[This Transcript Is Unedited]

DEPARTMENT OF HEALTH AND HUMAN SERVICES

National Committee on Vital and Health Statistics

Full Committee Meeting

November 19, 2015

National Center for Health Statistics
Auditorium
3311 Toledo Road
Hyattsville, MD 20782


TABLE OF CONTENTS


P R O C E E D I N G S (8:22 a.m.)

Agenda Item: Welcome

DR. SUAREZ: Okay, we are going to start by going around and doing a quick name. We are still functioning as a meeting, so we don’t need to go again but for the benefit – I don’t know if we have people on the phone. We do have members on the phone. We will go around very quickly and say who we have around the table.

(Introduction around table)

DR. SUAREZ: Thank you all. We were able to make it through dinner last night. We had a really special visitor, a special guest, Marjorie Greenberg, who used to be the Executive Secretary and Committee and historian, convener and mother. We used to call her Mother Greenberg. It was a lovely evening. Thanks for joining us.

This morning we have several very important topics that we are going to hear a few minutes from Charlie Rothwell, the Director of the National Center for Health Statistics. He will give some brief remarks.

Then we will focus our attention on Privacy, Confidentiality and Security. We will have our chair of the subcommittee, Linda, lead us through several important items and presentations and reports in that area.

Then we will have a chance to review as a full committee the revisions of our goals and objectives that the Executive Committee has been working on. We will brief you all on some of the steps that the Executive Committee took and then review the document that put together. They will do a brief wrap-up.

For the wrap-up I wanted to mention for the co-chairs, if you could be prepared to briefly say the most important next steps to remind us all what is going to be coming up in the next three months or so, just briefly so that we all come out from the meeting with quick summary and highlights that we are going to see.

Then we will turn things to Vickie for the meeting of the Data Access and Use Work Group for the remaining of the afternoon.

MS. JACKSON: Speaking of heads-up, at about 10:30, I have arranged for a photographer to come. We are going to try to do a group photo to commemorate having so many new members all together. I know there are members who are not here. I would love to have Rebecca Hyde in the photo. We will have it at this meeting to capture the folks here.

We can try to reschedule another time. February sometimes gets a little iffy with weather and all. At this time, we reschedule to meet at Humphrey downtown. We may not have access to the photographer and the resources that we have here. So crimp up your hair and makeup and all for that time. I just wanted to give you a heads-up. Thank you.

DR. SUAREZ: Wonderful. For those on the phone, we will bring you in virtually somehow. Okay, we are going to turn it to Charlie now. Welcome, Charlie.

Agenda Item: NCHS Update

MR. ROTHWELL: Thank you very much for giving me the opportunity to talk to you. I am sorry I wasn’t able to be with you yesterday so you can get the updates all in order. I had some conference calls with folks in Atlanta that I couldn’t walk away from. I appreciate you putting me on this morning.

I mentioned something with a couple of you as we came in the door this morning, especially for those of you who are new. I want to thank you. Some of you have been here now your third day. I really think this is what makes government work.

Government is not about people who sign up and get paid by government. It is those people who get involved in a variety of ways and help guide government as best they can. This is one of those examples. I wish that things like this would get in the newspaper.

We do need guidance. Government is like steering an aircraft carrier. Once it gets going in a certain way, it is a difficult thing to get it to move in another direction. Sometimes when you are on an aircraft carrier, it is hard to know whether you are getting into a hotspot or not. It takes somebody from outside to look at it to be able to see you are going the wrong way.

Committees like this are exceedingly important. You shouldn’t be bashful if you the department or parts of the department, including NCHS needs to go in a different direction or consider new things. If not, then this is all a waste of time. Don’t make this a waste of time.

What about NCHS? For those of you have been here before or know a little bit about NCHS, National Center for Health Statistics, we are a federal statistical agency, one of 13 throughout the department.

Speaking of how government can work, yesterday afternoon for several hours, I met with the director of your Labor of Statistics, the director of the Census, the director of Justice Statistics, the chief statistician of the EPA, et cetera. We meet on a regular monthly basis.

We have subcommittees that meet. This is one of the few times that government works across departments. We have to. When you think about it, how could we do mortality rates if we didn’t have denominators that come from the Census?

How could the Census create those denominators if they didn’t know what the births and deaths were in the United States for the communities throughout the United States, which we provide them? You just go down the list of things.

By the way, at that meeting, I talked about the first day of this group, the population subcommittee and what they are looking at as far as community indicators and saying this was an opportunity for us as a federal statistical system to look at these indicators.

They weren’t just about health. They were about the people of the United States, the demographics of us, the economic situations that we are in, the environmental issues that we have and maybe together we can help in this process. I think they are all very interested in how this might come out and what role we could play in helping in whatever way we can.

What has been happening recently in the data geek area? We just published about two and half weeks ago 60 data files from NHANES. NHANES, for those of you who don’t know it is a health examination survey in the United States.

We actually have four trailers put together. They go out through the United States. They not only interview people in their home, but we have physical measurements that take place, and they are very controlled.

When you are looking at issues relative to hypertension and cholesterol and things of this nature, those measurements really come from NHANES.

One of the areas of my interest and NCHS is that we need to improve the speed of our data release. It is nice to be historical, but I would rather be historical current. NHANES is no different than any other. I was really pleased to see that we were able to publish 2013 and 2014 data a couple of weeks ago.

Now, we publish in a cycle of two years because our sample size is about 5000 people a year. We really can’t say a whole lot until we have two years worth of data. Sometimes we really can’t even say something with two years of data; we need four years or data.

When we do some of these releases, we will talk about two years, but then we might, if we are looking at age groups or certain race groups, we will add in another couple of years.

I also feel strongly that NCHS should publish its data. They should say something about it. We are required to put our data out in data files. We can’t say something and not put data out there because we don’t want anybody to think we are cooking the books. They need to be able to replicate what we do.

With NHANES in the past, we have normally published in journal articles first, which means that this is not a negative about journal articles at all. You never know whether they are going to be publishing. You don’t know when they are going to be published. I feel that we should be coming out with right away the major indicators, and that is what we are doing.

For the first time, you have already seen there was something recently on obesity and on hypertension. Those were what we call data briefs. We can put them out very quickly. They give the overall indicators.

What we will do is we will follow-up in journal articles. Hopefully, the journals will accept them, which I think they will. That will go in more detail about these findings. We are going to be coming out with a series of nine data briefs on NHANES within the next three months. This is something that I am very pleased with.

We also published information from HIS, Health Interview Survey. That is the survey where we actually go in. We don’t take measurements. We go in, and we ask people questions. We are able to do this not just at a yearly basis, but because of the sample size, which is much larger, we are able to quarterly estimates.

As you may know, we do quarterly estimates for health insurance. It has been because of the topic of the day that has been the gold standard by which the government has measured whether in fact ACA has had coverage impact, which, of course, it has.

What we also do is we publish health indicators. We have a variety of health indicator folks who are not able to get to healthcare because they didn’t have the money. There were a variety of other indicators that we put out. We just did that for the first six months of 2015.

We are going to be coming out. We have delayed it a bit because we wanted our partners to get used to it. We came out with quarterly publications for vital statistics a few months ago. It had a few indicators on it on mortality. It got some attention.

The next one we are coming out with could have actually already happened, but we are letting everybody get used to it. It will come out in a couple of weeks. We will have 20 indicators in it. It will have the 15 leading causes of death.

It will have interesting things like death due to firearms. It will have to do with deaths due to overdose of drugs and a few other things that might actually be topical. What I am getting at all of the sudden is what has happened with vitals in speeding it up is that we now have a surveillance capability.

As I think I have reported to you before now vital statistics on the mortality side will be used to monitor the flu and not the old 122 city reporting system, which has been in existence for longer than I have been in public health, which is a long time.

Timeliness is not the important thing, well it is important, but it is not the only thing. One of the future things that NCHS has to work with, with our partners in state government, but more with healthcare providers who are required to complete birth and death certificates is to improve the data quality.

We all know problems with data quality especially on death certificates. That needs to be improved. I think we can only do that if we can go in a timely fashion back to the provider of that data and ask him or her did you really mean this. This seems like an unusual sequence of events that brought about this death.

My usual joke, which is a true joke unfortunately, is did you really mean plaque or was this plaque in the bloodstream? Those things happen, and you need to correct them before you publish them. That is going to be a major effort for us.

By the way, we are going to add to that quarterly report for vitals where we will be adding high risk birth events to birth certificate in 2016. It used to be that we would do sort of a preliminary report, but then because it took us so long to do our final report in vitals we are probably going to drop the preliminary report.

We are getting data very quickly. If we can get over the hump with a few states, I think there is no reason why we can’t be publishing, not while I am here at NCHS, but not too much later. I think we should be able to publish two months after the close of the year for complete final reporting.

From some states, we are getting close to 50 percent of our deaths right now are coming to us within 10 days of the event. That is unheard of. Some states are giving us over 80 percent of their events within 10 days. That is our goal in the future. That is helpful.

By the way, yesterday afternoon, I went to an awards ceremony. It was sponsored by the Washington Statistical Society and the American Statistical Association, ASA. I believe it is their highest award, and it was given to one of our staff, Jennifer Maddens, who is the Associate Director for Science in NCHS.

I am really happy that that took place. It was appropriate. They recognized her for a variety of things and coming up with measures of disability that are now being used not just in the United States and a variety of surveys, but internationally.

I want to point out one thing that she was heavily involved in. Why I am bringing it up is because I think it relates to what NCHS and other federal statistical agencies should be about. I mentioned data brief.

It is a publication that comes out. We require that it has only a fixed number of tables, very few, a fixed number of graphs and writing that is to the point. It is usually a maximum of maybe five pages. Those are not easy to write sometimes.

This is something that has to be topical. It has to be something that is really important to us as a nation. I think that is what a federal statistical agency is about. It is one of the most difficult things to do.

It is very easy to publish a compendium annual report that nobody looks at that has stories within it, but nobody teases out and we let other people make those statements. I think that is what we used to do. Jennifer was very much involved in getting us to provide topics that really are meaningful.

The real hard part is not to say anything about policy. That is not our role. If we say something about policy it taints everything that we do. What we do is try to inform what policymakers and folks should be doing, or at least give them the data that they can argue about. We call it informing the debate. That puts us in the crosshairs.

Sometimes people would rather us not publish this information. They might not want us to publish the information at this point. There are a variety of things. I think those are the chances that we have to take. I am not going to say that it hasn’t caused me heartburn at various times with people being upset with us. I think if we want to talk about what a federal statistical agency is about that is what it should be about.

Naturally one of the dangers we have in this is that people can argue that we are cherry-picking. We are picking those items that are only of interest to this administration. You need to be very careful that that is not the case. They have to be items that are of interest to everyone that we see that are going on.

It is an interesting process. I just wanted to take that opportunity to let you know about it.

When we were talking one of the things that is coming up right now that some of you have probably heard about is all of our surveys in NCHS and throughout government are having problems with response rates. We are not having the problems that private industry is having.

Private industry publishes stuff that sometimes has a 5 to 10 percent response rate. Still, we are getting in the 70 percent response rates for HIS, and we need to improve that or at least maintain that. How do we do that? By the way, we just had last week other countries including Canada here. They are having the same issue.

It is not just the problem with people not trusting government in the United States. This is just that people have other things to do and they would rather not respond to this.

One of the problems we are having in HIS is everybody wants to put their questions on it. It is now an hour and half long. Do you want me to knock on your door and say do you have an hour and a half that you can tell me all of your personal health information? It is a hard sell.

What we want to do is cut this back to an hour or 55 minutes or between 55 and 60 minutes if we can do that. That is a 30 percent cut. How are we going to do this?

The other problem we have is that HIS along with our other surveys we don’t get enough money to do those surveys within our own budget, which, in a way, is a good thing. That means that we have to go hat in hand to a variety of other agencies. If we are not delivering for them then why should they give us money to put questions on or expand our sample size?

On the other hand if we are going to be cutting questions we have to be equal on these. Just because somebody gave us x amount of money for these questions if in fact they are not really being used except for one person’s research issues then I think they are going to have to be cut.

This is going to be a very difficult process. Last Friday, I thought Friday the 13th would be a good day for it. I had my HIS staff give me the first straw man on how this was going to be done.

Our approach at this point is to have a core set and then have a lot of rotating questions coming in and out. We send out to everybody that we know of to consider what questions are important to them and which ones aren’t.

The information that we got back from everybody is now our survey would be about three hours and 30 minutes. It is going to be a fun time. We are going to do it. We have to do it.

I think we will have a much better survey in the future. The problem we are going to have is I would like to be able to test some of these questions and how we are going to do it. We don’t have the money to do it.

Basically what we are going to be doing is just trying to come up with the best scheme we can and cross our fingers when we go out in 2018 that this will work. There is no way that I want to hurt the Health Interview Survey.

