[This Transcript is Unedited]





April 17, 2007

Hilton Embassy Row Hotel
Washington, D.C.

Proceedings by:
CASET Associates, Ltd.
10201 Lee Highway, Suite 180
Fairfax, Virginia 22030

Table of Contents

P R O C E E D I N G S (9:15 a.m.)

MR. ROTHSTEIN: Good morning. My name is Mark Rothstein. I am the Director
of the Institute for Bioethics for Health Policy and Law at the University of
Louisville School of Medicine. It is my privilege to chair the Subcommittee on
Privacy and Confidentiality of the National Committee on Vital and Health
Statistics. The NCVHS is a federal advisory committee made up of private
citizens, to make recommendations to the Secretary of HHS on matters of health
information policy. On behalf of my colleagues on the subcommittee and our
staff, I want to welcome you to today’s hearing on “Consumer Controls
for Sensitive Health Records”.

I believe we are being broadcast live on the internet and I want to welcome
our internet listeners as well, and also the people who are going to be calling

We will begin with introductions of the members of the subcommittee, staff,
witnesses and guests. Subcommittee members should disclose any conflicts of
interest, others need not do so. I will begin by observing that I have no
conflicts of interest.


MR. HOUSTON: John Houston with the University of Pittsburgh Medical Center.
Member of the Subcommittee, as well as the Committee, and I have no conflicts.

MR. REYNOLDS: Harry Reynolds with Blue Cross and Blue Shields of North
Carolina. Member of the Subcommittee, member of the Full Committee, and I have
no conflicts.

MS. WATTENBERG: Sarah Wattenberg, Substance Abuse Mental Health Services

MS. McANDREW: Sue McAndrew, Office for Civil Rights, privacy liason to the

DR. TANG: Paul Tang, Palo Alto Medical Foundation, member of the
Subcommittee and Committee, and no conflicts.

MS. FLOYD: Cheryl Floyd, Executive Director of the Pennsylvania Recovery
Organization Alliance. There is no conflict.

MS. CHAPPER: Amy Chapper, Centers for Medicare and Medicaid Services. Staff
to the Subcommittee.

DR. FRANCIS: Leslie Francis. I am a law professor and a philosophy
professor at the University of Utah. I am a member of the Subcommittee and the
Full Committee and I have no conflicts.

DR. COHN: I am Simon Cohen. I am Associate Executive Director for
Kaiser Permanente. I Chair the Full Committee and a member of the Subcommittee
and I have no conflicts.

MS. BERNSTEIN: I am Maya Bernstein. I am the lead on privacy policy in the
Office of the Assistant Secretary for Planning and Evaluation. I am lead staff
for this Subcommittee.

(Audience introductions).

MS. HORLIK: (on phone) Gail Horlick, staff to the Subcommittee.

MR. ROTHSTEIN: Anyone else? Dr. Fagnant.


MR. ROTHSTEIN: Can you just introduce yourself briefly?

DR. FAGNANT: Yes. Dr. Bob Fagnant, fellow of ACOG, College of Obstetricians
and Gynecologists. Currently living in St. George, Utah and employed at this
time by Intermountain Healthcare and have previously been in private practice
for 19 years.

MR. ROTHSTEIN: Thank you. We will ask you for your testimony shortly. This
afternoon from 2:45 p.m. to 3:15 p.m., members of the public may testify for up
to five minutes on issues related to the topic of today’s hearing. If you
want to testify, please sign up at the registration table.

Invited witnesses have been asked to limit their initial remarks to 15
minutes. After all the witnesses on a panel have testified we will have time
for questions and discussion. Witnesses may submit additional written testimony
to Maya Bernstein within two weeks of the hearing. I would request that
witnesses and guests turn off their cell phones and any other electronic
devices that could interrupt the hearing. Also, because we are being broadcast
over the internet and recorded for transcription, I would ask members of the
subcommittee to speak clearly into microphones and remember to turn them on
when you speak.

To introduce the topic of today’s hearing I want to refer the NCVHS
letter to the Secretary Levitt of June 22, 2006. Our letter on privacy and
confidentiality and the nationwide health information network. The following
two recommendations dealt with the topic of today’s hearing. R6; HHS
should access the desireabliity and pleaseability of allowing individuals to
control access to the specific content of their health records by the NHIN, and
if so, by what appropriate means. Decisions about whether individuals should
have this right should be based on an open, transparent, and public process.

R-7. If individuals are given the right to control access to the specific
content of their health record by the NHIN, the right should be limited, such
as being based on the age of the information, the nature of the condition or
treatment or the type of provider.

In this hearing, we hope to promote the “open, transparent, and public
process to which we referred in R-6”.

In addition to the June 22nd letter to the Secretary, I want to
call attention to specific provisions of the privacy rule. In particular,
section 164.50882, which provides an authorization required for any use or
disclosure of psychotherapy notes, defined in section 164.501 as quote,
“notes recorded in any medium by a healthcare provider who is a mental
health professional documenting or analyzing the content of conversation during
a private counseling session or a group, joint, or family counseling session
that are separated from the rest of the individuals medical record”.

This is the only provision of the privacy rule setting out separate rules
for a sub-class of health information. Among the questions raised from this
provision are whether it is too narrow because it does not apply to mental
health or other sensitive information maintained by primary care or other

It also raises the broader issue of the feasibility and desirability of
isolating, or otherwise applying separate rules to different types of health
information. These later issues are distinct from but related to the issue of
patient control of health information.

I know I join my colleagues on the subcommittee in expressing our
appreciation for witnesses appearing today to enlighten us on these issues.

Without further ado, I would like to ask Dr. Fagnant to present his

Agenda item: Panel 1 – Records in Speciality
Practice -Robert Fagnant, M.D.

DR. FAGNANT: Thank you for inviting the American College of
Obstetricians and Gynecologists to testify. ACOG has not yet fully settled on
answers to the questions posed by recommendations six and seven and because of
this our statement must be more general than specific. You should have some
written testimony in front of you, and I will speak not directly to that but on
some of those issues.

We would like to be kept informed and will assist when possible as NHIN
takes shape. Movement from paper to electronic records has the potential to
improve patient safety, to increase efficiency in services delivered by
minimizing duplication between providers and to reduce paperwork in medical
offices. The need for electronic health records is exasperated by the
staggering fragmentation of our healthcare system.

When considering any medical record system, please remember that the
patient wants the medical professional to heave instantaneous access to all the
necessary information. This is not a dream for the future but is a current
expectation of many people. Complications arise of course, when the same people
do not want this information available to anyone else.

Medical professionals are expected to put on some sort of data blinders so
that they can only notice information that is important problem at that time.
ACOG holds patient privacy and the confidentiality of the patient’s
medical record in very high regard and respects the fundamental right of an
individual patient to make their own choices about her healthcare.

ACOG supports the prior recommendations of the subcommittee, to allow
healthcare providers to continue to store information according to the method
of their choice. Because of ACOG’s commitment to representing women, we
believe that the provider should not be able to a condition treatment or an
individual’s agreement to have her health records accessible via the NHIN.

The ability of the patient to delete information entirely raises strong
concerns, even to the point of invalidating the entire record from the
physician’s perspective. The patient is not always able to determine which
information is important.

