All official NCVHS documents including meeting transcripts are posted on the NCVHS website (

Department of Health and Human Services


Subcommittee on Privacy and Confidentiality

April 17, 2007

Hilton Embassy Row Hotel
Washington, DC

Meeting Synopsis

The National Committee on Vital and Health Statistics Subcommittee on Privacy and Confidentiality was convened on April 17, 2007 in Washington, DC. The meeting was open to the public and broadcast live on the Internet.

All official NCVHS documents are posted on the NCVHS Website.


Committee Members

  • Mark A. Rothstein, JD, Chair
  • Simon P. Cohn, MD
  • Leslie Francis, PhD
  • John P. Houston, JD
  • Harry Reynolds (by telephone)
  • Paul C. Tang, MD

Absent :

Staff and Liaisons

  • Maya Bernstein, Lead Staff
  • Amy Chapper, CMS
  • Susan McAndrew, OS/OCR
  • Gail Horlick, CDC (by telephone)
  • Sarah Wattenberg, SAMHSA

Opening Summary about Today’s Hearing

The topic of today’s hearing (Consumer Controls for Sensitive Health Records) referred to the Subcommittee’s letter on privacy, confidentiality, and the NHIN of June 22, 2006.  Two recommendations made to Secretary Leavitt dealt with the topic of today’s hearings, with the understanding that the process should be open, transparent, and public:

  1. R-6 – that HHS should assess the “desirability and feasibility” of allowing individuals to control access to the specific content of their health records by the NHIN and if so, by what appropriate means.
  2. R-7 – if individuals are given the right to control access to the specific content of their health record by the NHIN, that the right should be limited, relative to the age of the information, nature of the condition or treatment, or type of provider.

Mr. Rothstein called attention to Section 164.508(b)2 of the Privacy Rule, the only provision that establishes separate rules for a sub-class of health information (e.g., disclosure of psychotherapy notes).  Broader issues of feasibility and desirability of isolating or applying separate rules are related to patient control of health information.


  1. Complete two letters in the pipeline by June 2007 (note April 27 conference call).
  2. Mr. Rothstein will coalesce some skeletal recommendations for purposes of the June meeting.  Subcommittee members will send Ms. Bernstein at least one recommendation for consideration.
  3. Ms. Bernstein will contact Dr. Kibbe for information about the five main fields of the CCR (continuity of care record).
  4. Subcommittee members were asked to hold June 19, 2007 for a face-to-face working session to discuss potential recommendations (just prior to the June 20th full Committee meeting).

Topics and Presenters

Tuesday, April 17, 2007


Panel I                                    Records in Specialty Practice

Robert J. Fagnant, MD (via telephone)              ACOG; Intermountain Healthcare, St. George, Utah

Representing 51,000 physicians and partners in women’s health, Dr. Fagnant spoke of the need for movement from paper to electronic records as well as for patient privacy and confidentiality.  ACOG supports the Subcommittee’s prior recommendations that allow healthcare providers to continue to store information using the method of their choice.  Individuals should have choice about participating in the NHIN (R-2); and providers should not be able to condition treatment upon a person’s agreement to have his or her health records accessible via the NHIN (R -3).  The ability of a patient to delete information raises strong concerns.  It is the physician’s responsibility to inform a patient about what the data mean and how they can be used.  See written testimony for further information about ACOG’s general concerns about health information technology; previous work of the Subcommittee; individual control of information; specific methods of blocking information; and implications for healthcare providers.

Zebulon C. Taintor, MD                                   APA; Professor and Vice Chair, Dept. of Psychiatry, NYU

Privacy & Confidentiality Protections             The APA is the country’s oldest medical specialty society, representing more than 38,000 psychiatrists worldwide.  While there are great concerns about protecting psychotherapy notes, the APA generally views the electronic record as a “forward planning” dynamic document.  The Supreme Court’s 1996 ruling in Jaffe vs. Redmond established the sanctity of psychotherapy notes; and in 1999, the Surgeon General supported legal protection of confidentiality.  As such, the NHIN must ensure confidentiality.  The non-preemption feature of HIPAA is considered to be essential.  Uniform federal standards must maintain existing state protections. The GAO’s 2006 Information Security report was cited relative to the potential for fraud and abuse of medical and financial privacy within Medicare, Medicaid, and other programs.