There is no way that we want to make it not as useful as it was, but we cannot continue to do things like adding questions even though they might be important in one area or not and not be able to really represent the United States. That is what this survey has to do. Whatever we say, it has to be representative of the United States.

That is something that you are going to be hearing about and probably not in a positive way. I think we are probably going to be goring everybody’s ox or favorite dog.

The other thing that is going on that is an internal mirror to this organization that Jim helps direct. It is the Data Council within HHS. One of the things that they are working on is trying to align our surveys better and some of the questions better within those surveys.

This is a long overdue activity. I am glad that Richard Frank who is the ASPE has taken this on. You talk about HIS being an issue. Try to get it down by 30 percent and align our surveys and ask which surveys you are going to use for which purposes?

When you collect certain information on smoking or something, those are just covariates to be used with that survey and not to be used as the prevalence, if you will, of something. That is a hard conversation to have. We are going to try and take it on. By the way, this afternoon we are going to be having that conversation. You all may be hearing a little bit about that as this unfolds.

The other thing I wanted to mention is that I hope that this committee can become closer to the Board of Scientific Counselors. Walter and I have talked about having an ex officio member on our board of Scientific Counselors for NCHS, and I hope that will take place. I think it is really important.

With that, I will take any questions you have or get out of your way.

DR. SUAREZ: I think we will start with questions.

DR. COHEN: Charlie, I want to applaud your efforts for timeliness. It is phenomenal. It is really going to change the face of public health, having data ubiquitously available in real-time. It is a real standard for states as for the feds to adhere to. Thank you so much for fighting a really difficult fight.

I had one question. I know OMB is considering changes around the collection of race data. I was curious. What is the process at NCHS when OMB comes up with revised standards? How do you incorporate them into your work?

MR. ROTHWELL: I don’t that OMB will change the race standards. I believe Census will. I don’t know what the outcome will be. The problem is we want to collect information as carefully as we can. We want to make sure that we are not leaving out certain groups or we are not combining people in certain groups that shouldn’t be combined. Certainly the race/ethnicity issue is a thing that Census is trying to resolve.

It will have an impact on us whatever they come up with. They are going to need that type of information from our vital statistics. After all their inter-Census estimates are going to be based on vital statistics. If we don’t have that type of race information on it, we are going to have to do a variety of manipulations in order to make that happen.

Also, it will impact if we are using those denominators that will cause some issues as well. I think it has to be done by the Census. This is one of those things where we have to see how this comes out. We will have to make changes when it does take place.

It is not to say that they haven’t listened to us. It is not to say that they haven’t made presentations to us. It is not to say that they aren’t doing the best they can. They are going to have to make some decisions. If they make any changes at all that is going to impact us.

DR. QUEEN: Just to add to what Charlie was saying, OMB and Census have a very large inter-agency workgroup predominantly with the statistical agency representation. I know I was on it when I was in ASPE. Virginia Cane is on it and others from NCHS. The issue of vitals and administrative records was brought to the forefront.

It has been in the works for several works. It is a long-term taking a look at things for how they collect it. Nothing is going to happen without a lot of involvement across the federal statistical system. It is a very slow moving process.

MR. ROTHWELL: In the end, I believe in this case, unless things change, correct me if I am wrong. When we went the last time, this was being driven by OMB and they were making the call. I think in this case John Thompson who is the Census director is going to be making the call. He is doing the best job he can listen. In the end, he has got a decision to make.

DR. MAYS: Thank you as usual for bringing us up to date about lots of issues that are important to us. I have a couple of questions. One of the things you talked about was publishing and getting materials out.

One of the things they are starting to push at NIH is when articles go out, there also be like these infographics so that the “common person, the customer and the consumer” would be able to do it.

I am wondering if that is a possibility to think about as you put these briefs and things out and whether or not there are these one-pagers that can appeal to a broader public that might be useful in the agency being seen for the value that it has to the general public.

MR. ROTHWELL: We have a project going on now and part of the fiscal agency we call data visualization. What I am thinking of, and we have already put some out in using vital statistics. We are going to be expanding it into other surveys.

What we should be having is a story line, whether it has to do with changing fertility rates, whether it has to do with changes in hypertension or something like that. There are storylines that everybody tracks.

To me, what we should be doing is as we update a data file for publication automatically that storyline should be updated. It should be made available in a very simple graphic way. It should be able to be manipulated. The public is much better at looking at things a little bit differently and modifying it.

I would see us actually putting something in a database that would drive this data visualization capability. Long-term I use this as an example. It is Health United States, which contains by NCHS and data from throughout the department and other departments.

Even though it is a beautiful publication and it is our pride and joy, it should be completely automated. It should be updated as a data file is updated. If it has to do with hospitalizations and if that is the most current thing, it should be updated. The graphs should be updated as well. They should be manipulated.

Basically Health United States should be a database that has a visualization component that the public would be able to see and use. That is really to me where we will be going and where other federal fiscal agencies should be going.

The problem is government does a lot of things for very good reasons and sometimes they get in the way of other good reasons. We have requirements for good reason for those people who are visually impaired.

Things that are available for those of us who don’t have visual impairment, we need to be able to provide something to them where they can get the same information. This has been a game-changer. It has worked well.

That being said, what did I just say this was about? It was data visualization. By its very nature, it is not going to meet that requirement. My position, which isn’t agreed to yet, is if in fact we are providing data visualization capability, and there are links to every data item that drives this, and that we can in some way provide a storyline that explains then that is okay. I think we will get there. Right now, we are not there as a government. We will get over it.

DR. MAYS: My second question I raised yesterday was when we were talking about various surveys. I know that the NHIS is up for redesign, but at the same time while you are required to do the re-design, there are no resources to do the redesign. For that redesign that is probably the most critical health survey for us.

I raised the issue here whether we should be trying to write a letter of support and encourage some kind of resources for that. As I understand you need to design cross-walks. You need to think about additional sample to test out new items.

As one who does survey, I think several of us appreciate the cost of this. We also want to make sure that the NHIS gets it right and does it well. I am wondering if you can talk about the needs so that we can make a decision as a group as to what we might be able to do to help with that.

MR. ROTHWELL: I am sorry I can’t ask for funds here. I think you actually said that better than I did. Let me get back to one of my comments before. Let’s say you are an agency that has been funding HIS because we are providing certain questions that you are really interested in.

All of the sudden, we are considering maybe dropping some of those questions or doing them once every two years or something of that nature. Are you going to continue to fund us to do that, and would you be willing to give us additional money so that we can gore your ox even worse? That is a hard sell.

Unless the money was to come from the department or somewhere else, it is going to be a tough thing. I have no discretionary. If you want to talk about budgets, I can talk about my budget. Our budget is basically in two areas, our own personnel costs, our staff costs, and the cost of data collection.

Our data collection folks are both government and non-government people. In vitals, it is state government that we pay. For HIS, for example, if you want to know what Census takers do when there is no Census, they do HIS and other surveys on the side.

Last year I went to talk. We had a retraining of our Census folks who do HIS. I had to make the same presentation three times because there are over 1000 interviewers that are doing HIS throughout the United States. We pay the Census obviously for that.

Then for our other surveys, we pay WESTAT does NHANES and University of Michigan does NSFG. Those two pockets are data collection and their salaries are our budget. I have no money to do any type of innovation.

Let me talk about where I see a major problem in government. That is even if government is funded appropriately, and let’s say that NCHS is funded appropriately then we are going down this track, but we are tied to that track. If in fact we need to fly instead of being on a track, we don’t have the ability unless we stop something completely and then lose those monies.

The only way that I can do anything or anybody else can do anything is to stop something completely, take those funds, and then you have to convince folks to do this to try something new.

When you are doing a survey when everybody is dependent upon, how can you stop doing that? It is really a problem. Let’s say for NCHS or otherwise, CMS has this now with their innovation center. I think there should be an innovation capability somewhere in HHS. They would be testing this out. It doesn’t have to be in NCHS.

If in fact they find a better way of doing something then I am going to have to be required to do it and make those changes. Somewhere it has to take place. Our government is going to go its usual way and the changes will be slow. There is no money within our organization to do something like this.

DR. SUAREZ: Thank you again for those remarks. We are going to go to a break. We are over time. Privacy and Security Committee and partners from federal agencies, please, Michael and Denise. Is there anybody on the phone with any questions to make sure that we include you? Okay, then Michael and Denise.

DR. O’GRADY: I just want to congratulate you. This all sounds great, especially the faster turnaround times. In terms of policymaking that often is the big stumbling block. You are telling us about something three years prior or something along those lines.

The one thing I want to bring to your attention because I don’t know if you see this side of the business on a daily basis is NHANES is really vital. When you think about the pressure to have more and more government-funded research and be able to answer policy questions one of the stumbling blocks that comes along methodologically is we see things funded mostly by NIH and CDC that are clinical trial basis.

I don’t have to tell you that there are people feel a clinical trial is the gold standard for pretty much anything and we should all just do clinical trials to decide what cereal we are going to have. Anyway, what they had and what I personally had –- most of my outside research is now in diabetes –- if you finish up a clinical trial and you want to be able to say something about the broader implications than the 300 people who were in your trial, if you don’t have a link, NHANES is your path.

I have been on clinical trials that had NHANES data that matched up with what we were saying. We could talk about racial, ethnic, age, clinical adjustments to think about what the implications would be for the broader population.

I was on one where we didn’t have an NHANES question. We were stuck. We would say nothing more. We just assumed that these 300 people look like the rest of the country then the implication would be x, y or z. I guess I was thinking that you really do have a powerful instrument here. On the HIS, we can’t just keep asking.

I guess when you are taking things like blood samples; it seems to me that you may have more flexibility. That may be an area. I know a guy with diabetic macular edema. They were just stuck. There isn’t a question. There wasn’t a large enough sample. They were just stuck.

Those sorts of things with some of the stuff having to do with a peptide measure, those blood samples you have an ability to expand out without taking anybody’s time. I was just thinking about NHANES and the overall kind of inertia where you feel like your sample sizes are being squeezed and these other things are being squeezed.

There is this disconnect between people not really realizing how vital this survey is. There are major breakthroughs that will go no place other than get somebody tenure, which is not considered a policy outcome.

I think there is that world. Registries are, in my opinion, an attempt at clinical trials on steroids, but it is not a representative sample of the United States. If you figure out how to operationalize it, I think there is an opportunity that NHANES could really get the recognition of what it can do and then expand to do more.

MR. ROTHWELL: Thank you. No I have not really given that a lot of thought.

MS. LOVE: Please don’t retire. We need you. In data collection in the states, I recognize that the healthcare landscape is just rapidly changing and the providers are changing and the whole thing is a little more complex out there. I am wondering if there are any more changes in the surveys in the hospital survey given all of the churn out there in the field.

I don’t know what your response rates are, but are there other ways to get some of those core data elements. That gets back to the resource reallocation within NCHS and if there are any administrative simplification opportunities there and maybe I am asking the wrong questions.

MR. ROTHWELL: No. You notice I didn’t say anything about any of our healthcare. The reason why I didn’t is because we are timely. The reason we aren’t timely is because we have this great potential called electronic health records. I think I mentioned this here before. It is a lot of potential for us and something that could save us a lot of money and expand our sample.

The problem we are facing is of standardization within the electronic health record. You know better than I do even within a specific vendor what they market with one hospital system might be different than another. Frankly it is about what the physician needs and what is good with the patient in that institution.

It is not about NCHS and how we can then accumulate this information. I think it is something that we are going to overcome. That will be huge. We are sitting on it potentially. It is not that hospitals don’t want to provide the information to us.

As a matter of fact because of some of the things that we have with use of electronic health records, hospitals are encouraged and physicians’ offices are encouraged to actually provide data to us. They are volunteering to provide more data that is out of scope of our actual sample size, which is nice. We will have to figure out what to do with these data.

In the end, how do we get data standardization? Most likely we will have to have some sort of software interface that the vendor develops that we will have to fund so that we can say something.

What I am really afraid of is that we are going to say the wrong thing. One data item that says the same thing is measuring very different in these different systems. It is a great potential.

I am hoping next year I will be telling you that we have overcome this, but I have been telling that to Tom Frieden and folks in the Department, for now two years, and we haven’t.

MS. LOVE: I just think that NCHS could be that nexus of hybridization between some of the administrative data and some of the enhanced clinical feeds. This may be heresy, but there is so much administrative data being collected out in the states like some of the structural measures could be fed to NCHS and NCHS could focus on how to hold those clinical feeds out of the record.

I just think doing it all is cumbersome and expensive. There may be other ways to do it. We don’t have to solve that now. I would love to talk to you more about that.

MR. SCANLON: A couple of things. The meaningful use stage 2.5 actually has a requirement that providers be able to report to answer out surveys so that maybe down the road. As a practical matter, Charlie remembers, the department ASPE has funded a couple of pilots with the healthcare surveys to try to see how far you can push really for quite a while now.

In fact the committee was very instrument in a workshop where we had some of the vendors and others come and look at what was standardized and what wasn’t and what was usable. I think Charlie is right.

