHS had a workshop on how electronic data might be used in terms of population statistics. In some ways, at least for me it seemed to be a very academic exercise. This was something that was so far out in the future, it is like, let's not get too excited, I can retire sooner than it is going to be a reality. But ARRA money has changed that. It has really changed what is going to be the prevalence of electronic health records.

And I had always believed that there was the potential there, that we could do something very, very different and now it is going to be sort of closer to a reality. There is also a real chance that we are going to blow this opportunity. The electronic health record could become the electronic paper record. It sits in an office or in an institution and it never goes anywhere. What we do need to define is the mechanisms that get the data to flow which I think is critical. If we can get the data to flow sort of in the right way with the right protections, we have tremendous potential. And I think we can maybe even stop talking about the health statistics enterprise and think more about the health enterprise and that they are integrated. That we have got health care, enterprise is generating data that one of its by products is the health statistics that we need. Another one of the byproducts is better health care for the individual, sort of that point of service. But it is going to be a big job sort of to make that happen.

And I think there will be a continuing role to fill in some of the gaps. I mean the electronic health record is not going to do everything and even with getting the data to flow it is not going to do everything, and so we have to think about the strategy to fill in the gaps.

At the same time, this is one of those areas where we cannot allow the perfect enemy of the good. If we talk about health statistics today, I made a lot of money as the health services researcher on a relative basis over the years, using both claims data and survey data. In proposals you talk about how good these data are and how they are going to allow you to answer these questions. If you were pressed you could talk about how bad these data are, how sort of insufficient, inadequate et cetera that they are, but they are the only data that we had. It was better to have some light on a question that to have no light on a question. Now we are talking about being able to improve things in a very significant way, if we can get some of this information sort of in the right places and used in the right way.

And Harry, I would say that you do have the expertise that we need for this area because one of the things that I think about is –- why isn't the claim a primary vehicle for what we want to know about the way the health care enterprise is working? The marginal cost of electronic health records adding a bit of information to a claim is zero. Once it has been programmed, fixed costs are done, it is going to be zero. The question then is have we put in the right information and have we protected in the appropriate ways sort of over time.

But once we do that, there is a lot more data that is flowing in claims today than is flowing through HIE. And that is going to continue for a long time. It is going to continue to be that way and so the question is -– how can we tap into that to make this enterprise much more reasonable. I see this as a natural for the Committee because we have this interest on the part of the quality and populations group and overall sort of aggregate issues. We have the interest on the part of the Privacy Subcommittee in terms of issues of individuals and we have the whole Standards Subcommittee plays a role in terms of well, how can we make these vehicles work together. So it just seems like this is the right time to think about this issue, particularly for this Committee.

DR. STEINWACHS: Is there anything left to say, there must be. So I want to thank you two mainly from a very selfish point of view. Early on Harry said to me, what is the Population Subcommittee doing?


And so the two of you have made us look very good.

When we look back at the 21st century, we did the right thing. You created it, we have nurtured it. So Harry that is what I have done.


MR. REYNOLDS: I appreciate you gentleman coming along. I just we would have seen you a little earlier.

DR. STEINWACHS: Just a couple comments that came to mind. One is, I liked your actuary comparison and two things struck me -- that health economists, at least economists used to be once, there is no data set to dirty for an economist to crank and come out with some conclusion. And you then take the other extreme where people say if you do not get survey response rates at this level and this level that we will not touch the data. And so I still am fascinated by that kind of issue of what is useful in the data you have that you can use and I think what makes it different today and claims data is part of that, is that claims data is really 100%.

So it is not a sampling survey, you know everything there is about some items within whatever the limitations are for everyone. Well, we are starting to envision the possibility that as electronic health records progress it may not get to be 100 percent, but the concentration is far different than what we think of now as the NHANES study or other things where you are talking about a small sample, instead you have got a good part of that universe out there.

So it just seems to me that maybe we need to think differently about how do you look at things that are closer to large parts of the population in terms of those questions about if they are missing data or their lags or other things, can we not adjust for those maybe better than surveys.

The other part, which I always loved about the vision and it did not explicitly come up here, but in your diagram you identify kinds of data coming into the health care arena that we usually do not have. Environmental data, which never shows up in a doctors' office as far as I know, but you could think of that being a feed in through electronic health records. Other ways it brings the application of health statistics to the clinician in a way that is relevant for the patient that he or she is seeing.