Moving patient data to electronic form does not take away the
physician’s responsibility and obligation to inform a patient not only
what the data means, but also how that data could be used.

I have no further statements now but I would like to personally let
everyone know that I have been involved in the aspect of implementation and use
of electronic health information from selecting a system for a small specialty
office when I was in practice in Wyoming, as well as being on a task force for
the State of Wyoming, working on a systemwide program in that state. Currently,
I am employed by Intermountain Healthcare in Utah, and using access to their
entire system.

I appreciate the chance to represent ACOG. I will stay on line and answer
questions when you feel appropriate. Thank you.

MR. ROTHSTEIN: Thank you very much. I am sure we will have some questions
for you. I appreciate that testimony.

Now I’d like to ask Dr. Taintor to proceed with his testimony.

Agenda Item: Zebulon C. Taintor

DR. TAINTOR: Member of the committee, I am Zeb Taintor, I am a practicing
psychiatrist. I am a member of the American Psychiatric Association on the
Committee Electronic Health Records. I am also a professor of psychiatry –
not serving currently as the vice-chairman at the New York University School of
Medicine. I am the president of the New York County Medical Society, which is
the countries largest county society as part of the medical society in the
state of New York, where I chair the Health Information Technology Committee
and task force. We are currently enjoying $9 million funding from the New York
State legislature.

The Psychiatric Association is delighted to have a chance to testify on
consumer controls for sensitive health records. We are the oldest medical
specialty society, representing more than 38,000 psychiatry physicians
nationwide. Our members both, set great store by electronic health records and
very much favor them because they are settings in which they absolutely
indispensable – particularly for handling people with chronic mental
illness. On the otherhand, there are some people in isolated private practices
who are unlikely to the requirements for electronic billing. We are all over.

Large multi-specialty groups, emergency departments, in-patient settings.

We have been particularly concerned as was mentioned in the introduction,
with the issue of psychotherapy notes. We think that carefully structured
health information technology systems – not necessarily a national data
bank – would be great for improving the overall quality of care and
efficiency. I think it will help convert the medical record from a record of
past deeds in which a group which I was involved in a contract to look at what
was the record used for and by and large, it was used by people who would not
get to the patient. Some people who could get to the patient, went to the
patient. I think with electronic health records we will see the record become a
forward planning much more dynamic document.

I think the privacy issue in particular, is critical because of on-going
stigma in equity and insurance coverage. The sanctity of psychotherapy notes as
mentioned, that goes back to 1996 where the Supreme Court, Jaffe versus
Redmond, established an absolute privilege in federal court for information
disclosed by patients to their psychotherapist – which is similar in
nature to the attorney/client privilege.

The Supreme Court said, effective psychotherapy depends on an atmosphere of
confidence and trust, for this reason the mere possibility of disclosure may
impede the development of the confidential relationship necessary for
successful treatment.

The U.S. Surgeon General, in 1999, in the mental health to the Surgeon
General, wrote, the courts language in the decision in creating a
psychotherapist privilege in Federal Court, appears to leave little doubt that
there is full-out legal protection for the principle of confidentiality. He
concluded, both willingness to seek help in contingent upon their confidence in
personal revelations and mental distress will not be disclosed without their

We think that any provision for a national health information technology
system, must acknowledge these finding and ensure confidentiality. The
privilege established in Jaffe, underlines the importance of the
psychotherapist/patient relationship and encourages individuals struggling with
mental health issues to seek treatment, and therefore the fundamental and
indispensable component to take care.

I think the lay impression is – well, the way this is going to be
carried out is that patients will have electronic health records and there will
be therapists scribbling notes on the side. I think the reality is that many
systems insist that they be paperless and the notes will be stored as
mentioned, in whatever medium they are recorded should be kept separate.

I think the other thing that is important in terms of the history of
privacy is the HIPPA 1996 none pre-emption requirement that ensures that the
state laws, which are more protective of privacy than HIPPA’s basic
requirement, are not voided. The non-preemption is an essential feature of
HIPPA and any uniform federal standards should maintain that all existing state
protection continue in order to provide for strongest possible protection of
privacy and avoid any loss of privacy protection that currently exits.

Effective treatment and behavioral health, as well as other disciplines,
requires that patients share sensitive information; sexual history, drug use
history, and if confidentiality cannot be assured patients will be reluctant to
share information that is critical to their care. I think we all know, if we
develop a relationship with a patient, it often takes them several visits to
tell us what is really bothering them and to fill in key parts of their

The notion that anyone can get a hold of this information – and I am
not just talking about psychotherapy notes here – I’m talking about
medical problems in general, would be objected to by a significant percentage
and indeed there is a recent Harrod(?) interactive poll that found that 17
percent of patients withheld information from their healthcare provider because
they worried the information might be disclosed. Even ahead of that is the
question, do you think that the person you are talking to is going to respect
what you are saying and worth divulging your confidence.

Last year the GAO released a report on request of the Senate Finance
Committee, Chairman Charles Grassley highlighting – quote,
“significant weaknesses in electronic access controls and other
information systems controls within HHS and CMS”. That report was called,
“Information Security – Department of Health and Human Services Needs
to Fully Implement the Program, VIO 06-267, concludes that the medical and
financial privacy for Medicare and Medicaid and other programs are vulnerable
to fraud and abuse. The report cites an insufficient information security
program and inconsistent implementation as the key reasons for the security

The other dimension of this is strict safeguards and guidelines are
meaningless without vigorous enforcement mechanisms. There is no way of
mitigating the risk associated with the loss of health related information.
Breaches in the privacy of sensitive medical data, including that relating to
mental health and substance abuse disorder treatment, can have significant
personal and professional consequences. Even the possibility of privacy
violations erodes an individual’s expectation of confidentiality and
medical encounters and the undermines the sharing of medically essential
information with ones physician. Apologizing and making improvements once data
are lost is not a sufficient response.

Though we have to enforce existing privacy rules and all electronic storage
transfer of information must rigorously protect the privacy of patient’s
personal information.

Just to editorialize for a while, you all read I am sure, about the
Wellpoint and MaGellen loss of a CD containing a great deal of data on 76,000
patients. It was lost in January. When the requirement that it be divulged had
to be exercised there was a nice article in the New York Times, unfortunately,
a day later, the news that it had been found by these people who were
renovating an audio system in Philadelphia. It had been delivered to them and
MaGellen sent a couple of security guards, they recovered the disk, so far no
harm done. But we also know about the agonizing over the laptop containing the
VA data. These things have become so routine that the other week when data on
2.9 million people from the state of George was lost it got only three-quarters
of an inch in the New York Times’ national briefings. At the same time, we
have to ask ourselves where is the news of the criminal inditements of people
who are playing such fast and loose games with the data.

Back to my prepared testimony here. We have a lot of opportunities for
success with health information technology system and I think the important
thing is to make sure that privacy doesn’t bring us up short.

To address R.6 text, as which you know, our comment is patients may
withhold information if they feel if would be easily accessible in a regional
or national network. For example, in the 2005 National Consumer Health Privacy
Section survey, 13 percent of patients engaged in behavior to protect personal
information. In the 2006 Health Industry Insight Survey, 33 percent site
medical information accessible on the internet as a primary reason for feeling
less comfortable about sharing information with primary care providers.
Previously stated, the 2007 Harris Interactive Poll found that 17 to 21 percent
of patients withheld information from their health professionals because they
worry the information might be disclosed.