Enforcement Methods and Access Control        Rigorous enforcement mechanisms are needed.  Relative to R-6 text, the APA believes that the more severely ill the patient, the more likely s/he is to withhold information.  Some degree of access control by patients might strengthen the trust relationship and make them less likely to withhold information from healthcare professionals.  The APA supports the patient’s right to control specific elements of his/her electronic record (such as control over access to their PHR).  Regarding R-7, physicians must have a complete picture of relevant clinical details in order to provide the best care (which includes information about medications, hospitalizations, surgical procedures, diagnoses, employment, family illness, legal or financial problems, interpersonal relations, and other life stressors).  Sensitive information is more readily imparted within an open and trusting relationship between physician and patient.

Access Concerns & Recommendations       In emergencies, an electronic system is advantageous due to the integration of clinical information across providers and settings.  Access concerns include the possibility of misinterpretation of findings by patients; and patient distress with results that are not accompanied by discussion (e.g., lab values that are slightly vs. grossly abnormal).  Access laws should include information about the role of people who access personal health information and ensure that the reason for access is meaningful to the patient.  The APA recommends that electronic health information allows for granular access and sharing.  It is important for people to realize that insurance companies, family members, and administrative support staff also have access to records.  See written testimony for further information on privacy background; R-6; R-7; and other access concerns.

Cheryl Floyd, MSW                                   Executive Director, Pennsylvania Recovery Organization Alliance

PROA is a grassroots statewide recovery organization of 3,600 members that focuses on consumer protection.  Confidentiality is critical for people affected by addiction, who face stigma and discrimination that can translate into denial of medical coverage, life insurance, housing, employment, or access to training and education.  There are financial and humanitarian reasons to eliminate such stigma and discrimination.  Confidentiality is the cornerstone of the drug and alcohol bill.  The NHIN exposes more than medical information about people with addiction problems.  Information that is potentially damaging includes mental health problems, STD’s, HIV, domestic violence, GYN and surgical procedures, test results, etc.  It was noted that insurance companies continually request additional information in order to make decisions that should be made by providers.  Such information is protected by law (42CFR Part 2).

Many people suffering from addiction will not seek treatment if consumer files are posted on an NHIN; or they may provide partial or inaccurate information.  Some people would drop their insurance and access to public funds in order to protect personal information.  Other pitfalls include the possibility of:  medical decisions by hospital personnel based on outdated information; and stigmatization of people who have sought addiction treatment in the past.  Overall, the NHIN has the potential to expose sensitive information about an already vulnerable and stigmatized population.

Discussion     Providers need to know that an individual has an addiction in order to safely prescribe medication.  Dr. Taintor reiterated his support of state and federal protection laws.  Dr. Fagnant’s ideal medical information system would maintain a complete medical file but would only allow people to access specific information when needed while blocking access to all else.  It is difficult to determine what information is limited to which providers and non-providers.  Dr. Taintor recommended staying with R-6 and R-7 for privacy.  He believes that patients should make the decision about blocking access on R-7.  While the question comes down to “what do you need to know when,” a good EHR provides clinicians with the data they need in real time to make decisions.  Most concerns lie within the business side of medicine relative to handling data for non-medical purposes.  Ms. Floyd suggested that input be gathered from people who work in the field.  She reiterated concern about information breaches.  Ms. Wattenberg noted that patients are more threatened by uncoordinated care than by breaches or authorized disclosures that carry adverse implications.  Ms. Floyd did not concur with Ms. Wattenberg’s statement that patients are not fully informed of the full risks and benefits of withholding vs. sharing information.  Ms. Floyd and her colleagues are concerned about a potential change in confidentiality and privacy laws.

