[This Transcript is Unedited]
National Institutes of Health
Natcher Center
Bethesda, Maryland
Agenda Item: Call to Order, Welcome and Introductions, Review of Agenda
DR. COHN: I want to call this meeting to order. This is the first day of two days of meetings of the National Committee on Vital and Health Statistics. The National Committee is a statutory public advisory committee to the U.S. Department of Health and Human Services on national health information policy. I am Simon Cohn. I am Associate Executive Director for Health Information Policy for Kaiser Permanente and Chair of the committee.
I want to welcome committee members, HHS staff and others here in person for our second meeting of 2007. I also welcome those listening in on the Internet.
I do want to remind everyone, because we are using a different microphone system this time, you need to bend over and get close to the microphone. Otherwise, people are not going to be able to hear you.
I want to thank the National Institutes of Health for hosting us at the Natcher Center for this meeting. It is a very nice room and very nice table for us to have discussions at for today, tomorrow, and for the other subcommittee meeting on Friday morning.
Let's have introductions around the table and then around the room. For those on the National Committee, I would ask if there are any conflicts of interest to any issues coming before us today, would you so publicly indicate during your introduction. I want to begin by observing that I have no conflict of interest.
MS. JACKSON: National Center for Health Statistics, Debbie Jackson, committee staff.
DR. FRANCIS: Leslie Francis. I am professor of philosophy and law at the University of Utah. I am a member of the committee and I have no conflicts.
DR. STEINWACHS: Don Steinwachs, Johns Hopkins University, member of the committee, no conflicts.
DR. GREEN: Barry Green, University of Colorado, no conflicts.
DR. OVERHAGE: Mark Overhage, Regenstrief Institute and Indiana University, a member of the committee, and I have no conflicts.
DR. STEINDEL: Steve Steindel, Centers for Disease Control and Prevention, liaison to the full committee.
MR. REYNOLDS: Harry Reynolds, Blue Cross Blue Shield of North Carolina, member of the committee and no conflicts.
DR. WARREN: Judy Warren, University of Kansas School of Nursing, member of the committee, no conflicts.
MR. HOUSTON:John Houston, University of Pittsburgh Medical Center. I am a member of the committee and I have no conflicts.
MR. LAND: Daryl Land, Executive Director of NASIS, member of the committee, no conflicts.
MR. SCANLON: Bill Scanlon from Health Policy R&D, member of the committee, no conflicts.
DR. TANG: Paul Tang, Palo Alto Medical Foundation, member of the committee, no conflicts.
MS. TRUDEL: Karen Trudel, Centers for Medicare and Medicaid Services, liaison to the committee.
DR. CARR: Justine Carr, Beth Israel Deaconess Medical Center, member of the committee, no conflicts.
MS. MC ANDREW: Susan McAndrew, Office for Civil Rights, privacy liaison to the committee.
MS. BEALE: Alison Beale, American Health Information Management Association.
MS. BITFORD: Carol Bitford, American Nurses Association.
DR. FRIEDMAN: Hayley Friedman, American Academy of Pediatrics.
MS. RIAZ: I am Fatima Riaz from Booz Allen Hamilton. We are supporting the AHED Quality Work Group.
DR. CONNELL: Mike Connell, American Dental Association.
MS. KANAAN: Susan Kanaan, writer for the committee.
MS. FRIEDMAN: Maria Friedman, RxHub.
DR. COHN: Welcome, everyone. Before we move into the agenda review, let me make a couple of opening comments. First of all, I want to congratulate Don Steinwachs on his new role as interim provost and academic vice president of Johns Hopkins University. We are very pleased to have you join us in your new role. So congratulations.
DR. STEINWACHS: Thank you very much. I have decided the interim job is really the best job. They don't expect too much, and you might actually do some good, who knows?
DR. STEINDEL: Simon, if you are going to congratulate people, I'd like to congratulate Judy Warren, who got an endowed chair at the University of Kansas. I think she has a picture of it for anyone who wants to see it.
DR. COHN: Steven, thank you. You stole my thunder, because that was my next comment. Judy, congratulations. I just wanted to congratulate you in public. If any of the others of you get endowed chairs or become presidents of universities between now and the next meeting, we will make similar announcements.
We have a very full meeting today and tomorrow. The activities of the committee continue at a fast and I would observe, accelerating pace, reflecting the increased importance of federal attention being placed on health information technology, and of course the role it can play to improve the quality and cost of health care, as well as the health of all Americans.
Within HHS, Secretary Leavitt continues to consider promotion of interoperable HIT, one of his key issues. His leadership in this area has really been phenomenal. And of course, in all of this, we the NCVHS continue to play an important role advising the Secretary and the Department directly, as well as providing expertise and liaisons to other HHS initiatives moving the vision of the NHII forward, including our liaison activities with a number of the AHIC work groups.
I should also mention that recent work products of the NCVHS are now being increasingly actively utilized within HHS. Specifically, the excellent report on privacy and the Nationwide Health Information Network, as well as our report on functional requirements for the initial definition of a Nationwide Health Information Network are now part of the recent Office of the National Coordinator RFPs that have just come out, and I think will be due sometime in mid-July.
Also since our last meeting, we have formed a new ad hoc work group on secondary uses of health information. Specifically, we have been asked by HHS and the Office of the National Coordinator to develop an overall conceptual and policy foreign worker that addresses secondary uses of health information, including a taxonomy as well as definition of terms.
We have also been asked to develop recommendations to HHS on needs for additional policy guidance, regulation and/or public education related to expanded uses of health data in the context of this evolving and developing Nationwide Health Information Network. This of course is with an emphasis in the areas of quality measurement, reporting and quality improvement.
I will be leading that work group, but I really want to thank Harry Reynolds and Justine Carr for so graciously being willing to be co-vice chair of this effort. I will be depending on them significantly, as will the functioning of that work group. I also want to thank the members who have volunteered and been drafted at this point to be members of the work group. That includes Paul Tang, Bill Scanlon, Mark Overhage, Kevin Vigilante. I also want to thank the many of you who responded to my e-mail a couple of weeks ago asking for either fuller involvement or being in the reviewer status for the duration of this. I think most everyone has responded that they are at least willing to be a reviewer, so I want to thank all of you for this participation.
I should also mention the various liaisons that will be represented on this -- be functioning with this ad hoc work group. Kelly Cronin from ONC, Mary Beth Tarquar from AHRQ, John White from AHRQ, Mike Fitzmaurice, who I can mention his name since he is not here, from AHRQ, Steve Steindel, here today, Karen Trudel. I think we also are petitioning another CMS representative to be involved in that?
MS. TRUDEL: Actually I won't be representing this, but there will be two other CMS representatives won't will be able to a attend this meeting, but will be on board for the next session.
DR. COHN: Great. We can't do this stuff without staff, and I want to particularly thank them, Jim and Marjorie, and I want to thank Debbie Jackson for serving as the lead staff. I really appreciate your work on this, and Kathryn Jones, Maria Squire.
We also have Margaret A., who is the lead consultant on the project, and I want to thank Booz Allen Hamilton and Fatima Riaz, as well as Christine Anderson and Erin Grant. One of them will be calling in tomorrow, the other one is on vacation this week, who have been also assisting the work on all of this.
So anyway, we have got a lot going on. This is going to be in some ways like the NHIN ad work group in terms of being very fast paced. We expect to be having draft recommendations and report for everyone to review in September, so we will be spending a fair amount of time tomorrow, and I will talk about the changes to the agenda that will occur for tomorrow. We will spend a fair amount of our time on briefing and discussion, providing background in this whole area so both the background group as well as the full committee has a broader context for the conversation and understanding of what we are going to be doing.
MR. HOUSTON:You said that one of the things that is within the purview of this ad hoc work group is suggestions or recommendations for regulatory change. Can you expand on that and what the scope of that is?
DR. COHN: I think I will bypass that one for the moment. We will talk about that tomorrow. I don't believe that our initial intent is to be involved with legislation for this. The question is whether or not we need to be recommending to the Secretary further guidance or whether there needs to be something -- and the issue of further guidance on regulation versus modifications to regulation is a fine line.
So did I sidestep that one appropriately?
MR. HOUSTON:No, that was a fair answer.
DR. COHN: I think we will know more as we get into it exactly what the landscape looks like in this area. As I said, we will be talking about this more tomorrow, and the ad hoc group will be meeting at the end of the day tomorrow and into Friday morning.
I did also want to comment briefly on the May executive subcommittee meeting and some changes to meeting structure that had been recommended by the executive subcommittee.
While the main focus of the executive subcommittee was on reviewing what we did last year, plans for the remainder of this fiscal year and next, we did spend some time reviewing committee function. As mentioned, the committee is getting busier and the agendas are becoming much fuller. We will be meeting until 3 o'clock tomorrow as a full committee.
The issues we are dealing with are also becoming increasingly complex and interrelated. We have all seen the need for increased cross fertilization across subcommittees and work groups.
Good morning, Marjorie.
MS. GREENBERG: Good morning. Don't ask.
DR. COHN: Yes. An important first step which we initiated as a result of our last full committee strategic retreat has been to expand the discussion of issues that are being discussed at the subcommittee and work group level to come before the full committee early on, so we can provide input and guidance.
We have also established time limited ad hoc work groups on specific issues that typically include members with a wide variety of perspectives and skill sets. We were just talking about the second one of those that we have developed.
While we think that there is progress being made in this area, we believe that more needs to be done. As an immediate next step, I have asked chairs to be especially vigilant in identifying these areas of overlap and making sure that we are getting consultation from the appropriate subcommittees and work groups on the appropriate issues.
We are also moving subcommittee and work group reports to the beginning of the committee meetings to enable early vetting and discussion of work underway in our meetings, as opposed to something which we have historically done at the very end as everybody is getting ready to leave. So hopefully we will spend at least a couple of minutes talking about the work going on in the subcommittees and work groups.
Additionally I will also be having conversations with a number of you about your participation on subcommittees and work groups, not so much with the idea of insuring greater participation, but more just exploring the idea of getting some people, what I would describe as a little bit out of their comfort zone in terms of their committee participation and involvement. I think many of us have observed that all the standards people are in standards, all the populations people are in populations, and it goes on and on, and we need to think about maybe mixing this up a little bit.
I think Don is going back to being provost again. It may be easier.
Finally, to assure that we have time for important discussions as a full committee, we have also decided at least on a trial basis to reduce the number of routine reports from the Department that normally occur on the first morning. Instead, we are going to be replacing them with written briefings, and we will from time to time engage the various departments and agencies with more substantive conversations. We will have a little more time to talk about the issues coming before the various groups.
These changes are reflected in the agenda that we will look at today. Let me just briefly go over the agenda and talk about the lay of the land today and what happens for the rest after the adjournment.
As soon as I am done, I am asking Justine Carr to lead off with a discussion of subcommittee and work group activities. I have asked Don Steinwachs to give a brief review after that. Depending on how our time goes, my intent was to have Harry Reynolds talk about standards and security, and then Mark Rothstein. We will need to play with timing a little bit. We may ask you to lead off that conversation before your letters as the day goes on, and provide the discussion at that point, but we will play that by ear.
Following this is a presentation by Karen Trudel of CMS and Harry Reynolds, one of our co-chairs for standards and security, providing an overview of the first orientation of the 5010 transaction which you see up on your screen. These are updates to the currently approved HIPAA transaction standards, and hearings are going to be held by the standards subcommittee during the summer on this, with recommendations coming back probably later this year or as appropriate.
Then after you morning break, we take up two letters being brought forward by Privacy and Confidentiality for our consideration. After lunch we have two letters from Standards and Security. Finally, we have a letter being brought up by the Populations Subcommittee on data linkages.
We will be adjourning as a full committee about 3:15, and have various subcommittee and work group meetings happening this afternoon both in this room and Room D, also followed by Quality later on.
Now, committee and staff dinner tonight is at Jaleo's at 6:30, so it is a little earlier than our usual dinner. This is the Bethesda Jaleo's, not the downtown one. I thought maybe we would take the opportunity at this point to get a show of hands. We will let people think about dinner. We will grab everybody right before lunch and see who is going to be coming for dinner.
With that, let's begin our subcommittee work group update and discussion. Justine, would you like to lead off?
Agenda Item: Subcommittee and Work Group Activity Scan
DR. CARR: Thanks, Simon. We held a hearing yesterday. This came about from a conference call that many of you participated in in February and also followed up on in a conversation we had with Carolyn Clancy.
There is a lot going on in quality, and we don't want to duplicate what is going on. The role of the hearing yesterday was to identify how is quality being served by the information resources available today. So we had an array of superb speakers, absolutely superb, talking about the transition from paper to hybrid and to some electronic elements.
I just had a couple of bullet points that we learned from this hearing yesterday that will inform what we do going forward. Clinical outcomes are getting better. Transparency is increasing. The public is becoming engaged. Metrics are becoming refined by blending administrative data with clinical elements. We heard some very elegant science related to that yesterday. Physicians and other clinicians as well as senior leadership are getting involved, collaboration is increasing. Public reporting in and of itself is improving participation as well as outcomes.
Then we also heard about the administrative burden, which is large and growing, as we are navigating both electronic and chart abstraction. The financial commitment is large and growing, both for FTEs to do the abstraction as well as for taking the step into the world of the electronic health record.
This afternoon, the Quality Work Group will review what we heard yesterday, and think about the themes that we want to emphasize. We are also going to take a look back at some of the reports that have been done, going back to May of '04, where we had some 20 candidate recommendations, and take a look at where we are with those and rank some of the work that we have done over the last couple of years to inform what we do going forward.
Questions?
DR. COHN: Thank you for the early view of activity. Very good hearing yesterday. Don?
DR. STEINWACHS: Let me just bring you up to date on where we are. Simon did let me go to Alaska for two weeks to study the populations, but it turned out these weren't very human populations. There seems to be a lack of humans in much of Alaska, but I wanted to add that report to my further inquiries into health in America.
We have two major areas that we are pursuing. One is on data linkages, looking for how to enhance the opportunity to link data sets that can tell us more about the health and well-being of populations. Some of these linkages as you well know link surveys to administrative data such as Medicare or Medicaid data sets, to things like the health interview survey or other surveys, so they provide a level of detail and a level of potential.
Out of the hearings that we had, we have a letter that we are bringing forward today to try and improve some of the access to linked data sets. The other issue that we are hoping to address in the near future, be talking about in our committee meeting today, is ways to facilitate how quickly you can put linked data sets together or get access to them within government agencies, as well as the outside. Much of the letter discusses more outside arrangements.
Linkage also raises privacy concerns. One of the things that I am hoping we will discuss today is whether or not we ought to be talking more in the Privacy Committee, Confidentiality, about having something that may be a joint effort to try and look at some of the regulations, laws, other things that make it more difficult to put data sets together. Immediately when you create linked data sets, almost always you have a privacy problem, because now you know much more detail about someone, either geographic or otherwise.
The second area is on surge capacity. We had a one-day set of hearings. I am going to ask Bill if he can say a couple of things about next steps, because we have a working group on the next steps.
MR. SCANLON: It was a very good hearing back in January. I think it illustrated the fact that this surge capacity issue is rather broad. You can think about it starting with the issue of hospital capacity and hospitals' ability to deal with a surge in cases of various types, but it goes beyond that. It goes into the emergency medical systems and response of systems within communities to the work force, to the availability of supplies that you can bring into communities, et cetera. Then there are multiple types of problems in the sense of how do you do with a Katrina type case, where the capacity that you might have been relying upon is now gone completely, versus another type of situation where you have got a catastrophe and you can take advantage of the capacity that you have been building over the years.
While that was all interesting, the issue that we face is that we are a data committee, we are not a catastrophe policy committee. So therefore, we did hear some testimony about the data collection related to surge capacity. That is the area that we are pursuing now. What we are doing is, we are going back to some of the participants in the hearing to talk with them more about which avenues would be potentially most productive for us to pursue, and we will put together another hearing for the late fall or early next year on the basis of the advice that we get from these individual participants.
DR. STEINWACHS: Two other things quickly. One is that Bill has been serving as our link to the Board of Scientific Counselors for the National Center for Health Statistics. There are discussions there trying to build stronger collaborative activities. Data linkages is one of those areas.
There are other issues too that come up for discussion. Funding has been one of the concerns that the National Center for Health Statistics has and was talked about at the executive subcommittee meeting. So some of these areas are shared.
We did seek at the last meeting of the Board of Scientific Counselors their input on the draft letter that we are bringing forward today, the idea that those areas that are mutual concern, we ought to be getting the input and participation to the extent that members of the Board of Scientific Counselors have an interest and have time to do so.
So I think that is making some progress. Again, it is a series of many steps as we march along, because they are very busy with their own agenda, but yet looking for ways to draw that together.
The last is that we still have on our plate for discussion, and I am hoping today we will have a chance to talk about next steps, is the idea that the committee would move ahead to look at in my view the updating of the report that we did over five years ago on health statistics for the 21st century.
Part of that updating it seems to me in looking at it again brings in electronic health records, brings in other issues that were not as central, and maybe some things that were not as concrete. So that is a great conceptual foreign worker and part of what would help the subcommittee and I would hope the whole committee to take some steps to make some of those things more concrete, and to keep the life and vitality in this. I think unless we keep coming back to it at periodic points, it will disappear into the shelves. It seems to me it is a very useful foreign worker as we move ahead.
So that is what is on the agenda right now.
DR. COHN: Questions, comments for Don? Harry, I think I had you on next.
MR. REYNOLDS: As you can see, we brought two letters forward today. We will be talking about the 5010 in a little bit to give you a sense of the next set of standards that are going to be coming out and what impact that is.
After that, there may be some other standards that could be appearing soon. One will be claims attachments, which we have discussed in here briefly before. ICD-10 obviously is still in everybody's horizon. That would be one -- we are talking about primers today, that would be one that we would probably have a couple of primers to get everybody completely aware of what that was as a full committee before we would take action on that.
We need to continue to monitor the NPI implementation. As you know, that has been moved to May of '08 for implementation. We do have a responsibility as we have all along, every time we have a hearing, to continue to at least keep an eye on that and the status, and make any further recommendations on how things are going.
Then we are going to talk this afternoon in our breakout group about how we want to continue to stay involved in any recommendations on how to continue to make the progress better. You will see our streamlining letter today, but also as we have seen with HIPAA, we wrote a lessons learned from HIPAA, and now we are seeing some of those lessons that got learned in NPI, some that maybe we haven't all learned completely well yet. So we need to continue to stay diligent as a group in trying to help the industry get better, because we are going to have these rolling out continually. It is something we need to continually take a look at and see what benefit we can offer to that process.
So that would be where we are headed as it is right now. I'll take any questions. Thank you.
DR. COHN: Mark.
MR. ROTHSTEIN: Good morning. Later this morning we are going to consider two letters from the Privacy and Confidentiality Subcommittee, the first dealing with the relationship between FERPA and the HIPAA privacy rule, and the second dealing with the currently non-covered entities. I will defer until then a discussion of that.
I just want to bring you up to date on what our current activity is and our plans for bringing that activity to completion and back to the full committee.
There is a provision in our June 2006 letter on privacy in the NHIN, in which we say HHS should assess the desirability and feasibility of allowing individuals to control access to the specific content of their health records by the NHIN, and if so, by what appropriate means. We also say that if individuals are given the right to control access to the specific content of their health records by the NHIN, the rights should be limited, such as by being based on the age of the information, the nature of the condition or treatment, or the type of provider.
That is an important statement, but it is pretty general. What we have attempted to do over the last couple of months is to add some level of detail to that recommendation for the benefit of the Secretary and others working on this NHIN initiative.
We held a hearing in April, in which we sought the input from many of the people who would be affected by any recommendation we would develop, such as physicians from specialty practice areas, the American College of Obstetricians and Gynecologists, the American Psychiatric Association, and an addiction center. We also heard from more primary care docs, from the American College of Emergency Physicians, the American Academy of Family Physicians, and the American College of Physicians, and others as well.
We held a meeting yesterday, a substantially all-day meeting, of the subcommittee in which we by the end of the day reached agreement in principle on directions to go in this. If you think about this, this is really the fundamental privacy in the NHIN, what degree of control of the information, even within clinical settings, should the patient have. It is a very difficult question, because you are balancing quality of care with privacy and public health and all sorts of things.
At any rate, our plan is the following. We are going to have a draft letter circulated to the subcommittee members in mid-July. We are going to schedule a series of conference calls of the subcommittee members. The goal is to have a letter to the full committee for our September meeting.
Because of the importance of this, I would like to follow a practice that we started with our NHIN letter a year ago, that is, make the conference calls available to all the committee members, not just the subcommittee members, and distribute drafts of our letter to you and invite you to participate. Obviously you are not required, but you may have some input that would be very valuable to the subcommittee. So that is our plan over the next few months.
DR. STEINWACHS: Mark, has there been any communication between your subcommittee and what is going on in HITSP, in the security and privacy technical committee? They are really exploring in depth the questions concerning how to encapsulate the privacy issues with the present security IT infrastructure. They have produced a list of standards that might be considered, and that was put out for comment about three weeks to a month ago. They are now working on their second set, and meeting vigorously right now in San Diego.
MR. ROTHSTEIN: I have had no dealings with them. I certainly think it would be appropriate at some point. I'm not sure the degree to which their new standards are attempting to incorporate these kinds of global privacy issues. Are they?
DR. STEINWACHS: I think that is why I brought it up. Initially, the first meetings of the technical committee involved the discussions of whether to confine it just to the HIPAA area. There was very vigorous discussion and a general consensus that it needs to be expanded beyond that. They are considering the NCVHS privacy letter as a guiding force.
MR. ROTHSTEIN: But the letter, as wonderful as it is, does not provide sufficient detail for someone to develop standards.
DR. STEINWACHS: That is what they are providing. They are using it as a guiding principle type document and asking the questions of what type of standards exist that can implement some of these features; do they exist, do they not exist, what is needed, how far should the standards go in today's world to allow the free convey of information that is needed for certain aspects of the NHIN, and how much of it should be restricted. One of their main discussion points is the level of control and how do we have control mechanisms attached to the data.