We believe the more severely ill the patient the more likely he or she was
to withhold information. Given individuals some degree of access control would
help to encourage a relationship of trust and may make patients less likely to
withhold information from health care professionals.

We support recommendations that pertain to the ability to have granular of
patient’s input on privacy and access control. Meaning that the patient
would have control over specific elements or parts of his or her electronic
health record.

This includes patient control of access to the personal health record,
using the personal health record as one possible method to communicate access
preferences at the data element to others holding data about them. Audit and
logging exchange and developing an access control vocabulary. The ability of
patients to control data access to the data element level is particularly
important because individuals will have different perceptions about the
sensitivity of specific elements of medical information.

I think it is also important that providers don’t know what this would
be. To editorialize again, we know that identity theft is a continuing problem.
Perhaps stable, but medical identity theft is on the rise and it is very
difficult to know what really matters to some people or what will matter to
other people who are trying to get a hold of data about those people.

Although electronic health records introduce new risks we believe the
potential way out-weighs the risks as long as there is advanced protection. It
is odd that we talk about the ability of the electronic health record to do
many things and yet, to keep track of some of the issues that we are raising
seems to be too much trouble. We think it is worth the trouble.

We would point out that the data in electronic form can be disseminated
very rapidly, very easily, and I think that we are going to be debating this
for some time.

Now, R-7 deals with if individuals are given the right to control access to
the specific content of their health records, via the National Health
Information Network, the right should be limited such as being based on the age
of the information, the nature of the condition or treatment, or the type of

Our comment on that is in order to provide the best care physicians need a
complete picture of potentially relevant clinical details. We all agreed on
this and that may include information about medications, hospitalizations,
surgical procedures, past or current diagnoses.

In addition, information about employment, family illness, legal problems,
financial difficulties, inter-personal relations, life stressors can be equally
important for clinical decision making. For a variety of reasons, including
concerns about information privacy, patients are often reluctant to share such
details. So physicians and patients need an open and trusting relationship. We
think that this is essential regardless of the age of the information, the
nature of the condition or treatment, or the specialty of the physician.

For a physician to illicit key and clinical information while
simultaneously building trust with the patient is not new, in the current
paper-based world it is easier for patients to withhold information simply by
intentionally or unintentionally not mentioning something.

In a open clinical relationship physicians can explain to patients the need
for a complete clinical picture and when the record is under the physicians
physical control the physician can convey a more honest statement about who can
have access to the information. Unless individuals are given the right to
control access to specific elements of their electronic health information
patients and physicians will be more uncertain about the potential for broader
dissemination of health information. This uncertainty in the associated sense
of uncontrollability will hamper efforts to maintain patient trust and deliver
quality patient care.

Although some individuals have expressed some concern, the patient
restrictions on information access are going to hamper care by impeding
knowledge of key medical information. I think the opposite may actually be
true. Patients may feel more comfortable sharing personally sensitive
information with physicians if such access controls are in place.

In additional, electronic system could have advantages in terms of
integrating clinical information across physicians and health care setting. The
sure access to clinically essential information under emergency conditions a
flag may need to be displayed when physician access to information is

In case of an emergency where rapid access to information may be essential
and the patient may not be able to give consent a sort of a “break the
glass” feature for accessing the information should be available. That is
even with patient controlled access information could actually become more
available to physicians with an electronic system.

We have some other access concerns. With any type of access there may be a
chance of patient mis-interpreting findings, being distressed by seeing results
without an accompanying interpretation by a clinician. It may be necessary to
block some results from view until clinical interpretation and discussion can

For example, in addition to consumer friendly technology translation they
need to include information indicating distinctions between lab values that are
slightly outside the normal range and grossly abnormal findings. The
distinctions is often not clear on lab reports and could be subject to
mis-interpretation by those without medical training.

While any system should have provision for an audit trail of all transfers
of information and all accesses to protected information, access laws need to
include detailed information such as the role of the person who accessed the
information, the reason for the access to be meaningful to the patient.

During the course of the treatment, individuals with whom the patient is
not familiar can legitimately access information such as professional staff and
outpatient medical offices who need to record vital signs or other medical
data. Physicians providing cross coverage in the in-patient setting – they
need to check a patients laboratory result – would not need to contact a
patient unless the result were abnormal in patient dietician, pharmacy staff,
et cetera.

Regardless of the level of trust between the physician and the patient,
patient’s reviewing access logs would not necessarily recall and recognize
such individuals. Probably would not recall all of the nursing staff or
consulting physicians who provided care during a hospital stay. This may
endanger patient trust to the system if not properly explained.

Of course to editorialize again, this might help patients understand their

It is important to note that individuals other than clinicians can have
access to information on a national network, such as insurance companies,
family members and administrative support staff. I think this hilights the need
for advanced protection. Electronic health information is reduced to all or
none sharing rather than allowing for granular access and sharing. Those with
potentially sensitive conditions will either have to give up their privacy
altogether or be unable to benefit from the advantages of electronic exchange.

In conclusion of my prepared testimony, I think we are balancing this. We
appreciate the effort and I think that the important thing is to engage in a
continuing discussion that involves a very wide range of people.

Going beyond what has been given to you, I would point out the experience
of the National Health Service in Britain, in which the Guardian
published last November a survey showing that 54 percent of the primary care
physicians did not want to put data in their proposed national information
health system. The Guardian carried a number of editorials suggesting
that in terms of the opt-in/opt-out provision, that patients should all

We discussed this at a New York State Summit – the type we have every
two or three months – in January we met on Privacy. We concluded that
because of this and other issues, we were not going to have a single state-wide
patient identification number, contrary to New Jersey, which is going that
route but still has the opt-in/opt-out.

One of the things presented at the New York meeting was a survey of
physicians that said, understandably the physicians want all the data they can
get on every patient that comes to see them. But I think when you ask that
question of physicians, as we have had occasion to do subsequently, you say,
well, what if the patient is not going to come and see you again because of
their concerns about what has happened to the data recorded at the first visit.

Then, of course, we all want to treat patient’s problems and help them
get over their illnesses. We don’t want to lose them. We don’t want
electronic health records and loss of privacy to be an occasion for losing
patients. Rather than have the patient opt-out of treatment or opt-out of the
system entirely, I would prefer to see the sort of granular access that the
Psychiatric Association is recommending today.

I would be happy to answer any questions.

MR. ROTHSTEIN: Thank you very much. I guarantee we will have questions at
the end of the panel. Before calling on our next witness, I want to thank you
especially for coming on very short notice. Ms. Floyd stepped into the breach,
I am told, with like 24 hours notice.

MS. FLOYD: Less.

MR. ROTHSTEIN: Less than 24 hours notice. We appreciate your efforts and
look forward to your testimony.

Agenda Item: Cheryl Floyd

MS. FLOYD: Thank you. First I would like to thank you for inviting me today
to testify to the committee. Your invitation that you have extended to me shows
me your commitment to get consumer input as far as privacy and confidentiality
regarding the NHIN.

