Hubert H. Humphrey Building
Room 303A
200
Independence Avenue, SW
Washington, DC 20201
Robert M. Gellman, J.D., Chair
Simon P. Cohn, M.D., M.P.H., FACP
Kathleen A. Frawley, J.D., M.S., RRA
Richard K. Harding, M.D.
M. Elizabeth Ward, M.N.
John P. Fanning, J.D.
Nelson Berry
Judith Galloway
Harvey
Schwartz, Ph.D.
Roundtable Participants:
Elizabeth Andrews,
M.D., Glaxo-Wellcome, Inc.
Susan Mize, Metabolic Information Network
Susan Panny, M.D., MD Dept. of Health and Mental Hygiene
Priscilla
Regan, George Mason University
Brenda Edwards, Ph.D., National Cancer
Institute
Michael Langan, NORD
Janice Platner, MA Cancer
Registry Advisory Committee Policy
Lewis Roht, M.D., M.P.H., Hoechst,
Marion, Roussell
George H. Van Amburg, M.P.H., M.S., MI Public Health
Institute
Scott F. Wetterhall, M.D., M.P.H., CDC
Convene Roundtable Discussion, Introduction of Participants - Robert Gellman, Chair
Roundtable Discussion: Health and Medical Registries
MR. GELLMAN: Good morning. We're going to cover a lot of the same introductory ground we did yesterday. I know there are a lot of people here, who were here yesterday, but everybody wasn't.
This is the Subcommittee on Privacy and Confidentiality of the National Committee on Vital and Health Statistics. I am Bob Gellman, chairman of the subcommittee. This is the second day of a two day meeting. We are trying to deal with two relatively narrowly focused issues involving health privacy that don't normally get attention.
When legislation is discussed, the focus tends to be on the grander issues of preemption or informed consent or law enforcement access or what have you, and a lot of the smaller issues simply don't get much public attention. The purpose here is to take a look at these issues, and see if we can figure out what the problems are, identify approaches, come to some conclusion of one sort or another.
It remains to be seen whether we will do that or not. Yesterday I thought we had a very good discussion. I think we probably left more confused than we were when we started. The discussion yesterday was on what's an identifiable record. I at least came in thinking there was a scale of identifiability ranging from non-identifiable to fully identifiable. Now I kind of think there is a scale that ranges from identifiable to somewhat identifiable, and that's as far as you can go.
Today's topic is registries. What is a registry? How do registries fit into the general scheme? My perspective is always that of the legislative scheme, but we are not specifically looking at any of the bills today.
What is a registry? A registry is a list of people. A list of students at school is a registry if you like. A list of patients in a clinic is a registry. A list of folks with a drivers license, which has health codes on it by the way, is a registry. A direct marketer's list of people with arthritis is a registry. It depends on how you define registries.
How do we distinguish between a good registry and a bad registry, if those are appropriate adjectives? Who is entitled to open a registry and collect health data? What are the terms under which they collect the data, use the data, store the data? Those are some of the subjects today.
As with yesterday, we are not under any obligation to produce a specific product or outcome. We will be exploring these issues, and see where they go, and see what we can learn. So maybe the committee will come to a conclusion; maybe all of you will come to a conclusion, and maybe not.
Hopefully, we will go away with a better understanding of the facts, the uses of information, the benefits, the constraints, be they legislative or operational, how the technology applies to all of this, and draw some policy conclusions.
John Fanning gave me a quote this morning from the AOL-Navy case, if that rings a bell with people. I'm not sure. It's an interesting quote from Stanley Sporkin(?) a couple of days ago. "In these days of Big Brother, where through technology and otherwise, the privacy interest of individuals from all walks of life are being ignored or marginalized, it is imperative that statutes explicitly protecting these rights be strictly observed."
I love that, but of course we don't have any statutes here.
MR. FANNING: There are some, Bob.
MR. GELLMAN: Right, but it just makes it even harder. Just to make one more point about the legislative issue, yesterday we talked about identifiable records, and I was able to go to all the bills that are floating around and find a definition of identifiable and non-identifiable. The definitions were all significantly different, but it was there.
On the registry point, there is nothing to point to. There is nothing in any of the bills that says registries are defined in this way -- and I'm talking about any of the health confidentiality bills. Of course there are some statutes, and we'll talk about them later, but there is nothing in there that says these are the rules that regulate the disclosure of information to registries, or these are the rules that regulate the disclosure of information from registries.
I'm not prepared to say that that's a problem or a concern. It may be that's just fine, but I think that is one of the things that will be in the background here, is do registries need to be regulated in some additional way, in some special way? I'm not sure about that.
The way we are going to proceed here is with some introductions of everybody. The agenda is going to be roughly the way it was yesterday. We're going to try and focus more on facts in morning; what people are doing; what their requirements are; how they collect data, that sort of thing. Then we will begin to discuss, when we're done with that, either this morning or this afternoon, some of the more substantive issues, and see where we can reach conclusions or not, as the case may be.
I think maybe we will begin as we did yesterday, in the audience. Would you like to identify yourself?
[Introductions of the audience were made.]
MR. GELLMAN: Thank you all for coming. I'll think we'll just go around the table. Those of you who are invited participants, if you want to say an extra word or two about your organization and your perspective on this, that will be great. You'll have a chance later on to talk in more detail about your activities.
[Introductions of participants at the table were made.]
MR. GELLMAN: Thank you all for coming. An event of this sort takes a lot of work, and I'm grateful to all of you for being here. I am grateful to the staff who helped really put all of this together, and especially to Judy Galloway who did the bulk of the work here.
Let us begin. What we're going to do is I'm going to call on basically almost of you, if not all of you to talk about what you do. I'm going to begin with Brenda Edwards. Take a few minutes. Explain how you operate your statute, whatever you like.
DR. EDWARDS: Thank you.
A lot of what I'll say is the information the cancer surveillance activities within the National Cancer Institute. They are actually on our Web site. I am passing around the front page from that Web site, so if any of you after we leave today, want to peruse that, please feel free.
I also want to point out that Rosemary Clive and others from the Commission on Cancer, and Mary Lergen(?) from the Centers for Disease Control are here. We spend a fair amount of our time in meetings together, so some of what I will say I think has a lot of cross links to activities that are going on in other private, professional, and federal agencies.
First of all, the National Cancer Institute has developed a surveillance program. At the center of that program is SEER. It stands for Surveillance, Epidemiology and End Result. I think if you look at each of those components in our title, it actually characterizes both our roots and our future in terms of the kinds of activities in which we're engaged.
First of all, I can say that cancer registries build upon state-based and regional registries. The data we have in our federal database contains no personal identifiers. It contains a study or case I.D. So that any information I'm talking about in the SEER program, and that includes information that we make available through public use files on CD ROMs, including the data which has front end analytic packages, and you'll see on our Web site that you can make requests for our public use files, and we're now trying to make that data more available, usable, and available for analysis and use by many people in many sectors.
So our data does not contain any personal identifiers, but I think in what I suspect you discussed yesterday, we do have to content with the issues of information from that database being cross-classified, aggregate data being aggregated to the point so that you have small cell size, and that has the potential for in a sense, compromising this.
MR. GELLMAN: Could you talk a little bit about the fields of information that you do have, so we get a better sense of that?
DR. EDWARDS: The data content that we require our registries to provide to us include as I said, a study I.D. It contains socio-demographic information such as gender, age at diagnosis. One of the points that is now becoming a bit more controversial has to do with a geographic identification. So those are just some basic kinds of socio-demographic kinds of information to identify the case, but most of it --
MR. GELLMAN: You said age. Do you have exact birth date?
DR. EDWARDS: Month and year. We tend to convert that to age. We present it mostly by five year aggregates.
MR. GELLMAN: What do you do for geographic identifiers? Zip code?
DR. EDWARDS: Each registry manages that slightly differently, but most registries use some geo coding process to take the address, which they actually collect, convert it into some geo coded location. At the moment, we have been having information provided to us at the county level. There is some interest in that information being made available at the zip code level, or at the census tract level.
As we move to those finer and finer levels, we end up having some concern raised about how much of that information is provided to us; how much of it would go on a public use file. In general, we have always had county-level data in part because we have often been asked to generate statistics at the general level.
So we actually take the data on the cases, we obtain the populations from which they came, obtaining inter-censusal and projected population data from the Census Bureau for these geographic units that are within the SEER program, and calculate a cancer rate.
MR. GELLMAN: You said that some of the registries collect addresses?
DR. EDWARDS: All of the registries collect addresses.
MR. GELLMAN: Do they keep the addresses, or do they just get converted into codes and then discarded?
DR. EDWARDS: They collect it. How they manage that within a state is really within the state purview. It is not anything that we require, nor do we have any particular policy or procedure on that. I think most of them actually keep it, retain it, and it is certainly the confidential information.
Part of the issue we face in cancer registries, this is a population-based cancer registry. We report the data on cases, that is individuals may be in the database multiple times, because a cancer can occur multiple times in an individual. The state-based registries or regional registries actually have to consolidate information from multiple reporting sources, whether they be hospitals, pathology labs, radiology facilities, clinical practices.
So their requirement is to consolidate information on the same cancer case, and to try to resolve whether the information relates to that particular episode, that diagnosis. Is it a recurrence, or is it a second primary? In order to do that, they actually maintain a fair amount of what you would say is identified data. It is used from an administrative management standpoint, which we never see.
MR. GELLMAN: You said that a case number is used.
DR. EDWARDS: Study I.D. That is arbitrarily assigned. There is nothing unique about it.
MR. GELLMAN: So the linking that is required is done without names, without social security numbers?
DR. EDWARDS: They do that. We never see it.
MR. GELLMAN: When you say "they do it," you mean?
DR. EDWARDS: They, the state registries.
MR. GELLMAN: They have the information?
DR. EDWARDS: They do.
MR. GELLMAN: But it doesn't flow up to you?
DR. EDWARDS: It never flows up to us -- well, the only time any staff member would be aware of that information would be when - part of our program is to look at data that has ranched in quality of the data, the coverage, completeness, the accuracy of the information.
As part of the SEER program we have always had a quality control activity which involves field studies, to go out and to actually audit records. We do that through each of the state regional-based registries. We have our staff who would go. Actually at the moment it's the design for how we conduct our quality control programs, which whether it be case finding, re-abstracting, or coding of the elements is planned in conjunction with our program directors of the registries.
It focuses on issues we think that relate to quality or coverage. So we actually do have staff in the National Cancer Institute, and staff through a contractor quality control unit who do go and access medical records that do contain confidential information on-site as part of case findings.
Those individuals are required to follow all the rules of whatever is required of these medical facilities. That has actually been of concern at times, about the role of our quality control unit in actually having access to that information. That information is not removed from its source, but it is merely to be cross-checked, to make sure that the cases that are reported to us, that we have all the cases, and that the information is accurate.
So it depends on kind of what requirements are placed on individuals who are conducting these audits as to what we may need to do to assure it. I personally have been involved in one study where I basically had to sign a confidentiality statement that I certified that I would adhere to all the requirements of their state employees in order to even look at the information, and then not maintain it in any other form, if you will. Not utilize it in any way, or not retain anything that I kept, other than looking at it to assure that the information we had was accurate.
MR. GELLMAN: How are records linked across states?
DR. EDWARDS: Each state has to negotiate what I call the reciprocity agreements. I'm not quite sure about your question about how are data linked across states. We are a geographically defined, population-based registry. The requirement is that data on all cases among those residents be reported.
Many of those residents may go to hospitals across the river, across the border. They may be retirees who go far away. That is an issue. Most states engaged initiate and engage in discussions with those places that have information that would be where their populations may be in order to acquire information that pertains to any cancer that has been diagnosed.
Those agreements are negotiated and are implemented at the state level under their authority. We do not become involved in any of those discussions. That actually is an important issue that relates to quality coverage and the aggregation of data on residents in those geographic regions.
The data that we collect -- we talked about the geographic, the address question. Our primary purpose is on information that characterizes the cancer, the extent of the disease, the stage. We also collect a fair amount of information on treatment, though we focus on the first course of treatment, and mostly focus on modality.
We also are very interested, because we collect information on what happens to the patient, mostly survival status. We then actually track to find out whether the individuals are alive or not. We do not collect information on recurrence unless it would be through some special study.
This kind of activity often is characteristic of the information collected in hospital-based registries. Rose and others could address that particular function. You have heard that it is integral to their approvals for their cancer program. A registry is actually integral to clinical management and to their approvals program. I know a fair amount about it, but they are really in the best position to talk about it.
The state-based registries who have statutory authority now -- earlier some of them had administrative, public health authority for requiring that cancer be a reportable disease, and for if you will, running the cancer registry. We have not become involved in any way in what that authority is. Our requirement is that we have quality data, that it meets our audit criteria, and that information be provided to us in a certain time frame.
We then at the NCI, aggregate that information. We publish on it. We publish aggregate data, and we make public use files available for others who would want to use it. Our office provides an inquiries function. We get probably over 2,000 requests a year for information ranging from if you will, one piece of information, to our entire published report.
We annually publish data on cancer incidence, survival, and mortality, but we use mortality data from the National Center for Health Statistics, and we present that for both our SEER geographic regions and for the nation. SEER only covers 10-14 percent of the total U.S.
So we have been in business since the early 1970s, and our data is cumulative. That is, all patients are registered and reported to us that have been diagnosed in calendar years 1973 for the areas that we cover. We augment that database each year, and so every year it is a cumulating cohort of information, which is then updated and maintained and reported to us, and then we analyze it and make that information available.
We are making every effort we can to make that data more available. The more we make it available I think in some sense, the more we have to be concerned about who is using the information, and how the information is being used. For example, when we distribute our public use tapes, at the moment we do require that those who use it understand concerns that we have about tabulating data to generate small cell size.
Our public use file contains data on it that we feel is quality information, that is, if through our data collection quality control process we believe we have information that does not meet our quality standards, that information does not go on to a public use tape.
The piece that I have not really spoken about has to do in our surveillance program with sort of what goes around the program to make it what it is. First of all, a lot of the registry data is being used for many purposes. Our first purpose was to try to track the national cancer burden; who gets its, what happens to them.
We have then utilized this registry-based program, either as a group, or other programs that go on in other states that are not part of SEER for epidemiologic research, or for tracking other measures that are not part of the central data that we require to be collected.
We do that through sampling, through special studies, many of which if they go beyond what is mandated to be reported through the state registry, the legislation and the regulations would require IRB approval. So that is determined as to the nature of the information, whether it is validating existing information or whether it is collecting new information that is not necessarily reportable.
So we have used SEER over these years as a source of identifying cases for special studies, to address issues of etiology, patterns of care, more detail on quality of life, more detail on actually the whole spectrum of care.
We have a major study right now that is looking at prostate cancer. We call it health-related quality of care. It involves telephone interviews. Again, that would require a special IRB approval. It is being conducted by six of our ten registries. It is managed by an advisory committee, and a number of investigators.
So we use the SEER data as a springboard for a fair amount of surveillance research. We augment what is sort of the routine data elements in the routine reporting. When we do that, that then puts us into the research arena, and requires all the policies and procedures that go along with that.
MR. GELLMAN: Why aren't all the states involved in SEER?
DR. EDWARDS: Well, cancer registries -- it's a hard question. We actually oversample and overrepresent some of the special populations. When we started the SEER program there were not that many states that had registries that had been involved in it with quite the length of time, nor had met some of the quality control completeness reporting.
So there was an issue of either legislation was not in place. The activities of the registry that was there, there was not sort of an historical track record. We have had a few registries that have been in, and are out over time, but mostly there was not really I think a requirement that all states have a registry.
There are states that have had registries, that were not included. This had to do with trying to acquire information on populations so that we had coverage of a broad spectrum of populations, and also in the sense that we oversample special populations, because of the small numbers. So it was actually based on what was the track record and the sort of experience with cancer registration.
DR. SCHWARTZ: Can you tell me who the users are of your information? Who requests information from you regularly, and are there any groups that you have turned down?
DR. EDWARDS: Well, first of all let me just point out why not registries in every state. By referring to the CDC program, in 1992, there was legislation that required that the Centers for Disease Control -- well, the secretary that was then delegated to the CDC, they institute a national program of cancer registries to either help develop registries in every state, or enhance existing ones. So Mary could actually speak to that. It's recent, and there has actually been a major change in the landscape in terms of legislation, the development of registries, and that activity there.
Who are our users? It really is quite broad. We, in our program, actually do not field many questions from patient advocates. Occasionally they come to us. Most of those questions go to our Office of Cancer Communications.
Most of our requests range from health professionals, health researchers. We do acquire a fair number of requests from those who are trying to gauge the market. They are perhaps trying to decide is it time to move into an arena in terms of a drug. How many cases of this type? Sometimes we can answer that question, and sometimes we cannot, because they may ask a very focused question on a certain disease site with histology.
So we have a wide range of users from the public and private sector. Again, we have a lot of users from the public sector, but most of those are fielded through our cancer information service, that then accesses the published data. So our office does not really see that. Most are really health professionals and researchers that our office directly responds to. That is, of course, in addition to other federal agencies and the Congress and our senior directors, people who may be giving talks and want to have some specific information.
DR. SCHWARTZ: Can you just briefly describe a bit more that quality of care project, and the decision as to why an IRB wasn't needed?
DR. EDWARDS: It was needed.
DR. SCHWARTZ: Oh, it was needed. You had mentioned also that there was an advisory committee that was managing it. Is this a data set monitoring board?
DR. EDWARDS: No. This is observational data, so it's not a trial. No, the advisory board is sort of used with lower case A. It is really a technical group. Because the study is large and involves six registries, it is quality of life, it is in a sense managed by in-house staff. It engages all the senior researchers in the six sites.
We also wanted to tap into people who had done research in the arena of quality of life, the sampling issue, how you select the cases, because we oversample Hispanics and blacks. So it's really a technical group that helped provide information on how to design the study, the questionnaire, and to help as we move through the analyses.
So, no, we didn't need an IRB for that --
DR. SCHWARTZ: NIH's IRB?
DR. EDWARDS: No.
DR. SCHWARTZ: An outside IRB?
DR. EDWARDS: Because each of the six participants has their own procedures for IRBs. Let me just say that the SEER program actually has contracts. Of the ten contracts, nine of them go to universities that have been delegated the authority to run those state- or regional-based registries, one of which is to a department of health.
Everyone has a slightly different process as to what they require. Many of them have their own IRBs. Others have not only their own IRB, but they have sort of other series of IRBs that they must bring it forward to. So we don't manage that. We need to be assured, and we require that, that they have the appropriate approvals that are appropriate for their management of their registry and the conduct of their research.
MR. FANNING: Can you go into a little more about the CDC and their program, or maybe Scott could shed some light on this? I just want to get to the coverage thing.
DR. EDWARDS: In 1992, the legislation was imposed in part for sort of -- actually, I think it got started with an interest in breast cancer, and the need for data that was available in regions and states other than what SEER covered. They started funding the program in 1994. I think that you more or less cover about 40-some odd states. There is funding to over 40 states now?
DR. WETTERHALL: Yes, currently we support 45 states, the District of Columbia, and three territories. The intent is to have nationwide coverage. The model is very similar to what Brenda has been describing insofar as these functions are devolved to the state, so our role is in providing technical assistance, financial support, assistance in drafting model legislation, assistance in assuring quality.
DR. EDWARDS: I think there is probably one other thing that I haven't made known to this group. Cancer registries, again, the first state that had one was Connecticut. That's in the 1930s. Hospitals have been involved with cancer registries probably since the very beginning of time, but certainly in the thirties, many run by pathologists or by clinicians.
Cancer registries really builds upon the hospital-based registry. That is changing now, because of the way health care is changing. So that really has meant that the problem of maintaining the registries at the state and local level has changed.
In the late eighties, because there has been this variety of effort and activity in cancer registry at both level and at the state or population level, an organization was formed which currently has the title the North American Association of Central Cancer Registries. It involves the American College of Surgeons, the National Cancer Institute, there is a formal organization called the National Cancer Registrars Association, the American Cancer Institute, which has utilized both registry and vital statistics data on cancer, probably a couple of others involved in cancer organizations.
We started meeting. Part of that purpose was to try to move forward in looking at how we each do our business. How we could be more efficient and effective in creating data standards. The information that we collect. We all had at times slightly different rules, slightly different approaches. This was sort of becoming both a burden on those who had to provide it. It was expensive. It created issues of data quality.
So we have actually been meeting as an organization since the late eighties, and that's why part of us end up being at meetings quite a lot. It is a voluntary organization. We each provide sponsorship to that. Much of this work goes through by technical committees.
So I would like to say that I think that has been the umbrella entity through which we come together and actually try to improve and make more efficient cancer registries for the use of both public health, clinical medical practice, as well as research.
DR. HARDING: I had a squamous cell cut off. I had cancer.
DR. EDWARDS: You are not in our registry.
DR. HARDING: I just wondered if I was in the registry and didn't know it. Where is the consent started? At hospitals who have their registries, do they have consent when a person signs into the hospital? I'm just asking; I don't know.
DR. EDWARDS: No, mostly not.
DR. HARDING: There is no consent in general?
DR. EDWARDS: No, because cancer -- there are statutory requirements in most states for cancer to be a reportable disease. As it comes to the state level, there is no consent.
DR. HARDING: There is no issue of consent because of the statutory --
DR. EDWARDS: At the moment. Nor as far as I know in terms of it being maintained in a hospital-based registry. Again, the intent there is the way the registry has been used at the hospital level is through -- again, you can hear more about it, and perhaps you know as much or more about it than I might from a personal level.
The cancer registry actually has been used to track within the hospital, what is the patient load, what is happening. That information is often used in cancer conferences by the clinicians that are actually providing the care. That information is reviewed, discussed. Again, the intent is to try to improve patient management, and inform the group in the aggregate.
MS. REGAN: How specific do those state statutes tend to be in terms of the amount of the information that they ask to be reported?
DR. EDWARDS: Well --
MS. REGAN: Is it just the disease be reported, if you are looking at questions of quality of care and quality of life?
DR. EDWARDS: My understanding -- and again, I think the CDC, who has actually looked at almost all the legislation. As you have heard, one of the purposes of the NPCR was to talk about model legislation. My understanding is that it varies in terms of which cancers are reported. There is even an issue whether in situ is reported, that is, survival as an incidence-based only. So the specificity, as far as I know, varies.
Now with the NPCR -- National Program of Cancer Registries -- the legislation actually identified some data elements. So I think the intent with those that have been developing or expanding registries through that program, the intent is to be a bit more uniform.
DR. DETMER: I'd like to maybe take a minute to give you a case story, for some of you who may not sort of know some of this can work in the real front line of life. Twenty-some years ago I got paged one afternoon about a young woman, 25, in the emergency room in shock, otherwise known as being totally healthy.
About her only relevant history was that she had been on birth control pills for about five years. I went to the operating room. Happily, we discovered we could deal with, but unhappily discovered something that we didn't know what was going on. Liver tumors are typically not prevalent in young adults.
The other problem was this woman had small tumors you could palpate across her liver. The liver is a very vascular organ. One of these was right at the edge of the liver, and was bleeding profusely. I was able to resect that, but then I was left with what should I do with these other tumors? Were they cancer? Were they hepatomas, benign adenoma? What were we really dealing with.
So we got biopsies. Liver biopsy in a frozen section situation is not easy to sort out. Is it cancer? Is it benign adenoma? In consideration of her age and so forth, we concluded that probably it was not cancer, but we obviously didn't know, and during all of this sent some of the folks out to try to find out what other people may know. Check with registries. Check with colleagues. There was nothing in the literature. There was literally no literature on this.
We found a case by phone connections of a case a couple of weeks earlier of a woman who died having her liver resected, removed in a transplant -- not trying to do a transplant, but trying to do a major resection out in California. There were a couple of cases from the East Coast. This was in Wisconsin.
At any rate, we concluded that in fact we had gotten her out. Her liver functions were fine. She stabilized. Her blood pressure had come up, so we decided in fact to just find out more, and closed up. She recovered from the surgery pretty quickly, and it looked like it was a hepatoma by the time we got the permanent sections out.
We still had this issue, what was going on here? It was a very rare kind of thing. We essentially went through a series of questions. Would this thing reverse? Was it in fact induced by her birth control pills and so forth? It turns out that a small set of cases were identified, and that it did look like if they stopped the birth control, these things would regress; that in fact they wouldn't proceed to cancer.
The question of course became well not only what's the best treatment for this when you don't know what is going on? How aggressive should you be as a surgeon? Also, is thing reversible or not? What should you do about warning people that they may immediately go into shock some given morning, because they have occult tumors that in fact are very friable, and very likely to bleed?
So there you got into a question of do you need to be able to be coming to specific individuals, letting them know because of their drug prescriptions, have they been on this for a few years, should you let them know and bring them in for scans, and look through all of that?
At any event, it sorted out, but that was one example of how I think these registries were very useful, because we started getting the American College of Surgeons on this issue, and over the course of about eight months we really were able to lay out a pattern of practice that suggested don't be that aggressive. It is not that common. It can be fatal. It can be problematic in some people, but typically is not. The registry data really helped sort that out.
Another example, 20-some years ago I was doing heart valve evaluation work in calves at NIH. We were doing valve replacements using human-sized valves in calves to see whether the materials would hold up. We found that some of the metal struts on some of the valves did show wear earlier than one would like think would maybe occur.
This, by the time it then went into human application, alerted registries to really track very carefully, the performance of these valves, and in fact subsequently some years later they ultimately were taken off the market, because a better valve came along, but it helped the porcine leaflets move on.
So I think the interesting thing is that we do have new therapies, new techniques and so forth constantly coming into medicine. So it's not as there are new things under the sun. I think these registries not only allow, as she is saying, clinicians on the front line, but then also an awful lot of public health and epidemiology also kind of gets into it.
MR. GELLMAN: Thank you. That was a good story. I don't have to watch "ER" tonight.
Anything else you want to say at this point, or should we move on?
DR. EDWARDS: I think you probably have a full agenda. I will jump in. Probably there are many things I didn't say, but I think we probably should move to the other kinds of registries and other kinds of issues.
MR. GELLMAN: Well, I think actually we're going to stick with the cancer registry idea. George, do you want to pick up from here.
MR. VAN AMBURG: I asked Bob to follow you, because for many years in my career I operated the cancer registry, along with some other registries. Actually the model for the cancer registry pretty much follows, at least in Michigan, the operation of the other large registries.
Michigan's cancer registry went back to 1985, which preceded the national legislation on state cancer registries. One of the SEER registries is the Detroit metro region, so we already had 50 percent of our population covered in a registry before we actually had legislation.
The legislation was spurred primarily by concerns in the environment in the 1980s. As I'm sure you realize, Michigan is completely surrounded by water almost, except for to the south. There was concern about the waters. We also had a problem in 1974, a fire retardant in cattle called PBB, polybrominated biphenyls.
So there was interest in the environment, and we did get statutory legislation for the reporting of cancer in 1985. That legislation has been kind of a model for the rest of our registry legislation that was enacted since that time. It basically requires the reporting of certain cancers, excluding skin cancers. It leaves pretty much the rest of what is reported up to administrative rule, which is actually the way you want to design something, so you have some flexibility to add items later on, or take items away that prove not to be valuable.
In fact, the national legislation and the requirements for new items, it was very easy for Michigan to add those items to its data set, because of the administrative rule process, by not having to go back through and change legislation.
That legislation also specified access to the data at various levels, and I'll get into that in a minute.
Brenda did not indicate, I don't think, that the SEER registries for the most part, are active case ascertainment. At least in Detroit there are, where people go out and abstract the records from physicians and hospitals and laboratories. Most state registries that are not SEER supported are passive registries in which physicians, hospitals, laboratories report cancer cases to the state.
Now clearly the active process is much more expensive, and it gives better results, and more complete results. The passive reporting works very well if you have a medical community that is interested in the registry, and you provide them with sufficient feedback to motivate their interest.
This registry was in operation since 1985. We now have well over 275,000 cases of cancer in the registry. We do collect identifiable data. We do keep it. There is very good reason for that. In Michigan we get about 45,000 cases of cancer reported per year. Of those, about 24,000 end up being unique cases. We have that much duplicate reporting which has to be weeded out of the registry.
You really want that duplicate reporting, because at least in cancer, unlike some other things, people do shop around for diagnoses. They go to different physicians. They go to different institutions. They may go up to Mayo. They may go to M.D. Anderson in Texas.
So we get multiple reports for people, and you need that identifiable information, at least on the front end, to be able to start matching these up, and eliminating the duplicate reports, then ascertaining if you have different information on cancers, which one of the diagnoses you want to keep. It is not a simple job.
Registries are really not very useful in their initial stages of development. It takes a number of years to get a database that is of sufficient size and quality to be able to really begin to publish data and start using it. With ten years of data in the cancer registry, we're just beginning to be able to look at some trends.
Let me mention one other registry while I'm thinking of that issue. The Michigan end stage renal disease registry, which had 20 years of operation and then was de-funded. It had just become very, very useful, because we could start looking at the long-term trends in end stage renal disease and transplants, and matching it to cancer registries to look at cancer incidence for who were on immunosuppressants and what have you, but it was de-funded.
As far as access to the data is concerned -- and I think a lot of states operate this way; I can't speak for all of them -- but we use four types of level of access. One is we publish data which are clearly non-identifiable, and in tabular form. We produce public use tapes, and we spent a lot of time agonizing over how to do this. It is not simple.
We ended up with five different types of sets of tapes that people might want to use, so that we didn't include all the data elements in any one tape. We were pretty sure, but never absolutely certain that you couldn't identify an individual. Some people wanted month of the person's birth, so if we did that, we would eliminate something else geographically, so that you couldn't try to identify people. It was an interesting exercise. We do the same thing on the birth defects registry and other registries like that.
If those two methods don't work, we would try to convince the person that we would do the tabulations for them. This worked very well until the advent of personal computers and the explosion of the software to analyze data on personal computers.
Most people did not want to work with large data sets. It was much easier for us to do it. They wouldn't make mistakes. We wouldn't be getting calls all the time about what something meant, and we were pretty sure of the data.
If that didn't work, then we had in the legislation, an advisory committee of what we call a technical scientific advisory committee to the cancer registry, and we use it for the other registries as well. It would review applications for access to data that might reveal the identity, or required the identity of an individual for an epidemiologic follow-up exam. I think Massachusetts has a similar approach.
This committee we had appointed from the research and medical community, primarily from the provider community. One of the requirements before this scientific committee would even look at the application was it had to be reviewed by an IRB first. They were not in the issue of ethics or what have you. They were interested in the scientific validity of the data.
The legislation was set up specifically so that the registry would not be misused or used hapzardly by people that are purporting to do scientific investigations without merit. This committee would review applications all the way from we get applications from Harvard, and we get applications from U of M and Ford Motor Company and Dow Chemical and students.
It would review these and either make recommendations to modify the design, accept the design, or reject the design. The committee did reject the designs that they determined that based on the type of study done, and the number of cases that knew were in the registry, they could not ascertain the information they really wanted to do.
We have turned down requests for data for lists of people with certain types of cancers. You will get these. Some of these are coming from well meaning groups, advocacy groups, support groups. These get turned down. There is no administrative use of the data required allowed by the legislation.
So far, as far as I know -- and you never really know I don't think -- there has not been any misuse of the data file that we have let out for any research.
MR. GELLMAN: George, can I ask a question?
MR. VAN AMBURG: Yes, go ahead.
MR. GELLMAN: You said that the advocacy groups will ask. They are looking for names and addresses of people. If they would come to you and say, you don't have to give us names and addresses, but would you do a mailing to these people on our behalf? Would you do that?
MR. VAN AMBURG: No, we would not. We're not in that business at all. The data were designed for public health surveillance, and for health services research and health research. They were not designed for anything else. We have been very strict about that, because once you break that line, you are deep trouble.
Now we do release the names of patients, and most cancer registries will to researchers that are authorized by the technical advisory group and an IRB board, and approved by the director of public health -- community health now.
The way we work this is somewhat like others do as well. We do not release the names directly to the researcher. What we do is to contact the medical care provider, and let them know that this research study has been approved, and if they have any objections to having their patient contacted, let us know, and they would not be contacted.
So far this has worked out very, very well. We do have physicians that say, please do not contact this patient. The patient is terminally ill, or what have you, and we honor that. This does frustrate some of the researchers, because part of a registry operation is you have a essentially 100 percent ascertainment of the cases. A lot of the studies are done for rare events, and you need the 100 percent to do your study.
I know that we worked with CDC on one study of a rare tumor in children, and it was difficult getting response on all of these. We worked around, and worked with CDC and our technical advisory panel to try to get response up without breaking our procedures or rules, because once you have done that, you're in deep trouble as well.
So that has worked out extremely well for us. I can tell you the technical advisory committee is pretty tough on researchers, because they recognize, as do most of the people that operate registries, that once you have had a violation of confidentiality or privacy, and it gets back to the governor's office or the legislation, you are going to lose your database, and it will no longer be there. So the states are pretty careful about that, and actually the authorizing legislation is pretty well set up to protect that.
One of things that we do with that registry that was not mentioned by Brenda, but very briefly, is that we add to that registry from another registry, which is the mortality registry. There are cancerous types of diagnoses that are not determined essentially until death, and so we search out from the mortality registry, all the cancer deaths. Then we have to follow back to the physician to get the data incidence of the cancer, because that is the key item, beside the diagnosis, is the incidence tape, the first diagnosis tape.
So that is a case where we have added registries together essentially, and then we match the mortality registry, the cancer registry to ascertain who has died and who is still living.
I want to mention one other thing that Brenda touched on, and I think it is a very critical problem for the future, and that is the GIS systems -- geographic information systems -- and the mapping of data, which seems to be in great favor right now.
This creates a whole different level of confidentiality and privacy, because while you are not revealing the name of an individual, how you close you map that out can reveal the identity of an individual. If you go down the block at the census tract level, you can have some real problems.
So we have been really working to try to ascertain how to best be able to display data with the geographic mapping techniques, and to not divulge confidentiality, because if you are looking for clusters, they may occur in small areas. You know that is going to create a problem.
Brenda mentioned one other issue, and I want to take the reverse of it. She was concerned about small cell size. I am concerned about large cell size. If you have a population of people in an area, let's say a county, and if you have a population let's say of Arab Americans or Hispanics or something in a population that is not large, but not small, let's a couple hundred people, and your tabulations show that 85 percent of those have that diagnosis, you have revealed identity essentially, because the probability of anyone in that community having that diagnosis is 85 percent.
So you have a reverse problem with small numbers as well, and we have been trying to work with that issue as well. It is a very interesting area, especially when you have enclaves of population groups.
With that, I will answer some questions.
MR. GELLMAN: Just to follow-up on one point that you just raised. I have the issue of group privacy kind of flagged for discussion later on this afternoon.
Let's continue on this same theme. Jan, you want to talk about it from your perspective?
MS. PLATNER: Thank you.
Well, I actually came to this from two different points of view. I am a research advocate. I'm a cancer survivor. I'm a former board member of the National Breast Cancer Coalition, which is very much focused on research advocacy. My background is as a civil rights lawyer. I am also a committed privacy advocate, and very active in the ACLU of Massachusetts in the Privacy Committee.
I came to the advisory committee of the Massachusetts Cancer Registry, which is very similar to the Michigan one, at a time of actual crisis there. This was a little over a year ago. The reason for that goes to the issue that Dr. Harding had raised.
A state legislator had filed a bill that would have required written informed consent at diagnosis for someone's information to be sent to the cancer registry. We have a mandatory reporting system that is name, address, and lots of other information.
For reasons I can't explain, no one really noticed this bill, and it went through the House of Representatives and was passed, and got all the way through the Senate, and was a pen stroke away from being enacted, and there was a great panic in the cancer registry. Of course to have that kind of requirement would certainly undermine 100 percent ascertainment.
As a patient advocate, I have some issues about whether someone needs to make that decision at the moment of diagnosis, or forever be foreclosed from being part of a registry. You might at some time in the future, make the decision that you would want to participate in research or be part of that. That might not be the moment for you to make that decision.
So we succeeded in getting that legislation off track, but it brought up a lot of very interesting issues. That was one of them, the whole notion of consent and what that means. Some of the other issues that came up -- and the reason why this bill was even filed in the first place was the issue of patient contact, and the procedures for patient contact when researchers want to do research that would require that.
I think at any given time there are probably about 12 to 15 studies going on with cancer registry information, and perhaps half of them might require patient contact. One of the complaints that was heard from consumers was that people don't know that the cancer registry exists. It's not even an issue of consent so much as knowledge that their information goes to the cancer registry.
In Massachusetts the researcher does the patient contact, and people get a call out of the blue saying we're doing this research on blah, blah, blah. Some people get quite upset. How did they get my name? Where did that come from?
So we realized that public awareness of the registry and what its purpose is was really critical, and something that is not done very well; certainly not in Massachusetts, and I think that might be the case in many other places.
Then there was the whole problem of how do you deal effectively and efficiently with patient contact, and really protect people's confidentiality? There is in Massachusetts, the researchers do the reporting, and that was a big issue. There was the whole issue of whether physicians should be gatekeepers or not, and whether that was an effective way to do it. Does that in some way impinge on the autonomy of the patients themselves? Yet, how do you protect people?
So there is a passive consent from physicians, where physicians are notified and said, we want to contact these people for instance. If there is a problem with that, tell us, and if they don't respond to that, then they are contacted.
So we have gone through quite a lengthy process, a subcommittee of the cancer registry, in trying to work out patient contact procedures. Certainly when any researcher comes to use information, the institution that sponsors that research -- they have to go through the IRB approval for that.
There are two sort of statutory approvals. The Department of Public Health has a statutory approval process. Then there is an independent research review committee that reviews that.
We have now changed the contact procedure. The cancer registry sends a letter. We have sort of circumvented the physician as gatekeeper, but left the physician as someone to raise a red flag if in fact there is a problem. Now the cancer registry will be notifying by mail, people with an opt out clause, with an opt out option for people.
We tell them there is a researcher that is interested in doing this information. We want to contact you. If you don't want to be contacted, mail this back or call that number, then they are taken out of it, and that's it, before they are actually called. So that is being instituted right now. We don't really know how well this will work yet, because we haven't worked through it yet, but we hope that will make a significant difference.
I think the other issue that has come up in trying to work through this and talking to advocates and patients is that there is a lot of concern among many advocates about the lack of educated consumers on IRBs, and sort of looking at their whole notion of what an IRB -- IRBs vary enormously from institution to institution.
There has been a lot of conversation about trying to establish some statewide IRB. Most institutions doing research want their IRB to approve it, and don't really want to deter to the approval of some other IRB. So we are trying to work through that issue right now. In the conversation the concern has been raised that there ought to be some kind of consumer-patient presence on IRBs, and that that would improve the system a great deal.
So those are the some of the issues that we are working with.
MR. GELLMAN: Let's draw on some of the expertise from our audience. Identify yourself.
MS. CLIVE: My name is Rosemarie Clive, and I direct the activities of the cancer department of the American College of Surgeons, which supports the Commission on Cancer.
I, too, am a breast cancer survivor. I wear many hats. I have a son who died of a very rare tumor for which there was no known treatment, and still isn't. I have been in cancer registration activities for 23 years, and I'm a certified tumor registrar. I throw that out there not to applaud me so much, but as the fact that there is a whole work force out there of professionals who sit for an examination, who are skilled in the management of data, disclosure issues and other things, such as confidentiality.
I bring these things forward to the committee, and I would like to comment on what we once called hospital-based registries, have now gone to a more germane term facility-based, since the changing pattern of health care could see that a registry could be just about anywhere, including physicians' offices.
I hope that the information will be useful, because these registries play a pivotal role in cancer registration. They really provide an infrastructure today to support data acquisition for cancer surveillance; clinical trials; the clinical decision-making that was mentioned earlier by Dr. Detmer; the quality assurance, which is something that everyone is trying to get their hand around, what is quality in health care; and outcomes research.
The College of Surgeons, the first year after they were established, set up the Commission on Cancer, and their first charge was to look at the efficacy of the management of uterine cancer using either surgery or radiation. In 1930, when registries first surfaced, the College established an accreditation program to review hospitals which manage patients with cancer, which diagnosis and treat patients, to determine that they meet certain criteria to assure that the quality of care could be administered there.
That infrastructure that was established then has now led to nearly 1,500 facilities approved in the United States. We are finishing an arrangement with the Joint Commission on Accreditation of Health Care Organizations where there would be reciprocity for the review of the cancer program with that organization.
Registries became part of an accredited program in 1956 formally. Today, that system that is in place, we fear that if hospital-based registries, facility-based registries were no longer in vogue, they would really -- to abandon them would collapse an entire support system for these activities, including the state programs that were mentioned earlier by Dr. Edwards and by Dr. Wetterhall.
These hospitals, these registries in these facilities are voluntarily put in place by the institutions, and therefore their support is taken care of by the hospitals. So that it's a contribution to the state programs to provide this data upward, which would make it very cost prohibitive if these registries were no longer able to do their activities.
A major activity of the committee, and the one why I wanted to come here today when I learned of this meeting is follow-up. It was mentioned earlier too that it is important that the registry-to-registry communication about patients, because they do go for care one place for surgery, someplace else for radiation. Today we are making them go one place for an x-ray and one place for a blood test, and one place for the surgery, et cetera.
So it is important that registry-to-registry communication is allowed to continue, and also registry to the patient's physician communication in order to have complete case finding, abstracting, and in order to report these outcomes and these quality assurance measurements.
We can't make statements about cures, or the efficacy of one treatment over another unless you follow that patient for the patient's lifetime. So that annual follow-up is a great burden to the institutions, but they do it in order to assess their own quality. Not just their volumes, but their quality, the pattern of their care. They can get it from the facility level. They can look at it from the procedure level. They can look at it at the treatment level, and even at the physician level.
So many activities center around the registration, including that of the American Joint Committee on Cancer, which sets the standard for one staging system in the United States. As Dr. Edwards had mentioned earlier, we are working with AJCC, which we administer as well, and this National Coordinating Council for Cancer Surveillance to try to work out the differences in one staging system over another, or one data item collection over another.
The AJCC now is working on systems with other research scientists in their own networks, so that someday all this registry data will be available with other parameters that would be able to determine what is the best prognosis for a patient who meets certain characteristics, has certain values in their lab tests; should one arm of treatment be used or another?
So it's important that registration is allowed to continue. Obviously, we want to protect the individuals, and I think the confidentiality mechanisms that are in place in registration is a very integral part of the certification process I mentioned earlier. That are ten areas that are looked at during the certification examination, and I would be happy to share that information from the National Cancer Registrars Association.
MR. GELLMAN: Could you talk a little more about the certification process?
MS. CLIVE: The National Cancer Registrars Association was founded in 1974, under the sponsorship of many of the organizations that were mentioned by Dr. Edwards. That organization has about 1,780 member or so -- say 2,000 members. They set up an accreditation exam as an independent entity, separately incorporated for registry certification; certification of cancer registrars.
There are certain qualifications that one must meet in order to sit for the exam including a certain length of experience, education, and other things. We didn't grandfather -- grandmother mostly, because we're all women practically -- we didn't grandmother or grandfather anyone in. Even those of us who wrote the initial exam had to wait several years before we could sit for an exam. By that time the exam had changed dramatically.
So that the certified registrars must sit for the exam. It is about a day long written exam. Those who pass are awarded the credentials CTR, certified tumor registrar, and they must maintain a continued education. In order to maintain that credential you must meet 20 hours of CE every two years. That's an ongoing thing, or you must re-sit the exam.
MR. GELLMAN: What are the skills that you have to demonstrate to pass?
MS. CLIVE: Medical terminology, staging, abstracting, things about medical records, confidentiality, those types of things, statistics. I'm blanking on the other eight, but it is in the realm of the whole scope of things that are covered under the umbrella of being a registrar.
DR. EDWARDS: I think what Rose has said is the leadership for trying to move toward a professional organization certification really came in part out of staff we had at SEER, and those in the field, as well as the College.
I brought along a number of books just to let you know that cancer registration -- sort of what lies behind it, and it is a discipline and a practice. It actually has been out there quite some time. Just three books within the last period of time -- there is one on cancer registration principles and methods. It is an international publication, because cancer registration actually occurs throughout the world.
A number of workshops are held through our various organizations or the umbrella groups for which we sit and talk. Here is one called, "Central Cancer Registries: Design, Management, and Use." It is within the last few years. One of which Rose is also a co-author of some the chapters here, and is from the National Cancer Registrars Association called, "Cancer Registry Management Principles and Practice." It covers a wide range of topics, including confidentiality.
So I brought that more, not to try to ask you to be familiar with it, but just to let you know that this is a discipline, is a practice, is a profession. Those engaged in it have actually -- it's been evolving. It actually is where it is today. It will continue to address the changing the needs. She has certainly been part of that history and writing it, and practice and implementation.
DR. SCHWARTZ: You mentioned some concern about adding some parameters to registries, and doing neural analyses. Could this in part be related to developing patient profiles, and trying to make predictions for prevention?
MS. CLIVE: We would not be using data from specific hospitals in terms of asking these hospitals to contribute. There are databases such as the SEER database, and the database from the North American Association of Central Cancer Registries. There are clinical trial databases.
What I know about neural net you could really write on the head of a pin, but I am assuming these databases are trained to answer certain questions. It is a super-duper computer. The expectation is -- and I hope I'm on a beach by the time this happens -- is that a practicing clinician will have this in his or her office, and be able to say Mrs. Jones, your test came out such and such. With your age and your type of tumor and your histology, we could treat you surgically and you will live 25 years. That kind of thing.
DR. SCHWARTZ: That information would be developed through table analysis development.
MS. CLIVE: Through table analysis, not individual cases. I have learned since yesterday's meeting the word "identifiable" as I understood it, and has the committee has described it are two different words.
This is a little caveat on Dr. Detmer's story. You must have made tremendous inquiry, because the College did their first patient care evaluation study in 1976, which is set up for the annual studies, and it was on the relationship of oral contraceptives and liver tumors.
DR. DETMER: In fact, I made that recommendation to the College, and they followed up on it.
MS. CLIVE: We've been doing it 20 years later.
MR. GELLMAN: Thank you very much. I think it's time to take a break. We will come back at a quarter of.
[Brief recess.]
MR. GELLMAN: We're going to move on now and talk to some of the other people here who ware involved with other kinds of registries. I think perhaps we'll begin with NORD.
MR. LANGAN: Well, thank you.
As I mentioned in my introduction, the North Organization for Rare Disorders is itself a voluntary health agency. It is a non-profit organization that is governed and run by patients and patient advocates. We are a federation of 140 patient advocacy groups.
So what I would like to do is really begin by talking about the voluntary health sector, and many of the organizations that make up NORD; and then talk a little bit about NORD's own experiences and the information that we maintain; and what our experiences have been in collecting that information; the type of information, and how we handle any type of disclosure of that information; and what we see as either the benefits of the privacy that we can provide to patients; as well as some of the concerns of where that information goes when it leaves.
To begin with, most all patient advocacy groups that we work with are relatively small. They represent and work on the behalf of people with rare, usually genetic diseases, as I mentioned. Many of these groups started to look at issues of unmet needs, much of it obviously that involved medical care. That perhaps many either adults with the disorders or often parents of children with the disorders were finding that there was really little medical treatment available, and the medical community was not able to offer much hope.
So many times these groups were formed sometimes at kitchen tables, and first sometimes just to provide a shoulder to cry on, really self-help support and networking of families with similar experiences.
I think secondly, many of these groups recognized that as a collective organization, they could play a role in promoting greater medical research, either by funding for it, advocating for increased funding, or cooperating in assisting researchers, whether it is a private researcher within a corporation, or whether it is an academic researcher that may be funded with an NIH grant.
What is very important about these organizations, I mentioned they are comprised of patients, but they are also governed by patients. I think that is a very important thing to note, because as they develop databases or information, sometimes it is just for a mailing list or a membership list. This turns into what can be a registry of patients with the disease, or a registry of families with heredity disease.
Whether it is a registry, whether they call it a registry, whether they call it a database, whether they call it a membership list or just a mailing list for their newsletter, they often find that people from the outside of their organization need that information. Many of these groups have a lengthy process of deciding which requests for use of that information, are valid or may not be valid.
Generally, all of these organizations operate through basically an unwritten code of ethics, that they do not give out the names of their patients. This is something that NORD has adhered to, and we do maintain a very extensive repository of information on individuals. We do have names. We do have addresses. We do have telephone numbers of hundreds of thousands of people with rare diseases.
Now generally, the people in our database have contacted us and have provided this information voluntarily to us, and use us as their support group usually because they have such a rare, or such a true orphan disease that they may not have a voluntary health agency that has been established to work on their behalf.
Many of our groups -- some are large. You have heard of them; the Epilepsy Foundation of America or the Multiple Sclerosis Society, or some of the larger groups. There happen to be smaller groups. I was just noticing upstairs when I went to get something to drink during the break, there is a meeting of the Blood Safety Committee at HHS. I took a quick look at the attendance outside on the table, and I think probably a half dozen of our member organizations are up there; people like the National Hemophilia Foundation, or the Immune Deficiency Foundation that are interested in those blood products and their safety.
Those are the types of organizations that govern our staff, that govern our operations and how we handle the information in our database. My board of directors is made up of usually the chief executives of such organizations -- the Tourette's Syndrome Association, or the Guillame-Barre Foundation, or even smaller groups such as Cystinosis Foundation, which is a very, very rare and often kidney disease in children, but it only afflicts about 300 children in the United States.
We often have requests for the information. Usually it is from researchers, usually scientists at academic facilities, often from drug companies that may be interested in enrolling patients in clinical trials. Or it may for health services research.
Generally, when these requests come in for access, if they want to know sort of a specific patient population, and look at some of that information, we have a policy that we do not give out those names. We do not make that information available to anyone.
What we do, however, is we send those requests, if they are a biomedical research request, we send them to our medical advisory committee, which is made up of a diverse group of experts, usually people that I would consider not just specialists, but really subspecialists in many of these rare diseases. They are located at some of the most preeminent academic institutions throughout the country, generally.
They take a look, and generally recognize whether it is a valid request or not. Then what we do is we share that information with the community. Either we will send a letter directly to the patients on our database that says, here is a scientist who wants to answer these type of questions, and if you are interested, then you make the direct contact with that investigator.
If I can give you one example, several years ago we were conducted by a CDC investigator who was trying to find the cause of a very rare, unusual disease. This was a disease that all known cases that the CDC was aware of were actually in the Southwestern United States. They had a handful of these cases.
They asked if we had any cases in our database, and we actually had several dozen. The difference though is that the several dozen we had were not specific to one geographic location. They were actually very geographically dispersed.
We notified all of these people in our database. We said this guy at CDC is looking into the cause of this condition. If you are interested in cooperating with his research, here is telephone number and address. Give him a call.
Most of those patients did, and through the links that were made between that CDC researcher and the questions that were asked of those patients, they found the cause of that condition. It happened to be that all of those patients had one thing in common. They were all taking a nutritional supplement known as L-tryptophane as a sleeping aid.
Many of them, when they got back to us, realized that when they were going into the hospital for this rare form of myalgia, which they were experiencing, they often took their sleeping aid with them, because they were afraid they weren't going to be able to sleep in the hospital. That was one of the ways they were actually able to identify this side effect.
MR. GELLMAN: Can I ask just generally about these patient contact activities. Do you have any broader sense of how often patients contact the researchers when they are notified of this?
MR. LANGAN: We find that generally it is quite often they do. Most patients are very, very eager to assist in any way they can. If they are a parent of a sick child, if they are a person who is personally affected, they are very eager to help out.
One of the things that many of them say, and I think more and more, especially as sometimes the hot button issue about privacy and exchange of information is a new area of technology in the area of genetics. A lot of these diseases are genetic disorders, and very often when people now are asked to have some sort of genetic screening or enroll in a genetic test to get more information about that disease for research, we are finding very often that they are concerned.
They are concerned that they may be very, very healthy people. They are concerned that if they have the genetic mutation, and they do not actually have any symptoms of the disease, what does that really mean for other issues for them? They are concerned about losing health insurance. They are concerned about their employer finding out, and discriminating.
Huntington's disease interestingly enough, as I mentioned, many of these groups form around a kitchen table of mothers and fathers of sick children who say they need to form an organization. When NORD was originally formed, we were headquartered in New York City out of the Huntington's Disease Society of America offices. Eventually our staff grew too big, and we had to get our own office space.
There is one genetic disease, one of the first genetic diseases with a clear link, where they could test for that mutation. That population has seen a great deal of fear among family members who are concerned about getting tested for that genetic condition, particularly because they don't want to lose their job, and they don't want to be denied health care.
I think that one of the most interesting things about the database that NORD maintains is again that it is voluntary. We actually don't go out and ask for this information. We don't even turn to various state health department registries or any federal registries and say, give us some information. This comes in, because people want to provide this to us.
They do it, because they have a great deal of trust. I don't exactly know how to put a finger on how that trust was developed, except that through experience we don't give out those names. We don't share that information. When they give us their names, their name won't appear on the front page of their local newspaper for instance, because of our involvement. That's for them to decide if they want the public to know that, or anyone outside to know that.
What I think is very, very important -- and I know that yesterday there was much discussion over medical records and medical information that is personally identifiable. Is it possible to mask those personal identifiers so that you can have exchange of information?
It seems that that is perhaps the sticking point; that you can mask it in one way, but eventually if you are smart enough, if you have the technology, you can decode that, and get to the root, and get to those answers. I think one of the important things is that still remain very little safeguards to even ask people to try to mask that information.
I was trying to think if I could give you some sort of idea as to whether all of the patient organizations in the voluntary health sector do a good job. I would say some do a better job than others about keeping that information confidential. Some clearly do not. There are patient groups or supposedly patient organizations that actually sell their mailing lists.
If you have enough money, you can go to the March of Dimes, Muscular Dystrophy Association, and you can buy their mailing lists. Very often this is used for various marketing purposes. That is something that we feel is wrong. If a patient organization is being true to the people that they represent, and especially if they are collecting that data under the expectation by the patient that it is going to remain in the hands of the people that the patients gave that information to.
I am very interested to hear what I think a lot of the people at the table yesterday, to see what often federal government's role, whether it is the Census Bureau and data collection, and looking at epidemiology and the National Center for Health Statistics and other organizations do. We do want greater information collected.
We think that there should be a good exchange, first of all, for epidemiological purposes. A lot of organizations would like to go up to Capitol Hill. I talked with a group yesterday, the National Foundation for Ectodermal Dysplasias. They are one of our organizations. They are testifying this afternoon before Rep. Porter's subcommittee that funds HHS and NIH, obviously saying that there need to be more funds allocated for biomedical research, and perhaps in particular their condition.
Very often they have a difficult time even making their cases in those advocacy efforts, because they have a hard time saying how many people in the country have been diagnosed or may be at risk for their condition. There needs to be more data collection.
Unfortunately, even the federal government and state agencies do not collect enough information on these conditions, and that's why patient groups start. That's why patient groups collect this information on their own. That's why often drug companies will turn to us and say, can you link us up with patients?
It is true that a lot of these organizations have been very much involved in looking at issues of clinical trials. While they want basic research conducted, they want clinical research conducted. What they want in the end, and the reason that we worked so hard to get an orphan drug act turned into law was that they want effective treatments that are available, that will be reimbursed by insurance companies, and that will really help them, perhaps not cure their disease, but become a standard effective treatment.
In order for that to happen, the whole process of clinical development of these products and these therapies does involve linking the investigators to these patients, and having this research go on. We get contacted every day by scientists, by companies that are doing research that say we are right at the brink of going into human clinical trials.
One of the problems is we need enough patients enrolled in the clinical trial. There is a lot of concern. You can't just go down to one institution in one metropolitan area and find that many patients. So often they are geographically dispersed. So that type of information is very, very helpful.
A flip side of this which may not be an issue for this panel or much discussion regarding privacy, but one of the things that we have advocated for is that patients are also made aware of those clinical trials. The National Cancer Institute operates the PDQ system. The Public Health Service, through a collaborative effort between CDC, FDA, and the NIH runs an AIDS clinical trial database that can be accessed.
Generally, however, those are the only two established at the federal government, clinical trial databases that are made publicly available. We recognized this several years ago, and have worked with NIH. Last year they were able to get up and running, a rare disease clinical disease research database, which is now operating.
Last year we advocated for a national clinical research database on all clinical research on serious and life threatening diseases that could be made available. That way, the patients themselves have a central place to turn for that information. Very often there may be -- particularly for a rare disease -- there may be a clinical trial going on down the street at Georgetown Hospital, but if they don't know about it, they have no opportunity to enroll. That is a big issue for patients that may not have any approved treatment.
I think generally getting back to the issue of confidentiality or privacy, we do look at it from the perspective of a very practical approach. It is wrongful for this information to be used to discriminate for health insurance purposes or for employment. It is very disturbing -- I know that we focused a great deal yesterday on how these registries operate, or how the data collected by state or federal agencies is contained.
I think we also need to look at the private sector. It is very disturbing that each of us in the room, when we go down to the CVS or some other drug store and have a prescription filled, that every time we get a prescription filled, our employer can get a print out list of all of our prescriptions. That is very problematic. It is very interesting to hear that we heard from a company yesterday that is in the information collection business, working with pharmacies, and obviously working with the pharmaceutical industry.
Currently there is no federal law that says they can't collect those names. Much of these policies are policies maintained by individual companies, or by individual registries, or state institutions, or academic facilities and scientists, or patient groups. Generally, these are all unwritten code of ethics.
That is one of the reasons that we think that perhaps it is appropriate for the federal government, either through the HHS and the authority of the secretary, to look into greater privacy protections or the Congress to do so.
MR. GELLMAN: Thank you. Let's keep going on this theme of genetic stuff. Susan, do you want to pick up from there?
MS. MIZE: Thank you, Bob.
Since 1989, the Metabolic Information Network was established. It currently is a not-for-profit organization as a system for sharing reported data on in-born errors in metabolism. For the most part, these are all the same rare disorders that Michael has just spoken to.
Between 1989 and 1993, NIH supported the development of this registry and database. The system really has proven very useful as a resource for research investigators, professionals caring for patients, and patients seeking access to treatment, but primarily it is a professional database where the case and other information is provided by the physicians, and it is used by professionals, and I'll go into that in a few moments.
To date, over 400 physicians have participated in the MIN, the Metabolic Information Network. Most of these are metabolic genetic specialists, and they are from the United States, Canada, and Mexico. So it basically right now is a North American case registry.
We have a group of international and national experts in the area of metabolic disorders who serve as our advisory board, and they rotate every three to four years in terms of serving on this board. They have been extremely instrumental in the initial formation of the registry, and setting policy for who uses the data, and how data is to be submitted to the register, and without them there would not be a register.
It is a volunteer register. In other words, the physicians don't have to submit information. They do it on their own, and in this day and age I think it is fairly remarkable, the success we have as a volunteer registry supported by professionals.
We have three basic initiatives. The first is a case register for selected metabolic genetic disorders. They represent 13 disorders for 86 diagnoses. These cases are like the biotin defects, homocystinurias, maple syrup urine disease, the urea cycle disorders, organic acidemia, PKU, et cetera, et cetera. We track these cases on an annual basis for their status and outcome assessment.
We certainly collect identifiable data. We do not maintain the patient name or address or zip code. The physician provides us with information on that case, and he provides us with his identification number. If we get a case in that has a patient name or initials on it, we then send it back and request that they provide us with their identification number on it.
Otherwise, the database has a core set of data that includes the date of birth, month, day and year; place of birth; the diagnosis and the confirmatory tests performed; the diagnosis year; the date last seen; and outcome assessment at that particular time.
The outcome assessment schema was developed by the scientific board, and also the nomenclature for defining these disorders -- they spent a very lengthy time, two years, in coming up with the definitions for the disorder to be included in this particular database. So that when a physician or researcher asks for the information, they can pretty much be assured that they are going to get the cases that they are requesting, and they are not really comparing apples and oranges.
How is the case register used? Anybody who submits cases to the register may make an inquiry of it, and what we do is we provide them with a list of the physicians who have submitted the cases to the MIN. Then they go to the physician and request the data that they want for their particular research study.
So why do we collect this database of information? Well, we do aggregate statistics. It is a pointer for these cases, and where they may find additional information. The aggregate reports that we put out on an annual basis have provided some very interesting data that has been followed up by various and sundry researchers.
Not only do physicians submit cases to the MIN, but in order to increase our ascertainment for these disorders currently 88 percent of the state newborn screening programs submit information to us in the format of we have seen in the lab, a case that potentially may be a PKU or whatever the state is screening for, with this birth date, gender, ethnicity code, and diagnosis, this physician may potentially be seeing that patient.
What happens is that every time a case comes on the database, we check it and have a very detailed duplicate algorithm that it passes through. So if we make a match based on that, we then will have identified the case that the newborn screening program has submitted to us.
If after a given period of time we still don't have a match for information, we then will -- if the physician is not one of our participating physicians -- we will send them a letter telling them about the MIN, and whether indeed they have seen this particular case, and would they be willing to participate. Otherwise, if it is a participating physician, we will send out a letter to that physician saying newborn screening has identified this patient. We have not heard from you. Are you seeing them, and will you provide us information?
The third source of information --
MR. GELLMAN: Before you get to that, can I ask a couple of questions?
MS. MIZE: Yes.
MR. GELLMAN: How did you arrange to get information on newborn screening? How did you pull that off?
MS. MIZE: We go the individual state newborn screening directors.
MR. GELLMAN: Maybe I should wait on that.
DR. PANNY: We'll answer it together. She asks us. Some of us gave her an awfully hard time about how this information was going to be used, and how privacy was going to be protected before we were willing to submit information. I do not submit information on presumptive positives. I only submit information on true positives who have already been through my diagnostic system.
Our physicians must get informed consent from the patient before they report any medical information on the patient. But yes, I do submit to the MIN, because I am a participating newborn screening program. The presumptive diagnosis, the date that the individual was born, and the physician that I know very well is taking care of this child, because I have a very extensive follow-up system for my newborn screening system.
MR. GELLMAN: You do this with consent?
DR. PANNY: No. Any medical information that would be provided by the physicians who are in my state network, they would have to get informed consent from the patient for providing the information, because we are a very tight state for confidentiality laws, to the Metabolic Information Network.
Our state newborn screening program, which I'll tell you about later, operates with informed consent, but it is not a very detailed informed consent. So while people know that I will be using information, and in fact even residual sample for further research, and that I will not be able to get back results to them, they do not know exactly always what things that we are working on at the moment, or exactly which systems we are working with.
MS. MIZE: This third source of case identification is through reference labs, and works as the same model for newborn screening. Of course those labs are increasing in number these days with the genetic testing facilities available.
Last, but not least, our patients and their families per se. This is where we work very closely with NORD. Here NORD identifies a support organization. We write a letter to them, telling them that we are following this particular disorder, and would their advisory board approve a letter being mailed by them at our expense to the patient, explaining what we about, and would they provide information and the physician who is caring for their disorder to us, with all the signed consent procedures in place, and IRB approved.
The primary purpose of asking the patients to provide the information is do we have that patient on the database, but for tracking. Since we do annual tracking, we are finding particularly within the last two years that we are losing a number of patients due to the HMO system. They are not being seen by the metabolic genetic specialist. So then the patient is able to tell us where we can go to get information. Even then, it's very difficult to get some of these HMOs to help us, provide us with two or three pieces of information for annual tracking.
The second initiative is a physician director of 200 disorders. Michael spoke about 5,000. These 200 represent probably 85 percent of much of what is being seen in the metabolic clinics these days. They are not the rare, rare ones that Michael is talking about that they are placing their names on the NORD database.
The purpose of the physician directory is that we send out a survey every two years, and we ask our physicians to tell us how many cases have you seen of this disorder, and have you seen any within the past two years? So if a physician makes a call to the network, and they say I think I have this diagnosis, or who has seen these kinds of cases recently, we will then put them in contact with those physicians.
Our third initiative is a listing of worldwide genetic metabolic patient registries and databases. Back in 1988, the World Health Organization attempted to set up an international registry of metabolic disorders. After a conference in Denmark, that proposal did not take off. Primarily when we talked to Charles Scriber(?) and World Health Organization personnel, probably because people were reluctant to place information into a single database in which they did not have control over that database.
In 1992, I held an international workshop here in Washington, supported by NIH, FDA, and the World Health Organization, where we discussed this information. Is it feasible to have a metabolic genetic registry with the kinds of information that you participate in?
There were 38 countries represented at this meeting. The thesis that I proposed was that you all have your different databases, but if you can be assured of collecting a minimal group of data items, the same minimal group that we collect at the MIN, and then under defined conditions, that when research was requested on that particular disorder, we could go to the individual countries, and they would be more willing to submit the information, knowing how it is to be used.
That program never really took off, however, in its place we have started a database of registries to again point to databases around the world that are collecting information. We collect information as to what are your diagnoses that you are collecting based on ICD code or Macuzik(?) code, so we know what we are talking about. For what time period you are tracking these cases? Do you have outcome assessment, et cetera, et cetera? This information is going to be made available on the Web through what I would call a private bulletin board.
MR. GELLMAN: How many registries have you found?
MS. MIZE: Right now I have over 100, and I think that is small.
DR. DETMER: I want to follow-up on that. There is an old line, a difference is a difference if it makes a difference. Kind of what I'm interested in, is there a lot of duplication of these registries?
MS. MIZE: We cannot say that we're seeing unique cases. I would say the case register that we have for the MIN, I can tell that that's probably 97 percent unique cases that we have on that database. A database or a physician directory, those are obviously duplicate cases and they should not be used for incidence or prevalence or that kind of information.
The prime purpose of that is to be a gateway and a pointer to where can you get information, because these disorders are so rare that no single physician or group of physicians or researchers are going to see, as you well know, that many cases. So we are just trying to spread the network, and find out where can you possibly find cases for your clinical studies.
DR. DETMER: Part of why I was asking that was this comment about more recent HMO behavior. I was figuring well, do they have another thing they are doing that is somehow dealing with this? Would you care to comment a little more on that? That's a very interesting observation. What do you know about why they aren't doing this, or why it's an issue?
MS. MIZE: I think they are being seen by the general primary care pediatrician or family practitioner.
DR. PANNY: Or nurse practitioners.
DR. DETMER: Are you saying we're dealing with a quality of care problem here?
DR. PANNY: Yes.
DR. DETMER: I just wanted to make sure I heard that and that others heard that, because that's a very interesting, serious observation.
MS. MIZE: I think Jess Tanney(?) is trying to spearhead a project just to quantify and qualify what is happening to many of these patients that are being lost to HMOs -- Dr. Tanney from Michigan.
MR. LANGAN: Thank you for mentioning that. I was just thinking about that. That is perhaps an example of health services research or quality assurance or outcomes measures that a lot of these databases can help quantify or identify. The example that Susan just gave is a researcher at the University of Michigan, Dr. Jess Tanney, who is looking at issues, and has used NORD's database of patients to survey and send questionnaires directly to the patients, with our assistance, to ask such questions as how many years did it take for you receive a proper diagnosis?
Generally, how many times a year does your rare disease require hospitalization? Or, how many miles do you have to travel to be treated, which I think is very interesting, because as you mentioned, when many patients first go through their primary care physician, they don't receive a proper diagnosis, and they very often have to travel halfway across the country to get that.
That is something that with the increase of managed care, prohibits many of those patients from getting to the specialist, from getting to receiving a proper diagnosis. Without a proper diagnosis, they can't enroll in a clinical trial. They cannot even be prescribed the proper medication.
MR. GELLMAN: Nelson?
MR. BERRY: Back to our issue of identifiability, what Ms. Mize's considers non-identifiable, we consider very much identifiable.
MS. MIZE: I did not say it was non-identifiable. I said that every piece of information we collect is identifiable, but we are not responsible for disseminating the information. If a researcher wants information on a particular disorder, we point him to the physician or physicians who have submitted that case information. It is the responsibility of that physician caring for the patient to provide the researcher with the information.
MR. BERRY: I was talking about when you were talking about your database. You said the date of birth and zip code and that kind of -- we consider those identifiable data.
MS. MIZE: I don't disagree with you, but the purpose of that is for research, so that we will have the ability to have a unique database and match it against -- it is not for public use.
DR. PANNY: When we originally started contributing to this database, we thought of that as essentially not personally identifiable data. If there is one thing that was made very clear yesterday, there is absolutely no data at all that is absolutely 100 percent not identifiable if somebody wants to take the time, the energy, the technology, the money, and so on to match with many other databases.
But yes, we did not think we were telling Susan's program that little Billy Jones who lives on 342 92nd Street has this disorder. We thought we were trying to help her figure out how many cases she should be looking for, which then would have information released to her on the basis of informed consent by the patient. That is not true, but that's what we thought we were doing.
MR. BERRY: Which focuses on the problem of one person's interpretation and another's, which we are struggling with since yesterday morning.
MS. MIZE: That is very true, and that is why the scientific advisors are very concerned that this be used just by professionals, and that there is not public use or access to the database.
MR. GELLMAN: We started out this morning talking about cancer registries, which have a statutory basis in some or all places at least. Then we talked about what is effectively a registry that was started by and run parents or patients, however you want to characterize it.
Your registry was started by physicians. Can you talk about what are the factors that go into the decision to start a registry?
MS. MIZE: The background to the MIN was that in 1985, Congress appointed a commission on orphan or rare diseases, a study of rare and diseases. In 1988, this commission produced a report. One of the key recommendations was the need for registries as a resource to help provide patients for research purposes. So that was very much of an impetus in starting this.
Two, I had been involved when I was on the faculty at UP-Southwestern in running the scientific computing facilities in the development of the PKU database and on the maternal PKU database. Funding for that ceased, and NIH was very interested in keeping up the registry for PKU patients.
Three, through the Society of Inherited Metabolic Disorders, organization SIMD, a group of physicians were very supportive. The combination of these three factors and NICHD wanting to fund such an activity, put together the program to develop this volunteer database.
MR. GELLMAN: Do you have long-term funding?
MS. MIZE: No, I do that on a year-to-year basis.
MR. GELLMAN: So if one or more of your funders decides they are not interested anymore, you're threatened?
MS. MIZE: That is true.
MR. GELLMAN: Why don't we --
MS. REGAN: If someone has a rare disease, how many databases are they likely to land in?
MS. MIZE: Clearly more than one.
MS. REGAN: Sort of take one like this maple syrup urine syndrome. How many databases are there likely to be?
MR. LANGAN: They are likely to be on our computer.
MS. MIZE: They are likely -- oh, I would say eight or nine that I would know of, then you have the reference laboratories.
MS. REGAN: And something like fetal alcohol syndrome, which is on here, you are then going to get some duplication?
MR. LANGAN: I think fetal alcohol syndrome, which may indeed have its own voluntary health agency working on its behalf, that may be a different circumstance. I think two other examples come to mind. Take for instance Lou Gehrig's disease. We work very closely on behalf of those people with ALS, but they have a very old, established organization in California, the ALS Association. Most likely that this is the primary registry for ALS, and generally what we would do is make sure that all these patients are networked with that organization.
Another example is Cystic Fibrosis. It's about the same size population as ALS in fact, where they have a very strong, longstanding organization that also has name recognition, so people often know to turn to those groups first.
Clearly, some of these other conditions, urea cycle disorders and other, people don't really know where to turn, and may hear that we exist in Connecticut.
DR. HARDING: Do you consider yourself a registry?
MR. LANGAN: I think that's an interesting question that Dr. Gellman raised at the very beginning, is how do we define a registry.
DR. HARDING: People ask to put their names on your -- there is no screening or active going out after people. They have come to you. They are self-proclaimed. You don't know if they have that disease. You accept that as their word. Looking at some of these like chronic fatigue syndrome and so forth, those may have mixed diagnoses. The physician maybe didn't quite agree with that, or not, so they declared it to be chronic fatigue.
So it gets murky as to in my mind, just thinking here off the top of my head, and looking at George's article and so forth, it doesn't sound like a registry. It sounds like a volunteer organization to help a group, instead of a registry more of a legal and referral patterns that are set up in the other situations.
MR. LANGAN: That's a good point. We actually do not call our database a registry. We consider it our patient database.
MS. MIZE: As a matter of fact, that's one of the reasons we changed our name from registry to Metabolic Information Network, because are dealing with databases of information. I'm sure Bob will get into what is a registry.
MR. GELLMAN: Whatever you want it to be.
DR. WETTERHALL: I think one of the issues that this is reflecting is incentive. I actually would call these registries, but not to digress into that at this point. As I'm sure George and other people can tell you, getting people to report things to you is very difficult. It is like herding cats in many ways.
All states have laws that require reporting of certain diseases to state authorities, and yet we know that unless there is some incentive, oftentimes reporting rates dip down into the 20-30 percent range of all cases, despite the fact that these physicians and others are technically breaking laws and regulations.
I think what we are seeing is clearly interest on the part of patients who have rare diseases to join a registry. I think that is really the difference here. I personally don't have any problems with self-referral provided that there is some means of case definition and case confirmation, and that is more from a scientific standpoint than perhaps the purposes --
MS. MIZE: Well, ours very definitely. No case goes into the database unless it is confirmed with a confirmatory test identified, and the diagnosis per the definitions that the scientific advisors have provided.
DR. WETTERHALL: Right, so they've got case definitions. I just think it is an issue of where is the incentive. In this case it happens to be with the patient.
MS. MIZE: In this case it's primarily by the physician.
MR. LANGAN: Confirmed diagnosis is actually something that we have in our database. For a given individual, we have whether or not there has been a confirmed diagnosis by a physician or not. Again, it is all self-proclaimed by the patients.
MS. MIZE: If you are going to do research, you develop your own protocol, and you need to go to the source for information.
DR. ROHT: Just to answer Chris' question, obviously every medical database, whether it is a diagnosis of these particular disorders, that they would have the information, ICD codes, other types of coding systems. Any procedures that were specific to a particular disease could also be identified through these large, administrative databases that are developed by managed care organizations, by HMOs, by Medicaid, other very, very large organizations.
Finally, you have professional interest groups, for instance if you have a medical society that has a particular interest in a disease, and they may have groups of physicians in that medical society informally setting up research programs, research studies, and obviously they will have to have some sort of database, but it begins to expand dramatically beyond the particular organizations that were mentioned.
MR. GELLMAN: Let's continue on the genetics and the Susan theme. Go ahead.
DR. PANNY: In genetics, we're a relatively small community. Our community includes the medical professionals who care for patients with genetic diseases, many of which, although not all of which, are rare. We have a very strong alliance with those patient populations.
We kind of all know each other. I would submit that almost any collection of data that we have is a registry. None of the things I'm going to talk about do we call a registry, but I think that as has been emerging today, a registry really simply is a list of identifiable entities, whether they are cases or individuals, that were collected for some common purpose. They have something in common.
So if you are collecting cases of X disease, that is a registry. If you are collecting births, that's a birth cohort, that's a registry. It is birth registry. So I'm going to be using a very, very broad definition of registry. I think as we said before, we have come to the conclusion that basically any data that you collect on the individual is identifiable at some level, or there is some risk that someone could identify it, no matter what you do.
I would like to say something about genetics in that I think things are a little bit different with genetic disorders than they are with some other disorders. First of all, we do have the rarity issue. So if you are going to talk about various kinds of techniques that talk about having a large bin size, forget it. We have the constant problem of N.
The other thing is that when you know something about the genetic composition of the particular individual's genome, you also know something about people who are close blood relations. So this is an additional concern.
We also think that we need to point out that what the motivation is of people who are in the health professions, who are part of the genetics community. Basically we wish to understand these disorders. Many of them are not very well understood yet.
Why do we wish to understand these disorders? So that in fact we can decrease the burden of these disorders to patients. So we can improve the quality of life for patients. We really are interested in understanding the disorder so that we may provide good diagnostic and long-term treatment services.
As you say, this is an unwritten ethical code. So I think you need to realize why it is that geneticists are in the business of collecting data. It is not really different, except for those few little considers, any kind of medical research. I think Dr. Korn talked about that yesterday very clearly.
The other issue that I would like to bring up is the issue of discrimination. I think that privacy and confidentiality and discrimination issues are very closely related, but they are not exactly the same. Our main concern, while we value privacy, while confidentiality in the ordinary medical ethics sense is very important to us, our biggest worry is discrimination; that any data that we have might be used by somebody to discriminate against one of our patients to that person's detriment.
We think as long as there is a profit motive, or some reason that it is to someone's advantage to pry into somebody else's private business, we have a problem. I think if that were removed, that many of the problems that we see around privacy and confidentiality would get back to their sort of normal low roar. Not that there are no issues there; there are issues there.
This is people's private business, and it is their private information, and they certainly are the people who have the right to decide who should know things about them, and who should not know things about them, subject of course to the limitations of living in a civilized society. You are not allowed to be a carrier of some contagious disease and go around without being concerned about that. Other people in this society also have some rights. I think the problem really is discrimination, and not so much privacy and confidentiality.
So now that I have said all of that, let me tell you a little bit about the kinds of things that we do at the state level, which are a little bit different from the kinds of things you saw for instance in the SEER program, although that is a somewhat different group of disorders.
We have a number of administrative and clinical databases which we do not consider registries, which we did not set up to be registries, which nevertheless I think can function as registries, and in fact do function as registries in some of the senses that we have heard about other registries functioning.
One of these is our newborn screening database. Maryland is unique in that it requires informed consent for newborn screening. Newborn screening in Maryland is entirely voluntary. The kind of informed consent that we get for this process is a very simple goodwill kind of informed consent. It is not a 15 decision point tree. This is something that is written at the fourth grade reading level. You have a copy of it. You have a copy of the little booklet that explains things more clearly and in more detail.
We also have for low literacy persons, two videos that we use. Clearly, you cannot explain all the ramifications of all of these different diseases, and all the possible uses you might possibly make of somebody's data, and have that intelligible to anybody else that an information specialist with a Ph.D. who thinks about it for two weeks. So you can't do that.
So our compromise with this is to have a simple informed consent, which is a goodwill informed consent. We want to tell you why we think that this -- and we are not non-directive in this case. Usually geneticists are non-directive, but we are not here. Here we have our public health hat on, and we are saying we think newborn screening is good for baby. Let us tell you why we think it is good for your baby, and let us tell you what we will do with the sample.
Then you need to sign either yes, I give my permission for you to screen my baby, or no, I do not give my permission for you to screen my baby. So they have to sign, and this goes in every obstetrical medical chart, and every baby's medical chart. It says either they did or did not give consent.
I'll direct your attention to page 4 of this little booklet. Page 4 of the little booklet says, "From time to time the state laboratory conducts studies on other important health problems using these specimens. These are only done after all the other tests that we promised them we would do, are completed. These studies determine how many babies are affected by the problem being studies. They do not tell us whether individual babies have the problem, because the samples are not identified by name."
Could I reverse engineer and go back and find out? Well, in some cases I probably could, even with my level of technological expertise. In other cases, it would be very hard, and maybe Latanya Sweeney could do it, but I couldn't do it.
So we actually do have informed consent for being in our database, which has all the identifiers, and what the screening results were. Now we have about 70,000 births in Maryland, and almost everybody gives us consent. We have, perhaps when we are not dealing with early discharge and all of that problem that we have just gotten behind us, but when we are not dealing with that, we have perhaps five or ten families who decide not to have the baby screened. So this is almost the entire birth cohort.
Of course, we have very few people who actually have one of these rare diseases. So most of these entries in this database have entirely normal test results. What happens to the children who have positive results? They go into a system where we in fact refer them to the appropriate place to get the definitive diagnostic work-up done, and then they are recorded in our database as being confirmed cases, or having been false positives for whatever reason.
When we have a child who really has a disorder, for several of these disorders we actually run the long-term case management system for these patients. That is particularly for the genetic metabolic disorders, particularly PKU, but the other ones that are treated by diet -- MSUD, homocystinuria, tirus(?) anemia. We also have a long-term case management program for children with sickle cell disease.
For children who actually have these disorders, no one has ever elected not to belong to our case management program. We are providing a lot of free services. We have a signed consent for release of medical records. We have essentially everything that is of interest to us in terms of the case management of this child, that is in this child's medical records anywhere. So we have very, very extensive medical records on these children.
I am happy to say that we are so behind in technology that we are again at the cutting edge. These are paper records. When there get to be too many paper records, they are microfiched, but they are not on the Web.
So that's another database that in fact is really a patient registry. These are confirmed patients, and they are clearly identifiable, and there is a lot of patient information. We use these databases for all kinds of things that our patients heartily support: improving diagnostic and management services; improving the effectiveness of the way we deliver services; improving or evaluating different treatments; putting them in touch with researchers who are doing studies which are likely to either be clinical trials, or to be basic research.
In fact on the disease itself, we, just like NORD, will inform the patient of the opportunity that these are the guys. We will tell them something about the guys that are doing the studies, and what the funding source is. Those studies have all gone through IRBs. Very often they are collaborative studies, so they have also gone through NIH or CDC IRBs, as well as the participating university medical center IRBs.
We make it very clear that no service they get from us or our relationship with them is in any way dependent on whether they decide to do any of this or not. This is purely for their information, and we give them the contact information to find those researchers who may be doing something that is of interest to them.
One more clinical database that we have is that we run a series of genetic centers and genetics outreach clinics to provide genetic services to the population of our state. We do this with cooperative agreement where we are providing a partial subsidy for the services that are provided by academic medical center genetic units, both at their centers, and then they do a large number of outreach clinics for us.
So we have 14 general genetics outreach clinics, 6 outreach sickle cell disease clinics, 2 outreach hemophilia clinics, 2 outreach facial clefts clinics, et cetera, et cetera, et cetera. As a condition of getting our partial subsidy, no patient may be turned away for inability to pay. Also, they must present to us both narrative and statistical reports. So we have some information on every patient seen in that clinic genetic system.
That is about 8,000 patients a year. Newborn is about 70,000 patients a year. Our clinical management databases, case management databases are small; 170-some odd patients for the metabolic disease database, and 854 patients for the sickle cell disease databases. They are small databases.
The information that I have in the clinical database from all our centers and outreach clinics is identified by a number which is made up by the provider. The provider could in fact go back and link to the actual medical record, and tell us who the individual was. We don't ask that, and we don't know, but it is certainly possible to identify that person.
We aren't really, for the purposes that we run that registry, at all interested in who the person is. We are interested in knowing what kinds of services were provided, where were they provided, so that we refine our service delivery system.
Then we have what in many other states is really called a registry, and that is our birth defects reporting and information service. Our birth defects reporting and information service was set up largely for epidemiological purposes, and we succeeded in attaching a service component to it.
So basically, the goals of that system are: we are supposed to collect information on any of 12 different birth defects, which are specified by WHO, the World Health Organization; and we are supposed to figure out what the baseline incidence in our state is; and we are supposed to figure out what the transit incidents are; and then we also provide information to the families who are reported to us.
This is a passive reporting system. We provide information to those families about the disorder itself, and about the services that are available for patients and families of the patient with those particular disorders. We get about 500 reports a year, because this is only a subset of birth defects, and we don't have a very large birth cohort.
There is state legislative authority for every single thing that we run. It is either in statute or it's in regulations, which in Maryland, have the force of law.
We also have a long tradition set up in statute. We have a state advisory committee. Our advisory committee is called the Advisory Committee on Heredity and Congenital Disorders, and the principles that are set out in that statute say that in Maryland, participation in any genetics program will be entirely voluntary, and will require informed consent.
That the interventions that we provide, we have to tell people the benefits and the risks. It tells them also that the emphasis is on informing the patient. We may not require restriction of child bearing. We have to inform people of all of their reproductive options. This is the oldest such advisory committee in the country, and I submit one of the most distinguished, with a very nice track record, but most states or many, many states are going over to having a body like this at this point.
So we have really a lot of information on individuals with genetic diseases. I use it. I use it for purposes that it wasn't necessarily collected for. I use it for purposes that in many cases weren't even thought of at the time we set up the program.
What kinds of purposes do I use it for? Needs assessment; to evaluate service delivery; resource allocation; to justify my budget; to support legislative initiatives which I think will improve services for our patients; to evaluate the way my programs are running; to evaluate therapies in conjunction with other people.
Also, I link these databases frequently, and I link them frequently with other databases to improve my ascertainment. Anytime you are running a passive system, ascertainment is a problem. I always say that mine is not a passive system, it is a passive-aggressive system, because I'm out there doing what Latanya was trying to do the other day, and that is I'm trying to find all the additional cases.
So I have to look in birth records for instance, to see if somebody didn't report a child with one of these birth defects to us. Then what we do is we go back to the hospital and say, from the birth record it looks as if this child may have had a reportable defect, and you didn't report it. Would you please check the chart and see if this kid did have, and if so, would you please send us the report?
That improves our ascertainment a great deal. Passive, just getting the reports in, we only get about 82 percent of what we ought to get, and that's pretty good, as those systems go. Many of them only have about a 40 percent ascertainment.
Then we participate in collaborative research. There are two kinds of collaborative research I would like to point out. One is the kind that we talked about before, the sort of thing that NORD does. We know about a study that is being done. We have some information about a population of patients that it might be interested in too, so we will then try and contact those people and let them know what is happening.
This is not easy always. For the people in our case management databases, it's no problem. We see them all the time. We are very close to them. We know exactly where they are; no problem. The birth defects program though is one cross-sectional view. We see them only five days after birth, and that is the only report we ever get. We do not track those children.
Now many of those families keep in contact with us, but that is at their choice. The program was not set up to do more than just look once cross-sectionally, five days after birth. So I cannot always find all of those patients.
The other kind of research that we do is what we thought of before yesterday as anonymous research. That is research where we have IRB approved, and often as I said, multiple IRB approved research protocols, where somebody would like to look at actual material from patients with a certain disorder.
So I either, through newborn screening -- but if it is newborn screening, and it is a patient who has that disorder, they are in my case management program, so I can get to them directly, and get informed consent. Or if it is a disorder that is in my birth defects database, there I may not be able to get back to the family, because it may be 20 years ago that this baby was born with this disorder, but I still have that child's residual blood spot.
I can match the data that I have in the birth defects database with our newborn screening database, and find that child's blood spot. We have rules about what we do with those blood spots, and the last piece of that blood spot is never given away. We keep it. We're not as rich as California, not in the kinds of conditions where it would be useful for many, many, many years for all different kinds of chemical analyses, but certain of the DNA analyses, even if you store these things at room temperature, can be carried out.
So I do have DNA on these patients. The last spot is always reserved for the family. Should they come back to us at any time in the future and say, our child has turned out to have X disease. There is now a test for X disease. Our child has passed away. We do not have any clinical material. Can we get that blood spot for purposes of genetic counseling for the family? We always have that.
If we have extra blood that was not used in the newborn screening program, and is not that last spot, we may then use that specimen for this research protocol. We have enough demographic information about that individual to find controls; people who did not have that disease in the same database.
We then take that specimen and code it. The code is not one that is obvious. It has to do with a lot of different things, the Julian calendar day on which the report was received, but not the date of birth. We code it. We give it a code number.
A researcher gets the sample with the central clinical information to interpret the results, and does the genotyping. These are usually studies where they want to know is some particular genotype more common in people with a particular kind of birth defect.
A researcher does the genotyping, and has the genotype with the sample number. I don't have the genotype. I have the identity of the patient and the code number. So the researcher does not have what we have regarded as personal identifying information, and we don't have the information about what the genotype is.
Yes, we publish this in the medical literature, and it is summary data. It is aggregate data. We do not do any kind of public use tapes. Anything that we release any data for is either what is required of us by law, and that is usually yes, person-level data, but person-level summary data in tabular form is aggregate data.
Now we do have problems, because sometimes people aren't satisfied with that. A particular county wants to know about incidence of certain kinds of birth defects, for instance in their county, and so when we get down to looking at things in the county level or in the municipality level, and we are required by the AG to provide that under Freedom of Information Act to the local jurisdictions, it's the local public health agencies.
Yes, we have such small bin sizes that it would be easy for any public health nurse to know exactly who this is in this particular community, but anything that we do publish, and do we publish a report every year, is always aggregate data.
We don't release raw data to anybody, but under the kinds of circumstances where I described, where we have an IRB approved protocol; often this is a collaborative study, since we are dealing with rare diseases, with multiple centers, so the protocol has been through multiple university center IRBs. It has been through the CDC's IRB or the NIH's IRB. We do release not only patient information, but we also release actual patient sample.
We are not aware of any situation to date where this has resulted in harm. It certainly has resulted in I think, a number of really very fine publications in peer reviewed journals that have helped to elucidate the etiology of some of these disorders, and some evaluative studies which have told us about some approaches to some disorders are better than others. So that is what we do at the state level.
MR. GELLMAN: All right, let me try something here of an administrative nature. We are scheduled to stop at 12:30 p.m. for lunch. We have three people left to hear from, and we're not going to get through all three of them before lunch. So what I was going to suggest, if no one objects, is that we stop now, do an hour for lunch, and then come back and hear from the three people and continue on.
Hearing no objection, we will come back and reconvene at 1:15 p.m.
[Whereupon the meeting was recessed for lunch at 12:08 p.m., to reconvene at 1:15 p.m.]
MR. GELLMAN: This afternoon we are going to begin. We have three more people to hear from, and somebody from the audience as well. We are going to begin with the pharmaceutical manufacturers that we have here, and we're going to start with Elizabeth Andrews.
DR. ANDREWS: Thanks very much.
I'm the chair of the epidemiology program at Glaxo-Wellcome, which is responsible for quite a lot of observational research looking at descriptive epidemiologic data to identify unmet medical need, as well as doing structured studies looking at drug safety, and some outcomes research.
There are a number of activities that we are involved with, and that our company is involved with that could be considered in the category of registries. Some of those I will not go into, but would be happy to talk about them later.
Those include things like spontaneous adverse experience reporting -- I know Marcel from the FDA is here, and could address that very well -- treatment INDs, or expanded access programs of new drugs for life threatening conditions, which would fall under a category of public health follow-up of a registry cohort; and something that we are involved with that is a post-exposure prophylaxis study of people who have been exposed to HIV occupationally. It is a joint effort between Merck, the Centers for Disease Control and Prevention and ourselves.
I thought that would be more useful to do would be to describe some hands-on registry work that we do in looking at the safety of medicines when used in pregnancy. I thought that before getting into the nuts and bolts of how these registries operate, that I would lay a little bit of the groundwork, and describe what motivates us to do these registries to begin with. We are really motivated by concerns for information that cannot be ascertained in many other ways for public health and patient care reasons.
When medicines are first introduced into people, when the drugs are first on the market, we have very little information about the safety of those drugs when taken during pregnancy. We have very little information for some good reasons, ethical and scientific. We don't intentionally study drugs during pregnancy. We don't expose pregnant women in clinical trials. Even if we did, we would be unlikely to study enough such experiences to draw any conclusions, other than to find very, very strong and obvious teratogens.
On the other hand, women take drugs in pregnancy. Women have medical needs like the rest of us, and need information about the safety of these products. Moreover, 50-60 percent of pregnancies are unplanned, so there is a very frequent situation where a woman has taken medications before she knows she is pregnant.
We desperately need more information to help understand the risks and safety of drugs when used in pregnancy. Unfortunately, our traditional methods of study breakdown. We talked yesterday about many of these large databases. Unfortunately, they are insufficient to follow-up, to even detect pregnancies and exposure to medications during pregnancy.
Most of the public use databases don't follow patients prospectively. The traditional methods employed by epidemiologists to do a cohort study, where you would identify patients exposed to a medicine, and follow them forward in time to measure the outcome, or case control studies, where one would identify cases of some particular problem and follow that, and see if the exposure rate in the people who have these birth defects was higher than babies who didn't have birth defects.
Well, we can't do either of those studies, because exposures to particular medicines in pregnancy are very rare. The outcomes we are looking at are also very rare. Yes, 3-5 percent of all pregnancies result in the birth of an infant with a major birth defect. We're really more interested in specific birth defects, and they tend to occur maybe 1 in 1,000, but more often it's less frequently than 1 in 1,000.
So how do we try to find this information? We have been struggling, but the one method that seems to be gathering some useful information is through prospective exposure registries that follow pregnancies. We have set up a number of these over the years, looking at medicines such as AZT, zivorax(?) for genital herpes; more recently for ziban(?), a drug that is used to help people stop smoking. Many people try to stop smoking before they learn they are pregnant.
The methods we employ, I will describe in some detail. We learn about these exposures usually through physicians who call the company. Now you may not be aware that in order to obtain that may not be immediately available to physicians, physicians very frequently call the pharmaceutical company, and they end up in the medical unit, a drug information unit of the company. They have a conversation with a scientist who may have access to more information than is available in the package insert, which is, believe me, not very helpful regarding pregnancy risks.
The drug information person may have information about spontaneously reported adverse experiences and other information obtained through clinical trials or the literature, and helped to synthesize and provide that information.
We have taken advantage of the opportunity of those calls to identify women who have been exposed during pregnancy. Usually an obstetrician is calling, saying what do you know about the safety of this product in pregnancy? We prospectively follow-up that pregnancy exposure with that physician, obtaining a very minimal amount of information at that time of the call, and information about the trimester of exposure to the particular drug, and something about the risks -- some of the few known risks that might predispose a woman to delivering an infant with a birth defect.
We ask the physician if we can follow-up that pregnancy to determine the results. Was there a baby with a birth defect, or some other outcome of pregnancy? We try to assign a code that we can use to later identify that patient to that physician.
Now the kinds of physicians that are calling in aren't the physicians at academic medical institutions that are used to codes. They are practicing physicians that have a variety of mechanisms for keeping track of their patients. Some will say let me give you the initials and date of birth, or others will say I have to give you a chart number, and occasionally a physician will say I can't identify this patient in six to nine months unless I give you a name.
So we keep track very carefully and sensitively of the information that is provided so that we can then, at about the time of delivery, send a follow-up note to that physician and get information that is already in that physician's records about the outcome of that pregnancy.
Once we have that information completed, then we delete all the identifying information from our files. A year from the time we have completed that case, we delete the identifiers from paper records, from automated records, and we severe the link within our automated records, that is between the physician identifying information, and the patient identifying information.
The information is analyzed in collaboration with an advisory group that oversees the operation of each of these registries. These advisory committees include people with a variety of interests -- public health interests, expertise in teratogenicity and dysmorphology, obstetricians, someone with an in depth understanding of the particular disease under study.
They analyze the data. They also review the procedures, and they help us to figure out what kinds of protections are necessary regarding confidentiality. When they review the data, they do not review any data with identifiers on them, and they are very careful about that.
The data are then summarized in a report, and the aggregate data are presented. Case-specific data are presented, but without identifiers. We aggregate to the level of country.
I was trying to think of some of the other protections that we employ. We have a very small staff of people who are authorized to have hands-on access to the data. Everybody, when they start to work for our company as a condition of employment, signs a confidentiality agreement. We have a very strong code of conduct. Breaches of confidentiality are subject to penalties that would include termination of employment.
We have physical security methods. The data are accessible only on limited computer files, locked paper files. I think I already said that access is restricted to a very small number of individuals.
Data are never made available to outside researchers as a data file, but if a question comes in, then we would perform an analysis, and then provide those data.
Through the use of these registries, we have learned quite a bit about our medicines, and are beginning to be able to help providers and pregnant women as they are counseling and discussing risks and benefits of treatment, to have a better sense of their risk. I think that is very helpful, and would hope that whatever new privacy measures we see through regulation or legislation would help facilitate more such data collection.
I know the FDA is very interested in seeing more of these kinds of registries happen. They certainly encourage certain companies with products where this information is critically important, to set up these same kinds of registries. For some drugs, the establishment of these registries is an agreement between the company and the FDA as something like a condition of drug approval.
I think I'll stop there.
MR. GELLMAN: Why don't we go right on with Dr. Roht.
DR. ROHT: The situation in our company, Hoechst, Marion, Roussel is much the same as was described for Glaxo-Wellcome. In addition to the pregnancy registry activities, there are many, many other diseases, virtually all the diseases that our company might consider using registries, or if you define registries very broadly, to go to any place where there are data available. The really sudden approach -- where did you find the money? The money is in the banks. That's why he robs banks.
The pharmaceutical companies will, for purposes of efficiency to locate patients who might be appropriate for clinical trials, or to provide information that is not currently known about their drug, will try to find the most efficient way of locating patients.
It's very important to understand that in the drug approval process, that the clinical database might comprise only several hundred to a couple of thousand patients that actually use the drugs during the clinical trials. All of the protocols are subject to very, very strict inclusion and exclusion criteria, to the extent that when a drug goes on the market, many clinical questions cannot be answered by the information that is available in the file for a particular drug.
So drug companies will need to acquire more information on the safety of their drug in use of other medications, for example if there might be potential drug interactions and such things. Also, the long-term use of the drugs usually are not studied in the clinical development process.
I mentioned already the fact that patients may have co-morbid conditions. If you are studying hypertension, you might want to exclude patients with diabetes or patients with existing heart disease. These are the very important clinical questions that the physicians will want to about.
So once a drug is on the market, physicians are calling up, can I use this drug with another drug? Can I use this drug in diabetic patients? How do I handle the drug if I have a patient with high blood pressure and diabetes? These sorts of questions. The only way those data can be compiled is with very extensive epidemiologic research in the post-marketing area.
I think it's very important to understand that in addition to the company's concern about confidentiality, which is very, very important, as Elizabeth mentioned, the procedures, the processes that the companies have, ethical policies, good business practice policies that all employees must conform with, we also are a very, very highly regulated industry.
All of the data that are done in the research that the companies do must conform really to FDA requirements. FDA has some concerns about confidentiality and so forth. The companies do have to conform to those policies.
We also are regulated by other agencies outside of the FDA. For example, OSHA is very concerned about people that have exposures in the occupational setting. So in our operations and our manufacturing, employees perhaps could be exposed to chemicals that could be toxic, perhaps even cancer producing. You mentioned earlier that you sometimes get inquiries from manufacturers and from employers. Part of the reason is that they perhaps need to provide information about their employees back to other agencies besides FDA. These are very, very important issues.
The pharmaceutical companies are interested in looking at safety. They are interested in looking at long- term exposure. They are looking efficacy of their drugs. Then there are areas again that are not very well studied. If a company would like to extend the labeling, if they would like to get new information into their labeling, we have to get information which will be acceptable to the Food and Drug Administration.
So we will sit down very often with the FDA to talk about what types of studies we need to do, and how those data need to be collected in order for them to be approvable, to be reviewable by the agency.
There are other situations where we know that once a drug comes on the market, that physicians may use a drug for indications, for uses that are not specified in the package labeling. Very often these will lead to questions about the safety and the efficacy of the drug later on. So the companies will have to try to collect information to be able to answer these important clinical and public health concerns.
Another couple of issues that I would like to mention very briefly. One way that is complicating the business of getting patients for registries and databases is a very, very rapid proliferation of databases, driven to some extent by the improving technology to be able to access databases, and to be able to analyze some of these databases.
The companies are developing innovative techniques to be able to locate patients. For example, if we had a need to do a study, we might try to enroll patients on a voluntary basis, by identifying them as they come in with a prescription, and locating patients through pharmacies.
We also might try to get patients to participate in various types of studies by putting information out on the Internet. So these are other ways that patients might participate in studies that are sponsored by the pharmaceutical industry.
Now some of the other issues that are going on is that both on the United States side of the ocean, and also in Europe there are very extensive efforts to develop data confidentiality, data privacy regulations, statutes, and so forth. There are organizations set up on both sides to address what is called harmonization. So that what happens in the U.S. is consistent with what happens over in Europe in particular, and possibly even as far as Japan.
The reason is that many, particularly the large pharmaceutical companies, are global. There is an exchange of information, particularly on safety. So if there are adverse events that occur in relation to using a drug, by regulatory statute, the U.S. company would have to provide that information to our regulatory offices in different countries, and that in turn would be reported to the regulatory agency, the equivalent to the FDA in Sweden, Germany, Italy, France, wherever.
Consequently, information that is collected about the safety in particular, that is collected in Europe and other countries, also would be transmitted here, because we have to provide the FDA with information about the global perspective on safety and so forth with our drugs.
Privacy is always an issue. We are working very carefully to try to develop additional techniques so that we assure that the information that we have is not used for any purpose other than answering some of these safety types of questions.
We do publish our data. When it's appropriate, we try to publish our information through the scientific journals, and also at professional meetings, but we do not routinely make this information known to marketing groups and such. So we try to handle these data in as scientific and professional a manner as possible.
I think I would like to stop there.
MR. GELLMAN: We have somebody here from FDA who wanted to say a few words. So come up to the mike, identify yourself.
DR. SALIVE: I'm Marcel Salive, chief of the Epidemiology Branch in the Center for Biologics at FDA.
I can't address all the topics that have raised as possible FDA topics by the past two speakers, but I want to focus on a few things that I think are of importance to this committee.
I am in the area of post-approval evaluation of the safety, and I think we have talked a lot just now about that. I just wanted to remind everyone, the example Dr. Detmer gave, the example that Mr. Langan gave are both kind of FDA regulated products, safety concerns that came up after they were on the market, which were address through registries ostensively.
So FDA has one major post-approval adverse event surveillance system which is known as Med Watch, and I want to spend a lot of time on that. We have a small one -- Med Watch covers virtually all the products regulated by FDA, with the exception of vaccines. The second one is VAERS, Vaccine Adverse Event Reporting System, which my group works on, and which is a joint project with CDC's national immunization program.
Both of these collect adverse events that occur after the use of a licensed product, and as such, it is more of an exposure registry than an outcome registry like a SEER cancer registry. So it is a very broad type of registry, but I think it meets the kind of broad definition I have heard at this definition today.
If not, I think it is surveillance at the very least, of a public health nature. It has been stated by WHO that drug safety surveillance is public health, and has a lot of those kind of implications.
Med Watch covers drugs, it covers biologics, devices. It covers food, food additives. It covers really many products. Currently, we are getting in 250,000 reports per year into the Med Watch system, so it is very busy. Predominantly those are drugs, and there is a major effort entering those data into a database.
VAERS is much smaller for vaccines, but because of the nature of vaccines, actually receives much higher scrutiny I think per report than probably Med Watch does.
Med Watch sort of evolves out of FDA's responsibility in public health issues. Certainly the companies have commented on their responsibility for their products. We have a public health responsibility for monitoring those products. In the case of VAERS, there is very specific legislation in the National Childhood Vaccine Injury Act of 1986, which said the Department of HHS must establish a vaccine safety monitoring system, which is now known as VAERS.
It does have many stringent privacy provisions in that law that apply to VAERS. We do ask for patient identifiers -- name, address, state, phone number, date of birth, birth weight. There is really a long litany of data on the VAERS form. It is only a one page form, but it is very detailed.
Any adverse event report that you hear about, there are four basic elements which are: the patient; the product; the event; and the reporter. Those are sort of the minimum criteria that we need.
In the case of VAERS, because we conduct, and the CDC conducts direct follow-up by our staff, we need those identifiers to do that follow-up in a timely manner right away. We do that for a selected number of reports.
In the case of Med Watch, just to contrast, over 90 percent of those reports are coming in through the companies, and so there is really less concern about us doing the follow-up, and there is more concern about kind of I guess sharing the load, and being able to do that follow-up should we so desire. So on the Med Watch form we are not asking for patient identifiers per se, although I must say date of birth is one there, and a number of personal information is on there.
It was mentioned earlier about international harmonization, and I would refer you to the January 15, 1998, Federal Register, for a document in there called, "Data Elements for Transmission of Single Cases of Adverse Events." That's not the exact title.
In there, that publishes our negotiated data elements for adverse reporting globally, which was signed in Brussels last year, and is now really being implemented at FDA as what we are after. There are some specific comments in there about identifiers.
MR. GELLMAN: What was the date of that again?
DR. SALIVE: January 15, 1998, Federal Register. So that is a public document on what we have been working on. I won't go through the history of these things, since I don't really know it, but these systems have been around for a long time, and they have evolved into their present state.
Currently, the VAERS data and the Med Watch data are publicly available under the Freedom of Information Act. We do know that in the case of vaccines, there are activist groups which analyze that data. There are academics who analyze that data, and the same goes for the drug adverse event data.
So I think I highlighted a bit, the differences in the use of identifiers. As Dr. Andrews suggested, registries are also used by FDA as a tool for evaluating the post-marketing safety of regulated products. There is really a long list of possible things. As she indicated, it is becoming more of an issue as far as negotiating that at the time of approval for many products.
Certainly we have pregnancy registries for vaccines that I am familiar with. There are many implantable devices which have registries for them. As I understand it -- I'm not an expert in this area -- there used to be legislation requiring such registries. Now it is more of a -- well, I don't know the exact status of it, but it's not I think required, but it is still done.
The general understanding is that the patients must be able to be notified about a product issue within ten days of such an issue arising. So certainly identifiers must be kept in those instances to really achieve that kind of turn around time.
We regulate blood banks and blood components in our center, and there are a number of issues there. Certainly look back for infectious diseases is something where you must have identifiers to do that kind of look back.
The follow-up as I said, of the VAERS reports, we need the identifiers for that. We do mail follow-up and telephone follow-up.
I will delve briefly into the pre-licensure approval, and maybe Susan Mize can help me a bit on this. Our feeling on the xenotransplant registry is that this is again, sort of one possibility that may happen, where from the point very early on now there are no licensed xenotransplants, for the record, but some are being studied, investigated under various INDs.
If a registry is started now, which is certainly a great possibility, it will track all patients who ever receive xenotransplants, and have that capability, because of the issues of cross-species transmission or whatever might happen, any safety issue that might come up.
So I think that type of registry -- it is kind of like the implantable device registry, only it's a biological implantation of animal tissue or animal cells into a person. There are a number of issues there, but certainly the public health concern is what is driving that I think.
So I would just close saying that post-marketing safety surveillance for licensed products by FDA is a public health activity. There are certain elements of research that follow-up on when we get a signal of some problem, how do we confirm that? How do we really understand whether it is true or not, that maybe research or maybe follow-up surveillance -- registries to me, fall somewhere in the middle. This is somewhere in the middle perhaps.
I would be happy to answer questions.
MR. GELLMAN: I don't want to get into this in any great detail, but there is another kind of registry of sorts that the FDA is essentially requiring, and that has to do with the prescription drug advertising. Companies are required to have 800 numbers, where people can call up to get more information.
The information that is collected as a result of the phone call is as far as I know, completely unregulated, and one can make the fair presumption that anyone who calls an 800 number for a particular drug, has the disease that that drug is for, or is taking the drug. So there is at least an indirect revelation of information that people are voluntarily making, and we have no idea what happens to the information that is collected as a result of that. I don't think there are any FDA rules on that.
DR. ANDREWS: I could answer that partly by describing certainly what happens at our company. I think it is not dissimilar to some other companies that have customer response systems of networks of people who answer the phone. There are so many 800 numbers and reasons for people to contact a pharmaceutical company, and there are some programs that particularly ask people to call in for information about specific diseases.
What is commonly done is if the caller requests information about a particular disease or product, the company person would ask for consent essentially, to contact them at a later date, to send other information to them. So I don't see that as falling into the category so much of medical data. It's not information that originated in the medical care setting, but it was information that was voluntarily identified from the patient.
MR. GELLMAN: I don't disagree with that at all. It's just a question of what happens to the data? What are the rules? What are the terms? It's like any other marketing data, what do people understand is going to happen to information when they disclose it?
DR. ANDREWS: I think there is a potential for confusion. The reason that I wanted to answer the question is I think there is a potential for confusion about the kinds of information that is in the hands of companies. Information that, as Lew said, may be in the hands of the research side of the organization because of patients participating in clinical trials or spontaneously reported adverse experiences, would never go into the hands of somebody who might be sending follow-up information that may be product-specific or sales driven.
MR. GELLMAN: That's a good clarification. Lew?
DR. ROHT: When the people call into these drug information departments, they are of various types. Sometimes patients will call directly. Sometimes physicians will call, and sometimes pharmacists will call. The drug information departments usually will confine themselves to answering information that is only contained in the package insert; in the labeling that we work out with the FDA.
In some cases, the company may have access to information from the published literature, and so we have these very, very rapid search mechanisms that can access the Medline and some other listing of articles that have appeared in the medical literature. It may be possible for someone to provide an answer to questions that just comes out of medical information systems that are publicly available. We have the technology to be able to compile that very, very quickly.
We do not disclose any information. There is no information to disclose about individual patients, because the people that are in the drug information departments only have access to this gross information. It is aggregated information.
Now also in drug information departments that I have been affiliated with, they are usually staffed by people with some sort of medical training. They may be pharmacists for example, or people with some sort of biology training. Very often, in most cases probably the person from the company will ask the caller why are you really calling? Is there a patient that has been involved? Is there a drug that has been involved?
Actually, these drug information inquiries very often will generate adverse event experiences as the nurse or the pharmacist who is responding to the call questions in more detail. That information will be written down on a piece of paper, sent to the drug surveillance department, or the drug safety department in the company for submission to the FDA under various types of regulations that could lead to possibly more follow-up if more information is necessary.
The drug companies may send a letter to the physician who is identified in the call, or if a patient has called, we would ask is it possible, would be able to contact the patient's physician to get some more detailed information. The caller may say yes or no. If they say no, well, we'll send whatever information we have to the FDA.
DR. SALIVE: I think on the issue of patient support 800 number call ins, FDA is aware of that, and I think a guidance was issued this month that deals with some of the issues there, but it is very much an emerging area. We have tried to clarify from our point of view on adverse events, if a patient is calling in every week, because some of these support numbers, they call in every week, and it's more of a marketing tool than a scientific tool.
If they report an adverse event, we have been trying to provide guidance on what should be done in those instances.
MR. GELLMAN: I am not troubled in the slightly by any of the scientific stuff that you described, or patient support or responding to requests. The question is when you get effectively a response to marketing, and people give you information, what happens to the information? It may be somewhat of an open question, but I don't want to get into that in a lot of detail.
MR. LANGAN: If I could sort of pick on this. I don't have very many concerns about much of that clinical data -- how effective or safe these products are necessarily, and how that information is exchanged between the patients or their physicians, and say a pharmaceutical manufacturer.
I think what is very interesting is there is another area of information and data collection which I guess gets into the area of marketing a little bit. It either focuses on issues of reimbursement or actual delivery of the product once it is approved. It doesn't so much involve surveillance of these issues, as it does how does the health care delivery system get these products to the patients, and what information is exchanged?
What I'm thinking of in particular is all of those programs -- sometimes they are known as indigent care programs or patient assistance programs for people who either have inadequate insurance or no insurance. Voluntary programs that are operated by pharmaceutical firms. Very often, a 1-800 number is created. It is not so much to find out whether there are adverse events, but to find out who can't pay for the drug, and if those are valid reasons, and can the company, through its goodwill program, provide that information.
I think we speak a little bit from personal experience or several capacities. My organization, NORD, administers about 10 different medical assistance programs on behalf of pharmaceutical companies, which brings in yesterday's question of what about contractual arrangements for the flow of information.
Indeed, we negotiate a contract with firms. We lay out a set of standards really of how we will treat this information, and 1-800 numbers exist for these programs. We in fact make the determination as to whether a person is indigent, or whether a person needs to get a drug for free or at half price, or whatever the case may be.
Again, these are all voluntary programs, set forth by the manufacturer, however, a great deal of information is collected. For the past 10 years we have administered programs for immunosuppressive drug therapy. We basically have perhaps one of the largest databases of all transplant recipients in the United States. That is a great deal of information that we maintain, and by the way, this information is even more detailed. It is not just did we have a telephone number or a home address. We actually know the income. We know the employment situation. We know all the details of health insurance.
I say this and offer this information, because I think we do a very good job of it, and we maintain very high standards. In those contracts, we make sure that this is confidential information. We don't give this information out to any other sources.
We have been concerned, because these programs have been proliferating, and what has happened is many firms exist -- many right here in the Washington area -- exist solely for this purpose. They run these programs. These are all contracts or subsidiaries of many firms. It is uncertain as to what happens to that information after an individual fills out an application form and sends it in. There is a whole file that is created, and we don't exactly know where that information goes once it is put forth into an even bigger database.
A couple of other programs that clearly are in this area, we have had a lot of experience over the years through the FDA's regulations of early access programs or treatment INDs, so-called lotteries. There are some pretty high profile cases of drugs, that while they are not yet approved for marketing, have been approved by the FDA for an expanded access outside the confines of the controlled clinical trial if it is for a serious or life threatening disease.
There you have another example of very often these early access programs are operated by generally third parties. I guess it doesn't matter if it's NORD that runs them, or if it is a private for-profit firm that runs them, still the information is exchanged.
I just wanted to mention those as some other areas of voluntary offering up of information on the part of the patient, and that information goes somewhere.
I also wanted to give an example of other areas where the patient advocacy groups very much work in cooperation and with either companies or with the regulatory agencies such as the FDA. The data that we have collected, sometimes it serves both purposes.
The example I have is actually for the good, and to commend Glaxo-Wellcome. A few years ago they developed an effective drug to treat a rare orphan disease, primary pulmonary hypertension. I know that when a company such as Glaxo steps forward to put forth that investment, the years and the work, that is a substantial commitment.
The patient communities recognize that, and I think that particularly in this example with this product and this condition, the patient that exists that maintains information on those several thousand patients with primary pulmonary hypertension are very eager and willing to work with the manufacturer.
Willing to do all they can to make sure that that product makes it to the market as soon as possible, and is hopefully very safe and effective, but also is very willing to make sure that patients are enrolled in clinical trials, and have as much information as they can about the use of that product.
So I would image that's a case where the United Patients Association for Primary Pulmonary Hypertension is able to work very closely with the manufacturer for mutual benefit. It is interest, because this same patient organization was very effective in helping the FDA, in working very closely with the FDA when adverse events were reported about the phen-phen combination drug therapy, because actually primary pulmonary hypertension is what results.
This patient group and their team, their advisory committee of doctors who are the experts on PPH happen to be the doctors, many of whom were probably involved with Glaxo in developing a drug to treat it as investigators, but they were also the front line doctors that were noticing the new cases of primary pulmonary hypertension, and they were recognizing that it was the patient group and their offices that were getting all the first phone calls. They were able to make some of the links of the causes of the adverse events with those other products in relation to this orphan disease.
MR. GELLMAN: Did you want to say something?
DR. ROHT: Just very briefly, there are many, many reasons why a company will choose or not choose to have these early medication access programs. I know in some companies it is very simple for a patient actually to obtain early access. Very often it comes in again, through the drug information telephone line. A doctor will call in or a patient will call in with a story about my mother this or my sister that or somebody in the family needs some medication.
What usually happens is that the drug information person who receives the call will say, have your doctor write a letter saying this is your name, this is your address, because we need to be able to get the medication to that individual or to the doctor, with a prescription. Then it just goes over to the early access program. So it's very, very minimal. It's very a unintrusive way of doing this, but there is probably quite a variation in the way companies handle it.
MR. GELLMAN: Let me just make a comment just about the examples that you brought up, and some of the other ones we were just talking about. This just falls in the life is really complicated file here. Any attempt to put anything in categories, some of these examples show that you can't do it. You've got activities going on for very worthwhile purposes that just cut across any line you care to devise, and it doesn't make any of this any easier.
I would like to push on to Scott, who is going to talk about vaccine programs, I think.
DR. WETTERHALL: Before I talk about immunization registries, I want to paint some very broad strokes, and give you our perspective on how registries fit into health information systems, and how they fit into what we do as a federal agency.
CDC's mission is to promote health and quality of life. We do this basically using a well tested four step process. We identify problems. We identify causes of those problems. We develop interventions, and we implement programs.
It is very important to realize that health information systems underpin all of those activities. They are integral part of those activities, and the reflect a commitment to infrastructure that we developed with our partners in state and local health departments and elsewhere.
We support a large array of health information systems ranging from notifiable disease systems, laboratory-based systems, telephone surveys, the statistical surveys that you heard about yesterday, as well as registries. From my perspective, when we talk about health information systems, there is a series of steps that we go through in setting up any health information system, the first of which is to determine what your objectives are.
Our overriding principle is that form following function. That is, whatever information system that you happen to be developing and supporting should be serving the function that you are intending it to do. When we set up a surveillance system during the 1996 Olympics, I can assure you it was not a registry, but nonetheless, it worked effectively and we dismantled it once we were finished with the Olympics.
So we basically don't treat registries different from other types of health information systems. One of the questions that Bob had in the handout was, are there considerations related to registries that are different from other health information systems? Our basic feeling is no. It's one of an armamentarium of health information systems that we use to, as I said, detect and solve problems.
I have a definition of a registry, although I won't read it, because it is long, but I will comment on why I think a registry is more than simply a list of names on a piece of paper. I do see it as an ongoing process. I see collection, analysis, interpretation, and dissemination as components that are performed on that information.
Most importantly, which I think all of the examples that we have heard today, there is a follow-up component to it, or we do something with these people or the things that are in the registry in the future. That is very different from some of these other types of health information systems that we use. There is some sort of follow-up component that may take many different forms, but it basically is there.
What I was saying, the distinguishing characteristics of registries is that in general they tend to focus their efforts on a particular disease or a particular class. The organization has a whole array of registries in essence, to find on the basis of particular rare diseases.
There is generally a collection of data on individuals from multiple sources. This again differs from some of our other information systems. Although we have heard about some passive systems, in general you are more likely to find an active ascertainment component to a registry than you might find in some of the other types of systems that we operate. As I said, I think one of the major distinguishing characteristics is that there is follow-up investigation and data collection in some form.
Finally, they are expensive. Of all the different types of health information systems that we support, these tend to be the most expensive. That is, I think, one of the answers why we didn't have SEER programs in all of the states when we were first establishing those. They are very expensive.
CDC currently supports registries efforts in several areas: immunization registries, which I'll spend a little bit more time on; the cancer registries that you heard alluded to; birth defects registries; and environmental exposure registries.
What is important to realize as I talk about the federal perspective is that there are federal-state relations in public health, and they very much define in many ways, how we relate to our partners. In general, the actual operation and maintain of registries is a local function, and it is appropriate that the folks who are here, are the folks who are actually running these registries, because they know best.
Protection of public health is a devolved function. Despite interest on certain parties to provide for federal guarantees, it is very much a devolved state and local function. Because of that, state and local agencies or other groups working with those parties tend to assume primary responsibility for the operation of these registries.
That provides the context for what tends to be our role, the federal role, the CDC role in registries: one is financial support, and we do provide a fair amount of resources in a number of areas; technical assistance; model legislation.
The concept behind model legislation is, as we have seen, legislation very much impacts on the design, the operation, the continuation of a particular registry. Model legislation is very attractive from our perspective, because it provides an opportunity to standardize across states, which in turn provides benefits to us who wish to aggregate at the national level, or look at comparisons across states.
We deal with issues of data standardization and quality control, and as I mentioned, we tend to look for aggregation at the regional and national level.
I'm going to briefly describe immunization registries, and they are actually a fascinating problem. I think they will provide an interesting counterpoint to some of the registries that have been described here today. First of all, why did we begin to support the creation of immunization registries? Well, first of all, we had an effective tool at hand. Vaccines are effective. They prevent disease.
Even better, vaccines save money, which is very nice in this day and age. For a one dollar cost of a measles-mumps-rubella vaccine results in $21 in future societal costs.
Finally, we detected a problem. In the late 1980s, we had an upsurge in measles, despite what some of criticized as complacency within the public health community, that most of these vaccine-preventable diseases are really going to go away. Well, measles went up. We had over 50,000 cases, 11,000 hospitalizations, and 130 deaths.
Why did this happen? What is fascinating is that we found that kids weren't being vaccinated. Well, that makes sense, but we also found out the reason they weren't being vaccinated is because of a lack of information. We did not know the status of kids coverage, and why is that?
First of all, providers tended to overestimate coverage. Many, many studies were done where you go into a doctor's office and you say, Dr. Gellman, what is your coverage rate? Dr. Gellman will say, well, 90 percent, of course. Then we do record review, and it's closer to 40 percent. So there is a natural overestimation.
Secondly, there are multiple providers, particularly among the groups who tend to be the ones who are perhaps socio-economically disadvantaged, don't have primary care physicians, a provider who is caring for one child, who sort of passes that child on, and doesn't take responsibility for insuring that vaccine coverage is complete.
The parents don't know the immunization status generally speaking. Providers don't remind when delinquent. As George was saying, you get reminders from your veterinarian that you need to get the rabies shot done every year, but in general providers don't send out reminders.
Finally, there are missed opportunities. An encounter with the health care system may be created on the basis of a need to treat a respiratory infection or a cut or something like that, and it's a missed opportunity.
So the purpose of the registries that we support and developed was to provide information. We knew that they worked. We knew from evaluation research that local evaluations of reminder systems, record consolidations, smart algorithms, meaning that the system is somehow telling you to vaccinate at this time with this particular vaccine, they were effective.
We undertook an effort to create immunization registries, keeping in mind this federal-state relationship in which we don't have statutory authority at the state level. This is a state function.
The basic idea behind an immunization registry is that -- and this is where things vary much across the states; it's an it depends kind of answer to most of your questions about what really goes on. Basically, you enroll a birth cohort in some fashion. Which means that as children are born, perhaps their electronic birth record is created, that somehow gets hooked into the registry that is being maintained.
The doctor gives the shots. You submit that information to the registry. There is some sort of merging function, and some sort of effort to basically get rid of duplicate records. Then this record is put into this database. These databases tend, at this point, because we are still in the early stages, to be somewhat unevenly distributed, primarily concentrated in the public sector, and mostly at the local level.
Given that you have got a child who is enrolled in this registry, you've got a registry that is operating, you've got a doctor who has somehow been enrolled in this system and can be authenticated, then when the child comes in for a visit, the doctor can query the database, and identify whether or not a shot is needed, and so on.
So it is a wonderful solution to a basic problem of lack of knowledge. If you want the grand vision of all of this, you will see physicians across America sitting in their offices at a computer terminal, and dialing into the database and seeing what the status is, getting the information, and then performing the appropriate action.
In reality, we are still very much in the formative stage, because there are so many different issues, and because states tend to do things differently. That is where the people in the national immunization program I think have done a laudable job of trying to provide some standardization and some technical support.
Just to give you sort of a laundry list of what some of the current issue are -- consent. In some states it is required to divulge information about immunization status. In some states there is a 60 day window for which consent is valid, beyond which it has to be renewed. In some states submitting information to a registry does not require the consent of the patient. In others it requires informed consent. So there is no standard way in which these things are being approached.
Concerns about liability. George was saying that in his state the doctors insisted that information about adverse reactions or potential adverse allergic reactions be included the database, even though from the CDC perspective, that is not one of our core elements.
The extent of disclosure -- traditionally we have disclosed information to schools on a need to know basis, as a means of insuring that levels are maintained, and even as a control measure. What if you have got two separated parents and there is a custody suit involved? Address is some of the information that is collected as a means of identifying these kids. So how much disclosure can you make, and under what circumstances?
How do you get included in this database? Do you automatically get included? Are you asked for your consent, or are you provided the opportunity to opt out? All of those different approaches have been taken.
Then finally, even though I think this is an incredibly important effort to improve vaccine levels in this country, it has been primarily focused in the public sector thus far. Getting into the private sector represents an incredible barrier to us for a variety of reasons.
MR. GELLMAN: Before you go on, what do you mean by getting into the private sector?
DR. WETTERHALL: Enlisting their ongoing involvement.
MR. GELLMAN: You mean have them run the registries?
DR. WETTERHALL: Have them sign up. Have them submit records. Again, it's no guarantee, just because it's against the law that they don't, that they are not going to. It's very parallel to the reportable disease situation.
Let me just close by sort of saying what I think is different about immunization registries compared with the other registries that we have heard about today. There are two things. One is, it has got a much greater emphasis on immediate treatment, as opposed to say a cancer registry, where you are certainly interested in long-term survival or occasionally you may be interested in the effect of certain treatments. In general, that sort of registry, as opposed to an immunization registry is not one which is designed to basically serve as an adjunct tool for insuring that treatment takes place.
The second is time or cycle length. In a lot of these registries, and in fact in nearly all that we heard about today, with perhaps the exception of drug exposure registries, we are talking about chronic diseases. Because of that, there is sort of an inherent longer time phase.
With immunizations you are looking at two, four, six months. Every two months you are cycling with the provider. Because of that, you need to have a very robust system that can provide that information on that information cycle, otherwise that thing isn't working the way it is supposed to.
That leads to what I think is potentially one of the more difficult challenges that immunization registries face compared with others, is that by definition you need to have nearly universal provider access for it to be worthwhile. That has certain implications for how does one go about authenticating.
Then the last thing that is even more challenging is that if these things are going to work as we hope they will, you need to be able to come up with a mechanism for actually having that information shared across state lines in real time, or at least in real immunization time.
So to me it's a fascinating endeavor. I think the folks in NIP, Susan and others, have done a lot with this, but it is also a very challenging area that brings up a lot of issues.
MR. GELLMAN: Thank you. Thank everybody. Everybody's presentation was very interesting. I am tempted to say I think we got a good mix of different kinds of registries for different kinds of purposes, but since we don't have denominator -- a word I've learned to use -- I can't say that, but I still think we got a pretty good mix.
I want to bring up registry issues in a more formal way, but I want to start out with a sort of different issue just for a short discussion at least. It is the one that George brought up this morning about this notion of group privacy. This is an issue -- we don't even know what privacy means with respect to individuals, but of late, and particularly this has come up in the genetics context, but the geographic one is another one where it may have just as much as power.
I just want to see if anyone has any views on this. Is group privacy a concern? Is this a legitimate concern? How do we deal with it? What does anyone have to say about it?
MS. REGAN: It may even be as you were saying before, that things get more and more complicated. We have tended to view in the medical area, confidentiality and privacy as being very much individual-based. That an individual could give consent to something, and the doctor and the patient have a certain area of protected communication.
It turns out that that individual is not really an isolated individual, but is connected in lots of biological ways with other individuals with whom he or she is related, or near whom he or she lives or works. So I don't know what the answer to it is, but I think that there is a question of certainly of group or community interests here that are somewhat different than public health interests I think.
I guess that's another piece of it. It's not the safety that you are concerned as much about, but you are concerned with establishing a boundary, if necessary, for certain people who share certain things in common.
DR. HARDING: I didn't understand your question. Are you talking about gene pool groups, or groups of people with diabetes, or living in a certain county or something?
MR. GELLMAN: Well, I'm not sure what I mean. It could be all of those things, but a couple of examples. If you know something about my genetic make-up, you may know something about my family. That may be the group. We are all members of all kinds of groups, and we don't know. You are in a group at work. You are in a group in your health plan. Geographically there is a high incidence of cancer in this neighborhood, or an ethnic group. Fifty percent of Ashkenazi Jews have this gene. What are the consequences?
DR. HARDING: So if I'm your brother, by you giving consent to something, you messing with my consent?
MR. GELLMAN: Right, that is all part of it. What are the consequences if we are identical twins with Huntington's in the family, and I go get tested? I have just told something about you. Can I do that? Am I under some obligation? I'm not even sure this is a privacy issue per se. I don't know what kind of an issue it is. I don't know what label to put on it. A lot of times things are called privacy when we're upset about something, but we don't quite know what it is. That works, because we don't quite know what privacy is either.
MS. REGAN: It's important when you are talking about access to records, because clearly it means if you have access to your records, you know something about somebody else. In that sense, it clearly falls under this rubric.
MR. GELLMAN: It also has to do with not just access to records, but disclosure. If I stand up and say I have this gene, I'm telling something about other people in my family, other people in my ethnic group, perhaps; potentially anyway.
DR. WETTERHALL: I like your comment that if we don't know quite what it is, we'll call it a privacy issue.
I don't know where to cast this issue, but it is not different in sort of quality to the regular medical record in which a family history is taken, because that does clearly obtain direct information about an ancestry, usually a parent, and that has implications for offspring; a family history of heart disease, for example.
I think where the genetic component to this situation makes it more challenging or perhaps confusing is that at least at this point in time a history of heart disease doesn't have the same sort of sway or strength of association that say knowing that a gene is shared across family members. So there is a quantitative strength of association component that I think makes it a little bit more difficult to deal with.
We have heard the people in the genetics community say, okay, sure you all share this gene, but it is not well established what that actually does in terms of conveying risk.
MR. GELLMAN: Yes, I think that's true, but there is also a different kind of risk. Rather than pick a group, I'll use Martians as an example. If someone publishes a paper that says, 20 percent of Martians, or Martians have a greater than 20 percent incidence of some disease than the general public, that gets translated into all Martians have that disease today, which isn't true, and it isn't fair, but that is what happens.
It gets back into what are the consequences for groups of certain kinds of information being published, knowing that it is going to be misconstrued? Well, one answer is we need to do a better job of explaining all of this, but even when we say that, we know it isn't going to work.
MR. LANGAN: You know, it's about to get even worse than that. The FDA mentioned new plans for the xenotransplantation registry, which presents a new set of risk concerns. The debate that is emerging over xenotransplantation very much involves informed consent by the individual. Typically, when you enroll in a clinical trial, you basically talk to the patient who is going to be either taking a drug or a procedure, and that is who you obtain informed consent from.
The debate that is popping up now is if an individual is a recipient of xenotransplantation, and there is perhaps a remote risk of some sort of infectious disease accompanying that transplanted organ from another species, do you also need to obtain informed consent from the individual's wife, or the individual's husband, or anyone else living in that household who may come into contact with that individual? That is one of the things FDA is grappling with right now.
MR. GELLMAN: Thank you for making life more complicated.
DR. ROHT: Another side of this is if someone signs informed consent, but they are really a proxy for the individual. So for instance you had a child who really is not of age or comprehension to understand what it means to participate in the study, but a parent gives consent, what happens when that child reaches age 21, and all the sudden discovers that they have been part of clinical study, and may wish to get involved in things that the parents were really not informed about, or knew about?
MR. LANGAN: The mental health community has been grappling with that as well. When you have someone with a mental illness of some kind, where is the proxy? Do you go to the parent or next of kin?
MR. GELLMAN: Don?
DR. DETMER: It's not quite on this, so if you want to continue --
MR. GELLMAN: Go ahead.
DR. DETMER: I want to pick up on something Scott said, because I think it is increasing just a gigantic challenge to our culture, our whole society. That is the point you made about how we are frankly underachieving in health care relative to quality. You talked about the point that we do know that immunization works. We do know we ought to do better. We essentially underoptimize for a jillion different reasons.
Sometimes it is data, but often it is not data. We are talking about trying to move from an era of I would say let the good times roll, to evidence-based medicine and accountability. Now if we in fact move toward that, where you indeed do know what works, and you do know what's achievable, and if you do it a certain way and it works. Where does this play out?
Lucien Leps(?) research shows that roughly the equivalent of a jumbo jet crashes every day in this country from hospital-induced deaths that are avoidable. That is one piece of data. Bob Brooks has got research longer than my arm in refereed journals similarly, and other folks.
The interesting thing is that all of this variation -- in fact, the variation is so huge, that in fact I would say the best experts on the quality side say that we cannot really allow simply hospitals in and of themselves to do their own quality assurance, and say that if they improve the quality in their own place, that is enough. The variation is to huge, that if they use their own standard in their own place, they still could improve it dramatically and be lousy.
The interesting deal is as I see it, as you talk about report cards, and this is consumer satisfaction data, not just clinicians' measured kinds of data, increasingly you would like to have something. We spent a trillion dollars a year in this country on health care. If you look at most of the major indicators of globally measured health in developed nations, we are down in the middle of the pack at best.
So we really willing to talk about excellent care, but we certainly don't achieve it at a population level, and we don't even drive to achieve it at a population level. That involves data, but it also involves I think a lot more than just data. It is really a commitment to in fact health, and a commitment to trying to do something about it.
Now a lot of that is going to require information. It is going to require information that is public as well. It is going to require a lot of public education for the public to care about this as actually something that they could have, that right now if you look at it, they don't necessarily move in that direction. It is very interesting.
The other issue in all this, you were talking about transplantation. If you come into UVA Hospital right now and have your liver transplanted, somewhere around 160-180 people see your records. That is not a lot of privacy, but replacing your liver is a big thing. It's not a toenail clipping.
The point I'm getting at is that these tensions in there are really pretty profound. I think the thing that frustrates me about this is if we talk about quality and life as we have known, as opposed to health care as it could be, if we use these data we've got, and really try to in fact accomplish that, we are going to in fact have a lot more data moving around.
I guess the question really is -- this committee as a full committee is seeking to decide how it should weigh in on the quality dimension. Clearly it has been part of the history. In fact, how tough we choose to get on this debate and discussion.
I think the point is that there is no question these registries as we have known them, have been very useful. We definitely have not put in place the processes that then drive to what we know in fact will actually work. I think that if we are going to do that, it will in fact involve more information probably being more public.
There is a major public education issue in all this, as well, I mean really major. I don't know quite how we come to grips with it. I guess I just wanted to try to echo -- because we have found the same thing. We have set up a regional immunization base program around Charlottesville. It has sort of worked.
It has worked certainly a lot better than where we had ever been before, but just to get through the politics of getting folks together to even share the data, and even use what we know are actually agreed upon scientifically-based protocols, and put that on the screen up front, as opposed to available on demand sort of thing, it was just an incredible amount of work to go through all of that.
At any rate, I just couldn't let that pass, because I think what we have talked about is quality data and registries. We haven't seen anything yet if we really did want to have a first rate quality health care system in this country, which is achievable. I'm absolutely, totally convinced of that.
MR. GELLMAN: Well, let me make a comment about that. I don't want to disagree, but I just want to make a balancing comment. I think a lot of this in the health area is very compelling. I haven't heard anybody talk about anything that they are doing here that I am offended by from a privacy perspective.
I may want to quibble around the edges here and there, but the same thing with the immunization stuff. You raised a lot of questions, but if you could achieve what you are trying to achieve, there is no question that it is valuable, it is worth doing, and it probably overcomes -- but, I can look in other areas, not health related, where we have had the same sort of thing, and the solution to problems is we need a database.
That's what they said with welfare. All we have to do is use social security numbers for welfare, and we can eliminate all the fraud. Well, guess what? They used social security numbers, and they have just as much fraud as they did before.
The same thing with skipped fathers. We need new databases, new programs, new whatever, and it doesn't work. Their collections aren't really that far up, and we end up with this legacy database that all the sudden everybody comes along and says wow, we need to use it for 47 other purposes that may not be so great.
Debt collection -- there are other examples of this -- federal debt collection activities have been going on since 1982. All we have to do is X, Y and Z, and we're going to collect all those debts. Well, you look around, we have done all of these things. We have made all of these information interconnections, and there is just as much debt out there owed to the federal government as there always was.
So one of the questions that I think is relevant, and it's not like this isn't something that you won't agree with I don't think, is will it work? If we're going to create this thing, are we going to get out of it what we expect to get out of it? Do we have a realistic reason to think that it will work, and that it won't have a lot of extraneous deleterious effects? Those are questions, those are not conclusions, and I think those have to be asked.
Nelson?
DR. WETTERHALL: Can I just respond real quick? I think those are excellent examples about databases that failed to achieve their objectives. There are legion examples in public health as well. There is clearly a tendency, a knee jerk reaction that I have seen across all levels of public health that, face a problem? Let's set up a surveillance system or a registry, or some sort of health information system.
It is a natural sort of reaction, and it's one that I very much guard against. When faced with those sorts of proposals, I always ask that we step back, decide, discuss, agree upon what it is we are trying to achieve, what sort of information can we collect?
I have lectured to the Emery students for years about establishing surveillance systems. One of the overriding communications objectives that I try to convey to them is how little information can you get away? That's the sort of tenet you really have to live by.
MR. BERRY: We're slave to the data. The commitment to the quality data is not there. The commitment is to quality of care. We are basing decisions and economic and clinical studies on data. The commitment to quality data now, are you surveilling the data? No, you are surveilling the process.
It's like Janlori was talking about going to Mississippi and looking for hospital access for minorities. Well, if they go down there and give them a bad report, every time that somebody goes into the ER, they are going to put an X mark on the claim that they were a minority. The problem is over.
So the commitment has got to be with the data if we are going to live with the data, not just with looking over the doctors or the nurses or whatever it is. It's the second comment that Michael made.
I'm in the federal side of the house, but the private sector here ought to be scared to death when he says, these data go somewhere. They are not going into the belly of whale. Now someone has got it. Now what are they doing with it? It is a little bit scary to me, and I would be if someone in the federal sector said that that data is going somewhere, and we don't know what it is doing with it.
DR. SCHWARTZ: I guess I would be afraid too about that, but the biggest fear is what Dr. Detmer referred to, and essentially is the lack of translating what we know works into practice. That's the biggest fear, that this information won't be used, and that there isn't a commitment to use that.
I don't think anyone is suggesting that necessarily need another registry or another database, but maybe some information and educational programs might go a long way to enhance that. That's a little different than the other scenario.
DR. PANNY: I hang around with the guys at the CDC a lot in the new birth defects prevention network. That is basically an association of state birth defects surveillance systems. Every time we have a meeting they trot me out to show how I actually use the data that I collect. I show them how I plot out where my patients are, and I move clinics around to make everything more convenient for the patient.
I make sure that I have the kinds of clinics I need in the areas that I need them, and show them our customer preference surveys or whatever, so we can be sure that the kind of clinic we are running is running on user friend lines.
I show them how I use one database to reinforce another and validate the fields in that data, and that I am able to move money around. I see that I don't need any money for this, and I have a global budget, so that means that I can spend a little bit of money if I don't need it over here, over here, and improve services, and all this sort of stuff.
The reason they ask me to do that, and the reason it is me all the time is because not that there is anything good about me, but that a lot of people are sitting there like this. They are so paralyzed with the realization that their data is not 100 percent academically perfect, that they are afraid to do anything.
The reason that I'm the example of somebody who actually does something, whether you think that's good or bad, is because I am the queen of quick and dirty. That is you pretty much have an idea of what the most important pieces of data that you need are. When you have that, and you have some idea of how good your data is, and how far you can push conclusions on the basis of what data you have, and you don't push it any further, you can really get a lot done, even though stuff is not 100 percent academically perfect.
The last thing I would ever say about any database I have ever run is that it's academically perfect. It is not, so that there is a dynamic tension between getting enough information, and getting the perfect information. There is a dynamic tension between data quality and the manageableness of your data system.
So what you really need to know is not that my ascertainment is 100 percent of cases. I need to know my ascertainment is approximately 80 percent of cases, and that the 80 percent I'm getting are really representative of the population, and I can make my decisions about what to do on the basis of that.
Don't think that doesn't mean that I'm not constantly working to try and improve data quality, and to use every new database I find out that might have data that would help me validate the data that I have in fields of very useful databases. Don't think I'm saying dirty data is okay. I'm just saying that even quite dirty data can be quite useful if you know how good and how bad it is, and you are actually willing to do something with it.
DR. DETMER: I've given my little sermonette, but I think you said it better. I guess what I'm saying and what I'm hearing is you are seeing the data as a means to ends. It is a penchant to action for ends that are in fact measurable hopefully, but even then give you a good chance that they are going to be measurable in improving things.
Mark Twain defined human beings as creatures made at the end of the week when God was tired. I don't know how well we can ultimately go on this. I just guess what I'm saying is that I think we are suboptimizing beyond what we now know. We have bitten the apple. We do have a much better sense of already, what we could be doing. It's just a sort of statement, I wish we could leverage more to action than essentially measurement.
DR. ANDREWS: A couple of comments. First, thank you, Nelson for raising this issue to follow-up on Michael's earlier comment, which I think might have left a misperception. You were talking about expanded access programs, treatment INDs that companies may contract to third party groups like contract research groups.
Whenever a company contracts with a third party to conduct its business, it requires that that third party operate under the same very strict, highly regulated standards that the company does. The company will audit the contract research group as well. All of the procedures to get the data back within the company, protect it, archive it, anonymize it, whatever, are still retained.
I would not the perception to be that these data are just going out there for some third party to release willy-nilly to anybody that wants it. The company has very, very tight requirements, obligations, and their own moral standards to uphold.
MR. GELLMAN: We're going to hear from Michael and Latanya, and then we are going to take a break.
MR. LANGAN: Well, I think generally in this debate one thing that I wanted to follow-up on, everyone here at the table for the most part we've heard from today and yesterday even have obvious needs for information, for exchange of information, and for creating and maintaining databases or registries or all of these files.
Most of these are for all good purposes, whether it is drug development, or immunization practices, or epidemiological studies, or helping patients directly, we all have these very good, noble causes, mostly to promote the public health, to promote the health of the individual. It doesn't matter if we are for-profit, not-for-profit, whatever.
What I'm concerned about is we haven't heard, and I don't know that this committee is ever really going to hear from the other side. That is the bad players, or those who use the same information, the same databases to really do bad things. I don't know that you can necessarily get those people to the table to explain that.
Clearly, information has been used to hurt people. We have seen people lose access to health insurance. We have seen people lose their jobs, or maybe it's just they don't get promoted, or they get pushed down a little bit. What about when we hear cases of a young African American couple that is secretly tested for sickle cell disease without their knowledge, and then their employer has that information, can use that to deny them a promotion or to make sure that they are no longer a liability to that company in the future, should they have children?
I think that those are some of the stories that we haven't really heard. It would be great if we had some sort of anti-discrimination law that could truly be enforced to keep those wrong things from occurring, but in the absence of a lot of that, we do have to look at responsible maintaining of this information so that people aren't hurt, and that this information doesn't get into the hands of people who are going to misuse the information.
I think that it is perhaps just going to take the day that some politician, some lawmaker, someone in a high public office is personally affected. As soon as that happens, we are going to have some law come down.
MR. GELLMAN: It has already happened, and it's not enough.
MS. SWEENEY: I want to thank everyone, because it's really been quite informative for me. I have about four major categories of observations I would like to make, and then get your response to some of them.
First of all, I would say that certainly from my standpoint, from a computer science standpoint, I just see these as collections of person-specific information. There is no real difference between the databases that we talked about today, the registries, an e-mail list, or even a volunteer list, because in terms of the disclosure issues and the collection issues, there is a difference of quality in what data is available, and what it may be used for, but the issues here with respect to disclosure still have to with it's a collection of person-specific information.
Yesterday we talked on the issue of identifiability. That led to a lot of discussion about disclosure of data. A lot of the discussion today is a lot centered on how do I control linking in the same environment. These are two very related issues. The issues from yesterday coming into today, I just want to make sure we keep it all straight to some extent from my perspective anyway, so I would make some observations.
In the disclosure of data, there is certainly public use disclosure, and there is certainly the notion that I can disclose the data fully identified. Everything in between is a total scale that goes from one to the other. If I give you public use data, then I have already said it is anonymous. It is met some standard by which I now say it is anonymous. If it is fully identified, it means you have perhaps another disclosure standard.
There is a full spectrum in between. Now we can give metrics as to how sensitive that data is so that you know sort of where you want the guidelines and policies or review board or contracts -- I don't know how that would be monitored. Certainly there has to be some relationship that negotiates the further I move towards identifiability, the more account the recipient needs to be for that.
I want to get rid of the idea that somehow it takes Latanya Sweeney to do this linking. There is a $200 program called Automatch. Clearly while I worked in isolation, it turns out that the best linkers in the world actually work at the Census Bureau and work at IRS, and second to that, work for your credit card company. These people are excellent. They do probablistic linking. They have been doing it for a long time.
What my techniques were about is understanding linking so that I could make it not happen. All of the discussion yesterday is about tools that I can control how much you can link. That is the key to anonymity protection in today's technology, is you have to be able to control the linking.
The discussion today is very much rooted in, but there are some good things that come from linking. That's right, there are a lot of good things that come from linking, and we've heard some very good examples from them. The issue is we have to talk about how are we going to make the linking happen? We don't want linking to happen on public use files.
In general, if it is person-specific medical information, if you leave enough that they can link on the person, it is probably done wrong. Something bad is going to happen.
Where you want linking is at a different level. When a registry is set up, or a collection of information is set up, and as Scott said, it's for a particular purpose, and if for that purpose they need to link in order to get more information and so forth, that has to be done. I don't like the notion that was talked about earlier where every state registry can link with each other to figure out who is there.
In some sense it's an N-square problem. It means I have created a mess. One state has got to get 49 other states' data to start the linking with and so forth. Data is flying around like crazy. It's a bad idea. You want to keep identifiable data as close to home as possible, so that you are the only one who ever touched it, or you have limited the number of people who have touched it.
So there are a lot of models about how it is that I have a trusted authority. I don't know whether that would be a CDC or some other party to pay on the setting, but there certainly has to be a trusted authority by which they take the data in, they link it, and what they give to the recipient can be fully anonymous, but with the right detail of information.
Suppose an epidemiologist wants to do something, but needs to link across two very sensitive databases? You may make arrangements for the databases to go to a third party, who links them together and produces an anonymous database to the researcher, that is incredibly useful to the researcher, but never did the researcher have to get at the identifiable, sensitive information, nor was the researcher in a position where they had to work with public use files or something like that, or negotiate identifiable information the other way. These are the kinds of techniques I think you have to think about and sort of set up.
The last observation I would like to talk about is basically looking ahead in a five year window. In some sense, many of these issues that we talked about today, if you just think back five years ago, what you were talking about. It wasn't this, but the heart of many of these systems were in place then.
Let's think ahead about where this is all going to go five years from now if we don't do anything in a sense. Well, certainly one view is that if we don't do anything, I would suspect a tremendous proliferation in the number of registries as they have been looked at today; just tremendous.
In one sense the reason for it is because it's so easy and cheap to do. Five years ago it's not clear -- it's cheap in the sense that before you couldn't get a computer to hold it, because in 1981, before personal computers, you had to have a mini-computer or a mainframe in order just to play the database game. They had to be kept in rooms whose temperatures were controlled and so forth.
You couldn't buy a piece of software that just ran out of the box. You had to hire a programmer to figure out how to turn the thing on. So the ante for playing the game was very, very high.
I just bought a computer that had a one gig hard drive for virtually no money. The equivalent of that five years ago, well, five years ago very few people had a one gig drive. In fact, most people wouldn't even know that after meg came gig. So the rules of the game have changed a lot, because in fact in that way it's easy to start these things.
I have an early form of Siliac(?) for example. John Hopkins runs a tremendous set of specialized e-mail lists, and I belong to this list. Well, in a sense anyone they give that list to has given out some personal information about myself.
We talked about 12 free 800 numbers. I remember the first time I heard about the anonymous HIV test. You go to the pharmacy -- I don't know anything about the company; I'm not making any statement. The idea is you go to the pharmacy, you buy this box. You do something or another, and you send it off to the company. You call in with an 800 number. You tell them I sent in sample blah, blah, blah, and they tell you your result.
On the box it says it's an 800 number. Well, actually somebody has to pay for the 800 number. They do. That means when you pay for a long distance call, it's just like you do on your regular phone bill. You see where the call was coming from and the duration of the call and when it came in.
Now if you're sitting there in the company, you know the phone number of the person, and you know the result of the HIV test. All it takes is a phone directory, or you can buy a phone directory for everyone in the United States and Canada, or the companies in Canada anyway for about $50 at the local computer store. They will do it for free on the Web, on the Internet. You could really re-identify at least the household in which the call came from, if it came from a household.
Now I tell you that the 800 number list is worth a lot more than that company ever made on selling those kits. So these collections of information take on lots of forms as we go through forms. They take on lots of forms, because it is the information, it's the knowledge about the people, it's being able to pinpoint the individuals that is very sensitive. So the kinds of systems that you set up here today are very important.
The last of these observations I want to make is on the immunization registry. Now I think in some sense the vision of the immunization registry, the fears of the -- everything comes together for everyone I think in the immunization registry. It's the one place that everyone can find a piece of it.
My own personal experiences with the database schemas of the immunizations registries have scared the heck out of me, because they look like a full medical record. I have never understood why it is in those early -- these were the early forms, and I have been praying that they will follow what you say, and that is the least amount of data.
Some of the schemas I saw -- I can tell you the states, but maybe we should say that off-line -- also gave information about the child's mother, father, and I think even grandparents. It went into a tremendous amount of detail that I think anyone in this room would be quite concerned about in terms of how much information was being asked that went far beyond what I would think of as an immunization database. One that would say which immunizations did I have, and what date did I have them.
Also the access issues. You know it is a very different thing for a database to exist, and I have to come and ask for the data, and then we can talk about do you get it anonymous, do you get you it identifiable, do you get it somewhere in between.
If every doctor's office has a computer on it, and that doctor can access it, then that means that first of all that they can make copies of information and retain it locally. That means that I don't know that when they are accessing it for other purposes, since it has so much other data in it, in those cases where it has more data. In other words, are they doing bigger research issues than just the immunization question, just at that one encounter, or is it even other purposes?
None of these are things that can't be addressed, but they do need to be addressed in a more coherent fashion. It is not that no one wants the registry. Maybe there are people who do; I don't know. That's not my issue. My issue is that we really have to not be blinded either by maintaining privacy on one end, that some people are, and we, at the same time, can't be blinded by the promise of technology.
We really have to look at the goods and the bads, and really make the right decisions, and it's not an either or. It really doesn't. You just choose proper places to link and things like that, and I think that society benefits.
MR. GELLMAN: Thank you. We return at 3:15 p.m.
[Brief recess.]
MR. GELLMAN: Let's true and kind of go back to the beginning in a way. I want to go back and start at least slightly with the legislation that has been proposed. All of the bills, no matter what they are, no matter what their point of view is, all of the bills that have been proposed to regulate health privacy with respect to the flow of data to registries.
We don't know what a registry is. None of the bills use that term, but they all affect the flow of data to somebody, and every one is in a different way. It is likely, depending on how you pick apart each particular proposal, it might -- some of the things wouldn't be affected at all, simply because you have patient consent and it is not clear for example that what NORD does would be regulated by any of the bills. That is neither good nor bad, that is just a description.
Other functions, the information is actually coming out of the health care system in some way, so they would be affected. How they would be affected probably depends on the type of the registry. It probably depends on the type of the organization carrying out this function, whether we decide that they are a researcher or a public health agency, or a management operation, or what have you.
Of course none of these categories probably make that much sense, because we can't distinguish one function from another, because they are all on a continuum, and the continuum probably isn't all that wide in scope.
So it is possible, under some of these approaches that have been proposed, that we cut out virtually identical registries that are subject to different rules, either on how information comes in, or how it goes out. Which is by the way, true under all the legislative proposals for lots of functions. We have different rules for how information goes out, what can be done with it, even though a lot of the functions are basically the same.
The distinctions may be based on sort of extraneous factors that don't directly relate to the function of the registry, but other things. There may be some responsibility in some cases for using patient consent.
I want to go back to sort of the first question in a way, and that is what is registry, and more importantly, does it matter what a registry is? Is that something that we need to deal with? In discussing this issue with John Fanning, John's answer -- tell me if I'm putting too many words in your mouth -- is that it probably doesn't matter. For good or evil, we have divided the world up into research and public health and other functions, and that maybe we just ought to live under that, without trying to come at registries as a separate entity.
I'm not sure I'm entirely comfortable with that, but I think that is a good question to discuss. What does everybody think? I'm not trying to parse specific bills, but just this general question of if we are regulating the flow of health information, on what basis, on what grounds, on what general standard are we going to regulate the flow of information into and out of health registries?
DR. ROHT: I like what Scott said earlier, and just to build on that, we use registry information for a particular purpose. If the purpose is to answer a scientific question, it doesn't matter a whit whether it is a registry or whether it is a Medicaid database, or any other source. It has to answer the question.
For us, the relevant information, does this particular database, whether it is a registry, Medicaid, HCFA, whatever, does it contain what we need to answer the question?
MR. GELLMAN: Again, in general terms that makes a lot of sense, but let's break it down. There are at least two sort of choke points if you will. One is, how do you get access to the data? Somebody else has the data that you want. How do you get access to it? Everyone here has talked about people coming up and saying, I want to use your data. Some people you say yes, and some people you say no.
Well, that's going to happen to you, so you want to be one of the people when you knock on someone else's door, you are entitled to the data. How do I know that you're a legitimate person? How do I know that you are doing scientific research? How do I know that you are doing legitimate treatment? How do I know you're not just some direct marketer coming along, saying I want to compile a mailing list of people with arthritis and sell it at ten cents a name?
DR. ROHT: In many instances we do not do the data analysis ourselves. We will contract with academic institutions, with contract research institutions that actually perform the data analysis. There are now data vendors who are proliferating from every conceivable place. People that are willing, and have access to information.
We will use protocols. This is a question we will define very carefully what the protocol is, what the research question is, and then we will develop letters of agreement, protocol agreements, contracts, or whatever. So that gives us the legitimacy of establishing what the purpose of the investigation is, not just send us a fax as to a whole bunch of people's names, and we'll do terrible things with it. We treat it as if it is a scientific question to be investigated, and it has a scientific purpose to it.
DR. SCHWARTZ: How do you determine whom to trust when you send out the data?
DR. ROHT: When we send out the data?
DR. SCHWARTZ: Yes. In other words, others are going to do the analysis, et cetera. Whom do you trust?
DR. ROHT: We are not sending data out anywhere. We are going to other people that really do have it, because a pharmaceutical company doesn't really have any -- unless you are doing primary data collection, which we will do occasionally, but for the most part we are, for epidemiologic purposes, using existing data sources.
It is based on experience in the field. We read the literature. We know who is publishing research on a particular subject. We will evaluate the quality of their research to see whether these are people that seem to know what they are doing. It is very easy when you read a variety of publications that Dr. Smith and so and so is doing. This person is just not credible. Their research is not good. They are not using the best techniques. So we will go to somebody who seems to be better informed, and doing better quality research.
Attending professional meetings; learning who is doing the research. Learning who the expertise is. We have a lot of people out in the field, what we call professional education research specialists. These people, part of their job is to maintain contacts with thought leaders in various fields of research.
So we will often contact our people in the field, and say in your area, in the Chicago area, in the Seattle area, wherever, who are the leading people in the hospitals, in the academic centers? Then through a process of iteration, we will identify who the experts are, and who the best people are to work with. Then we will develop research proposals and letters of agreement, contracts with that group. They will do the research for us, and it is truly a collaborative effort.
DR. SCHWARTZ: Thanks.
DR. WETTERHALL: Acknowledging how one crafts a data disclosure policy can be sometimes challenging, but I agree with Lewis, that there are some fairly standard criteria that can be applied in setting up that policy. I guess what I'm confused by is, okay, so I've got this registry. So I've got somebody asking me for information from my registry. How is that in any way different if it is not a registry, it is a notifiable disease surveillance system? Or it is an agent orange study that we did a few years ago?
MR. GELLMAN: I may be able to distinguish. Some of things have statutory requirements. Those are easy. If you've got a statutory disclosure requirement, and you do for your cancer registry, that is easy. The statute has answered your question. For everybody else, it is unclear.
DR. WETTERHALL: What I would say is for the most part our databases don't have those statutory disclosure requirements.
MR. GELLMAN: Right. So how do you get data becomes the question. Susan Mize's database was developed out of whole cloth some years ago. What if we had a medical privacy bill in there that said -- we don't know what the bill is, but where would you look to fit under? Would you say you're public health authority? You're not really; you're a private organization. So it's really hard to say that you would fall under the public health function.
Are you a research function? It's sort of research function on the way out. What is it on the way in? You're not providing treatment. You're not providing public health. You're not providing internal management. You're not providing quality assurance. You're not providing some kind of health care oversight.
So if I look at some of the bills, would you be wiped out by that? Where do you want to fit in, or do you want to tell me that you're not any of these things, you want to be something else?
MS. MIZE: Well, certainly a not-for-profit organization we have stated that we fit under research and education; along that line. I would be very concerned about a policy that perhaps would impact the development of this database to the extent that it would impossible to continue.
MR. GELLMAN: And I agree with that. How do we deal with this? What if somebody comes along that looks like you, and says they are like you, but they really have a marketing interest?
DR. DETMER: I'd just ask a question. We heard from the American College this morning that they have -- and you made the comment too, this is a well developed profession that sort of looks "after" this. Is that perhaps something that can be reflected? In other words, how ubiquitous are these educational programs and all of that as a possible way to try to discriminate make a buck types?
MR. GELLMAN: Well, let me dress that up slightly. What if we say a registry can only get data and use it according to -- basically, we have a relatively common set of rules that have been described here. You can only be a registry and get the data you want if the secretary says you are a registry, and you write some kind of standard. Would anyone like that?
MR. LANGAN: I think it is next to impossible to draft statutory language that is fair. That could put one type of registry or one type of information in one category, and say this is somehow excluded, or meets a requirement of exception. Then you have another set of information which could very well be the same information, it just depends on maybe you define who the holder of that information is, or how it was collected.
Still, the information is the information. It becomes very, very impossible I think, first of all to draft legislative language that is equitable in that way. Then even if it is, how is it enforced?
Another problem which really hasn't been addressed is the fact that we have been talking about exchange of information from one place to another place. We think of these things as being very separate. What we haven't really addressed is that we have an increasingly vertically integrated health care system here where there are no distinct lines between two entities.
That basically if you look at the private sector alone, you can look at a vertically integrated system, that is all gray. You have a Medco and a Merck and you've got this and that, and you've got reinsurance companies, and you've got contracts here and there. You've got big companies that have subsidiaries, smaller companies.
You've got biotechnology companies that happen to own a genetic testing company. What happens there? We have had patients who have received a genetic test, and even the same day that they receive the results of their genetic test, they happen to also be contacted by some other manufacturing company about some treatment.
That seems like it might be a problem. Is it right for say the results of a genetic test that are performed by one company, even though it may be a subsidiary of a larger manufacturing company, how do you keep that information from jumping over that dotted line?
MR. GELLMAN: Well, I can answer that generically, is you write rules. You say they can or can't do that, and hopefully they will follow the rules. If they don't, and they get caught, they go to jail, or they get fined, or they get sued. How you write those rules is sort of what we are talking about.
DR. DETMER: Clearly one potential divide, it seems to me, is do you have certain circumstances in the case of demonstrated public health and public interest, you allow in fact data to be accessible without people's permission? The point about most of these other databases, it is voluntarily disclosed. That is very key issue.
It seems to me that you are not going to be very wide on where you give that. The question is, should you ever do it? But if not, that's one possibility where you would build a set of regs off of how do you authorize that through the statute and so forth.
MR. GELLMAN: The statute says a registry is somebody who is doing good things with data, and the secretary shall write rules to tell us what this all means. Many of the proposals, including the secretary's says researchers, adequately defined and approved by IRBs, can get access to records without consent. This committee is strongly in favor of that. Everybody thinks research is a good thing, and that research access without consent is important. So I'm not trying to get away from that.
So do we just tell the secretary that she decides what all this means?
DR. ROHT: There are circumstances where reputable research organizations do not necessarily function through IRBs.
MR. GELLMAN: Well, I guess there are a couple of answers to that. One is okay. Another is maybe they have too.
DR. ROHT: Yes, maybe they have to. Right.
MR. GELLMAN: That would be a requirement. The background here is that there are proposals floating around. There is somewhat of a public demand for confidentiality legislation. The President in his speech the other night mentioned it and got a lot of applause, probably because it was one of the non-partisan things that everyone could agree with.
This has been a hot issue for a couple of years. If it goes, everyone is going to be affected by it in some way. So the question is, how do we deal with it? How do you want to be dealt with under this? Do you want to take your chances? Hope you fall under the research category, or hope you fall under the public health reporting category? Not everybody will fall under necessarily one of those things.
MR. BERRY: Everyone falls under data collection, medical health or medical records collection.
MR. GELLMAN: NORD doesn't, because they are not collecting medical data from medical records. They are collecting it from individuals. I'm not saying you need to be regulated, because you do that. People can give NORD their data, just like they can give their data to anybody else.
MR. BERRY: Yes, but it's got diagnosis. It's got physician. It's probably got dates of service. Isn't that medical data?
MR. GELLMAN: Yes, but it's not regulated medical data under any of the proposals, or most of the proposals, because I can go to The New York Times and say here are my medical records. Print them on page one, and they can do so, and no one is ever going to stop that from happening. With my consent, I can do whatever I want. So you can get data that way.
Everybody else -- except for you, I'm not sure there are any registries here that we are talking about, and some of the immunization stuff has consent on the front end.
DR. PANNY: George has a law too that says that this data must be collected for the public health.
MR. GELLMAN: I understand. I'm not talking about consent. Having a law is another way in. I think all of the proposals say if you've got a law, then you can get the data. She doesn't have a law. You do. She does. He doesn't need a law. So it's not clear that we could say if you don't have a law, you have to have consent. That doesn't work. That wipes people out that we think are doing good things.
MR. BERRY: Doesn't S-1360 address -- I think that's the number -- the consent? There is a whole bunch of stuff in there about consent?
MR. GELLMAN: There is a whole bunch of stuff about consent in every bill. None of them asked them, not in any way that anyone would like.
MR. BERRY: That was the point I was making. It's not anything anybody would want to live with.
MR. GELLMAN: There are some bills that would require incredible amounts of consent, that would effectively wipe out a lot of the disclosures, and I suspect everybody in this room would stand up and say we think those are bad proposals. I certainly would. The question is, what do you put in its place?
Let me try another way. The standards of privacy -- we all talk about privacy. We don't know what it means. The same thing is true for confidentiality. It means even less. I never like to talk about either of things. I like to talk about fair information practices. We know what fair information practices are.
There are eight principles of fair information practices, and one of the bills is titled, "The Fair Health Information Practices Act." The goal of all of the data protection activities around the world is to try and impose fair information practices, which are not absolute requirements. There are eight of them. Let's talk about a couple of them.
The question is what if some of these applied to your registries? The first principle is the principle of openness. It says you've got to tell people you maintain data. You've got to tell them what you are doing with stuff, and how it is disclosed, and how it is used. Anyone troubled by that?
DR. PANNY: Yes. I work a lot with other hats on, trying to help managed care companies do some quality assurance. We always say that the devil is in the details. We have something that sounds really good, and it means one thing to one group of people, and another thing to another group of people. It is in the details. Are the details really going to work out to be what both groups really intend?
I will say that if the devils can be in the details, the angels can be in the details too. So it is not 100 percent miserable. I worry about what you do about legitimate uses of data that I think everyone here would consider legitimate, that you haven't though about at the time you got your informed consent.
MR. GELLMAN: I understand that. I haven't got that far yet.
DR. PANNY: Well, you said to be open. Yes, you can tell people you collect data. Yes, you can tell people in general what you use it. Yes, you can tell them in general under what circumstances you will re-release the data. You can tell them that if you don't want me to do that, you've got to get in touch with me. Here is where I am. Or you've got to make sure that I know where you are all the time, or whatever.
Then there are going to be the people who say -- and there are large numbers of them, including Ellen Clayton Wright, and Tony Holtsman(?), and so on and so forth -- who say, no. You've got to be extraordinarily detailed in exactly what you tell people. You may not do anything that even differs one whisker from what it is that you told them in advance that they signed the informed consent for.
That's a very different thing. I don't do that in my newborn screening program. I say we're going to screen your kid for these disorders. This is what they are. We can treat them. Outcomes are very successful when we treat them, and we hope you'll allow us to do this. Read the brochure. Read the little thing. Tell us whether we can test your kid or not.
That is very different from telling people in excruciating detail what all these disorders are, and what the actual outcomes are, and exactly if your compliance with the dietary regimen is a kind of little bit less than in fact what is recommended. How many IQ points will your kid be down? Nobody has that data, and nobody could possibly tell them that.
MR. GELLMAN: All right, let me put it to you this way. Tony Holtsman knows how to write the bill his way. If you don't tell me how to write it another way -- that's the question. How do you write standards here?
Another principle -- these are principles generally, and the detail point is perfectly fair -- these are principles that generally are supposed to apply across the board. When this committee had hearings on health privacy stuff a year ago, we heard from everybody who all came in and said, we all care about confidentiality, and you all clearly do. It is inbred in all of you.
They all said we all think legislation is great. It is an important area. They all said, we want to be exempt, because we are really good guys. Is that the answer for people who do this stuff, that the only way you can deal with this is to be exempt?
By the way, I'll point out that every single one of these fair information practices is the law across the board in Europe. Everyone who is carrying out your functions in Europe, is complying with these laws, one presumes. So it's not impossible.
Actually, this may be a good question. I'm sure many of you have relationships with people overseas, annual meetings, whatever. Do you hear complaints from people overseas about how they can't do things because of data protection laws in Europe? Anyone heard any complaints? Any unfair restrictions? Can you not get data that you used to get because of data protection laws? Tell me about it.
DR. EDWARDS: I talked briefly about a study that was actually a clinical trial that was conducted abroad. As the inclusion of that trial the intent was to always continue to follow-up the cohort to collect long-term events. That was always the intent. We tried to move in that direction.
In addition, because it is a country that has a national health system and national health data, the other intent was to utilize some of those mechanisms to cross-link information to make sure that you have a cancer registry. So there would be data we would collect, and there would be data that we wanted to validate cancer outcomes with.
At the present time the intent to conduct a follow-on survey to assess risk information in that cohort has been put on hold, because of some concerns about us going back to recontacting the individuals, and also disclosing the extent to which we would be informing them of additional things that we want to do that is more than what we agreed to get permission for up front.
So in that sense it's just a different climate over there. I think they are just more reluctant to go back to collect information. Now is it because of the law? I don't know. I guess what I'm saying is it appears to me that the concerns that are raised at the society level that have been talked about, and because these are epidemiologic studies, there is much more concern about cross-linking data from say a clinical trial with any health information that is out there, and that includes cross-linking it with the registry to get cancer outcomes.
There are additional permissions that are being required. So there is a lot more care I think given, to get that permission for that linkage. In fact, they got permission, but they were really quite concerned that that linkage might not occur this time around, because it is more than the original consent from the individuals.
MR. FANNING: When you say permission, what do you mean? You don't mean going back to the individuals? You say you finally got permission.
DR. EDWARDS: At the start of the study they were informed to join the trial. The intent was to get the cancer outcomes through linkage with the registry. We had the IDs. It would be matched with IDs at the registry. They came back routinely for clinic visits. They were asked, have you had cancer or any other medical events? Because we wanted to validate, and we also wanted to make sure we didn't miss any events, we also were going to link it with the registry.
Once the trial has ended, and we're in a surveillance mode following the cohort, the intent to cross-link or to follow them for additional outcomes requires additional consent for them to be part of that cohort. So the permission is to continue on beyond the actual intervention of the trial, and to continue on collecting information via cross-links with the registry.
MR. FANNING: Permission -- I don't understand. Did they in fact require you to go to those people and say, may we cross-link?
DR. EDWARDS: When we started the study long ago, because it was run by their national health institute -- the study was conducted through the national health institute -- they had the vital records, the registry records. So it's my understand that there was little concern about utilizing the data from the trial and matching it with the registry data as yet another way to identify endpoints.
The consent to join the trial said we are going to study you. You will be given this pill. It's a double-blinded study. We'll be having you come back for clinics, and we will be tracking you for outcomes -- cancer. So they were not explicit about we will also get that information in addition to your clinic visits, through the cross-link.
Now there is concern that linking it with the registry, that cohort's data with identifier data, is something that has not been -- consent has not been given. So there is concern at this juncture about that linkage.
MR. GELLMAN: My advice is to sue your lawyers for malpractice because they didn't write a broad enough consent form in the first place.
DR. EDWARDS: It wouldn't have worked, because it's another country. So the rules were actually --
MR. GELLMAN: Elizabeth, your company does business in Europe. You do research in Europe. You do all this stuff. How do you function under European data protection laws?
DR. ANDREWS: Well, we are grappling with it. The industry as a whole, through an organization FPO, the European Federation of Pharmaceutical Industry Associations is coming up with a code of conduct that can be adopted by all of our member companies, hoping that if we agree to abide by this code of conduct, then there will be less scrutiny on the details of the transfer of data.
We are quite concerned, because the European Union apparently is saying that unless countries that they are transmitting data to meet their standards, then the data cannot be transferred to those countries. So that is concerning.
I guess the way that environment has affected the conduct of epidemiologic research is through missed opportunities. In the United States we are very data rich, because we have organizations like the NCHS data, the CDC. We have lots of population surveys. We have HMOs with very rich databases that can be used to look for safety signals and to monitor quality of care.
I think that the opportunities to develop such databases in Europe are there, but people are really scared. The confidentiality and data privacy concerns are one of the factors that are prohibiting the development --
MR. GELLMAN: I thought most of the European countries have centralized health care. They have centralized databases for everything.
MS. SWEENEY: First of all, most of them are working under socialized control. It makes it much easier for them. So all of our collections that we have here is autonomous. The bad thing is we have more the data quality issues, that was brought up earlier. We have the problem; they don't. Because they get all of the data, they know more and they can cross-check their data. They can validate their data. The quality of their data is better.
Of all of the epidemiologists' research I have looked at, I've seen no difference in either the number of studies or so far, quality based on availability of information from Canada -- I've looked at Canada, Italy, and the U.K. So I was a little surprised by what you said.
DR. ANDREWS: I think it is unfair to draw any conclusion about Europe as a whole, because every country is very different, and the quality of different kinds of data collection is very variable. I have done some studies in other countries.
There has been more of a concern. I agree, the potential for wonderful research is there, but there have been fears about linking across data sets which have prohibited research in some databases for example in Sweden, that have existed for years and years. So I am concerned about lost opportunities.
MS. SWEENEY: The model is just different. If I get her data and his data, and I want to link, I have to link them. If they are all the same data, they will do the linking for me and give me what I need. They give me the permissions because it is a centralized source.
It is exactly the model the Census Bureau talked about yesterday. They said if I want data from the Census Bureau, if it is too sensitive, they will do the linking themselves and then give me the results, or they will do the processing. It's just a different model.
DR. ANDREWS: The model is different in every country. We probably should take that discussion off-line, but theoretically there is a lot of opportunity.
DR. ROHT: I attended a conference last April in Europe, and it was a discussion of data privacy under the guidelines issued by the European Union. I think many people know that there is a time limit for all of the European members of EU to come up with rules, regulations, laws, guidelines, whatever to conform to the EU guidelines on data privacy.
MR. GELLMAN: It is October 24, 1998.
DR. ROHT: It is October of this year.
Now when I talked with people who had attended that conference, the term that they use is very much like what Dr. Panny mentioned before; the devil is in the details. All of these countries have to varying degrees, rules about data and data privacy.
What they are concerned about is when they try to modify these or to change them in order to conform to the EU guidelines, that they are very, very big differences between countries as to what they can do, what they want to do, what they may be able to do.
So it gets to the point that Dr. Andrews was talking about. They are probably very great differences from country to country, data quality issues, validity issues and so on and so forth. It goes back to some of the issues about data privacy that will differ from country to country.
MR. GELLMAN: Well, yes, but the purpose of the EU directive -- and I don't deny your point at all -- but the purpose of the EU directive is to harmonize the rules so that everyone has rules that may be somewhat different, but still allow the "free flow" of personal data within Europe, because every country will be presumed to be in compliance with the directive, so that the data can flow around Europe.
DR. ROHT: The point I'm making is that it is going to be more difficult than just saying, yes, we all have rules and it is going to control it.
MR. GELLMAN: I think that is absolutely fair, but it's probably also fair to say, yes, but it will be easier than in the absence of this directive, where not all of the laws can be completely different and inharmonious as it were. Anyway, it may not be all that different than the circumstances we face here, where essentially today we have 50 different state regimens.
One of the benefits of the federal law, just to make it clear if it goes this way, and this is an open question, is that it may provide more uniformity. It may actually resolve some of these questions. Not everybody has them. You just live in Maryland, so you don't have a problem with that, but you collect nationwide data.
One of the other consequences of all of this may be that if there are rules, all of the sudden people who have been giving you data, may say, we don't want to give you data anymore. We're not sure it's legal. That is what we are looking for. How do we make it legal? Everyone here says everything you are doing is good.
How do we make it continue without asking for some unreasonable -- that's my word -- exception from standards, that if I go through standards one by one, you're probably not going to quibble too much with them, at least in generalities. Say, well, we can be subject to this. We are concerned about confidentiality, but we are concerned about having security for our data. We are concerned about having limits on use and disclosure.
So how do we say it's okay for people to give you data and it's okay for you to use reasonable controls to give data to other people? That's the issue. That's the problem. Your answer is you have to find yourself protection under one of the existing categories as a health researcher, or as a public health department, or as a health oversight function or something else. That's an answer.
That's an incredibly terrible answer, but I'm not sure everybody -- I think if we had a lot more registries represented, and we went through them one by one, we have our doubts about you under this scheme. I'm not sure that will help, but it might. It all depends. If we had all the X number of registries, they may not all fit here. We look at all the registries and say, they're all good things. We all think that they are useful. How do we describe them?
How do we say, people who want to do stuff like this -- and this is the question. Do we treat them as somebody else, or do we treat them as something on their own?
DR. ROHT: It's really amazing, the diversity of databases and registries that are in existence. They go from trauma to burns, Alzheimer's disease, and 15 or 20 that we have mentioned already.
MR. BERRY: The federal people are living under the privacy act.
MR. GELLMAN: Right.
MR. BERRY: That has its own problems, but at least it is something we can hang a hat on. Like HCFA -- Dr. Laurents, who knows something about the European Union, said in his report that HCFA had pretty stringent requirements for release of identifiable data. We have the privacy act to hang our hat on. The private sector doesn't seem to have anything to hang their hat on other than state law. I don't know how Ms. Mize over here manages to comply with all the state laws nationwide in this instance.
MR. GELLMAN: Well, let me answer on her behalf, and she can tell me if I'm wrong. She doesn't know what the state laws are. She doesn't have to comply with them. She's not in all 50 states. She's only in one state.
MR. BERRY: It's because that's where the database is resident, is that correct?
MR. GELLMAN: This is one of these conflict of law questions that no one has ever really resolved. If she gets data from Washington state and she is in Maryland, does she have to comply with the Washington state law? Well, no one in Washington state ever asked that question, and she is not going to ask it, because she might not like the answer. I wouldn't ask it either.
MR. BERRY: But I have to live with Washington state law.
MR. GELLMAN: No, you don't.
MR. BERRY: Yes, I do. They don't give us social security number. It's against the state law to give out social security numbers, so I've got data from the state of Washington without the social security number. That's what the state agency says, I can't give it to you.
MR. GELLMAN: No one has to give her data either, but people do.
MS. MIZE: It's the responsibility of each individual data submitted to the MIN resides with the physician caring for that patient. So that physician then abides by the laws from the academic institution, HMO, whatever in providing the data. I can tell you that in the initial stages of development of the MIN, many people stated as reasons that they would not submit information, is based on confidentiality. They then saw frankly the usefulness of the data.
Is this database useful? Has it been misused? To the best of our knowledge, it has not been misused, but it certainly I think has helped this group of patients in terms of the number of research studies that are currently being conducted, and in obtaining grants from CDC, NIH, et cetera.
MR. FANNING: Let's not forget the old fashioned technique of getting consent. Some of these systems wouldn't work if consent were required.
MR. GELLMAN: It works in Maryland.
MS. MIZE: No, there would be a problem. I think in this day and age, the metabolic specialist is so overloaded with work, and the amount of time that needs to be spent with a patient, that if individually they had to get consent from every single patient, that they may think twice about providing that information. I throw that out. I have heard it from the scientific advisory board.
At the same time, if indeed we are requesting information from the patient and the family, in the procedures and the business processes that we have worked out for this case register, we must obtain consent.
MR. GELLMAN: What percentage of your data comes with consent? Can you answer that?
MS. MIZE: Well, we never use the information per se from the patient and/or his family. We use their indication of who the physician is caring for that patient. They have given us informed consent to contact their physician.
MR. GELLMAN: Nelson, let me follow-up with your comment about social security numbers. Are there other states where you can't get data that you need? Give me some examples.
MR. BERRY: New York AIDS data. They are the ones that jump right out at me. They are the two primary ones. In some states just choose not to give us on the Medicaid side, although in 1999, they don't have any choice under FBBA.
MR. FANNING: Can I ask a related question? Are there any instances where you get data from them, but there are restrictions on its further use? No? Either you get it or don't.
MR. BERRY: We have restrictions with regard to the voluntary program that we have. We are not supposed to use it for purposes that would be detrimental to the state. They trust us with that. We have not gotten any trouble with that.
MR. FANNING: That's your general rule anyway. One of the difficulties with the state laws is that a law may permit a disclosure, let's say for research or for some public health purpose, and say the recipient can't further disclose it. So you may have a database from all over the country with many different redisclosure restrictions based on where the information came from. That is one of the difficulties of having the law follow the data on something other than a national, or perhaps as Bob would suggest, international basis.
MR. GELLMAN: I'm not suggesting international. National is hard enough.
MR. LANGAN: You asked the question a while ago of experiences within the international community or how other countries may handle these problems. To touch on that just for a minute, we have had some very recent experiences, some in very good ways, some in very bad ways.
Two weeks ago our staff was over at a huge meeting in Paris of all of the patient organizations, the voluntary health agencies of all these European countries, who, just like the European Union, are joining together. For the first time, right now as of last year, they are forming their own sort of umbrella organization. They named it EUORDIS, which is the European Organization of Rare Diseases. They are headquartered in Paris.
What they have found is that for many, many years, several decades, each country -- and patient groups have really been pretty much cornered off into their own countries. People in Germany are worrying about the incidence of disease and what could be done in Germany, and Italy and Sweden and France and the U.K. For the first time they are coming together, and they are recognizing that there is obviously a lot of strength when they come together with their data.
They had us over there to show them our practices, and basically how we run our databases. One of things that our staff learned very quickly is they do have indeed very rich data. One of the reasons is that the individuals, the patients are very, very willing to provide that information. They are willing to give it up.
The reason they are willing to give it up is they don't have the risks that we have here. They do have, as mentioned -- most of those countries have national health insurance programs. They have the confidence that if they share this information about themselves, they will have something to fall back on. They are not going to necessarily lose their insurance. So they can see there is not the risk associated.
There is an opposite problem in a country like Iran. Iran makes it illegal for two people to have carries of the gene for thalassemia to marry. They are not allowed to. For that reason, many people in Iran do not want to know whether or not they carry a genetic mutation for thalassemia. That is a real public health issue, I would image, if your population is not taking those certain precautions. The hard core approach that has been taken of marriages are illegal I think has a lot of human rights questions.
MR. GELLMAN: To say the least. It is true, just to make a comment on the other point, that if we had universal health insurance, half of the difficult problems in confidentiality legislation would disappear. Half of them would remain, but we can't do anything about that.
Let me just keep going with some of the fair information practices. We talked about openness in terms of just telling people what you do with your data, what your practices are generally.
The second principle is that of individual participation. People have a right of access to their records and a right of correction. I'm not sure that -- I don't see anybody shaking their heads, saying that would be a terrible thing. Frankly, for probably most of the registries, no one would come along and ask, but if they did, give them what their data was. I don't see anybody screaming about that.
MR. FANNING: Well, let's just ask. Does anybody have any problem with that?
DR. DETMER: Well, I think the word "correction," --
MR. FANNING: Okay, not correction. Let's take the initial access. What do you have on me? Does anyone have any problem with that?
DR. ANDREWS: Well, it depends on who they are asking. If they are going to their basic medical provider, the source of the information, or to some other obscure database?
MR. GELLMAN: They are going to the obscure database.
DR. ANDREWS: Well, then we would have to re-identify them in order for them to know what was in there.
MR. GELLMAN: Well, if the data isn't identifiable, then this isn't a concern. Of course we don't know what identifiable data is anymore. If we are able to distinguish between identifiable and non-identifiable data, non-identifiable data under all the proposals, up until yesterday at least, we could say that that data wasn't subject to regulation, and that that could be used and disclosed, because there is no privacy concern attached to it. None of these rules would apply.
We have to assume now that we are dealing with at least -- and all registries within the sort of scope of this inquiry, may not have data that rises to some level of identifiability that we care about, in which case, no problem.
DR. PANNY: But I have this problem every day. Someone will call up and want to know test results on their child. I'm not their direct primary care doctor. I didn't take the test, but they want to know what the results are. I have to make sure that they are who they say they are. That's a different issue from whether or not I have Baby Q's record. I know darn well I have Baby Q's record. I know because it says on Baby Q's record that Baby Q has a mommy called such and a daddy called such, but how do I know that this is really Mrs. Q?
MR. GELLMAN: Okay, but that's a solvable problem.
DR. PANNY: Okay, these are all details. I think the issue is none of us so far has any problem to the gross principle, however, all of us are extremely concerned about the details of how any one of these things is implemented.
MR. GELLMAN: Okay, that's fair enough. I'm not trying to drag anybody into anything until you see the details.
MS. FYFFE: Just as a reminder, the insurance industry has a concern about how patients are told of test results. Again, the life insurers sometimes require people to get physicals. They could be a "perfectly" healthy person that has a bad test result, and the life insurers and some health insurers do not want to be in the position of giving that information directly to a patient. In the extreme, I don't know, the patient could go out and commit suicide or something.
So again, the implementation detail here is that a provider, hopefully the patient's physician, would be the one who would get the test results, and therefore interpret it for the patient, which is a little bit like what I think you are talking about.
MR. GELLMAN: Well, I quibble with that, but that's a detail. It may be important to some people. Underlying this is some pretty sharply divided policy perspectives, but that's okay. Those will have to be resolved more broadly anyway.
DR. ANDREWS: I have one other problem with that, and that is in the case of a randomized, double-blind clinical trial.
MR. GELLMAN: That is another issue that has been flagged.
DR. ANDREWS: There is an easy solution to that.
MR. GELLMAN: Well, I might dispute that, but that is a fair quibble.
The principle of collection limitation. There ought to be rules that say what is collected. There ought to be limits that information should be collected by lawful and fair means. The broad principle is information should be collected with consent whenever possible.
DR. SCHWARTZ: Susan, is that fair? Is that okay, or is it all in the implementation? I mean if it is collected fairly, you don't have any objections to that do you?
MR. GELLMAN: We don't really know what that means.
DR. SCHWARTZ: Her issue applies to this, and probably every single principle.
MR. GELLMAN: But it does for everybody. Again, these are general principles.
DR. PANNY: Tony Holtsman notwithstanding, I absolutely think that you should get consent whenever you can, but there are some times when it is really not practice, especially in retrospect.
MR. GELLMAN: I understand.
Another principle is data quality. We ought to have accurate, relevant, complete, timely information, which is exactly what you are all searching for in any event. One of the issues that kept coming through is having data of high quality. So this is something you are already concerned about. As a principle, it is not a problem. You already agree with it.
DR. HARDING: I was just trying to think of what the federal role is in some of these things. Is that one of them, to guarantee accuracy and confidence in the data?
MR. GELLMAN: Well, let me translate from the Privacy Act. The Privacy Act, which is a general privacy law that applies to all federal agencies says agencies have to maintain data with such accuracy, relevance, timeliness, and completeness as is appropriate for the purpose for which the data is collected.
There is your standard. Now what does that mean? Most of the time nobody cares. The agency makes decisions about what that means. Once in a blue moon you get litigation over this, but not very often in 25 years of experience.
It's a standard. It says you can't do anything you want. You can't ignore it. The most important thing is for the purpose for which it is collected. It is not under some absolute standard that you have to spend time and money making your data accurate and complete when no one cares anymore. It's a loose standard. It's an important one.
DR. HARDING: When we are all here, we are all feds. When a lot of us go home, we aren't feds anymore. What can the feds do to put incentives out to increase data accuracy and assure the confidence in the accuracy of it? If you can't just say in 1999, those guys have to do it.
MR. BERRY: All they have to do is produce the data. I'm not saying at a level of accuracy.
DR. HARDING: I'm just saying that I know that people will go, watch, I'll give you the data.
MR. BERRY: We're going to give it back the same way too.
DR. HARDING: Exactly. That's the issue, garbage in and garbage out. How in the world do we give incentives for privacy and data collection and all these things that we are really concerned about, and that are going to affect my children's lives tremendously? How can we give incentives instead of giving orders somehow?
MR. GELLMAN: It's a piece of cake.
DR. HARDING: Give it to me.
MR. GELLMAN: Do it my way or go to jail. There is your incentive. Do it my way or get sued. That's the good old American way.
DR. HARDING: That's the way that I can tell you in the South, we'll take care of you. You'll never know what hit you. It will be under the table, but all of the sudden you'll have garbage that you are dealing with.
MR. GELLMAN: I understand your concern at a general level, and I don't really disagree with it, but the broad principle here, in this context particularly, in this community, which is especially concerned -- and everyone in the medical treatment community is concerned with having data of sufficient quality to carry out your function.
All this says is that's a principle that you ought to comply with. It is likely not to be implemented. I don't believe it is in any proposal in any great detail. It is a standard. If someone gets caught doing something, somewhere down the stream gets caught where they did not comply with this, they could be sued for it. I don't think there are very many cases. We've got 25 years of experience under the Privacy Act at the federal level, and I don't think there are very many cases that have arisen in the medical context over these standards.
DR. HARDING: We're telling the states they all have to have a certain level, instead of giving them incentives to get there. The incentives are the proper channel in my opinion.
DR. WETTERHALL: It's not an either/or. It's like the principle is there should be good data quality, and we should try to live by that. One means may be one partner providing incentives, but heaven forbid that that becomes a federal responsible to assure data quality, because that is just a --
MR. GELLMAN: Fair enough.
MR. LANGAN: Doesn't it depend on what type of data or information we are talking about? If it's what Susan is working on, she mentioned earlier, academic standards. There is an academic standard for certain epidemiological data. If it is the safety or efficacy data of a drug, the FDA has certain standards that has to be proven by showing endpoints and that sort of thing.
One of my concerns is when we are talking about the other aspect of the delivery system, we're talking about an HMO or a health insurance company is who really says what quality assurance is? I don't know that anyone really does that.
MR. GELLMAN: Accurate, timely, relevant, and complete for the purpose for which the data is maintained. You have different standards clearly under that, for different purposes. Everyone who provides medical treatment is highly concerned about having accurate records. That may be one of the highest levels of concern, because you are making direct decisions that affect people.
If you are making other kinds of decisions, sort of bureaucratic decisions that affect the rights, benefits, or privileges of people, you are also concerned. If you are maintaining a registry that is not being used to provide treatment, that is not being used to make decisions about individuals, the statutory concern about accuracy, relevant, timeliness, and completeness is lessened, because individuals -- I may not care whether the data is accurate.
You all care whether your data is accurate. It is independent of the individual. If the data is not accurate, it is not useful to you. So in this context of registries not being used for making decisions about individuals, the concern is relatively minor. The standards of the industry, if you will, are higher than any statutory standard you could dream up.
Does that make you feel better?
DR. DETMER: I just want to ask a question at some point.
MR. GELLMAN: Go ahead, ask it.
DR. DETMER: It's not on this.
MR. GELLMAN: Ask.
DR. DETMER: What I'm curious about is obviously we don't know what the feds are going to do; what may or may not happen at the federal level. What I'm just kind of curious about is a number of you from different states, what is your sense of what your state may be doing in this general topic relative to registries, or just this whole issue of handling of medical information?
One of the things that we notice is tremendous variation across the country. The question I've got is in the void, in the absence of federal action, what do you sort of anticipate might be happening in your own backyard?
MR. GELLMAN: Jan gave us the story earlier. Is there anything lurking?
MS. PLATNER: Latanya is working on medical records and privacy legislation. The attempt here it try to have different levels of privacy that would accommodate different needs. That is in theory, fine, but the reality of trying to implement that is an agonizing struggle right now. That's what we are going through.
The piece around research and public health authorities and how those will be defined is something we are just coming to grips with right now, so stay tuned. I think that is the point, I think people are recognizing that there is privacy, but what does that mean? Trying to figure out some kind of layer of that.
DR. DETMER: Is that being driven by evidence of abuse or just an issue sort of as a philosophical development?
MS. PLATNER: I think both. I think Massachusetts is a little ahead of the curve compared to other states in terms of trying to enact comprehensive medical records privacy legislation. It's behind a lot of states with genetic legislation. That is partly what is driving it. Just this huge concern about medical privacy and privacy in general.
MR. GELLMAN: I know there are proposals floating around Massachusetts. Have any of them addressed the registry issue at all directly, indirectly?
MS. PLATNER: The first draft of this bill ignored that issue, and would have been an enormous problem. So now there are some -- in fact, the attempt to accommodate it was not a successful attempt, and we are still going through it. I think a lot of the language will change. They tried to use broad language to exempt public health authorities and research purposes, but they didn't get at the issue of the people giving the information to them.
The bill is aimed at holders of medical information, which is many, many. It talks about commercial users, and clinical users, and of course a lot of state agencies think they are neither or all or both or whatever. So that is the agony right now, is trying to do what you are talking about here. How do you decide who people are, and what it means for that group of people, and where do you fit.
MR. GELLMAN: So if we come up with an answer here, you just steal it and take it back to Massachusetts?
MS. PLATNER: Well, if you come up with a good answer, absolutely.
DR. EDWARDS: It is my understanding that Minnesota has some legislation that is out there that -- I'm not sure I know all the details, but one way I have understood it, it would restrict exchange of information across providers, meaning hospitals. As we talked to you about the consolidation of information to get the data on one cancer case, I believe that it would have an impact on that particular function of the central registry at the state level.
MR. GELLMAN: Is this the Minnesota research consent law, or is this something else?
DR. SCHWARTZ: It's referred to in The New England Journal of Medicine a couple of months ago. It is the article that Latanya cited by Melton from the Mayo Clinic. I don't remember the exact title of the state law, but I think it's that one.
MR. GELLMAN: Does anyone know, is that law affecting --
DR. SCHWARTZ: It's in effect.
MR. GELLMAN: I understand.
DR. ANDREWS: Actually, there is something in addition to that particular one. There is new legislation. Sally Bushouser(?) is the person that one needs to talk to.
MS. HORLICK: I'm Gail Horlick in the National Immunization Program. I am not specifically familiar with that law, but I have just completed a survey of the 50 states on their immunization registry legislation or legislation related to either immunization registries or the sharing of immunization information; it may not address registry.
Minnesota does have proposed legislation now that they plan to introduce I think in 1999. Their legislature only meets every other year. They had a bill and they pulled it at the last minute, because it would have required consent, and they did not want that.
Right now the law allows them to share immunization information. I don't know the exact phrasing, but it has to do with people providing direct service. So that doesn't even include the health department, which is problematic in doing the state-based registry. So they want to get around that.
I can say that what Scott mentioned earlier is that there is a tremendous amount of variability in the legislation. There are about 15 states that right now have laws specifically authorizing a registry. About half of them require reporting, and the other half allow it.
Then there are maybe half a dozen to ten states that have some form of either planned legislation, either specifically for a registry or the sharing of immunization information, or maybe just changing a rule or a reg. Maybe saying that it is not part of the medical record, which is one of the reasons for concern, because there is a feeling you can't share in many states if it is part of the medical record.
There has also been increasing concern about the need for some legal authority to share this information which has been done historically for years. Delaware is grappling with this. They have had a registry for 18 years without any laws. It has been operating fine, and now all the sudden with it being computerized, and people are saying, well, we need to get some authority for this. That happened in Texas. It happened in Virginia.
A number of states are using consent, but the written consent is still in the minority. The majority of states have implied consent, and then varying degrees of what is required of notice from none to quite specific notice. In California the notice includes basically some of the fair information practices; that you can correct your record. You don't have to get reminders. You can get out and so forth.
In some places you call an 800 number to not participate. In some places you specific sign I want in. Some laws address confidentiality and so forth.
There is also variability that in some states the information is still collected in the database, but if you want to opt out or limit access to the information, you can do that. So they still have it at the state level or at the community health department level, but if you don't want it shared with other providers, you have that option. Just to give you a flavor.
MR. GELLMAN: Thank you.
I don't think we're getting anywhere here. Let me try another approach. I don't have a bill in front of me. I thought I had it with me, but I don't. John may remember. Some of the bills for example in defining health research disclosures, they say you can disclose records to health researchers. It says for epidemiological research. You remember -- what is the secretary's proposal? She has similar language. It sets purposes. These are the purposes for which we are calling this all research -- health services research, epidemiological research, what have you.
The question is, for registries, is there enough of a common thread to the purpose of a registry that we can come up with a description of registries, and say disclosures to registries, whatever word phrase we use, whatever definition we use, are okay, and the procedures under the research thing are you either need consent or you need an IRB approval.
The problems of local versus national IRBs is something that is a broad question in legislation. It is going to have to be dealt with in some way. If I try this approach, and say we're going to try and -- research sounds like the best place. You don't all fit under public health, because you are not public health authorities. Everything isn't quite research, so trying to use the word "research" narrowly and fit everybody under that category doesn't work.
What word or words do we need? Does this approach sound like it might work if we could come up with a general enough phrase to describe these functions?
John, do you have something?
MR. FANNING: Well, I think we have heard here some are public health and some are research in the scheme of the secretary's recommendations. We say here, "A wide variety of research activities use health records by a medical, epidemiological, and health service research, and statistical activities. Likewise, research on behavioral, social, and economic factors affecting health, and the effect of health on other aspects of life may use health records."
The format of the secretary's proposal, and many of the bills is to say it must be approved by an IRB. That is the real measure. This does not propose a definition of what is research; something attempting to develop generalizable knowledge and so on. So it's sort of a procedural test.
Now things that we wanted to allow to be disclosed by providers that didn't fall into this we lumped under public health. We would permit disclosures to all kinds of people who aren't public health agencies in the narrow sense of a city public health department. We would permit disclosure for public health purposes to people who are not even governments, such as the reports by providers to device manufacturers.
I found it interesting that the FDA representative said that the adverse events reporting was considered by WHO a public health activity.
MR. GELLMAN: It sounds like it to me.
MR. FANNING: Yes, and we had come to the same conclusion here. So if you don't fit into one of those two things, if information is coming from providers, and you don't get consent, and you don't fit under one of those other categories, you had better speak up now.
MR. GELLMAN: George, you don't like this?
MR. VAN AMBURG: I didn't say I didn't like that. I think that is fine, but the definition of research becomes a problem. Who is a researcher and who is not? What is an acceptable institution that they work for, and what is not? Essentially, some of those decisions are made in the courts.
DR. WETTERHALL: They are already made in terms of common rule.
MR. GELLMAN: That's what the IRB does.
MR. VAN AMBURG: Well, not necessarily.
MR. FANNING: That covers federally sponsored research.
MR. GELLMAN: Under this, if you want to get health information, you've got to find an IRB somewhere, I don't care who you are, whether you are an agency, or getting federal funds, or you are a private company.
MR. FANNING: That's right. There are many dangers in attempting to define research. You get into First Amendment, government credentialing problems and so on if you start defining it. Actually, I think you face up to this with the state vital events reporting laws. The recent NCHS model speaks of research, and it envisions even a newspaper perhaps getting information in identifiable form.
MR. GELLMAN: Do you want to explain that?
MR. FANNING: Well, a newspaper reporter who wants to examine the state of a particular state in terms of health may want to use vital events reporting records. The intellectual process is not different from somebody who works at Johns Hopkins University.
MR. GELLMAN: Excuse me, we're talking about a reporter here?
MR. FANNING: Yes, the reporter says, look, I'm simply a fast researcher.
DR. EDWARDS: I can assure you that we provide your data to reporters.
MR. GELLMAN: Identifiable data?
DR. EDWARDS: No, we don't have identifiable data, but public use file. It's still a complex file.
MR. FANNING: One could envision it being given out in identifiable form under the proper promises. There were some very interesting articles in The New York Times about the state of obstetrical care in New York City for example, that clearly came from this kind of thing.
MR. GELLMAN: Nelson, do you have something to say on this?
MR. BERRY: Yes, we do. We have a lot of requests from the press. They want highly identifiable data. They want it immediately, and they don't want to pay a cent for it.
MR. GELLMAN: What do you do?
MR. BERRY: In some instances we have released it, and ended up being sorry for it. In others we have released data, and they have done a nice job with it.
MR. GELLMAN: Identifiable data?
MR. BERRY: Yes.
MR. GELLMAN: Freedom of Information -- I don't know anyone who thinks that any identifiable health data is disclosable under the Freedom of Information Act. Do you have a different law?
MR. BERRY: They claimed valid research, and someone bought it. We have a review panel that bought it, to the public good.
MR. VAN AMBURG: The newspaper situation is a very interesting one. In fact, in the vital records in the state of Missouri denied access to individual records to one of the newspapers in Missouri, and the courts overturned it. They had to release it.
MR. GELLMAN: This is a point that came up yesterday. A lot of state disclosure laws do not have privacy exceptions, period. So it is really hard to find a basis for withholding some of this stuff, yet I think that -- I'll just give you an example from another area.
This is something that happened a year and a half ago in Oregon. The state motor vehicle records is publicly, disclosable. Somebody went to the state and got the license plate numbers -- registrations, not licenses, but car registration. They got them on a disk and put up on the Internet and made it searchable. Everybody sat up and screamed.
This was perfectly legal. The governor called the guy and said, will you please take down the darn database? He did, and I don't know whether they changed the law or not. Now can you image if somebody took health records and did something like that with it? They would change the law overnight. They would meet in special session. No one is going to put up with that.
If stuff has gone out in some way with some kind of restrictions or controls -- I don't know what happened in Missouri. Janlori yesterday talked about this Mississippi example, and we don't know what is going to happen with that, but one can presume that they are going to start handing out identifiable health records to reporters, most of whom want Elizabeth Taylor's medical record. It's not going to last very long.
MR. BERRY: They did end up signing an agreement.
MR. FANNING: The proposal of the secretary here, if they have had it reviewed by an IRB, and it meets all the things and they get it, what? There is a legal prohibition on their disclosure of identifiers.
MR. BERRY: Only for the purpose of what they got it.
MR. GELLMAN: Okay.
DR. PANNY: I just wanted to say something about I really do think you need to have a public health exception and a research exception. I don't think you can fold the public health into the research, because I have not had trouble getting hundreds of proposals through our IRB, but I once had a major problem getting access to vital records through our IRB for my legislatively mandated public health duty.
We actually had in 1986, a change in our medical record confidentiality statute which came about because of the research exception. We had a very reputable group of people at one of our universities doing research on sudden infant death syndrome. So they got vital records, the death certificates, to give them the names of all the individuals who had succumb to sudden infant death syndrome.
Then they contacted these families, and they asked them to participate in research. Now, while most of the time I do something that is in principle similar, I am not hitting people in the middle of their grieving process when it is really quite inappropriate I think to do that. So these people got very upset, and they went to their state delegate, and we had a law that said that the custody of vital records is only within the division of vital records in the state health department.
It is no longer under the custody of the secretary, except as the secretary is the superior to the division of vital records. That meant that all of the other units in the health department who had routinely accessed vital records, all of the sudden could no longer do that. So I went waltzing up in my usual way to say yes, it's time to do our run and see if we can pick up any additional birth defects from birth records and fetal death records and infant death records.
They said, no, you can't have that. So we said, what? They said, go to the IRB. So I went to the IRB, and they said, well, I'm sorry you've been getting it for umpty-ump years, but you can't have it now, because it is specifically prohibited by law.
So I said, well, what am I supposed to do? I have another law here that says I have to do this? They said, well, you're going to have to get this law changed. So we did, and it took us two years. After that it took us another two years to get the MOU between our unit and the vital records through the AG's office. Now we have access to this again.
This bears upon issues of is data going to be as complete and as timely as possible, because here was a totally irrational reason, in my view, for putting us several years behind with a certain portion of our data. So in fact, we are just catching up on that now.
So we didn't meet the same standards from the IRB that we would have met for research project, for a legislatively mandated public health project. So I think that you really do need to have a public health exception.
MR. FANNING: Let me just explain how lawmaking in this area is divided up. The secretary's proposal that there be national health record confidentiality legislation applies to payers and to providers. That's what we think Congress should cover. It permits disclosure without consent under carefully specified circumstances for research, and under less carefully specified circumstances for public health. In both of those instances, it has restrictions on further use by the recipient.
It does not address at all, the whole vital records business. It does not propose that it govern the disclosure of information by the provider about information about birth or death. That is regulated by a longstanding body of law, that is developed in a different way, and is not fairly characterized as health. It is a mixed kind of thing -- statistical, administrative, legal, and so on.
I just wanted people to know how all these things break down.
DR. ANDREWS: I'm not sure that the whole world is broken into public health versus research. I think that while we all may agree that the kinds of registries we have described could fit in one or the other, for example maybe the pregnancy registries we do would fit under public health, even though we are not a public health agency, or we could get IRB approval if we decide it is research.
Going back to your point, we have a very small representation here. I don't know what the whole denominator is, and I worry that for registries, as well as for other kinds of things I would characterize as research, if we require all of those to go to IRBs, then we are back at our discussion yesterday. We're going to be swamping the IRB mechanism for things that might not need that kind of scrutiny if we had some other assurances in place about the management and redisclosure of information, and the penalties.
MR. GELLMAN: Well, I agree with that totally. The question is, how do we say what a registry is? We found a way that has its problems, to say what research and what public health is, and I'm not sure that those are particularly bullet proof, but they are probably roughly workable the way they have been proposed. You find in several of the bills, the same kind of language that the secretary has proposed, that kind of model.
We can fiddle here and there. We can fiddle with the IRB by sending some things to a nationwide IRB. We could tell the secretary to make decisions about registries. We can have some kind of external control that is more convenient, and not require every registry to go to thousands of IRBs across the country, which doesn't make any sense. The same problem comes up in another context as well.
You know, at the moment your traces are you are either public health, you are either health research, or you are something else, and that's what we have been trying to pull out of you. What are you if you are something else? We haven't gotten anywhere with that. So that may be left as an exercise for the future.
We have to find a way to define what we are talking about in some way, with some kind of substantive standard, which can be very low, because the standards we define for research are very low, in very broad terms, and intentionally so. We either have to fall under that, or you can define it with a substantive standard and a procedure, or you could define it with just a procedure.
I don't think you can get away with just either a procedure or a substantive standard, because it's really going to be too hard, but those are sort of the legislative alternatives according to current thinking.
DR. WETTERHALL: I think you could define a registry. I've got a definition that I think is okay. Then you could say that activities related to registries are presumably allowable disclosures without consent. In any event, the tactic would be to define a registry, and define it as an authorized recipient of information.
To help our friends around the table, I don't think I would have too much difficulty with that. The problem I have is the lack of parallelism in having those three categories. Public health is a function. Research is a function, and registry is a type of information system. I just think you are losing your parallelism in having those three categories. To me it stands out very strikingly.
MR. LANGAN: What if you are really, really, really different? Say for instance -- and this question isn't really mine. I was upstairs at the break at the blood safety committee hearing today. A staff member from Capitol Hill from the House Government Reform and Oversight Committee grabbed me and said, Michael, ask them about law enforcement or health oversight?
MR. GELLMAN: Those are other provisions. The law enforcement stuff is particularly controversial in the secretary's recommendation, but they are all taken into it, but none of the registry activity certainly falls under law enforcement, one would hope, although one could conceive of that. We haven't gone that way. Arguably, we have gun shot reporting. The cops take them presumably, and look up to find out who got shot and why. They don't maintain a registry per se, but who knows, maybe they could.
DR. PANNY: The FBI has everybody's fingerprints.
MR. GELLMAN: Fingerprints are not health information so far.
DR. PANNY: They sure are genetic.
MR. GELLMAN: We're confused enough, thank you.
DR. DETMER: Scott, it would be nice to have the benefit of your definition on the record, whether you want to quote it to us or not.
MR. GELLMAN: Read it.
DR. WETTERHALL: We define a registry -- this is speaking from my own moccasins. This is from more or less a public health perspective. We define a registry as an organized system for the collection, storage, retrieval, analysis, and dissemination of information on individuals who have either a particular disease, a condition that predisposes the occurrence of a health-related event, or prior exposure to substances or circumstances known or suspected to cause adverse health effects.
MR. GELLMAN: I think I would like to see some purpose language in there.
DR. WETTERHALL: Well, when you asked me for the definition --
MR. GELLMAN: I'm just saying that may be a start. It may be something like that. We don't have a sample. There doesn't seem to be an organization of registries anywhere. You've got cancer registries, but you don't have all the registries.
DR. EDWARDS: We also have some concern about is it cancer or is tumor. Is it benign? We collect in situs. So without sort of getting into too much, there are a lot more details, but we call it cancer, but I can tell you there is a fair amount of debate sometimes as to what is a cancer.
MR. GELLMAN: Okay, one can quibble over definitions forever, and usually for good purpose. Anyway, I think that is the issue. I'm not sure that in the end if we have really made any expressed progress toward this, but I think the discussion -- I sort of view these two days, we're sort for zero for two here in that we have discussed issues, and in terms of reaching conclusions, we haven't gotten anywhere, but in sort of enlightening the field, and learning more about what has been going, and learning more about what identifiability was yesterday, and getting a better sense of what is going on with registries and they operate.
I think we have put a lot more information on the record than was available before, and ultimately someone, if legislation ever gets anywhere, is going to have to make decisions about how to deal with this. It seems to me that it behooves the people that deal with registries to spend some time, if they can find a way, to talk to everybody else, or somebody else to think about this.
There is half a definition at least, if not three-quarters. I'm sure that everyone would look at that and say, I'm not quite 100 percent in there. We need to change this word or whatever, but maybe that's a way. It fits in a mold that we've got. Maybe we need a procedure. Maybe we need a purpose. Maybe we need whatever. There aren't that many elements to play with here.
As all of the proposals stand now, there is a lot of doubt about how some registries would get access to records. At least in this room there probably isn't any doubt that all of these registry functions are worthwhile. So that remains a continuing problem.
I think on that point, if no one has anything else to say, we can adjourn.
[Whereupon the meeting was adjourned at 4:46 p.m.]