Dr. Tang believes that health care professionals need a uniform expectation about information they receive.  He suggested flagging “chunks” of information (e.g., mental health) rather than individual data elements.  If necessary, a provider could “break the glass” to access information for appropriate diagnosis and treatment while being held accountable.  The APA withholds judgment on this suggestion because how patients (who presumably have a choice to opt-in or –out of information-sharing) would react is unknown.  Ms. Floyd expressed a need for control over a break-the-glass process.  Who flags what and why was suggested as a topic for further discussion.  Mr. Rothstein expressed reservations about flagging from the patient’s point of view.  He suggested an alternative that would identify areas that are “automatic flags for everybody” that exclude some information from accessibility (e.g., psychiatric and substance abuse notes).  Dr. Fagnant added that beyond flagging, the physician should determine what information is needed at the point of treatment and the patient should determine whether s/he will allow that information to be made available.

Dr. Francis suggested that information be limited by time (e.g., older information would be eliminated or more protected).  Dr. Taintor mentioned diagnosis (with associated stigma) as a key concern as well as providers’ concerns about medication regimes (noting that federal confidentiality laws protect information that identifies a person as a substance abuser without his/her consent).  Dr. Fagnant does not believe that limiting information by time is a viable path.  Rather, identifying past providers is helpful as a filter or limiting mechanism.

According to Dr. Taintor, the Privacy Rule has worked well to date in relation to separate psychotherapy notes.  Mr. Rothstein wondered whether this provision’s lack of applicability to primary care physicians is problematic.  It was noted that as confidence in the NHIN builds over time, some reluctance to share information will dissipate.

Panel II                       Records in General and Emergency Practice

Brian F. Keaton, MD, FACEP             President, ACEP; Director, Emergency Medical Informatics, Summa Health System, Akron, OH

The American College of Emergency Physicians is the largest specialty organization in emergency medicine, with 24,000 members and 53 chapters.  ACEP is actively committed to the NHIN.  Complex issues faced by emergency care providers were described as was the role of the emergency department.  Patient control over confidential information must be balanced against a need for timely data that is available in emergency care situations.  Network operations should be consistent with current HIPAA rules and should include provisions that facilitate access for continuing care in emergency situations.  Consideration of patient control should be guided by:

  1. rapid access to patient data.  Security, identification and authentication, and patient control should facilitate the immediate release of electronic clinical records of emergency patients to certified clinicians.
  2. an assumption that patients who are unable to give permission for data access would do so, if able.  A break-the-glass policy is vitally important to enable authorized emergency clinicians to gain access to critical data, using presumed consent when necessary.
  3. trust that the data clinicians view is complete and truthful. If data are not accessible, the information system must conspicuously call this gap to the clinician’s attention.
  4. notification when patients refuse to provide access to some or all of their data.
  5. access to population-based data for public health needs including syndromic surveillance. An identified risk must link back from deidentified data to the indexed cases for the protection of those cases and the public.
  6. provisions that allow access to data critical to protect the patient and society from harm that could reasonably occur if such critical data were not disclosed.
  7. consideration for court liability risks inherent to the NHIN (e.g., liability to breaches of security or liability for failure to notice or correctly interpret issues hidden in newly available results or tests).

David C. Kibbe, MD, MBA                   Senior Advisor, Center for Health Information Technology, AAFP; Principal, The Kibbe Group, LLC

The American Academy of Family Physicians is one of the largest national medical organizations, representing 93,800 members.  AAFP views health information technology (HIT) as a way for physicians to redesign their practices to better coordinate patient care and provide ongoing quality improvement.  While it is anticipated that EHRs and EMRs will need to interoperate with personal health records (PHRs), there is widespread confusion and apprehension about who owns and accesses the data, when and under what restrictions.  A lack of answers to these concerns has become a “significant barrier” to use of HIT by physician members.  A comprehensive and uniform approach to privacy, protection of confidentiality, and security of personal health information is needed.  The Academy recommends four principles on which to develop such a uniform approach:

  1. the approach should apply uniformly to all persons, organizations, and entities that collect, store, manage and transmit health data.
  2. the patient controls access to specific content of his/her health record.
  3. limitations on the right to access or control must be clearly explained to the individual at the time of consent.
  4. serious penalties must be imposed for illegal disclosure of private and confidential information.