As the Executive Director of a grassroots state-wide recovery organization
and a adjunct professor, I am here today to speak on behalf of the recovery
community in Pennsylvania. We have 3600 members in our organization. All of
them strive very hard to help support families and individuals in recovery. So,
when this issue came across my desk yesterday I found it very important not
only to myself, but to our members.

Consumer protection is paramount to the work that we do as we strive to
help individuals improve the quality of their life. Their needs and safety must
always drive our work. Gaining access to critical information in achieving this
goal is often important in making sound decisions of support in a person’s
healing and growth. In many instances information is definitely power.

In the addiction field, when you begin to explore sharing of information by
records, et cetera, you must address the critical role of confidentiality. It
just cannot be overlooked.

Let me tell you a little bit why I believe it cannot be overlooked. As you
had spoken just a few minutes ago, people affected by addiction and other
disease often face stigma and discrimination that the general public does not
experience. The negative connotation associated with being an addict or an
alcoholic often have damaging and long-reaching effects.

Even people with years in recovery still find themselves being denied
medical coverage, life insurance, housing, employment and access to training
and educational programs.

The Federal and State Confidentiality Rules, together, work to remove some
of the negative incentives and to minimize stigma experienced by people who are
addicted but we still have a long way to go.

Families and addicted persons alike, are often embarrassed and ashamed and
see untreated addiction as an evidence of them failing as a parent or as a
family – or even a spouse. Even when existing privacy protections, many
people with addictions stay out of treatment even years after the problem has
been identified by doctors, family members, et cetera, because of their fear of
stigma and being labeled.

Substance Abuse and Mental Health Services Administration 2001 National
Household Survey on Drug Abuse identified nine reasons why people with
untreated drug and alcohol problems stay out of treatment. Three of the nine
factors chosen by 48 percent of the people that responded involved stigma and
discrimination and embarrassment about their disease.

At the same time that stigma keeps people out treatment, research has
conclusively demonstrated that people with untreated addiction increase the
cost of health care for drug and alcohol related incidents and illnesses,
increased cost in work place, accidents, absenteeism, disciplinary problems, et
cetera. I am sure I am not telling you anything new.

In addition, many people who have untreated addiction deteriorate to the
point where they end up in criminal justice system. Which definitely costs us
in the long run.

So for many reasons, financial and humanitarian, I think it is really in
the interest of the committee and of the government, to minimize forms of
stigma and discrimination. People should not be treated differently because
they have a disease.

Confidentiality is and continues to be cornerstone for which the drug and
alcohol bill has been built. This regulation has afforded us the opportunity to
treat hundreds of thousands of people that might otherwise not have been able
to get treatment for this horrific and destructive disease.

When an individual seeking help for his or her addiction is informed that
the information that they share is protected by federal and state
confidentiality law, it opens the door for them to share some very painful and
very private information that can be critical in their recovery process.

Through this process of exposing their pain and destruction through their
disease of addiction, they make room in their lives for the knowledge and
skills critical to sustaining their recovery. Those affected by the disease of
addiction often spend most of their lives living in fear. Fear of being
exposed, of being arrested, of being stigmatized, of losing their job or family
or even their lives. If these fears are not minimized with protection afforded
by the present confidentiality regulations, how can we expect them to expose
information critical in helping them find and sustain recovery.

When a person seeks treatment for addiction they go through an extensive
assessment process called a bio-psycho assessment. This assessment covers every
aspect of an individual’s life. It is very, very intrusive. It looks at
medical history, education, family, criminal, and employment history, sensitive
information on addiction and previous treatment experiences, mental health
disorders, physical, sexual, and emotional abuse, it goes on and on.

A lot of this information is pertinent to helping the person through the
treatment process and through recovery but it is also potentially embarrassing.
This information is included in their file. It is really detrimental for many
clients to have this information exposed. It is very difficult to share this
information in a one-on-one interview with an assessor, let along know that
that information could be made available through there records.

When you talk about a person making medical information available through
NHIN you will be exposing a considerable amount more for people that have
addiction problems. It won’t just be medical information. You will pretty
much be exposing their whole life. I do hope that you take into consideration
through decision-making process.

Just as spoken already this morning, people who have addiction history have
major concerns that other consumers would definitely have, too. People with
mental health problems, people that have a history of STD’s, HIV, domestic
violence, et cetera. There is a lot of information that is going to be shared
– even for women in particular. You are talking about gynecological
information, cervical procedures, testing results, et cetera.

That information could be potentially damaging and very upsetting for
individuals. So again, we do hope that you take that information into

I need to talk a little bit about the coordination of information. Anybody
who works in the field – not only drug and alcohol but mental health and
many other fields – know that insurance companies don’t always use
information that is disclosed to them to provide more services or to expand the
support. Third party payors and specific insurance companies and MCO’s,
along with many other agencies and entities, continually request additional
information, and often specific information about client’s addiction,
treatment, history, et cetera. This information is consistently protected by
42CFR, which is a federal confidentiality law and regulation that has been in
place for many years.

Many insurance companies claim that they need access to additional
information to make level and clinical determinations. Often, this information
is not needed. The truth is that primary care physicians and trained clinicians
should be making length of stay and treatment determinations – not
insurance companies or their personnel.

When appropriate clinicians are making these decisions there is no need for
a treatment provider to expose an entire file of information on a client. It is
just not necessary. Information in these files, again, could be potentially
damaging and hinder the access of future services that might otherwise be
covered. We really need to ask, do we really want to take that risk with our

So let’s look at some of the implications of consumer’s files
being posted through an NHIN. When a large number of people suffering from
addiction will not seek medical treatment. They will not seek treatment. If
they know that there is no protection and that their information could be put
in the national repository that would be definitely damaging.

Even in Pennsylvania, we have over 800,000 people that are not getting
treatment for whatever reason. Some of it has to do with limited funds, but
many of it has to do with not wanting to be labeled as an addict or an
alcoholic. If we are already struggling with that – those numbers are
going to dramatically increase if we are talking about releasing information
that is very personal and potentially embarrassing.

Two, those who do seek treatment may provide partial or inaccurate
information because of the concern of where this information will land. I
believe that that was discussed this morning as well.

This could lead to additional cost to society through multiple treatment
stays and some individuals will drop their insurance coverage and try to access
public funds if they think that would help to protect their information.

Three, hospital personnel could make medical decisions based on outdated
information – especially if the information reported was from several
years previous to that. This could be potentially damaging for patients seeking

Four, people who sought addiction treatment services five, ten, even twenty
years ago, would also be at risk for being stigmatized, losing their jobs,
affecting their relationships with family and friends by breaching their
anonymity. That includes public officials, it includes police officers, medical
personnel, et cetera. We don’t know what is in people’s histories. If
someone went to history twenty years ago and they have been clean and they have
been doing really well, do they really want that information exposed? We need
to look at that.

Five, in making this information available we will increase the chances of
exposure of sensitive material to an already vulnerable and stigmatized

In closing, I must say that I respect the intentions of the committee in
developing a system that could prove beneficial in meeting the medical needs of
patients. I commend you on this endeavor. I do however, ask that on behalf of
people affected by the disease of addiction, that you be mindful of the impact
releasing client records through NHIN could have on their lives and future. We
should remember that consumer protection must come first.

Thank you.