You have to see the vendor system. The hospital survey and the ambulatory care survey I think are well into this. We are far away from national. There are islands of excellence, but we are still pretty far away. Again, it is a strategy to work for, but it is not an immediate answer.

Related to that in terms of innovation what we have is an evaluation fund. This is not a lot of money. I think some of the innovation that NCHS has been able to do was the result of the department and ASPE using the evaluation fund for probably $5 million dollars to test and implement the sexual orientation questions. It was a big methodological study, you remember, Charlie.

Secondly, this pilot with healthcare surveys, which we will continue to do, is the provider survey as well. The quick response capability for the health in your survey and so on, probably every survey has been able to use some of those evaluation funds.

It is not a lot of money. It is not a redesign kind of amendment. You have to compete with a lot of evaluation questions. There is always that and sometimes the department can actually look around and find a bigger amount.

Again, no one is getting increases in their budgets. We don’t know what this fiscal year is going to hold for anyone. It is a little tricky. It really takes some very great skill and leadership skill to navigate these waters nowadays.

MR. ROTHWELL: I would just say to wait for funding for something like this is not the thing to do. We are going ahead. We will do the best that we can.

DR. SUAREZ: Well, Charlie, thank you so much again for your participation in the meeting and for hosting us here at NCHS. We look forward to continued partnership with NCHS.

We are going to turn things to Linda for the Privacy and Confidentiality and Security Subcommittee report activities.

Agenda Item: Subcommittee on Privacy, Confidentiality, and Security

MS. KLOSS: I am going to come up here so you don’t have to look in two directions. Our guests are going to come around the corner. Our goals over the next hour are to bring the committee up to date on the work of the Privacy, Confidentiality and Security Subcommittee to hear from our colleagues at the Office of Civil Rights and ONC who deal with privacy matters.

Then we will come back and have a full committee discussion to help guide our subcommittee on priorities for the next 12 to 18 months. I have been doing some digging and talking to people. I am going to present a set of things that I think maybe sweet spots, but we will look forward to having the committee weigh in and the two of you to weigh in also.

Let me just make a few introductory comments and then we will hear reports first from Rachel and then from Jeff.

The first thing I wanted to do is remind you who is currently on the subcommittee. I am called the co-chair, but I have no co-chair at the moment. Dr. Leslie Francis mentored me into this rule. She has since gone off of the committee, but she is a member of the working group, so you will need her and become familiar with her. She represents that privacy perspective on the working group.

Sallie Milam who is on the phone is a longtime member of the committee, Vickie Mays, Walter Suarez. We are in active recruitment for new members, and I am happy to say that Barbara Evans has indicated that she will join the subcommittee, although she could not be at today’s meeting.

We are looking forward to her participation. I think she described herself as you heard on the orientation call as a HIPAA policy wonk. She is perfectly situated for our work.

I have also talked to most of you about thinking about joining the Privacy Subcommittee. I think many of us wear a couple of hats with regard to subcommittee and you have really got some skill sets that could be terrifically helpful. I think as we talk about the work ahead at least over the next 12 to 18 months, you may see whether there is a direct interest in match-up. That is our subcommittee.

What I wanted to do was give you a little bit of background about what we have accomplished over the last 18 months, and that will kind of roll into what we do going forward. Working in conjunction with Population Health, the Privacy Subcommittee in 2012 issued a letter to the Secretary outlining a privacy or stewardship framework for community use of health data. That was in the form of a letter.

In 2013 and 2014, we worked in fleshing out that stewardship framework and produced a toolkit for community users of health data. That was referred to at the meeting on Wednesday. I keep chiding that we are going to produce a link to that. Dissemination of that toolkit is one of our current priorities to produce a useful document like that and then not have it widely used is a sad thing.

We have had help from our colleagues at other agencies. I did tee-up a slide that showed where we disseminated it. We had help from Community Commons. Bruce has done a presentation at NAHDO and referenced it. We presented this at the NCHS annual meeting.

I presented at AHIMA’s Privacy and Security Institute. We have been trying our best to disseminate this. I am going to ask for everybody’s help on that to think once again about who might benefit from this. We will get a link out to it. We will appreciate if you would just take a look at it and scan it on the website.

I think it has usefulness for a lot of the association audience. For example, at AHIMA they have put it in their body of knowledge. It is a referenceable document with a link, and I think many other organizations would benefit from the same thing. So toolkit, dissemination remains an ongoing project for us.

Then most recently the subcommittee held a hearing last May on the 1179 exemption to HIPAA, which exempts financial institutions when they are doing the routine processing of dollars, if you will. This had been looked at by the National Committee in 2004.

We were doing the environmental scan status update. How have things changed, particularly since financial services and healthcare are working so much more closely together today than even a decade ago. We were updating that landscape.

The last meeting the committee approved a letter to the Secretary updating that environmental scan and making four recommendations. I would urge you to take a look at those recommendations. They really related to issuing clear guidance on some of these issues. That had been a recommendation made in 2004.

We reinforced it and kind of updated it, to provide some specific education, particularly around business use agreements and the relationship between payer, provider and financial institutions. We recommended across industry think group where there could be some continuing dialogue between financial institutions in that industry and healthcare.

One of the points strongly made by those who gave testimony is there is a lot of expertise in cyber security and security in general in the financial system that we should be importing and taking advantage of in healthcare. If we had a group that met regularly that share expertise that might be very helpful.

We called it a public/private group. We weren’t thinking particularly of government convening that, but perhaps a third party like WEDI or some other organization that has membership from both groups.

The fourth recommendation was that we have a definitive and scholarly review of distinctions between the laws that govern privacy in healthcare and the laws that govern privacy in financial services. There was just this disconnect with financial services saying we have got that covered.

Yet, there are some philosophical and fundamental differences between the way Gramm Leach Bliley approaches privacy and the way HIPAA does. If we are going to have a more effective dialogue, we need a better across industry understanding. Those were our four recommendations.

We wrapped up our work at the end of December. We are just sitting around now waiting for our next challenge. With that background on recent work, I have not even touched the surface on the history of the contributions of the National Committee on this whole privacy debate.

When you have a chance to look at the website, there have really been some seminal primers on privacy, important letters on sensitive information and a lot of important topics through the years. What we have also been doing is trying to coordinate very carefully with ONC and with OCR.

Leslie Francis served as a member of the privacy tiger team of the Health IT Policy Committee, and I am now serving on the Privacy and Security Workgroup. That has been very helpful to make sure that we are coordinating our efforts.

I think with that I would like to stop and have Rachel introduce herself and report to you from OCR and then we will come back and we will talk about where we might go next.

MS. SEEGER: I am Rachel Seeger. I am a senior advisor with Health Information Privacy Division within HHS Office for Civil Rights. It is nice to meet many of you for the first time. I do have a slide deck.

Before I get started, I wanted to mention to Linda and the other members of the subcommittee, that I have a letter directed to Walter on behalf of Secretary Burwell from Mary Wakefield, dated yesterday. This is acknowledging the recommendations by the committee on financial services in section 1179 letting you know that your recommendations will be shared and carefully considered by the department.

There is a personal thanks to the members of the committee for your continued efforts to improve health data statistics and health information privacy. Thank you very much.

Linda also acknowledged that she had a very good meeting with our Deputy Director for Health Information and Privacy, Devin McGraw, on what we could do together moving forward in the coming years.

I don’t think we are sitting. We are very much eager to get started on next steps. Some of those next steps are exciting opportunities. We are looking forward to speaking with you about them.

I thought we were going to be able to share a little more with you in terms of news because we have lots of pots on the burner right now. I did want to highlight one of the most important recent activities we have had.

OCR has launched a new portal to invite developers to ask questions about HIPAA privacy and security. This is really geared towards the developers of mobile health applications.

Many times we hear from these developers after they have moved a product to market. They are trying to work with covered entities and/or business associates or they discover all of the sudden that they are a business associate or perhaps a covered entity well after the product has been launched.

We want to reach people while they are in research development, raise awareness of their obligations potentially under HIPAA as well as provide an opportunity for them to dialogue with us about areas in which they might need further guidance. This portal allows them to do it.

It is hosted on a cloud-based service called Idea Scale. As you can see from the URL, which is hipaaqs.hhs.gov, it looks from the outside like it is us. Unfortunately as I was demoing the portal two days ago it was a little glitch. I am going to advance the slides and show a series of screen shots.

When one lands on the portal, you can see here that it is very plain language to help out developers. What are your questions about HIPAA? On the left-hand navigation there is an opportunity for individuals to learn more about HIPAA by diving a little deeper. I will show you some of those screen shots in a moment.

On the right navigation, it allows individuals to engage with us on their issues and concerns related to protecting health information in the design and development of M-health products.

We also have at the bottom of that screen as well as on the top a link to popular questions. I wanted to highlight for you some of what we are hearing developers since the launch of this tool on October 5.

One of the burning questions is, are we a HIPAA-covered entity? I would like to profile that question a little bit more. We have also had a number of questions related to patient-generated protected health data.

This might be a PHR, for instance, a personal health record. There might be other types of patient-generated information and whether that data is covered under our rules or how it might relate to data that is being held by business associate and questions about help with the business associate agreement.

I think this one is related to encryption of EPHI electronic protected health information, a question from a teaching hospital and so on, a question about cloud computing.

As part of these questions, OCR is able to respond and provide some answers. The question here is, are we a covered entity? We respond with a little information as well as the link to the covered entity decision tree on CMS’ website.

Individuals who are users can vote on whether or not this was helpful. This also helps us to get some feedback on how we are doing.

As I mentioned we also are able to offer some helpful links. We direct people to information on what is HIPAA and who are covered entities, information on the Privacy Rule, privacy basics, sample business associate agreements, FAQs and more information.

What is to come? I wish that I was coming to see you two weeks from now because I would have so much more to share. That means that when we come back next quarter there will be all the more information to talk about.

As I mentioned to you previously we have a final rule. This is related to mental health prohibitors and HIPAA and reporting to the National Crime Index for individuals who are attempting to procure a firearm. This final rule is over at OMB, awaiting publication.

We also have been doing a lot of work on access guidance and FAQs. We have been partnering very closely with Lucia and her staff. We have some exciting announcements to make when we are ready to launch this guidance. I think it will be great work.

More guidance is coming including guidance on cloud computing. There is a lot of exciting cross-cutting work that we are doing with ONC, FTC, FTA and others. All of us are very aware that the landscape of healthcare delivery is changing.

Now more than ever health information technology especially applications that improve all of our work processes are coming up on the market. There are lots of questions out there from the industry and users on how these technologies play within the HIPAA space.

We are hard at work at issuing guidance on access and mobile applications, cloud computing and more, so stay tuned please.

DR. SUAREZ: Thank you for that update. It is a very exciting area of work. I wanted to probe a little bit more on a couple of things. I think on the access part there is a great opportunity. I think it is important to continue to advance the need and the education of all of us around patient’s ability to access their health information. I think that is very welcome.

There is one area that is evolving and becoming a critical part of how we do business. That is something called patient-generated health data. Patient-generated health data comes in different forms from different sources in different ways, different types of data. Examples include fitting data into the electronic health records.

There are two major aspects about it. Of course one is really the ability to transmit the data in a standard way. Then there is some question about privacy and security considerations around it. I wanted to ask about that. That is one question. I am going to ask two or three quick questions.

The other one is about you mentioned mobile health. It is very exciting and challenging to see how, for example, if I pull up my cell phone and I try to do certain things with respect to electronic health information, I have at least five different agencies regulating that aspect of the data, whether it is ONC or FDA or FCC or FTC.

One of the recent conferences was at NIST and OCR conference. There were a few examples of how you do certain things with your mobile tool whether it is a cell phone or iPad and as you go through the process there are different pieces and different agencies that affect that.

The question becomes the coordination of all of that and certainly the ability to develop guidance that shows how the different elements of the different regulations apply to the different life cycle processes on this including FDA and FTC.

It is very exciting to hear about the partnership and engagement of OCR with FTC. I know Devin recently mentioned it at IAAP meeting a couple of days ago. So there is that area. That is the second question so if you could go a little farther into that.

The third question is a big one also which is about precision medicine. Precision medicine is more and more becoming the center of a lot of discussions, whether it is congress or at NIH or White House and other locations. It is very exciting to see the energy and the interest around that.

There is a lot of consideration around privacy and security and I know recently the White House released some new elements around privacy and security principles on precision medicine. If you could talk about those three, know this might be also a question for Lucia.

MS. KLOSS: I want to give Lucia an opportunity to do her update first before we look at those big questions, but it is up to her.

MS. SEEGER: Before I turn to Lucia, let me take a moment to perhaps elaborate on the cross-cutting work that we are doing together on M-health. Then Lucia and I can maybe tag team a bit on PMI.

I could talk a little bit more substantively about the access guidance being part of that work. Then we will get back to patient-generated data or Lucia can take the lead on that.