AAFP’s position is that HIPAA is flawed due to rapidly changing conditions such as the evolution of the Internet and Worldwide Web as vehicles for collection, storage, manage and transfer of personal health information.  PHRs will “boost the economic and clinical value of moving and exchanging specific data sets beyond static collections of data that providers and health plans privately format in their own databases.”

Michael Zaroukian, MD, PhD (via telephone)         ACP; Medical Director, Michigan State University Clinical Center, Internal Medicine Clinic

The American College of Physicians is the largest specialty society in the Untied States, representing 120,000 internal medicine physicians and medical students.  ACP strongly believes in the widespread use of HIT while recognizing that principles, procedures, and policies for electronic exchange must be developed.  Creating a level of standardization would reduce variability among states.  The College presumes that the NHIN will follow the federated model (patient data is stored only within the clinical system where it was generated) and that the NHIN will consist of registries of metadata that point to original data sources.  Individuals should be able to access their health and medical data conveniently, reliably, and affordably while having the capacity to review which entities and providers have reviewed their personal health information.  The College’s preferred model is for individuals to choose to have their entire record accessible through the NHIN or not, although this “all in-all out system is unrealistic” given existing state laws and policies as well as regional efforts.  As such, the College recommends that the NHIN considers role-based access models with a break-the-glass option for emergencies and specific privacy protections for psychotherapy notes.  Medications and allergies should be represented.  The source of health information should be identifiable (including an audit history of changes made to the data).  Records should indicate the restricted nature of (and reason for) missing data.

Questions arise about the patient restricted version vs. the legal medical record:  what are the treatment and accountability implications? Where do payers turn to adjudicate decisions and determine coverage or insurability?  A major concern is that a standard structure for encoding all privacy requirements and patient preferences does not exist.  There are also gaps in the availability of controlled terminology and the reference model to support the NHIN’s desired privacy and confidentiality features.  Models must be developed and tested prior to implementation to ensure adequate protection and appropriate access.  The ACP agrees with NCVHS that the level of protection on the NHIN should not be less than its current level although the inadequacies of a paper-based system should not be reproduced.  It was noted that physician acceptance of a patient’s right to withhold information will only last until the first malpractice suit is filed.  It is important to remain aware of emerging implications of improved access to clinical information.  Further discussion is warranted about medical, legal, financial and work flow implications as well as reimbursement requirements.

Discussion     A good first step to adequate emergency care treatment involves immediate access to a continuity of care record (CCR) and a break-the-glass feature.  A question arose about the feasibility of applying similar rules to primary care that currently protect patients treated by mental health or substance abuse specialists.  Dr. Kibbe believes that the overriding question is whether “we have lost control as providers or academic medical centers or even the government” because basic privacy and security rules do not apply to them.  Furthermore, special protections for certain kinds of information will eventually be overwhelmed by change.  Dr. Kibbe stated that protections in the mental health and substance abuse arenas should remain with the patient.  Dr. Zaroukian added that organizations should strive to protect information deemed important to guard but that information needed from specialties (other than psychotherapy) should be conveniently accessible.  Providers need permission to access anything that reflects a change in the clinical list (e.g., problems, medications, allergies, etc.).  While he had no strong objections to information access for primary care physicians, Dr. Zaroukian cautioned that the technology must allow for this and that education must be provided about data protection.

How much information is enough for a record to have value, even when some information is withheld?  While Dr. Keaton does not believe that physicians ever have all of a patient’s information, the responsibility of the NHIN is to let clinicians know when data is missing (regardless of the reason).  He said that CCRs provide adequate information for 99% of his clients.  Dr. Keaton emphasized the importance of context and noted that CCRs were designed to include information that would be useful to 80% of different-use cases.  Some providers find that CCRs carry more information than is needed.  CCR users are looking for ways to incorporate patient comments.  Dr. Zaroukian suggested a “second tier” approach of adding information incrementally (such as prior cardiac catheterizations or imaging reports), noting the benefits to the NHIN in terms of quality, safety, and efficiency.  He reiterated the notion that essential clinical lists are the core of the system (Dr. Kibbe added immunizations to the list).

Dr. Kibbe noted that in a CCR, metadata provides ways to obtain additional information.  Also, physicians will make inferences from the information they have.  It would be difficult for physicians to know a patient’s most sensitive information without asking.  Dr. Zaroukian noted that primary care and subspecialty providers may prioritize medical information differently.  While clinical lists are essential, others would place high importance on past medical or social history.  As long as providers respect confidentiality laws and audits are performed, “we can be a little bit less strict about what goes in or what goes out.”  Providers with access to the records would include those with “reasonable cause,” including providers responsible for improving the system’s or clinic’s quality of care and efficiency.

The definitions and use of the terms “CCD” and “CCR” were further delineated.  Balancing the needs of patients with those of society (that benefit from deidentified data) was reiterated as was the ability of providers to trust data in the files.  Emergency room physicians require a health information exchange system for day-to-day patient care.  Dr. Keaton noted that emergency physicians need to know about altered mental status (e.g., are they dealing with psychiatric illness, substance abuse, metabolic or structural issues?).  While it would be “reasonable” to create a generalized exclusion for emergency physicians that allows for access to broad information available in a RHIO or the NHIN, information needed would depend on what the patient was being treated for.  As such, a break-the-glass function could serve the same function.  The system should allow ER physicians to track and explore sensitive areas of patients’ files that might not on the surface seem justifiable.

Dr. Keaton recommends that the treatment of privacy, confidentiality, and security be built into a quality assurance process that crosses all facility departments.  In light of the fact that most care is ambulatory, the importance of noting errors, impact, and harm done during routine care was emphasized.  A break-the-glass policy can prevent adverse scenarios that reach the press and create general distrust of the NHIN system.  The AAFP recommends that “you don’t be afraid to…fix HIPAA” to ensure consistent privacy and security obligations that protect everyone.

Panel III                      Entities Experienced with Consumer Controls

Victoria McBroom Prescott, JD          General Counsel & Business Development Specialist; Regenstrief Institute, Inc., Indianapolis

The Indiana Network for Patient Care (INPC) is a virtual health information exchange (HIE) formed in 1997 that covers 1.6 million people in central Indiana (25% of the state).  The network reuses data for treatment purposes, research, public health, and health care operations such as quality improvement.  Patient consent is not required and Indiana state laws are favorable to HIE.  Note PowerPoint presentation dated 4-17-07 for information about: how INPC is structured; data models; global patient index; limited access; and the legal structure or administrator of the system – the Regenstrief Institute.  The Institute is a business associate on behalf of covered entities that deidentifies data for research and public health purposes.  INPC participants agree about access and privacy and security constraints, the particulars of which were mentioned.  Providers decide what data to send to INPC and whether to grant patient requests to restrict their data (noting that most providers do not grant patient restrictions).  Post-HIPAA, INPC participants no longer require patient consent.  On the rare occasion that a hospital grants a patient’s request for data restrictions, no patient data is shared between institutions (see transcript for further elaboration).  Difficulties in implementing restrictions hypothetically include state laws restricting HIV test results or information about such things as test counts that indicate positive status; transcribed text reports; and medications.  However, a patient who blocks information about a sexually transmitted disease may not realize that his/her symptoms are related to that condition and important to convey for treatment purposes.  Data restrictions can lead to increased costs as well as a negative impact on patient care, research, and healthcare operations.  Data restrictions require a balance of individual rights with the needs of the whole health care system and the ability to pay for and sustain that system.

Joy Pritts, JD                                       Center on Medical Record Rights and Privacy, Georgetown University

Ms. Pritts was asked to speak about a paper she co-authored with Kathleen Connor, entitled “The Implementation of E-consent Mechanisms in Three Countries: Canada, England, and the Netherlands [subtitled “The ability to mask or limit access to health data]” (the paper can be downloaded at: This work came out of SAMHSA, which remains involved in the interpretation in the federal law addressing confidentiality of health information related to people seeking substance abuse treatment.  “Consent” and “consent mechanisms” were defined.  Treatment was examined at the provincial level.  All three countries have a form of universal health care with much funding from governmental entities (see transcript for further elaboration).  The three countries follow the European Union Privacy Directive, which mandates implied consent to disclose health information for treatment purposes along with an opt-out option.  These countries have electronic support that uses coding data for patients, who are in control of their health information for treatment purposes.  Masking of data is done at different levels in different countries (see transcript for details and examples).  In the Canadian provinces of Alberta, British Columbia, and Ontario, a sample of only 508 of 1.5 million people fully withheld consent.  The ability to withhold data is “quite easy” with computer access because forms are available on-line.  The English system is based on a nationwide database (note “Sealed Envelopes Briefing Paper” [December 2006], the most recent iteration of consumer input about controls).  While controversial, this system allows citizens to opt out (fully or partially) of sharing their record (see transcripts for specifics).  An alert system is in place.  In the Netherlands, a document locator system has a limited ability to seal information based on limiting access to specific providers (see transcript for specifics).  Holland uses provider identification and different levels of authority.  Changes occur on a daily basis in the aforementioned countries, which give their citizens “a lot of degree of control over their health information.”

Discussion       The Access Control portion of Ms. Pritts’ and Ms. Connor’s paper touches briefly on logging file access.  The ASPE is looking into the logging issue.  The Regenstrief Institute, with a full audit trail that reviews logging, has never received direct person inquiries.  In England, “Caldicott Guardians” (akin to Privacy Officers) conduct intermittent audits.  In Indiana, mechanisms in the system disclose serious breaches to all INPC participants.  Ms. Prescott noted the challenge of establishing an algorithm to address unusual access occurrences due to the difficulty of figuring out what types of hits are inappropriate.  Because the system is so “locked down,” she stated that it is “very unlikely” that anything would occur.  When an entity joins INPC, it provides a range of IP addresses and a list of authorized physicians that is continually updated. INPC does the mapping to its global provider.

In response to Dr. Tang’s question about the results of international pilots and experiments, Ms. Pritts noted an underlying assumption that providers never have all of a patient’s information. Dr. Francis wondered whether decisions were ever made to never send data rather than send data with restrictions.  Ms. Prescott is not aware of information that does not make its way into the system.  INPC receives 99% of hospital care data and more than one third of ambulatory care data (noting that not all providers have EMRs, in which case an HL7 would be sent).  She reiterated that INPC receives direct feed information from a variety of systems.  In order to deliver that information to providers, INPC must receive the most comprehensive data possible.  When this cannot happen, the patient will be taken out of the system.  While INPC might receive more data than “anybody in the whole country or world, probably,” it still does not have “all” the data.  Asked about mistaken information that enters the system, Ms. Pritts stated that patients review their summary care record information before they are uploaded into the nationwide system although it is not clear (in England and the Netherlands) what providers do to correct information.  Ms. Prescott added that the INPC, which has helped to identify some errors, has ways to electronically amend data.  Data entry problems are typical but not widespread.

In response to Dr. Cohn’s questions about how “tight” data access is, Ms. Prescott delineated INPC’s recently approved process that allows for a patient’s record to be available for a limited time in a physician’s office (to allow a treating physician to review lab results of patients not currently hospitalized).  Pharmacies and labs that contribute data do not have direct access to data and payers are very limited with respect to what they can access.  INPC is in the process of rolling out the Quality Reporting Project which examines 26 quality/performance measures of individual physicians (see transcript for elaboration).  It was noted that INPC is predominantly funded by grants although hospitals and labs pay INPC to deliver lab results to physicians in the system.

With regard to research, patients are informed by participating INPC hospitals that their information is used for research purposes (INPC is even “more protective than HIPAA”).  Ms. Prescott noted that it would be costly and a liability risk to change the data entry process.  Ms. Pritts stated that while providers in other countries face many of the same issues, philosophies differ.  In England, for example, the system assumes that the patient will make the decisions about appropriate care and about information sharing even as they debate similar challenges about patient care and secondary use of information for research.  Because most data in the countries mentioned are presently in paper format, the benefit of masking vs. withholding data is that masking allows providers to use the data.  Ms. Pritts clarified that while the U.K. uses a centralized data system, it also uses detailed care records that hold additional information at the local level.