MR. ROTHSTEIN: I want to thank all our testifiers. Now we will open the
floor to questions from the committee members. I’d like to recognize John

MR. HOUSTON: I enjoyed the testimony and I actually have a number of
questions. One particular question I have is I could see in large measures that
there really doesn’t need to be a need purely from a medical perspective
of knowing that somebody has received treatment for addiction. The question I
have is are there specifically types of addiction information that is relevant
to treatment? Such as, would it be dangerous for an addict be given a narcotic
or medication that has shown to be problematic with that addict in the past.
Are there things that medical professionals need to know?

MS. FLOYD: Absolutely.

MR. HOUSTON: I would be interested. I would wonder whether you could
bifurcate the record so that you make sure that that information is made

MS. FLOYD: That is a very good point. Many physicians, and even
psychiatrists, need to know that an individual has an addiction. Often
narcotics and other benzodiazepines are referred and recommended for clients.
It can kick them back into an addiction and create a cycle that we really are
trying to avoid.

If a client comes in – I should say a consumer – a health care
consumer. I am sorry I am so used to talking about clients. Comes in and needs
help – at the point of entry they are vulnerable and many times are not
sure what they are signing or what they are agreeing to. So you are talking
about a vulnerable population that is often not educated that could pretty much
sign over all of their information.

If we are going to go that route it would have to be very streamlined. It
would need to be very specific. I think that process not only needs to be
explained to a client at the beginning of that process, but as you go through.
It is important to know that if you have diabetes, if you have HIV, things like
that, when you are talking about treating diseases, but when you are talking
about a record a lot of times their addiction treatment file becomes a part of
their record. As long as that is streamlined and their whole record is not

MR. HOUSTON: I think that is really important. I just want to make sure in
the interest of trying to be overly protective that we don’t recommend
such protections that you set the individual up to be harmed by future
treatment. I just wanted to make sure that I understood that there really was a
section of that information if it was relevant.

Can I ask one other question?


MR. HOUSTON: Zeb, you said that you favored continuing on with the state
laws that currently exist related to protection of psychiatry information. I
think at some point in your testimony – correct?


MR. HOUSTON: What if in a perfect world would you be in favor of the
creation of a comprehensive federal law that applied specifically to psychiatry
and mental health information?

DR. TAINTOR: I think as a floor and not as a ceiling.

MR. HOUSTON: So you don’t think we should ever get rid of the state
laws that exist?

MR. TAINTOR: I think the only one – I believe there was hurricane
Katrina victim who became a cropper in Tennessee because everything had been
set up to continue medication and the Tennessee law was a problem. I think as
the states are more in this business they will be able to compensate for things
like that. I think we are an extremely diverse country and I think it is going
to be hard to achieve a federal law that won’t be different from a good
minimum standard. I think what we want is still to allow the states to be able
to go their own way.

The New York/New Jersey difference on whether or not to have a
patient’s identification number is a good example.

If I could get back to your previous question, I think there is no perfect
solution for this. Let’s pause at the history of intravenous drug abuse.
Jerome Grubman just came out with a very thoughtful book on medical diagnosis.
If you knew about intravenous drug abuse you might have a higher index of
suspicion for subacute bacterial endocarditis as a medical diagnosis in a
patient, and if you didn’t you might not think of it and you might miss
the diagnosis. That is relevant. On the other hand, there might be a
significant downside for that patient.

I am also keenly aware that when I say patients ought to have control over
what is in their record that what matters to a person on Monday, may not matter
the following Monday. We are just trying to strike a balance here.

MR. ROTHSTEIN: Thank you. We have many questioner’s lying in waiting.
I would ask that you keep your question to three or four minutes so that we can
get to everyone.

MR. REYNOLDS: Thank you to all of you. You touched on the things that we
have been trying to deal with. I want to ask a general question and have it
addressed by all three of you but you can only take up my three minutes.

Dr. Fagnant, when you were talking you used the word “blinders”
to data other than needed for the current patient complaint. And then, patient
deletion may invalidate the record.

Dr. Taintor, when you were presenting you talked about a carefully
structured “EHR” was a term you used, and then potentially relevant
information. Which is another term. Ms. Floyd, when you were discussing it you
said there needed to definite protection.

As we continue to wrestle with what is good privacy and what is good care
as you think about electronic records – how do you draw that line? The
word “relevant” is good but every time you step one level down into
the detail it starts to come apart. I heard each of you talk about the idea of
maybe down to a data element level, that people could decide what was in or
out. Step over here for a minute. If you are trying to balance this in a way
that you take all the things of each of you said – and there is no way to
disagree with any of that on its merit – but trying to put it together and
say, not everybody can win completely. What does it look like?

Dr. Fagnant, if you would not mind making a comment and then we will go in
the same order that we had the testimony.

DR. FAGNANT: Part of the comments were kind of blocked out by the phone but
I will try to answer the best that I can. Can you hear me?

MR. ROTHSTEIN: Yes, we can hear you fine.

DR. FAGNANT: My main concern is as a clinician, is I do like to have data
available when I need it. In my opinion the biggest problem with the privacy is
to keep the information away from those that don’t need it and then to
make it even more difficult is to be able to prevent the information to be
processed by the physician who has access who doesn’t need that part.

As to my comment on “blinders” is that when I have access to a
record I like to see everything I can. What is there to keep me from accessing
things that I don’t need. My ideal medical information system would have
everything in the system – all information that we can have available but
only allow the people to have access to the information they need when they
need it – prevent access to everything else.

The system certainly doesn’t allow that to happen but I think we have
to continue to aim at that as the goal and not to say, why don’t we
inhibit information and only allow little specs to get in here and there
because that would hurt the system.

I don’t know the answer. It is really hard to say how that should be
done but I think the most difficult part is to be able to determine which
information is limited to which providers and to which people who are not

MR. REYNOLDS: Thank you. Dr. Taintor.

DR. TAINTOR: I’m wondering about the question and to what degree is it
related to privacy versus a system in general. To the degree that it is related
to privacy, I would stick to R-6 and R-7. So we are basically saying yes to
R-6. I personally may be going slightly beyond ATA in terms of saying, let us
not have specific rules in terms of blocking access on R-7. Let’s let
patients decide.

In terms of a good electronic health record, I think what is so exciting
about an electronic health records is that they offer the possibility of
providing clinicians, in real time, the data that they need to make a decision.
Whereas, records, traditionally, have not been used a lot in decision making
because it has been hard to get data out of them — especially legible data.

The answer to your question comes down to what decision is the clinician
making at a particular time? Combining the two, so the relevancy and the
structure are all directed at what do you need to know when?

The major consideration for this hearing is how about those other people?
What do they need to know and when do they need to know it? I think we have a
whole bunch of interested parties, stakeholders. Where I think there is concern
is in the administrative – the business side of medicine and data getting
handled sloppily, as is reported weekly, and used for non-medical purposes.

You would think the little town of Ogdensburg on the St. Lawrence River,
where I visited the St. Lawrence Psychiatric Center for years, would not be a
place for information abuse and yet, there is a very fine system used by the
Office of Mental Health and low and behold, we discovered a local landlord
trying hack in because an ex-patient was a potential tenant of the landlord.
This is what I think people are most worried about.