Let’s talk a little bit in more detail because I think that there was a HIMSS event last week at which FTC and OCR staff spoke in a little more detail about the work that we are doing together with the FDA and ONC to address this issue of cross-cutting regulations.

We are aware that there is a lot of confusion out there. This is why I really wanted to be able to highlight the work that we are doing. We will be able to come back in a few months and be able to showcase some of this exciting work.

We are working collaboratively on a tool for developers and others to walk through via a mobile platform. It can also be accessed by a desk site these regulations in more detail. Our portal offers a chance for individuals to ask a lot of questions.

This tool allows individuals to drill through a flow chart in a very interactive way on whether or not they are a covered entity, whether they are a business associate walking through the different types of rules.

FTCs breech notification rules, OCR’s breech notification rules, the HIPAA security rule, the HIPAA privacy rule, FDA’s work directs individuals where they can find information through ONC and NIST and a host of other important links all in one interface.

I saw a walk-through of it yesterday on a test site. It is fantastic. We are working collaboratively across all of these agencies to talk about how to really launch this in a way we get most visibility working with associations, user groups, media and others.

I think that it is really going to push people forward in getting them the information they have been asking for.

MS. SAVAGE: I just want to mention one other thing. When I was describing this early on, it was actually conceptualized about a year and a half ago. ONC sort of started it. FTC asked to take over the sponsorship.

We said absolutely you have so many more resources than we do just to even get it out on the web. It is a really great collaboration as Rachel said. It has been going on for months.

What we envisioned was like a TurboTax thing where it asks are you married, yes or no. Your answer sends you to the next appropriate spot, so that you don’t have to rummage. That is the idea. Create a tool, an interface, where developers and others as well can see if you are developing a device and you know to go full-bore FDA.

Are you developing a wearable that is really just FTC? What would be security best practices if you were going to adopt them and all of those different complexities?

We want the developers to have the privacy and security tools they need to meet the consumer expectations. We don’t want them to be obscure. We are doing the best with the resources that we have.

MS. GOSS: When do you think that will be available?

MS. SEEGER: I think it will be early 2016 and likely January.

MS. SAVAGE: We have been really pushing to have it ready for HIMS, which is the last week of February because that is a great audience for that. It is really in FTCs hands. I know there was a demo yesterday. I could not go it myself. It sounded fantastic.

MS. SEEGER: I think they are very eager to launch it.

DR. SUAREZ: Around the middle of February there is another very important event, which is NCVHS.

MS. SAVAGE: We always try to do stuff right after we talk to you, Walter, so that we can save it for the next quarter.

MS. SAVAGE: The other thing I want to say about this is we are all acutely aware of the change and the technological environment with the advent of this, whatever this thing is. I was reading a news clip this morning about a type 1 diabetes kid whose mother sends him text messages through his phone about when he needs to take insulin shot at high school. That is so cool.

However, being as we work in an agency that has a lot of regulatory facets, we are really aware of the fact that sometimes government moves slower than technology these days.

We are really doing our best to scramble and do what we can to advance the ball, but we do need those public/private partnerships where developers and organizations actively try to figure out what is the best thing to do instead of waiting for somebody to tell them. That is where growth needs to happen.

MS. SAVAGE: I am Lucia Savage. I am the Chief Privacy Officer at the Office of the National Coordinator for Health IT. I know many of you. It is always a pleasure to meet new faces.

I was last with you in mid September. Of course, we dumped 800 pages of paper on the health IT universe in the first week of October. I could not talk about it then. I will mention a few things today.

First, I wanted to say thank you to Linda. The toolkit has a supporting actor wall in health big data report that was released in late September and transmitted to the White House recently. It has gotten a fair amount of play in the big data de-identification sub-universe of healthcare.

I think the toolkit and the testimony that Linda and her colleagues for us was really helpful in filling in the outlines of some of the things we are grappling with about the need to learn, to find the patterns that we want to replicate, to find the patterns and the data we want to break. How do we do that in an environment where the consumers still trust us? I just want to say thank you, Linda.

First, in early September, I think Steve Posnack was at the Full Committee yesterday, and he gave a full briefing on the roadmap. I am not going to go into that in detail. I talked about that before.

Have you guys had a briefing on the new data criteria in our 2015 addition rule? Has that happened? T here is some privacy and security features, and there are some data features. I think it would be useful for you at your next meeting to ask Elise Anthony who is the replacement for Jody Daniels to come and brief you on the data collection features of that rule.

I will talk about a few things that are in the consumer privacy and security space and features of that rule. That rule takes effect for equipment that is in use January 2018, where developers choose to have it certified and the rule applies to a module of their choosing to have certified.

There are three features I want to talk about today. Relative to the mental health space, the rule does require that certified EHR technology make APIs available to developers that aren’t in the system that is generating the API. Does everyone know what an application programming interface is?

Think of this way. It is an engineering door, the app, like your online banking. How many online bank off of their phones. You have an app on your phone. It is engineered to connect through a doorway to your bank. That doorway is the application programming interface or API.

Actually there is a decent Wikipedia entry on this for those of you online. You can Google it right now. Right now in EHR technology within an EHR ecosystem APIs are in-use all of the time. Kaiser has APIs all over its system, which let it move information around in the system in the right quantities.

It is a very standardized technology in financial and retail services. What we have done in the rule is require that certified EHR technology developers create systems by which people who develop apps that the consumer chooses to use can have those apps knock on those doors. We want to meet the consumer where they are. That is where the consumer is.

I will give you an example from my own life. I have a physician who uses EPIC. I have my chart on my phone. EPIC proudly announced that you can do online scheduling except the API doesn’t work on the phone, only on your laptop.

Who is actually scheduling a non-urgent appointment when you are sitting at your desk? You are doing it on the subway on your way home when it is convenient and you can think about it. There is much to do in this space.

With that advent, which we had a lot of discussion about with our policy committee and with many stakeholders in the system, a lot of concern has arisen about is an API appropriately private and appropriately secure. I have what we are doing next about that and I will get to it in just a second.

The second thing that we added in the rule is you remember under HIPAA individuals have a right to get a copy of their record and also require that that record be transmitted to a third party of their choosing except under very limited circumstances when the holder of the data can say no. You will find out a lot more about that in the guidance that Rachel referenced.

In our 2014 addition we created the view download transmit feature, which is a technical requirement for the portal that helps an individual take advantage of those rights. That can log into the portal and view certain data fields like they would see a copy. They can download it to themselves like they would obtain a copy to themselves. They can request transmission of those data points to a third part of their choosing.

In that rule, we specified that the transmission had to be through an encrypted email system. At that time, direct protocol was really ascendant. If you really dig down into OCR’s 2013 preamble, you will find that a patient can choose an unencrypted method of transmission. We don’t really regulate the patient’s behavior. Patient’s can do what they want with their data.

We took that to heart, and we added to the new rule that a developer has to offer an individual of choice for transmission between encrypted email and unencrypted email. We want to empower the patients to get the data where they need even if there is other grit in the system among the providers or other concerns. The patient needs to get that data where they need it for care, and we want to empower that.

Again, people are probably concerned about the privacy and security of that. You will see this coming out in these iterative waves as we go through trying to explain this access rule to people. I have explained this to my physician colleagues that yes in fact the patient can choose to put their data in an insecure un-private place. They are allowed to do that.

Third, and I think you guys have had many briefings before about data segmentation for privacy, to your point, Walter, about patient generated health data. In the new rule, we have created these optional criteria of DS for P-send and DS for P-receive.

If you will remember, this is an HL7 fully balloted standard that helps identify when data is subject to special protections. It is either tagged for not being re-disclosed once or tagged for being re-disclosed only one time and not further down the stream.

We are able right now to ensure that DS for P can be applied to a single CCDA document. Not to get too technical, but you can imagine a CCDA that has no medical information at that subject to special protections and the different CCDA that has medical information, but it comes from a part 2 facility.

That second CCDA can be tagged DS for P as you can’t re-disclose this electronic document without the patient’s written permissions, et cetera. If you want to hear about the part 2 rule, you need to have SAMHSA come and talk to you.

We put that in the rule as option because we want to build the case for people taking advantage of technology that is out there to do this very important thing and to segment the data. We know that segmentation needs to occur in many circumstances for part 2 of course relative to state’s specialized privacy laws.

Theoretically, Walter, you could segment patient generated health data. This data was contributed by a patient and we may or may not have validated. You can use the technology that way. That is in the rule as well.

There are a lot of features of the rule about the data and EHRs are able to collect. You should definitely talk to Elise about that. There is a sexual orientation and gender identity dataset. They have adopted the IOM dataset standard for race and ethnicity and not the Census standard. You should definitely have Elise come talk to you about that.

Going back to the APIs and the unencrypted email, there is lots of concern about the privacy. Our policy committees agreed to launch a joint taskforce that is focused on privacy and security issues relative to APIs in healthcare. The charge was given September 10. You can go to healthit.gov to look at it. We will kick it off on November 30. It will run about six months.

I am going to paraphrase the charge for you that we are trying to solve. Our workgroups do work to answer charges that come from the FACAs themselves is to identify three things. One is what are special unique security problems for APIs in healthcare compared to the security challenges that API have just generally?

To give you an example, fraudulent credentials are not unique to healthcare. It is a general engineering problem. It is not special to healthcare, if I pretend I am Walter and try to login as a physician to a hospital system.

Similarly what are unique privacy considerations if any for APIs in healthcare that aren’t generalized issues of privacy? Like role-based access is a standard that helps us make sure that data isn’t accessed by people it is not supposed to be accessed by. We want that for our financial records too. We want that for our retail records.

We will be working with the FACA to separate wheat from chaff so that we can find issues that are specialized for healthcare that ONC will need to help address.

The third part of the charge is what are priority actions or activities that ONC could engage in that help consumers and physicians feel confident in an app-enabled API world they are actually doing all of the right things in terms of who gets to use the apps. How does the data get disclosed? Who gets the data? How much data is it, et cetera?

That will happen for about six months. Obviously taskforce meetings are open to the public, so you are welcome to dial in. I will say that the people on the taskforce are pretty set and fixed. We are not taking new members, but you are welcome to join in on the public line and we would be happy to give you a further briefing next time we meet about what progress that group has made. It won’t be done with its work until May.

The last thing I wanted to talk a little bit about is security. We have been doing a lot of work on security. Security is very high on everyone’s minds because more than 100 million Americans have had their data breached this year. I personally got my letter from the OPM just two days ago. Yes, my fingerprints were compromised, the whole 9 yards.

I will say I think they are going through alphabetically because I have friends whose lasts names are earlier in the alphabet who got their letters like four weeks ago. I just got mine this week. I think it is alphabetic.

DR. SUAREZ: I have got mine. My name starts with W, and my last name with S, so I am sort of at the bottom of the list. Maybe they started from the bottom up.

MS. SAVAGE: There was the main OPM data breach and there was the other data breach. I am getting a letter for the second one, which is why my fingerprints are over there and my mother’s address and everybody. It is what it is.

To remind you, health information security is super-important. At ONC we really think it is an enabler of interoperability as opposed to a barrier to interoperability. We think that the security technology in the healthcare system needs to mature pretty significantly.

I drew on my white board for my staff a bell curve of mature health information security. On the top of the bell is the line. We are a little bit to the left of the line. We are not even at average yet. You will see in the roadmap. Obviously, we chance security. Every time we do a rule we increase the criterion. I can go over those in detail with you from the new rule if you want. You can look that up.

There are things that the industry could do right now without a rule and adopt practices that are actually ubiquitous in financial services, and we really need to beat that drum. We will be beating that drum pretty loudly.

For example, ubiquitous penetration testing or third party audits of security systems, ubiquitous use of multifactor authentication for people with wide access to the system. This is a really interesting balancing point. If we are trying to enable patients to really do self-care and self-management, we don’t want to make it hard for them to access systems.

The data an individual has access to be pretty microscopic compared to a whole system and a pretty low security vector. We are constantly reminding people that you don’t want five factor authentications for me to get my data, especially when I can do any stupid thing I want with it. It may be a stupid thing to do, but I can do whatever I want with it once I get. There is a lot of balancing that has to be done in that.

The second thing we are working on is how do we help people respect the credentialing systems each other have put in place. Many in the room are old enough to remember when you could only use your ATM at the machine that was branded for your bank.

Now the banks have figured out its finances. The data is a lot less complicated. It is how you can use and charge you for the privilege of using somebody else’s branded ATM. They recognize that card and that card and the credential that card represents. They don’t say they are not going to give you money. They figured that out. We need to figure out how to do that in healthcare. We are doing a lot of work on that.

Lastly, I will say for security, this is a hugely important national security issue. Not only is it about black market and fraud and healthcare costs and all of those things. We really don’t want data in the hands of people who are using it for stealing our industrial secrets and profiling our citizens for espionage, all kinds of terrible things.