MR. HOUSTON:I'm interested, is HITSP's focus primarily, on the privacy implications on the security standards? Or how far are they -- I don't know how to say this. What is the balance between privacy and security on this particular activity?
MR. ROTHSTEIN: is part of their discussion. Obviously what they are charged to do, because they are HITSP, is to make recommendations to the Secretary with regard to what standards should exist in this area. But I think we are all very well aware that -- and as pointed out in our privacy letter, the articulation of standards to use cannot happen within a vacuum. There has to be policy behind it.
So they are drifting into areas where they discuss where the policy is weak. I think just this week, I believe, if not the latter part of last week, Dr. Kolodner announced that there will be something coming out of the Office of the National Coordinator with regard to health care privacy within the next few months.
MR. HOUSTON:My concern is, it is a lot easier to develop security standards because they can be more concretely drafted. I understand why they want to encompass privacy. So I am just trying to figure out where things start and stop.
But also, to your point about what Kolodner is advocating doing, it really does demonstration there is an amount of disjoint here in terms of who is doing what and how everything works together, and the timing. I think these are just examples of that. We have talked before, but I think it is meaningful to try to get everybody on the same page and decide what everybody's roles are and what everybody is going to be working on, so we don't all end up either doing things that are out of sequence or become moot because of the timing of whatever someone else has done.
DR. STEINWACHS: John, I think that was really the essence of my main point. I just wanted to make the privacy subcommittee aware of these discussions, and perhaps they might want to consider reaching out and finding out exactly what is going on with them.
MR. ROTHSTEIN: I think that is a very good suggestion. I would have an even broader suggestion. I think it would be very helpful if we could have a meeting, and around the same table have the OMC people, the HITSP people, the NCHS people and so forth, and everyone say what it is they are working on and what their plans are. We are on the same team here, and we should coordinate that.
But I don't think it is our role to make that happen, because we are all advising the Secretary. I think it probably ought to be ONC that coordinates that. I can't tell them what to do. Maybe Simon, in your mysterious ways, you could make this happen.
But I think we would all be well served by having a discussion of where everybody is, so we are not stepping on each other's toes or leaving gaps in this area.
DR. COHN: Well, let me say that I am worried less about stepping on toes than I am about leaving gaps. I think that is the bigger danger. This is an area I would rather see more than too little. I do think it is one of our roles as advisors to help bring people to the table.
I think we will be seeing some of these groups potentially testifying as we talk about secondary uses. Maybe there is a way to find out a little more about what else they are doing in this area. If you think about it, some of the secondary use conversations do begin to insinuate into the privacy conversations, so we can certainly begin to get into some of that.
Now, as Chair I am happy to continue to engage in conversations with the various groups that you are describing about how everything works. But there is also a role for the Privacy and Confidentiality Subcommittee to invite in open session the various groups that we were just talking about, so that everybody can hear what everybody is doing, and if there are data gaps or any issues that we are hearing. So I would certainly invite Privacy and Confidentiality to consider this at a time of their choosing as a topic for our next hearing.
MR. HOUSTON:You also need to involve the Standards and Security people. I think it is right up their alley as well, at least as it relates to what HITSP is doing.
DR. COHN: That's true.
MS. GREENBERG: I'm just trying to sort out all the groups and which ones we are represented on and which ones we aren't. Obviously we have our own subcommittee, and then AHIC has a privacy -- is anyone around the table participating? You are participating in that. I would think they would be pretty closely aligned with the HITSP, but that hasn't come up there?
MR. HOUSTON:I don't want to say they are aligned. I don't see that, let's put it that way. I believe there has been some discussion about it, but I don't think anybody is doing things with the level of coordination we are expressing.
MS. GREENBERG: It is my understanding that the HITSP is driven by these use cases which are given to it by AHIC. They had decided they would form a work group to look at the privacy implications of all these different use cases, and I guess the security implications. That has evolved now into an actual technical committee, am I correct about that, Steve?
DR. STEINWACHS: To a certain extent, yes. I think the technical committee --
MS. GREENBERG: Hetty Kahn on my staff has been participating in that and following that. So we have got the AHIC group, we have got the NCVHS group, we have got the HITSP group. Was there a fourth one?
MR. HOUSTON: I think it's ONC.
MS. GREENBERG: Well, ONC, they are also obviously playing in this area. Karen Bell is going to be here from ONC tomorrow morning, so maybe we can continue to pursue that with her.
DR. COHN: That is true, though it is not her area.
MS. GREENBERG: But she is like the deputy, isn't she?
DR. STEINWACHS: Marjorie, I think we have already left off one other person who is very involved in this. She is sitting right next to Simon, the Office for Civil Rights.
MS. GREENBERG: That is true, it goes without saying. But they are not like a committee. They are a real place. That is why I didn't include departmental organizations.
DR. COHN: Maybe these departmental updates, taking them off are not such a good idea here.
MS. GREENBERG: I'm sorry that I was caught up in some kind of traffic situation here on campus and I was a little late, but did we go over the changes tomorrow morning?
DR. COHN: No, I figured I would do it at the end of the day today, based on progress made by the committee on all the other issues.
MS. GREENBERG: As to exactly when we start tomorrow morning, it is a little open. But I did think we should explain the change in agenda tomorrow, particularly even people listening on the Internet and the audience or whatever, so they know how we are going to schedule things tomorrow.
DR. COHN: Let's finish off the previous conversation and then we can move to that. I don't think we are settled on the privacy issue, but I would think this needs to be a discussion that we have in terms of -- that may impact when Privacy and Confidentiality has the next hearing. It is also an issue of, John Houston brought up very appropriately that Standards and Security we know is having a hearing later on this summer, and whether or not this all fits into that as a panel or a conversation on the security issue.
I think we do once again observe that there are at times close relationships between privacy and security, and sometime the boundaries are not always clear. So we have chosen at this point to keep security and standards and privacy and confidentiality on the other side. But it just speaks once again of that issue of integration and interrelationship, which is what I talked about earlier in the day.
So we will talk about that one without coming up with an answer.
MS. GREENBERG: Just one other thing. I know sometimes we do this. I am wondering, if the Privacy and Confidentiality Subcommittee is planning to bring forward a letter the end of September on this really critical issue of patient control of their data, if it wouldn't be a good idea to just send a paragraph letter to the Secretary with a CC to ONC saying that. Some things are going to be going on this summer that could elicit a variety of reactions: we are already taking care of that, or could we meet or various things. But I just wonder if there shouldn't be some official alert that we are going to do that.
MR. HOUSTON:I think the letter was intended to be a summary letter in September with the intent to follow up with more detail. I don't mean to speak for you, Mark, but isn't the letter really intended to be the notification that we believe there is an issue, and we intend to delve into it more fully?
MR. ROTHSTEIN: No, I think it is supposed to be where we set out our framework. In subsequent hearings and letters, we are going to drill down in some of the specifics.
This is an incredibly complicated area when you get into trying to design rules. There are lots of important policy questions. But we felt that it is important to get in front of the Secretary and all the interested groups the framework in which we think this discussion should be taking place, and if people agree with it, then we can march forward on all these specific areas.
DR. GREEN: I appreciate this conversation. I would like to ask that we not leave it without a clear definition of our path forward. As I read the reports since 2002 through 2003, four, five, six about this, and as I recall our hearings yesterday, the real problem here is our stutter steps and inability to forcefully move effectively into a high performance health care system enabled by an information technology standard with the appropriate data and data standards.
This conversation suggests a great deal of activity, but it is not clear to me that we have got our act together about how we create forward motion amongst all these groups. In a devil's advocate sort of way, why doesn't the NCVHS call for a summit of these folks that are working on these different privacy issues? I think we have agreed until the privacy thing is attended to, many other things must wait. I don't have any sense from our subcommittees or the discussions I have heard here that this committee feels like things should not be pushed forward as expeditiously as possible.
DR. COHN: Larry, thank you. I am reminded of our conversation and my comments about committee members going into other areas.
Without trying to answer your question for the moment, I know Paul had his hand up, then I'll ask Mark to comment on what you were just saying.
DR. TANG: It may be a pickup of what Larry said, but it also goes back to Mark's request that there basically be an in-person kind of congregation so we can sort these issues out. It would be nice if there was coordination in work, explaining each other's role ahead of time, so that the panel of folks involved, HITSP confidentiality, our confidentiality and privacy, our standards and security, AHIC's CPS and ONC's individual effort that is Kolodner is leading. So it would be nice to have a panel of public disclosure and how we are coordinated, but I think that will take some pre-work that helps figure out how we are coordinated or how we can get coordinated.
DR. COHN: Mark, how would you like to proceed? I tend to call these things less summits and more hearings, or they could be roundtables or whatever. But what are your thoughts about how Privacy and Confidentiality should move forward?
MR. ROTHSTEIN: The end result is as Larry described. That is what I would like to see. How to make that happen, I'm not sure of the best course politically.
I would like to get some other input into that, and maybe take that up later in the day or tomorrow or something, because I don't want to undermine our efforts. The role of a federal advisory committee such as this which is open and so on, is not exactly the same as a departmental role, which is not subject to open process and the like, so I don't know. I want the end result, but I don't want to be in the position of trying to corner the Department into doing something they don't want to do. It might be easier if we invited them to do what we want them to do, unofficially. I don't know.
DR. COHN: I have a comment, but I couldn't tell whether Paul has his hand up or not.
DR. TANG: Maybe I can offer an observation in terms of what I think is going on with these various groups. AHIC's activities are focused around their breakthroughs and their use cases. Where issues come up, they try to find a way to address those issues.
So for example, the consumer empowerment work group created a recommendation that the AHIC adopted that says we should have floor privacy and security policies imposed on operators of PHRs. So they charged the consumer empowerment work group to work with the CPS group to come up with those things that would then get passed on to HITSP.
MR. ROTHSTEIN: But one point of clarification. It is specific to PHRs, though. That is a big clarification.
DR. TANG: That's correct. That is what I am trying to point out, that it is a focused activity. I think it produced a useful output that is going to go forward once it gets to full work groups and then gets passed on to HITSP. That seems like a very clear road map.
What NCVHS is focused on is the broader NHIN context in privacy and security and the role that that plays in that broader context. HITSP also has a group looking at the broader context. So it seems like NCVHS would come up with the principles for the policies, and that HITSP is a receiver that would try to implement the standards necessary to implement those policies.
So in my perhaps simplistic mind, there is a way to carve out a road map, a path and a converging path on the appropriate policies and the appropriate standards and procedures that need to be created, so the NHIN and PHRs can operate in a safe way. It would be nice if that were actually true, and that the folks involved, who probably haven't talked as much to each other and figured out that this was in fact everybody's game plan and that we were really truly working on something that was not conflicting and was converging on a path.
MR. ROTHSTEIN: Paul, what you recommend is certainly reasonable and logical, but it is not reality now. I'm not sure what reality is, that is the problem.
I serve on yet another panel that hasn't even been mentioned. AHIC has a working group on personalized health care, which is in parens genetic information. There is a sub work group of the work group on privacy and confidentiality, which I am on. When we were considering certain issues relative to this, I thought they had a somewhat narrow focus, and I wanted to expand the kinds of global policies that we would need to have with genetic information, and was told, no, somebody else is dealing with that. I don't know who somebody else is. I think that is the problem.
There may be other groups out there who have the same jurisdictional assignment. What I would like to suggest is that we come back to this issue. I want to have some private conversations with some folks during a break and come up with a plan.
DR. COHN: Mark, I don't think anybody is intending to put you on the spot of what you absolutely need to do. I think we are having a conversation, and we will finish it up here pretty rapidly, and then we will later on talk about additional next steps. Harry, Leslie, and I think Mark had a comment, and then we will wrap up this part of the conversation. This of course is exactly why we want to get issues out early.
MR. REYNOLDS: I think Larry made a great point. We talked about some of it yesterday as far as our path. One of my assignments out of the session yesterday was to get with Jeff.
I thought I understood clearly that the RFP that just came out for the health information exchanges in public health clearly stated that two of the three main requirements were to follow what NHIN did on the functional requirements, and NCVHS's letter on privacy.
So I think we are in the midst of a glide path right now. If we stay focused on NHIN and we stay focused on as Paul and Mark have said continuing to stay a little bit ahead of the overall picture, chasing the use case is a hard game for us with the way we are set up, but driving the real vision and the real thinking and standards and privacy and other things that would really move the NHIN forward, I think we have a glide path going on.
I think we felt the urgency yesterday in privacy to continue that, and to come forward with -- that is why the intensity and the speed of the letter and the intensity of the discussion yesterday ratcheted up as far as what that next level of structure would be.
So I think we are positioned well. That is why it is exciting to see it actually starting to be used as a collateral for these RFIs, which are people spending a lot of money. So I think if we continue to stay where we are and continue to make sure we don't lose sight of that glide path, I think we are going to make a big difference.
DR. FRANCIS: My own way of viewing what we were doing yesterday was, we were trying to get as clear as we possibly could on the goals of both good care and privacy, and then how we would essentially try to put those together in realizable recommendations. So I just think it is absolutely essential that the discussions get interlinked, because I think we will be at a level that is not implemental in certain respects unless they are linked, and they will be headless, or goal-less, or something like that.
DR. OVERHAGE: Maybe Harry proposed the answer, but I think this is a broader issue than just the privacy and security. I am very worried about the cacophony of voices that the Secretary is hearing.
In our role as an advisory group and all of these others, it is not clear to me where the synthesis happens. I certainly don't have the time and energy to really understand what each of the different groups is doing and where the conflicts and issues arise.
So what is already happening is, we are seeing conflicting and incoherent -- not incoherent in terms of un-understandable, but incoherent in terms of not nicely fit together. So for example, as HITSP is going down the road with security standards, they are charged with finding some standard somewhere which does something that needs to be done. So you end up with this mish-mash of things that I don't think necessarily is the best way for the country to move forward.
If we can be far enough out front -- but and I don't know how we reflect this, but what I worry about as a committee, our advice to the Secretary may not be very effective, because these are tough complicated issues. Just to read the material, synthesize it, and say here is what HITSP has got and here is what our privacy letter says, and here is what is going on elsewhere and make any sense out of it, is a month-long job. I don't know who is doing that job. I really think that we run a risk of ending up with a set of recommendations and moving forward with some of these efforts and setting ourselves up for failure.
MR. HOUSTON:After hearing Harry and everybody else and remembering what Marjorie said about trying to get some statement out there, maybe one of the things we can of value is -- and to Harry's point about staying out in front of this trajectory, but if we put out a statement of where we intend to go and a schedule in which we try to accomplish that in, maybe that will be helpful to allow other groups and the Secretary and Kolodner to understand exactly what we are planning on doing with enough detail and concreteness that they either come back and say, we need this sooner or yes, this makes sense, or maybe it causes them to back off some of the plans that maybe they would otherwise have because they know we are working on it.
Is that something we could reasonably do?
DR. COHN: I think we have heard a variety of comments. I want to thank you for getting the conversation going. I thought this might be dull for awhile there.
The committee performs a number of functions. It doesn't do the same thing for every topic area, and it doesn't necessarily always do the same thing consistently. But we are an advisory committee. One of the things that we do very well is bring the many players to the table to talk about common names, which of course for all of us is a healthy America, improved health care system and all of that.
This is an area where you are talking about various aspects of privacy, but I come away continuing to be convinced that Privacy and Confidentiality is doing the right thing. We are taking a leadership role, looking at the forests rather than the trees, looking out to the larger dimensions, looking at an integrated health care system as opposed to specific use cases. I think we have been doing a very good job on that.
Now, having said that, I do think it is very timely to ask key other participants in this area to come for a roundtable, hearing, whatever you want to call it, to sit down and find out what everybody is doing. The fact that some of our conversation is, we don't know what is happening with X, Y and Z, I think it makes sense for everybody to be hearing everybody.
Traditionally, the good things about our hearings is that everybody else gets to hear what everybody else is doing. That helps with alignment and coordination. We can from that identify if there are issues, we can advise the Secretary on that. That might be a very helpful piece in privacy and confidentiality. I think what we are hearing is that it is the right time to begin to put together a hearing on that.
Mark, I'm sure you probably don't disagree with that as a reasonable piece. That is not the same as trying to solve all the problems of the moment, and we should talk about when there is a good time for that. Those are certainly conversations we can have with the various players, including HITSP, ONC, various others, knowing that around the table there is a fair amount of representation in all of that.
But I think that is a reasonable next step, and then we can figure out where we go from there. Does that make sense to everybody? And we always need to remember that that is what we agreed to.
Now, Harry, we are unfortunately running a little late. What I am going to suggest is, Marjorie had asked -- and this is something I was holding off until the end of the day to surprise everybody with how different tomorrow is really going to look. But Marjorie I think is right that we need to at least run by a little bit of what the agenda is going to be like tomorrow. I am going to suggest we take a couple of minutes to do that. Knowing that we are running a little late, why don't we take a break then and then we can take up 5010 right after the break.
MR. REYNOLDS: We will remember over the break what we were supposed to say.
DR. COHN: Okay. Let me try to explain to you how tomorrow is going to be different than what you thought. One of the questions that we will not answer until the end of the day is whether or not we are starting at 8:30 or not. The difference has to do with exactly how many outstanding action items we have, which is why I was not going to get into it quite at that point.
What we are going to do is, we are going to start out either at 8:30 or 9:00 with the action items that are unresolved from today. Some of the letters we will probably need to come back, others we will look at, and they will be good enough for us to pass either as is or with minor wordsmithing, or referring to the executive committee for additional wordsmithing, as we choose.
Anyway, after that we will continue to have Jim Scanlon talking a little bit about the Data Council and a little bit of Department update. We are having Karen Bell coming from the Office of the National Coordinator to give us an update. We probably should listen very carefully and ask her about what is going on with privacy based ont this conversation.
From about 10:30 to 12:00, and this is what is different on this agenda, we are going to be having a series of briefings. This will be led off by Fatima Riaz and Kristin Martin Anderson. This is about secondary uses of data, and briefing context setting, talking a little bit about the quality work group from AHIC and their vision and work, then moving to the discussion led by John Lunsk that has to do with the NHIN core services, and then finishing up the conversation about the quality use case and how it applies in all of this context around secondary uses, presentations, conversations as background and context for all of these secondary uses work that we are going to be doing this summer.
Probably around noon we will take lunch, once again different than on this agenda. After lunch we are having Betsy Humphreys talking about the international terminology standards development organization formation and activities. I do need to disclose that I am a U.S. alternate on the governing board. No pay, but I just wanted to disclose that I am part of this new activity.
Then we will follow with Marjorie Greenberg and Steve Steindel following the conversation that we started two meetings ago around international activities around coding and classification and standards, their perspectives and next steps.
At 2 o'clock we then connect with John White from AHRQ, who is going to be talking a little bit about the data stewardship RFP that has been produced by AHRQ. Once again, it is one of those issues that we will need to be talking about as we talk about secondary uses.
With whatever time we have left at the end of that day, we will probably talk a little bit more about secondary uses, finish up the agenda. Everyone needs to remember, at 3:30 we convene the ad hoc work group which will continue to the end of Thursday and then from 9:00 to 12:00 on Friday.
So we will be able to tell everyone a little better about when the meeting starts, but these are the broad outlines of how tomorrow is going to look. So look at the 21st, realize that it doesn't look anything like you would have expected it to be, but I think it should be a lot more interesting and a lot more fun. So that is the good news. I am an emergency room doctor. I am used to controlled chaos, I guess is the best way to describe this one.
With that, why don't we give everybody about a 15-minute break. Then we will come back for 5010. Think about whether you want to join us for dinner, and maybe we will take a hand count right after you come back from the break.
(Brief recess.)
DR. COHN: Like I said, we are running a little bit late, but not terribly so. Our next item is Harry Reynolds and Karen Trudel talking about 5010.
MR. REYNOLDS: Karen is going to kick it off.
MS. TRUDEL: I am going to start by providing just a little bit of background. We will start with, what is 5010.
5010 is a new version of the suite of administrative transactions that affect the non-retail pharmacy sector. So we are talking about transactions that affect physicians, hospitals and other institutions and health plans that they communicate with, as well as the vendors and clearinghouses that serve that sector of the NHIN.
The 5010 transactions, which is the way of naming a version, were developed by the standards developing organization X12N. This is the first time that these transactions have been updated for HIPAA purposes at least, or that we have even anticipated updating them. So the version in play right now is the original set of transactions that were adopted by HIPAA 4010 and the 4010-A modification to them. These have been in place since about May of 2000, so you can see it is about time for an update. There are a lot of new business functions in these transactions.
What we will be doing, the end result of this process, is a modification to the HIPAA standards. This would be done by notice and comment rulemaking. Then these standards would replace the 4010 standards and all HIPAA covered entities would be required to adopt them.
The reason that this process is in place for NCVHS to review these potential standards is that while the standards developing organization meetings are open to the public, there is concern that participation generally consists of a limited group of very technically savvy industry representatives. So the point to this process is to broaden the potential for input to get a sense of what the impact, any concerns that the general public have about these transactions, are these good to go, are they not, and NCVHS is the venue for receiving and distilling that input, with the final result being recommendations to the Secretary.
MR. REYNOLDS: We just put together a few slides. This is the first of the committee efforts that you will all be going through as different committees, trying to get the full committee to at least understand the subject before we come roaring in with a letter and say, read sentence three and you get it. So this is written at that level. We want to make it perfectly clear this is a primer. We are going to have industry experts come in and talk to us and tell us the impacts and so on. So we are not here testifying what 5010 is going to do to the world. However, on the other hand we do want to give you a general picture of the overall impact that it is going to be.
As you have heard us talk a number of times, it is a prerequisite for ICD-10. The current versions of the transactions will not in fact handle ICD-10.
These are the nine transactions. We won't go through the buzz words, but basically what we are saying to you is that it affects enrollments in health plans, premium payments, eligibility and inquiry responses, authorizations, the actual claim itself, claim inquiry and the payment remittance. So all the transactions listed here. We won't geek you with the numbers, but it pretty much affects everything we did in HIPAA, and is pretty much end to end on the information that flows back and forth between the entities related to HIPAA.
You have heard a number of times in here, we have implementation guides. There are industry implementation guides that explain the regulations and the transactions and what do the fields mean and so on. Each one ranges between two and 600 pages. Most pages contain changes of 5010, so let's do a little quick math.
Every entity has to look at between 1800 and 5400 pages that may have a change on it, and then decide what it actually means to them as an entity. We will talk a little bit about that. You see the changes; some of them are logic, some are just wording, so you are not saying the world is changing dramatically on every page, and you are not saying that the world isn't changing dramatically on every page, or you are changing what you are doing as a business or anything else. You are just making it clear that there are changes in pretty much every page of these things, in one way or the other, so the industry has got to go take a look and make sure that it sees what is going on.
The other thing is, what we will hear in our hearings, and we had tried to get that earlier, but we are not going to be able to get it to our hearings, is what is the real business impact to this. I think what has gone on in the standards organizations right now is, these are the changes to the data, to the formats, to the other things, but we need to hear, and it is part of our responsibility to hear what it does to the overall industry and what those impacts might be, and that may or may not affect what recommendations we would or wouldn't have to the Secretary as we go forward.
Each entity in the health care industry, whether it be a clearinghouse or a payor or a provider or anybody else that is involved, CMS, the Medicaids and so on, after they review the implementation guides and decide their impact, change their systems and processes again, and then test those systems and processes internally, and then do it with all the trading partners that they are involved with. So if a clearinghouse is doing it for a lot of providers, once they get ready, they would work with the payors that would receive that. It is the same kind of testing that originally went on, not nearly to that extent because you are changing, not building. So everybody has built their testing in thinking about HIPAA, so now you are just changing all that, you are not rebuilding it. So as some people said, it is not HIPAA 2. It might be HIPAA on steroids, but it is not HIPAA 2, it is not a re-do of HIPAA.
Then you have got to work with your business partners to implement, then you are going to have the same kind of thing, when is it effective and how do we track it as to how it is being affected. You heard us all talk from Standards and Security on NPI, what is the due date, how is everybody doing, is everybody coming together at the right point, and are we going to make it, and what kind of contingency plans are in place and what kind of dual processing, and all the other things that normally go on.
So we are going to begin hearings on the 5010. Our first one is July 30 and 31, where we are going to have the industry come in. WITI will also be coming in, and hopefully giving us a survey that they have done of the industry on what some of the impacts would be to the business. We will be hearing from all the same constituents that we pretty much heard from, or a good many of those that related to HIPAA initially. We have got to hear from everybody as to what they think and see.
We are looking, since it is a prerequisite to ICD-10, since there is a flow that is going to be coming along, trying to put together something for the full committee in the September time frame, stating what it looks like and mean, so that can be input to the Secretary and CMS and others as they look at putting out a proposed rule and other things accordingly.
Yes, Justine.
DR. CARR: Will this work with ICD-11 also?
MR. REYNOLDS: I'm not good enough at 10 to go one past there. Marjorie has got her hand in, so we will let Marjorie jump in. Remember, this is a primer. You are getting serious on us here.
MS. GREENBERG: We can talk about this a little bit more tomorrow, but the idea is that ICD-11 would be the same alphanumeric structure as ICD-10. So as I have said many times, ICD-10 is a pathway to ICD-11, but ICD-9 is not.
DR. COHN: Harry, I guess this is an industry question, and perhaps you have a better sense. Do you anticipate that this summer people will understand the impacts of 5010, in terms of the business aspects? How do you anticipate eliciting that sort of thoughtful input?
MR. REYNOLDS: I'll speak as a member of the industry for a moment. Everybody knows it is coming. People have begun working on it. The quality of the testimony will tell us where it is. But I think the key point is, the thing that we would want to recommend to the Secretary as this committee is, get into some idea of sizing it, get into the idea of -- what we have asked WITI to do is take what are the cosmetic changes, what are the changes that actually correct the things that were not where they should have been on 4010, and then what are the real business changes.
You are going to have those three categories, so when we get to the third category, I think that is where it is going to be, does the 5010 really change the business processes amongst players. It may change somebody internally, but does it also change what is going on amongst players, which will be where -- if I would say that it would be a lesser quality of input, it might be at that level, because people have looked at it themselves in a lot of cases, but I'm not sure a lot of businesses have looked at it amongst themselves, who they do business with.
Again, this is a primer. We are going to have the right people come and talk. WITI has agreed to take that responsibility and is working on breaking that down that way with their industry input. But we wanted to make sure the committee at least understood the premise of what was going on. We are going to have the right people at the table now. We will find out then, and that will help everybody that is looking at putting the NPRM out. That will help us to decide whether or not, if we have something for September, we may need to have something else for the full committee for the next meeting after that to add further, based on the fact that the industry all of a sudden realizes that there are other changes or implications in whether or not we want to have those.
If we really hit a train wreck on what we hear, then maybe we don't have something for September. We are trying to set a path, not necessarily a mandate that we have to do it. So unless we get a major surprise, I think we could have something for September, but the testimony will tell us a whole lot as to how we position what we say or don't say.
Are there any other questions from the committee? The other thing that I think would be good is, since we are the first, any input to Simon or anybody else as to whether this is the level that you are looking for in these primers, because we are the first one out of the chute. You are going to hear it on a number of other things. We are going to be doing some similar things on the secondary uses possibly and some other things, you are going to hear a lot more tomorrow from other people on that, but trying to put this together and figure out how to say it is the question.
DR. GREEN: I think someone who can put into three PowerPoint slides with that size font something that is subject to 5400 pages should be commended.
MR. REYNOLDS: Thanks goes to Karen also.
MS. GREENBERG: I might mention, one of the things in addition to ICD-10 that is accommodated by the 5010 was prominently mentioned by every speaker yesterday, and that is the present on admission qualifier. That just came out in every presentation as being very critical.
DR. TANG: Just a minor comment. To answer your question, I think the primer is very, very helpful. I think that is a good way for us to continue to keep the committee informed and elevate the level of understanding as we go along.
The other thing is, I don't see how anybody can take summer vacation or how we can accomplish all we have scheduled for September based on what I have heard this morning.
MS. GREENBERG: I heard on the ride here that nobody is taking a summer vacation. So we are in good company.
MR. REYNOLDS: Simon, that completes our presentation.
DR. COHN: Thank you very much. Our next set of actions, Mark, have to do with letters coming forward from Privacy and Confidentiality.
Agenda Item: Subcommittee on Privacy and Confidentiality Action – Action June 21
MR. ROTHSTEIN: Thank you. Each of you should have at your place a copy of the revised letters that Maya circulated this morning during the break. They are slightly updated versions of what appears in Tab 3 and Tab 4, so you can follow along.
The first letter I want to take up is the FERPA letter. Of the two letters, you can identify it by the fact that there is no big block quote on the first paragraph, that says R-12. Same date and same introduction. There is a block quote with the R-12 recommendation, but that is the second letter.
I assume, Simon, that we want to go paragraph by paragraph, so let me go over the first two paragraphs for the benefit of those on the Internet.
Dear Secretary Leavitt. On June 17, 2004 the National Committee on Vital and Health Statistics, NCVHS, sent a letter to your predecessor, Secretary Tommy G. Thompson, making recommendations on the disclosure of health records by health care providers to schools for both treatment and public health purposes.
The NCVHS revisited the issue of sharing health information with schools, and also heard testimony on the disclosure of health care information by schools during a series of hearings in September 2006 and January 2007, as part of our effort to monitor health privacy protections by entities currently not covered by the Health Insurance Portability and Accountability Act of 1996, HIPAA.
Most schools fall into this category, because the education records of schools that receive funds from the U.S. Department of Education are subject to the Family Educational Rights in Privacy Act, FERPA, and are specifically excluded from coverage under the HIPAA privacy rule. Even the medical records that schools create, for example, through the school nurse or athletic programs, are considered education records subject to FERPA, and explicitly excluded. This letter is intended to bring to your attention a broader set of concerns about the protection of health information in the school setting.
Any comments or suggestions on those two paragraphs? Hearing none, paragraph three.
At the time of the 2004 hearings, we were concerned with the ability of schools to obtain information about students' prior immunizations, both to facilitate registration for school and to avoid duplicate immunizations. Providers may not disclose immunization information to schools for a purpose other than treatment without a HIPAA compliant authorization, because schools are generally not considered public health authorities and therefore do not fall into the HIPAA exception for public health disclosures.
We recommended that HHS deem such disclosures to be public health disclosures under HIPAA. We also reported that there was confusion about the need for authorizations for the purpose of treatment, because HIPAA does not require authorization to share records for the purpose of treatment, but FERPA does. HIPAA compliant authorizations, which are required to share records other than for treatment, were difficult to obtain to confirm that a student had already been immunized. Even where there were HIPAA compliant authorizations, some health care providers refused to disclose records to schools in response to valid authorizations, delaying registration in school or causing students to undergo duplicate immunizations.
That is a long sentence. Any concerns, comments? I'll let you ponder that for a second.
DR. COHN: I would suggest we just note wordsmithing issues as opposed to fixing them on the fly.
MR. ROTHSTEIN: So noted. The comment was that we need to break up that long sentence to one with semicolons. It probably would be easy to just chop it into three sentences. But we don't need to do that now. Any other comments? Next paragraph.
The interaction of HIPAA and FERPA has consequences in three areas. One, release of health information from educational institutions, two, privacy and security of health information held by educational institutions and three, differentiating health information of students covered by FERPA and health information of employees of an educational institution covered by HIPAA.
MS. GREENBERG: What about release of health information to educational institutions? Is it only from?
DR. FRANCIS: That was the subject of the previous letter.
MR. ROTHSTEIN: This is the new information. The first letter, we were concerned about stuff getting to schools. In this we are concerned about information getting out of schools to for example public health authorities.
MS. GREENBERG: But if you say the interaction of HIPAA and FERPA have consequences in three areas, that is clearly one of the areas.
MR. ROTHSTEIN: Maybe we should qualify that. The interaction of HIPAA and FERPA in the following three areas need to be --
(Simultaneous discussion.)
MR. ROTHSTEIN: So this letter addresses the interaction of HIPAA and FERPA in the following three areas? Okay, thank you. Other comments?
Release of information. In our more recent hearings on the subject, we heard from the American School Health Association, the American College Health Association and the National Athletic Trainers Association about a problem related to release of information. These witnesses told us that absent an emergency, FERPA requires parental authorization prior to disclosing a student's medical information to public health officials or even to a student's personal physician. Parental authorization is not required for a health care provider to share records for the purpose of treatment under the HIPAA privacy rule.
The requirement for parental authorization under FERPA limits immunization reporting, mandatory communicable disease reporting and surveillance, hearing testing, autism screening and other health information collected in school settings that might be disclosed to public health officials or health care providers for surveillance and followup treatment.
Comments?
Privacy and security. Sorry.
DR. GREEN: On the limits hearing testing, I think the issue is more of a coordination of hearing testing. What is going on is, these intervention programs that the schools are running, the public health departments have the hearing programs, so they are not able to get the information back from the schools to know if a child needs to be tested or not. So I'm not sure if it is listing hearing testing as more of a matter of determining if there is a need for hearing testing.
DR. FRANCIS: Is it reporting of the test results?
DR. GREEN: That is what their health departments are wanting, is the reporting of tests and results, yes.
MR. ROTHSTEIN: How about this suggestion? In the sentence that begins, the requirement, really what we are saying is the requirement for parental authorization under FERPA limits the effectiveness of immunization reporting, mandatory communicable diseases, et cetera. Is that the point that you want to make?
DR. BERNSTEIN: It can't move out of the school system to the public health authority because FERPA did not contemplate public health disclosures.
MR. ROTHSTEIN: No, I understand that, but what I am trying to get, which I think was Garland's point, is that the problem is that these programs are not as effective as they could be because of this limitation. That is how I am trying to fix that.
MR. SCANLON: Since the subject is parental authorization, maybe that parental authorization is an obstacle to reporting.
DR. BERNSTEIN: Well, we specifically do not want to say that, if I can characterize the committee's discussion, because it characterizes a privacy law as an obstacle rather than something that promotes privacy. The point is, the effect of it is to reduce as Mark was saying the effectiveness of the public health issue, rather than to call it an obstacle.
DR. FRANCIS: The awkwardness of the sentence was that what it is supposed to say is that it limits reporting in all of those cases. So maybe it just might say, the requirement for parental authorization under FERPA limits reporting of, and then put a colon. That way it doesn't look like reporting is linked just to immunization.
DR. BERNSTEIN: Say that again?
DR. FRANCIS: You put a colon after reporting of, and then you just say immunization, mandatory communicable disease surveillance, hearing test results, autism screening and other health information. That way it is clear that the reporting is about all of those results, and that is what it is meant to say.
MS. GREENBERG: So the mandatory communicable disease and surveillance doesn't exactly go well.
MR. SCANLON: Reporting of communicable diseases.
MS. GREENBERG: You would have to take out communicable diseases. I think you would have to take out surveillance, too.
MR. ROTHSTEIN: Is everybody comfortable with that fix?
DR. WARREN: I don't know how much grammar you want, but I have a knee jerk putting a colon after the word of. It should be of the following, and then the colon.
MR. ROTHSTEIN: Thank you, Miss Warren.
DR. BERNSTEIN: I'm happy to take her edits.
MR. HOUSTON: I think if you want to stick with the word limits, I think maybe it should be has limited. It doesn't necessarily -- the requirement for parental authorization doesn't necessarily limit reporting. What it says is, if you get the authorization you can then report. The problem that you have encountered is that you don't always get the authorization. So it is experience. Probably what you heard is that it has resulted in people not getting the authorization, and therefore we have not had all the reporting we would like.
MR. ROTHSTEIN: Yes, because it doesn't technically limit. It has had the effect of limiting. Thank you.
Privacy and security. Representatives of two school health associations testified that they and other school organizations would generally prefer that health information be protected in schools the way it is in health settings. Furthermore, both acknowledged that having more robust guidance on security would be helpful, since school environments generally lack the security protection required by HIPAA. Nevertheless, there may be other individuals or groups that would prefer to continue to have school health records only covered by FERPA, which has fewer disclosure exceptions than HIPAA, and we do not hear from them.
Consequently, although we do not have a specific recommendation now, we want to alert you to the problems in this area and advise you that the issue warrants further action.
Before we get to the question of the wording, let me explain what we are trying to say here, maybe not as artfully as we could.
It is kind of outside of our purview to say that Congress -- we tried to skate around the issue of whether Congress should take jurisdiction away from the Department of Education that is has under FERPA and stick it under the department, under HIPAA or anything else. So that is the explanation for why we said what we did.
MR. LAND: I guess I am not sure what we are really recommending then. If the Department can't do anything about FERPA, if there has to be a change in the law to activate some of these issues and results of these issues, then what are we asking the Department to do?
MR. ROTHSTEIN: We are asking at the end, the recommendation that is on page three in the first full paragraph, therefore NCVHS reiterates our recommendation that HHS work with the Department of Education to improve the interaction of FERPA and the privacy rule with respect to health records in school settings, and to resolve the issues noted above. The effort should clarify the circumstances under which each law applies, et cetera.
So that is the recommendation. The two Secretaries could get together and decide that it is not really solvable and they want to go to Congress and do something.
MR. LAND: This implies that it is just a matter of interpretation of the law and different rules could be promulgated to resolve it. It is my understanding that Department of Education and the schools are saying that is the way the law is, and we can't do anything about it. So having the two Secretaries get together isn't going to help.
DR. BERNSTEIN: Sure, the Secretaries could get together and recommend legislation jointly. They could propose a legislative change. Of course, it would have to be cleared in the normal way, but the Administration does that all the time. They make legislative proposals where they see fit.
MR. LAND: I guess I would like to see something like that in the letter, that if in their consultations they feel the legislation needed to be changed, that they make those recommendations to Congress.
MR. SCANLON: There seems to be a leap here in this paragraph. The paragraph is, we got some information, we didn't get information from others. It seems like the next step would be, maybe we should get information from the others. So the action that is implied in my mind is the idea that this issue needs to be investigated further before anybody does anything as concrete as proposing legislation.
So the question would be whether further action should be modified to say, warrants further exploration, so that people can understand that you think there is another viewpoint out there. The paragraph also in some respects implies that; you didn't hear it, but you think it may be out there.
MR. ROTHSTEIN: Right. If we were to pursue it, theoretically what we would have had to do is have another hearing and invite for example the parental rights people or the pro-FERPA people, whoever they might be, to come in and make their case why they think that FERPA should continue as it is. That seemed to be a little bit out there in terms of our charge, investigating the jurisdiction of FERPA. So that is why we just wanted to leave it like this.
Would it satisfy your concerns, Bill, if we just changed the word action to explored? So the very last word, warrants further exploration?
MR. SCANLON: Yes.
MR. ROTHSTEIN: Garland, tell me where you are.
MR. LAND: I just know that this is a major issue for public health. It seems like we need to be giving some real impetus to -- I don't know for sure, but I presume that this is going to require the law to be changed, is that correct?
DR. BERNSTEIN: I haven't explored enough to know, but it is my sense that that is probably right. FERPA is pretty specific.
MR. LAND: But we don't mention anything in here that that is our understanding, that it is going to require a lot of change. We are kind of leaving the implication that two good people can get together and resolve this, and I'm not sure that that is really --
MR. ROTHSTEIN: Perhaps this is not the place to -- if I can ask you to hold on to that thought, when we get to the recommendation paragraph on page three, maybe we can add that on there. Other comments on the privacy and security paragraph?
Student employees of educational institutions. Another problem identified by the American College Health Association at our 2006 hearing was the overlapping coverage of HIPAA and FERPA in the very common instance where an individual is both a student and an employee of a college or university.
As a student, all of the individual's education records including health records, are covered by FERPA. As an employee, an individual may be enrolled in a group health plan where the individual's health records are subject to HIPAA. In either role, the individual may become a patient of the associated university health center or hospital where both FERPA and HIPAA records are under the roof in the same institution. Consequently, ambiguity and confusion arise as to whether the individual's medical records are covered by FERPA and thereby excluded from coverage under HIPAA.
Another example is the case of the athletic trainer who treats a student covered by the university's health insurance plan so that it is not clear whether the trainer is creating records covered by FERPA or HIPAA.
I'll let you think about that for a minute. We have conveyed the degree of confusion. Here is the paragraph that we may need to touch up a little bit in terms of recommendations.
As we highlighted in 2004, FERPA was enacted at a time before students with significant physical, developmental, behavioral and mental health conditions regularly attended school, and before schools became providers of a wide variety of physical and mental health services. NCVHS recognizes that over 30 years ago, at the time of the passage of FERPA, the role of schools as health care providers and as partners with public health officials was not as prominent as it is today.
Therefore, NCVHS reiterates our recommendation that HHS work with the U.S. Department of Education to improve the interaction of FERPA and the privacy rule with respect to health records in school settings and to resolve the issues noted above. The effort should clarify the circumstances under which each law applies to insure that disclosures to and from schools for public health purposes work smoothly in appropriate circumstances.
Garland, if we want to add that, I think this would be the appropriate place. Can you suggest some language that you would like to --
DR. BERNSTEIN: If I could just point out, I think the reason that this sentence, therefore NCVHS reiterates, that is language that comes from our previous letter, so we knew that it had already been blessed by the committee. Nevertheless, the committee is free to change its wording now.
MR. ROTHSTEIN: And we can supplement it, too. We can take that sentence and add something after the word above.
MS. GREENBERG: At the end of the paragraph you could say something about, further the need for any changes in current legislation or regulations should be explored, or something like that.
DR. GREEN: What would you think about, instead of restricting it for public health purposes, inserting the phrase for public health or personal health care? It is a bidirectional issue. These kids, these trainers, these athletes' personal health care depends upon changing this information in the other direction just as much.
MR. ROTHSTEIN: We have got that up there now. Would that do it for you, and insure that disclosure to and from schools for public health for personal health care purposes?
MS. GREENBERG: I don't know if you need the word personal. You need just public health or health care purposes.
MR. ROTHSTEIN: Okay. What about the last sentence that was added in that paragraph, further the need for any changes in legislation should be explored.
DR. BERNSTEIN: Other than the passive voice.
MR. ROTHSTEIN: So the next revision of that final sentence is, further, the Department should explore the need for any changes in legislation or regulation. Is that okay? Okay, good, we have got a sale.
DR. COHN: We seem to be having problems here. I know how hard it is, this is a new system, but we will keep reminding, because people on the Internet are having a little trouble. I don't think we are able to record it if it is not lit. Garland, it is not you. We are all having trouble with this.
MR. ROTHSTEIN: So could you restate that question?
MR. LAND: Do we know what happened to your first letter, in terms of what action the Department took?
MR. ROTHSTEIN: I would ask Sue McAndrew to comment on that.
MS. MC ANDREW: The first set of recommendations are under consideration in the Secretary's office. Particularly the recommendation about student immunization and its treatment and public health has been the subject of discussion about whether or not a regulatory change to the HIPAA privacy rule should be done to accommodate that route.
I would also add just for the committee's information that I believe it was last week, the Secretary together with the Secretary of Education and the Attorney General released a report to the White House which contained a number of recommendations that would be encouraging information sharing from educational systems. This was largely in reaction to the Virginia Tech incident.
So there is going to be ongoing cooperation between the two Departments to ascertain how FERPA and HIPAA can be -- what guidance is necessary, and potentially further actions may be necessary in order to insure that appropriate information sharing is done, and that those privacy rules do accommodate important sharing activities.
DR. BERNSTEIN: If I am not mistaken, that report is available on the website. Also, on the White House website, it is the report that the Attorney General and the two Secretaries did in response to the Virginia Tech tragedy. I can't remember the exact title, but that is the nature of it. If anyone wants it, we will be glad to provide you a link.
MR. HOUSTON:You said the NCVHS' website?
DR. BERNSTEIN: No, the HHS website, our Department's website.
MS. MC ANDREW: The Department website. This is a copy of it.
DR. BERNSTEIN: What is it called, Sue?
MS. MC ANDREW: The Report to the President on Issues Raised by the Virginia Tech Tragedy. It is dated June 13.
DR. BERNSTEIN: So if anyone wants to see that, we can send you the link.
MR. LAND: The way we have it now, the last sentence for me about looking into changes in legislation and regulation just hangs there. We have embedded in the sentence before that a broader purpose than looking into the issues noted above, assuring that disclosures to and from schools for public health, et cetera, that that is the ultimate thing we want. We want the issues we have noted above dealt with, but we really want -- if there are other questions that are interfering with these transmissions, we want those addressed as well.
I would move that purpose into the prior -- instead of ending, the issues noted above, say, to resolve the issues noted above and to insure that disclosures to and from schools for public health, et cetera. So we have set that up and we have two specific tasks for them to do in this effort. One is to clarify the circumstances under which each law applies, and then secondly to explore the legislation and regulatory changes.
DR. BERNSTEIN: That is going to make this sentence really long, but --
MR. ROTHSTEIN: John, do you want to comment?
MR. HOUSTON:I just was looking up what Sue had just indicated; www.hhs.gov/secretary/violence.html.
MR. ROTHSTEIN: Let me for the benefit of those on the Internet read what I think it says. Therefore, NCVHS reiterates our recommendation that HHS work with the U.S. Department of Education to improve the interaction of FERPA and the privacy rule with respect to health care records in school settings and to resolve the issues noted above.
MS. GREENBERG: I think you can just skip that now, to resolve the issues noted above, because the main thing will be to assure.
MR. ROTHSTEIN: Correct, so let's try that again. With the U.S. Department of Education to improve the interaction of FERPA and the privacy rule with respect to health records in school settings, to assure that disclosures to and from schools for public health or health care purposes work smoothly in appropriate circumstances. The effort should clarify the circumstances under which each law applies and explore the need for any changes in legislation or regulation to accomplish these goals.
Bill, Garland, are you okay with that? Anyone else?
DR. TANG: I just think the word is insure rather than assure.
MR. ROTHSTEIN: I agree, I think it should be insure. The last paragraph.
We also recommend the Department strengthen its outreach in education program to eliminate the unintended confusion that has arisen in recent years with respect to the protection of health records in schools. We appreciate the opportunity to share with you our additional thoughts and recommendations on the issue of school health records.
Any comments on those paragraphs? Any overall comments about the letter? Simon, do you think it is appropriate to vote now, or do you want to vote tomorrow?
DR. COHN: I would ask the view of the committee. I think it is an excellent letter, which was even further improved by the work we just did. Does anyone feel that we need to think about it over the evening, or would you rather just move forward as an action?
DR. WARREN: I just had one question. One of the things that I was looking at as I was reading through this is some of the questions we have had in Standards and Security. If I am an executive reading through this letter, I have to really dig to find the recommendations. I am wondering if we should enumerate those at the end of the letter so that they can easily be found.
DR. COHN: As in bolding them?
MR. ROTHSTEIN: Can we pull them out and bullet them or bold them or number them?
DR. WARREN: Yes, a bullet I think would be better, because then you could skim the letter.
DR. COHN: I would take that along the lines of wordsmithing. You're right, these are hidden in the body of the text.
DR. BERNSTEIN: I still need to break up this previous one we were going to break up into two sentences.
DR. COHN: I think that is formatting and bolding.
DR. CARR: I would concur. The more we can have the format of our letters look the same and the recommendations easy t find. I would also encourage that we might have a headline of what the letters are about, because as evidenced by today, it is very hard to figure out which letter we are on, other than the visual appearance.
MR. ROTHSTEIN: I think that is a very good suggestion as well.
MS. GREENBERG: Yes. In fact, I wouldn't necessarily want to make this the guinea pig, but I think the headline like we sometimes do on an agenda is very good. This is what we are about here.
But also, it is this idea of starting with the end in mind. Even maybe something right in the beginning of the letter that says that, sending the recommendations to you in this letter follows up on that or something, and specifically recommends further efforts by the Department and the Department of Education to bring clarity to these problems.
That is really what these recommendations are about. Then you can go through the whole -- build the case and the specific recommendations. We did this with the latter last time, just bring the essence of the recommendations up to the first paragraph.
MR. ROTHSTEIN: So you are suggesting adding a last sentence onto the first paragraph.
MS. GREENBERG: Yes.
MR. ROTHSTEIN: Which basically summarizes what we are trying to do here?
MS. GREENBERG: Yes.
DR. TANG: Or summarizes the issue. If you just say this letter addresses the confusion that has arisen between FERPA's interaction with HIPAA, that sets the context and describes the problem.
MS. GREENBERG: And recommends approaches to address it, or something like that. But it is wordsmithing, what are we about here. You have certainly made the case well that this is very confusing, but we could lose the reader before it ever got to our recommendations if we haven't told them right up front.
We will work on that. I think we agreed to work on it with Susan Kanaan, on trying to get a more standard set of template or guidelines for all these letters.
DR. FRANCIS: What you have there is just another paragraph, though. So what you really should do is, before it is Dear Secretary Leavitt, it should be almost like the way you would have in a memo, re.
MS. GREENBERG: We will do that too.
DR. FRANCIS: But I think the recommendations should be up there, too. It should be interaction of FERPA and HIPAA, recommendations one, two, three, and then have the letter.
MS. GREENBERG: That would be more radical, but we will take that under --
DR. FRANCIS: You can really see it then.
MS. GREENBERG: I don't think we should do that with this letter, but that will be under advisement as we consider a template.
MR. HOUSTON: It is not that long of a letter, either. I could see if we had long letters and we decided to make recommendations in order to clarify, but this is two pages.
DR. COHN: I guess we will move into this, but I do think bolding RE's are very useful. I think what you are describing is an executive summary. I don't think a letter this long needs that. But you're right, it does need clearly an RE, which we will talk about.
Now, with all of that, how are we with the letter? Are we talking about formatting, bolding? Are we okay? I am seeing people feeling that we can move forward with a vote on this. No?
DR. BERNSTEIN: I just want to make sure that I understand what it is that we are clearing. I need to have a subject. It would be good if the letter were, with the exception of minor editorial fixes, exactly what you want to say.
MR. ROTHSTEIN: I think we're fine. We have to split that one sentence into three sentences, and I think that is about it.
DR. BERNSTEIN: So you people are happy with the sentence I just wrote on the fly? The reason I didn't put FERPA and HIPAA in there is because I would have to explain what both of those laws are before saying that, and it would be hard to do. It took us a whole paragraph to figure out how HIPAA worked.
MS. GREENBERG: That's okay.
MR. HOUSTON: Even though I am a member of the subcommittee, can I make a proposal that we approve the letter, subject to any wordsmithing that Mark would need to do just to clarify these last two points?
DR. COHN: Sure.
MR. LAND: Second.
DR. COHN: Any discussion? Without discussion, all in favor?
(Chorus of Ayes.)
DR. COHN: Opposed? Abstentions? The letter passes. Mark, on to your second letter.
MR. ROTHSTEIN: Thank you. The second letter was originally in Tab 4. It is the one that deals with non-covered entities. I'll give you a second to pull out the revised draft that Maya distributed. There weren't that many changes, and they appear primarily on page two. So let me begin by reading the first two paragraphs, because the first paragraph is not controversial.
Dear Secretary Leavitt. On June 22, 2006, the National Committee on Vital and Health Statistics, NCVHS, sent you a letter report, Privacy and Confidentiality in the Nationwide Health Information Network. Among the 26 recommendations was the following. R-12, HHS should work with other federal agencies and Congress to insure that privacy and confidentiality rules apply to all individuals and entities that create, compile, store, transmit or use personal health information in any form and in any setting, including employers, insurers, financial institutions, commercial data providers, application service providers and schools.
The NCVHS held a series of three hearings in 2006-2007 to learn more about the health privacy practices of entities that make significant use of health information in their day to day operations, but are not covered by the Health Insurance Portability and Accountability Act, HIPAA.
At the first two hearings we heard from representatives of life insurers, insurance regulators, human resource professionals, occupational health physicians, financial institutions, primary and secondary schools and colleges. The third hearing focused on health care providers and other entities in the health industry that are not covered by the HIPAA privacy rule.
We inquired about the degree to which they are regulated by other federal or state laws, and the possible effects that federal health privacy coverage would have on their operations. What we learned from the testimony strongly reinforces our conviction that all entities that deal with personally identifiable health information should be covered by some federal privacy law.
The NCVHS would like to share with you some additional observations in support of our earlier recommendation with respect to this last group of non-covered entities, those operating in the health care arena.
Okay? Next paragraph.
A significant concern is that many of the new entities essential to the operation of the Nationwide Health Information Network fall outside HIPAA's statutory definition of covered entity. Health information exchanges, medical record banks, regional health information organizations and other new entities established to manage health records have proliferated in recent years.
While some of these entities may be business associates under the privacy rule and thus obligated by contractual agreements with covered entities to maintain similar standards, it is the view of the NCVHS that business associate arrangements are not sufficiently robust to protect the privacy and security of all individually identifiable health records. Business associates are subject only to contract claims brought by the covered entity, and not through enforcement actions by HHS or the Department of Justice.
Furthermore, the majority of participants proposed as service providers of the NHIN, e.g., health information exchanges, regional health information organizations, record locator services, community access services, system integrator, medical record banks, are not covered entities or business associates.
The health information technology community is moving quickly in response to the Department's efforts on NHIN, but our hearings have revealed that even today, numerous individually identifiable health records are not subject to federal privacy and security protections. This remarkable fact underscores our view that all individually identifiable health information created, collected, stored or transmitted should enjoy the protection of a federal privacy standard.
DR. OVERHAGE: My ignorance here. So does this imply for example state and local public health departments should be covered by a federal privacy standard?
MR. ROTHSTEIN: Well, at some point they are. If they are covered entities under HIPAA they might be.
DR. OVERHAGE: No, they are not, I believe. I could be wrong, but I think they are carved out. They are not covered entities. We have gone around and around with this with health departments, who have said we are not covered entities, we cannot sign a business associate agreement, because we are not, and we don't want to be.
MR. ROTHSTEIN: I'll let Sue clarify this, but they can be a hybrid entity or they could be a covered entity at their election, depending on what services they provide, correct?
MS. MC ANDREW: By and large, the public health departments within states would not be considered covered entities. That is not to say that some of them have not in fact, because of their definition of what legal entity they are a part of, and/or they may be a direct provider of health services and may bill electronically. They may be -- part of them maybe a covered entity. Most of them we have encouraged to get into a hybrid situation so that their public health functions are not part of the HIPAA compliant component.
MR. ROTHSTEIN: So in answer to your question, we had originally said in R-12, we sidestepped the issue of whether it should be federal or state law, and we also avoided the question of whether, it federal law, whether HIPAA or some other law. So that is why it reads, to insure that privacy and confidentiality apply to all individuals. We didn't say that here, we are saying federal.
So there is an argument that could be made that we should just take the word federal out, I suppose.
DR. OVERHAGE: I don't have a position. I just want to make sure we knew what we were recommending.
DR. FRANCIS: It is of course possible that a federal standard would defer to states in certain areas. So I actually don't think that language takes a position on the point you raised.
DR. OVERHAGE: I guess maybe somebody can explain that to me. So a state health department for example, which is a particular example that is not a direct deliverer of care -- again, I am just ignorant about these things -- this says that entity because they have personally identifiable health information, should be covered by federal privacy law.
MR. ROTHSTEIN: But federal privacy law could say that all information in the custody, under the control of a state agency has to comply with federal law or a comparable state law, if there is one. What that law would say would be, you can't have information that is maintained by a state health department unless there was a state law that protected it, or then it would be subject to the federal law.
DR. FRANCIS: It doesn't for example include the word uniform, which would be -- I think your worry would be a real worry if it included the word uniform.
MR. ROTHSTEIN: Or pre-emptive.
DR. BERNSTEIN: You could say a minimum set of standards plus whatever the state wants to do, but we didn't say that. It could look like lots of different things. HIPAA for example says that state law that is more stringent in certain places continues to apply.
MR. ROTHSTEIN: Would it be better if instead of the word standard we put, enjoy the protections of a federal privacy law? Would that imply more flexibility or less flexibility? No? Or should enjoy federal privacy protections?
MS. GREENBERG: You already said, enjoy the protections of a federal --
MR. ROTHSTEIN: Well, take that away, or transmitted should be subject to federal law. I am just trying to accommodate the concern.
MR. SCANLON: I think the federal privacy standard may be fine. There is a precedent here in the other portion of HIPAA that deals with insurance reform, and sets a standard that there has to be guaranteed issue for certain people. That was something that was left, because insurance regulation is a state function, left to the states unless they fail to do so, and then there was a federal fallback.
So I think we have got a precedent here. Standard is a vague enough but specific enough term at the same time that I think it will accomplish what you intend.
MR. ROTHSTEIN: Any other comments? Are you okay with that, Mark?
DR. OVERHAGE: I didn't have a position, but only that I thought we wanted to make sure that we knew what we were saying in that specific instance, because they are a little bit different than a lot of the organizations that we think about.
MR. ROTHSTEIN: We sometimes know what we are saying.
DR. COHN: I won't tell you that I spent a lot of time wordsmithing this paragraph. As many of you know, you have seen iterations of things getting crossed out.
I had almost a question of fact that I just want to clarify and make sure that we are right on here. I am looking at a particular sentence that says, furthermore, the majority of participants proposed service providers of the NHIN, e.g., health information exchanges, regional health information organizations, record locator services, community access services, system integrator, which may or may not be the right group to be included as medical record banks, are not covered entities or business associates.
Is that a true statement, I guess is my question? I can believe many. I just wonder if we have evidence to support the fact that the majority of them are not covered entities or business associates? Mark, do you have information? Either Mark.
DR. OVERHAGE: I don't have any data other than personal knowledge of those organizations. I don't know of any that are not business associates.
DR. BERNSTEIN: But they are not required it be, right? They choose to do that as a matter of their business. They decide that that is a good business practice. But I'm not aware that they are required to do that.
DR. OVERHAGE: Well, I guess it depends on your perspective. If you are the holder of the health information, if you are a covered entity, you are required to have a business associate agreement with the people you contract with that are going to manage protected health information. If one of these organizations is going to manage protected health information, they would be required by the covered entity to be their business associate.
DR. BERNSTEIN: Sue, is that a precise statement? I don't mean to pick, but I just want to make sure. I think it is right to ask about this.
MS. MC ANDREW: I think in the world today, most data managers, I would hazard a guess, all data managers are business associates of the covered entity that they service. We are presuming that some form of that relationship will carry over into a RIO setting. It becomes difficult to decide whether or not they fit the business associate model, simply because you have the central player that is connected to a whole array of different providers, and also may have some relationships and obligations to yet other networks independent of the providers.
It is not clear yet where the data will reside and what their range of functions will be. Some of them may actually be engaging in functions that would be independent of a business. They are not things that come out of a covered entity and get passed on to this entity as a business associate. They may be business functions independent.
So they wouldn't be doing everything on behalf of the covered entity or even multiple entities. So conceptually as we get further down the RIO road and the networks road, it does become challenging to figure out if the business associate model truly functions and functions effectively in that environment.
DR. OVERHAGE: I am looking at examples like the Memphis project and ours. Everyone I know of, we all have many business associate agreements.
DR. BERNSTEIN: My question was, are they required either by the law or by the rule to be business associates, or is it just a good business practice to do that. Those are different things.
MR. ROTHSTEIN: Let me recognize Paul, and then Harry wanted to comment, and then Marjorie.
DR. TANG: Maybe I would like to try to resolve this discussion by taking out the or business associate phrase from that sentence. We spent most of the paragraph setting up the claim that business associate is such a weak instrument that it is a bit moot.
It is true that none of these folks are covered entities, and it is that principle, not that they become covered entities, but that the data the store, access, touch have the same protection as if they were covered entities. I think that is our point. So if we take away the business associate phrase, --
MR. ROTHSTEIN: But let me ask you, Paul, if we did that, then what about the majority? Should we just take that away, furthermore the participants proposed as?
DR. TANG: None of them are covered entities.
MR. ROTHSTEIN: So it would now be, furthermore the participants proposed as service providers of the NHIN, skip the parenthetical, are not covered entities, period. Is that what you are proposing? Harry was next in line.
MR. REYNOLDS: Let's keep in mind that more and more of this business of NHIN and other things is going to be done over the Internet. There are going to be silent partners in many ways, as data flows back and forth between entities that you don't know, you don't see, and you don't have jurisdiction over. So that is where a lot of this business is going to be going.
So I think the point is, everybody that is doing business now that knows of someone who is helping them do that business may be bringing them into the fold. But the model that we are looking at for the future doesn't necessarily let you know everybody that sees or touches or gets anywhere near the data. So I want to keep that as an overview thought, too. Everybody can defend that I have got the right business associates, and we do the same thing. But when you shoot it out into the highway now, you're not sure who all is getting it and what they are doing with it and who is who.
MR. ROTHSTEIN: Thanks, Harry.
MS. GREENBERG: I think Paul covered my point.
MR. HOUSTON:As I look at it, I think if we are going to remove business associates, then rather than furthermore at the beginning of the sentence, I would almost be inclined to say something like, additionally, other participants proposed as service providers of the NHIN are not covered entities.
We have talked about business associates above in this paragraph. We also talked about the group that are -- there is an assumption that some could be covered entities, but there is this others category that would not be either of those. You have to make that linkage somewhere in this sentence.
MR. ROTHSTEIN: Reading the paragraph as a whole, the change Paul suggested makes the paragraph illogical now. We start out talking about -- it just doesn't follow. It starts out talking about covered entities, a significant concern is that these people are outside the covered entities, and then we say that some of them might be business associates, but there is a problem with business associates, then we go back and say that they are not covered entities.
What we would have to do to make it fit together is move the new sentence the way Paul rewrote it up into the first part and then talk about business associates as the second part, to make that logical.
DR. FRANCIS: Another problem here is that what you might have is a network sharing be a business associate of one entity and then a business associate of another entity and there are issues about the consistency of those arrangements, too. That is a problem if what you are dealing with is enforcement only through contract claims.
I was playing with the idea of business associates with each other. That is one way to think about it. Another way to think about it is just to weaken that and say, may not be business associates rather than are not business associates.
Basically we are pointing to the fact that there is a patchwork of protections maybe afforded by the business associate model. We certainly don't have the protections afforded by the covered entity model. It is hard to know exactly, but if we just changed are not to may not.
MR. ROTHSTEIN: Another way of doing it is not to undo what Paul just said, that we like, but just to make the change, to think about the original language which you have in front of you on the hard copy, and take the word majority out, and just say, furthermore many of the participants proposed as service providers are not covered entities or business associates. I think that is a statement of fact that nobody would disagree with, and many of them aren't, either.
So then logically we would say, some are covered entities, some are covered as business associates, but that is not too not anyhow, and many aren't, either.
DR. COHN: I think I like the way you are wordsmithing this. My own question at this point is where it fits in the paragraph.
MR. ROTHSTEIN: If you go back to the hard copy and don't look at the screen, in the fourth line down, where it says furthermore, at the end of the line, strike out the majority of and substitute many of the.
DR. BERNSTEIN: Do I have it on the screen the way you are talking about, Mark?
MR. ROTHSTEIN: Yes.
DR. COHN: I just have a question of clarification. The way the sentence is going, I found myself looking at this and trying to figure out how this point is different than the first and second sentences of that paragraph. Maybe we are making a distinction between entities essential to the operation versus service providers. Is that the distinction we are making here?
MR. ROTHSTEIN: A significant concern is that many of the entities are not covered entities. They have proliferated in recent years. Some may be business associates, but there are problems with that.
DR. BERNSTEIN: And many are neither one.
MR. ROTHSTEIN: Many are neither.
MS. MC ANDREW: Those are different ways in which business associate arrangements are not sufficiently robust.
MR. ROTHSTEIN: I sense that we have an agreement on what we are trying to say with the paragraph, but it may not read with sufficient clarity for everyone's comfort. Is that pretty much true? In other words, we need to meet privately, the subcommittee, redraft this paragraph and bring it back tomorrow, do you think, or not?
DR. OVERHAGE: I was going to say the same thing Simon did. I think you should strike this sentence and the whole thing would be clearer.
MR. ROTHSTEIN: Strike which sentence?
DR. OVERHAGE: The one we are discussing about, furthermore the majority of participants proposed as service providers.
DR. COHN: That is what I was trying to say. I just wasn't sure whether there was anything new that we were adding.
DR. OVERHAGE: If it adds something, it is not clear to me.
MR. ROTHSTEIN: One of the things that I didn't want to lose that maybe we can salvage from that is, could we move that list that is in the parenthetical into the second sentence of the paragraph, just to give a flavor of the varieties of these organizations? Would that be okay?
DR. OVERHAGE: Yes.
DR. BERNSTEIN: If you strike the sentence, then you lose the -- the previous sentence talks about that you might have business associates and the arrangements are not very robust. But I think it was trying to drive the point that some of them aren't even business associates, so there is nothing protecting them. That point is not made if you lose that sentence.
DR. OVERHAGE: I'm not sure why you lose that point. You say in the third sentence, while some of these entities may be business associates, --
DR. BERNSTEIN: The argument is, we are not covered entities, but it is okay because we are business associates. From the discussion, without trying to put words in the subcommittee's mouth, the idea was, we don't want them to be able to say for business associates that is good enough, because we don't think it is really good enough. We think that is not very robust.
Then the point is, even though it is not very robust, it is better than the fact that some of them are not covered at all. And they are not business associates, and there might be some state law that applies, but probably not. These are new kinds of business models.
DR. FRANCIS: Suppose what we did was, we take the sentence that starts, while some of these entities may be business associates under the privacy rule and thus obligated to maintain similar standards, others may not be business associates, period. Moreover, it is the view of the NCVHS that business associate arrangements are not sufficiently robust. That way, both points get made.
MR. ROTHSTEIN: I'm okay with that. Maya, do you want to give that a shot?
DR. BERNSTEIN: I'll do that. Then do you want to put this list somewhere? That would mean we would kick out this part right here.
DR. FRANCIS: I believe we have that list already. We have most of that list already in the second sentence, and we should make sure that the list in the second sentence is complete.
MR. HOUSTON:I think what Leslie said works. If you take the parenthetical out of that sentence that started originally with furthermore, it is a lot easier to read. I think we can use Leslie's approach, too. I think the parenthetical makes it difficult to navigate, which might have caused some of the confusion. Either way I'm okay.