The other that has always made me envious, but that did not come up here either, was -- I understand between the credit card companies and the grocery store and some others that I could figure out for Larry exactly what he eats, he drinks and I know about his home and his environmental exposure and I would know something about his profession and those exposures. There is a kind of statistical profiling that it seems to me that I would probably be interested for myself, because you say how well can I report my diet? Probably nowhere near as well as if you pull together aggregate statistics.

And so I also have wondered sometimes, you know, like credit reports. We now have a quid pro quo that industry accumulates all this stuff and now they have to let us see it once a year for free. It just seemed to be an interesting twist on thinking, could you do that same thing with those other private industries that are profiling us and provide us with information that we then could share with our clinician or that you could bring into the public health arena, because it has a -- many times, a geographic population base. Again, there are imperfections in it as you and I know.

So what I loved about the vision was the fact that it also stretches out in ways that maybe it is not only the tipping point of electronic health technologies, and so on, but it also seems to me it needs to be the tipping point of really encompassing that whole diagram and not just the things that we sort of parochially say, oh well, these are the things that we are accustomed to seeing and maybe information that may be much more useful to us like an obesity epidemic and other things. Thank you again.

MR. REYNOLDS: Garland.

MR. LAND: Just a couple of in the weeds comments on the report again, I appreciate the report. It was very well done. The examples that were given in recommendation number 1 were quite good. I think another good example would have been talking about the changes that have occurred in the Vital Statistics arena since 2002, in terms of electronic systems in terms of birth and death systems and there has been some really significant movement in that area. Also, I thought I had it, I think it was recommendation 8 that talks about the indices at the state and local populations, again another good example I think of that would be the environmental public health tracking network that talks about environmental data and how they are trying to link that up with population based data at the state and local level. So just a couple of examples there.

I guess to reiterate what Marge was saying and others that said –- I see this statement here that HIT holds huge unrealized potential for health statistics. That is almost stated as a reality and I guess I would prefer to see it stated as a hypothesis that needs to be tested. I do not know if we know that that is true or not. I think it is still out there as we see is a potential, but we do not really know to what degree and where it works and where it does not work. And I think it does need a lot of research. We are in the process with national center staff and my staff are trying to develop some standards for moving data from electronic records to burrs systems.

When you get down into the nitty gritty or it, it is not all that easy and what we thought could be done is really challenging and we are really starting to step back and wonder when it works and when it does not work and so forth. So I think it is something that we certainly hope will yield good results but I think it really does to be tested quite a bit to see where it works and where it does not work.

MR. REYNOLDS: Okay Mark, back to you again.

Oh, Ed, go ahead. You took your glasses off and sat back and I figured you were -- why don't you introduce yourself Ed?

DR. SONDIK: I also give you my thanks for this. I think the way you have done this is actually extremely informative in terms of laying out these developments since the recommendations. There are a number of the comments -– let me start with one question that Chuck asked me? He wanted to know, what does it mean improvements? In here it talks about improving health statistics and the sense he had was that the health statistics we have are not good, or maybe that is a hypothesis, as opposed to need to be expanded. So I think something in this report, since this is a draft, that is clearer on what improvement means because you do use it all the way through.

Several of you commented, in particular Bill but several others concentrated on what I would view is not so much the health statistics, the data, but really on the use of it. And I wonder where my head is on this because when this report was originally, I thought it was really terrific. And yet, when I look at what you have done and I look at where we are, I think, not you guys, I think we are missing the boat because I think we should concentrate on both the data, but lead into that by being much clearer on the use of it. In the various ways that it is used and hypothesize ways that it could be used, because I see all of this as management information.

In fact, I think, I know I will live to regret this, but the emphasis here is on statistics and this causes Harry to say and I am not exactly a statistician and we will tutor him in the car and this kind of thing. This is not about statistics. I am really serious. This is not about statistics. This is about information to manage the health care system and I will not say the trite 2 trillion, 4 trillion whatever the figure is today system, but that is really what it is about. If you go back and look at the NCHS legislation, which is now 50 years old and where it lays out all of the areas that should be collected –- it is done in the context of what we need to manage the health care system. I think that is something that we are missing. I think we are not putting enough emphasis on the use of this and ideally I think, from this effort, would come another set of legislation that would update the legislation that we have.

That is why I may live to regret this, but that would update that legislation in light of where we are today. Now we are operating NCHS and in essence the system is operating under the legislation that is 50 years old. And it was based on the information that you could get then or likely could get then. But there is more today and there are all these issues that go along with it as well, in confidentiality and so forth, but I think there is more that could be done -– that is a hypothesis, I agree, but I think that we could come up with any number of examples of information that is available today that no one would have dreamed of 50 years ago related to health care quality related to the Dartmouth Atlas and the Dartmouth Atlas squared for example, much more information that you could get. So I am quite serious, I could see I would like to pose that as a direction for this that this series of meetings be held, but that they be held with a goal. Not solely to update the report. But to aim at NCVHS which really is the organization in HHS that can deal with this, giving recommendations on where all of this should go in the future. It might give guidelines or recommendations or write legislation, but guidelines and recommendations for needed modification to where we are. Which could range anywhere from those recommendations of how it should be directed with HHS to something that would link as well with the rest of the health statistics system -– the Census Bureau, Education, you know I mean that diagram that you referred to emphasizes the terminates of health. Well, a lot of those terminates of health is gathered elsewhere in the federal statistical system. So I have this sense, this is making my day, it did not start out great --


But I think there is a tremendous amount of promise here and I think this is very much related to the Charter of this Committee, and I think this focus on how the information can be used, could be used, what it takes to manage the system. Based on what you gave, I am not sure I would bring in the Head of CBO or GAO or well, I probably would bring in the Head of OMB because we all know he has expressed such an interest in this, in contract to other Heads of OMB. I think there is a very strong sense here of management of the system. So, that in essence is my comment. It is not in terms of what you have done. I think it is more in terms of where we go next with this and I would like to see it focus on how this system should be transformed. I think the research part and all is terrific, you know that. I think in my comments to you I emphasized that. What I am surprised at, is that I do not think I emphasized what I am saying. I think I did not do that because I did not see it all laid out like this. So thank you for your very valuable contribution.

Agenda Item: Committee Discussion

MR. REYNOLDS: Okay, I am going to stop. We have been around once and I know that some others had some comments, but we have already gone 15 minutes over what we expected and we have to break at 3:15

Thank you very much.

If you remember I told you I met with ONC -- autonomy when prudent or chartered, this would be prudent and chartered as far as territory that we can go in unencumbered; we can go in as we choose to and then, hopefully whatever we come up with can be shared in a good, solid way. So I think this is a clear shot, that is why I talked about it in those things, it is a clear shot, we do not need help, we do not need S and then hopefully what we come out with can be rolled into, whether it is meaningful use or some of these other things, to really start actually making it pragmatic.

Mark, you had your hand up.

DR. HORNBROOK: You talked about a tipping point earlier and I want to come back to that. I think this is for the whole two days, not just this one presentation. We are the tipping point in the sense of what Bill described was the claims data and of course to me, as a health economist, claims data are inputs. They do not tell you anything about what is being produced with those services that are reasonably well documented. So in our society and our health care system, we had very few measures of outputs. We do not have accountability for what our health care system is producing. There is no way of measuring it.

I was part of a consortium put together to respond to the FDA Sentinel network and what that is doing is creating the new drug safety system for the whole country. It is a multi-million dollar plus multi-millions of people effort to put together all of the electronic data systems regarding drug use and aspects of your health once you got the drugs. They will find out whether you had a certain drug in your children in the hospital, or whether you got it in surgery or you got it at home over the counter whatever and will find out whether you had some adverse reaction later. To me, this says quite dramatically to us that we have a chance to move this whole system forward by getting functional health status on a national basis with the same kind of level of effort and vision that the FDA has got on the Sentinel network. We need a health output, functional health status, preference weighted health status measure so we can get global measures of output that we can compare our resource allocations so we know what we are getting for the fact that we are spending more money than any other country in the world.

Why aren't our health statistics equal to that? Well, because we are wasting a lot of things. And this relates to the comparative effectiveness agenda for HRQ and the ARRA where we want to find out where when you produce a lot of services, you do not get much in return, you have got to stop that. Well, functional health status to me is the holy grail of being able to really find out who is well and who is not well. Even though they all have the same disease, some are very vigorous and very highly functioning and some people are house bound or bed bound and we do not have measures of that. I was saying that in some sense, we could put into our IT systems, when I fill out my request for a drug prescription on my PHR or my EHR, you could also come back at me with a health status questionnaire.


DR. SUAREZ: One thing people might not realize is that starting 2012 we are going to be on a claims standard called 50/10 for the next probably 8 years. You know, I have been around on the claims arena for many years to know that trying to add a data element into a claim so that it gets reported from a hospital to a payer or physician to a payer it takes 4 or 5 years. Now with HIPAA adoption process we move from 50/10 to the next version, whether it is 50/50 or 60/10, it will be another –- well they just passed the rules -— we are going to be on 50/10 on this same claim standard without being able to add or report anything in addition to that for the next 8 years.

I think what I wanted to say in my comments to the report was, I think we are at an unprecedented moment where we are just making an incredible investment on EHR adoption. If we are really going to be at the 2014 mark of hopefully 100 percent of EHR adoption, I think the real opportunity is how much the vital statistics system is going to be capable of interacting with that EHR into the future because that is the kind of exchanges and the kind of expectations that there are going to be.

I am going to expect that instead of having to create this message to send a birth record, I am going to press F9 from my EHR system and a message gets created and sent using the standards that are supposed to be used by the HR system. And be able to receive back information from the vital statistics system from my state to periodically know what the situation is electronically and give me some pictures and there are some situations coming up or that have occurred -– all that type of real time, electronic, standard based, interoperable, interaction is what is expected. And in 2011, some of us are supposed to be demonstrating meaningful use of EHRs and two of the measures involve public health and I wonder how many public health systems are going to be able to respond to my submission of an EHR message so that I can demonstrate that I am actually using meaningfully my EHR.

So I was looking at your slide that said that health IT is not significantly impacting health statistics in 2002 and try to put this light in 2014 and see what the change in that message would be. How much health IT has significantly impacted health statistics because it has not been able to support an interactive exchange of vital records data bi-directionally and so I think the opportunity that we have is to build upon the unprecedented funding and adoption of EHR that is going to happen in this country and try to align the vital statistics systems to be capable to talk to those EHRs.

MR. REYNOLDS: Well, Don, you and Bill now have plenty of help in the populations group to take this and work with it so there would be no question.

A couple of housekeeping matters before we break. There will not be a quality breakout session tomorrow. We have got some people leaving. Or they may be an amendment to that.

DR. CARR: I just want to make sure by way of explanation because I wanted to be respectful of the folks that are here but Matt is not here and the goal was to discuss the agenda and Matt is not here, Paul is not here, Blackford cannot be here, Morris cannot be here and so if there is a need right before the hearing for us to regroup by phone, I think we will do that, but in the absence of the key players I am reluctant to do work that we then redo.

MR. REYNOLDS: The other thing I want to mention is the significant success of this Committee has always been the staff support that we have and two people will be kind of stepping away from the Committee. One is Mary Jo Deering, most of you are aware she had kind of moved into another role so we will be sending obviously a letter from the Committee to her thanking her very much and again some of you only see these people periodically when their subject is in the Full Committee, but they are the ones that really make the Subcommittees go from a standpoint of being really helpful to us. And the same thing, Denise Buenning is here, Denise stand up so people that do not know you would see you.


And for those of us that have been anywhere near the Standards Committee, most people only need one crutch or two, she sometimes was all three crutches we needed when we were trying to get things done and drove an awful lot for us so I want to thank her and them Loraine Dew is here from CMS who is actually going to be following in Denise's footsteps and a lot of us know Loraine already from being a key player in the industry. So thank you to them.

Reiterating some comments on Carol McCall, again as I told you we are having our off site with the former Chairs and since I have only been Chair for a year I do not have a lot to say as a former Chair yet unless I do not do well in the rest of this meeting. But the point is that the uniqueness of the people that we bring in here, the richness of the discussion, the person like Carol McCall, that when she spoke it was like, you listened and you listened because it was thoughtful and you listened because it was about the common good, it was about making a difference and I think that is the most exciting this when all of us show up here is that you do have a chance to make a difference within a structure, within a process, that is not overly cumbersome, hears all voices, we do it collaboratively which is a word to many people, not an action.

So even the letter today, the Privacy Letter is a perfect example of that so we miss everybody we have, but we bring them back like Dan and we make sure that they come help us in a different way. And so if you get a chance, I would appreciate it if any of you that spent some time with Carol, reach out and let her know how much she did mean to us and we are looking forward to the new additions and the retreads that we decide to bring back again, being even better this time now that they know what they are doing. But seriously, so with that we will break for today.

(Whereupon, at 5:10, the meeting recessed to reconvene the following day at 9:00 a.m.)