We actually have pretty broad inter-agency workgroup, OCR participates. Most of the HHS agencies that manage data participate, DHS, National Security Council, treasury, justice. We are trying to make sure that we are doing what we can as a government to move that line that is to the left of the middle, half of the middle on that charge. You will be seeing a lot of talk about improving security and healthcare in the coming year. I think I will stop there.

MS. KLOSS: Questions?

DR. RIPPEN: Thanks for the great briefing and the work that both of you are doing. I will reiterate a question or a comment that I made yesterday, but then also maybe a few questions about whom else you are pulling in to work with you across the government. One is related to the great opportunities for app developers.

I think it is really exciting providing them some guidance. With the internet and having gone through the fraud of the internet and the role of FTC and FCC trying to figure out if a third party EHR personal health record is available? Sometimes we don’t know that we are doing stupid things.

The question of what is the role of ONC in coordinating that for preventing fraud or inappropriate use. Now you can aggregate and you can manipulate. There are some challenges with regard to that.

Then the second is really around liability. As we know security in the healthcare system is not where it really needs to be. There has been a big shift in the types of crime as it relates to health data. First it was more identity theft, but now it is healthcare fraud.

The individual who usually have to pay the cost in healthcare, which is different from the financial, is the patient. There has been estimate of $15,000.00 to $18,000.00 for every individual. That was data that I read. I don’t know how true it is. Those are the two buckets.

MS. SAVAGE: You have to remember that ONC basically has two powers. One is that we can write a rule that specifies what the certified EHR technology does. That may in the future encompass other types of health IT. We haven’t actually begun rule-making in those spaces.

Then we specify what technology has to do when a developer wants to have it certified. Some developers don’t want to have their technology certified. Then it has to be used in the meaningful use program by somebody who is required to use certified EHR technology.

There are a lot of dependencies and incentives built into that. People behave different. We create technical capabilities and then peoples’ behavior is something else entirely.

My favorite example is we require the capability of encryption at rest in our 2014 rule. People actually don’t take advantage of it as much as they could. I was really interested in the encryption question that ended up on Rachel’s portal. I think that we will see some more information coming out in certain environments that this capability exists and you should take advantage of it.

The other secret power we have is exhortation convening, education and that whole realm that is kind of arm-twisting. We really don’t have the power to make people do the right thing. We can tell them what the right thing is.

For example, if you are thinking about your system and if you have patients and they are going to be allowed to unencryptically transmit data, you can ask your engineers to put a privacy popup in that system to say do you really want to do this. Now it is going to be in somebody’s gmail account and all of that stuff. That is in the healthcare stakeholders to adopt those best practices.

Then the second thing I would say about fraud is that we are working a lot in concert with OCR on how people can share data, particularly for fraud detection. That is an opportunity under current rules. Maybe people take advantage of it as fully as they can. Maybe they don’t. I don’t have the quantity on that.

Lastly, I think the big driver in detecting fraud is going to be CMS. There is the big elephant in that room.

DR. RIPPEN: You are the national coordinator, and you do have the ability to coordinate across the different agencies. It is just the nuance is if you are actually leading the development or the guidance and standards and for applications and you are providing tools for developers. It is nice to integrate with the others who then are the watchdogs to ensure that the public is protected. It is just a nuance so I understand.

MS. SAVAGE: I don’t want to give the impression that we are not talking with our sister agencies ranging from OIG to FDA pretty much on a daily basis about various things. I obviously can’t get into the details of that.

MS. SEEGER: Related to fraud, as I was just sitting here and as you were talking, I got an email from our friends at FTC. They are launching an early 2016 improvement to their existing site at identitytheft.gov. This may not be news to you.

These improvements are now going to allow individuals to be able to have a better interface for filing complaints and for getting a filled out version of an IDT affidavit and to have an opportunity to create an account within FTC, by which they would be able to log into the system and have better information on the complaint that they filed and next steps for getting more information on identity theft.

We are all working in concert together to ensure that consumers as well as users have the tools that they need to ensure the privacy and security of the health information that they have.

DR. MAYS: Your presentation is so exciting. It is wonderful. It is like a new day. One thing it is it would be great if there was a case study of how you did this. Part of what data access and use workgroup wants to do is to help other people do what you have done, to really learn how to connect with entrepreneurs and how to put out what their issues are and have that be a source where the entrepreneurs can look and say here is something I can develop.

I know it is another piece of work, but any kind of way of here is how we did it or case would be great. I think we would like to invite you at some point to come and talk to the workgroup to get with the entrepreneurs to even get them to give you even more suggestions of ways in which this can spread. If you can think about it and let us know if that is a possibility then we can work with getting that across other HHS agencies.

The second thing, you are talking about these things specifically for healthcare, there is one more domain that I want you to think about. That is the health and healthcare research. The issue of what the privacy issues are, what to do, I will you because I am one developing an app. I had to go through a lot with the IRBs and things like that.

We are not under a HIPAA environment. A lot of this research is done outside of the actual healthcare setting. Again, any guidance that you can give about what the privacy issues are in terms of using these data, particularly when we are developing these apps that are on the topic of health and healthcare would be wonderful.

MS. SEEGER: Related to that, Vickie, we are working very closely with NIH right now. As you might remember when the HIPAA rules were first rolled out, there was a lot of different guidance being generated. At that time, NIH had some money to be able to help work with OCR in the development of guidance on HIPAA and research.

Maybe one of the most valuable tools that are out there we link to off of OCR’s website, but the guidance resides on NIH’s website on HIPAA and research. What we have been working on has been updating that guidance. It will move back over to OCR’s website.

I think that NIH in particular for their grantees and others and users of research data they are very interested in helping to put that information out in more plain language so one doesn’t have to drill through that guidance, which can take a lot of time.

I think this FTC joint project that we have all had in using something like TurboTax as an example is really going to be a great tool for us all moving forward in being able to get people exactly to the guidance and questions that they have in a more intuitive way.

DR. MAYS: There is a training opportunity. That is that NSF and NIH have M-health training that they put on several times a year. Wendy Nelson who is with the workgroup would probably love to have a module that is in that training. I will connect you with Wendy.

MS. SAVAGE: I have a couple more comments. First of all, you guys all probably know that there is a notice of proposed rulemaking relative to common rule that is on the street. I believe the deadline is early December. I will say that there are proposals in there that really help to try and synchronize HIPAA and the common rule in a way that will be much clearer.

I will ask you all to check that out and make whatever public comments you want to make. That has been a very intentional effort on the part of the administration to update everything so that it fits together more seamlessly so that you guys in the research community, consumers and providers can understand it is a pretty complicated environment.

We are trying to make it a little bit less complicated by making it more synchronized.

The second thing I would say is if you will recall under the PCORI trust funds, 20 percent of the fund is reserved for some development by ASPR. We have six projects at ONC, and other agencies have other projects as well.

In my shop there is one project about a privacy and security framework for patient-centered outcomes research that you will see the work developing on that over the next year or so.

There is a second project which is to identify technical standards for capturing in a computable way consents that individuals give when they choose to participate in research.

Then there is also a project that is in the consumer E-health division of the Office of Programs on patient-generated health data and what should be the standards for how we make sure we are appropriately accounting for patient-generated health data in the research context.

In those lines, this work on apps and APIs is actually intended in part to support PMI. As we move forward into precision medicine universe, the researchers will want to not only have samples they take from individuals and claims data and clinical records, but they will want to put wearables and trackers on their research participants and track that data.

The data has to be at a standard quality. It has to be usable. It has to meet privacy standards and security standards, et cetera. All of that work is to the point of are we a coordinator. There are actually many coordinators within the federal government. We are just one of them. That is just some of the work that we are doing in support of the research side of using data.

DR. SUAREZ: We are moving at the speed of light in some cases. I think it is very exciting and very important to also be cautious about a number of things. I am taking notes. I have six different things that I wanted to say. I am going to be quick.

With respect to the APIs, major concerns with respect to what Helen talked about. One of the concerns I want to express here is the fact that a lot of the API vendors that are out there are portraying themselves as acting on behalf of the consumer and the patient.

They want x-system, Mayo Clinic or whoever, to open the door and to allow us to access that data of that consumer of that patient. Behind the scenes there are all sorts of concerns and risks about what they are going to do with the data ultimately.

As soon as the data is given to them or whomever is running that the data steps outside of the covered entity world. There are all sorts of concerns around that, fraud and abuse.

Believe me for a system and for all sorts of other system in the country that have a lot of data and a lot of people knocking at the door to get access to that data “on behalf of the patient” we are extremely concerned and not at all only about our risks and liability, but more importantly about the risk and liability of the consumer when the data comes to them.

APIs are very welcome, but there are a lot of considerations around privacy and security. There are a lot of patient portals there too. The concern is that there are a lot of patient portals. I have my data in 15 different portals. I have to go and access the data in all of these different portals and keep up with whatever needs to be done or learn about it. It is confusing for the consumers.

I think it is important to look at how to simplify the lives of consumers in terms of accessing the data by adding more portals is going to be more difficult. DS for P is data segmentation for privacy that it is what it stands for. It is the incredible ability for technology to allow consumers to increase their control of access to their data and to what extent to the data.

If I choose to say I want this data not to be re-disclosed and my provider who lives in California sends it to a provider in Wisconsin, the provider in Wisconsin will say thank you for the information, but in Wisconsin we are not required by state law to stop the disclosure of your data for a number of reasons. It is not just treatment and payment operations, but other reasons.

The reality is that providers and basically the industry are still going to be dependent on what the law says we have to do with respect to the data. There is going to be a clash between what the consumer has put in their system or they believe they put in, in terms of not wanting the data to be disclosed with what the law requires to be done about that data.

Now, data segmentation for privacy was created because of something called 42CFR part two. SAMHSA promoted and advanced the development of this technology. Certainly we develop at HL7 the standard for that. I think it is going to be important to match the technology capabilities with the policy and regulatory requirements around privacy and about the need to disclose that data.

Two more quick points, identity management and trusted identity: So NSTI, National Study for Trusted Identity in cyberspace, President’s initiative back three years created something called IDESE. They didn’t create it. NIST actually promoted it.

Now there is an identity ecosystem steering group. It is called IDESE that provides for promoting the development and adoption of industry of trusted identifies. We don’t have good ways to control authentication of the identity of a person when it comes to a system let alone authorization of what they can do with the data and access control and all of those things.

We are actively participating in it. Healthcare is one of the tracks within the IDESE to try to find a new way of creating a trusted identity in the identity ecosystem for healthcare in our industry. I think that is an important point.

You mentioned patient-generated health data. I had a couple of questions of patient-generated health data and precision medicine. I think you guys covered it. I think it is very exciting.

Lucia, you mentioned patient-generated health data, one of the projects that ONC is funding to develop. This is a very important project. Probably not a lot of people know, but ONC funded the development over the next 12 to 24 months of a national policy framework for patient-generated health data. There are lots of opportunities and lots of questions about what do we do with the petabytes. That is the new term. It is not terabytes anymore.

What do we do with the petabytes of data that will be coming from all of the different tools and resources that are used by consumers that might inundate our systems and be presented to the provider and create situations where the provider might be missing really true valuable critical information because of the volume? This is talking about big-data, volume, velocity, variety. This is patient-generated health data.

The sources, the variety, the volume is there. There is lots of opportunity, but I think it is going to take some good thinking about it too. Those are just some points. I don’t know if you want to react to some of those.

MS. SAVAGE: Relative to state privacy law if you went back and looked at the draft and the final roadmap, you would see that ONC actually has a specific plan specific to our abilities to coordinate. That plan has already started. I went to NSHB in October and took my state privacy law specialist. We are really trying to get the states to understand the implications of this super-complicated environment.

What we can bring to the table is expertise on the impacts for the movement of data for patient health for the cost of care. We are adding a flavor. I have a lieutenant colonel detailed in my office right now from the Army War College. He has been very instructive about the 17 million people in the states that could be recalled to active duty at any moment.

Twenty-two percent of them have PTSD. We can’t move data about their mental health because 18 or 25 state laws. How do we solve for that? We need our service people to be ready if they are called to duty maybe more so now than ever.

We do have a project for that, but we have to recognize that we have a federalized legal system; states under federal health law have a right to enact their own laws. If they are going to make decisions they have to make decisions themselves. Of course we all have worked with our own state governments. The complexities of running a state are gigantic.

States may have their own priorities. We are extremely aware of those issues, Walter. We are trying to do our best to make sure people are aware of them. It is on the stakeholders to surface that as an important thing that we need to collectively address.

I use my Twitter feed as my personal news service. It gives me my clips. An interesting one yesterday was somebody who worked for a large vendor tweeted, “Isn’t healthcare now an interstate activity,” compared to 100 years ago when it really was quite localized. Those are all important policy questions to think about.

The other think to think about that I don’t want people to ever forget is we have all of these specialized laws because people were actually suffering health status discrimination. States recognized that and made controls on the data to prevent discrimination.

It doesn’t matter whether it was epilepsy as mental health or HIV/AIDS or reproductive health services for a teenager, all of those come back to health status discrimination. Whatever we do, we have to keep that in the forefront of our minds. We don’t want people afraid to access the healthcare system because something bad in another domain of their lives might happen to them.

Lastly, I am with you. My security team is completely embedded over there. I would nothing better than to see the entire healthcare system move away from the passwords on the post-it notes. We do have a very long way to go. I don’t know if you wanted to add anything, Rachel.

MS. GOSS: Lucia and Rachel, it is always great to have you here. It is so informative. Clearly, I think we need to extend some opportunity for further dialogue. There are a lot of good ideas and a lot of cross-cutting emerging things that we need to tackle.

I have a question that goes back to the last update you gave us, Lucia, with real-world practical examples of permitted uses of TPO. Being in state government and trying to advance health information exchange, sometimes we find that HIPAA versus T and O and what it means. It becomes info blocking dynamic. I am very curious when that body of work might bubble up. I think it is really valuable.

MS. SAVAGE: We remain very excited with the project. OCR has been a fantastic partner in advancing this project. We are going through the stages that we need to within health and human services to release this information in a way that is really reliable to the field. We are looking wildly for lots of people to amplify it and take it out into the field.

For states, there are communities of practice through ONC’s regional extension centers and workforce training and all of those are planned avenues for deployment of this information already. If you are from a state that has a SIM-Grant, you can also take advantage of the CMII state health IT resource center where ONC is funded in fact to explain this stuff to states.

If you are in a state and you don’t know how to access the health IT resource center please send me an email and I will connect you to the right people within ONC to do that. It is only for SIM-grantee states.

MS. GOSS: And that can be for planning or resting?

MS. SAVAGE: I believe it is for all SIM-grantees. I think there are 35 states total that could be involved. There may be somebody else in your state already accessing, which is not to say you can’t join the party. I don’t know because I don’t do that work myself directly.

MS. GOSS: The other thing you listed a really great set of existing resources. For those of us who are no longer under ONC FOA as an HIE, we are left out of that conversation. It is a real gap.

MS. SAVAGE: When these materials are ready to be made public, we will be looking for opportunities through organizations to really push them out to stakeholders whether it is HIMSS physician affiliates or NCSL or NAHDO or whoever wants to. We are big fans. The taxpayers paid for it. Please go use it.

MS. GOSS: I think it is also going to help us in some further work that we are doing on developing super-protected data code reference lists that can be used in data scrubbing to help establish best practices. Sometimes you trip into that HIPAA world a lot. It would be nice to merry those to works together as we really try to advance the ability for effective data sharing.

MS. SAVAGE: Interesting comment. My personal vision – I can’t say this is an HHS vision. My personal vision is that at the end of the day, 10 years down the road, we code the whole thing, and we know exactly what data has to be protected under HIV law, for example.

To Walter’s point, we have to be very careful as we go down that path. We need to distinguish between data that we need to protect so that the physician feels safe, and they are not going to be subject to legal liability versus data that might have a patient preference attached to it.

We know there are known criteria for certain clinical conditions like HIV/AIDS, mental health or substance use. There are also clinical conditions that people are mortifyingly embarrassed about, but are not subject to special protections. We have to decide as a healthcare system where we are going to put our efforts first.

MS. GOSS: And we are doing it in 56 states and territories. It would be a lot more efficient if we could find to a way to do it federally with the code listings and then variations by state could be focused.

MS. SAVAGE: We actually make a commitment in the roadmap to start exploring that we don’t have resources for fiscal 2016, but hoping that we get them for fiscal 2017. What is at the national medical library that everyone could just agree that this would be the minimum that they would live with? They should be an updated set for ICD-10 and what remains to be done.

We know that there are proprietary tools out there and people sell them. I used to work for a company that is famous for one. I have seen it in action. You are right. To make DS for P work at a coded level, we need to have a standard set of codes that everyone can agree for the most part what they live with knowing that there are still going to be a few ambiguities because it is medicine.

Birth control pills are my favorite example. Is it acne or is it birth control. We will have ambiguities. It won’t be defended, but we can maybe reduce the ambiguities by collaborating and working towards open-source information.

DR. O’GRADY: Just a couple of points and questions. I loved some of the stuff you showed earlier. I am new here. If I don’t go back very much historically you will know why. One of the things I think is really important to make a distinction between recommendations for how people might be more secure or think and then what the risk and exposure is on the other side.

I think it is especially true now when we have lots of people coming into this world that have no healthcare background whatsoever, whether it is application developers or other kinds of folks.

I think some of the stuff you are doing and making it visible to are you covered or are not covered and the risk exposure, I think it is critical to be able to make that distinction so people understand the risk and liability on that.

The second one I think from the standpoint of authentication and how you provide some of the information, the policy side of that is pretty interesting and very complicated. The implementation side of that is even more complicated.

Sometimes I think when we look at policy we tend to divorce from the implementation. It is really important to makes sure we think through all of that. The best policy in the world that takes 25 years to implement isn’t going to be better than the policy that you can do in steps and phases.

Some of the background materials I have read about those kinds of things. I get worried that we will define a big overarching policy that can’t practically be implemented in a short time period.

MS. SAVAGE: On identity management, I think you have to have a little bit of faith in the expertise of ONC. Steve was here yesterday. He runs the Office of Standards and Technology. Just so you know, they are literally down the hall from us.

Within ONC, we have particular domains. My office would be on the case of credentialing and helping our technological developers and our technological standards and articulators.

The people who point to standards understand this balance when it is the individual accessing your records, and what is the risk factor? Therefore, what is the relevant security level compared to a physician or office manager, compared to a system administrator?

Then there job is to identify currently available best standards technology knowing the technology will evolve. The technology I try to make sure that people understand from my perspective it is like a train track. You have to lay the two tracks at the same time or you don’t get a train.

You have to keep technology and the policy together at the same level of development. That is what ONC strives to do. I will be the first to tell you that it is complicated and that not everyone is perfect all of the time. That is what we strive to do. That is what we strive to encourage our federal partners to do.

I am pointing to Rachel because she is a federal partner, and I don’t have any other ones in the room. That is why this navigator tool that Rachel has been talking about is so important. It is six agencies all saying they need to collaborate to help people understand which universe they are in when they are building these tools.

MS. KLOSS: Walter, I know we are late for break. We have got a photographer here.

DR. RIPPEN: It reminded me of when the E-commerce and E-health and everyone streamed into the internet to save the world. A lot of people that didn’t have a background in healthcare actually went into E-health. There was a lot of activity that you could leverage potentially. HIPAA is one thing. It is a guiding principle to some degree.

There were codes of ethics developed that would provide guidance to people that were not familiar with health. There was an E-health code of ethics. There was another one that was just vendor and then the HONcode, which is more for internet.

As you think about this, not only do you need a toolkit about how to understand your responsibilities from a legal perspective, but also from an ethical perspective. Ethics is kind of the ground. It is kind of the pyramid. You can’t write laws for every little variation. It is why you have codes of ethics in healthcare. It provides guiding principles of expectation of behavior and professionalism. It might be also something to consider.

MS. SAVAGE: I would just say this. That is something we certainly drive. Fair information practices and ethical principles underlying them are not moribund, but I do get tweets saying the FIPS are moribund. I do get tweets saying consumers should assume their data is being monetized because the app is free. There is a lot of dialogue to have there.

Of course on the latter, my answer is I get an online banking app free from bank because it saves them teller labor charges, and it has nothing to do with monetizing the data. There are lots and lots of dialogue to have about that based upon peoples’ business models.

I won’t say that all of our eggs are in the navigator tool basket, but we think this is a really important development. The feedback we are getting as we talk about its advent is that people are hopeful and that they will learn better.

At the end of the day if something is unregulated people are going to do what they do and consumers are going to have to be smart consumers.

DR. RIPPEN: The nuance of code and conduct is in contracts and disclosures. If everyone abides to use it, which is why the vendor groups actually went and did this, then they promised not to. Again, you are absolutely right.

Then other organizations can evaluate and given them stamps for following the kind of principles or not. It doesn’t require regulation. There is just participation and oversight. It is the industry that then decides to evaluate or not.

There are some nuances there, but it did actually seem to work in the E-health component of it with HONcode and things like that.

MS. SAVAGE: It is an interesting thing. I am old enough to remember when we didn’t have the little secure icon on the bottom of your webpage. It took a little while for people to figure that out. You would go on the internet and all of the sudden you would get the Viagra ads, and you had no idea where they came from.

Most of us in this room are old enough to remember that awful time, but we have also learned our own behaviors to do that with our own extra tools for fake email boxes and blocking and all of that kind of stuff. Both the industry and the consumers need to understand that is exactly right.

MS. KLOSS: We are over break. We have got a photographer here. This has been great. We just needed more time. Can I just do one thing for two minutes? We won’t discuss it. I thought if I go through where we are thinking this subcommittee needs to go next then that will tee-up our discussion on strategic priorities.

As Rachel said, I had an outreach with Devin McGraw and presented what had been a thought from our subcommittee that we should take up the issue of developing some input to guidance on this minimum necessary guidance as you can see on the slide is really a requirement under high tech. It was really to be published in 2010. It has come up several times here. It came up in the context of the standards discussion on attachments.

That, as you heard yesterday, is coming back as a work effort for standards in 2016. It makes some sense that if we are going to do work in this effort we try to coordinate that. This was a top of the list item for the Office of Civil Rights also. I think we have their encouragement to take that issue up.

A second issue that came out that we have talked about as a subcommittee, certainly we began to explore this in the toolkit to put the issue of de-identification and re-identification in layman’s language or as close as we could get to that. Again, Office of Civil Rights confirms that this is an area that could stand some refresh particularly the Safe Harbor method. That is getting long in the tooth.

I know we heard from you, Jim that some research had been done by the department in this. I think there is some opportunity to coalesce around that. These are not insignificant topics, but they could be very practical and useful in the near future.

Also, as a subcommittee, I think in 2016, we should be prepared to comment on the request for information that OCR will be issuing on harm and proportioning of civil monetary penalties. I know that is something you heard Leslie Francis suggest is an area for our subcommittee to tackle.

There is an RFI coming out. I think there will be a frame-up for our ability as a subcommittee weigh in on that. We don’t have to initiate it. We just have to be tracking it and be prepared to comment.

Walter, I think you and others have talked about getting out of our current mindset and taking a broader and longer-term look at a future view of health privacy that isn’t necessarily constrained by our view of HIPAA and so much of what we talked about is problematic because it is outside of HIPAA, in NCVHS fashion getting up to 30,000 feet and looking out longer-term and modeling this or creating some framework.

Finally, there were a couple of other areas that have been floating around the privacy implications of predictive analytics and algorithmic transparency was the phrase that Devin actually shared when I discussed this with her. This had come out on the hearing with the financial services. I know, Walter, it is an area of interest.

I think there was agreement that this could be useful. Then personal health apps, we have heard that train has left. We will look forward to seeing what other groups do there.

I deliberately imposed as co-chair I put these in order that I thought made most sense. These are in sequential order. I think as we look out over 18 to 24 months and scope out our staff resources and other resources to do this, I think when we get to priorities after break and after photos, we can come back to have some discussion around this.

I had hoped we would have enough time for some dialogue, but we will get there. Certainly, I have shared this with Sallie.

DR. STEAD: I just want to make a suggestion that probably fits in the last bucket. People are now being inundated by things that are in privacy practices. They are not particularly well-communicated.

I think we might have an opportunity to establish an industry-wide understanding of how you might present an individual’s current opt-ins and opt-outs on a single screen in a way that in essence would bring forward everything you have done around your privacy policies in a way that would let you turn on and turn off your preferences and get it to where it was a patient-centered view and not something that is hidden in registration, et cetera. I think that might fit in your last bucket.

DR. MAYS: Mine is the mental health issue that we brought up the other day that had come up before about CFR42 part 2. I think it is really in need of some guidance. I don’t think it is a long-term thing, but I think it is an important thing.

MS. KLOSS: The subcommittee has worked on that issue in the past.

DR. SUAREZ: Thank you for the feedback. I have my own ideas, but I will send it to you via email.

MS. KLOSS: I think for planning purposes we will need to figure out what our mechanism is for talking through this and getting everybody’s input. We will have a subcommittee call to process.

DR. SUAREZ: Thank you so much, Rachel and Lucia, for coming. We could take a full day on privacy and security. It was very good and exciting. We all get excited about it.

One of the good outcomes was you have a new member of your subcommittee. Before Robert left he stopped by and asked me to mention it. I think he is going to send you an email about joining. Then there is Barbara. Thank you so much again.

We are going to go to a break. It is 10:55. If you don’t mind taking a shorter break like a 10 minute break, we will take whatever the break needs to be. Let’s come back at 11:10.

(Break)

Agenda Item: National Committee Goals and Objectives Discussion, Strategic Plans, and Next Steps

DR. SUAREZ: So for the next agenda item, we are going to look at inside the document you have in these tables. I am not going to present it or use the project. I think they are working on the connections for this afternoon. I want you all to pull up this document that has some yellow headings.