MR. REYNOLDS: I am in total support of Leslie's position on the business associates also.
MR. ROTHSTEIN: Thank you. Other comments on that paragraph? Let me give it a try. Are you ready for me to try to read that now, Maya?
DR. BERNSTEIN: How's that?
MR. ROTHSTEIN: Here we go. A significant concern is that many of the new entities essential to the operation of the NHIN fall outside the HIPAA statutory definition of covered entity. Health information exchanges, regional health information organizations, record locator services, community access services, system integrators, medical record banks and other new entities established to manage health records have proliferated in recent years. While some of these entities may be business associates under the privacy rule and thus obligated by contractual agreements with covered entities to maintain similar standards, others may not be business associates. Moreover, it is the view of the NCVHS that business associate arrangements are not sufficiently robust to protect the privacy and security of all individually identifiable health records. I think there is no change in the rest of that paragraph.
DR. BERNSTEIN: That second deletion. So it goes, business associates are subject only to contract claims brought by the covered entity, --
MR. ROTHSTEIN: And not to enforcement actions by HHS or the Department of Justice.
DR. BERNSTEIN: And is followed by the health information technology community as moving quickly, that sentence.
MS. GREENBERG: Then you pick up again here?
MR. ROTHSTEIN: Right. So is everybody okay with that? Hearing no moans, --
DR. COHN: I don't mean to take all the fun out of this paragraph. I just wonder about the word remarkable.
MS. GREENBERG: I like it.
MR. ROTHSTEIN: I think an early version was astonishing. Next paragraph.
In addition to new entities that manage health records, mentioned above, NCVHS also heard from representatives of non-covered health care providers, the National Athletic Trainers Association, International Medical Spa Association, a large employer participating in a multi-employer personal health records system, a health record bank organization, and a home testing laboratory. We also heard from legal experts who addressed various issues associated with those entities, such as the status of concierges, medical practices and the disposition of the health records of entities that enter into bankruptcy.
DR. OVERHAGE: Two comments. One is that I wasn't sure why concierge medical practice -- to me that means something that covers -- it is just a medica practice that happens to operate in a different way, and I wasn't sure why that became a different --
MR. ROTHSTEIN: Because there are basically two types of concierge medical practices, one of which is cash only, no billing, and therefore not covered.
DR. OVERHAGE: I guess that is my trouble, that using that word might imply a broader group of practices, and what you really mean is people who charge cash for their services. We have used a word that describes something different, which is how care is delivered.
MR. ROTHSTEIN: This sentence, keep in mind this is a description of who we heard from. We heard from a legal expert whose practice is representing concierge medical practices of both kinds. In the next paragraph, we talk about -- we don't use the term concierge medical in the next paragraph; we say among the health care providers not covered by HIPAA, entities are directly paid by their customers or another party, blah, blah, blah.
DR. OVERHAGE: My question would be, I fear it might engender some confusion by convoluting the two things, and we might be better off saying something like, the status of medical practices to operate on a cash-only basis or something, and then you are going to go on and explain that further.
MR. ROTHSTEIN: This is narrowly, precisely who we heard from. But I understand your point. So let's make that change.
DR. OVERHAGE: Then the other is a similar vein at the end.
DR. BERNSTEIN: Mark, before you go on, can you tell me what the language was that you wanted?
DR. OVERHAGE: I was just going to include cash only or something like that. You could wordsmith that.
MR. ROTHSTEIN: And your other change?
DR. OVERHAGE: In the last sentence you talk about entities that enter into bankruptcy, and I wonder if we want to say cease to exist for various reasons, including bankruptcy or something. Again, this is in a similar vein. You heard about bankruptcy.
MR. ROTHSTEIN: This is exactly who we heard from. We heard from an expert on bankruptcy law, who commented on the issue of whether any promises to safeguard privacy extend to entities that enter into bankruptcy.
DR. BERNSTEIN: Right, and also because the medical records may have value in the market, whether they are required to sell them
DR. OVERHAGE: I understand the issue. My worry is that -- and I appreciate your point about, this is who you heard from. The question though I had was, obviously entities cease to exist for a whole variety of reasons, one of which is bankruptcy. The same set of issues apply when the organization ceases to exist. A simple example is, a physician shutters his doors.
DR. BERNSTEIN: No, the same issues do not obtain if the practice just goes out -- sorry, Mark.
MR. ROTHSTEIN: Actually, the issues are different under the Federal Bankruptcy Act. That is what we wanted to explore, the intersection of the Federal Bankruptcy Act protections and the privacy.
Any other comments on that paragraph? The next one.
Based on the testimony we heard, we now understand that a significant number of everyday providers of health care and health related services are not covered by the HIPAA privacy and security rules.
These entities fall into two categories. The first category do not submit payment in electronic form. These entities are not covered because the definition of a covered provider is connected to the original purpose of HIPAA, administrative simplification of the processing of claims. Since these entities do not submit claims or bill health plans, they fall outside the definition and are not covered.
Among the health care providers not covered by HIPAA are entities that are directly paid by their customers or another party such as some providers of cosmetic medicine services, occupational health clinics, fitness clubs, home testing laboratories, massage therapists, nutritional counselors, alternative medicine practitioners and urgent care facilities.
Simon, you have a quizzical look on your face.
DR. COHN: I see some at the beginning, and I couldn't decide whether some in the last sentence applies to all of these or just to cosmetic medical services. I just couldn't tell. Is some applying to every single one of them?
MR. ROTHSTEIN: Maybe we should put, such as some of the following?
MS. GREENBERG: Providers.
MR. ROTHSTEIN: Some of the following providers?
DR. COHN: Sure, that would help.
MS. GREENBERG: I don't want to create a problem when we correct a problem, but a fitness club is not a provider.
MR. ROTHSTEIN: Oh, right.
MS. GREENBERG: I don't think you would consider that a provider. That is just some wordsmithing.
DR. BERNSTEIN: If an athletic trainer works there, sure. Why shouldn't they be a provider?
MS. GREENBERG: But the issue I was going to raise is, you said two slightly different things here. In the first category, entities that do not submit claims for payment in electronic form. Then a little bit later you say, since these entities do not submit claims or bill health plans. They could submit claims or bill health plans in paper form, right? Then they wouldn't be covered?
DR. BERNSTEIN: Yes, you can be an all paper practice.
MS. GREENBERG: So you need an electronically in both places.
MR. ROTHSTEIN: I think we have fixed that now. Thank you for that point. Other comments on that paragraph?
DR. BERNSTEIN: Mark, if the committee wants to add, as Marjorie points out, those who are just paper practices are also not covered. We didn't include them in the list.
MR. ROTHSTEIN: We could add that. That is certainly a true statement. But at the hearing we didn't hear from any paper only people. They don't travel on airplanes to give testimony.
In the second category are providers that create records covered by the Family Educational Rights and Privacy Act, which are explicitly excluded from the definition, protected health information, in the HIPAA privacy rule. FERPA, which is overseen by the Department of Education, protects records of students in schools that receive Department of Education funds. Thus, most health records created and maintained by school clinics fall under FERPA rather than HIPAA.
However, some schools are not covered by either law. Some providers, such as athletic trainers working in scholastic athletic programs or college student health services that submit electronic insurance claims, have reported confusion as to whether they are subject to HIPAA or to FERPA. Today under separate cover we are also sending a letter addressing this matter.
MS. GREENBERG: I don't remember your mentioning in the FERPA letter that there are some schools that aren't covered. Why would a school not be covered by FERPA?
MR. ROTHSTEIN: Because they don't receive funds from the Department of Education.
DR. BERNSTEIN: There are a few that do not take any funds, and none of their students have federally sponsored financial aid.
MS. GREENBERG: But you didn't mention that in the FERPA letter, because that wasn't in the FERPA letter.
MR. ROTHSTEIN: Right. Other comments? Hearing none, moving along.
The HIPAA privacy and research rules were designed to set minimum uniform protections for identifiable health information across the nation. Providers of health care and related services not subject to HIPAA may also not be subject to any other state or federal privacy law. This means they may be free to engage in a wide range of practices otherwise not permitted under HIPAA. For example, non-covered entities are not required to provide notices to individuals about their privacy practices, train their staffs about privacy and confidentiality, institute physical controls on the storage or use of health records, protect electronic transmission of health records, maintain an accounting of disclosures or require an authorization before re=disclosing health information to other non-covered entities. These entities may even sell personal health information without authorization for the purposes of marketing or other purposes that consumers may find objectionable.
DR. OVERHAGE: Is the word may there saying that they are allowed to do that under current law, or that they do it?
MR. ROTHSTEIN: Maybe we need the word might. Would changing may to might help you?
DR. BERNSTEIN: In which sentence?
MR. ROTHSTEIN: In the last sentence. These entities might even sell.
DR. OVERHAGE: I guess I don't understand whether we are saying that they are actually allowed to, and there is a loophole, or if we are saying that in fact they do.
MR. ROTHSTEIN: What we are saying is that there is nothing prohibiting them, but there is a possibility that they could even --
DR. OVERHAGE: I think that is a good word. To me that says there is nothing blocking them from doing it, therefore they may and sometimes will, is the implication. Have been known to.
MR. ROTHSTEIN: And just for your amusement value, one version of this, instead of doing things consumers may find objectionable, it read, for other nefarious purposes.
DR. BERNSTEIN: I have got to have some fun somehow.
MR. ROTHSTEIN: Any other comments?
DR. BERNSTEIN: It tends to bring the subcommittee's attention to what I've written just so they will look at it.
MR. ROTHSTEIN: Right. Next paragraph.
In the context of the NHIN, it will be easier to design health information products and services with knowledge of privacy requirements than to retrofit them to new privacy policies. Therefore, it is urgent that HHS and the Congress establish from the outset laws and regulations that will assure the public that the NHIN and all its components are deserving of their trust.
As you continue deliberations on the best way to develop the NHIN, we hope that this information gathered through our recent hearings is helpful to HHS in acting on our earlier recommendation that all entities that deal with personally identifiable health information should be covered by some federal privacy law.
We appreciate the opportunity, blah, blah, blah.
DR. BERNSTEIN: From the outset? Does that help us? What do we exactly mean? From the outset of what? Don't we want them to establish laws right away?
MR. ROTHSTEIN: The offset is in reference to the prior sentence where they talk about retrofitting them to new privacy policies. All we are trying to do is say that we need to be prospective or proactive in developing them.
DR. BERNSTEIN: So if we were to follow the format of the recommendation, is there a recommendation here?
MR. ROTHSTEIN: This is an unusual letter, in the following sense. We have the recommendation that is quoted at the beginning, R-12. What we are saying now is that we have followed up on our original recommendation. We have had more hearings. We have generated more information that further supports our earlier recommendation, and we think you should be aware of this additional information that we have collected.
But the recommendation which we made in 2006, R-12, we still believe in, and we don't believe it needs to be changed. So that is what makes this a little unusual. We don't have a new recommendation, we have new support for an old recommendation.
DR. CARR: So what we are saying is, there is a time issue. Not only is this important, but it is important to do sooner rather than later.
MR. ROTHSTEIN: So do you think that is a recommendation?
DR. CARR: The way it is written?
MR. ROTHSTEIN: No. Are you suggesting that using the time element, we ought to isolate and make a new recommendation that time is of the essence?
DR. CARR: Yes. First we told you this, now all these things have happened, and we are back to tell you there is now a time urgency to this because we will have a lot of rework if we don't get this straightened out in the beginning. So I think it is a -- I'm trying to get the punch line. It is a great letter, but it ends up with -- it doesn't punch it out as much.
DR. GREEN: I wish to speak in support of what Justine just said. I am wondering why we don't get rid of this from the outset. From the outset is ambiguous. We have only been trying to do this for about 20 years already, so it is a little late. Why not just say, Congress establish now? Or just say established? I like the sense of now.
DR. BERNSTEIN: Now? Where?
MR. ROTHSTEIN: How about as soon as possible?
DR. GREEN: How about now?
MR. ROTHSTEIN: Then it reads like a cartoon. I want to take up the issue that Justine raised and whether we should spin off from this paragraph a new recommendation that goes to the need for this to be done now, before the NHIN is set in stone.
DR. COHN: I think it is right. This paragraph says it. That sentence where it says time is of the essence, it almost goes at the beginning of that paragraph there. I was going to say at the very beginning. That would be fine, too. Some formatting or bolding of that, or maybe even boxing of this. I'll stop there.
DR. TANG: I'd like to speak in favor of what Justine suggested, then piggybacking on what we did with the earlier letter, put the re up in front and label it something like, update to privacy law is required to accommodate NHIN data sharing practices. In other words, it really punches it and says, why should you read this letter in the first place? We said this a year and a half ago. Now look where the country is moving in an appropriate direction. We need to update our privacy laws and regulations in order to accommodate that now.
DR. BERNSTEIN: Paul, tell me where you want to put that.
DR. TANG: It is an endorsement of the recommendation.
MR. ROTHSTEIN: In the re line.
DR. TANG: In the re line it says, update the privacy laws and regulations required in order to accommodate NHIN data sharing practices.
MR. ROTHSTEIN: Privacy laws and regulations. Update to privacy laws and regulations. What was the rest of that?
DR. TANG: To accommodate NHIN data sharing practices.
MR. ROTHSTEIN: Needed to accommodate.
DR. TANG: Required to accommodate NHIN data sharing practices.
MR. ROTHSTEIN: And we are going to see that in the Washington Post, in a headline?
DR. TANG: We will see that in the Washington Post.
DR. CARR: Just thinking again about the closing paragraph, I wonder if it is worth saying something like, we reiterate the initial recommendation and we add a timeliness element or something like that.
MR. ROTHSTEIN: Are you saying that in the first paragraph or the last?
DR. CARR: The last. So we reiterate our support of the initial recommendation, but we now add an urgency, timeliness or something like that to close it up with some strength.
DR. TANG: In the past year we have been informed of the NHIN activities going on. That is what has caused some of these new requirements. It is not just adding urgency to what we said. We have new requirements that have unfolded in the past even year.
MR. ROTHSTEIN: That further support the urgency of, whatever.
MS. GREENBERG: Although I believe in now and immediately, have you ever seen HHS and Congress establish laws and regulations immediately? It is not even within the realm of possibility that one could do that. It is part of the political process; I'm not saying it should be within the realm of possibility. So I would say as soon as possible as you said, or as soon as feasible or something would be more appropriate. Otherwise it sounds like we are smoking something.
DR. BERNSTEIN: See how good I am at grabbing your attention? I'm not sure this is the recommendation you want, but it might look something like this.
DR. FRANCIS: Could we change establish as soon as feasible to, should move urgently to establish?
MS. GREENBERG: Well, we can't tell HHS to meet with Congress.
DR. BERNSTEIN: Move urgently to establish.
MR. ROTHSTEIN: It is urgent that we move, but we can't move urgently.
DR. GREEN: Expeditiously?
DR. COHN: I would get rid of as soon as feasible also.
MR. ROTHSTEIN: Yes, I don't like with urgency. I think expeditiously. I just want to ask if there are any more comments to this?
MS. GREENBERG: If you are going to make this into a recommendation, then I think the last paragraph, not the appreciate, but second to last, is kind of anticlimactic. I would incorporate that into the recommendation. Say, to establish laws and regulations that will assure the public that the NHIN and all its components are deserving of their trust.
MR. ROTHSTEIN: We might want to just put --
MS. GREENBERG: I'm not saying to get rid of it.
DR. GREEN: I thought the recommendation is to define the covered entities sufficiently. This suddenly talking about trust makes no sense to me. The recommendation is, get the covered entities defined so that the design can proceed to move the information around where it needs to go. It is not about trust, it is about defining --
MS. GREENBERG: Well, ultimately it is about trust, but I think you are right, should move expeditiously to establish laws and regulations that will assure that all entities that deal with personally identifiable health information are covered by some federal privacy law. This is needed to -- or, this is necessary to assure the public that the NHIN and all its components are deserving of their trust.
DR. TANG: It is back to insure.
MR. ROTHSTEIN: No, actually it is assure. We are going to assure the public.
MR. HOUSTON: I have a concern over the phrase some federal privacy law. Do we want to maybe refine that a little bit to say a uniform federal or comprehensive federal privacy law?
DR. BERNSTEIN: Comprehensive is not the same as uniform. It means broad coverage.
MR. HOUSTON: I'm saying the word -- I'm not saying comprehensive is right.
MS. GREENBERG: We'll take that out.
MR. ROTHSTEIN: And we are going to delete the last paragraph now, correct? The as you continue paragraph, because we got that idea in part of the recommendation.
MS. GREENBERG: It's a little too wishy-washy.
MR. ROTHSTEIN: Other comments on the letter?
DR. BERNSTEIN: Do we think this is okay, time is of the essence?
MS. GREENBERG: I still like that.
MR. ROTHSTEIN: Yes, I think time is of the essence. It is lunchtime, so other comments?
DR. BERNSTEIN: Let me show you what this looks like.
MR. ROTHSTEIN: I will read it quickly for the benefit of those on the Internet who are anxious to see what our final version sounds like.
In the context of the NHIN, it will be easier to design health information products and services with knowledge of privacy requirements and to retrofit them into new privacy policies. Therefore, time is of the essence.
Recommendation. HHS and the Congress should move expeditiously to establish laws and regulations that will assure the public that all entities that deal with personally identifiable health information are covered by a federal privacy law. This is necessary to assure the public that the NHIN and all of its components are deserving of their trust.
MS. GREENBERG: I don't think you need the public both times. It is to establish laws and regulations that will insure that all entities that deal with personally identifiable health information are covered by a federal privacy law. This is necessary to assure the public, and take the public out of the first. After that, take the public out.
MR. ROTHSTEIN: And it is assure.
DR. BERNSTEIN: Does anyone have an issue with deal with? It seems a little colloquial to me. Previously we said collect, store, transmit. We were more specific, right?
MR. ROTHSTEIN: Correct. That is our language. But we had a whole bunch of them, create, compile, store, transmit or use. If we are going to reiterate our earlier recommendation, let's just put that in. That will be better. That will be more consistent. HHS and Congress should move expeditiously to establish laws and regulations that will insure that all entities that create, compile, store, transmit or use personally identifiable health information are covered by a federal privacy law.
I'm not sure with all that, that we need the next sentence. We have emphasized trust, trust, trust in the June 2006 letter, and it might water the import of this down.
MS. GREENBERG: No, I think it is okay.
MR. ROTHSTEIN: You want to keep it? Okay. Any other comments on this letter?
MS. GREENBERG: I don't think these are just thoughts. I think this is a more powerful letter now. We appreciate the opportunity to share with you our findings and recommendations on this important issue, I would say. Not thoughts.
MR. HOUSTON: Can I move that we vote on this letter?
DR. COHN: Sure. Is everybody comfortable at this point with the letter, and I presume friendly amendment, if there is subtle wordsmithing.
MR. HOUSTON: Subject to Mark and the executive committee's tweaking as necessary.
MR. ROTHSTEIN: I'm not sure we need to do any more. We needed to do some in the last one, but I don't think so.
DR. COHN: If we are done with tweaking, let me just ask, is fitness clubs really a provider?
DR. BERNSTEIN: Yes.
DR. COHN: Well, with that one question, any other discussion? I hear a motion. Is there a second?
DR. TANG: Second.
DR. COHN: Any further discussion? All in favor?
(Chorus of Ayes.)
DR. COHN: Opposed? Abstentions? The letter passes.
MR. ROTHSTEIN: Thank you, Simon. I want to thank the members of the subcommittee and Maya for working on this, and all of the committee members for their helpful suggestions.
DR. COHN: With that, we will take a lunch break for one hour. We will reconvene at 1:35.
(The meeting recessed for lunch at 12:35 p.m.)
DR. COHN: We are actually running a couple of minutes behind schedule but not doing too badly. The next set of action items have to deal with letters coming forward from the Subcommittee on Standards and Security. We are obviously sorry that Jeff Blair is not available to join us this time but I think he has a day job – I am told. It is sometimes now getting in the way of things.
With that, Harry, why don't I turn it over to you
and let you walk us through the letters.
Agenda Item: Subcommittee on Standards and Security Letters, Action June 21
MR. REYNOLDS: Our goal is to be finished with both of these letters by the 6:30 p.m. dinner so any assistance you can give us would be appropriate.
(Laughter.)
MR. REYNOLDS: Moving right along. We will go to the NPI letter first. Denise has it up on the screen, too, and this was the one that was passed out and not the one that was in your packet.
The National Committee on Vital and Health Statistics, NCVHS, is responsible for assisting and advising the Department of Health and Human Services, HHS, and adopting the administrative simplification provisions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA). In that role we have continued to monitor the healthcare industries progress towards meeting the May 23, 2007 compliance date for implementation of the national provider ID, NPI.
We last reported NPI status to you on February 15, 2007 and at that time concluded that several key impediments remained to meeting the statutory deadline. At that time we expressed our concern that the industry would not be able to meet the target date for NPI compliance and made a number of recommendations in this regard. They included –
MS. GREENBERG: Did you say "concern" or skepticism?
MR. REYNOLDS: We have changed it to "concern". There was some question about that so I am asking if we can put that back on the table.
MS. FRANCIS: But it should read concern that the industry should not be –
MS. GREENBERG: If it is concern then you need the not.
MR. REYNOLDS: Yes, absolutely. So our recommendations back then were that HHS should decide what information from the national plan/provider enumeration systems, NPPES, would be made available to the industry.
Next bullet. Issue a date of dissemination notice. Next bullet; make the data available at the earliest possible date.
Secondarily, that by May 23, 2007, covered entities should be required to obtain their NPI's. Second bullet; plans and clearinghouses must complete the system changes needed to accept NPI's on HIPAA transactions.
Thirdly, that HHS should publish contingency guidance to protect compliant covered entities from enforcement actions if they develop and implement contingency plans. This guidance was issued by CMS on April 2, 2007.
Any questions so far. John.
MR. HOUSTON: When I read through the letter I was a little concerned about the way things were timed and it seemed liked – if I am getting it correctly – there were certain things that were to happen on May 30th. There were things that – May 23rd – it seemed like the letter the way it is structured, times have already passed and you are sort of talking about –you are speaking of things in the current tense and in the future tense – and it appears that the time has already passed towards the compliance deadline.
MR. REYNOLDS: Let me address that two ways. First, remember that this is a string of letters. Second, when this was originally done it was prior to May 23rd, as we have had the hearings and so on. We have been having this for a while. So, do you think that we should not go back in the history or what should we do?
MR. HOUSTON: I am almost thinking – personally when I read the letter it seemed to be confusing and there are things that have already passed and that is fine – I am just wondering whether you should simply look forward to the things that still need to be done for which the deadline has not passed yet? I guess there were a couple of cases, if I look through my notes, we can get to it in a later paragraph but I guess the question I was left with in a number of cases – okay, the deadline has passed – what has actually happened. Is there a need for some of the things that you are talking about wanting to do. A general comment.
MR. REYNOLDS: I think it is good because we actually only have one recommendation. I like the idea earlier and we will change the format to maybe do a "regarding" that we did on the other letter, what is the subject and then we should make sure we bold the recommendations. We definitely need to do that also.
DR. FRANCIS: I wasn't confused, at least in the sense that what you have here bulleted are your recommendations from February 15th. I think as long as it is clear – maybe if you formatted it so these inserts were labeled February 15th recommendations.
MR. REYNOLDS: For example, I think we could take the sentence off the last bullet – back to your point, John, "this guidance was issued by CMS on April 2, 2007" so we sent a letter in February, what did we say in February, then what has happened in April, what has happened in May, and so on and then our recommendation.
MR. HOUSTON: I guess maybe to my point, it seems like there is something missing like there should be something said about what is actually happened either since the guidance was issued or since the deadlines have passed that cause you to make any further recommendation.
When I read the letter, and maybe I just missed it, but it sort of seemed like that was missing.
MR. REYNOLDS: We will keep that in mind as we go through it and if it is still missing –
DR. COHN: One other thing that may just help with understandability, I think there needs to be a paragraph where it says; "we last reported". If you make that as a separate paragraph then all the bullets and all of that sort of fall under that and that piece doesn't get lost.
MR. REYNOLDS: So make a separate paragraph starting with "we last". Fine.
DR. TANG: Harry, so we don't have to deal with this at the end you want to go ahead and give us what the "re:" is going to say so that we can set the context?
MR. REYNOLDS: I am going to let Judy work on the "re" while we are doing this. I was accepting the fact that we need to do that on the fly. I need to think about it exactly what we want to say.
Let us read through it and then we may need some help from the Committee on that because the message – we will talk about that some more.
DR. TANG: I guess, maybe it is part of the same comment that others are making, I don't understand why we are tracing history yet.
MR. REYNOLDS: Partially we wrote the letter again, before some of the things that occurred, occurred. I am not defending – I am making a factual statement.
Now, playing off this morning and playing off of how we addressed this morning, we may shorten this letter substantially. What I would like to do is go through the substance, make sure you understand why we did what we did, and then more to happy to consider pulling out some of the history and just going straight to the bottom line since it is a subject of which this is a string of letters. It is not like we are re-warming everybody up to this. This is a subject that is in play. It is a subject that the whole industry is doing and it is a subject that the Secretary is getting regular updates from in lots of ways.
On May 30, 2007 the Department published in the federal register the NPPES data dissemination notice, detailing the policy by which CMS will make certain NPPES health care provider data available to cover these under the health insurance portability and accountability act and two others.
The NCVHS commends the Department on their timely response to industry requests.
If you remember that you got had in there that we felt that should be done and then we got it. Then it came out so it is back to that same flow again.
On May 1, the Workgroup for Electronic Data Interchange provided an update via testimony to the NCVHS Standards and Security Subcommittee that while progress has been made there is a key outstanding issue that remains. This is the plan by CMS to discontinue issuance of NPIN numbers after May 23, 2007 and CMS's plan to discontinue access to the UPN file by June 30, 2007.
That is the only new issues that we are dealing with. So that is the one that we are making the recommendation on. Next, based on this expert testimony at the Subcommittee hearings and our own public deliberations we have the following observation and recommendation.
After hearing testimony, NCVHS is convinced that CMS should maintain business as usual by continuing to issue and make available UPN numbers until the end NPI contingency guidance period, May 23, 2008. Some health plans currently use the UPN as a legacy number for claim adjudication and payment. Providers who bill those plans but who will not migrate to business operation use of their NPI's until sometime after May 23, 2007 will need the ability to acquire UPN for new service providers.
NCVHS also recommends that CMS make the subscription UPN database and UPN online registry capability available through the full contingency period versus the proposed June 30, 2007 cutoff date.
Taking some of the comments that we have had we could basically say, based on the last letter we sent to you there were two outstanding items. You took care of one of them by issuing the NPEZ dissemination notice and here is what we heard on the second one and here is what we recommend.
MS. GREENBERG: There were two things that were taken care of. One was issuing the dissemination notice and the other was publishing a contingency guide.
MR. REYNOLDS: Yes, that is correct. I am sorry – you are right. The floor is open for comments about that structure or questions about the actual detail.
Yes, Steve.
DR. STEINDEL: Harry, I am going to let the questions about structure comes from others. I think I am probably inclined to agree with them. I am left with the question of why should we continue access to the UPN database? You never specifically say why.
MR. REYNOLDS: We did say why. Health plans use it as a legacy number and providers –
DR. STEINDEL: That says to me why they should continue but from what I gather, access to the UPN number is important to develop and validate cross-walks. I think something like that should be mentioned.
MR. REYNOLDS: Okay. Other comments?
DR. TANG: I support your follow up sort of restructuring because I think it is actually not only it is not helpful I think it is confusing to go through the history that everybody already knows so I would start with where we are and go forward.
In terms of the "re", I have some suggested wording for you –
MR. REYNOLDS: I figured you would so I figured if I stalled long enough you would jump right in there.
DR. TANG: It really focuses on your second recommendation which is the need for UPN enumeration until NPI implementation is complete – so you are broadcasting what your intentions are for the letter.
MS. BENNING: Paul, could you repeat that please?
DR. TANG: Actually Marjorie has the comments.
MS. GREENBERG: I am definitely not pointing a finger at anybody but given that the implementation date was May 23, 2007, I am just wondering if it is a little disingenuous to refer to the publication of the May 30, 2007 of the dissemination notice as a timely response.
MR. REYNOLDS: It was a timely response to our previous letter. I could not disagree with that but using the flow of our information to them it was one of a more timely response.
How would that be? Let me say that politically correctly. That is a fact, it was a very quick response to the last letter we wrote.
MS. GREENBERG: But you said industry request. I don't know.
DR. COHN: First of all, could I take a look at the "re" up there to what we actually have since we lost it?
First of all, it is really NPI implementation. Is it an expiration of the NPI contingency plan?
MR. REYNOLDS: Yes, that is what it is.
DR. TANG: Or it is the full implementation because it is not implemented yet.
MR. REYNOLDS: But we are in a contingency program. We are in a contingency period right now. I think that is actually the proper term. Karen, do you agree that is the proper term?
MS. BENNING: I'm sorry. What is the suggested language for NPI?
DR. TANG: How about need for continued UPN enumeration until NPI –
MS. GREENBERG: During contingency period.
DR. TANG: Or until NPI is fully implemented.
MR. REYNOLDS: How about throughout the contingency program period?
MS. GREENBERG: But it is not just the enumeration, you also want access to the database.
MR. REYNOLDS. Yes. So we need the continued UPN enumeration and access throughout the NPI contingency period.
I think that is a factual statement.
DR. COHN: The other comment I was going to make on this one – I think we were loosely talking about some restructuring of this letter. I think we are all in agreement with the recommendation but I am actually sort of thinking that this is some pretty significant restructuring of this letter unless I am mistaken. I am actually wondering whether we need these bullets in the middle of the body as opposed to being in a more paragraphed structure integrating things that have already happened - which I think you are sort of agreeing.
MR. REYNOLDS: No, I am totally agreeing.
DR. COHN: I guess we need to get other comments but it feels like something that we need to take back to the subcommittee for clean up before we could validate –
MR. REYNOLDS: I agree. Based on these comments, which I agree with, I want to make sure that everybody agrees with the recommendation. When we come back tomorrow it would be more "I don't like your words" than "I don't like your recommendations or I am not comfortable with where you are going with it".
I am comfortable to take that back up but I want to make sure we adjudicate those comments and issues and questions – that we do that before we would take it back to the committee.
MR. LAND: Do we know why CMS is going to discontinue the numbers access to UPN file. Is that relevant to understanding this recommendation why they are proposing to do it? Is there some bureaucratic reason for it?
DR. TRUDEL: I can answer. There are several reasons. One is simply that there is a financial cost to continuing to run the enumeration process and the registry but more important, we felt that since there was the NPI was being implemented and we were moving in that direction we did not want to send a message that we were going to continue to issue UPN's when effective May 23, 2007 everybody was suppose to have an NPI.
MS. GREENBERG: I think the piece of missing information was if the system – the processing system could not accommodate the NPI then they had to use the UPN. Everyone had to have an NPI but it was acknowledged which is the idea of the contingency plan that not all trading partners would be able to exchange NPI's and they might have to exchange either NPI and the legacy number or only the legacy number, until the contingency was lifted. If they are in the later case where they can't exchange the NPI and they have got some new provider, then what are they going to do?
MR. REYNOLDS: I will make a comment. In looking at this further, I know that for example, WEDI has been asked to submit considerations about this further to CMS and others. This issue is still under advisement.
I think what we are saying here is what we heard and I think what we are saying here is what we would recommend. They made a decision but it appears that there have been requests for more information about that decision so I think it is still open.
MS. GREENBERG: I was still just trying to get some clarification in response to Garland's question of if they did not continue – if they did not agree with this recommendation – what is going to happen when you need to enumerate a provider and your trading partners or whatever, can't accommodate the NPI?
MR. REYNOLDS: NPI is the only option. Fair statement – NPI is the only option.
MS. GREENBERG: So you can't invoke the contingency because –
MR. REYNOLDS: What do you mean – who can invoke it?
MS. GREENBERG: You have to use the NPI then?
MR. REYNOLDS: You are getting a new number or you get somebody to give you a legacy number. You get a payer or somebody else to give you an older number.
MS. GREENBERG: Get a number from someone else. Okay.
MR. REYNOLDS: There can be a lot of discussion about this but there has been a decision made and we are recommending what we heard and I know there is further discussion. Those are the facts on the table but I think there is going to be a lot of debate as to whether the intent was good, bad, or indifferent. Those are the facts and kind of where we are.
Any other comments? Okay, the subcommittee will take this. We will come back with an abbreviated and carefully constructed letter from a standpoint – I think what we did this morning with "regarding" and some of the other things I think is a good plus for all of letters going forward. We will align to that and remove some of the history and bring it back to you in the morning.
Next letter. Let me give you a little background before I just start diving into the reading. We have in multiple hearings heard requests from the industry as to a way to streamline this whole process of getting standards done.
If you remember in the Health IT Bill, that was out last time NCVHS was mentioned, as a possible way to do that. Then when that bill did not move then there were other discussions about how to have that happen so we heard further testimony on that on that streamlining process.
As you listen to this one, there is a significant process that it goes through to get these things passed and so we are talking about what the proposal we heard was and we are trying to talk about how we can explain what we do or don't think about that streamlining process and whether or not the public is going to have the appropriate input and so on. That is really how we positioned this as you listen to it.
That is really the whole reason for the discussion is somewhat of a streamlining of this process that was presented to us with NCVHS a key player in that streamlining effort – different than some of the standard processes that are there now. That is what we are trying to get to. We will read the words and you can help us say it better but that is really the message that we are trying to put forth based on the testimony that we had over a couple of different hearings.
Paul will come with a "regarding" while I am reading this letter and I appreciate him being part of our committee for today to do that for us.
The National Committee on Vital and Health Statistics, NCVHS, is responsible for monitoring the implementation of standard transactions, code sets and identifiers adopted pursuant to the Health Insurance Portability and Accountability Act of 1996, HIPAA. Section 1174 of the Act permits the Secretary to make modifications to any established HIPAA administrative and financial transactions standard after the first year, but not more frequently than once every 12 months.
The purpose is to allow updating of these important transactions standards. During the past several years NCVHS has observed and the industry has testified that the time required to update and receive federal approval of new revisions of HIPAA transaction standards may take 4.5 or more years. The current process includes the following steps.
One, development of new versions of healthcare information systems standards by ANSI accredited standards development organizations. Estimated time 1.5 to 2.5 years. And ANSI certification that the new version was developed in accordance with ANSI consensus based process estimated three quarters to a year. These two activities take place concurrently.
Two, review and approval of updates in open public forum such as NCVHS. Estimated time one-half to 1.5 years.
Three, initiation of process of promulgation through federal government's Notice of Proposed Rulemaking, NPRM process, including publication in the Federal Register with a 90 day window for written public comment and publication of a final rule. Estimated time is 2.5 to 7 plus years.
Comments on that before we continue?
MR. HOUSTON: In number three, is there more than one step in that process because it almost sounds like it is a notice and then a 90 day period for comments. Where does the other 2.5 to 6.5 and some odd years –
MR. REYNOLDS: Publication of the final rule.
MR. HOUSTON: We should we then split that off into a separate number four because it really –
MR. REYNOLDS: So you are saying take the 2.5 to 7 and break into what does it take –
MR. HOUSTON: It sounds like the notice of the proposed rulemaking and the 90 day window for comments really is a fairly short process or a reasonable process, it is the other piece that sounds like then the resulting stuff that takes all the time. At least in the earlier version of the letter you talk about –
MR. REYNOLDS: We talk about that later, yes.
MR. HOUSTON: So, I think it is out of this letter – do you want to bifurcate that because there is a lot of testimony at least in the earlier letter, about the fact that it takes 4.5 years to do the last part of it?
MR. REYNOLDS: No – let's let Karen go first.
DR. TRUDEL: I would just like to respond to that and make one comment also. It is not necessarily a 90 day window but it has to be 30 days, I believe, but the Secretary can choose to have the comment period be 60 days or 90 days but there is a certain comment there.
Actually the development of the proposed rule that is published as a Notice of Proposed Rulemaking. The development and clearance of that process can also be fairly long and that takes up part of that 2.5 to 7 years. It really does almost all need to be together.
MR. HOUSTON: Okay. I got confused in the earlier version of the letter where you talk about 4.5 years to get it finalized and I thought maybe that was a big part of this process. I know that it is out of this version of the letter but I still sort of thought it was part of this piece.
DR. TRUDEL: It is both the development and the clearance of the proposed rule and the final rule.
MS. GREENBERG: Here in three, it is not 2.5 to 7 years for initiation of the process. I think you just want to say promulgation through Federal Government's Notice of Proposed Rulemaking process – just take out initiation of process.
MR. REYNOLDS: That is a good change.
MR. COHN: Yes, and actually might even call that the Federal Rulemaking Process but we can wordsmith that one.
As I was listening to the presentation I was actually trying to remember if there has actually ever been any modifications to any of the rules that have gone through. I am struggling – and maybe Karen can help remind me of – now we have had new rules coming out. Maybe we could talk about the 4010A but that was before the actual implementation date so that was a slightly different piece. This is almost more hypothetical because I don't know that we have actually had a modification of a rule. Karen help me – maybe my memory is faulty.
DR. TRUDEL: No, you are correct. That is why I said earlier this is the first time we are doing this and we are actually proposing with 5010 to modify the original HIPAA standards.
DR. COHN: Which one?
DR. TRUDEL: The modification that adopted 4010A did occur before the HIPAA compliance date.
DR. COHN: Okay, then let me ask then – when we talk about the 4.5 and 7.5 years – I guess I am getting a little confused here. I think the big news is that we have not been able to update the standards.
MR. REYNOLDS: I know it is not our standard protocol but let me jump you forward and read just a couple of things. Go to the bullets. Go to the second page.
DR. COHN: Which version?
MR. REYNOLDS: The one that you have in front of you at your desk. Go to the second page and look at the two bullets. NPRM for claims attachment standards for HIPAA was drafted in 1998 and finally published in late 2005.
DR. COHN: Of course that is a new standard.
MR. REYNOLDS: That is true.
DR. FRANCIS: One way to fix this might be to take this sentence that is the next to last full sentence of the second paragraph where is say, "the time required to update and receive federal approval of new versions of HIPAA transaction standards may 4.5 or more years". The verb "may take" is what is confusing there because it suggests – first of all it is confusing because it makes it sound like 4.5 is the long end of it and it also makes it sound like we have some pretty good experience.
You might just change that to say, "is estimated to take 4.5 or more years" or "is estimated to take a minimum of 4.5 years".
MR. REYNOLDS: We don't know that.
DR. FRANCIS: That is why "is estimated". That is what we have – we have estimates we do not have a track record.
MR. W. SCANLON: I guess I wonder if we have enough observations to make good estimates or whether we need to talk about this. The history here is it that it has sort of taken this long but I guess what is concerning me is Simon's point, which is that it is not sort of new versions – it is the original version. That is all we have experience with.
What was resonating with me earlier with this letter was the idea if all we are doing is making some changes kind of at the margin, why is it taking so long. It is a very different point to say we are creating something new and it took time to develop that.
There is still may be a lot of reasons why it shouldn't have taken us so long to develop something new but that is a different thing to address than the update or the modification of an existing standard.
DR. COHN: If I could jump in – I guess I am sort of agreeing with you and I think the point of this letter is not to talk about new standards but really to talk about the process of updating the standards. We are sort of in agreement with your initial view here.
MR. W. SCANLON: Right, but I think in terms of using evidence what we have to say is we have been concerned by how long it took to create new standards. We don't want that experience repeated when we modify standards. We want the process for modifying standards to be as efficient as possible.
MR. HOUSTON: Aren't there other standards still to be – it is not like that we never want to ever have any new standards either. Why don't you make the same statement about the fact that the entire process, whether it be new standards or modification of standards, is proven to be very time consuming and I think that is an important message to get across. I think you can infer that from what is in the letter.
MR. REYNOLDS: These are good points.
MS. GREENBERG: I don't think that the letter is recommending the streamlining process for new standards. Is it?
MR. REYNOLDS: No it is not.
MS. GREENBERG: That is why you do have to differentiate.
MR. HOUSTON: The "but" to that is and I appreciate that but they use an example though of a new standard.
MS. GREENBERG: I know. I had a problem with that.
The thing is even if it is an update as long as it has to go through a full rulemaking process, as Karen said, you would not necessarily have to have a 90 day response but you would have to have at least 30 days. The whole rulemaking process on top of the development of the update takes a certain amount of time and I think experience with the rulemaking process, whether it was with updates or with new ones, is still relevant because it is a process. You develop the rule, you publish the rule, you get comments on the rule, you respond to the comments, you publish the final rule.
MR. W. SCANLON: I have made this point before. The issue of the time is partly a function of will.
MS. GRENBERG: True.
MR. W. SCANLON: -- is going to demonstrate again this year that they can develop and publish a proposed rule and a final rule all within a six to nine month timeframe. They are going to do it with every one of the payment methods for Medicare providers.
The question of 2.5 years or 5 years, this is way beyond what you could think of as reasonable and certainly creditably beyond what you consider as being necessary. It is a question of getting people to come to resolution and pushing it through. That is what it is about.
I think that within the letter that is a point to be made. It is an additional point. Which is it is not just the process in terms of steps you create. The urgency here needs to be similar to kind of urgency we were describing with respect to privacy. You have to commit yourself to wanting to do this quickly or you are not going to get it done quickly.
MR. REYNOLDS: I am struggling with how to proceed to be quite honest with you. Larry.
DR. GREEN: We will see, won't we? If what I hear is that we have evidence that on occasion the rulemaking process proceeds at a pace maybe in as little as nine months. In other instances it appears to take seven or eight years. That is your point, Bill, isn't it?
We have a letter here where we are identifying a couple of locations in the rulemaking process where we see opportunity to accelerate the development of the National Health Information Infrastructure. Am I still tracking here?
MR. REYNOLDS: Yes, keep going.
DR. GREEN: One of those is about us. Maybe that is the way to proceed? Our point is this is complicated, we need to move it along as quickly as we can, we know that it can go quickly – it may be an issue of whatever. We can identify two places where we see opportunity to accelerate. One of them is about us and one is about some place else and we recommend that they be considered. Is that what the letter says?
MR. REYNOLDS: Yes. Let me ask one clarifying thing. Karen, maybe you can help me. The NPRM for issues in the pharmacy industry for billing of supplies and professional pharmacy services – that would be an update to NCPDP or is that a new rec?
MS. TRUDEL: That would be an update.
MR. REYNOLDS: That is what I thought. One of the things in there is related to an update and that started in 2001. Remember, the thing we are dealing with here is the industry is perceiving that things should move faster – whether they do or don't actually occur. One, some don't occur – there is not enough history of the ones that do occur. There have not been any actual changes implemented but there is a process no matter what that if you add the process up as it stands it could go as long as the 7.5 years. That is what we are really saying.
Now what I think what we did was we all got somewhat mesmerized by the testimony because it is complicated so we were following a thought process. I think the questions today are excellent in the fact that it said time out, we have not had any. Again, a lot of us that are in the space – you are hearing what you hear and you put it in a context and you miss one of the key points. I think you guys have done an excellent job pointing out maybe that filter that we did not have up because we were listening in context. We were listening to people who we have dealt with a lot in context and that didn't necessarily mean that we caught all the right things.
Yes, Bill.
MR. W. SCANLON: At the same I think that listening to them was valuable. One is you are on the verge of potentially having updates. The 5010 this morning, it was sort of an example of that and I am not sure that a reference to that as one of the things that should be a factor in thinking about why this is so important should not be in the letter.
We are now are on this verge of wanting to make up dates. Looking at history, we know that we have not sort of been very good in terms of getting out the original sort of rules. We don't want to repeat that process and that is a point that we want to make. Then further, the people not only came to you with the complain that it took a long time but they came to you with ideas as to how the process might be made more expeditious. You thought about those and you say that these are worthy of consideration. All of those things I think make for the letter - it is just a question of slightly recasting sort of what the evidence is about. The evidence is about sort of this history that has improved satisfactory for a slightly different but related sort of activity.
MR. REYNOLDS: Let me play this out. So what we basically said is HIPAA is in place. There are changes and new regs under consideration. The process appears cumbersome and we have some possible alternatives and recommendations. We have that information here just probably spelling it out this way makes it a little more viable from a standpoint that we are not just talking about hearsay and we are actually stating that this is an industry that is continuing to move both current changes – and the 5010 would be an example of a current change – of a change that is being considered. Does that – with taking everybody's comments in place – is that the structure of what we are talking about?
I think Simon, rather than take the Full Committee's time, unless anybody has anything else, it probably would be good for the subcommittee to take this and restructure it and come back. Again, what I would like to do is I would like to look at the last two paragraphs because that is really our recommendation and what we are considering. I would like everybody to more or less have a say on that. So if everybody agrees with the recommendation and kind of where we are heading with it, as a Full Committee what they would be willing to align to, then we could go back just like we did the other one – we could go back. Paul.
DR. TANG: I was just going to give you your read.
MR. REYNOLDS: What would be the reading?
DR. TANG: Proposal to streamline updates to HIPAA Transaction Standards.
MR. REYNOLDS: Okay. You have another career when you choose to do it. We could come up with blog boy.
Are you comfortable with that approach? Did you want Paul to restate the "re" for you?
MS. BENNING: Yes.
DR. TANG: Proposal to streamline updates to HIPAA Transaction Standards.
MR. REYNOLDS: I want to go to the last two paragraphs. I want to state what we heard and see if everybody is comfortable with how we positioned that and then we will go to the last one which was really our recommendation.
On January 25, 2007 in response to subcommittee feedback, the three SDO's presented an updated proposal to streamline the HIPAA Transaction Standards Updating Process. This proposal is enclosed with the letter. The updated proposal retains many existing processes but offers a more efficient approach to updating existing transaction standards. These standards encourage earlier participation of all interested parties, including payers, providers, and vendors, in the development of the modification of the standards by announcing SDO meetings in the Federal Register, shortening the time for NCVHS review and approval, and significantly shortening the time for the federal regulatory process.
Step three. If accepted this streamline process could potentially cut three years or more from the current standards adoption process. Opportunities for input and participation are not eliminated but the proposal encourages expansion of open public participation in the standards development process in a manner that would enable modification of the NPRM process and thereby minimize redundancy.
The proposal also helps to make the process more predictable. At the January meeting, this subcommittee heard reactions from healthcare providers, payers, vendors and clearinghouses representing entities covered by HIPAA and those supporting these entities. None was opposed to the proposal, however testimony from industry representatives expressed a desire that written comments to HHS still be permitted within the new proposed framework. This would ensure a predictable and timely process while at the same time preserving opportunities for public/industry input.
Then I would like to go to a new paragraph because back to our idea of clearly calling out the recommendation.
The NCVHS endorses the spirit and intent to streamline the HIPAA administrative and financial transaction updating process and recommends that the department investigate how the proposal could be integrated into the HIPAA transactions updating process.
The NCVHS recommends that the department investigate all appropriate options under the Administrative Procedure Act to shorten the time for this regulatory process.
Comments? John.
MR. HOUSTON: To the final paragraph. You have a sentence that actually I think on this version is the end of the second page where you say, "none was opposed to this proposal however testimony from industry representatives expressed the desire that written comments to HHS still be permitted with the new proposal framework."
Does that mean the framework for a new process to approve standards still require –
MR. REYNOLDS: Still allow.
MR. HOUSTON: Okay. I wasn't sure whether this referred to the process to create a new process where they wanted input to the new process or related to the resulting process. -- the industry, though support of the idea of creating an abbreviated process, wanted input onto how the process should be created or were they saying that they wanted to have input into the resulting process that was established.
MR. REYNOLDS: Once there is a change on the table they wanted to make sure that even though you had public viewing with SCO's and public viewing for NCVHS, they still wanted a period of time that would allow you to make comments to HHS.
MR. HOUSTON: So it is the later. Do you understand where I am at? Do we want to clarify that to say – maybe it doesn't need to be clarified?
MR. REYNOLDS: No, no, don't back off it. Please.
MR. HOUSTON: All we really need to do is – it really it is not a proposal framework but the new process for – what you are really saying is that testimony from industry experts expressed the desire that written comments to HHS still be permitted within the new process to establish or to modify standards.
MR. REYNOLDS: I agree.
MR. HOUSTON: The proposal framework – I wasn't sure what that referred to.
DR. FRANCIS: I noticed that there is a shift from all interested parties included payors, providers and vendors in the first of the two paragraphs over to public industry input in the second paragraph. I just wanted to ask you whether there is any role for other interested parties like patients or members of the public in the rulemaking process. The suggestion at least in the first of the two paragraphs, is that when you list the interested parties as including payors, providers, and vendors.
MR. REYNOLDS: As the implementers of the standards.
DR. FRANCIS: Right. But I wondered whether there were any other parties who would have interest in the implementation of the standards?
MR. REYNOLDS: There may be and one of the reasons that we felt it was important to have everything published through the Federal Register – puts it in the public domain – the fact that we would keep NCVHS involved and the fact that there could be written comments to HHS after the process, I think allows the same amount of input and the same points of input, as the previous process did and actually adds some through the SDO process. The public is not going to walk into a SDO meeting I doubt.
DR. FRANCIS: I am happy with that I was just a little concerned with the suggestion that all interested parties might be limited to payors, providers and vendors in that parentheses.
MR. REYNOLDS. Okay. Simon.
DR. COHN: Actually this is just a question that I actually need help both from you and Judy and probably Justine. I guess I was looking at the very end of the first paragraph that you read where it said, "none was opposed to the proposal". Then we go on to talk about the issue of a lot of people wanted a written comment at the very end. I guess I am trying to remember in my own mind whether or not none were opposed to the proposal per se, or really that none were opposed to the intent to streamline the updating process. A lot of people had little issues with various pieces relating to the actual proposal including the later.
DR. CARR: I had the same question. I was just trying to go through and say what was the idea, what was the proposal and what is the "this". You keep saying "this" but I am not sure when we are talking about the idea of it and when we are talking about the specific proposal.
MR. REYNOLDS: I think your comments are exactly correct.
DR. COHN: Okay.
DR. WARREN: Simon, my memory is that even they were confusing all the issues because the people who spoke out saying that they wanted the written proposal also said that they supported the streamlining process in the proposal. So there was 100 percent agreement that what was being proposed had everybody's endorsement but they also wanted a chance to still submit written testimony but not for the 90-day or the huge long NPRM thing. I think it was confusing at the end about where this written testimony was suppose to go.
It is kind of like we fully support the proposal but we also want the ability to do this.
MR. REYNOLDS: There is a box to put it in. From the beginning of it to the time that it is complete as a process – the proposal everybody agreed. Others wanted to make sure that something that is in the current process, which is the written comments to HHS, remains tagged on the end.
If you are looking at the process up to when it comes to HHS, everybody was in agreement with that. Some people wanted to take off that discussion – anymore public comment – because they felt there was plenty. Others said leave it like it is. The proposal did not really go that far but as we discussed it with people some said, no, we just like the proposal and that is the total thing. The proposal is the total process. Others said, no, leave what you already got at the end which is there can be written comments by other people to HHS.
Where that line actually drew on what that proposal was or wasn't is still a little vague.
DR. WARREN: Harry said it much cleaner than what I did. If you look at the proposal it does not allow for the public comment. There was a lot of discussion and I think Karen was part of that. The way that we currently hear things there is always a chance to write a letter to the Secretary that you are upset and they still wanted that ability to do that. They like what was inside the proposal. I guess the advice that we got is you really can't stop people from writing in comments.
DR. COHN: No, the advice you got – I was there – the advice you got was people wanted a public comment period – I thought was the advice. Not that people could willy nilly write in.
DR. WARREN: I agree.
MR. W. SCANLON: This relates to this discussion but it is goes more fundamental than that. The idea of a public comment period implies that you have to respond to those comments before you can act. That is very different than sort of somebody just submitting information to the Secretary and the Secretary can choose to ignore it and everything goes forward.
My bigger issue is about characterization of this proposal. In the sense of whether it really will shorten sort of the process and whether it will make the process more predictable. This is maybe my cynical side which is you can have these things in place but given human nature they won't necessarily be followed through. The exception would be – this is not knowing their proposal – but the exception would be if the proposal says, we are going to do A, and if A is not done by X date, then B happens automatically, regardless, doesn't matter. The same thing would be if B isn't finished by such and such a date we are going to move on to C.
Anytime that B and C are contingent on completing A and B, that completion is uncertain. That is the thing that we are dealing with now is that we have got a process that involves a set of steps with no sort of force that makes those steps be done in a particular timeframe. I think we need to potentially reword this about the proposal's aiming in this direction, aiming at predictability, aiming at shortening the process, but it can't guarantee it.
MR. REYNOLDS: Right, but I think what we heard was that the non-government entities were willing to step up and take that responsibility. The SDO's are not government organizations and so what they are basically saying is we will open doors further to the public. Let us announce that it is going to happen in the Federal Register that we are going to start working on this. We are going to work on it, we are going to move it, we are going to make it happen, we are going to bring it to NCVHS.
So they were basically saying, give this to the industry. It is a little bit like we have seen the kind of thing when we looked at the e-prescribing efforts and some of the things that have been done with NCPDP and some of the other things there that we have seen be very successful because that SDO really drove it and then we used that as part of our testimony in everything we did for NCVHS part of e-prescribing. You are allowed to adopt a current existing standard and they worked out that they all agreed that that was a good thing to move forward. If you remember, we used that quite dramatically in the whole e-prescribing process as we moved along to the standard.
That is what we are saying. It is basically not that it is all going to be driven through the government process – it is that the industry is going to pick up that streamlining. Now, if the industry doesn't streamline it – shame on the industry because they asked for it.
Please, anybody on the committee that was there just as much as me, tell me if that is not what you think you heard.
MR. W. SCANLON: I would have no problem believing them that they would do that. I guess the issue is though on page one we have steps one, two and three. The third being sort of the role making process. Then on page two, we are talking about that we are going to significantly shorten the time for the Federal Regulatory process – which I will read that as the rulemaking process.
What I am asking is what are they going to do that actually builds in the guarantee that you can shorten that rulemaking process? The steps leading to that can be expedited because of a commitment by both NCVHS and sort of the industry but where do we get the change in the rulemaking process that actually makes it move forward faster.
MS. GREENBERG: There is really an abbreviated rulemaking process, right? There is not a notice of proposed rulemaking, a comment period, and a final rule. What is there a final rule with comment?
MR. REYNOLDS: Remember if you look at the recommendations we do not specifically recommend anything other than the Secretary looking at it under the – and we picked the words carefully – under the Administrative Procedure Act.
In other words, we are looking at ways of how can this be streamlined? How can the department help streamline this too? You are not asking for new regulation – you are talking about how to fix the process. If you notice most of the other things that we have come out in every letter that we have put out – we recommend do this, we think you should do that. If you read the NPI letter we recommend very specific things. This is that it be taken up by the Department because obviously the other thing we run into is we are part of that process. We are recommending hey, make it faster, and oh, by the way, we should be part of the answer. So we also have a little bit of a position there. We are playing off of what was on the HIT Bill's before. We are playing off of what the industry asked for and we are recommending to the Secretary that he take a look at whether or not this allows under what his jurisdiction is under that Act. Otherwise this has to go through some kind of significantly different process to get the whole regulatory process.
MR. W. SCANLON: I am supportive of the recommendation. Particularly because it is framed that way – which is the Secretary should look at this proposal, look at how effective it might be in terms of achieving the objective, and simultaneously considering what the constraints are that they need to operate under the Administrative Procedure's Act.
It is the prior to that. In some respects what we are saying the proposal is promising, which I think is potentially overreaching in terms of making these things a promise. I think it would also be helpful for the public that picks up this letter – since it will be a public letter – to know sort of what is being proposed in terms of a substitution. There are a variety of mechanisms by which you can move a rule through. I don't know all the terms but as a substitute for Notice for Proposed Rulemaking, the comment period, and then the final rule – there are some options in it.
What they are proposing is one of those options it would be good to be put that language in here so that people who are familiar with rulemaking will know exactly what is on the table. Right now, I am talking about this not knowing what is in the proposal. It would be helpful for our readers to know sort of what is in the proposal which could be accomplished by just naming the process that they are proposing to be used as a substitute for what we do now with Notice of Proposed Rulemaking.
DR. TANG: So I think that is helpful. I cannot figure out where the time got struck out. Initially it looked like – if I just use the words here – they were proposing to move more involved public comment during the updated process. It was not clear from the letter that there was actually an elimination of the NPRM process and instead just a secretarial update.
MR. REYNOLDS: Again, there is not an elimination of it –
DR. TANG: I could not figure out where you get the time because there is some theoretical hope that if you invited a broader input in the Standards of Element Process that you would shorten the public comment period during the NPRM process but I don't know that that is something that actually comes to pass.
MR. REYNOLDS: As it says in the letter, we attached the proposal so the Secretary would be clear –
DR. TANG: I know but we don't have it.
MR. REYNOLDS: I know. I understand that. I am not disagreeing with that. So that they could see specifically where these recommendations were, specifically what is recommended, and specifically whether they can or can't work within the Administrative Procedures Act to make a difference. We did not define how they would do that because we can't.
DR. TANG: So that makes a little less clear my "re" statement because I don't find the proposal of how to shorten it clearly laid out in this letter. I am having the same struggle that Bill did.
The other piece is and maybe I just missed this, when you invite other non-member entities, including individuals, to the Standard Development Process they are not allowed to either vote or submit comments that must be reconciled. Am I correct in that?
MR. REYNOLDS: They are not allowed to vote but in the proposal they have opened it so that those people can be more involved and they were considering how they would handle it.
DR. TANG: So for example, in the SDO process every negative comment must be reconciled. Would that apply to anybody who gets invited in addition to the SDO members to this process? So they would also have a negative vote that must be reconciled?
MR. REYNOLDS: I need to look at the proposal much clearer.
MS. GREENBERG: Does somebody have it?
DR. WARREN: I pulled up the minutes and I have the streamline process. It does not talk about the negative votes although they did use the example that HL7 had one open voting process when they were looking at the EHR standard where all negatives were addressed whether or not people were members of HL7. They were going to look at that.
What they talk about in their testimony is; "The proposal retains many of the existing processes. It also offers more efficient approach to several of the key areas where current problems exist. Opportunities for input and participation are not eliminated but rather efficiency is achieved by consolidating public participation and input at the appropriate time. Additionally we propose adding steps that are critical to the process such as the development of a benefit analysis report requested by OESS, Office of E Health Standards and Services."
When you look at this what they are proposing to do is to get the public participation in much earlier. So during the SDO process instead of waiting until all at the end for an NPRM to go out and gather public participation, they want the Federal Register, the Health and Human Services ListServs and the SDO processes to alert the industry and public about the fact that these are changing and to encourage them to participate.
The most effective use of industry volunteer input is during the development of the implementation specifications and not to wait until the end when they have been developed and then hear all of that and go back over again.
DR. VIGILANTE: Would this be more easily represented with a visual timeline graphic that shows at what step each thing is happening currently? I am having a hard time understanding where the time is.
DR. TANG: Aside from the timeline is just the logistics of how people give input into the process. In a SDO process it is multiple in-person meetings that most people cannot either aren't interested in or can't afford to attend. Inviting more people does not necessarily bring them in.
MR. REYNOLDS: Yes, we agree with that and we discussed that at length.
DR. TANG: If they do success in bringing more people in you could actually get a longer process in getting the SDO timeline. Unless you do basically eliminate the NPRM process – it doesn't really I don't think – there is a chance that it doesn't change anything about that process because all the people who wanted in that method and with that lack of travel way of getting there and being heard, I don't know if it cuts down much on that.
MS. GREENBERG: There actual proposal I thought did eliminate the NPRM. It does. I think we have to be explicit about that.
DR. TANG: So the question is is that the same input?
MS. GREENBERG: Excuse me, what?
MR. REYNOLDS: Paul, one of the reasons that the last thing in the next to the last paragraph was put there is that we did hear that some people said if you are going to eliminate it you still got to give us the right to make comments to HHS.
In other words, if we don't like how it goes in the SDO or if we don't feel we get our hearing in NCVHS we still are allowed to say something.
DR. VIGILANTE: Doesn't that have a different status regulatory status than having NPRM? You can make comments but there isn't the same obligation to respond to them.
MR. REYNOLDS: This whole proposal also puts a little more pressure on NCVHS to truly be the public input. To truly make sure that we have a breadth of –
DR. VIGILANTE: One last question. So these three things that we had in the beginning of the letter – different time sequences – are those serial and sequential or are there overlaps?
MR. REYNOLDS: As we mentioned, number one was – no, one is overlapped and two is sequential and three is sequential.
DR. VIGILANTE: So three can't happen until two is completed?
MR. REYNOLDS: Yes. You would not want it to.
DR. COHN: Bill and then I want to sort of figure out where we are.
MR. W. SCANLON: I would like to raise a point and then offer a suggestion. At some point some government official has to sign off to make this thing happen. What I am losing in this discussion is sort of exactly sort of when that government official is going to do that in response to what. Right now it is in response to a Notice to Proposed Rulemaking, a set of comments that comes in, and then an agency that sort of addresses all of those comments and decisions are made and that involves not only the department but it also involves OMB.
We are talking about an expedited process that seems to try to eliminate some of that but it is not clear what is going to be the input to the government official that they are willing to put their signature on this to make it the rule. As I get more confused I get more concerned about what we have here.
My suggestion was is there a way that we could all have this proposal – if it is brief enough because we are talking too much in the abstract. I should say that some of us are talking too much from ignorance and that is not helpful in terms of this discussion. If we could see the proposal then we would be able to give a more informed response.
MR. REYNOLDS: Could I make a comment?
DR. COHN: Then you will be making my comment.
MR. REYNOLDS: I will save you as the Chair. We obviously have struggled over this proposal. We had numerous conference calls. We heard it as testimony a number of times. We struggled with it like each of you are. It is just bringing back some of the things that we remembered that we went through.
Obviously since this was in the HIT Bill before it is going to come through a different process and then when that did not happen then we became a process to bring it through. I don't have my co-chair here and obviously Simon is on the committee too, and so are the others, I will give you a personal opinion on this one.
We heard a lot of testimony, we heard a lot of discussion, and all of us even had mixed emotions on how we would actually pull this off and we felt a real responsibility to support the industry to bring something forward. On the other hand, even though we heard the testimony, even though we have the proposal and so on, I am not sure that it is a subject that doesn't need a letter. It is a subject that maybe we should withdraw as this discussion in the Full Committee has brought forward. I am asking that as a question?
MR. HOUSTON: Don't get us wrong. I think there is a great need to make a statement about the fact that this process is too long and it needs to be streamlined. I don't think there is disagreement that –
MR. REYNOLDS: No, no, no. We have been through all this I wasn't taking anything that was submitted as a detriment to what we were thinking or saying. I am saying that it continues to raise the same concerns that we have been dealing with and the same issues that we have been dealing and basically the reason in the end, if you go to the last sentence, the reason we ran up under the Administrative Act – we sure did not have it – a clear direction on how to pull this off.
Remember, we are basically handing this up to the Secretary anyhow. I guess that is what I am at least challenging because if you give us the assignment to fix it or you give us the assignment – and we will be happy to give you all the information – but I guess what I want to put on the table as co-chair of the committee, is in the end do we really have a strong stance and do we really want to take a position and if we are going to use markers is this one of the markers we want to use? That is a question because remember you are going to hand this letter back to us so I want to have a real sense from this Committee because if we bring it back again I want to know what we are bringing it back to. That is what is key to me.
DR. COHN: I will let Marjorie briefly comment, Bill, and then I want to wrap this piece up only because we actually have another letter – believe it or not.
MS. GREENBERG: Putting that aside, I think it would be premature to make a decision on that right now because I do think it is appropriate even though once everyone sees it may continue to be ambiguous as to what actually would happen because it is obviously somewhat ambiguous to those us who have reviewed it in the past. But it is sort of like with our reports we have developed a policy that if a report is going to be approved people have to be able to see the appendices also, and the attachments because sometimes those have things in them that have consequence.
I'd say too, even though we are not really endorsing the specific proposal – you are not endorsing the specific proposal like "do this", the idea is to send it to be considered and we think it is worthy of being considered. So I think for everybody around the table to sign off on the letter they have got to see the proposal.
MR. REYNOLDS: I thought everybody had it. I did not realize that everybody did not have it.
DR. COHN: I was trying to think whether it was sent for our last meeting. That I actually don't remember.
MR. REYNOLDS: It was not purposely excluded.
MS. GREENBERG: I realize that.
MR. REYNOLDS: I know but for the record. Nobody is trying to keep the information back.
MR. W. SCANLON: I would just say I don't think you should abandon this effort unless – which I don't think is consistent with what you have said – that you think that it is not important enough. I think it is important enough and I thought we were close. My sense would be that we probably should have a discussion about the merits of the proposal itself that we may be more qualified about what the Secretary should consider. That there are elements of it that are maybe more clearly positive and others that they may need to take under advisement.
The proposal has merit in the fact that it was in the IT bills that did get a certain distance sort of within the Congress in the last Congress but there is a big difference between our making a recommendation and the Congress enacting a law. I used to argue that sometime you did not know what was right until the Congress said this is what we are going to do and that became right.
We need to have other grounds for sort of knowing what is right. I think if we look at the proposal, we think about the elements, that the last paragraph might change sort of change modestly in the sense of we talked to you about the fact that this proposal exists, that it has positive things to think about in the context of the authority that you currently have and the goal that you have in mind, which is to expedite this process. I think that is a very positive thing for this Committee to do. It would be unfortunate if our discussion leads to abandoning this.
MR. REYNOLDS: Again, please nobody on the Committee take that anything you said was – that is exactly what we wanted to hear but I wanted to put that on the table to make sure that we understood that if the Full Committee wants to go forward we are pleased to do so. But I just wanted to make sure that the discussion wasn't leading anywhere else. I think that is good conversation.
DR. COHEN: I find myself agreeing with most of the people around the table have said which is a, I don't think this letter is ready for today or tomorrow morning at 8:30 a.m. I think we need to take it back to the Subcommittee. I think as we commented, we are all a little vague on exactly the fine points of the proposal and we actually may need a way to as we review it, we may need a short presentation on exactly what the proposal is when we bring it forward.
I think as a Committee we are very interested in anything that makes more predictable, more streamlined, less cumbersome, the updating process. Knowing that we actually have not been able to pull it off once yet except before the actual role came forward. Having said that, I think we would like to get this out as quickly as possible but in a sense the test of all of this will really be as we begin to move forward with recommending sort of the next set of transactions and what sort of process should be taken and all of that.
It would be nice to have this letter out three months or six months before that so the CMS and the lawyers could review it but I think it becomes very real when you start talking about recommending another – some updates to the current standard. We probably just need to take it in that spirit. Whether or not this letter comes out as a separate letter from the updates or somehow merges together – I guess we will have to see.
MR. REYNOLDS: Can I make a couple of comments? First, part of the e-prescribing we were able to recommend and if you remember, send forward the next version of those standards that got put in as part of the process, if you remember that. In one of our letters – we had the hearings and we moved it forward.
So as NCVHS, we have in fact moved that one change forward with the blessing of everyone, including CMS – so we actually have done that. We do have one history of streamlining the process as it was in place. We get that and I think that went very well.
Second, I would like to apologize to the Committee for the following reason. Three of our experts were not here today and had I sensed that all three would not be here, which was Steve, Mike and Jeff, I think we could have done a much better job in presenting this to you in answering some of your questions. I would offer that to the Committee as a personal apology.
DR. COHN: I don't think apologies are necessary I think it has been a very useful conversation for the Full Committee. I have been wanting to get Bill Scanlon more enmeshed into this particular issue because he is an exception expert on the overall process and I think for him to see this and understand it, will actually cause him to read the appendix when he gets it.
MR. REYNOLDS: The apology was not submissive it was courteous.
DR. COHN: We appreciate your courtesy. Okay, so out of this conversation Judy, do you have a final comment?
DR. WARREN: I was just going through the minutes that are posted online, no where in our meeting do we have a copy of the proposal. It is the comments and the presentation of the proposal that are posted on here so I am wondering if we even have an electronic anywhere of the full proposal?
MS. BENNING: A copy of the full proposal was sent with the previous e mail with the previous iteration of this letter. I don't think it was sent specifically for this meeting so that it perhaps where we fell short.
DR. WARREN: It wasn't posted in our January minutes? We don't post things like that?
MS. GREENBERG: We post testimony.
DR. WARREN: It is not in the testimony.
MR. REYNOLDS: We will remedy it. Whatever occurred it will be remedied.
Thank you, Simon.
DR. COHN: Harry, thank you very much and we appreciate the work. Let's do a time check since we are pretty more significantly late. I do think it is important for us to go through the letter. I guess I will ask for the forbearance of the workgroup and the subcommittees that we will likely not be adjourning at 3:15 p.m. I think we need to go through the letter and then we will break up into our subcommittees and workgroups.
Agenda item: Subcommittee on Populations – Action June 21 – Data Linkages
Dr. STEINWACHS: The letter is under tab 7. You should have it. We lack a "re:" line so I am waiting for Paul to help me with this. I came up with one quickly which he can improve upon. Which was expanding access and use in linked health data. I think we have already painted somewhat the background of this is that we had hearings that led us to appreciate some of the problems in trying to use existing linked health data. The letter tries to bring those examples forward to clarify what some types of linked health data that are important for better understanding of the health of populations. These problems arise both due to the process of getting approval for access, as well as gaining physical access to the data sets and being able to get tabulations out of it.
Let me start off unless there are questions at this point?
The National Committee on Vital and Health Statistics, NCVHS, is charged with advising the Department on health data statistics and national health information policy. The public investment for health information for statistics and program management is substantial by both federal agencies and state governments. To more fully realize the potential of existing survey of administrative data sources for population health statistics and to inform policy, link to data sets at the person level can be extremely beneficial.
However the linkage at the person level of two or more data sets can increase risk to privacy and may face barriers due to varying regulatory requirements for confidentiality protection by agency and data set.
Any comments or questions?
In September 2006, NCVHS held a workshop on data linkages to improve health outcomes. The goal of this workshop was to stimulate interest and identify best practices in using linkages among administrative and survey data to improve our knowledge of health outcomes from our population over various subpopulations.
In addition, the workshop was intended to assist agencies within the US Department of Health and Human Services, HHS, to better meet their responsibilities for performance measurement under various laws such as the Government Performance Results Act of 1993, by providing more comprehensive information on the status of persons participating in government programs.
This letter describes our key findings and recommendations. A summary of the workshop is posted on the NCHS website, www.ncvhs.hhs.gov.
I want you to know that by being a very good chair who knows how to delegate – when this letter was at its most critical stages I left town and Bill took it over and did a great job. I have only been able to find one error in the letter and it took you, Simon, to find it for me.
Any comments on that paragraph? Questions?
HHS health agencies, other federal agencies outside of HHS that collect information valuable in the interpretation of health statistics and by researchers outside the government using linked data sets, presented a range of examples that have proven useful to federal programs and policy making. An important example is the recurrent finding that survey estimates of Medicaid enrollment are well below administrative estimates. The Census Bureau's Medicaid undercount project is linking survey estimates of Medicaid enrollment on the current population survey and the National Interview Survey with administrative enrollment estimates, including data from some state records systems, in order to evaluate the extent to which Medicaid enrollment is undercounted on surveys and what improvements are possible.
The Office of the Assistant Secretary for Planning Evaluation, ASPE, The National Center for Health Statistics, NCHS, The Robert Wood Johnson Foundation, several states, and the State Health Access Data Center at the University of Minnesota School of Public Health are collaborating on this project.
Leslie?
DR. FRANCIS: There is a "by" in the wrong place in that third paragraph.
MS. GREENBERG: Right before research.
DR. STEINWACH: Take it out? Make sure I got you.
Linking data sets, for example, health survey and Medicaid claims data increases the detail person level information available and makes it more likely that some survey respondents could be identified and privacy compromised. This is a serious concern. As a result public use versions of linked data sets may be limited or precluded and additional protection of confidentiality are required to safeguard privacy.
The approach being used by both NCHS and the Census Bureau to provide access while ensuring confidentiality is the operation of a data center where external users may request tabulations of agency maintained data sets. NCHS operates one data center in Hyattsville, Maryland, and recently negotiated an agreement with the Census Bureau to make NCHS data available through Census' nine data centers throughout the nation.
NCHS also has an automated remote access system whereby users can submit their tabulation requests through an e mail based system and receive output has been found not to present a confidentiality risk. NCHS is currently developing an expanded remote access system with greater functionality in improved protections. The increased number of data centers and improved remote access will begin to address concerns expressed by users concerning financial and geographic barriers to accessing data resulting from the requirement to be present at the data center.
Questions or comments?
The NCVHS wishes to commend the NCHS for expanding access to its data. The agreement with the Census and the development of remote access systems are both recognized as positive steps to increase geographic access. The Committee learned, however, that the approval process to use either the data center or remote access can be very time consuming, sometimes requiring up to a year or more. Such delays can seriously impede or prevent timely policy analyses using linked data. Even federal employees needing to use these data for policy analysis are affected by these delays. Participants in the workshop recommended the project approval process be streamlined to minimize delays both for analysts in government agencies and for outside users. IN addition, there was significant support for developing other methods for sharing data besides using a data center, either on site or remotely.
Therefore, NCVHS recommends that NCHS should streamline the project approval process and add staff as needed to minimize access delays for data center users.
NCVHS also recommends other agencies within the Department review their data access policies and procedures to assure these data can be utilized effectively. Agencies should take full advantage of new technologies allowing secure remote use of data while protecting against the release of statistical tabulations that allow any individuals to be identifiable.
Let me stop and get comments. You can see that Marjorie provided a comment to the side.
MR. J. SCANLON: Not just NCHS, but AHRQ and CMS have research data centers, and SAMHSA is moving in that direction. Maybe this recommendation should say that other agencies within the Department that sponsor research data centers should review their policies. I think the findings apply to not just NCHS – and I would name them so they know who they are. AHRQ a would be the other, CMS and SAMHSA.
DR. STEINWACHS: Okay, so other agencies within the Department that sponsor data centers –
MR. J. SCANLON: Research data centers.
DR. STEINWACHS: -- research data centers?
DR. COHN: I guess I don't disagree with this recommendation, because it is a nice recommendation, but in the first sentence – really I think sort of lows I think with the previous paragraph. There is actually like two recommendations here, one which has to do with data access policies and procedures, and then the next one has to do with new technologies, which is sort of a separate recommendation. I guess I was trying to see where the antecedent – what is that recommendation? Where is the information that relates to that recommendation? I am not disagreeing with it.
DR. STEINWACHS: I understand. The letter has gone through some changes, but where now we talk about NCHS, in the second paragraph on the page, having implemented systems by which you could remotely access data, is part of that. But there was also some discussion, which we aren't citing here, about technology for transmitting and receiving data. So there were discussions that related two levels of security. One is the security of the transmission, but we did not pursue that. The other was this idea of trying to make more accessible by using remote technologies. And may, just as you have said ro suggested possibly it is somewhat separate and it would be just as well not to include that at this point, because there isn't that much background to help develop that second part of that second recommendation.
MR. W. SCANLON: It is maybe not a sufficient reference, but in that second paragraph, and I think this is kind of the antecedent for the new technologies, is that NCHS is currently developing an expanded remote access system with greater functionality and I think it was that – what we were keying off of that that. Within the Department there are efforts to try and take advantage of basically some better software and some of the better software that we heard about are in non-health agencies. That may be just too cryptic a lead for the recommendations.
DR. COHN: I almost see this as I would say it is quite editorial, but we agree with the recommendation. It is more a question of putting n a couple of sentences somewhere with these things you were just talking about so that it flows and you can sort of figure it out. It really is a separate recommendation.
DR. FRANCES: After the paragraph that is the first paragraph on the second page, all of the discussion is about the data security issues posed by linked data sets.
DR. STEINWACHS: Yes.
DR. FRANCES: I wonder whether you heard any testimony or raised any questions about other ways that linked data sets could raise risks to confidentiality? I have in mind things like with the power of linked data sets you may be able to do work with smaller ns, where there might be questions about confidentiality, or certain kinds of implications for groups. Those are just two of the worries that, when you don't have the linked data you don't have those worries, because you don't have the linked data. That paragraph leads you to think that there are going to be worries other than security of the data sets.
DR. STEINWACHS: Maybe it doesn't come through as clearly. As soon as you link the data, the identifiability increases tremendously. So the reason those data are retained within data centers, instead of public use tapes, which is really mentioned earlier on, is because you no longer can trust them to public use without someone being able to identify someone when you link the health interview survey together, say, with Medicare claims data.
So the focus on the data centers is already a recognition that this is not something that can be generally used, and may be that, if I am understanding you correctly, maybe that point needs to come through more clearly.
Bill, were you going to say something? Harry?
MR. REYNOLDS: Your first sentence under the second recommendation – is it just that it is used more effectively? Or do you want to expand the use of it? Or both? The second part of it seems to say you want more people to have access to it, which would expand the use.
DR. STEINWACHS: We want expanded use and I guess more effectively that carries with it timely as well as expanded use means that there are purposes for which these data are not used now. I think it would be good to have the expanded in there.
MS. GREENBERG: Getting back to once we get down to these recommendations, somewhere, after mentioning what NCHS is doing, then you also need to mention that there are other components of HHS that also have these data centers.
DR. STEINWACHS: So Simon was suggesting, I think, a couple of introductory sentences to set the stage – well, no, I guess – I see what you are saying. That is a different thing.
MS. GREENBERG: That because the length of the approval process I am assuming applies to all of the data centers, not just to the NCHS data center.
DR. STEINWAHCS: I am looking at Bill for my inspiration here. It was a general complaint. It came across the board but I was trying to think did people actually identify the others? They identified problems between government agencies, I remember, that included outside of HHS.
MR. W. SCANLON: Delays in using the data centers applied only to NCHS, I think, but remember this is ten months ago that we had this hearing. But there was another issue, which we are going to come to, which is the whole issue of within government even trying to link a data set and then use it by government staff. There are very significant delays in doing that, getting access to link a Census data set with an NCHS data set. So that was a different kind of delay that was equally problematic. That one was discussed more broadly.
I think that data center access was more about the NCHS centers.
MS. GREENBERG: Did you hear from the other data centers – SAMHSA, CMS and AHRQ?
MR. W. SCANLON: No we had representatives from CMS –
DR. STEINWACHS: And from Social Security and from Census.
MR. W. SCANLON: But not from SAMHSA and not from AHRQ.
DR. STEINWAHCS: So we heard about data centers that were outside of HHS – but nor from AHRQ.
MR. J. SCANLON: They are all a little different. I think it is probably all right. It was clearly the issue at NCHS. This sort of gets at that in terms of the process itself and ease of use and more prompt analysis. But I think there was reference to other data centers and I think in the second recommendation if you – the way you were heading, which was basically you are acknowledging that these other agencies – AHRQ and CMS and others – have data centers or are moving in this direction and as they do you are asking them to review their data access policies.
Technology is a different issue. This is not a security problem so much as – I mean it is, but the bigger issue is confidentiality. And there are ways to do this in a secure fashion, but that doesn't necessarily assure confidentiality. So I think you are heading in the right direction, and Bill, your third point is about how long it takes just to link these, even when everyone agrees they should be linked and protected. That looks like your next paragraph.
DR. STEINWACHS: Yes, that's the next paragraph.
Let me go on. Government analysts and outside researchers have frequently identified potentially valuable applications from additional linking of data sets. Workshop participants cited significant extensive barriers that must be addressed before some of these linked data sets could be created and made available to the policy and research communities. A multiplicity of laws, including the Privacy Act, the Government Information Security Reform Act, the Federal Information Security Management Act, the Confidential Information Protection and Statistical Efficiency Act and the Freedom of Information Act protect federal data. For example, Census data can only be used for the limited purposes allowed by Title 13, mainly for purposes consistent with the Census Bureau's mission. Different data sets may require unique and different requirements for access, making it much more difficult to create and share a linked data set. Workshop participants recognized that changes in law may be necessary to foster broader usage of linked data sets. The consideration of such changes was beyond the scope of the workshop.
So it is really raising an issue, but not saying that we addressed it.
Even when there are no legal barriers to data linkages, workshop participants estimated that it takes about 18 months, on average, to obtain permission to transfer data from one federal agency to another, even within DHHS. The standardization of interagency agreements was seen as having the potential to substantially reduce the time currently required to link data across agencies. The NCVHS recommends the following:
Standardized data linkage and sharing agreements should be developed to facilitate efficient sharing of data among HHS agencies and, to the extent possible, with other government agencies.
In summary – let me stop there. Any comments on that?
In summary, better integration and use of health data offers the promise of improved health for millions of Americans. Information is a powerful tool in the battle against disease, epidemics and inadequate preventive care. It is also critical in achieving more efficient and productive health care systems. Having made the initial investment in gathering data, either through the time and effort involved in completing administrative records or the costs associated with surveys, greater returns on these investments can be realized by investing comparatively modest sums to make full use of those data. In particular, connecting many health data sets to other useful information offers considerable potential to understand and improve health conditions. These recommendations are offered by the Committee to better realize the full potential of health information for improving the public's health. The Committee will continue to work to identify ways to improve the utility and benefit of health information.
Any comments? Simon, it looks like to me we ought to come back with those changes for the Committee to look at, that really center around the bottom of the second page, what we have done, and break out that separate recommendation.
DR. COHN: I think I am hearing – the general tone of this appears to be people come up with recommendations and we are just looking for a little bit of reorganization and potentially a couple of sentences that support the recommendations so it all sort of comes together. Otherwise, certainly from my view, it is a pretty good letter. I think I see Larry behind you with a question or comment.
DR. GREEN: This is for Paul. I wondered what his headline was going to be?
DR. TANG: It is not earth-shattering, although the work is. Expanding and improving access to aggregate health data for research and policy making?
DR. GREEN: You have to say something about linked data.
DR. TANG: I was a little allergic to that because of the headline nature. I mean, basically we want to get good data out there because we want to make better decisions, but just linking is a trigger.
DR. STEINWACHS: Paul, would you say that agains for those of us who don't copy fast?
DR. TANG: Expanding and improving access to aggregate health data for research and policy making.
DR. LAND: I think the word "aggregate" may be misleading, because we wouldn't have the confidentiality problems if we were aggregating.
DR. TANG: But in a sense – I thought about this – because you want to use the word "expanding," which was, by the way, your word –
DR. LAND: It was my word.
DR. TANG: I thought one of the strengths of this proposal is that you maintain access to personally-identifiable information within the realm of the federal government only truly de-identified aggregate data gives out. That just seems like a safe way of describing it. All we are looking for is a way of describing it. If it were to make headlines, as you actually would like it to make, it would not evoke undue thought because it has been carefully thought out, how to protect the privacy of the individual.
DR. STEINWACHS: So expanding and improving access to aggregate health data for –
DR. TANG: Research and policy making or health improvement and policy making?
DR. W. SCANLON: I have to say that I would interpret that in a very different way because what I would assume is that I am not able to work with the individual data. You are absolutely right that the way we are protecting confidentiality is hat the data that are released from the data center have been aggregated, but it is that ability to specify how I am going to tabulate individual data that is the strength here.
DR. TANG: So the question is, how do you want the headlines to read?
DR. LAND: If you took out the word "aggregate" I would be fine with it.
DR. STEINWACHS: Yes, just cross out aggregate and make it access to health data.
DR. FRANCIS: But that takes away any reference to confidentiality. I'd rather see both access and confidentiality.
DR. STEINWACHS: Confidential health data.
MS. GREENBERG: I don't see how you can't have data linkages – if you are going to have a headline – when the whole workshop was about data linkages and that is what everything is about. Now there are other data sets that NCHS, and I am sure these other agencies, have that aren't linked to anything and still have to be accessed through the data center because they are small sample sized or something like that. So the data center issues actually go beyond linked data, but in fact this whole workshop was about data linkages.
DR. COHN: But it is also about confidentiality and security, so confidential and secure – if we are going to get into that we ought to put all those good words in. Steve Steindel, do you have a comment?
DR. STEINDEL: My memory is relay slipping today a lot, given what I have been involved with. But what I would suggest doing is putting the concept of aggregated data at the end – to produce aggregated data? Something like the expanded use of federal data sets to better produce aggregated health data – something like that. So we get the concept at the end.
I think our basic problem is that, while Paul had a very good headline, it doesn't fit what we are talking about.
MS. GREENBERG: Why don't we say "data sets?" So it doesn't sound like we are talking about data about an individual person, although data sets obviously include that.
DR. COHN: Data sets sounds better.
DR. FRANCES: How about increasing use of linked data sets while protecting confidentiality and security?
NS. GREENBERG: Yes, that's good.
DR. GREEN: I would like to chase that and nominate "linking data sets while securing privacy to improve decision making."
MS. GREENBERG: But it is not just about linking; it is about getting access.
DR. VIGILANTE: But decision making may or may not be involved in any particular research agenda.
MS. GREENBERG: I think you have enough ideas.
DR. VIGILANTE: Let me ask one thing. My memory is not too good either, but thinking back to the testimony, was there substantial conversation around the challenges of using data centers, just for their geographic distribution and the ability of researchers, usually not with deep pockets, trying to get to these places and stay in hotels? There is just a fundamental problem there that the data center, the structure doesn't solve. I don't know if we have a solution, but does that rise to the level of comment in the letter?
DR. STEINWACHS: We do talk about NCHS has been making advances in remote access to try and deal with – we have been referring to it in the letter as "geographic access problems," which maybe sounds nebulous. Maybe there is a better word for that.
MS. GREENBERG: And then using the Census data centers.
DR. STEINWACHS: And what we were talking about is this one that comes after the one to NCHS on other agencies – that was going to be split into two recommendations with some introduction on the second part that would address what you are taking about, Kevin, where we talk about agencies should take full advantage of new technology to allow secure remote use of data. So I think we could put in a little introductory thing.
DR. VIGILANTE: But the purpose of using the data center – there is the security issue, but then there is the confidentiality issue. It just comes with the ability to link stuff. And the question is, does the data center, by its very nature, and I don't know why it would, make you less able to link stuff and breach confidentiality than a remote access site? I don't recall hearing testimony on that.
DR. STEINWACHS: What the data center does is it looks at the output to make sure that the output does not – the tabulation – does not allow identification. That is what Paul was thinking about the aggregated. If you use remote access that still has to be looked at, so it still goes through, at this point, a person. It could go through possibly other kinds of technology.
DR. VIGILANTE: It might be worth describing that a little bit, because it is not completely transparent.
DR. WARREN: It seems to me that our whole notion of these re: lines is to make them short. I know that Paul has an allergy against data linkages –
DR. TANG: No, just about talking about them.
DR. STEINWACHS: DO it but don't talk about it.
DR. WARREN: I was just wondering, since you titled your workshop "Data Linkages to Improve Health Outcomes," that that might be the appropriate re: because it expresses what you are after, or talking about creating confidential data linkages to improve health outcomes. Something like that.
DR. COHN: I think I agree with Paul. I think what we are relay talking about is improving the value of the federal data resources. And this is just one aspect of it. We are actually talking about three or four in terms of the workshop that you did. So once again, I think this one, rather than spending another half an hour wordsmithing this one, this is work for the population subcommittee, to see if they can come up with something useful. But I think it is just a question of coming up with words that they want as a headline that Paul would still be satisfied and pleased with.
So I hope you got what you need?
DR. STEINWACHS: Yes.
DR. COHN: We are not running too far behind. I guess we should talk for a minute about what is going to happen both tonight and tomorrow, just to remind everybody before we adjourn the full Committee today.
(Administrative discussion of subcommittee meeting schedule.)
(Whereupon, at 3:45, the meeting was adjourned.)