Ms. Prescott is not aware of psychotherapy or substance abuse notes being put into the INPC system (the INPC agreement stipulates that such notes will not be included).  Challenges arise with dual use facilities that withhold other data along with substance abuse and psychotherapy information.  Ms. Prescott would like a SAMHSA-sanctioned ability to parse substance abuse records from other records at the same facility.  Ms. Pritts said that in general, in the cultures she studied, all health information is treated the same, including sensitive data like psychotherapy notes (the patient decides what goes in the records).  In these systems, it is difficult to avoid fraud and abuse detection because information goes automatically from the pharmacist to a central reporting database without any control authorization from the patient.

A discussion ensued about provider data silos and data exchange.  A direct download from HL7 to INPC does not occur.  Such information could be printed out for physicians to view for a period of time.  Ms. Prescott would like to have integrated and interoperable systems.  There was some discussion about pre-HIPAA consent forms.  Ms. Pritts recommended a review of the AHRQ-funded 34 state survey on privacy and security practices and policies.

Public Statements

No public testimony.

Subcommittee Discussion

A closer look at the AHRQ multi-state survey was suggested.  The pragmatic slant of today’s hearings was lauded.  Dr. Francis thought that consensus about a skeletal continuity of care record (CCR) that considers sensitive information issues could serve as the basis of a recommendation to the Secretary.  Such an “architecture” would contain automatically available information that would further patient care objectives but not expose, for example, mental health diagnoses.  Mr. Rothstein noted greater recognition by providers that a complete record is not necessary at all times despite the fact that many health information exchange business models are based on an ability to deidentify and sell total records.  Ms. Bernstein and Dr. Tang expressed reservations about using a summary record like that in the U.K.  While it might work for ER and perhaps family physicians (99%), it would not serve a broader coordination of care that includes chronic disease management.

Consensus was noted about access limitations and about information needed, for example, in an ER when there is no opportunity for consent.  Consensus should be built in from the start that is administered by a provider who is directly involved in the patient’s care, that uses a break-the-glass model for patient safety.  Mr. Rothstein wondered if any off-the-shelf systems automatically generate and update the CCR.  Further, how does misinformation get traced and corrected?

Mr. Reynolds thinks that a logical way to proceed is to begin with a “core” (the whole record).  He recommended that the Subcommittee hold a hearing with some of today’s presenters to build a “business-type architecture” (as opposed to a “systems architecture”).  Can such an architecture work and what does it mean?  Mr. Rothstein suggested that this may be outside of the purview of the Subcommittee while Mr. Houston stated that specificity is important because “people are really looking for guidance on this particular issue.”  Dr. Francis recommended starting with a very limited list of information that providers would receive in an ER while the remainder of a patient’s record would be negotiated on a consent or emergency break-the-glass basis.

It was noted that CCR is a necessary but not sufficient response.  A process that develops rules and regulations to handle data access was recommended along with ways to determine where certain data types should be made available (e.g., specific use cases such as ER physicians when a patient is unconscious).  Ms. Bernstein mentioned a standard with seventeen categories that is currently in use.  She recommended that the Subcommittee uncover existing standards groups that are already working on these issues.

A discussion ensued about where to get additional input.  A side issue was raised about the increase in popularity of claims-based records and their implications for diagnosis.  The importance of what the individual perceives to be sensitive information was reiterated.  Ms. McAndrew reviewed the “battle” between mental health providers and payers about what information must go to payers to support claims.  Ms. Bernstein added that sensitive information comes in many forms, including location for domestic abuse victims.  Ms. Wattenberg suggested a review of the forthcoming HCPC (Health Care Payers Coalition) paper as well as input from the AHIC privacy and confidentiality group.

The industry as a whole has no clear structure when dealing with privacy.  As such, facilities are making individualized decisions.  Mr. Reynolds pointed out that no one is operating at the level between theoretical and operational.  Several thought that it would be better to have an imperfect set of recommendations than to have none.

Note further elaboration in written testimony of panelists, dated April 17, 2007.

See official transcript for full Subcommittee discussion.