Let me briefly mention to all of our new members the process. Every other year, roughly, we go through a process of assessing where we are and how we can improve the work that we are doing. Do we need to realign with the new developments in industry?

Our charter really is approved by the Secretary of HHS every two years. Our existing charter was approved January 2014. We are just about to get the new process finalized. The executive committee took the opportunity during the summer to hold an executive meeting to review where we are, what is new thinking about goals and objectives and our vision and how is our mission shifting?

It was a very good meeting, a very good discussion. We developed a template. We reviewed it. We modified it and updated it and discussed it with the full committee in September. We presented it and reviewed it. Then we updated it some more and we have the final version that we want to present to you all, especially for the new members.

We divided our vision. Our vision that we drafted is to improve the health and wellbeing of the people in the US through visionary advice about health information and data policy. It is a simple statement trying to capture the essence of the activity that we do and we look into the future doing.

Our mission is assist and advice the Secretary of HHS on health data, standards, vital and health statistics, privacy, confidentiality and security, national health information policy and the department’s strategy to best address these issues.

The committee’s recommendations should also inform decision making about data policy by state and local over in the private sector. We try to capture in this mission the various domains and areas that we deal with when it comes to advising the Secretary on health information and data policy.

Then we organize the work around four major strategic goals. Within each of the strategic goals we identify three objectives that reflect the work that we do in these four areas.

When we looked at this, you heard Jim yesterday mention HHS overall agency-wide and department-wide strategic plan, which also has strategic goals and objectives and measureable outcomes and elements like that.

We look at that and identify the connections and map the activities that we do against those. That is how we frame the strategic goals really to map and to match and align really well with the overarching HHS strategic plan.

Not to read all of the elements there, but just to say the first goal is to strengthen the data and analytic capabilities. Then that is kind of the focus the data and the analytic capacities that will help us sustain continued improvement.

Each of the three objectives and you will see the theme across objectives. Objective one looks at assessing where we are. In this case assess the capacity to use data. Objective two is to identify opportunities to improve, so in this case enhance the data. Objective three is recommend action, so assess, identify opportunities and recommend actions. That is going to be the three objectives across the four goals.

Again, strategic goal number one was to strengthen the data and analytic capability. Strategic goal two is accelerate the adoption of standards to achieve the purpose of efficiency, effectiveness, privacy and security and interoperability.

Strategic goal number three is increase access and use of data while ensuring appropriate as safeguards. Strategy number four is to recommend long-term strategies in health information quality.

You heard earlier with a comment that Linda made about one of the work items in one of the areas that we really work on, looking at the broader views and perspectives in the industry, really stepping back and projecting into the future how large issues we could address. That is one of the things we wanted to capture in strategic goal number four is long-term strategies.

Again, strategic goal one is data and analytic capacity. Strategic goal number two is adoption of standards. Strategic goal number three is increased access and use of data. Strategic goal number four is recommended long-term strategy.

You see they map with some of the wording that we use to identify our subcommittees and workgroup. It reinforces the area that we work on. Then again the first objective is to assess where we are with respect to the goal itself. The second objective is to identify opportunities. The third objective is to recommend action.

You can take strategic goal number two the objective 2.1 is assess the adoption and implementation of standards, which, as you heard from the entire committee and discussion of the report from the standards committee that is one of the big areas we work on, the review and assessment of the industry adoption of implementation of standards.

Objective number 2.2 is identifying opportunities to enhance interoperability and compliance with this standard. Objective number 2.3 is recommended actions.

Again, I don’t want to read all of the detail sis just give you an overall sense and open it up to get some discussion and some feedback from you all. Let’s start. So Helga and then we will go to Mike please.

DR. RIPPEN: Do we have guiding principles. We have vision, mission, you have all of these goals. Is there some kind of a framework, which I call guiding principles that you can always go back to, to assess if it does x, y and z.

One that people always talk about is cost-effectiveness. Is it implementable? Is it cost-effective? Is the privacy of the citizen being protected, however, you want to bucket it.

Again, as you go through the strategies and as you go through recommendations, you will have this framework to at least consistently approach it.

DR. SUAREZ: Well we do have guiding principles, if you will, around a number of areas. For example, in the standards, is an example that you visited a little bit, we do have a series of metrics and parameters and overarching principles that are used to evaluate the standards.

DR. RIPPEN: Maybe rolling it up and over-arching because is it applicable for other things. I just throw it out because it helps me sometimes with trying to get things done so we don’t go astray or are consistent in our approach. That is just a comment.

DR. SUAREZ: That is a great point. We can actually gather the principles that we have discussed in different ways and different areas. I think we will go to Michael and then Ruth.

DR. O’GRADY: When we talk about the kind of things we have talked about over the last three days there are a couple of buckets that I have been using to help keep track of it and it is almost chronological.

We have the traditional what I think of as data policy issues, the surveys, et cetera, and things like that. Then we have the health information technology, the next generation of thinking about this. This seems to get pretty well between those sorts of concerns.

I noticed in goal number 4, I am assuming it is just language, but I just wanted to know. It does say health information policy. Were you also thinking that it would include some of these things like when Charlie was talking about NHANES and HIS and some of these other issues?

I guess that is still something that is both in our portfolio and something from the comments that people would like to dig into over the next year or so. Can I read that health information/data policy? Is that what the intent was?

Okay, however, you want to think about that one. Now it is in the health information topic, which I think of as the most recent generation and not the older issue.

MR. SCANLON: It is included in the objective, Mike. We clearly intended that.

DR. SUAREZ: When you look at the vision, it says visionary advice about health information and data policy. It is intended to be imbedded.

DR. O’GRADY: I am not asking for a change. I was just wondering if we were all on the same page.

DR. COHEN: We could get to discussing how the population health agenda fits in later. I think Bill will get to that. Over the last couple of days and particularly this morning with Charlie’s presentation it reminded of the committee as a whole and our subgroups, we should really think about going back to our roots, the National Committee for Vital and Health Statistics.

There are infrastructure issues around collecting data, support for health statistics infrastructure. Some are short-term related to re-design issues. Some are longer-term in terms of capacity building for the health statistics within HHS.

I would love to see us as a committee as a whole and parsing out where a appropriate to develop our work plan to address and make recommendations to the Secretary about sustainability of health statistics enterprise of the federal government.

DR. SUAREZ: One way to look at it is vertical. It cuts across all of it as a perfect point. I think that particular one is one that I think a number of us have really wanted to go back to our roots and go back to our name. I think that is something that we should ensure to include in the work in the activity that we will do with this next. Vickie?

DR. MAYS: I want to kind of build on what we are talking about now. I think what happened on Tuesday and then what happened today when Charlie was here really to some extent made me think a little differently about some of this.

We need to say something about the space that we seem to be occupying about the federal data intersecting in some kind of way with the multi-sectoral group or across some of the agencies. Once we make this public, I want other people to see.

You are welcome to come here. We want you at these meetings. We are actually trying, for example, to work across HHS. We are trying, for example, to do Census, HUD, et cetera. As we do our work, it has implications.

We want Census to think about, as it does its work, which it is doing on this race/ethnicity, it has big implications and cost for us. I am not sure how to put that in. That wasn’t on our radar when we were doing this during the executive committee. Somewhere about multi-sectoral intersectionality and across groups we need to put it somewhere. I am not good at that.

DR. SUAREZ: Thanks, Vickie, I think a very critical part of this is our ability to engage as many perspectives and sectors of the industry and stakeholders. I think Robert, for example, has a very good question yesterday about involvement of consumers. I think that is one of the areas that we want to find better ways to include that perspective in what we can do.

DR. RIPPEN: Jim, I guess this question might be directed toward you. You kind of know what you can and can’t do. As we start thinking about the potential partnerships with the other agencies and departments is there a way to invite them to have a liaison that is somehow associated with this?

MR. SCANLON: We can’t call them liaisons, but we certainly can have agency resources. When we have the meetings at Humphrey, it is a little bit harder to get everybody here. We normally have ARC and NCHS and others there. We have VA. We had VA yesterday as well.

At Census, we have somebody who comes every now and then, but not always. What we can call them are agency resources, or something like that. For whatever reason they don’t allow us to call them liaisons. We have always had them. It is a matter of who is there and who else. Census we can have. We have some good folks from Census that have been in and out, but we can do that.

The only thing is that we advise HHS, but everybody else is participating. Everybody else hears what goes on, so even though we don’t give them directed recommendations they obviously hear what the ideas are. They can take and pattern that which is what you did this morning with Charlie. We can certainly do that.

I think Census, ARC, and VA. There is snow white and everybody else. You have to decide how many. There are probably four major ones that could do most of the work in the area. We could certainly do that.

DR. RIPPEN: Is there more flexibility than in the working group or the subcommittee. I know then you can have people external.

MR. SCANLON: Some of them have been participating in population. At some point we had folks that were in from agencies within HHS, CDC. They were in Atlanta, but they could participate. An agency liaison is not a staff person. An agency resource person is representing and hearing the agency in deliberations.

Staffing is a somewhat different matter. There you sort of look at who has the expertise. There is no reason. We just give them a different designation. I think we probably start with census. We probably need NCHS on a more continuing basis here, CMS as well. I think when we get back down town it will be a little bit easier.

DR. RIPPEN: For the reason is for the subcommittee for population if we are really going to look to other departments in this case even and collect data around determinants of health they are more expert in then the opportunity perhaps of including them in whatever is the appropriate manner might allow us to actually get buy-in throughout the process early even through our focus is department of health. I understand that. We are trying to get two for one.

MR. SCANLON: We can’t recommend for other agencies. The only thing is that the committee covers a lot more than the statistical policy or public health and indicators and so on. We lose agency folks and if we pick someone who knows that area and we ask them to sit through two days of standards and privacy and all things that we are interested in. It is not them.

That is why you have to divide the subcommittee or the project work with the overall. We could certainly for the major statistical programs we could get the top three or four.

DR. MAYS: Can we make a distribution list that is E-agenda that can go out for a lot of people to get so if they want to come to the meeting, particularly when we are in the Humphrey Building. If we can come up with other people that we think are interesting in these topics, can we make sure that that distribution list always goes out?

DR. SUAREZ: We do have the announcement on the Federal Register, first of all, of the meeting. Then we have the agenda on the website. We have some distributions to send out.

MS. JACKSON: What I would like to start doing is anyone who signs in with email follow-up with them. If they come into our meeting and actually signed up and attended, we haven’t really followed-up. We can let them know there is a gov-delivery option. Then all of our meetings are delivered with communication specifically to that group.

DR. MAYS: I think at the level of individuals that I am talking it is like we should send them something directly. Send it directly to Bob. I am just using him as an example. Then get our NIH and ARC people, I think we have to add new people at this point. There have been changes.

DR. SUAREZ: We have got to make sure that we have a good distribution list of extended family of NCHS I guess.

DR. O’GRADY: It is outside the regular statistical. I would invite Brendan from CMS or somebody like that.

MR. SCANLON: We can make them come, but Chris Cox and all of the Census folks, every agency. Actually we send the agenda to the Data Council members, don’t we? It gets distributed in the agencies.

MR. LANDEN: Two comments, the first comment is in the mission statement. The system advised the Secretary. Then there were a lot of other groups that we informed. Noticeably absent from the informed sentence is non-HHS federal agencies. The discussion and conversations I have heard over the last three days point to the criticality of engaging with other federal agencies.

I am not all that concerned about its omission here if there is a reason for that because we do include that in multiple places with the strategic goals and objectives. I am thinking given the relative importance, do we want to think about adding other federal agencies into the inform sentence in the mission. That is one thing.

The second is that of the four objectives, two of the objectives in 2.1, 3, and 4.1 talk about capacity. The other two objectives do not. I think it may be an important issue for us to consider particularly with the standards, but also in the long-term strategy about the capacity of the stakeholders to absorb the changes that we are talking about in these goals and objectives.

I think that is a limiting factor. If we spend our resources to develop good stuff that industry or consumers at low capacity to implement. Have we really put our resources where they are the best bang for the buck?

DR. SUAREZ: In all of them, including long-term strategy, the concept of capacity should be built into it. I think that is a good point.

MR. SCANLON: For purposes of efficiency, effectiveness and so on, I don’t necessarily want cost-effectiveness. I think that is a little beyond us. We do say for purposes efficiency, effectiveness, which I think are some of the ideas that Rick is saying. We hear from the industry in that capacity and concerns.

DR. COUSSOULE: A clarifying question, when you say capacity, it has several different meanings. Are we talking about the volume and availability? Are we talking about the stomach to do something? Are we talking about the wherewithal? When we talk about capacity it is a very broad term.

DR. SUAREZ: I think it is the larger concept, capacity to industry’s ability to do the kinds of things, the readiness.

MR. LANDEN: The answer to your question is yes. If there is not the technical capacity in the broader sense to absorb it then it is not going to happen. Essentially we have got this neat thing and nobody is coming to the party.

MR. SCANLON: It supposed to be part of all of our rule making anyway, but I think that is exactly right if no one is coming.

DR. SUAREZ: Let me ask if there are any comments on the phone from any of our members. Anyone on the phone that has any questions or comments on goals and objectives? What we will do is insert important small edits to the text and we will distribute a final version of it after today’s meeting. Then the next step.

The next is really two parts really. One is as an executive committee. By the way for the new member of the executive committee, I don’t know if we mentioned it in the call, it is formed by the leaders of each of the work group or the subcommittee, or the co-chairs are the ones that form the executive committee. Sometimes we meet at least once between in-person meetings.

The executive committee can take the vertical elements, what are the key verticals, if you will? What are the cross-cutting areas such as the one that Bruce mentioned? Then each of the subcommittees and the work group the idea is to begin to fill into these spaces.

As you can see in the top row, in the row that says include under each column, mandatory, functions and responsibilities, how much and by when, the tactics for measuring. The idea is to really begin to shape how the subcommittees work to fulfill these objectives with as much documentation as you feel is important.

Some of the things that we do are mandated by laws and required from us to be done. Some of them are general advisory responsibilities and they are our charter, and we derive the priorities that we look into from discussions with the agency for HHS.

You heard for example Linda mentioned meeting with Devin McGraw, the Deputy Director of OCR for health information privacy. They discussed what you as an agency feel we can contribute best in terms of feedback.

Those are the kinds of things that we want to do. This is an iterative process. This is an evolving process. The idea is to begin to fill this in. At every meeting we will have a chance to report on how things are going if there are questions.

Ideally, you say by the end of June of next year we would have a more complete picture of this. The target would be by our meeting in June and have a completed picture of how this fills in by the various subcommittees and by the full committee. Then we will have a longer discussion at that meeting. Let me see if there are any comments, Bill?

DR. STEAD: Again for people who haven’t lived the discussion, the idea here isn’t that we have to have something in every cell. We are a small committee with limited resources.

The idea is to give us a way to organize what we are thinking about as a work plan and see the degree to which we can get aligned coverage across the activities of the committee and how the work then progresses over time. If you are working in row one of these one year, you may be working in row two the next year and row three the next year.

DR. SUAREZ: Any other questions?

MS. GOSS: So I am thinking about what Bill said. I am thinking about all of the mandates that we got. I am thinking about our healthy appetite to tackle lots of goodness, but our inability to always achieve that. How does that then correlate with the upcoming budget conversation and the resource that we need.

Is there going to be a reconciliation that maybe is more the Jim and Walter level post-us getting the completed view to make sure that we have the staffing resources lined up to ensure that we can be successful in what we say we are going to deliver.

MR. SCANLON: I think, again, my usual guidance to the committee is number one we have to stay in our lane. Number two, we have to select projects very carefully in terms of bandwidth. We can’t do everything that people like us to do. We have to prioritize and pick.

We pick based on who is the client, particularly HHS. There is a client and it is practicable. It is something that we can do. I think this is a matrix too. Whenever we are asked to do something, we have to weight it against our bandwidth, our lanes, and resources.

Again, we are probably not going to get a lot more staff. I have to be honest. We are not going to get over budget. That is just the way it is. I don’t think we are going to increase that. I think we are going to have to be very prudent. It is more about the projects we pick. We can only pick projects that we think we can do. We won’t just keep adding them.

MS. GOSS: Is there a difference between projects that are assigned to us legislatively? I know for standards and review, we have to go back to the well and look at the body of work that we developed as potential candidates for filling out that form.

MR. SCANLON: That is all part of consideration as well. The law requires us to do or the department requires us to do. Planning is a part of that. Again, if we don’t prioritize, it is a recipe for unhappiness on everybody’s part.

DR. O’GRADY: There is a lot to follow-up on that. If our core mission is to advise the Secretary on options and different issues, at this point, other than the more general strategic plan is there a notion of what the issues are in a little over a year of this administration. Are they inundated of health information and what is going to be that priority?

You have internal resources. I don’t mean that we want staff. I mean you guys have your own agenda of what you want to work on and how you want to go and where you want to make these or whatever. We are an outside group, no doubt about it.

It doesn’t do us much good to spend time developing recommendations for something that is way down the list in terms of what you internally think you are going to do. Is there some chance you get a little feel for direction, if not specifics?

MR. SCANLON: If an agency asked for something, Charlie or OCR or ONC that has a priority. We are not going to get a list from the Secretary.

DR. O’GRADY: No. When I was there, I wanted to solve the question of the number of uninsured and bring those surveys together and get that worked out. If there is something like that and the department wants to tackle something while they still have time and they are comfortable sharing what they want to tackle.

DR. STEAD: We were on a track that was a multiyear track and Karen came with the idea if she could detail the name. Bringing those two things together was unbelievably powerful. It effectively added resources, more volunteer than not, but still resources. It got the receptor system ready. When we can work that intersection out let’s move on.

MR. SCANLON: That is a case where the Assistant Secretary for Health asked us to look at these things. Again, my own view is we do this in our internal research planning as well. There should be a client who asks for it and a client who is in a position to use it. That helps.

I would say HIPAA, the administrative simplification helps, privacy. There is probably a lot more there, but we have specific requests sometimes from any office.

Again, you just pick one. We can’t do them all. On the population health side that is sort of where I include statistical policy and data collection and so on. That is sort of where I view the whole data and statistical world. We have to do some internal work obviously with this alignment, but there are some other areas.

Again, the committee is noted for enduring work that is not linked to this group or that group, and it goes away when the winds change. We are not a political committee. We are an expertise-based committee. We look for things that are enduring and valuable that we can look at. I will see if I can get some guidance.

DR. SUAREZ: We have two more items before we adjourn. The first one is very quickly to review what we are going to be doing in the next three months and begin to think about what is going to happen at the next meeting in February.

From a quick high-level perspective, what I heard about the larger elements is in February we are going to have a hearing from the data standards from standard subcommittee. Alex will mention a few more things about it.

During the meeting, we will have some overview of the ICD-11. We will have a panel where we will describe and discuss some of the new developments. We will get some feedback about it. We might have some input and review of the new website and portal that was mentioned by Lucia and Rachel that OCR, ONC and others are working on.

Then we have the report from the committees. I think that is just starting to formulate some of the key agenda items. I am going to turn it to Alex to say a couple of words and then to Bill and Bruce and then Vickie for what you see coming up.

MS. GOSS: Thank you. I anticipate that there will be a “letter” work product for the secretary that will be approved on the review committee efforts out of the February meeting. I believe that we will also have a hearing on Tuesday, February 16, which will be for phase four operating rules and followed in the afternoon by claims attachments conversation.

Then having completed those three items, I imagine we will be solidifying our work plan because we wanted to make sure we were highly informed by the review committee recommendations under the secretary. I believe there will be a secondary effort we will need to look at for other interested stakeholders and industry partner types of report that might be emerging from that.

MS. LOVE: Is this where the APCD standards are going to be?

MS. GOSS: That is part of our mission and vision objective works. We have APCDs in there as I presented in September that we need to figure out where APCD fits versus public health standards. I think that goes back to what Mike was saying about who the client is and who is really interested in it. I think Jim should give us some guidance on if there is any.

I think the vitals and the public health data standards are pretty important as well as the APCDs. Again, there are bandwidth issues.

MS. LOVE: The problem with the APCDs is the laws are being promulgated in real-time.

MR. SCANLON: I view that we have a gap in claims data between the public programs and the rest of the population. I view that as one way of addressing that need. It is not a need in its own right. It is meeting a data need. Again, HHS doesn’t have programs like that. It is a data gap.

DR. SUAREZ: To be clear, there is other input that we received in order to formulate our priorities. One is the industry. We have received inquiries about this and other topics, APCD as well as other topics.

We just received a letter. I want to acknowledge the letter from Pew Trust and folks on the UDI. We will be discussing that and looking into it.

MS. LOVE: Another question. What happens to the Pew letter?

MS. GOSS: That is part of the standards of our committee. We will have to tackle that. We actually have a longer laundry list than just those topics that we listed. We have already done some vetting on that. That is the body of work we need to get back to once we really finish the review.

DR. STEAD: Briefly, what we intent to do is to be in a position to bring back a report from the workshop that includes the direction for recommendations for input and approval at the February meeting.

In parallel, we are going to draft a statement of work around the environmental scan and work with Jim and others and figure out a way to get that done.

MS. GOSS: Framework on hold until we get through a few other things. I just want to confirm my head is in the right space on that.

DR. STEAD: Framework is next stop by the data workgroup.

DR. MAYS: What we will be doing is going through our document and charges. There are some that we may need to bring back to the full group. We have charges that talk about serving as a forum. We have some charges that are monitoring. Some things we think will require a lot more bandwidth and activities; we will probably be talking with the full-committee about assisting with that. We will be doing that.

The other thing that I anticipate is that we are going to be working on the guidance for website reviews. I think those are probably the two big pieces. We are going to have a presentation on that today and make some decisions. Then we will move ahead on that.

I did redo the letter. I appreciate all of the input from yesterday. What I did was put the sentence back in that was out that came right before the charges that talks about the full-committee. As you will see, I highlighted a few things.

My goal is really to try and help us to distinguish between those things which require full deliberations that should come back here and those things where it was my experts in the workgroup just giving advice and advice as experts in the workgroup.

That is kind of our bar of when we need to come or when we don’t need to come. It has a lot to do with is it a full, deliberated process in which recommendations will be made. I think the air for me was saying just to the secretary. I think that is a point that is well-taken.

It can be anybody. If it is a full deliberation where we are going to have something written then that will come back here. We have to nimbly be able to give advice as a bunch of experts who were brought together to talk about what it is this agency or this group has asked us to do. I am hoping that distinction is made.

As much as there may have been a little bruising yesterday it was good. I am an academic. I am used to the back and forth. It made me really think. It did help bring some clarity. For that I do appreciate it.

MR. SCANLON: This is the rule for all FACAs. Any FACA can establish subcommittees and workgroups and there are some rules about how to do that. They in themselves are not FACAs. When they are considering deliberative consensus, the recommendations and advice then it has to come through the FACA at some point for the public participation part.

The other side of this, and there are a lot of advisory committees like this at HHS, is when there is a notion of individual. It is not a consensus, deliberative process. It is a reaction. You could have told Charlie today as an individual your own idea. You think it would be great if he left smoking questions out of HIS or this or that.

Well, the committee didn’t vote on that and deliberate. If he gets that advice, he could do it or not. The distinction here is -– this comes up with all advisory committees. We certainly have learned a lesson at HHS -– if it is deliberative consensus-based advice, it doesn’t mean everybody agrees, but at least the majority votes on it. The Secretary has to go through that process.

If we are asking individuals to react to a website or some other issue that comes and it is individual expertise, a kind of reaction, immediate feedback that normally doesn’t. If it decides to go into one more deliberative report then the full-committee would be involved. It is a little bit of an art.

The department asked us to set up the workgroup to do this. We tried to find a way. We tried to be a little bit flexile here. This is the advice the lawyers gave us. You will know it when you see it. Otherwise they would have created a whole new FACA.

DR. RIPPEN: This focuses on HSSE, and I am thinking about population health and those aspects that impact health, but HSSE may not have the data. Other departments have the data. I guess in the question with regards to this is it limited to HHS data or can it be broadened?

MR. SCANLON: The purpose was to advise HHS particularly on digital data.

DR. RIPPEN: If it has value to HHS because determinants of health seem to be core based on the Assistant Secretary’s comments?

DR. COHEN: Let me give you an example. I want to ask the workgroup. One thing that came out Tuesday was that nobody can have useful access to ACS. The data are great, but it is impossible. I am going to ask the workgroup if they could give us some guidance or suggest models that might improve universal access to ACS.

MR. SCANLON: If it is statistical policy, the workgroup is more of the technology side.

DR. SUAREZ: It is access and use. I don’t think it goes to that level. I would suggest let’s just be done. As this goes through in the discussion this afternoon with the workgroup it gets exercised in the next several months. We will be looking at how it evolves.

DR. COHEN: To me it seems like a reasonable request to these guys. One of these guys might have developed an app. If they look at the data structure they might say this would be a really easy thing to do. They might have that experience.

DR. SUAREZ: We have to wrap-up. I do want to say in closing welcome to all of the members and new members. It has been an amazing opportunity to meet you in person. We will have a chance to meet Barbara at a later meeting. I think she was only one that couldn’t make it or join by phone. I think you have all demonstrated how quickly you are going to jump in and engage.

Your background expertise, knowledge and wisdom are welcome across all of the subcommittees and workgroups and all of the activities we do. Thank you again to you all for joining us and beginning your journey in NCVHS.

I also want to open it up for any public comments. No public comments on the floor here. Okay, with that, I think we are going to consider ourselves adjourned.

(Whereupon, the meeting adjourned at 12:10 p.m.)