I think where we get into meshing these is in the phenomenon of doctor
shopping and over utilization and redundancy of tests and redundancy of
treatments. The data on the number of providers that Medicare recipients see
each year – and we are looking at potentially thirty percent of health
care dollars somehow being related to redundancy or over utilization. I think
again, we are going to have to strike a balance there.

In our 26 regional health information organizations that are springing up
around New York State, it looks as though we are going to be following HIPPA to
the letter and you don’t get any information on a patient unless the
patient has given you permission for getting that information. That may
undercut our ability to deal with multiple providers and multiple treatments
but so far that is the route we are going to take.

MS. FLOYD: I was hoping that you were not going to ask this question but I
knew that you would. The truth is I, too, have no answers for this. This is a
very challenging process. One that I am glad that I am not in the decision
making position.

I realize that there is a specific need to medical information that could
be very, very helpful in treating and meeting the needs of consumers. I
appreciate that. At the same time, I think that people that work in these
specialty fields should be used to determine what this should look like. What
kind of questions should be answered? What kind of information should be
included? Is it really pertinent? Let us have a discussion about that. I think
that you need to go through that work group kind of extensive committee work in
order to get there.

I don’t think it can be done by a think tank but you need to utilize
all the folks that can help you determine what that is going to look like. My
big concern is the breach of information.

Just recently, in Pennsylvania, just a couple of days ago, there was a
major hospital system in Pennsylvania that had this huge breach that included
client’s names and social security numbers.

MR. HOUSTON: We are laughing because it was the system that I work for.

MS. FLOYD: Sorry.

MS. BERNSTEIN: We all know we saw the news.

MS. FLOYD: But those are the concerns that we have. How are people going to
be identified? Using their social security number and their name is completely
unacceptable. Questions like that concern us. Who is going to have access to
this information? I have concerns that somebody in a hospital setting that
works in the laundry department can sit down at any terminal and access this
information. Again, you are talking about confidentiality, you are talking
about privacy, you are talking about respecting those who utilize our services.

My concern is how the information is going to be monitored and how you
determine what information is going to be made available.

MR. REYNOLDS: That would complete my three minutes.

DR. TAINTOR: Just to add something. APIN(?), the various entities in New
York State have been enthusiastic about the continuity of care record and about
the standards for personal health records. That might help in terms of
committee process to define what is relevant.

I must say though, in my experience with the RHIO’s in New York State,
I don’t see them moving very much in that direction. I think, again, the
issue is what is relevant to a particular decision or care needed at a
particular time.

MR. ROTHSTEIN: Let me invite our witnesses to try to be as succinct as
possible. That will let us complete our questions and perhaps you might want to
address your question to one of the three panelists. That might be an easier
way to get everything in. I know everyone has lots of questions. I could take
the rest of the time myself.

MS. WATTENBERG: I’m gong to pick on you. I am representing a portion
of the addiction and also the mental health field and perhaps other fields as
well. When you look at a lot of the data the likelihood of mental health
patient dying 25 years earlier than everyone else or an addicted patient having
adverse health effects with hypertension, some kind of cancers, liver disease,
that kind of stuff. The likelihood of somebody’s quality of life and life
just period, is probably more threatened by uncoordinated care than by the
potential of a breach or even an authorized disclosure with some adverse

If that is true, and I sort of think it is true but I have not looked at
all the numbers but that is what I would sort of guess – if that is true,
what is the – I am trying to think about addressing this consent issue in
a way that is a little bit different than just parsing the record and so forth.

What would it take to change practice with providers and patients so that
they would fully understand the implications of withholding information such
that they would actually start signing consents? One of the questions I guess I
am getting at, too, my sense is that patients are not fully informed of the
full risks and benefits of withholding versus sharing information. I guess one
is, do you concur with that and do you think there is a way to change it?

MS. FLOYD: I don’t concur with that. I worked in the addiction field
for many years. The agencies that I have worked for have been very specific
about the process that you go through with a new client in explaining
confidentiality, having them not only review but sign several forms discussing
it in groups. It has been pretty extensive all the way through the continual
care to out-patient level, I think clients are informed. In Pennsylvania, I
know the clients are definitely informed.

MS. WATTENBERG: About confidentiality or also about the risks?

MS. FLOYD: They know about the risks as well. A lot of the clients that
come into facilities that are looking for addiction treatment services may be
involved with the criminal justice system so they want to know exactly what is
going to be disclosed, when is it going to be disclosed, what kind of impact
does that have on me. I know in my experiences, we have spent extensive time
explaining that.

I think you are talking about what it would take to change that system from
the provider’s perspective. I think it would take an act of God and a
stick of dynamite. Providers are very, very adamant about this issue. A lot of
folks that work at provider facilities have been there for years, they have
been in the drug and alcohol field 20 to 30 years, they have a very set
perspective of how information should be handled and what should be shared.

I think you will have a difficult time in getting veterans in the field
– especially clinicians – to embrace that kind of change. It is going
to require a complete systems change on multi-levels. I am really not sure what
that would look like but you would definitely have to get the buy-in of –
and I don’t want to say regulatory agencies – but basically it would
be some kind of state entity or regulatory department that would monitor that
kind of thing.

I know when I hear things about changing the confidentiality laws and
privacy in exposing information that has not been exposed up to this point, I
get extremely concerned. My colleagues do to. When the issue about
confidentiality came up in Pennsylvania, I can’t tell you the meetings,
discussions, phone calls, e mail dialogues that went on. I think you would have
a very difficult time in doing that. I won’t say that it is impossible but
it would be a challenge that would take work on multi-levels.

MR. ROTHSTEIN: Thank you. Sue, did you have a question?



MR. TANG: I want to thank the panel for their thoughtful testimony. I think
I have actually changed some of my opinion on some things based on the
testimonies. I will expose that a little bit later.

First, I think we would all agree that care of the individual is probably
the top concern of the health care professional that is address this particular
client or patient. We would expect the health care professional to want to do
the right thing for that patient at any given time. I think, in general,
applying that value to the information systems containing information. That is
to say, we want make it easy to do the right thing at that moment and
difficult, at least, or at least punishable to do things that would cause harm
to the individual or society.

In order to do the right thing for the health care professional that person
has to have confidence that they have the right information to make the
decision. From patient to patient, it seems like the health care professional
needs to have a uniformed expectation of what information — how complete is
the information that I have. That makes me think that you need to have a way
that for every patient showing up I know what I am seeing – upon what
information I am basing these decisions rather than patient by patient, what am
I seeing.

Here is the change, and in particular listening to Cheryl, I think on
balance – although I was very concerned about flagging information, maybe
the way to address it as a compromise is to flag what we call
“chunks” of information instead of individual data elements.

Chunks might be mental health. I think recovery is part of the mental
health chunk, so to speak, and if it were flagged that there is some
information that is not being shared that would at least help put me on notice.

One example would be the example you brought up, which is endocarditis, if I
am faced with a patient with what we call, fever of unknown origin, and I see
that flag – seems to me that I need to “break the glass” action
in order to get access to that information that very well bear on this fever
that this patient has. Yet, if I am treating a cold, I would have no reason to
“break that glass”.

That helps me as a physician better know whether I have the complete
information I need today. I am sort of thinking that the “flagging”
may be a way – but flagging in bigger chunks than I think you proposed, in
terms individual data elements, would help me know where I stand, in a sense. I
think the first speaker was sharing the same sentiment. It is really hard to
know that I have some, but not all, information and I don’t know for every
one patient where that missing piece is. If I know for every patient I will
have a flag on sections of there record, that would help me feel better with
respect to I may be missing information.

Yet the so called, “break the glass” can give me additional
accountability that I have gone into this person’s mental health record as
a non-mental health provider. I would appreciate the two of you – and I
think the first speaker sort of probably shares that sentiment, comment on this
compromise – basically, flagging in bigger chunks and then having the
“break the glass” accountability.

DR. TAINTOR: The issue is to what degree is that going to be acceptable to
individual patients. I am assuming, although it is not explicitly in anything
that I received, that there is going to be a opt-in/opt-out option and one
would have to see how that is received. If a lot of people opt-out –
again, the opting-out is from information sharing and the primary physician for
that patient would presumably, still be well informed.

In terms of the Psychiatry Association’s reaction, we would have to
get back to you.

MS. FLOYD: I know on the drug and alcohol side that would be a major
concern, as well. The flagging is not so much the issue but being able to go
past that and kind of “break that glass”, that you were talking
about, and given that information. Again, how do you control that process?
There is a lot of information that you might find once you break the glass that
still is not pertinent to what you do. So, what happens to that information?
Who gets it? Is it documented? If it is, where does that go? How is it
monitored? There would be major concerns with breaking that glass.

I do appreciate the need to in order to effectively treat someone you need
to know what you are dealing with. Again, I think people in the field would
have some concerns. That would need to be monitored very, very closely. You
would need to come up with a very specific plan as to how that would happen.

Again, my concern too, is who else is going to have access to that?

DR. TANG: Can I describe just a little bit of what –

MR. ROTHSTEIN: I am afraid that we are going to have to move on but thank
you for raising the issue.

Leslie Francis.

MS. FRANCIS: I want to ask a pretty specific question in the spirit that
our goal in this session is to look at some of the questions not about privacy
generally, but about the issues raised by the specialty practices that we have
represented here. As I have been listening to you – to all three of you
– on the one hand, I have heard some suggestions about ways that limits
might be built in. Whether they are overrideable or not – I don’t
want to look at right because that is a more general question.

Here are five ways I have heard, that information might get limited. Time,
so that older information drops out or is more protected. The person picks the
information – that is what I think Dr. Taintor was suggesting. That it is
condition specific, that it is provider specific, and that it is type of
information specific. I think Cheryl was suggesting something else about type
of information. If I am not wrong about this – you were thinking about the
bio social assessment as something that might be more protected than other
kinds of information.

The specific question I want to ask each of you is from the point of view
of your specialty practice, what type of information, if any, should we most
worried about? And, should we try to conceptualize the concern about that from
the point of view of well, maybe we should just let it go back in time and then
it is not so accessible. We should let patients choose. How should we try and
think about dealing with that kind of information?

The obvious kinds of information that comes up in OB-GYN practice, is prior
of abortion, for example. I wonder if you could address that kind of specific
question of what type of information from your specialty do you think we should
be most concerned about and if you have a type of information or types, how
would you think we should try and worry about it, at least in the first
instance, leaving aside the question of whether there should be some way to
break in?

DR. TAINTOR: I think the key issue in psychiatry and mental health is
almost certainly diagnosis because it carries such a stigma with it. What I
find my fellow physicians care most about is what medications the patient is on
and the irony of these two are that, one, most psychiatric medications are
prescribed by non-psychiatrists, so that really doesn’t matter and for
psychiatric diagnosis it is hilarious because we don’t have biological
markers for our diagnoses. We are still a century behind the rest of medicine.
So you label somebody as a schizophrenic in the United States – the
Japanese Psychiatric Association has abolished the term and most of our
European colleagues are talking about first break psychosis as contrasted to
schizophrenia, which to them is a much more chronic condition. So I would say
that what we want to be concerned about is diagnosis. And by the by, the other
day an internist got an advisory from a drug company saying why aren’t you
using this medication against high blood lipids, that listed all of the
patient’s medications, but all of his diagnoses, including a bunch of
psychiatric diagnoses of which the internist was unaware.

MS. FLOYD: I would agree. I would definitely agree. Diagnosis is really
kind of a telltale sign. There is stigma that is associated with each disorder
and each diagnosis. Somebody may have had a bad experience with a schizophrenic
and you are talking about, in a medical setting, treating someone with that
condition. I mean, those kinds of things really do come into play.

I have concerns about people being labeled, especially on the mental health
side, because it follows them throughout their lives. A lot of times it can be
to their detriment depending on who has that information and what is done with
it. One of the things I do believe is important is medication. Medication will
tell a lot. If somebody is on an antidepressant or a psychotropic medication,
that is usually an indication that there is some kind of mental health
disorder, or possibly a psychiatric condition as a result of drug and alcohol
use. That is broad enough for someone to determine where it is that they need
to go, as opposed to not having that information at all. You are talking about
medication that conflicts with each other, and sometimes it is lethal. Some
people are dying from those conflicts. You are talking about old
antidepressants compared to SSRIs, the new ones. That kind of information is
very important.

If somebody tells you that they are on methadone, that tells you a lot
about their condition. I don’t think you need a diagnosis to attach to
that. SO again, if a person is willing to share that information in a medical
setting, they almost would need to, to truly treat the client then I am more
apt to lean toward the medication piece. But I would not embrace the diagnosis.

MS. WATTENBURG: I would just like to make a note about the federal
confidentiality law, which is it does protect any information that would
otherwise identify a person as a substance abuser. So when there is a
medication and it is only prescribed for substance abuse, then it cannot be
shared. When a diagnosis identifies somebody as such it cannot be shared
without consent.

MS. BERNSTEIN: Sarah, isn’t that only limited to specialists in
substance abuse and records that are segregated?


MS. BERNSTEIN: As Dr. Taintor said, if it is something prescribed by an
internist or a primary care physician –

MS. FLOYD: That does not apply. And just like bupinorphine, physicians are
being approved to dispense bupinorphine. That is not going through eh addiction
treatment system. So that information is going to be in files and that can be
shared much more readily than it would from a treatment provider. So

DR. FRANCIS: Could I ask Dr. Fagnant if he ahs any comment?

DR. FAGNANT: Yes, I would like to approach the question from a little
different angle. You talked about the types of information and how it should be
limited. Hospitals almost always limit information by time. When you look for
something after so many years you cannot find it, microfilmed or something
else. That doesn’t seem to be a good way to do it, in my opinion.

The provider specific is currently I believe,how is it done mostly now. The
doctor keeps the records and he determines how that is given. When I look at
old records I always look at who the provider was, who provided that
information, and I think that that is a really good limiting mechanism. It has
been used, and when we look at electronic information we can use that. I think
that is helpful. An example is you look at information where a woman has had an
abortion and that should be in her medical record, but how does that come out?
Certainly most of us in gynecology and obstetrics have had the couple in the
room and say, oh, I see you have been pregnant three times, and the husband
looks at the wife and says, gee, no, this is our first pregnancy. So that kind
of information can really escape out and damage, but I think it is important
when it is looked in the area of provider specific, that kind of helps tone it
down. So I think it is important for information to be able to look through
that information and use that as a filter.

DR. COHN: I agree with Paul that this has been a very interesting set of
discussions. I just wanted to follow up with you about – I sort of half
understood your response to Paul Tang and wanted to go into it a little
further. I should comment that I am an emergency physician, so I tend to look
at things to avoid doing harm in the environment where things actually happen
as opposed to when they come back after three or four weeks when you have time
to think about things.

I think Paul is asking more about this issue of flagging things – he
was talking more about bigger chunks versus smaller chunks, and I will ask him
during the break about it. But I am a little confused by your response just
because I was looking through your testimony, and particularly looking at the
last paragraph of your response to R7 where you actually introduce the concept
of flagging certain types of information and restricting it and then allowing
sort of a break the glass activity.

I thought you were in favor of introducing that concept as a way to resolve
the dilemma of providing restriction and control, but also allowing access when
and where you needed it. But I wasn’t sure whether you were agreeing to it
or whether you were stepping back from that proposal.

DR. TAINTOR: I think some of the ambiguity may have to do with the whole
concept of flagging, what is flagged and for what purpose. In other words, who
flags what and why. I think that might be an extended discussion. Bearing in
mind that that is an extended discussion, I am looking at that last sentence
and wondering if I have sown some confusion about that, because I do in fact
mean the last sentence.

DR. COHN: How about the sentence before it – to assure access to
clinically essential information on emergency condition a flag may be needed to
display when condition access information is restricted. Then in case of
emergency, when rapid access to information may be essential when the patient
may not be able to give consent, a break the glass feature should be available.

Is that different from what Paul was asking? Are you stepping back from

DR. TAINTOR: What I understood Paul to be talking about was that you might
have a record, instead of reading a complete family history, you might see a
flag saying patient’s request for information on family history is
withheld, or something like that. Is that what you meant?

DR. TANG: In your specific case it would be mental health section of the
history would be flagged as not shareable.

DR. TAINTOR: Yes, but it could be anything. For example, the number of
pregnancies. So the break the glass provision – here is the woman and we
don’t know the number of pregnancies, has arrived in a coma and we need to
know everything that we can about her, and that might include something

DR. COHN: Therefore you would be comfortable with this idea of noting the
existence of information with the fact that this is restricted.

DR. TAINTOR: Especially since Paul added the key sentence that he would
accept accountability for breaking the glass. The real world in which we are
operating is there are all kinds of people smashing the glass all over and not
accepting any accountability nor being prosecuted for same.

MS. BERNSTEIN: Could I ask a quick follow-up question? Hal indicated that
he intended that such a flag would indicate what the subject matter is that is
missing, as opposed to just saying there is a piece missing.

DR. TAINTOR: Well, he said a chunk, which would be a piece.

MS. BERNSTEIN: But if you have a record that says a substance abuse record
is missing or psychiatric record missing or gynecological record missing –
I mean it is one thing to say a woman has her gynecological record missing
because most women have such a record. But if you say an oncology record is
missing, you pretty much know the diagnosis. So that is not really hiding
anything if you put such a flag on there. So if you just have something that
says there is a piece of a record missing and if you want to delve into it you
are going to have to ask for more history.

DR. TAINTOR: I don’t think we necessarily jump to those conclusions.
In a methadone exchange, I am thinking about methadone being used in chronic
pain clinics.

MR. ROTHSTEIN: The last three minutes I will take — I just want to start
with an observation about the flagging issue, which we debated in the committee
extensively over the last couple of years. The problem is as Maya suggested
that putting a flag is from a patient perspective tantamount to putting a
diagnosis or information that is unacceptable.

An alternative would be to say that there are these five areas that
patients have the right to exclude information from accessibility and one of
that is psychiatric information. Another one is substance abuse and so forth
and, therefore, physicians should be alert to the fact that patients have the
right to exclude that information and so there are, in effect, automatic flags
for everybody and physicians take that into account that, okay, we may not have
the psychiatric information. The patient may have chosen to omit that without
putting a flag that says there is psychiatric information about a particular

I have a quick question for Dr. Taintor and I wanted to ask you in your
experience how has the privacy rule provision that I discussed in the opening,
which treats psychotherapy notes separately, in your view, how has that worked

DR. TAINTOR: So far, so good. I don’t hear any particular complaints about
it. I know that you raised the issue of is it too narrow a provision and I
think that the comments about diagnoses and some other conditions are why we
are here where we are. We are starting from that base.

MR. ROTHSTEIN: Yes. One of the things I want to explore with the primary
care physicians is specifically that point, that many of them do see patients
for mental health conditions and this provision is inapplicable to them and
whether that is a problem

I want to ask Dr. Fagnant one question and it relates to his testimony and
something that he said orally as well. In your testimony on page 3, you talk
about the value of a complete health record. All the physicians that we talk to
and have talked to over the last couple years, they all want everything for
themselves, but are willing to concede that others who are treating patients
maybe can do with less than the complete record.

So, from you perspective and from ACOG perspectives, instead of looking at
it from what you get, looking at it from what non-OB/GYN get about — for
example, sexual history, reproductive history and so forth, is it your view,
perhaps, that patients would be more forthcoming with you and your colleagues
if they knew that should they break their ankle and be seen by an orthopedist
to have the ankle treated, that their sexual history and reproductive history
and history of abortions and so forth would not be accessible to somebody down
the road.

DR. FAGNANT: I really don’t know the true answer to that. The gut feeling
and the gut comment everybody says is yes, of course, that will limit it. That
is a question that we would ask quite a bit when we were at the task force in
Wyoming to decide about a health record there.

I think, you know, the order of the unflagged, flagged that you brought up
is probably a good issue and then I think it would be up to a physician to
determine if that information is needed and up to the patient to be able to
say, yes, I will allow you to offer that. So, my conclusion to that would be, I
think all that information needs to be available, but I think that some of that
information may be able to be available at the direction or approval of the
patient at the time of the presentation of the broken ankle.

MR. ROTHSTEIN: Okay. Thank you.

If I might personally editorialize for 30 seconds, I think that as we start
out in the NHIN, building confidence among patients in the confidentiality and
the privacy of their health records is so paramount that it may well be that
down the road if things work well, people will be more forthcoming with
information, but in the short run, there may well be a reluctance to allow
everything to be shared with everyone. So, it may be a kind of a sequence thing
where we are now dealing with sort of short term issues as we go to this and
they may disappear.

I was thinking of testimony we heard from someone from Denmark, who said
that they have a broad right, patient, to withhold information or to block
information that was rarely if ever exercised by patients but they love the
fact that they could do that.

So, that is something for us to think about.

I want to thank all three of our witnesses for a very provocative beginning
to the hearing. I want to tell my colleagues that we are having a working lunch
from 12:30 to 1:15 and during the break, you will need to complete the menus
that are in your materials so that we can have lunch delivered and so that we
can work during that time.

We are going to take a break now for 15 minutes and begin Panel II at
11:05. Thank you.

[Brief recess.]

MR. ROTHSTEIN: I apologize for our late start. Our third witness for this
panel was slated to call in his testimony and we are hoping that he still will
be able to do so. But we are unable to reach him at the moment. I don’t want to
delay our hearing any longer. So, we will begin with the testimony of our first
two witnesses.

Agenda Item: Panel II — