Hubert H. Humphrey Building
200 Independence Avenue, S.W.
Washington,
D.C.
Don Detmer, chair
James Scanlon
Marjorie Greenberg
Hortensia Amaro
Simon Cohn
Kathryn Coltin
Kathleen Frawley
Robert Gellman
Richard Harding
Lisa Iezzoni
John Lumpkin
Vincent Mor
Barbara Starfield
Clement McDonald
George Van Amburg
Elizabeth Ward
John Fanning
David Garrison
Bill Braithwaite
Harvey Schwartz
Audience Participants
TABLE OF CONTENTS
Page
Call to Order 1
Welcome and Introductions 1
Review of Agenda 5
Update from the Department and HHS Data Council
Privacy Component, John Fanning 7
Data Standards Component, Bill Braithwaite 8
HHS Implementation of PL 104-191, David Garrison11
Issues Surrounding Unique Identifiers, Bill Braithwaite23
Subcommittee Charges and Timelines for Reports
and Recommendations 91
Privacy and Confidentiality, Robert Gellman 96
P R O C E E D I N G S (9:10 a.m.)
DR. DETMER: I am Don Detmer and it is good to see all of the committee members and colleagues, as well as all of you here. I chair the committee and in my normal life I am at the University of Virginia. Usually what we do at the start of these meetings is let everyone, first at the table, introduce themselves and then also the audience. I think we have a lot of business before us but I think the introductions are the first order of the day. So, Lisa, if you would start.
DR. IEZZONI: I am Lisa Iezzoni from Beth Israel Deaconess Medical Center and Harvard Medical School in Boston.
DR. STARFIELD: I am Barbara Starfield from Johns Hopkins University.
MR. GELLMAN: Bob Gellman, I am a privacy and information policy consultant in Washington.
MS. FRAWLEY: Kathleen Frawley from the American Health Information Management Association.
DR. LUMPKIN: John Lumpkin, Illinois Department of Public Health.
DR. COHN: Simon Cohn, Kaiser Permanente.
MS. GREENBERG: I am Marjorie Greenberg from the National Center for Health Statistics and acting executive secretary of the committee.
MR. SCANLON: I am Jim Scanlon from HHS, the Office of the Assistant Secretary for Planning and Evaluation and I am the executive director of the committee.
DR. SCHWARTZ: Harvey Schwartz from the Agency for Health Care Policy and Research.
DR. HARDING: Richard Harding. I am a child psychiatrist from South Carolina.
DR. VAN AMBURG: George Van Amburg, Michigan Department of Community Health.
MS. WARD: Elizabeth Ward, Washington State Department of Health.
MR. FANNING: I am John Fanning from the Office of the Assistant Secretary of Planning and Evaluation, HHS.
DR. DETMER: Bill, we can start there and go around.
DR. BRAITHWAITE: I am Bill Braithwaite from the Assistant Secretary for Planning and Evaluation Office of HHS.
MS. KINALON(?): I am Susan Kinalon, reporter for the committee.
MR. ORANSBEE(?): Dan Oransbee, [unintelligible] law firm.
Introduction off mike.
MS. DARLING(?): Betty Darling, [unintelligible].
MR. RICHARDS(?): Tom Richards, Medicare Administration [unintelligible].
MR. FICKNER(?): Strom(?) Fickner, Centers for Disease Control and Prevention [unintelligible].
MR. MANNING: Dave Manning, Association of State and Territorial Health Officials.
MR. DICKINSON(?): Jerry Dickinson, Health Data Sciences Corporation.
MR. FITZMORRIS: Michael Fitzmorris, Agency for Health Care Policy and Research.
MR. SPANGLER(?): Tom Spangler, American Dental Association.
MR. SMITH: Ed Smith, Medical Group Management Association.
MR. KEMREY(?): Jack Kemrey, American Medical Association.
MS. JOY(?): Centers for Disease Control.
Introduction off mike.
MR. MAZE(?): Bob Maze, Health Care Financing Administration.
Introduction off mike.
MR. KRAMER: Mike Kramer, National Center for Health Statistics.
MR. HITCHCOCK: Dale Hitchcock, HHS Data Policy Office.
MR. ADAGER(?): Stan Adager, AHCPR.
MR. MEYER: Chuck Meyer, HBO and Company.
MR. ROTHWELL: Charlie Rothwell, NCHOC(?)[unintelligible].
MR. HOUSNER(?): Charlie Housner, HCFA.
MS. RYANS(?): Charlene(?) Ryans, HCFA.
MR. GREENFIELD: Steve Greenfield, HHS, Office of the Surgeon General.
MS. BOSWELL: I am Donna Boswell from the law firm of [unintelligible].
MS. LUKHORN(?): Brenda Lukhorn, GRW.
MR. LOVERN(?): Jeff Lovern, HHS, Office of Assistant Secretary for [unintelligible].
MS. COLBY(?): Pat Colby, National Center for Health Statistics.
Introduction off mike.
MR. WANG(?): Eric Wang, Social Security Administration.
MR. GATES(?): Garry Gates, Bureau of the Census.
MS. WARD(?): Charole(?) Ward, ACLU.
MS. OSLO(?): Lois Oslo, the American Nurses Association.
MR. BURNSTEIN(?): Chris Burnstein, American Association of Health Clinics.
MS. MULIGAN(?): Charlotte Muligan, AHCPR.
MS. HANNON: Cheryl Hannon, MetraCorp(?).
MR. DEAL(?): Brian Deal with [unintelligible].
MS. LONG: Stacy Long with the National Association of Health Labor Organizations.
Introductions off mike.
MR. BROWN: David Brown, Center for Mental Health Statistics(?).
MS. HOWELL(?): Renny(?) Howell, American Optometric Association.
Introductions off mike.
MR. BURKE(?): John Burke, Health Care Finance Administration.
MS. PICKETT: Donna Pickett, National Center for Health Statistics.
MR. FORCHE(?): Doug Forche, [unintelligible] Health Administration.
MS. ROCKINGHAM(?): [unintelligible] Center for Health Statistics.
MS. WHITE: Gracie White, National Center for Health Statistics.
DR. DETMER: All right, what we want to do at this session, we will start with some updates from the Department as well as from the Data Council of the Department, and then want to essentially have two conversations looking at issues surrounding unique identifiers, because obviously from the Kassebaum/Kennedy legislation we will be obviously needing to address that issue, and then in the afternoon having a similar discussion on privacy and confidentiality. We have had six hearings on that topic and we want to again review what we think some of what we have learned as a result of these efforts.
In addition then we will be breaking out into subcommittee and work groups and then coming back together in the afternoon and then adjourning for today. Tomorrow we will come back, essentially working again, looking at the subcommittee work and then have a panel helping us on the conceptual framework for coding and classification and then essentially housekeeping issues related to future meetings and such.
We are going to have a meeting, a hearing, April 15 and 16 on codes and classifications, a complex issue, and we will be dealing with that as well before we adjourn for this meeting of the 13th and 14th.
We had anticipated having David Garrison here first. He is co-chair of the Data Council. I know he is busy. We will probably, I think in the interest of our agenda just go ahead -- if you do not mind, John -- and let you start and then we will pick David up when he joins us. So, please.
MR. FANNING: Okay, thank you. My part is very brief. As you know, the Secretary of HHS is obliged under the Health Insurance Portability and Accountability Act to make recommendations to the Congress for standards of protection of health information. And that is due one year from the date of enactment and that will be August 12 of this year.
We have begun to prepare our report. We have a working group which is a ready source of input from the agencies and we will also be looking forward to the report of this committee to the Secretary for assistance in formulating our recommendations.
As people know, there were bills about this in the previous Congress and the Administration did take positions on some of the features of those bills and that will be a starting point for our thinking now. And we are especially thankful to the committee for their thoughtful attention to this subject in the six days of hearings that were held and we look forward to the report.
DR. DETMER: Thank you. Any questions for John?
[No response.]
Bill?
DR. BRAITHWAITE: As you all know, I am co-chair of the Health Data Standards Committee of the HHS Data Council, and for the Data Council we are managing the process of implementing the standards part of the administrative simplification section of the Kassebaum/Kennedy bill. And under that effort we are doing a lot of outreach.
This is a very different effort from a typical agency effort where you figure out what the agency needs, draft regulations and issue them and get comments and make final regulations about how people in the outside world deal with you. We are trying to build a consensus effort to develop industry-wide standards for the exchange of administrative and financial transactions electronically.
And in that light, we are doing an outreach program, spending a lot of time going to meetings of various organizations, speaking and getting feedback from them. And we have set up within HHS five teams of people with representatives from all of those interested agencies, including agencies from other departments like the VA and the DOD and OPM and so on, who have a special interest in these kinds of health care transactions.
Those five teams are convening. They are investigating the substance of the existing standards which were in the HISB inventory that was presented to the committee at the last meeting. And we are developing a sort of infrastructure in which to issue these standards.
We have a sixth team called the infrastructure team which is working on a common data dictionary to draw together all of the data definitions from the different standards that exist that we might implement and make sure that they are consistent. We are developing monitoring and outreach programs to make sure that everybody out there knows what we are doing and that we get all the feedback possible in this process.
We have developed a series of, this infrastructure team has developed a series of criteria to evaluate the standards and that has been passed out to all of you. These criteria were approved by the Health Data Standards Committee as our working draft, at least of the criteria on which we will evaluate existing standards.
We are also trying to figure out how to issue these standards in a regular way. We have estimated that we are going to not issue a single regulation which has all 15 or 18 standards that need to be issued, but we will be issuing probably 12, approximately 12 regulations which will serve the purpose of adopting the standards defined in the K2 bill.
In order to make that process smooth we have another team, yet another team of people working on coming up with a consistent pattern, a consistent set of definitions and so on for those regulations so that when the 12 regulations come out they will appear as a package with the content differentiating the different standards that come out. But the boiler(?) plate that is required by law on each of these will be pretty consistent.
The Data Standards Committee meets twice a month and is not only managing the process but identifying those issues which are cross-cutting issues which are difficult policy issues and formulating those and we will be passing those formulations of issues up to the Data Council for decision. And that is the process that we have implemented.
Things are underway. It is a difficult process in a very short time frame but fortunately we have Dave Garrison on our side to keep things moving.
MR. GARRISON: Is that a handoff?
[Laughter.]
DR. DETMER: David, we are happy to have you with us. I do not know if all of the committee members know you. As was mentioned David chairs, co-chairs the Data Council and is principal deputy assistant secretary for Planning and Evaluation. We are pleased to have you with us.
HHS Implementation of PL 104-191, Health Insurance Portability and Accountability Act of 1996, David Garrison, ASPE
MR. GARRISON: It is nice to be here. I gather that the tabloid(?) over here has already begun its report so there is probably some symbolism that is appropriate, to have the experts begin and then have the rookie come in at the end to give his comments. I apologize. I actually thought I was being on time but I can see you are more efficient than we are used to in this building. So I apologize for being a couple of minutes behind your schedule at least.
[Laughter.]
And I appreciate, Don, being here. I am very pleased to be here with my colleagues this morning. And on the Secretary's behalf, as well as the rest of us who work on these issues in the Department, I want to express our appreciation to you all for the excellent work that you have been doing, especially in addressing the new requirements of the Health Insurance Portability and Accountability Act.
And while I was here I wanted to take a few minutes and bring you up to date on some of the Data Council's activities. And I, please excuse me if I read my remarks. I am sufficiently new to the subject matter so that it is safer, I think, if I read that which I have prepared in advance.
As Don says, I co-chair the Council. Actually my co-chair is Bruce Vladik(?) from HCFA. And the Council serves as the Department's focal group for data policy and privacy issues.
The purpose of the Council is to advise the Secretary on data policy issues, to provide a forum for the development and coordination of data policy within the Department and to support a more integrated and cohesive information strategy across HHS. The Council is the Departmental focal point for the administration simplification requirements of the Kennedy/Kassebaum Act and so, obviously, this is one of the Department's and the Council's highest priorities.
We will be giving you status reports on the progress in addressing the administrative simplification provisions of the Act as we go along here this morning so I will skip the detail there. I will say that although the time frames are very tight we are moving forward quickly in health data standards and privacy issues and we have benefited greatly from a very close working relationship with this committee and its chair. In particular, the committee's series of public hearings that were held earlier were very helpful and informative to our staff and the leadership here in the Department.
The Data Council has developed a long term agenda and work plan to focus and guide its activities. We have already shared a copy of the work plan with you and we have begun the process of updating that plan. The themes in the work plan, along with the new HHS responsibilities on the Act, represent our data policy priorities for the Department.
Let me just say a couple things, or a few things about the six major themes of that plan. The six themes are first, to develop and oversee Departmental data collection strategies, including the survey implementation plan, policies for monitoring impact of changes in health and human services' data strategies and race and ethnicity data.
Secondly, to serve as the Department's focal point for addressing the health data standards' provisions of Kennedy/Kassebaum, including the coordination of interdepartmental health data standards' activities and collaboration with the industry, state and local governments and the standards development organizations in the adoption of national standards. These activities relate directly to the Act and you will hear more about them today.
Thirdly, to serve as the focal point for liaison with this committee.
Fourth, to serve as the focus for the Department as regards issues relating to privacy on health and human service information. And here again our major focus is working with you on developing the recommendations for the Secretary to send to Congress as called for in the Act.
Fifth, to provide a forum for coordination of issues and opportunities in health and human services relating to the expanding national information infrastructure. The Council has some exciting activities underway in telemedicine and enhanced health information for consumers.
And sixth, to provide a forum for the development of HHS-wide positions and policies relating to health and human services data and for coordinating HHS responses to data issues raised by external organizations.
I wanted to say a thing or two about each of these six. First, as regards the data collection strategy, the Council is actively engaged in coordinating and overseeing overall Department data collection strategies. There are several areas of activity here including the survey integration plan as well as the Department's research initiative in monitoring the impact of major transformations in health and human services in the nation. And third, we also are focused on strategies for state-level data and race and ethnicity data.
We have a working group to carry out the survey implementation plan and related activities under the auspices of the Council. We are making good progress on the survey implementation plan. It is intended to bring together all major health surveys within the Department into a coordinated strategy and integrated framework. It also addresses major data gaps identified during national reform and increases the analytical capability of the major surveys.
The major elements of the plan include the redesign and automation of the National Health Interview Survey to serve as the sampling nucleus for many of the HHS population surveys. Last year we implemented an ongoing longitudinal panel survey on insurance and expenditures, the so-called Medical Expenditures Panel Survey which we call MEPS, which uses the 1995 National Health Information Survey as the sampling frame.
The household component of the survey is already under way. MEPS will be in the field continually to meet critical data needs. We are expecting to release some initial findings next month so we are already beginning to see the fruits of the effort.
We have also begun the process of coordinating the Department's surveys of employers as well so that, as an example, the National Employer Health Insurance Survey and the insurance follow-up component to the Medical Expenditure's Survey, the MEPS, would be jointly fielded.
We plan to implement joint field operations and common core questionnaires with the Department's major surveys of health care providers. The National Health and Nutrition Examination Survey is being planned for 1998 and it, too, would be designed to use the survey as a sampling frame.
We also are rethinking and developing a conceptual framework for data on health care resources, capacity and the public health infrastructure, including the Department's provider inventories and surveys and analytical data bases. And we would welcome the Committee's advice in these rapidly changing areas.
The second theme on research planning initiatives, at your meeting last fall, Bill Rob(?) described the Department's initiative. It is aimed at insuring that the Department has the capability to monitor the impacts of market and structural changes that are already underway affecting the organization, financing and delivery of health and human services in the U.S. There are a number of major data issues in that area.
During the first stage we asked all our agencies to look at their capabilities and plans in monitoring the impact of transformations in responsive to our workshop at the National Academy of Sciences last December. We are now turning our attention to the second phase of the initiative and we are planning to convene a national research conference in May to address some of the issues in monitoring the impact of transformations. The Data Council is coordinating that activity with the development of the survey integration plan.
The third theme, strategies for state-level data, the Data Council has begun looking at various strategies for obtaining state-level data, both as part of the survey integration plan and more generally. This is an area where there are a number of gaps and issues and we are taking a very broad look.
We are looking particularly at the possibility of developing modular designs for our national surveys that will facilitate state-level estimates and provide a mechanism for states to buy into the national survey efforts to meet their own needs. We are also planning to augment some of our national surveys to provide data on states, especially in the substance abuse area.
We are working with several states and NCVHS to explore the utility of a state telephone survey capability in which telephone survey data can be obtained with data from other sources to improve state-level data. In that regard we are developing survey questionnaire modules relating to health and welfare issues that the state might be interested in using. With the National Academy of Science and others, we also are supporting work in developing public health performance measures for use at national and state levels.
And as regards to race and ethnicity data, this is another high priority for us. We have developed a standing working group on the question in the Data Council whose job it is to review previous recommendations in that area, to identify issues and to make recommendations for a Department-wide approach and strategy.
The second theme in the work plan is in relation to leadership in the promotion and adoption of health data standards. We are moving to address the health data standard's provisions of the new Act and you will hear more about that this morning.
The third theme relates to our work serving as a focal point and a liaison with this committee. This committee reports to the Secretary through the Data Council and advises the Department generally. And on behalf of the Secretary, the Data Council serves as the focal point for relations with the committee.
We have set up mechanisms for the Data Council to interact closely with this committee and we have already begun this relationship. For example, your chair attends our monthly Council meetings. and was very active and helpful yesterday, by the way, including staying behind and gesticulating for some time with members of the committee on the issues we were discussing. I appreciated his concentration on our lively discussion. And the Data Council co-chairs brief this committee as I am doing here today.
We are also trying to bring data policy issues to this committee at an early stage and we are coordinating staff work for the Council and the committee where possible. We envision more of this type of interaction between the two bodies and invite your advice in this area.
The Data Council also serves as the focal point for HHS issues relating to privacy of health and human service information. We have established the position of HHS Privacy Advocate as a focal point for privacy issues and the privacy advocate, John Fanning, is a member of the Data Council and he is also heading up the staff work to develop the health record privacy recommendations that the Secretary is required to submit to Congress within one year according to the new statute. John has already made some comments about that, I suspect, before I got here.
In addition, we have established an interagency working group on privacy that is examining the special issues involved in the design of legal protection for health information created by computerization, telecommunications and organizational changes in health care.
The Data Council also provides a forum for coordination of issues and opportunities in health and human services relating to the expanding national information infrastructure. The Council has begun examining the opportunities for health care applications in the national information infrastructure including telemedicine, enhanced computer health information, and improved methods of disseminating information electronically.
The Data Council is overseeing the Department's activities relating to a directive from the Vice President to us to lead interagency efforts in four areas; health data standards, health information privacy, telemedicine and enhanced health information for consumers. We have established interagency working groups in all of these areas and we have sent a status report to the Vice President on the progress so far.
There are a number of exciting developments in the telemedicine area, and in the consumer health information area we are developing a health finder which I believe was demonstrated before the meeting -- was it not, yesterday, Jim -- which is a new collaborative Web site that provides access to many of the consumer health information resources of the Department and other federal agencies.
The final area of the Data Council's responsibility relates to providing a Department-wide forum for the development of HHS-wide positions and policies relating to health and human service data and for coordinated HHS responses to data issues raised by external organizations. The Council has begun coordinating HHS activities relating to a wide variety of data policy issues in HHS, including legislative proposals relating to health information policy and privacy and HHS involvement in international health data and data standards' activities.
We have also established a working group chaired by Don Lindburg(?), who is the director of the National Library of Medicine, to coordinate the Department's activities in the international health data area, especially on several joint projects with the G-7 nations.
These areas, along with the new HHS responsibilities under the new Act, represent our data policy priorities in HHS. And as I said, we are working very closely with this committee in these areas and we certainly invite your advice and counsel.
We are excited about the opportunities in the national health data policy, and privacy afforded by the new legislation and we are very pleased to have this committee working with us and advising us on all of these challenging issues. We look forward to working closely with you on health data and health information policy issues in the month ahead. And I look forward to having you, Mr. Chairman, join us in our Data Council meetings as often as you can find the time to join us. Your support in our activities is very much appreciated and we look forward to working with you a lot in the future. Thanks very much for letting me come.
DR. DETMER: Well, we are particularly delighted to have you here. I think, as everyone could hear, you have a very full plate. I just do want to assure the committee members, in fact, actually, Kathleen Frawley was kind enough to go to one of the sessions that I was unable to attend, that I think we have been really welcomed to the Data Council meetings and would just like to express appreciation for the way that is working.
Are there questions or comments at this time for David?
[No response.]
Okay, well, thank you very much and we will obviously be staying in close touch.
MR. GARRISON: Thanks, Don.
DR. DETMER: All right, I think at this point it is early enough, actually, that I think rather than taking a break at this point I would like to go ahead and move on in, if that is okay with you, Bill, to issues surrounding unique identifiers.
While he is walking over to the overheads, at one point we were contemplating just talking about the personal identifier issue, but we felt like all of these identifiers that are mandated, it would probably be worth reviewing since really at our next meeting and such we are going to have to start closing in on some of our recommendations. So, with that, Bill Braithwaite.
DR. BRAITHWAITE: I brought some reading material.
DR. DETMER: That's all?
DR. BRAITHWAITE: We are recording this for the transcript so I have to wear one of these silly things. Yes, that is all, but that is only on one of the identifiers.
[Laughter.]
And this is only what has been done recently. I am going to approach the unique identifier's issue in the context of the Health Insurance Portability and Accountability Act of 1996, also called the HIPA, also called HR 3103 -- which was sort of the House bill where it came from -- also called the Kassebaum/Kennedy bill, also called the Kennedy/Kassebaum bill depending on your political affiliation. And because in this Department that sometimes switches we are calling it the K2 bill, just to be clear when you hear all of these things. I should have put HIPA on the slide, too, because that is also how it is referred to.
It is now Public Law 104-191 and we are talking about Title II, Subtitle F, Administrative Simplification Standards is the bottom line. Administrative Simplification, we tried to make that into two letters, too, but we did not like the way it sounded so --
[Laughter.]
Okay, unique health identifiers. Okay, the law says that the Secretary shall adopt standards providing for a standard unique health identifier for each individual, employer, health plan and health care provider for use in the health care system. Okay, so that is what we are about today.
In carrying out this paragraph, this sentence, for each health care and health care provider the Secretary shall take into account multiple uses for identifiers, multiple locations and speciality classifications for health care providers. It also says, the standards adopted shall specify the purposes for which a unique health identifier may be used. So it is not enough to say, here is a standard for identifiers. We have to say what it can be used for and there are provisions in the law to punish people who do not use it within the realm of those requirements.
Now the American National Standards Institute has standard developing organizations, NCSDOs for short, and, of course, this is the National Committee on Vital and Health Statistics, and they have a role in the law as well. With some exceptions, like when a standard does not exist, any standard adopted under this part shall be a standard that has been developed, adopted or modified by a standard setting organization. And the definition of a standard setting organization means, it says in the law that it is an organization that has been accredited by the American National Standards Institute to develop standards.
Now, you know, why go through all those words? Well, the reason to go through all those words is that there is something called an ANCE-standard and that is not what this means. An ANCE-standard is a standard that has been used for a while and has gone through a several year voting process and is finally accredited as an ANCE-standard, but nobody uses them.
What they use are trial standards, standards which have been adopted by these ANCE-SDOs and then they are put in use and over some years everybody starts to use them and then finally they get accredited as ANCE-standards. But I wanted to make sure that everybody understood that what we are talking about here is those standards issued by SDOs have not necessarily gone through the whole process.
The law also says that in complying with the requirements of this part the Secretary shall rely on the recommendations of the National Committee on Vital and Health Statistics. There is a special role for this committee in the law and that is one of the reasons we are here.
One of the first things we did was talk to the Health Informatics Standards Board of ANCE, the ANCE-HISB -- I think I could do this whole presentation in three and four-letter acronyms and not use a single English word in the process. For individuals the ANCE-HISB inventory says there is, in fact, an ANCE standard for individual identifiers called ASTM, E-1714.
This is one of the many volumes of ASTM standards. And fortunately, the part of it that you will likely have to read at some point in this process about individual identifiers is not very large. So I apologize for misleading you about how much reading material you have to go through.
The standard in the ASTM about individual identifiers is a standard guide for properties of a universal health care identifier, of course the four-letter acronym, a UHID.
Well, in addition to that there are some non standard options listed by the ANCE inventory: the Social Security number; various biometric identifiers like fingerprints and retinal scans and iris patterns and hand configurations, those kinds of things; a directory service which is like a registry of where your information is under various identifiers but not requiring every piece of information to have the same identifier; a personal immutable property -- here they are talking about things like birthplace and date of birth and your mother's maiden name, you know, the usual kinds of, not Social Security number because that is not immutable according to this standard -- and then there is the concept of putting together a unique identifier for a practitioner and the current unique identifier within a practitioner's health records' system, the medical record number, the combination of those two, it is thought that it might be unique; and then there are public key, private key, cryptography methods discussed as alternatives.
But, of course, that list of alternatives is not standards. The standard, which is essentially a set of guidelines, goes on to list the properties of a national system for creating universal health care identifiers for the whole U.S. population. The functions anticipated, you know, we have to specify the allowable functions and usage, the functions anticipated for this are a positive identifier for each individual for clinical care, the ability for automated linkage of records on the same patient, a security mechanism to protect information and a cost effective technology for handling patient records. Those were the major considerations in putting together their criteria.
Now because they did not specify a standard but specified a set of criteria, I will go through that set of criteria for you very briefly. My apologies if I have shortened the relatively long description of each of these into a single phrase but that is what you have to do with slides and with presentations like this in a short period of time.
These are arrayed, interestingly enough, not in priority order but alphabetical by their one-word description. So when we get down to the Ms and the Ns, you will know that we are half-way through.
The identifier for individuals has to be accessible. That is, it has to be available whenever and wherever it is required for assignment. An obvious requirement.
It has to be assignable. That is, there has to be a trusted authority somewhere who can assign that number to a person when it is needed.
And it should be atomic, that is, a single data item without sub elements. They feel that it is important that this be a unique identifier that is not made up of, for example, the digits representing the first four characters of a person's last name plus their birth date plus, you know, something like that. It is supposed to be atomic.
It is supposed to be concise. Of course we would all like that. Short as possible to minimize errors and the amount of time necessary to put it in manually, transmit it electronically and store it electronically.
It should be content free. Now that is a surprising one to some people. Not that the information that it refers to should be content free but the number itself, the identifier itself should be free of any content and particularly not dependent on any information that might change over time, like a person's name.
It should be controllable. The patient information is considered confidential and it can be ensured by having only trusted authorities able to provide a link between the numbers which identify that information and the numbers which identify the patient, which could be different. And, if there were a trusted authority who make that connection when it was necessary.
It should, of course, be cost effective and that is one of the major rules of the K2 administrative simplification part. We have to come up with standards which are cost effective and provide a minimum investment to create and maintain these things.
Well, we are up to the Ds. You can imagine, this is a piece of work. It has to be deployable. That is, it has to be implementable using a variety of technologies, not dependent on any one of them.
It has to be dis-identifiable. That is, you need to be able to create an arbitrary number of encrypted versions of it so that you can attach that identifying number to a piece of information which would not, by itself, tell you what patient it belonged to, but there would be a way to tie them together through the trusted entity.
It should be focused, that is created and used solely for supporting health care. They felt it was very important not to adopt something that had lots of other uses because there were privacy and confidentiality risks in doing that.
It should be governed. There should be an assumed governmental oversight agency to set policy and manage the trusted authority. I guess their concept was that the trusted authority would not necessarily be a government agency of any kind but that it would be managed by a government agency.
The identifier had to be identifiable. That was a little tricky. In other words, what they are trying to say is that the identifier has to have some method of connecting it to an individual. It has to have some associated information, presumably in the data base of the trusted entity, which can identify an individual such as the name and the birth date and the gender and all those kinds of things.
It has to be incremental. That is, you have to be able to implement it in a phased manner, not have to assign a number to all 260 residents of our country all at once but be able to do it by institution or by geographic area or some other method of bringing this in incrementally.
Here is an M, we are getting close. It is linkable. That means that information that is created about an individual using one of these identifiers can be linked to other information on the same individual with an associated identifier. It may not be, in fact, the same one. It may be an encrypted version.
It should have longevity. There should be no limitations for the foreseeable future. That is you should predict the number of people that will be covered by this identifier into the foreseeable future and build a system that can cover them all.
It should be mappable. During the implementation you should be able to create bidirectional linkages between the current methods of identifying information about patients with this new identification method.
It has to be mergeable. That is, if by chance, the unlikely chance, that the same person ends up with multiple identifiers, you have to be able to take that information and make sure that it is known to the system, particularly the provider, as information about a single individual.
It should be networked. That is the services from this trusted agency that supplies these identifier services should be available over a network to everyone in the country.
It should be permanent. Which means if somebody dies the number is never reused. If, for example, you had a person who ended up with two numbers, you make all the information go into one of those numbers and you do not ever use the other one again. Okay? So, not only do we have to have a number that will cover every individual in the country for the foreseeable future, but you cannot ever reuse a number.
It has to be public in the sense that the identifier itself is something that an individual can reveal to friends, providers and so on, but there can be encrypted versions of that identifier that are not necessarily public, but could be related to the original identifier by the trusted authority.
It should be repository-based. That means there should be a secure, permanent repository that contains all these identifiers, the identification of the patient they belong to and the methods for encrypting and decrypting and functions to support the linkages. And all of that stuff should be closely, very closely held. Otherwise it would not be a trusted entity, of course.
We are down to the Rs. It should be retroactive. That is you should be able to go back and assign these new numbers to all currently existing people and their records. It should be secure. The creation and encryption of these, especially the encrypted versions of the identifiers to reveal the identity and the maintenance of the encryption methods and so on, should be performed securely by the trusted authority.
It should be splitable. That is if the same identifier happens to be assigned to two different people -- which is never supposed to happen -- but if it happens, there has to be a method for splitting those records between two people, obviously by assigning a new identifier to each of the two people, retiring the old one and splitting the records to go across them.
It should be standard. That is it should be as compatible as possible with the existing and emerging standards. And, of course, we are going to have to build it into all of the standards that we use for other transactions that we are required to produce standards for under the K2 bill so that meets that requirement.
It should be unambiguous. Whether it is automated or handwritten, there should be a minimal risk for misinterpretation. Well, that is a little fuzzy on its face, but what they are talking about here is adding something like a check digit that makes sure that when you write it down by hand and you put it into a machine the machine can check to make sure that in fact this is a valid UHID and not some random number. So there is an algorithm to check all that to make sure, in fact, that it is not a random number.
And it should be unique. There should be one and only one to every one. Sorry, but I had to take that whole paragraph and make it into a short phrase.
Here we ago, the last slide of these. It should be universal. There should be one for every living person now and for the foreseeable future.
It should be usable, which by that they mean processable by both manual and automated means which, of course, means that you cannot have a 256 digit number or some complex alphanumeric combination that people cannot use or express on a telephone keypad, for example.
And, it must be verifiable. That is -- that seems a little redundant -- but you can test it to make sure that it is valid.
What do you do in the meantime? When you have somebody and you do not know what their identifier is there has to be a method for assigning temporary identifiers. But they are leaving that up to each institution in this guide, but they are making sure that each institution is again responsible for assigning the true UHID to each person's information once that identifier is known.
Well, that is the guide in its short form. They also talk about options for candidate UHIDs. And they talk about the Social Security number, for example. They evaluate it, they list all of the good things about it, they list all the bad things about it and they conclude that in its current state it is not an appropriate UHID or even an appropriate basis for a UHID.
They talk about fingerprints. There are mechanisms even since this report for getting biometric identifiers and for crunching the characteristics of your fingerprint or your iris pattern or whatever down to a number which will be unique for every individual. Unfortunately that number is probably in the 256 to 512 digit range and does not meet some of the criteria. Fingerprints are probably also socially unacceptable.
There are other biometric identifiers which may be socially acceptable, in several conversations I have had with people at least, but they do not discuss or evaluate them in the ASTM standard.
They did describe an imaginative scheme which takes the date of birth and the geographic location of birth as indicated by the longitude and the latitude and then a sequence. So in a particular place on this earth on a particular day only so many people are born, and you number them 1 through n and that is your unique identifier for life. That is a very interesting idea. They did not evaluate that against their criteria but they pointed it out as an imaginative scheme.
They also evaluated some other countries' ideas, looking at how Sweden and Denmark do this. But basically, it is, you know, date of birth and a bunch of other stuff so they did not really do much evaluation of that.
They did, however, do something that I have been hoping to see in many other of these kinds of standards. They actually laid out what would a sample UHID look like, what would their ideal look like?
So their ideal is a sixteen-digit sequential number, plus a delimiter(?) like a period or an asterisk, plus a six-digit check digit field that is the thing that you check to make sure nobody did a manual transposition in the first sixteen digits, plus a six-digit identifier which describes which encryption scheme was used to produce this. Now, if it is the true UHID the encryption scheme is zero and you are allowed to take off all the leading zeros in order to make it a currently usable number.
So if you count up the number of people in the country and you count the number of digits it takes to identify those and then you put in a period and six check digits, that tells you how big the number has to be today. Which isn't all that much different from what we use on our credit cards and everything. I still do not remember my credit card number but I am close. I might be able to remember this if I ever had to use it.
There are actually two implementations going on right now in VA hospitals in Florida. The feedback from them is that they tried to use Social Security number which is what the VA typically uses. They found a great deal of difficulty in using that with bad numbers and no numbers and duplicates and things like that. And so they went to this standard and have implemented it and they are very pleased with it. As far as I know they are the only two implementations that have been attempted.
DR. DETMER: How long as that been?
DR. BRAITHWAITE: Two years, I think, since they started that. I do not know at what stage they are in in the implementation.
All right, that is one standard for the unique identifier for an individual. Yes, Clem?
DR. MC DONALD: I think that standard actually either permits or encourages multiple numbers per use per individual.
DR. BRAITHWAITE: It encourages multiple number per individual in the sense that they are encrypted versions of the single identifier. That is how I understand it anyhow.
The work group on Electronic Data Interchange produced a report in 1993 which laid out the benefits for having unique identifiers. You have all heard them. They simplify administrative tasks and speed up transactions, reduce the hassles of accuracy and improve the accuracy for more uniformity of health data, enhance the ability to detect health care fraud and streamline the health care system, the access to the system and the security procedures necessary to support privacy.
What they recommended in that report was that the Social Security number be used with the addition of a check digit. They also suggested appending some encryption elements, sort of along the lines of the ASTM standard so that multiple identifiers could be created as appropriate but still be decrypted by some trusted authority back to the original Social Security number.
Although that was their recommendation it was not a very strong recommendation. They said there were still lots of problems with it and the Social Security Administration -- excuse me, Derrick(?) -- would have to do a lot to make their system better because there were lots of problems with the current system.
They also suggested using Social Security number for individual providers as their identifier and using the tax identification number for provider organizations as their identifier. And they suggested using the National Association of Insurance Commissioners' company code model expanded to cover all payers as the unique identifier for payers in the health care system.
That theme was picked up and expanded upon by the computer-based Patient Record Institute where 1996 recommendations said that the concept of the lifetime health record, logically containing health data from all sources, when authorized by the patient is key to delivering high quality, cost effective care. That is the reason for even attempting to do this.
Uniquely identifying each person and that person's health data is the most reliable method of ensuring that providers have accurate and complete information on which to base their patient care decisions. They felt it was critical to implement as soon as possible this unique identifier for individuals.
However, in saying that they would like to adopt the Social Security number they said there were certain considerations -- is how they put it -- that had to be dealt with, the first one of which was confidentiality and security. What is lacking now, they said, was enforceable policies for making information keyed on Social Security number confidential.
They said that preventing damaging linkage between pieces of information and an individual depends not on the form of the identifier but on the privacy and protection laws, anti-discrimination laws and system security to prevent unauthorized accesses.
Again, a trusted authority must maintain the identifier system and the Social Security Administration was identified as the logical choice for doing that as long as they improve their system so that it could be used in the health care area.
They went on to specify that the uniqueness of the Social Security number with the check digit should be guaranteed. The cost benefit of using the Social Security Administration was clear because they felt, and did some analysis on this, that the creation of a brand new system for numbering everybody in the country would be much more expensive than adapting and spinning off of what the SSA already does.
And, they thought that education of the public about health information, how it is identified, how it is used and how it should be kept confidential and secure was very important, and then they put in an item about the Lou Harris poll in 1993 that showed that the majority of the population favored the use of the Social Security number as the unique health identifier.
There is a fourth approach to this whole thing which is not to uniquely identify each piece of information with a unique identifier for an individual but to have what is in essence a virtual unique identifier for each individual in the country and then provide a community level index to that information that is held by the various provider organizations that already exist.
They say that, and this is supported by the Foundation for Health Care Quality and a couple of other organizations, their proposal is to combine unique patient identifiers in existing systems with a unique provider identifier and then at a community level index the location of those records. It assumes the existence of a private, scalable, extensible and secure network, not the World Wide Web, obviously, but some variation on that perhaps, and they assume that at this central indexing base there will be a minimum amount of information necessary to expedite the location and the retrieval of selected administrative and/or clinical information.
The master patient index maintains information to uniquely identify the individuals in a community and they get that from multiple sources. And, of course, this must be also a trusted authority which protects the integrity and confidentiality of that information.
There are others but I think you get the point. There is a lot of variation out there, there are a lot of ideas, there is no conclusion across the country and across organizations about how we ought to do this. But there is a very good study that just came out a week or two ago called For the Record: Protecting Electronic Health Information. It is a National Research Council report which talks a little bit about universal health identifiers and talks a little bit about their benefits and risks.
It particularly says that any effort to weigh the advantages of using a unique identifier on health information against the privacy concerns must be evaluated against specific criteria. And those criteria are that there should be an explicit policy framework for defining what privacy and confidentiality means in this context. There should be a mechanism for facilitating the identification of all parties who link records together. That is, we want to know who the people are who are putting these records together in case we find out something bad is going on; we know who did it. And, it should be unidirectional. That is -- although they said this was technically difficult at the moment, they felt it would not be technically difficult in the near future -- that is you should be able to link records together on an individual given some information about that individual, like a unique identifier, but you should not be able to identify who the information is about just by looking at the linked information. That may make you interested in actually reading the report.
They do say that the practical implementation of this is difficult with current technology. They did not say it was impossible, they just said it was difficult. By difficult most of these people, when they say this in various conversations, they mean expensive, very expensive.
The Social Security number, obviously, is already in use as an identifier in many health care records. We have received communications from the Health Insurance Association of America to say that basically the Social Security number is either used as a unique identifier by the health insurance industry, including the government, HCFA, DOD, most VAs, or it is an identifier that is in the medical record right now even if it is not used as the unique identifier for a particular record.
But there is this threat of linkages to other records because Social Security records, employment records, financial records and driver's records these days all are linked and available electronically using the Social Security number. Although, of course, there are various security procedures available for each of those, there still is the threat of linkage that must be considered.
They endorse the concept that if you used a different number in each data base to uniquely identify an individual it would make it much more difficult to link records together and make a mess of people's lives with that. And there are cryptographic methods for doing this. They did not really talk much more about that. They felt this was beyond the scope of their report. But obviously it refers back to some of the criteria that you see in the ASTM guide about being able to encrypt identifiers and still having some trusted means of putting them together.
DR. DETMER: Is this the first rough on the -- what is your next one there, the visual?
DR. BRAITHWAITE: The next one, I think you are talking about other --
DR. DETMER: Okay, good. Let's do this. What I think we should do is let's take a break and then let's come in and have some discussion about this before you then move on to the others. Does that sound fair to everyone?
DR. BRAITHWAITE: It sounds fine but I really only have one more slide.
DR. DETMER: Oh, really?
DR. BRAITHWAITE: We will have a discussion about these other things, but, in fact, it got too late last night and I did not get around to doing the same kind of research for those other things, except to say there are no standards for the other identifiers, okay? But there are existing, a whole variety of existing identifiers that are used for all of these other folks that have been considered.
And fortunately, there has been an ongoing effort for at least two of those, maybe even three of them, by HCFA for Medicare purposes. There has been a unique identifier, a national provider identifier project and a payer identifier project ongoing. They have gone through the process of developing what is considered by the industry and by virtually everybody I have heard, talked to -- which is quite a number of people at this point -- that these are probably the best systems for identifying these entities in existence at this point.
They were drafted, of course, to support the needs of the Medicare system and after the K2 bill was passed they are now in the process of being redrafted and pushed through the process so that they can be issued as K2 standards. And I expect actually that these two standards will be the first K2 standards that the Department will be able to release because they are so far along.
DR. DETMER: Well, in fact, that is going to be considered in the subcommittee discussion at this meeting to get our sense of how we would relate to that one at this point.
DR. BRAITHWAITE: Okay, so with that we can take our break.
DR. DETMER: Okay, that is great. Let's do that and then we will come back and get into some dialogue on this. Thank you very much.
[Brief recess.]
DR. DETMER: I want us to open this up for some discussion. We have had some testimony as well in the hearings that we have had also on this topic.
Another point of information, that the Data Council is pursuing with its G-7 activity to look at what Europe is doing actually with smart card technology, which has been around for a long time except that the Germans, the French and it looks like the Italians are now issuing these in the tens of millions and essentially will have at least a population covered roughly the size of the U.S. with a technology that does not answer the question of what number but does have a way of interfacing such a thing. And I think I just wanted the committee to know that the Department is going to be looking at that issue and I think we will want to interface with that discussion as well. It is just a point of information at this point.
Anyway, it seems like we have these sets of unique identifiers that we will need to make recommendations on and in some respects perhaps, it looks to me at least but I will be interested in the committee's reactions as well as our colleagues reactions, that the provider identifier -- none of these are simple; none of these are without their controversy and positions, if you will -- but it seems that the provider one may, in fact, be the easier of the three, the cleaner of the three, and payer and up to probably the issue of personal identifiers.
So I would like to have us first talk about the personal identifier because that was the bulk of the presentation. And, I think, Bill, if we could get a copy of your visuals? Would that be --
DR. BRAITHWAITE: Yes, they are making copies now.
DR. DETMER: Thanks very much. So, let's open that up but before we finish this conversation I would like to have us talk about all three of these. So who would like to start with either question or comment? Clem?
DR. MC DONALD: I think the argument, there is really a three phase argument -- well, at least to clarify the arguments pro and con or get them delineated -- and Social Security is often kind of knocked down a bit, and I think maybe unfairly, because, I don't know, if you look at hospital number systems and you talk about duplicates and misidentifiers it is much higher than the Social Security number system. So, big number systems are problematic in getting everything right so we should start with that.
But I think there is a coherent argument to say that, depending on how one considers a threat on privacy, to say that one should have no common identifier. I think that is coherent. I am not taking a position on it.
But what often gets tangled in, people say we should not have a Social Security number because it would be one patient identifier, and the Social Security number I do not think adds any substantial risk beyond having a number because any other number that is widely out there and passed around in commerce will have all that same kind of risk. So it is going to really require in either case some legal and administrative sanctions to reduce the connections.
And when you see that NPI(?) proposal, what it is really saying is it is pretty easy to at least statistically link patients or people on the basis of other keys. So whatever key is out there they will be able to get a cross link.
So, if there are going to be arguments, it should be we should not have one at all or we should have one. Then when we have one, it seems to me it is hard to beat Social Security number and some variance on it.
DR. DETMER: Correct me if I am wrong, but I think the legislation essentially says we will make a recommendation.
DR. MC DONALD: Oh, I was talking about the larger arguments that one hears.
DR. DETMER: I think your point is an interesting one, but I think for our particular circumstance of charge to us is to, I think, recommend one. Is that your understanding of the law? Okay.
I am interested to see how the rest of you feel about this issue of if you have a number what you really need are protections for the number. And that is what I am hearing you say, that whatever number you choose has clear down sides to it, if you will, depending on guarantees or systems that help support its security and penalties if that is abused. Is that what --
DR. MC DONALD: That is what I am saying.
DR. DETMER: Before we move on to other questions, how do people relate to that issue? John?
DR. LUMPKIN: Well, first I think we need to come back to why we are doing this. I spent most of my clinical career working in the emergency department and the biggest nightmare is to have a patient who is in front of you who you know nothing about and no way to get any medical history. And if we go through all of this and we cannot get any closer than that then we really have not accomplished much.
I think the issue comes down to the security of the individual record, not whether or not you can approximate. If you have somebody's death certificate and you have a record without a name on their hospital discharge, I can tell you with a high degree of confidence I can match those two records. But we do not let out copies of the death certificate in Illinois just for the asking. That record is secure.
So even though the linkage ability -- which can occur on any number of things which do not include Social Security number -- is possible if the records are not secure. In the paper world if someone knows someone's name they cannot walk into a hospital medical record's department and pull out that person's hospital record. However, if the clerk who works there knows the person's name or their Social Security number or whatever identifier and they want to check up on their neighbor, confidentiality will be breached.
And so I think we have to be careful that while an electronic system enables search, in order to do search you have to have access. And access is an issue of security, not, I believe, of confidentiality or risk. And the numbers in the electronic system may enhance the ability of people to get access but I think it also enables us to have the technology to obscure that access and prevent that access also.
So I am in favor of a simple number, one that many patients can recognize but also one that is accessible to the vast majority of the practitioners and the patients who will be using them.
DR. DETMER: Bob.
MR. GELLMAN: I have a very simple position on this. I am against everything. I am against the Social Security number, I am against the different number and I am against not having a number.
[Laughter.]
I think that from a privacy perspective -- and that is not the only perspective that is relevant -- from a privacy perspective everything has drawbacks and I think that the issue is not the number, it is not the identification scheme, it is who can use data, when they can access it and the number is irrelevant to that.
If you have a set of controls for information then all the concerns about linkage and everything else are not important. You are always worried about people, you know, hacking through a system or doing things that are illegal or improper. That is going to go on no matter what. And I just think that from a privacy perspective that you can make strong arguments against everything.
This is an extremely emotional issue and as soon as you start talking about Social Security number people just think that is the worst thing in the world and it is a very difficult issue to deal with one way or another.
My other criteria here for decision making is sort of first, do no harm. And the thing that bothers me the most is creating another number. There is an incredible demand out there from other segments for a unique identifier. We see this, that is why the Social Security number has been jumped on by the Congress and by everybody else for different purposes. And the notion that a health identifier could be used only for health purposes is a, politically naive and b, when you look at all the people that will have a health identifier, it is at least half the economy -- employers, insurers, everybody else -- so that all the legitimate users of the health identifier is pretty much everybody to begin with.
So, that is one of the reasons I come to the conclusion, and I just make the other point, if you do not have a number at all and you create the method of linking records without having numbers, it is just as bad as if you had a number anyway. It may even be worse. So that is why I say, I am against everything.
DR. DETMER: Simon.
DR. COHN: Actually I like Mr. Gellman's comment.
[Laughter.]
DR. DETMER: If everyone feels that way we can just quit right now.
DR. COHN: I was actually sitting here mulling over the issues and certainly the thing one is struck by is that there is a lack of national consensus around the area of unique patient identifier. I certainly, as I listen to Mr. Gellman I am reminded very strongly that the issue is much less a technical question of what the number is, I mean, we can make almost any number work if there are the appropriate security and confidentiality and privacy safeguards in place. And I think that the issues that we are all aware of that occur around this are all release privacy and confidentiality issues.
It actually reminded me very strongly that before we can adequately address this issue even we need to have in place our recommendations on privacy and confidentiality and be constantly thinking, well, will this work if we have a unique identifier? And once we have those privacy recommendations in place, security and privacy recommendations, then I think we can begin to move in that area. But without those in place I would have to be against everything, too.
DR. DETMER: Let me ask you a question because I think I understand your answer already in prospect, but there are obviously cost implications clearly depending on which number you might select, right?
DR. MC DONALD: Well, I would like actually to agree with Mr. Gellman because I think that is the coherent position. That is, it is coherent to say you do not want to take any risk in security. But once you have done, once you have decided you are going to connect everybody the risk differences are not severe.
The Social Security number does have this lightning rod sort of effect though. It just has all the, it attracts emotional risk reaction so I think he is absolutely right. But I am for everything, actually, as a result.
[Laughter.]
DR. DETMER: Well, at least that is at the other end of the thing. Barbara.
DR. STARFIELD: Well, we have a chicken and egg problem, which becomes for us privacy, confidentiality, security and the number and it is a little hard to deal with security access issues if you do not know what number you are dealing with because the issues will be different.
I sort of, I think, come down with Clem in that the population certainly accepts the Social Security number for everything else but health, and I guess they accept it for health, too, if you believe the Lou Harris poll. You know, we use the Social Security number for everything. It is linkable. I mean every day I give it out three times.
PARTICIPANT: I remember it.
DR. STARFIELD: Yes, I remember it. So, it seems to me it would really help our work if we could come to grips with what number we think is the best, and I personally believe it is the Social Security number plus other things, too, and then quickly get to the other issues.
DR. DETMER: Well, you know, as a matter of record, before I came on as chair I think actually that is the position of this committee already on record. Now I guess we could actually, you know, but that has been something that the prior group has discussed and, in fact, recommended at one point. Isn't that correct?
[Affirmative responses.]
PARTICIPANT: I think the core data, that is --
DR. DETMER: Yes, the core data set which was approved by this committee --
DR. STARFIELD: Right, and the previous uniform data sets. I mean, recognizing the issues and the requirements and et cetera, but yes.
DR. DETMER: Okay, let's open this up for other issues relating to this, or, Bill, other things that you would want to add from your own. You have kind of reviewed the waterfront but other perspectives that you might want to add as well.
DR. BRAITHWAITE: I am sort of trying to stay neutral on this and try to figure out where the possibilities lie to resolve the differences between one end of the table and the other.
DR. DETMER: The middle is open.
[Laughter.]
DR. BRAITHWAITE: That is why I am here, yes. It seems to me that if you decide to follow the previous recommendation of this committee that the Social Security number is the appropriate unique identifier for health for individuals then you might think about then the ASTM recommendations and the similar recommendations that were come to by other organizations to allow that to go through a secure encryption process so that numbers which cannot be tied to an individual except through a very secure decryption process by a trusted authority could be used for certain kinds of health information where the individuals and/or the providers felt that it was important to take particular care with that information. It is sort of a compromise in the sense that you are using the Social Security number as the public identifier but allowing an encrypted version for special purposes.
MS. GREENBERG: Actually I think that was to some degree part of the committee's recommendation.
DR. DETMER: We will get that around to everyone again just to refresh your memories if you do not have all of that available to you. Bob?
MR. GELLMAN: I just want to suggest perhaps a way to go with this is not the right number but what is the standard or standards that you want to apply in making the decision? It is clear privacy is one element in this and, you know, you may or may not agree with my conclusion that privacy sort of argues against all positions so it may not be a criteria for a decision.
Cost is another factor that has some relevance. It may not be of primary concern to us but it is not irrelevant. And if there is some way of estimating or making judgements about the costs of different alternatives, that is important.
And there are other factors just in terms of, you know, it is an element of cost but under various scenarios what do people have to do to implement this? What kinds of changes are required in various systems? How long will it take to do? What institutional changes will be required, I mean, creating a trusted authority?
And there may be a bunch of other criteria and maybe, you know, you do a matrix of here are your criteria and here are the different major alternatives and which ones, you know, argue here, there and see if you come out with something. At least it is a more organized way of trying to reach a conclusion.
MS. WARD: I think the other thing to be clear about is, having sat through many of the hearings, is that one of the threads we also hear is that there will be some sort of access linkage disclosure related to a number that will allow a portion of our industry to discriminate against, to refuse service to, and I think that we have to acknowledge that, in fact, the number is not the threat in that issue.
The issue is that this country still decides that it will discriminate and it has a policy that says, we allocate health care to certain groups and we do not have a universal health care. And I think we also have to be very honest, that we do not get caught up in that argument that an identifier will solve the problem of the fact that we do ration health care.
MR. SCANLON: I have a question for Bill. Bill, to what extent are approaches like the master patient index, which do not necessarily result in a unique ID number but they result in a unique identification system I suppose, to what extent is that equivalent, more or less, or a realistic approach to a unique one?
DR. BRAITHWAITE: I think those proposals produce a virtual unique identifier for each individual and I do not think there is any more safety from the privacy perspective in doing it that way then there is in assigning a unique identifier. It just adds another layer of overhead that is more expensive. That is my --
MR. SCANLON: -- provider ID followed by, with --
DR. MC DONALD: On an NPI, we have tried to build one within a community and the Social Security number is what makes that possible because you increase your yield of hits high enough, they don't make mistakes matching patients.
But the bigger thing, I think, is if we focus on the number, there is a tactical issue here, if we focus on the number we create a lightning rod. I think we should focus on the protections to the number and then we would end up with, and then the number does not become such a fuss. But I think, you know, like the ASTM, that was really a fairly small committee. I objected to the particular definition and never got a response, which in some sense makes it an illegal standard. You are supposed to get a response to every standard. They had no justification where they came up with six digits for the check digiting, why that went up to, why not use, you know, there are a lot of issues in there.
And the business, some of what, as I recall -- it has been a while back -- it really would engender a system where it would be very, very hard to combine patients under emergency care without assuming an awful lot of technology advance in the country. I mean, you really are assuming an awful lot, if anyone has been in a Medicaid state which has just recently gone HMO and they have all of this little, you know, these swipe cards, and realize the problems you have with those things even with a simple technology without encryption, I would not know that we would get to this ability to take care of patients in emergency rooms well if we end up starting out with a highly encrypted, multi-numbered, half-hidden sort of a system. So at least go cautiously in that direction.
DR. DETMER: Kathleen, did you want to --
MS. FRAWLEY: I was just going to say, just want to follow up on Clem's comment and also Bob's, I think that putting the number aside, it is really building, you know, protections in the entire system.
Elizabeth and I were on the NRC committee and spent a lot of time, I mean we were just truly amazed, as much of us who work in the health care system, to see where information is flowing out all over the place, I mean to people that we never even contemplated. And the more people that we interviewed the more people that we had to bring in to try and find out, you know, what their uses were and, you know, what kind of notice, if any, was given to consumers. And what we found in many situations, the consumers had absolutely no knowledge whatsoever of, you know, where their information was flowing or the possible uses or abuses of the information. So, I mean, I think if the committee was going to say, you know, we recommend Social Security number and we are moving forward, without all those other protections in place, I mean, I truly believe it is not the number, it is all the other things that flow out in terms of the possible abuses, in terms of the linkage and the disclosure.
DR. DETMER: Well, we heard certainly some of those same things actually at the hearings that we have had. John and then Simon.
DR. LUMPKIN: I think what I was going to say has been said.
DR. COHN: I think the only comment I was going to make had to do with the previous work of the NCVHS. I would actually, I am well aware of the recommendations but I would welcome having the opportunity to review all the supporting documentation around it just because I think that there are some basic questions that we probably need to review around. For example, the NPI question versus a unique identifier and various cost issues around that. It may deserve some further looking at as we move forward. You know, questions of whether it would cost more to fix the Social Security number versus coming up with some sort of a multi-data element approach to do it and what the ramifications are.
DR. STARFIELD: Yes, question. How do the other countries, I mean, do they link their, you know, that smart card number to other numbers that are used in the systems or is it different? Just for information.
DR. DETMER: In fact that is what the Data Council concluded yesterday, was that they were literally going to find out what are all those various countries using it for at this point and what do they project to use them for? So we will clearly be able to get the benefit of that. Some of you may already have a sense on that but that will be coming back to us through --
DR. MC DONALD: Leaving out the smart cards, an awful lot of countries have universal health care numbers. Canada, our neighbor, is one point. I mean, actually, I think probably in industrial countries it is the real more than the exception.
DR. BRAITHWAITE: That was discussed somewhat in the material I reviewed and they pointed out that in the province of Ontario, for example, which they looked at in great detail, it was a great deal easier because a, there were only 10 million inhabitants to enumerate and there was only one payer.
DR. DETMER: That payer number really --
[Laughter.]
DR. SCHWARTZ: I have a couple of more questions following up on some of the remarks that Kathleen and Elizabeth made and others might want to address them. I was wondering if in the work of that committee that you referred to, the NRC, if there was any identification of mechanisms which would motivate organizations to develop privacy and security policies and two, if there was any identification of incentives for organizations to share information regarding either best practices or problems?
MS. WARD: Do you want to answer first, Kathleen?
MS. FRAWLEY: Yes, the answer is yes. We actually broke out our recommendations, I mean the executive summary lays out a series of recommendations with some time lines for organizations in terms of what they should be moving forward.
The way we approached it is we came up with recommendations for organizations who handle health information and laid out a series of things that they need to have in place. You know, going from making sure that they had an information security committee, that they had an information security officer, you know, all of the nuts and bolts of information security management.
DR. SCHWARTZ: But did you focus on their motivation to do that? I mean, what might be motivating factors for them to do that?
MS. FRAWLEY: In some degree we did it talking about in terms of incentives, in terms of trying to position themselves as an organization responsive, you know, to these issues. We also have a series of recommendations on technological approaches, you know, in terms of risk reduction.
And then because the biggest problem that the committee struggled with is what we called the public policy issues, which is the whole issue of that there is so much flow of information out of the health care sector into other industries that are typically not regulated, you know, by many of the state protections that we have on the books right now, you know, that there is, you know, some recommendations to this committee, you know, to government.
DR. SCHWARTZ: Well, partly why I had asked the other question regarding incentives was because there seemed to be a sentiment here on the part of a number of people that policy is quite important, and not just the technical issue of how you construct the number. And so I was wondering if there were any incentives for organizations to share information about best practices and problems because that might go a long way in regard to making a useful recommendation from(?) this committee.
MS. WARD: I think we saw on all our site visits that everywhere we visited wants to do it right. They are not necessarily able to give the finances in whatever the entity is to do it right. And you see, much like any industry, where when there was a crisis the executives were willing to give out more money for, suddenly became aware of the security issue and then they became very, not a whole lot different than what we see with the airline industry. And so there always is a conflict there.
I think there will have to be some national incentives, even if it is a small hammer, that makes certain kinds of things minimal requirements. And I think that is why what we are doing is so important. So that people who are trying to get the attention of the managers of the budget can say, you are going to have to do some things here for us to be able to be certified, licensed, do our work. But I think everyone is motivated to try to do it right.
MS. FRAWLEY: Yes, Harvey, one of the problems was that in most of the site visits we made it was very hard for anyone to quantify whether they had, you know, any problems. And that was probably the, you know, they were aware of the external threat but, again, a lot of people were not, you know, transmitting a lot of information, you know, via the Internet. So, I mean, it was not a situation where there was a lot of information flowing.
When you talked about the insider threat or how the enterprises, many of the organizations are setting up enterprises, integrated delivery networks, you know, allowing physicians and individuals who are not their employees access to their clinical information systems. They were very naive in terms of some of the approaches they should be taking there. And then the second part of it was how they dealt with vendors and other individuals who processed health information.
You know, it was like every rock you uncovered it was, and people genuinely want to do the right thing. I mean, that certainly, you know, came across but it is just kind of like with the absence of federal guidelines or a federal directive or a thou shalt, it appears that unless a CIO or CEO is committed, you know, and wants to put the resources there, you know, that is a big problem.
DR. DETMER: Other comments or questions on this topic? Yes, Vince?
DR. MOR: As integrated delivery systems in local communities push, the emphasis on information, clinical information sharing is extreme and I would venture to say the niceties of encryption technologies when these places can barely get their modems to talk to one another will fall by the wayside unless there are some standards and policies.
DR. DETMER: Other, John, do you want to weigh in on this? Obviously privacy considerations have been raised a lot.
MR. FANNING: Yes, I think I would associate myself with the view that the real issue is not the number but the protections for the information. Whether it will be possible to explain that to people effectively is a separate question.
And, I guess the other thing is that there are a few principles for, privacy principles governing the number and they were included in the presentation. It should not contain information within itself that would permit the viewer of the number to know something about the individual. But apart from that there is not a lot to be said about it. The real issue is what information is going to whom.
I might point out that back in 1973 when an advisory committee to this Department considered, was addressing privacy issues generally, there was some consideration of the standard universal identifier and the answer at that time was very similar to the one of the NRC study last week. That we should not have one unless there are safeguards in place for passing around the information. However, within the staff at that point there was some fairly serious argument that the committee ought to come out in favor of a standard universal identifier. Since so much information was being passed around it was very important to identify people in a certain, accurate way. That was not the choice made finally by the committee but it was considered.
DR. DETMER: Interesting. Okay, before we move on with provider and payer it sounds to me like what I am hearing from the group is that we are asking, John, your group, to explicitly look at this committee's prior actions in relationship to K2, okay? That is one piece.
And then I think it also, if you will, gives us a little more charge perhaps than we already have on the privacy and confidentiality piece.
I think that let's move forward then to a little discussion, because today this is what we are doing. We are using this as a time to really discuss where we may come out -- not where we are --- where we may come out on this. Let's talk about provider ID briefly. We are going to be talking more about that in subcommittee and coming back to this meeting.
DR. BRAITHWAITE: Well, as I said, there has been an earlier effort by HCFA to come up with a provider ID, unique identifier for all providers for the Medicare program and that has been expanded and is being [noise interference] to cover all providers.
There are some issues that come up there. Originally that kind of number for a provider was used to identify who did the service for payment purposes. Well, it turns out that taxi drivers who take Medicaid patients to the hospital are paid by Medicaid and therefore they need provider numbers, which was kind of a revelation to many people.
There are lots of people who provide services and who document those services in the medical record who never bill for services, and yet the people who want to use unique identifiers for providers, to document who said what in the medical record, want those people to be enumerated as providers even though they are never identified as a billing provider.
There is also a complication in that many of the people who do the providing and who charge for the providing, that is, I did this procedure, are not the people who get paid for that. It is some larger organization, the clinic or the hospital or somebody else who gets paid. So, in essence, we are being asked to not only come up with a provider identifier to identify who did the service for a variety of purposes but also who should be paid for the service because they are considered providers in the generic sense.
I recently asked a group of the team that is working on that, do we also need a payee identifier? I have not gotten a cogent response to that yet, but you see the problem. A provider is not a provider. It depends on how you view that person and that function that is trying to be identified uniquely.
And so as those discussions go on we may, in fact, have to split the provider identifier into one, two or three kinds of entities that are being enumerated: the providers themselves; the organizations that are being paid or the organizations, the groups of providers; and the people who get paid, which are different than either of those two sometimes.
DR. DETMER: Okay, let's open this. Simon?
DR. COHN: Yes. Actually, I want to start this, Bill, asking for some clarification. Now I had a presentation -- and I have been to enough meetings that I forget whether it was the K2 committee, subcommittee or the committee about the current status of the provider ID -- at the time the presentation was being made there was a locator code attached to it, there was an intent to have this thing be put into federal rules making or [unintelligible] notice, I think, in the early part of March or at the end of February, as I remember.
DR. BRAITHWAITE: That is correct. That was a presentation made to this committee actually.
DR. COHN: It was? Okay. Can you update me on what the current status is? What I see is, it says being redrafted to meet requirements of K2. What does that specifically mean in relationship to those time lines as well as the current status of it?
DR. BRAITHWAITE: Well, as originally drafted it was to be put out as a NPRM(?), as they call it, a proposed rule, by HCFA for the Medicaid program. And that would go through a normal Department clearance process. And when we sort of reshuffled that and fed it into the K2 process, which is a different process than a standard HCFA rule-making process, we required them to go through the Health Data Standards Committee and the Data Council to deal with any policy issues and to make that consistent with the other standards that will be coming out under the K2 rules.
So there are some process issues. There are some substantive issues in that draft rule which is being drafted to make it more clearly a K2 standard rule as opposed to a Medicare programmatic rule. There may, in fact, be two or three rules that come out of that process but we are redrafting on that basis.
DR. DETMER: Yes, I think one of the questions for us is how many of those pieces really we are, if you will, obligated to sort of review, ratify, or whatever or speak, give our own opinion on?
DR. BRAITHWAITE: Well, one of the process issues, of course, as I put up the quote there, is that the Department is supposed to, quote, rely on the recommendations of the NCVHS when we produce these standards, and we have not yet received a formal recommendation from the NCVHS about the provider identifier. So we would love to have something to rely on.
DR. DETMER: Well, our meeting is just starting.
[Laughter.]
DR. BRAITHWAITE: No, but perhaps we are getting ahead of ourselves but, in fact --
DR. DETMER: It is on our agenda.
MR. SCANLON: Well, in fact, Don, we are obligated to publish any [unintelligible] that the committee makes relating to standards in the Federal Register so this is quite open(?).
DR. MC DONALD: I would like to add really two questions. One of them is a confirmation. My understanding was that with the K2 they would expand the provider enumeration to all health professionals of at least a couple of categories, not just those who actually bill to Medicare.
DR. BRAITHWAITE: That is my understanding.
DR. MC DONALD: And the second part was, the only kind of inelegance of the current number, which is really mostly quite good, is this locator appendage which really you put, a provider gets n numbers if they go to n practice sites and those numbers, the practice site addenda is not the same for the same practice site for different providers.
DR. BRAITHWAITE: I had that same confusion, Clem, and I got that cleared up recently. The confusion was between the unique identifier for a provider and a two-digit code which was to be used to identify the practice location at which a service was provided.
And because the current Medicare billing number for physicians, the UPIN, each physician has more than one of those, and they have a different UPIN depending on what location they are practicing in. So, as a temporary measure to serve the function of the UPIN when this NPI is adopted by Medicare in the 1500 form and other derivative billing documents, the concept was to take the unique identifier for the provider and concatenate it with the two-digit locator code for where the provider was practicing for that particular bill and put those in, that concatenated number in the field where the UPIN would normally go.
But they did not, the locator number was not apparently ever considered to be part of the identifier for the physician.
DR. MC DONALD: Well, it is in some sense. It has no meaning without being attached to it.
DR. BRAITHWAITE: Well, for billing purposes it does not.
DR. MC DONALD: What I mean is a locator number is not a unique locator number.
DR. BRAITHWAITE: That is true. There is no information. It is one of these content-free numbers. It just is an index into a table of the practice locations for each provider. But the first entry on the table for each practice, for each provider is going to be different.
DR. MOR: Bill, so the current system with the locator number, the locator number as I understand it, is merely just a fix to handle the UPIN billing problem for a while?
DR. BRAITHWAITE: That is my understanding.
DR. MOR: All right.
DR. BRAITHWAITE: There is obviously some need for address and location information as part of how you identify a provider uniquely because, you know, name and birth date and stuff like that is not always enough.
But, the iteration of every practice location and giving them a two-digit code for billing purposes is probably not part of that.
DR. MOR: But does, my recollection from when Bob Moore made the presentation was that the provider number would be unique over the course of that provider's providing history. Is that correct?
DR. BRAITHWAITE: That is correct.
DR. MOR: All right. You know, location is just a transitory condition.
DR. BRAITHWAITE: Agreed.
DR. MOR: But then it really does not matter whether somebody is ever billing or not. The issue of task and billing are totally separate, is that --
DR. BRAITHWAITE: That is my understanding, yes.
DR. MOR: That is absolutely essential.
DR. BRAITHWAITE: The current draft does mix individual providers and groups of providers or organizations that will be paid for services provided. The provider identifier would have a set of information uniquely identifying an individual when it is an individual provider identifier and it would have a slightly different set of information to identify an organization of providers. And there would be some mechanism for linking the individual providers into their groups.
DR. MOR: Which, of course, can be transitory.
DR. BRAITHWAITE: Yes, it will be.
MS. GREENBERG: It was actually my understanding that the location code was not actually part of the number, which is, I guess, what you said. But are you indicating now that it actually will be in, it will be included in the space that is allowed for the number? Bob Mayes is shaking his head so --
MR. MAYES: There are two separate spaces. The concatenated number goes into the block that is now called UPIN(?). It is just a Medicare programmatic(?) thing. You have to sort of separate what was originally proposed as it was a Medicare program. We now, as we move away and go into the take two, we are trying to separate out what was Medicare --
[Interruption while speaker moves to the microphone.]
The issue was since it was originally a Medicare program, as we try to broaden it to K2 what elements from the original proposal are truly just Medicare programmatic elements? And we are coming up with mechanisms to address those such as concatenating this unique number which does not have location code with some requirements that we have for Medicare and putting it in a wholly separate block.
So there would be a block for NPI which would only have this no content number in it that would be, could be used by anybody for whatever programmatic reasons they have, not just Medicare. Medicare forms would have a separate block taking the place of the old UPIN in which we would take this one unique identifier and then we would add elements that we need to accomplish Medicare things and that. But that is the process of trying to make it K2 generalized.
DR. DETMER: John and then back to Vincent.
DR. LUMPKIN: I am trying to work my way through this process and I think I, after your sterling presentation on this, find myself more confused than I was, which is not your fault. And the reason is because I think that there are two processes that are going on here.
One is the question, who is providing service to this patient? And then the second one is who is getting paid to do what? And those two things are not the same.
So if you have someone who is in a group model HMO there is one bill that goes out -- it is a capitated bill or whatever -- to the payer and it goes to the group model HMO. And if you have multiple providers that are providing service they are documented in the record based upon their unique provider number.
I am not sure that that number, the provider who is providing service and the who is getting paid for it(?) need to be the same or even related. Because if we are talking about transitory relationship, there really is no utility to having people grouped by numbers because when they signed up they all were in the same managed care plan or staff model HMO.
Given that, if we are really talking about following the money, doesn't the IRS already do that? And isn't there already a number that is required when money exchanges hands in these kinds of relationships?
DR. BRAITHWAITE: I would defer to a higher authority about that but it is my understanding that there have been some problems with using the tax identification number as the number for who is to be paid. But I do not know what those are.
DR. DETMER: The thing I think is particularly relevant for us, and I think that one point I want to underscore, I think there are good and important points but I think a key part of this is that in the past the Government's consideration has been for the programs it delivered, specifically was responsible for. What this legislation is doing is having us set policy that will affect everyone. That does not mean that the Government then in the future or whatever might still have other considerations that it may, as one payer, chose to have enforced.
But I think what we are, part of what our issue is is to peel it back to what we would recommend to be, if you will, the generic kind of baseline. The question is how many bells and whistles we may still want to put on that. I do not know. That is our consideration as well. But I think what we are really wanting to try to tease away is not essentially having current federal policy wag this broader public issue of what policy should be on these kinds of numbers as the generic issue, understanding that the Federal Government may well want to have additional things and may, in fact, want to get our advice on that, too. I mean, that is another kind of consideration that is out there. Vincent and then Clem and then Barbara.
DR. MOR: I am going to go back to your taxi driver example because actually the taxi driver or the home health aide or the P.T. aide who is working for the P.T. who bills separately under five different billing systems is really the most, I mean that is at the level of granularity that I think is really important to think about. If every one of those taxi drivers who drives for, you know, Blue Cab, or whatever it is, has his or her own provider number because they are performing a service for a Medicaid recipient, but then the taxi company is the one that gets paid, then anybody in this room could be driving a cab one day and have such a Medicaid patient, suggesting that the provider ID number should be the, some kind of unique identifier per individual, a la? the health ID number. In this particular case this person happens to be working as a provider.
[Laughter.]
If one thinks of a life course, it is perfectly possible for him to move in and out of these markets as providers. And that separates the issue of billing. I wanted to get down to that level of granularity because I think that is what we are talking about, if you want to be able to identify who is doing something.
DR. DETMER: Clem and then Barbara.
DR. MC DONALD: I just want to kind of niggle at that problem about the locator again. It is not a trivial just add-on. What it really means is you have to register by yourself and location and get a number sent to you before you can practice at that location. And it has significant operational and nuisance effects. Compared to having a location identifier that the location would apply for and a provider identifier, when they got together they would send them both. And that is really sort of typically the more optimal mechanism.
Now I can understand, it would be nice to know there would be a sunset and after two years you would not use a locator, but I do not believe it because, firstly because I have discussed the same niggle about this thing for the last year and a half and no one actually knew exactly why they needed it at some points in time. I am sure I was talking to the wrong person.
And some of it has to do with some regulations, I suspect, that Medicaid has that you cannot bill for Medicaid if you practice at more than n sites because they want you full time in our state at one or two sites. We may have some ancient laws that are kind of creating this structure that is going to cause nuisance and operational overhead for a lot of sites. And at least they ought be given one last shot to see if they have to do those two together as part of the fundamental provider. Because they really are, you register for them together and when you go to a new site you go and get another number with this new other additional locator, which will be your fifth one, and if your partner was practicing in the same location you would not necessarily have the same locator numbers.
DR. DETMER: Bob, do you want to respond?
MR. MAYES: Clem, part of the problem is that we probably need to get out the actual specifications for the number, but as it is proposed right now it is not part of the identifier number.
DR. MC DONALD: Do you have to apply for it together?
MR. MAYES: No, it is a separate, I mean, how Medicare and Medicaid will handle it is a programmatic issue that they will have to decide. But you would not have five different NPIs. You would have one NPI --
DR. MC DONALD: I understand that --
MR. MAYES: -- you may have several different locator codes that were issued by whatever particular program was interested in knowing where you practiced --
DR. MC DONALD: I do not think that has changed my view. I understood that. That is how I understand it. And you apply simultaneously for an ID and a locator programmatically. But [unintelligible] running the programs.
MR. MAYES: No, no, no. You would apply once for your NPI --
DR. MC DONALD: Separately.
MR. MAYES: Just once separately for an NPI. And that is the NPI you have now. Subsequently if you were working for Medicare or Medicaid they might require that you tell them where it is you are going to practice. But they would say, do you have a provider number? And you would say, yes, I got this, you know, ten years ago. And they would say, fine, now we are going to issue you some practice codes or location codes.
DR. DETMER: This issue is on the subcommittee work agenda for our meeting so we will be getting back to it but are there a couple other questions?
DR. STARFIELD: Yes. This committee has made the point many times that we have to separate issues of who provides and who gets paid because ways of paying are changing very rapidly. We cannot have a provider number that depends upon payment issues. So basically what I want to do is say exactly what Vince said, is that, you know, in terms of administrative simplification, the provider number is just the person's unique number which is the same number that is going to be the number for the personal identifier. It seems to me that is the simplest thing to do. And then we deal separately with who gets paid.
DR. DETMER: John?
DR. LUMPKIN: To take that issue one step further, you have the taxi driver who when they are in college they are driving the taxi. They get so turned on by doing that they become a basic EMT. They get experience doing that, they become a paramedic. They figure that is not quite far enough, they go to nursing school. They figure the pay isn't high enough and then they go to medical school. They have now transited the system in five different ways. If we assign a separate number to that individual throughout their career and they maintain dual ability to work, as there are many nurses, for instance who are paramedics, who do both jobs, then we have the same person with two numbers. And if we have one number that follows a person through we are back to a personal identifier.
MS. WARD: I would just add that in our state of Washington we had a similar kind of administrative simplification and this number was the foremost priority number to get fixed, and it was very much based on the comments Barbara just had, that let's get a number, let's reduce the reporter burden that has nothing to do with why you are getting paid or who is paying.
DR. DETMER: Yes, I get more of a sense of [unintelligible] to deal with this number than perhaps any of the other things that we have on our work agenda. Thank you. Yes, Marjorie and then Clem.
MS. GREENBERG: This may or may not be relevant but I am hearing the organization number being associated with who does not get paid. There is a need to enumerate providers that are organizations, such as hospitals -- there is a whole list of categories of them -- and that is part of the NIP aside from the payer situation. So, I think, you do raise an interesting issue, John, about the person who progresses through the system in different roles and I am not quite sure how that would be handled. Were you recommending, Vince, that the person's number should be the same one as the personal health ID number?
DR. MOR: Absolutely. In fact, I have been having the extreme displeasure of playing with national drug codes. And national drug codes are a nightmare because, of course, there is a company part of the drug code and any time one company buys up another company over a number of years that code, that is supposed to uniquely identify some drug and its prescription, changes. They are nice enough to retire the number but it means that you are dependent on somebody to provide ongoing updates to what this number translates into in terms of what kind of aspirin.
The same problem will occur with providers because they are merging at a fairly astounding rate. And it is not clear to me in my little state of Rhode Island who is supposed to be billing when two hospitals or three hospitals have now joined together with a home health agency. It is, you know, they can build one, five or seven of those different numbers and it is sort of irrelevant.
DR. DETMER: Simon?
DR. COHN: I guess I was going to observe, like some other members of the committee had observed, the issue that obviously provider and personal identifiers work very well when you have a single identifier. They really break down with groups. They break down with hospitals and every thing like that. I think in previous analyses done by HISB and other groups there has always been that recognition that there needed to be something done special for groups of providers and how will that work?
Certainly I am confounded by the issue of how you handle someone who is a nurse one day and an EMT another and a paramedic another day and maybe a psychiatrist the third day or a [unintelligible] or whatever and I think that needs to be somehow represented by a provider ID.
Now I have one very perhaps off-the-wall question about all of this which is just remembering back to the previous discussions where we talked about the national provider file, which somehow maybe references part of this problem we are having, has that been completely segregated from the NPI discussions or is that still part and parcel of these discussions and part of whatever standard moves through?
DR. BRAITHWAITE: Well, in order to implement a national provider identifier you are going to have to have a national provider system of some kind including a data base and a file and an organization that is going to be issuing these numbers and maintaining that data base. So, it cannot be separated from that respect.
What we are trying to separate out is the programmatic, specific Medicare programmatic aspects of what was involved in some of the initial presentations of the national provider system from those aspects that are involved in uniquely identifying individuals.
DR. COHN: I just wanted to make sure because when we were looking at the national provider file, the NIP with the file, I think many of us observed that there were really significant issues around sanctions being put in the file and all that that were not being properly represented. And to have this discussion occur without that again noted, and once again have no idea whether they are going to be solved or not, but this issue is probably akin to the locator code in terms of it being a very glaring issue.
DR. BRAITHWAITE: Certainly in the presentation that you received before, sanctions data was included as part of the publicly available information in the provider identifier file. We are having internal discussions about that. Any recommendations from the committee would be helpful.
DR. MOR: All right, to keep going with this now that I am sort of on a role here, because I have also over the course of the last, you know, seven, eight or nine years tried to merge and concatenate Medicare nursing home files or home health agency files. And, of course, the numbers keep changing all the time for any number of different reasons.
And there are constantly purchases going on. About 10 or 15 percent of the industry gets bought up every year for various purposes, one swallowing the other, and the certification numbers change, the provider number changes, the billing number changes and this is a really important issue if somebody is worrying about trying to understand something about the quality history of a particular organization or a particular address and what happens to last year's sanctions when they got bought out by, you know, some new company this year. What are they represented, who are they, and what does that mean for providing information to consumers if you at one point want to make that information available, which it should be available for? And there must be some way of handling this issue, not just of, from a billing perspective but also an organizational coherence perspective as to who is providing services in that particular address in some sense. And that same applies for home health agencies or any kind of provider setting. It is not just a billing issue. It is a licensing issue.
DR. DETMER: You are happily on the Data Standards Subcommittee and in the interest of our agenda, I do not want to cool your ardor, I just want to --
DR. MOR: No, no, it is just I had not thought about how to put those two together.
DR. DETMER: And so let's take maybe one more question on this and then we will have to --
DR. STARFIELD: This is just really a question, I am trying to understand, come to grips with this issue of the organization as a provider. Is this primarily a billing issue or are there other issues having to do, I mean, an organization can never provide a service, someone provides a service. The organization, of course, may take responsibility for it, bill it.
And what is the issue of organizations? Is it primarily a billing or legal issue or is it a clinical issue?
DR. LUMPKIN: I think hospitals provide service, nursing homes provide service --
DR. STARFIELD: No they don't.
DR. LUMPKIN: And to the extent that you get down to the degree of granularity, it is not whether or not that particular certified nurse assistant who is licensed or certified or registered, whatever -- I forget what we do in Illinois -- the couple hundred thousand individuals, it is really how they work together in that organization.
DR. STARFIELD: It is certifiable. It is a legal issue.
DR. LUMPKIN: Well, but the administrator in that facility and the director of nurses who may never show up in a provider profile would be the ones who are really most responsible for the quality of care in that facility. So that becomes an issue. I think it is a real issue related to quality.
My concern is that we have to be careful that we really fully understand the purpose of these numbers because they do not have to encapsulate all the information. We do not need a unique site number for each individual service. If we have one for a provider our records ought to allow us to go back -- and ours do in Illinois -- to do the history of a site and then look at the history of the providers who are in that site. So you do not, you know, there are ways to do this without trying to put everything into that ID.
DR. DETMER: All right. This, I think, has been a very successful start at obviously moving toward this range of issues. We did not get through all of the possible numbers but I think we got well into it.
What we wanted to do before breaking for lunch, if you move to the subcommittee charges and time lines for reports and recommendations, what we really need to do in this, we did, in fact, approve our charge on the subcommittee on Privacy and Confidentiality. It is listed there simply for your record. The other two, however, are drafts that have been worked on since our last meeting and I think the issue is just to have an opportunity to discuss this. I do not care, we can either act on these now or we can act on them before we adjourn at the end of business tomorrow. But I would just like to have some chance for the people who were parties to helping prepare these to have a chance to discuss them somewhat.
And why don't we talk first about the subcommittee on Populations at Risk. I do not know who might, do you want to lead that off or --
Subcommittee Charges and Time Lines for Reports and Recommendations
MS. GREENBERG: Well, Tom LaVeist who was serving as chair of this subcommittee, and the principal staff person, Carolyn Rimes(?), who is here, I believe -- yes, she is, okay -- put this together with comments from the subcommittee members and other staff. Unfortunately --
DR. DETMER: Yes, I will talk about that later but the point is Tom is not here.
MS. GREENBERG: Okay, Tom is not here so, Lisa, could you lead the discussion on this or --
DR. IEZZONI: Sure. I guess I feel a bit at a disadvantage because we really have not functioned as a subcommittee the way that the working group, which was a significant portion of the subcommittee on Standards, and the way that Bob Gellman's subcommittee have functioned. So, frankly, I think it might be a little bit premature to have a discussion on this. I would feel more comfortable if we did it after we had the subcommittee breakout.
DR. DETMER: Totally fine by me. Okay. On the Health Data Needs Standards and Security, Barbara, your group has spent a fair amount of time on this.
DR. STARFIELD: We did and we came up with a document which is in Tab D, the third page under Tab D which I think is open for discussion.
DR. DETMER: Are there full committee questions or comments on this?
PARTICIPANT: I like it.
PARTICIPANT: It is fine.
DR. DETMER: General concurrence. I think that there are some implications in this. I think that Item 2 says, for example, through a variety of mechanisms provide outreach liaison consultation which will serve as a forum for consumer [noise interference] industry. I mean, that is a very broad sweep and I think it is a concern, obviously, that at least I feel on how well we can actually meet all of those. It is excellent language, I guess I am just worried about the extent to which we can actually be up to that. Lisa?
DR. IEZZONI: Don, I am anticipating a discussion that I hope we will have when we break out into our subcommittees on the Populations at Risk. I think that that would be a vehicle for getting some of the information from consumer groups and populations that might feel that their voices have not yet been heard around the table. And I was actually going to propose that as something that we could do, is work both with the Confidentiality committee as well as the Standards committee to have hearings that would try to hear from populations and consumer groups around, you know, special issues that they might feel around confidentiality or the standards. So, that would be kind of a joint subcommittee activity but it would, you could keep the language in here because I think it is nice language and recognizing the interest, but maybe working together with the other subcommittees on it.
DR. DETMER: Okay, any other questions or comments.
[No response.]
If not, I think I would entertain a motion to accept this charge.
PARTICIPANT: So moved.
DR. DETMER: Okay, it has been moved and seconded, Vincent. Any further discussion?
[No response.]
All in favor say aye.
[Ayes are heard.]
Opposed?
[No response.]
Abstentions?
[No response.]
Okay, that is great. All right, I think that did not take quite as much time as I thought it might but that is fine. Why don't we go ahead and break for lunch. We will meet at 1:00 p.m. The subcommittees, the agenda book is in error in terms of where the Data Standards group will meet. It will be meeting in this room, 703A, and the agenda book is correct on where the Populations at Risk and work group on Population-based Data will meet in 337A. So, we will, try to be there so we can start on time, please, at 1:00 p.m. Thank you.
[Whereupon the meeting adjourned for lunch to reconvene at 1:00 p.m. that same day, March 13, 1997.]
A F T E R N O O N S E S S I O N (3:30 p.m.)
DR. DETMER: I think the other thing I would like, if all of the committee members could speak up a little more clearly. Apparently this morning at times people in the audience were having trouble hearing us. That would be helpful.
And what we are going to be doing for the next period is getting into a parallel kind of discussion to what we had this morning where we talked about unique identifiers. This afternoon what we wanted to do is to start a discussion summarizing some of what we thought we heard during the hearings that we have been having on privacy and confidentiality. And I think the objective, again, is not to have so much a philosophical discussion per se, but talk about how do we start moving as well from the abstract to the concrete, which is what we will need to be doing.
So we will be talking about generic discussion at the start but then we would like to try to get in to talking about, again, not our recommendations but what would be in some of that mix. Because this session is not to decide things today but to at least start finding out what we think we are learning and where we seem to be.
So with that, I would like to comment. I think Dr. Richard Harding introduced himself this morning. I did not formally welcome him. He has been attending all of our hearings on the privacy and confidentiality so religiously that it has seemed like he has been on the committee for months but this is the first full committee meeting that he has attended.
The first part of this, Bob Gellman, Mr. Gellman will play out but I wanted everyone to know that actually he has put this document out to the work group, or the subcommittee, and the subcommittee has actually sent information back to him. So what he will be reflecting in this is essentially the subcommittee's thinking to date. So, Bob, with that, please.
MR. GELLMAN: Well, let me just make a couple of comments. The subcommittee held six days of hearings on privacy in January and February. The document, the discussion paper is not a summary of the hearings, particularly, although it reflects some of the discussion at the hearings. The draft paper is really an attempt to lay out some of the basic issues so that people can get a better understanding of them and we can discuss them.
To the extent that there was any kind of consensus out of the hearing, it wasn't much. I mean, the view, everybody thinks confidentiality is important. Every user community says the same thing, that they need an exemption. They want to be exempt from whatever rule(?). That is somewhat of an overstatement of what they said, but that is the tone of it all. Everybody, and everybody has a case to be made. It is not, people were not coming in frivolously asking for access to records. They all have an argument. So it is really very difficult because, reconciling the different points of view, because if you look at some of the people from the privacy and advocacy community, some of the statements that they made really questioning the fundamentals of our health care system, the validity or utility of the Kennedy/Kassebaum bill, questioning whether computers should play a role in health care at all. So, I mean, really, some of the comments, suggestions, testimony on that side were really, really went all the way to one side.
Among the things for the committee to think about is how, you know, what is going to be the scope of whatever recommendations we are going to make? Are they going to be narrow? How many of our assumptions are we going to, how many existing legislative and other assumptions do we want to question in this process? Do we want to accept more or less of that and move forward? Presumably we do not have any restrictions in terms of what we can and cannot recommend.
It seems to me to be most useful to begin with to talk about whatever substantive issues are on people's minds. I do not know how many people actually read the paper. There is sort of not enough time to try and go through it all in any organized way and I sort of think we may be better off if people want to talk about something, if there is some aspect of this that they find more interesting, more troubling, maybe that is what we ought to talk about first.
DR. DETMER: We are open for discussion. Particularly subcommittee members may want to weigh in first before we open this up, that were here. Elizabeth?
MS. WARD: Let me just make one, having had time to sort of think about it, the most, I think the most troubling, and I think that is a good way to maybe start, at the bottom(?) if that is what you think [unintelligible] is that some of the advocates for privacy and confidentiality would actually like us, to take us back in time. And that was the part that I found the most difficult to imagine how we could go forward.
And it is just a statement about some of the dissonance that one has looking at the amount of data that is out there now that I do not think we are going to be able to retract. We may be able to protect it better but I do not think we can retract it. At least I do not feel empowered to retract that. And that was one of the things I was most concerned about in meeting some of their very well put threats(?) [unintelligible].
DR. HARDING: Thank you, Don. I wanted to first of all thank Bob Gellman for masterfully taking us through six days of testimony, both down at the Best Western Hotel down in Arlington to up here at the Humphrey Building, and really having the ability to keep us organized and on track. He did just an excellent job and he was able to make every single group, from the FBI to advocacy groups to doctors to IGs and so forth, every one of them squirm --
[Laughter.]
-- and I think that he did it evenhandedly and in a masterful way. And I wanted to say that as a member of the committee I was very impressed with his abilities and his genuineness in doing so and I thank him for that.
MR. GELLMAN: Thank you.
MR. HARDING: We talked with some very interesting people and very bright people, people who were able to give us their opinions, and I think every one of them said that privacy, as Bob said, is very, very important, but there are reasons to forego or go around that privacy for specific reasons. And then they gave their reasons that were very compelling and certainly were very convincing to me as each one spoke. But, as Bob said, a lot of them said that and a lot of them wanted this special access.
Most groups, however, made a point that most of the things that they do can be done with non identifiable charts. That they do not always have to have identifiers and that that was kind of the exception in research and the exception in public health when it was identifiable. Most of them felt that most of those things could be done non identifiable.
The issue of how to help or enhance the consent process came up frequently. That is, many people felt that when they signed their consent form that they do when they sign up for insurance, that they really had no idea what they were doing, what they were signing, and they oftentimes were under some perceived duress, perhaps. That this is what you have to do to get your job, this is something that you have to sign here before we can take care of you at the hospital and so forth.
And so there was some concern, that I heard anyway, about whether the consent is true consent and whether they had any idea as to how far they were consenting the release of their medical information. That they were just trying to get their physician involved or the hospital involved or their insurance involved and had no idea that that could be taken beyond that in what they were signing because they were under duress at the time and so forth.
I realize that we have to be very pragmatic in this issue. The horse is a little bit out of the barn and we are not going to go back it seems. But we have to look at some of the issues like misuse of medical records. Misuse is in the eye of the beholder and I think misuse for a patient may be a little bit different than misuse in the eyes of a third party, and that how to define misuse and standardize it, I think is something that is going to be very hard.
We heard from occupational nurses that they are put under tremendous pressure by employers to give medical information on employees by their employers and that they really need protection. That they do not know when somebody, they say this person needs to be out for three days and their boss says we want to know why. They said that they sometimes felt their job was in jeopardy if they did not give that information to the employer, and certainly felt the need for special protection in that kind of area.
We also heard from a large pharmaceutical retailing company, Revco, who has a remarkable ability to, they have, as they said, a computer that is the same computer that is used in the New York Stock Exchange, and they have that in Cleveland. And the information that goes into Revco pharmacy prescription filling goes to that computer and sits in encrypted form. It is encrypted back and forth.
And then the next time I come in and ask for my prescription to be filled, they can check all of the drugs that I am on in an instant, see if there are any cross problems with the medications, give that information back to the pharmacist in a flash. It is really a remarkable item for patient protection but also, perhaps, has the concerns about that data base and who has access to it and so forth.
And I think that is one of the things that we repeatedly heard, that as the gentleman from the ACLU said, that if the data bases are created, they will come. And who they is we do not know at this point but he said, they will come.
And we asked the Revco people if people asked them for access to that data base and they said all the time, that there are people and they turn them down, they said, at this point; they do not have access. But they did say that there were a lot of requests for getting into that data base. For instance, a company that makes a certain type of insulin would like to have access so they could send out flyers to everybody with diabetes in their data base.
I will stop there and maybe continue on here in the future, but I will stop.
DR. DETMER: Okay. John, you also, obviously, were actively involved in all of this. Would you like to make any comments before we open this up?
MR. FANNING: No, I have nothing to say at the moment.
DR. DETMER: The only other group that I might mention, just sort of in summarizing it, that I found particularly challenged as a group on this that I thought I knew about but clearly learned -- I learned a lot from a lot of folks -- but were the social workers who really at times are genuinely, probably, the most conflicted, I felt, of almost all of the players in terms of the calls that society puts on them to adjudicate across the boundary of social kinds of obligations and responsibilities and the individual's needs and responsibilities.
And I thought that the general quality of the people that testified were quite articulate and not only could give you the intellectual dimension of their work but, I think, the personal kind of pressure and feel in a way that touched their lives. So that was, I thought, also quite compelling.
So, let's go ahead and open this up at this point. Anyone else want to make any, either of you?
MR. SCANLON: I would just make a couple of points from the public health perspective and the research perspective. I think the witnesses, again, were very effective. They were good spokespersons for their community. I think the public health case made a strong case for, while using anonymized data as much as possible for aggregated data, clearly a need for identifiable data for certain issues.
And in the research community as well, in terms of while anonymized data is used as much as possible or at least a fair amount, there still is the instance where identifiable information is needed.
There was a fairly good discussion from the research perspective of informed consent. What does it really mean? In active research projects where the individual is approached directly and asked for informed consent there seemed to be a sense that that was handled fairly directly. The other situation, which was more of an informed consent to more or less blanket uses, was a little less, obviously people were less satisfied with that sort of an approach.
But I thought we had very effective spokespersons. Almost every one of the sectors in the health area made a case fairly strongly for their view and for their perspective even if they were sometimes at odds with what the other sector would say.
MS. GREENBERG: I might just add that, although I think Bob pointed this out in his paper, but with one exception, and I think that really was based on a misunderstanding to some degree, everyone -- and there was a wide variety of disciplines represented and I agree with everything that has been said about how useful and informative these hearings were -- but I think really there was pretty much consensus that, yes, we did need legislation.
I think, as I said, there was one exception maybe of preferring regulation but I think that that may have been based on somewhat of a misunderstanding of the question.
And so, I mean, I know we have had discussions about, well, you know, there is a law here requiring certain things. You know, that it is still a discretion as to what kind of recommendations are made. But I did feel there was quite a strong support for there needing to be legislation. I would say the issue as to whether it should be preemptive of states or not varied quite a lot. You did not hear consensus. But, I think that this, although there is not a national consensus on exactly what it should be, there seems to have certainly been a strong variety of professional groups' consensus, for the most part, that we need legislation.
DR. DETMER: Harvey?
DR. SCHWARTZ: I would just add that I was impressed with the fact that so many people seemed to be supportive of institutional review boards when it came to research. And even where there might be some difference of opinion with respect to them, no one really had any alternative to propose that they said would be better.
DR. DETMER: Okay. Why don't we, I also, I guess, before I let it slip my mind, want to thank the staff. There is an awfully lot of work that went in going through all of this and I think these were well organized and that was very much appreciated. So, Hortensia?
DR. AMARO: I just wanted to say that I thought that this report was very useful to get oriented to a whole set of issues that, you know, I have not been dealing with because I am not part of the subcommittee. I just wanted to thank you for preparing it.
DR. DETMER: Maybe we can just start getting into some of those issues.
MR. GELLMAN: Well, let me, let's pick up on some of the specifics that people have mentioned. I think the first one is this issue of non identifiable information. And I think Richard put it very well, that there are lots of uses of information that can be tolerated on a non identifiable basis.
Now what is identifiable and what is not gets to be a difficult issue at some point, and a technical one at some point and may not be worth discussing right now. But the good news about all of this is I think it is possible that with better technology, with better administrative structures, that it is possible to allow or even increase sharing of records without necessarily increasing the sharing of identifiers. So that, you know, this is basically the prospect of having your cake and eating it, too. Using records for a socially beneficial purpose while still providing a higher degree of privacy protection then you would get otherwise.
I mean, that is sort of the good news. The bad news is that it does not really solve, it solves a lot of practical problems and it really cuts down on the transfer of records, but there are no instances that I could see where that will totally solve the problem.
Everybody makes a case in some circumstances for requiring identifiable records. Some people require more identifiable records more of the time than others. I mean, an example is the people doing fraud investigation likely need more identifiable records more of the time then say the accreditors do. They may need a few records here and there and that is about it.
So, basically it is good and I think it is a very important conclusion from the hearings, and I think it is something that has not been pursued so far by anybody with any detail, with the exception of the McDermott Bill. It is the best thing in the McDermott Bill, the emphasis on coded and encrypted and non identifiable records. But, it does not get us out from under any of the problems that otherwise exist. You still have to confront all of the hard policy choices of when identifiers will be made available to researchers or public health people or other folks. But it is still a very important issue and it is something that needs to be developed more, I think. And if anyone has any comments on that.
Another, I think, one of the major issues in the legislation is the consent issue. What is the role of informed consent? How much pressure can be placed on the informed consent process?
And the views on this range pretty widely. You get on the one hand some people saying you may not put my record in your computer without my consent to computerize the record. That was the point of view expressed by some people, that you may not disclose my records to anybody without my consent.
And there are positions, I won't say on the other extreme, but toward the other end that say the consent process is a failure, or to put it more politely, that the consent process cannot provide the kind of control that we might want from it because patients are not capable of making decisions at a time when they are sick, at a time when they are hassled, at a time when they are seeking treatment and have other things on their mind. And the decisions that patients could conceivably be asked to make are enormous.
Now one of the best examples that came up, we had testimony about the claims process. And the description of -- the claims processing system is somewhat of a wreck. It sort of mirrors the rest of the health care system in that we have all of these institutions that have grown up willy nilly to respond to needs. No one would ever organize a system in this fashion but that is what we have.
And so you have providers giving information to billing services who give it to clearing houses who give it to value-added networks who give it to insurers who give it to payers. And the path through which any given claim may go is unpredictable in advance. It may not even be trackable after the fact. It is just going to depend on who is available at that instant when the message goes through the system.
And there are all these players who are basically totally unknown, not only to the patients but largely to the people who are involved in the health care system. The providers and others do not know what goes on between here and there.
And so one of the questions is, how can you possibly expect the patient either to care about this, to understand it? How could you explain it to them and give them a choice? What would happen if a patient said, I do not want my information to go to this particular value-added network. I mean, is that a choice that we want to keep alive for patients? Is there a reason to do that?
And you have the same problem, not necessarily as clearly, with all the other users. I mean, how often can you really ask patients to make these decisions, and if you do, what are the consequences of a patient saying no? Do you want to allow patients to say no all the time? Do you want to be able to control, can you even control the paperwork in a decision-making process?
One of the things I learned at the hearings was that if you go to your doctor and you sign your usual consent form and you amend it in some way and say, you know, this information cannot go to x or it is only good for six months, that form does not go upstream to the other users. They do not know what is in it.
So the information goes to the next person and the next and the next and no one knows what restrictions you have put on it. It does not work. The system is not structured in such a way that individual preferences about usage can be reflected in how people use information. The system does not work that way.
It is not to say that it couldn't, but it is clear that in order to control that you have to have a much more complicated system, you have to give patients a lot more information and you have to have some way for tracking all of this. I mean, you could conceivably have patients writing very elaborate instructions about certain kinds of information can go here and certain kinds of information can go there, and to develop a system that can support that is clearly not what we have today and would be very complicated and messy and difficult and would be prone to error no matter how you structured it.
So, the question on consent, and this is a very hard question and people on all sides of the issue, everybody recognizes the difficulty of this, is what can you really expect? And is it possible -- and there are proposals like this -- to say essentially less consent can provide better protection for patients rather than giving them more consent because in place of consent you can write statutory rules.
And one of the proposals that floats around says let's not seek consent for treatment and payment. Let's give people an opt-out. If they do not like the standard option, they can speak up, but let's not bother collecting consents here because patients really do not have, in the normal course of events patients really do not have much concern about this.
And that we can do better by writing protections in the law rather than having them sign forms that will basically waive all their rights because that is what consent forms do, they protect everybody but the patient. And the minute you sign that form, and, frankly, it does not even matter whether you sign it or not, your rights are gone.
Whether you sign that form in your doctor's office or not, they are still going to submit your bill to be paid because that is what they do. And unless you have made very carefully some other arrangement, you are just going to be treated the way everybody else is. So, I mean, that is the range of choices here with the consent issue and it is a very difficult one.
DR. DETMER: Lisa.
DR. IEZZONI: Did you just say let's not have consent for treatment as well?
MR. GELLMAN: No, no, I am only talking about consent for disclosures for treatment, not, no, no, no, no.
[Laughter.]
That was not what I meant and thank you for asking me.
PARTICIPANT: He is not talking really about, you know, the informed consent we know of for like a surgical procedure, but those little blanket ones, yes, the little blanket one that says, I authorize my doctor to disclosure information, you know, for billing and ta da, ta da. Yes, that is on the bottom of a registration form.
DR. IEZZONI: I understand it. It is just that --
PARTICIPANT: I am actually glad you did clarify that because there is a lot of difference.
DR. DETMER: Why don't you just continue, if you don't mind. We will just go on down through some of these and then we will talk about them as we go.
MR. GELLMAN: One of the other issues that, for me anyway, was a little bit new was the workplace issue. No one has really confronted, none of the legislation to date has confronted the workplace issue directly.
The structure of most of, there are some differences in the bills that get too detailed to discuss at this point, but it may be that employers may acquire records in a variety of ways. They may provide treatment to people in which case they are health care providers. They may be paying for care in which case they are insurers or payers or what have you.
But there are problems that arise in the workplace, and Richard talked about this, that are different in scope because we have a direct conflict that arises with respect to the physician who is basically wearing several different hats all at the same time. I think that is probably true in lots of other contexts but the sharpness of the conflict is much worse in the workplace.
Now we did have testimony from an occupational nurse talking about this and the pressures that are put on these people. And that aspect of it, and how information can and should be used within the workplace is something that is really not addressed in that manner, in that fashion, in any of the proposals to date.
And it could be that that is an area that requires, I will not say its own bill, but its own special set of rules. That those conflicts may have to, and I do not mean to suggest by raising this that that is going to be easy to do, I mean, sort of like we already have a bill or we have an issue that has a zillion different facets and it is very complicated and this is taking another issue with a lot of facets and it is very complicated and throwing it in the mix, but it may be one you cannot get away from because the interplay between health data and the workplace just is getting more and more complex and more and more routine and that is likely to continue over the next period of years. So it may be something that needs to be addressed separately.
Another issue that I think may fall in the same category is that of claims processing. None of the proposals to date deals with claims processing as a specific function. It is always an adjunct to something else. It is a hidden part of the payment process and it is not specifically identified separately.
And it is covered in one way or another by the legislation, and I am not suggesting necessarily that the proposals leave them out of the mix and that the records of claims processors would not be subject to the proposals, but the question is, is this function, is this activity sufficiently different from everything else that it really needs to be addressed uniquely with its own -- not its own bill -- with its own particular set of rules within the context of a broader one? Because we have a whole range of people who are providing claims processing-type functions.
This leads to, at one level that sounds like a good idea, and this leads to another common finding throughout the hearings, and this has been a recognized problem for some time with all of the approaches taken to date, categorizing people, categorizing functions is very hard.
We look at research and we say, research is whatever, we have a definition. We all kind of have some intuitive idea of what research is. And we talk about public health functions and we talk about management functions and we talk about oversight functions and basically they all overlap. You know, you have one of these Venn diagrams with the huge overlapping center.
And there are, some of these functions you can identify specific activities where oversight is different than research, but a lot of the functions you could carry out the exact same review, the exact same study and it could be done by any of these people with any of these qualifications. They may have a little different spin on what the result is, whether you publish a paper in an academic journal or whether you issue orders to your doctors to treat people differently or whether you start denying payment of bills may be the result of this kind of review, but it is all the same, more or less, kind of intellectual activity.
And how do you distinguish between all of these kinds of things in a legislative way where you have to draw clear lines, where you do not have to but the approach has been to draw clear lines and say, well, okay, researchers have to go to IRBs but other people do not have to go to IRBs because they are not researchers. And if it is the same function and the same activity, the question is -- first of all, how do we tell what it is? Can we do that? And that is partly a drafting problem, but it is partly a conceptual problem and do we tell everybody to go to IRBs -- I mean how much pressure can we put on the IRB function -- or do we need some equivalent oversight mechanism? Or is there some other way of controlling the process or do we need a control at all for some of the users?
I mean, this was a problem throughout the hearings that cut across. No one had a good answer to it. I do not have a good answer to it. John and I have been struggling with this issue for a long time. We have never come up with an answer. We have never come up with another model, another way of approaching this thing. But there it is, sits as a really difficult, complicated issue and no one has figured out what to do with it.
DR. DETMER: Any additions, thoughts on that topic? Vincent.
DR. MOR: A question to that last query which is historically, at least, I mean, I have done research in lots and lots of different institutions and I always have to go through IRBs because I am a researcher but the administrator of that facility in which I am doing the research with, they can do anything they want to with their data. It is always thought of as their data, but it has always been within a, within the bricks and mortar of whatever the institution is we are studying.
Now the institutions actually span multiple settings and they can concatenate records across individuals and once they are part of a network the differentiation between even separate providers is blurred.
As a researcher I still need to get approval to get in that concatenated record, but somebody who is going to the home health agency of an agency that is part of a network, their records are potentially subsumable into a broader network data base. Again, the administrators have access to it because they own it but there is no, that is what you mean, that is very --
MR. GELLMAN: Right. That is a good example. If you want the records you have to go to an IRB. If they want to use the records for the same purpose, they may not be required to do so. In some instances where you have totally privately held data there is no requirement whatsoever.
DR. DETMER: John, did you want to comment?
MR. FANNING: Yes, the distinction becomes even more sharp when you learn that the protection of human subjects rules of this Department require the IRB review even if the researcher is within the institution. So, it is not just someone coming in from outside.
So you have several processes which all share a common factor, the identity of the subject is irrelevant to the outcome. You may need the identity of the subject in the process but you are going to come up with some aggregate answer, the average cost of a particular procedure of interest to the manager or the long range staying power of some corrective procedure which may be of interest to the researcher. It is all the same intellectual process, and from the standpoint of intrusion on the person, it seems largely the same.
MR. GELLMAN: Let me just add one comment to that. In most respects John's observation is correct. But the one area, and a very glaring and important one, where there is a sharp difference is law enforcement. When you ask the law enforcement people -- and we did -- if you are looking through records trying to determine whether a hospital submitted false claims or a doctor committed fraud, if you discover in the record that John Doe, the patient, did something illegal or committed a crime, what do you want to do with that information? And the answer is they want to pursue it. They want to turn it over to the prosecutors and they want to go after this guy.
So there is an instance where they may be doing some kind of generalized activity but the law enforcement community is very resistant to the notion that they can have the information for one purpose and they cannot use it against the patient.
DR. HARDING: That is a different issue, and a very good one. I was going to talk just a little bit about that issue of research because, you know, if I think about myself, I am more than willing to participate in a research study for cardiovascular diseases of middle-aged men, and so forth, and I know that that is going to be used for the good of the health of the population. That is my feeling anyway. And I am willing to participate in a public health study that looks at TB and whether we can stamp out TB in my area and so forth.
I think where we get into difficulty and where some of the people who testified said they get into difficulty is when you get into fiscal research that is done, for instance, by a managed care company or some other group that has a bottom line issue involved. And that the outcome of that research may involve a denial of some privilege that they have previously had by showing that they have a problem, and that would therefore affect the bottom line and they might be picked out and have outcome used to deny them care as opposed to help them with their medical problem.
And so the reason for the research, that is fiscal research, is a different thing than public health research although they both are intertwined because public health does have fiscal consequences. But what the real issue is, that denial of care, that was a concern. I know several people who commented on that.
DR. DETMER: John?
DR. LUMPKIN: Two comments. One is sort of a question in relationship to law enforcement. Which is, if a law enforcement agency, a forensic auditor is going into a bank to look for evidence of money laundering and they find signs in one of the accounts they are looking at of embezzlement, what action do they take? Because I think this may be a similar type situation. And so that is just sort of a question to the one that you posed, and then I do have a comment about the public health section.
MR. GELLMAN: Well, that one is pretty complicated. And the Supreme Court in 1976 had a decision, U.S. versus Miller, in which it said, you as a customer have no interest in the records of your account held by your bank and that the Government can go and get your records from the bank and you have no requirement to receive notice of that request and you have no opportunity to go to court, you have no standing to object to the disclosure of that record.
The Privacy Commission jumped all over that, which was a study commissioned in 1977, and in 1978 Congress passed the Right to Financial Privacy Act which said, when the Federal Government, only Federal Government, seeks your records from a bank you have a right to know this and an opportunity to object. The law was filled with loopholes when it passed. It is not nearly as good. In the years since it has actually been amended in such a way that it is more of an anti-privacy bill than a privacy bill. You almost never have a right to notice, and if you do get notice you can go to court and you have nothing to argue.
[Laughter.]
And almost no one has won a case under the Right to Financial Privacy Act and it has been weakened several times. So, in terms of precedence, I do not know what you make of that.
DR. LUMPKIN: Okay. And then I notice in a number of places in the document where we talk about some of the functions of public health, and I would like to suggest that in many ways public health is different than many of the other people who are looking for data.
MR. GELLMAN: That is what they all say.
DR. LUMPKIN: I know that. But let me explain why.
[Laughter.]
I resemble that remark. If you have a record of a child who is suspected of child abuse there is a, the people of the state of, whatever state, let's say, Illinois, through their legislatures deem that that medical record shall be reported regardless of whether or not the mother or the suspected parent would chose to give consent.
The same thing is true of someone who may have a communicable disease, tuberculosis, a sexually transmitted disease. Whether or not they choose to have that record go to the public health department, it goes to the public health department for contact tracing because the public interest has been determined by the people of that state.
Similar for cases related to cancer. It has been determined in Illinois that all cases of cancer shall be reported to the state cancer registry, kept in strict confidentiality, protected by various other laws.
The point I am actually making is not so much the uses that public health makes, although those, I think, are generally widely accepted by the public, but that they are enacted by law in the state. And there has been a determination of the public interest being served by those actions.
And federal legislation that might preempt that, I think would create major problems. And I do not know about the constitutionality -- but probably it would be written in such a way that it would not be an issue -- but certainly it would abrogate the fact that certain states have determined their public interest in relationship to information going to an entity to protect the health of the public. And I think that makes it somewhat different than those entities which do not have to have the test of, the approval of the legislature and the public oversight that occurs in state government.
MR. GELLMAN: Well, let me just offer a comment on that. I think of all of the sort of identifiable groups of users of records that there was less complaint, criticism of public health uses than, everybody else drew fire for procedural or substantive things. Public health, I think, drew very little, if any.
All of the proposals to date have an exception for state public health laws and recognition of that and permit disclosures required under state public health laws. So I am not sure that that is an area of major controversy.
One of the problems is, and this is a smaller issue, is deciding what exactly is it we are talking about, what is a public health law, what is a public health function? And there are some differing definitions. But I think basically the public health people, in terms of the hearings and in terms of what I have heard over the years, I won't say get off scot free, but it is pretty close.
DR. LUMPKIN: We're good guys.
DR. MOR: Well, with the possible exception, seven or eight years ago there was a lot of concern in most states about HIV contact tracer, I mean, big time concern. And you cannot ignore that. That is what anonymous testing sites were all about. There was real, real concern in many communities and local areas.
DR. DETMER: It is interesting, just along that line, that occasionally a disease comes to the surface or an issue comes to the surface and is really white hot. And one of the interesting, I thought one of the more interesting pieces of testimony was from a genetic researcher who urged very strongly that specific genetic kind of legislation not be written. That in effect your DNA is much like your name or other kinds of identifiers; you have a liver, you have a heart, you have a DNA pattern.
And that right now this is something that is very much at the front of people's minds, but, basically, this person argued in a fairly short period of time that will not be the way that we will look at it. And that we should not, therefore, try to make unique cases, this by this by this, because in the first place it puts a lot of additional burden and is not necessarily gaining you something.
In fact, the argument that this individual made, and others can correct me if I heard him wrong, was that, in fact, we really need to have a very good standard and make that standard good enough that whether it is your liver, your heart, your brain or your DNA, it basically covers it. That was a very interesting perception because it is obviously very much a topical issue today.
DR. LUMPKIN: If I could just respond quickly to one comment that Vince made and that is that, I think that example you used is a very apt example. When, in fact, the direction that public health was going was contrary to that, every state had a hearing upon that issue. And some states chose to think that because of the nature of the epidemic that we want that information reported at a certain level. In other states, based upon that said, no, it will not be reported at all. But in public health, as opposed to other ones, and I think that is reason why there is that different approach to that, is because it is done in an open fashion and there are ways for people to redress what they consider an infringement that overweighs the public good.
DR. DETMER: Kathryn?
MS. COLTIN: I had a question, actually, and that is that -- well, I will set it up. It is not unusual for a hospital to be named as a co-defendant with a physician in a malpractice case, nor for a health plan to be named as a co-defendant in the case of a member who is making a complaint, or even a provider, such as a health plan. And what that says to me is that obviously there is shared liability for a negative consequence there, and given that shared liability there is shared responsibility for having the opportunity to have prevented it or to avoid it.
That notion of, you know, legal liability, did that come up in your discussion when you started looking at issues of whether an administrator or a medical quality assurance director in a hospital or in a health plan is looking for access to information for oversight and quality assurance purposes versus a researcher who in the case of record-based research has no liability or no shared responsibility for what is going on? Did people come in and talk about that at all?
MR. GELLMAN: No.
[Laughter.]
DR. DETMER: Well, I think part of what we are here to do is share with the larger committee for just this purpose. I think that Dr. Iezzoni felt like perhaps we maybe have not touched all of the relevant special populations with needs, and so I think we, in all likelihood, may need some more hearings. How many I am not sure. We can obviously have hearings forever and we do not have that time or budget. On the other hand, I think that is a good one to check, as well as the point that you had made earlier in the day.
DR. IEZZONI: Because it is literally true, Kathy, that when we do research on a quality [noise interference], we will look at records and we as researchers think what should we do if we find that there was a problem in the quality? Do we report that to the patient now? That has not been the step that has been taken but, obviously, a quality assurance director would have to report that to the provider. So, it is very different.
DR. DETMER: Vincent.
DR. MOR: In the research I have done with looking at quality issues, if it is a prospective study, the IRB will generally require that I have some mechanism in place for identifying unconscionable problems or sort of out, really extraordinary differences so they can unblind the study. On the other hand, if it is retrospective record review, even though the person on who the problem may have been perpetrated is still around, there is never any indication of that.
DR. MC DONALD: I have two questions and a comment. Was there any negatives or were there any strong concerns about cross sharing of the patient data for care? For example, if you start to have these big networks, the patient is seen in two of the sites and comes in a fourth site, but these are now not just the same hospital anymore, it is across town, how is that playing out in terms of the public --
MR. GELLMAN: Well, I am not sure, well, I see two aspects of that. One is the process of obtaining patient consent for sharing with other people. That was somewhat of an issue out of the informed consent realm of issues. But the other part of that, where that kind of thing draws more fire is the question of the use of technology, the interconnection of computer systems and the ease with which patient records can or cannot be obtained and the scope of access to records that are maintained on a computer system. There is the example that we got, that I think is well known now, in Boston where all the, the hospital's computer system brought up for anyone to see all of the psychiatric notes on those patients. So if you were treating them for a broken leg you still had access to that. And when that became public they cut that off. So that is a sharing aspect that is clearly a sensitive one.
DR. MC DONALD: Whenever things get real big everybody gets real nervous but I really want to still focus on specifically, you have a sense that the public is worried that a physician who they come to see could find out information to help with that care process generally. I mean, is that something they are --
DR. DETMER: Elizabeth, do you want to respond to that as well?
MS. WARD: Yes, and I have to keep my committee hats straight, but I think -- Kathleen and I heard lots of testimony in our other one -- but that has certainly been repeated and particularly from certain populations, that they want need to know really carefully defined, and they do not like the idea that if you are in an integrated delivery system and you are a physician you can see any notes on any --
DR. MC DONALD: That is not what I am saying. I said very specifically you came to see the patient and you are in the office with the patient, would the average patient, anybody complaining about that?
MS. WARD: Yes. I mean, there are some advocates who say there is maybe information, even though I am here in your room, there are certain things about me I may not want to share with you and I will tell you what I can share and I do not want the electronic system giving you that. I want control over that.
DR. MC DONALD: I mean, because half of the motivation for some of this processing is to make that available. And if that is not wanted then maybe we should just close up shop maybe. I should, anyway. I mean, it is a really serious issue.
[Background noise.]
I guess I am getting sort of some encouragement.
[Laughter.]
DR. DETMER: Yes, go ahead, Richard.
DR. HARDING: On a related issue, it is very close so, was the thought of a black market in medicine. That is, I am in a health group and I have gonorrhea. Now, do I want to go to my health group for treatment of that or am I going to go out and find a non hooked on, non on-line health provider to treat me for my gonorrhea that I do not want really in my medical record? So is there a subgroup of doctors outside the system that is going to get certain types of treatment?
MR. GELLMAN: Could I just add a thought on that? This became an issue in health care reform. And the way the issue was framed is, do you have a right to get anonymous care? And that has really clearly never been resolved. It has a whole range of questions that float around it.
DR. DETMER: George and then --
MR. VAN AMBURG: In the hearings was there any discussion about how to monitor disclosure and monitoring redisclosure?
MR. GELLMAN: Yes, one of the, and this is a harder issue than it appears, the remedy -- and I think the NRC report really hit on this pretty good -- is if you have a computer system it is easy to do an accounting, to keep a record of who got access to records and what they saw so that you have an audit trail of all the disclosures, all the people that saw the records, so that you can, in fact, go back and if there is a problem identify perhaps where the source of the problem is.
One of the difficulties of this, it has an expense to it, although if you design a computer system with this in mind the expense is a whole heck of a lot less than if you have to retrofit this on an old system. And given the cost of computer storage these days being very little, that is less of a problem.
One of the difficulties is, if you look at the health care system nationwide, how many millions of accesses are there each day to medical records? It may be tens of millions per day, I have no idea, but it is a big number, and what are you going to do with all this information?
If you are tracking back a specific thing it may be useful in saying well, these are the people that saw Elizabeth Taylor's records. One of them must have leaked this information to the National Enquirer. But in another context, using this as a mechanism for overseeing the system and for deterring improper use, I have seen audit trails used in other areas where they are maintained and the audit trails themselves -- and the one instance I am thinking about was criminal history records -- were reviewed in one state once every two years for records that were accessed thousands of times a day if not more and there was no deterrent at all because basically no one ever used them. So, you sort of have this, you have a mechanism that can really help with this but the mechanism just by itself may not really address the problem adequately. You may need to be able to define how the records are going to be used and provide resources to make sure that the records are used in the way that you want them to be used. Otherwise it may be pointless.
DR. DETMER: Yes, before I get to John, let's comment on this specific --
MS. FRAWLEY: Yes, I think, just following up on George's point, the redisclosure piece is probably the biggest problem that we face. I think that most hospitals or, you know, health care entities can do a good job in terms of developing systems in terms of who has access to information, and certainly for the external disclosure be able to track, you know, what was released, when it was released, who it was released to because many times that relies on a patient authorization or is subject to a court order or subpoena.
The problem you have is that once the information leaves and goes to the recipient all bets are off in terms of what happens to that information. And that is where it becomes very troublesome. Because if there is a breach, and there have been a number of lawsuits where health care providers have been sued for breach of confidentiality, it is very difficult then, you know, when you are dealing with someone who has received the information and trying to go along the information food chain, you know to figure out where, if anywhere the breach occurred. That becomes very difficult.
And the other problem you have is that a lot of the people who received that information do not necessarily want restrictions placed on them in terms of what they can do with the information. And I guess that came out through hearings, is that, you know, if you are trying to protect against people selling information or health care workers using information, that should be regulated, but, you know, other facets of industry, you know, do not necessarily need, you know, those strong protections. So, it is very difficult because there is no consensus in terms of --
DR. DETMER: John.
DR. LUMPKIN: Just a comment [interference] in the summary of the NRC report, you know I am just wondering to what extent the issue of confidentiality is rooted in the past errors in relationship to security. We have a system that we just implemented, we are rolling it out, which is an integrated maternal and child health system which was designed so that the case manager for a client only gets a password from the central office. So no one else can give them access.
And every time they enter in a patient assessment, they discuss with the patient whether or not that should only be kept with that particular provider or if it can be shared. And if it says no, the only person who can see it is that case manager or their successor.
It is a system that is designed to protect information that the client wants protected because we are dealing with a system where there may be a person that is providing services that are related to substance abuse and there is no need to know.
So the technology is there, exists to, in fact, create that system and at the same time allow that information that should be shared and the client wants to be shared and is important to be shared to be shared amongst other providers.
So, I think, I am raising all this because I think it is important when we make our recommendations, in looking at that, that we not only look at the issue of confidentiality given the world as it exists, but also to say the kinds of things and safeguards that should be in place so that the overall arching goal of the system, which is to improve the quality of care, can be met without having to go over unreasonable hoops.
I think about my experience as a clinician and where I practice, which is in the emergency department, is perhaps the best example. There are tremendous systems that are now trying to be put in place for people to get medic alert badges and all of these kinds of things to get information when they arrive in the emergency department. There are people who are going out of their way to say, I want my medical information available.
And I think that we need to have a system that responds to those who say I want nothing available, but also a system that responds to people who say, if I show up there and I am not awake, please have my medical record.
DR. DETMER: Clem?
DR. MC DONALD: I am always troubled by the, if I was a patient and I could go to the surgeon and say, I do not want you to look at me while you are operating because I have these rights --
[Laughter.]
-- that is how I want it. Now as a surgeon could I do that operation or not? I mean, do I have a right to say I cannot do that operation? I see some strong analogy. If someone says, you know, take good care of me but you can't look. I mean, I think we really can get into a bad practice situation where we are going to give bad care knowingly and could be, I mean, bad people for that. I mean, forget the liability but that would be wrong.
So, you know, there really are some things that if someone comes in and has a glucose of 20, I need to know that. You know, if they are not really crazy because they are kind of confused, their sugar is low. And we could get ourselves in a box. I mean, it is clear that the safest way, the one side of the arguments is to burn the tapes and there are some people who probably wish all tapes are burned. But that extreme is really not very realistic when people want the best high technology care. They are spending gadzillions of dollars on care and to say, you know, close your eyes and just kind of feel around and see if you make the right cut. That is what we are doing if we are kept too blind for the information.
MR. FANNING: In that regard could I ask, what has your experience been with people not wanting certain information put in the system and its affect on care? Has that been an issue of any kind?
DR. LUMPKIN: It really hasn't because the way the system is designed the information that is shared, for instance if you go to a well child visit and you have an elevated lead, the only thing that gets brought across is that when you get your WIC package you get a WIC package that is designed for someone, for a child who has lead poisoning. But none of the other information on that visit is available.
So there are certain things that are shared across there; other things which are kept confidential. Now that would be, so if a case manager is doing an assessment for domestic violence then that information would not be shared outside of the case manager who may have to take certain actions. But it really is based upon a more distributed environment, very similar to the way medicine is practiced, but only sharing those things which there is a universal need to share. Others are by consent only.
MR. GELLMAN: You made a different point there. The first point you made was giving patients more choice about what is disclosed and that is an issue. The second point that you made is one that I think is almost universally, if not totally, non controversial, and that is the principle that disclosure should be limited to the minimum amount of information necessary to accomplish the purpose.
And how you do that may vary in an automated environment or in a paper environment just because of the practicality of doing things, but the principle of only letting people see the information that they need for what they are doing, I think everybody supports that if we can figure out how to do it.
DR. DETMER: Barbara.
DR. STARFIELD: It just seems to me that the whole privacy issue only comes into play when you deal with clinical care. Because for all other purposes, at least that I can think of, you can create a system where you have the identifier, you know, the unique identifier that you cannot unscramble. You cannot identify the individual.
Now when it comes to clinical care you need to know who the individual is. I mean, you do if you are going to give good care.
We talked this morning about systems in Europe where, in fact, there are smart cards and stuff like that. There is no country, I think, that feels more strongly about privacy than France and yet France has got a smart card that has your information on it, okay? The provider has to put a pin number in, the patient has to put a pin number in and there it is. Okay? The patient can refuse to put a pin number in and then the provider does not have the information.
Has that come up in your testimony at all? I mean, these are models, there are models out there that deal with what the real issue is which is clinical care.
MR. GELLMAN: Well, I mean, I do not know enough about that. No one came and discussed smart cards. It seems to be a much hotter issue in Europe than it is here. And I am not, I do not dismiss it. I mean, there may be something there.
Personally I do not find smart cards very attractive or appealing because it does not obviate the need for information to be maintained somewhere centrally and so whatever limited protection the patient may have with respect to the smart card may have nothing to do with the patient's control with respect to the centralized record system. And so it does not necessarily get away from all of that.
DR. DETMER: Well, yes, but by the same token, as you said, be that as it may, obviously there is a huge investment out there and I think we are going to hear about this from the Department point of view so we need to hear about it, too.
MR. GELLMAN: I agree with that.
DR. STARFIELD: And the central repository can be protected if you, you know, if you pay attention to it.
MR. GELLMAN: But if there is a lesson from listening to all the users and reading the NRC report, most of the secondary users of information get it without any contact with patients, without any patient consent, without any patient notice, and many of them require patient identifiers sometimes. And so the notion that somehow identifiers are only needed in a clinical context does not seem consistent with the testimony.
DR. STARFIELD: But the problem is we do not have a unique identifier and that is why they need to know who the person is. If you have a unique identifier and they cannot link it with the person, that would not arise. I mean, if you can link records without figuring out who the person is --
DR. LUMPKIN: But, see, I think it is important to recognize that you do not need a unique identifier to link records. We do that all the time in various studies when we do not have a consistent identifier across different systems.
The point being that if you have a vital record in a hospital discharge form and a death certificate, I can link those with a high degree of certainty. But we never give people access to that death certificate. So if they have never had access to it they cannot link these two records.
That is the whole fundamental issue. It is not whether or not they are all kept somewhere. It is how we protect those records. And whether or not they are in a central repository, you know, all the records that we have in the state of Illinois are in the, roughly the same set of computers but they are all operated on different systems and they are only accessible to different classes of people.
So it is that kind of issue where I think we need to get to, in a positive sense to say what are the standards, what the standard is that it only should be accessed by people who need to know.
And then we get to some of the hairy parts but we have to be wary of those who say it should not be kept at all because there is technology to give adequate protection and we should as a committee use that as our standard, that we expect the systems that are developed should have adequate safeguards that are currently available with the level of technology.
DR. DETMER: Clem, and then what I would like to do is have us track rather quickly through these other issues because I would like to have at least a half an hour to start thinking a little bit about what John just raised, what we may want to do.
DR. MC DONALD: Well, I still would like to come back to the clinical part of it in terms of testimony because I was not here then and that is, it still, it sounds to me, but help me if I heard this right, that still the biggest problems are these secondary uses which are not necessarily to achieve the care provision.
[Affirmative responses.]
And I made a big gaff this morning, and I realized it was a gaff by saying, well, we will just use the old encounter number that, all we ever used at our hospital for years and years for real billing. They always had mistakes in the hospital numbers. So whatever you sent to the billers, they did not know who the patient was anyway.
[Laughter.]
And so, but I understand in a managed care environment that is not very attractive and the whole purpose of this is to get everybody linked together. But somehow or other, if we could start to cut off that stuff where it goes back to the employer and you cannot get insurance and all, just really put a hard lock on that we could maybe take good care of patients and get at this information as we need it, at least within a community, not necessarily nationally or within some large group of operating(?) providers.
DR. DETMER: There is no question that the public poll data suggests that, as generalizations go, the public really does want health professionals to get data that they need to give them care. There is a sharp drop-off as it relates to administrators, businesses and other kinds of users that may be equally legitimate, you know, in some instances, but as a perception and as a view, I think there is a break at that level.
DR. MC DONALD: The truth about billing systems, and not the managed care ones, is that there is, until recently there were never even check digits or any kind of special checking on the patient hospital number because the whole billing process worked just fine if the encounter number was intact. And that is a fairly anonymous number.
DR. DETMER: By the way, I do not want to be misunderstood. There was a fair amount of confidence about hospital administrators, the system, if you will, the actual care piece, but once you started getting out of that then I think there was clearly a drop-off in perception.
Let's head on down through --
MR. GELLMAN: Yes, let me make a comment on this, and this goes to sort of the NRC report. This is an area in which no one has done any work, and that is the nature of use and misuse, mostly misuse, of medical information. No one has done any investigative work in this country for 20 years on who is acquiring medical information surreptitiously. We are talking about information that flows through the system, and you can think that the uses are good or bad, appropriate or inappropriate, but we know what they all are. I am talking about basically the surreptitious acquisition of medical information.
There are two studies that I know of in North America. One was done in 1976 by a grand jury in Denver and one was done in 1979 and 1980 by the Kreever(?) Commission in Ontario. It was a royal commission of inquiry into the confidentiality of health records in Ontario.
The Kreever Commission issued a report, three volumes this thick that will turn your hair white if it isn't already. And they found the most incredible pattern of stealing of records by insurance companies, by private investigators, by others, every device you can dream up. This was a routine method of doing business.
The insurance industry in Canada came before the commission and said, we plead guilty. We do all of these things. And all the, well, many of the companies who were involved were American-owned and subsidiaries or American companies, and they found the same thing that was found by the Denver grand jury, the surreptitious acquisition, bribing people to get records, putting on white coats and walking into record rooms, pretext(?) phone calls, everything.
This goes on, every record system that contains personal information I have ever heard of is subject to the same kinds of abuses, and everybody talks when this comes up about these official uses and whatever. And this is just below the radar screen because no one has ever laid out the facts.
And it is a major problem, we just do not know how major. And it is a much more serious problem because these are people who are interested in your record for some nefarious purpose. It is really, they are really going to use it against you. They are not paying somebody to steal your record for fun. So, anyway, that is just an aside.
Let me raise two other sort of general issues that I think came up at the hearings and that really belong. There are a zillion issues, there is no limit to issues, but major ones.
One of them is registries, disease registries. This is something that came up again and again. What is a disease registry? No one really seemed to have a formal definition of what it is. There are some disease registries that are authorized by law or run by government agencies. There are private disease registries. There are international disease registries.
What are the rules that regulate the disclosure of information? How do you know what a registry is and what is the difference between a registry, a cancer registry maintained by HCFA under a statute and a list maintained by direct marketers of people who have cancer? I mean, and at some level you have difficulty distinguishing between those two. And no one has a definition of that. It is not something that has been well dealt with.
I think there is generally, but not universally, sympathy with the notion of registries. There are some people who say, well, wait a minute, I am not sure you can put my information in your registry without my consent and that really undermines the basic purpose of registries and you have to make, you know, make some very hard decisions about balancing rights. So that is a set of issues that has not really been clearly identified.
The other thing, and I want to use Don's discussion of genetics just to start it is the issue of preemption. It is probably the single hardest issue in the bill. It is the most political issue. If you look out there at the legislation that we have today, federal and state, you have legislation that covers mental health records, you have legislation that covers genetic records, you have legislation that covers AIDS records, you have legislation that covers alcohol and drug abuse records and there are probably a couple other categories. And the question, there are a variety of questions on preemption. One of them is, can we tolerate a system in which we have separate rules and procedures that apply to different pieces of the same record?
I think in the genetics area if I have detected a drift in the last year or two, it is toward the notion that well, treating genetics information separately than other medical information may not be a good idea. The definitional problems are very difficult. So that is one aspect of preemption.
DR. DETMER: But, by the same token, there is an enormous amount of activity in states around the country so it is not as though this is a clearly sorted out issue.
MR. GELLMAN: Oh, absolutely not. That is totally true and there is more and more activity going on at the state level.
The other aspect of preemption is the federal/state conflict. There seem to be, the two extreme positions are that there are many players in the health care establishment who say the advantage of health privacy legislation to us is that we will have a set of uniform rules that will apply across the country to all of our activities in all the states and interstate. And that is seen as the big carrot in this bill. So what they are looking for is total federal preemption; one law that regulates all of the confidentiality interests for all of the records everywhere in the country.
The other extreme is the position advocated by many of the privacy people that a federal law should only set a floor and that states can pass stronger laws that will be effective.
And I think there are problems at both extremes. I think the total federal preemption thing is politically unrealistic. It will be extremely difficult to essentially wipe out all the states' AIDS laws, all the states' public health laws and maybe some other laws as well.
The federal floor notion is very difficult because it says all of these state laws that govern narrow categories of records are, may be good. You have this real difficult, it is a technical question but it is an extreme killer, is what is a stronger law? That is not a simple standard. Whatever word formula you write, it is very difficult to match up laws and tell which one is better or worse or whatever.
But be that as it may, all of the sudden you face the prospect of you could have 50 different state laws covering five or ten different categories of records, and how is anyone going to implement that? And this is very difficult.
In the Fair Credit Reporting Act, just to give you a sense of how politically potent this issue is, the Fair Credit Reporting Act was passed in 1970 and basically was unamended. And there was an effort that started about ten years ago to amend it, to update the law. And the industry -- there is lots of activity here and I am sparing you most of the details -- but the industry came in and said, well, we are willing to agree to a stronger law, but we want to wipe out all the state laws that are different. And the consumer groups said, over our dead body.
And this issue prevented an otherwise largely consensus bill from passing in three separate Congresses. It took a long time before, no one was willing to concede on this, no one was willing to give up and everything else had been pretty much agreed to. So it is a very powerful issue, it is very difficult. There are very strong arguments on both sides.
DR. DETMER: And I think just practically speaking, as you say, one of the really tough issues is just the definitional issue. What is, in fact, a quote, tougher law?
MR. GELLMAN: And the definitional issue comes up whether you write a law that says stronger laws are preempted or you do not. Because just telling whether, even if you have a universal federal law that preempts everything, just determining what is preempted, what covers the same territory is not simple. You cannot get away from that problem no matter how you write your bill, and it is a killer.
DR. DETMER: Any other items there or comments?
DR. LUMPKIN: My question is, given the legal complexities, how does one actually formulate standards that might be associated with K2 if, as appears in the law, we have to have a single identifier and some electronic administrative simplification? I mean, how do you pass a law that works?
MR. GELLMAN: Well, you know, if you look at K2 you find schizophrenia. You find on the one hand what you said, a very strong notion of uniformity and administrative simplification and common rules and then you find the privacy provision in there, that is largely meaningless at the moment, that says, yes, and stronger state privacy laws should be preserved.
So, you know, I asked the question once here, if a state passes a law that says no one at HHS can see any record in this state, is that good? Is that a stronger law in the interest of privacy? Does that wipe out all the federal laws? And the answer is however you see it, maybe. I mean, this is completely unexplored and you can read what you want in K2 and you are not really going to find an answer. So I think basically you have to figure out what you think the right policy is and push that.
DR. DETMER: Barbara.
DR. STARFIELD: Well, I still am a little confused about the discussion --
DR. DETMER: That means you have understood this whole discussion very well.
DR. STARFIELD: No, wait, I think it would be helpful to split the issues into information that is needed for clinical care and information that is needed for other purposes. And you have mixed them a little bit up in here. There are some for both and some, and I think the answers are different, the solutions will be different for each one.
MS. FRAWLEY: The problem that you have, Barbara, just in response to that is that when, at the hearings and also when we had our NRC study committee making site visits and interviewing people, the secondary users, they want everything. They want the medical record. They do not want a defined data set. And that was one of the things we struggled with in our NRC report, is the unregulated flow of health information and how much do people legitimately need to reimburse a claim and do different functions?
DR. STARFIELD: But what do they want it for? They do not want it for clinical care, obviously.
MS. FRAWLEY: No, because there are people that are building up, you know data bases that have great value.
DR. STARFIELD: Yes, but I think that is different than the issues that we are dealing with in terms of patients wanting other practitioners to know about their medical history. It is a different issue.
MS. HUMPHREYS: It is a very different issue but maybe this particular example would --
DR. DETMER: Do you want to identify yourself?
MS. HUMPHREYS: I am sorry. Betsy Humphreys from the National Library of Medicine. And I have read this study and NLM commissioned the work and funded it, was the primary funder of it. But the thing that was interesting was look at it this way, which was something that I had not looked at. You go to your physician, your physician prescribes certain drugs. You go to a pharmacy, you pay for the drugs with your credit card. They have your name, they have your address, they know you are on the anti-psychotic. That is their information in their eyes. The pharmacy data bases are full of it.
In the meantime up in Boston we are nailing these people to the wall because they showed a health care provider somebody's psychiatric record. The pharmacy knows that you are on an anti-psychotic. They know exactly or they know the bottom line that was released. Over there is was a provider or somebody on the hospital staff saw it. Some of us, you know, it was an unfortunate release -- I am not in favor of it -- but if we could control that, we have not controlled the fact that the pharmacy data base knows you are on an anti-psychotic and they have just sold it to Revco or to 50 other people. And so that is the issue, you see. The patient consented. They walked in there and they paid for this and there is nothing that regulates the flow of that. So I guess, I mean that is just one specific example. These are not pieces of information necessarily that were released by the hospital or the care giver that got into the system.
DR. STARFIELD: But, you see, the pharmacist may need to have that information, I mean, certainly has because they need to know whether the drugs are, you know --
MS. HUMPHREYS: This is the whole issue. Is the secondary use of the data, after you have paid your bill with the pharmacist there is absolutely nothing controlling what the pharmacist does with the information.
DR. STARFIELD: But what I am suggesting is that we should deal with clinical uses of information and transfer of information differently than we deal with other uses because the solutions are different. The pharmacist has to be able to link drugs for clinical purposes.
DR. LUMPKIN: Aren't you saying the same thing?
DR. STARFIELD: I think we are saying the same thing.
DR. LUMPKIN: That you are describing, I think the terminology may be different. What I understand would be primary use would be what you are saying is clinical use. And then the secondary use where it is not being used for the care of the patient are those issues where we look at that differently than we would the use for providing care.
MS. HUMPHREYS: Yes, I do. And I am sorry. I was assuming that in your case you were not relating these purchase issues. You know, I go and I buy some medical appliance and right now the medical appliance, I mean, the pharmacist is one person. They work for a drug chain or a supermarket and suddenly this is in the supermarket data base which is then used for, I don't know, marketing information or discussion or whatever.
And nobody is doing anything illegal here. You know, this is not an abuse because the fact that they have linked me individually to this particular 25 sales of these drugs at the local pharmacy, and you say, well terrible, and then this somehow gets back to my employer or whoever later in the chain somehow gets it under the whatever system, and somebody says, well, these are abuses. They are not in the sense that no one has done a single illegal thing in all of this. I might feel that I have been harmed later on down this food chain, as she refers to it, but it is not illegal. Nobody has done anything wrong in a legal sense.
DR. DETMER: I would like to, at this point. come back and just give a couple very broad comments, because I think, for example, in our conversations at one point the comment was made that what we are really interested in is the quality of care. Well, some people that talked to us are more interested in privacy as a primary value than necessarily assuming just, bang(?), I am interested in the quality of care.
So we are talking about some very interesting divides. When we talk about the federal/state preemption issue, this may not even have anything to do with medical care in some people's minds. It is an issue of federal versus state rights.
And so there are a raft of these things that cut at currents in a democracy and in a free society, and I think to start getting to our task, I think that there is no question that the best we can hope for is the best we can do. I hope we get some revealed wisdom as well and I certainly think that the hearings up to this point, as well as what may follow, will be clearly useful to us, and a number of studies and such. But we are dealing with a point end time and a challenge.
I think the real question, and I think this is a very important question, really is, will this nation even get enough together to get a good basic privacy law on the books? Clearly I think it is something that many of us feel would leave us in a better situation than we are at this point.
But that is going to take, in my view, a fair amount of coming together across many different groups of people that have stakes on this, and being able to hopefully see enough common ground that we can get this accomplished. Because in the absence of that, I, really looking at what the alternative is, as I see the current K2 legislation, Secretarial rule-making, in my view, is a very weak second. Now that is, having said that, that is also what we sort of heard from the testimony. I must admit I am still needing to study that more because I do not have as good a handle on that as I would like, and obviously to say that in the void of saying, against what, and not having a specific bill out there. But if you look at at least a number of the pieces of legislation that have been, bills that have been drafted, I think that that is not an unsafe statement, at least my sense of it.
We get to make some recommendations, obviously, and have some time line on that, so what I thought it would be useful to do -- I also will say, I would like to give about ten minutes to the audience to make some comments as well and I think the problem is ten minutes is no where near adequate, two years probably is not adequate.
We will be coming back at this in a variety of ways, but I want to make sure we at least have about 15 or 20 minutes here to talk also about, let's start talking about how we might move toward the recommendations that we need to make.
This has been, by the way, though, very successful in my sense of trying to bring the whole group up to some speed on what has happened up to this point on the testimony. So, Mr. Gellman had talked a bit about that as well, and if it is fair enough, I would like to come back now and start, if we can, talking a little bit of how we might shape ourselves toward the issues for recommendations.
MR. GELLMAN: I have been thinking about this. This is really hard to figure out how this committee can be useful and make recommendations. If you looked at any of the proposals, just for purposes of seeing what is there, you know, you have some of them, some of the proposals are 90 pages long, filled with detail, and there are tons of details that have not been addressed by anybody yet.
So, you know, the ultimate bill that passes, my guess is, unless you write a bill that says the Secretary shall write regulations for everything, which is the, you know, Congressional cop-out when they cannot agree on anything else, but unless you have an approach like that, if you try and deal with this in legislation you are going to end up having a bill that is going to be 150 pages long, it is going to be incredibly detailed.
What do we have to say about this process from this committee? And it seems to me that attempting to draft a bill, which presumably we could do, is just simply beyond our capabilities and scope, and not, we do not have time to do it. To even try to address all of the issues, or even the major issues is going to be difficult and it is going to create a couple of different kinds of problems.
One of them is we are never going to agree on everything. There are going to be different points of view on some issues and we are going to end up having, we are going to end up writing recommendations and then writing minority reports on recommendations. So it is going to dilute the effect of what we do. I think that is almost inevitable if you get into a level of detail. It may be worthwhile, but that does not help.
Another problem that is almost certain to arise is that the more specific that we get, and I am going to pick a specific issue here as an example and that is law enforcement access, this was a big issue in the last Congress and there was a fight within the Administration on this. And from what I heard about it, the Secretary lost, the Attorney General won and the Administration was taking a position that very much favored law enforcement access.
My suspicion is that if we had a vote on an issue like that here that we would be inclined to agree with the Secretary rather than the Attorney General. If the Administration takes a different position we may put ourselves -- and this may happen with lots of issues -- we may put ourselves in a position where we have taken a point of view that is diametrically opposed to what the Administration is for. That is not necessarily good or bad but it creates political problems that may have repercussions for how this committee is viewed, and it may not help the issue. And I am not sure, by the way, that anyone is going to much care whether we recommend this or that or something else as you get down to a level of detail.
The question is, how can this committee affect the process here and what can we do? And I think that Don, you know, took a step in the right direction with what he said. If you look at what is out there, we have a lot of very general, very broad and, basically, largely useless agreement. It does not help that everybody thinks that confidentiality is very important. It is a very nice sentiment, but we do not have any agreement beyond that. There are some extreme uncooperative positions on all sides. There has been a lot of posturing here. And I think that this committee can be effective in trying to, I am not saying that we want to take names and identify people, but trying to get people to be more realistic, to try and encourage people to sit down at the appropriate table, this is not the appropriate table for working out the details, but to be cooperative and be committed to this and to be willing to compromise.
I think that we need to encourage the user community to come forward, many of them already are, I am not trying to suggest that there isn't an interest here. I think we need to go to the privacy community and get them to also be more realistic in terms of what is doable, and more cooperative. I am not asking anyone to abandon principles but the principle here is you need a bill, it is very important and centrally, in a lot of respects, some bill is better than no bill.
We need to go to the Administration and do what we can to get them to assign this a high priority. And I know that that is going to be a problem within the Department, but it may be less of a concern at the Administration.
I think we need to identify areas such as this technology point, the idea of non identifiable numbers, non identifiable uses of information, that needs more research, that needs more attention, that needs more development, and we need to encourage that.
And I think we need to go to Capitol Hill and encourage them to give this issue a high priority, to make a commitment to pass a bill in the near future, certainly no later than the end of this Congress next year, so that we can have something well in advance of the 1999 deadline. And I think that basically what we can do that is useful is to serve as more of a conscience on this issue than to get involved and to try and determine, you know, the exact procedures that should apply when researchers get records and whether they have to go through an IRB and how the IRB should be constituted. All of those things are important, but I am not sure that we have something to contribute that would be different than anyone else.
And there really is not anybody else out there, I think, who is in the position of trying to essentially be some sort of a moral leader on this and identify the importance of the issue and try and encourage people to work together and to compromise. I think that is the drift of the kinds of recommendations that we ought to pursue.
DR. DETMER: Yes, that is a first, just one expression from one of our committee members on this topic. I think that we have this issue of both what we could say and how we could go at saying it. And then I think we also have to deal, perhaps, a little bit as well with the process by which we will try to come together toward our recommendations as well. But I think today what we wanted to do was let's have a little more conversation on some of the other thoughts that you have, various of you, on, you know, the dimensions, if you will, of our recommendations and just start getting into that dialogue a little bit.
And, I will put you on the spot, Elizabeth, you and Richard have been on the hearing committees and so forth and --
[Interruption.]
Exactly, Simon and John and Kathleen, exactly. So, in fact, why don't we do that, actually, or any way you want we can open it up, but you are exactly right.
MS. FRAWLEY: I guess I will start. I mean, I concur with Bob that I do not think that it is feasible for us to come up with a legislative proposal. Basically our mandate is to come up with some recommendations to the Secretary, and it is very specific, I think, the three areas where she has to make her privacy recommendations to Congress. And so I think probably if we were able to come up, you know, with a set of principles it might be the best way to approach it. Because to me that recommendation that she is going to make to Congress could form the basis for legislation.
But I do not think the committee wants to be in the situation of trying to draft legislation or getting into really, you know, refereeing a lot of differences of opinion, because there certainly are very strong opinions out there in this arena.
But, I mean, we know very clearly what the sections are that she has to make recommendations on. Do you want to review those? The rights of individuals to access their health information -- I do not have the legislation in front of me -- it was three points, John, that she has to make recommendations on.
PARTICIPANT: That contain at least those.
MS. FRAWLEY: Yes.
MR. FANNING: The recommendations under subsection A shall address at least the following: 1. The rights that an individual who is a subject of individually identifiable health information has. 2. The procedures that should be established for the exercise of such rights. 3. The uses and disclosures of such information that should be authorized or required.
DR. DETMER: That is essentially the task that you have. Obviously this committee can speak to more things if it chooses to do that.
PARTICIPANT: That is everything.
[Simultaneous comments.]
DR. DETMER: Yes, that sounds broad enough.
[Background conversation.]
MR. FANNING: -- the entire situation. That is not terribly much guidance. If you advised on all of those things in detail, well, we would be back to what Bob suggested was not a feasible task.
DR. DETMER: Simon, do you want to weigh in?
DR. COHN: I agree with Kathleen about the need for principles. I, however, am sitting here being at the same time concerned that we need to move far enough that we feel comfortable also advocating for electronic transaction standards for administrative transactions, to feel that that information is secure.
And so, at 50,000 feet everything looks good. It is usually when things get a little lower that it gets to be really that meaningful discussion occurs. And so I would say, yes, we need principles but in areas where we do have consensus we should try to go as deep as we can.
DR. HARDING: I agree with most of, just about everything that Bob said. I think that the idea of taking the high road, the principled way of looking at it and trying to come up with those principles of not only what is done with medical record information but also what should be done with medical record information.
And I think the idea that Barbara had about clinical issues, I think that we have to really work on fire walls between clinical issues and non clinical issues in that information that is piled up. I think it is easier to come up with good ideas about what we can do with patient provider information and so forth. When it starts getting outside of that we have to have ways to stop that, I think, without clear consent on the patient's part to allow that information to go outside of the clinical. And that would be what I would push for.
DR. DETMER: But I assume from what I had heard you at least ask some of the people in testimony, public health you consider different(?) than clinical.
DR. HARDING: Yes.
DR. DETMER: Okay. Elizabeth and then come back.
MS. WARD: I think that obviously, I will just reiterate the principle, we cannot get into a level of detail that would be impossible, but I think that there are some areas that it does relate to, that most people are unaware of how much data is transmitted on for billing and payment in the employer/purchaser arena because that is where it has changed so much from going into your provider and knowing some sort of record is there. And I think that is an area where we can make some good policy directions about the misuse.
There are certainly some people who are offended if the insurer sees it. I think that is a smaller group of people than the people who are concerned that they may misuse that. They may see it, but what they are worried about is they will misuse that. And that is the employer decides to cut off my insurance, the health plan decides because of their next capitation that has come down that they are going to select out people or they are going to reduce my benefits. And it is that misuse, I do not know if we can come up with something, that is the part [noise interference.] that I am most concerned about.
DR. DETMER: Clem?
DR. MC DONALD: I guess I am siding with everyone that would like to do a little bit more than just be a cheerleader. With all due respects because Gellman has done such a good job on all this stuff, but I do not know if he meant that exactly, and there are some areas I think, just reading through the report, there are some areas, [unintelligible] would be non controversial within this committee, that we should say, yes, you should encrypt stuff sent over the wire and list a couple, you know, some, and I love the idea of trying to at least be highly discriminate when we are thinking about what rules apply, those used for direct patient care versus those used for other things because the things that everyone is kind of upset about I still think are outside the walls and we could really make care hard to give if we overload the process on the care giving part. People are unconscious sometimes and they cannot sign consents. I mean, there are all those problems. Maybe that is just because I am a care giver.
DR. DETMER: Yes, Vince.
DR. MOR: I believe it is going to be difficult for us to actually articulate a firewall between the clinical and the non clinical because increasingly clinical information is aggregated for specifically the purpose of quality improvement functions which are then directly fed back into the care processes both in the application to specific individuals in terms of algorithms, reminder systems and so on and so forth, as well as in management efficiencies. And I do not think it is going to be possible in any reasonable way to make any kind of meaningful differentiation between efficiency efforts and quality improvement efforts.
DR. MC DONALD: That could all be clinical. I do not mind saying it, I agree with you, we are not going to make an operational computer-based decision rule that is going to separate these out, but highlighting, there is a spectrum and certainly you can find stuff at two ends that would help give legislators attention to that.
DR. DETMER: Kathleen.
MS. FRAWLEY: I agree with Clem that that is probably the biggest struggle we have, is that you do not want to tie, you know, care givers up in terms of who can have access to information, and certainly there are a lot of internal functions that need to go on, you know, in terms of providing care.
It is the secondary users where I think if we could at least move in the direction of a lot of the functions that they provide that could be done with non identifiable information and I think that is an important thing.
And the other point that I just wanted to raise, which we really have not addressed this afternoon but keeps coming up over and over, is I do not think we should get into an issue in terms of what type of media that information is collected or stored on. As Bob pointed out, there are privacy advocates who do not necessarily think that their information should be in a computer. I hate to see a situation where you have patients walking in telling a physician, well, I would like mine on this 3x5 card, you can put it on a post-it note, or I only want it on paper, or I want to take it with me.
And I think that we have to have a guiding set of principles for how information is collected, stored, maintained, you know, and handled. And I hate to see us getting into this because that was one of the concerns that we had with the NRC report, you know, the whole issue of is paper better than electronic or, you know, this or that? So, I think the media issue is kind of also lurking out there because if you look at a lot of the consumer articles that are out there, it is always positioning, you know, the negatives and I do not think we a lot of times, you know, promote the use of the technology and how well that can help in terms of quality care.
DR. DETMER: We have not particularly talked about sanctions either. That is also something that clearly has come up in all of this discussion and how that relates. I think we probably would be speaking to that, or I missed it. I must admit, it has been a long day.
MS. GREENBERG: I think Elizabeth's statement could translate into that, that the misuses are what are of concern and when there are no sanctions those kinds of things can go on. And so I think sanctions are very much a [unintelligible] part and I think we did hear that in the hearings.
MR. GELLMAN: Just to add a word, sanctions are not particularly controversial. Everyone is willing to have sanctions if you have clear rules. You know, the question is, what is sanctionable? That is the real issue.
DR. DETMER: Okay, I would like at this point to open the floor to other people who have sat here very patiently, and if you have a comment or a question that you would like to present to us, please make yourself known at the microphone and we would be delighted to hear from you. As I said, this is our point of departure getting into this, so if you would like to say something now, that is fine. If you want to get in touch with us later, that is fine. But we clearly, obviously, are trying to give the Secretary the best information we can, the best judgements that we can. So, if you would like to comment that would be great.
MR. KUHN: Louis Kuhn with AHCPR. Even if you had a complete record that was on paper and that patient signs a non consent so that that information would not release, but that patient goes with a credit card to the pharmacy, via the UPC code they could detect what medication went and that information could be sold by MasterCard, VISA, whatever, to people that sell medications or whatever. So every time that there is an electronic transaction there is going to be a way of tracing it and I believe that there should be some data protection in that sense.
The second point deals with the identifier. There is a great need for the future, particularly when you go to high end computers, to be able to look into the prevention of disease, and if somebody, if you start having computer-based patient records that contain information, genetic information perhaps, and you want to be able to connect a grandchild with a grandparent because of the diseases that that grandparent had, obviously if you do not have that record connected you cannot benefit the child with the findings that people could have.
DR. DETMER: Okay, thank you. Other comments, questions?
MR. FITZMORRIS: Michael Fitzmorris, the Agency for Health Care Policy and Research. I am going to approach it at a kind of a different angle. I have not heard an awful lot about consumer protection and it seems to me that all these rules that we are talking about are to protect the patient from harm or maybe the provider, maybe the organization.
Harm has some value and sometimes and I am harmed and it is very small. I get a flyer in the mail and I say, how did they get my name, I toss it away. Another time if I have a record of mental illness, a child out of wedlock, some other thing, that might be great harm. And so, should there be some proposal, some principle that says, consumers should have an access to redress some harm?
I am not a lawyer so this is probably something more for the lawyers, but it seems that putting restrictions on the data, putting restrictions on the uses of it does not really get at what is the value of the damage that is done? And should there be some way of coming back and protecting the consumer against the value of that damage?
Quality assurance, if something happens to me and I do not know about it, am I harmed or is it just the system that is harmed?
DR. DETMER: Okay. Yes.
MR. GREENFIELD: Steve Greenfield with the Inspector General's Office. Just one question about what may have occurred during your testimony on the privacy issues. You mentioned on the claims process the number of different entities involved in the transmission of records and the terms of assessing responsibility or controls over the process. One of the things we had a report on a couple of years ago, or raised an issue, I guess, was about the custody of records and admissibility of records from electronic systems as evidence in federal courts.
I believe the IRM Division of the Department of Justice has put out standards in terms of electronic, or standards that must be met for electronic records. Has that been considered by the committee? If not, I would think that is something that certainly the committee should consider in terms of implications for responsibility for data integrity and also in terms of possible use of the records in malpractice or other legal proceedings, as well as fraud and abuse, obviously.
MR. GELLMAN: It is not a problem that came up at the hearings. I mean, the problem of the admissibility of electronic records is a general one. It does not really relate specifically to medical records and I suspect that that is a problem for somebody else to solve.
DR. DETMER: Others?
MR. NAP: Yes, John Nap with the International Billing Association. And one of the areas that, I guess in the law that you are supposed to address is the access of patients to their medical records and in some of the legislation that is out there now there would be provisions to allow patients to go to entities besides their providers to correct their records, including billing companies.
And while we are not in favor of this for a variety of reasons, one of them that we think you should keep in mind is it kind of violates the provider/patient contract. If they are going outside of that loop to correct their records presents all sorts of problems, liability as well as clinical care problems. We just want to make sure that is addressed.
DR. DETMER: Yes, that actually did come up in the testimony, actually more than a couple of times. So, but thank you. Others?
[No response.]
Okay, I just also wanted the group to know that we have gotten, I have gotten some mailings asking whether we would, could have, would have hearings on the West Coast. It is difficult to, this country is not, you know, all in one close, little district, and obviously D.C. is not centrally located. So, at any event, that is another issue that I think we ought to think through a little bit. I think the concerns that we have had mostly is budget. People have also offered to help defray some of those costs. The problem then we have is are we beholding to that and how do we deal with that, both perceptionally as well as legally? But it is something that we probably ought to talk about before we adjourn tomorrow.
[Background conversation.]
The other, just a housekeeping item before we adjourn tonight. If you are coming because of the committee meeting on the 15th and 16th of April, we need to reserve your hotel rooms now so that you will have a place. April is a very month. So that is just a housekeeping item.
I want to thank everybody. I think we have had really a busy day and a good day and we will adjourn now and then we will reassemble tomorrow at 9:00 a.m. Thank you. Yes, we will be in this room tomorrow.
[Whereupon the meeting adjourned at 5:20 p.m. to reconvene at 9:00 a.m. the next day, March 14, 1997.]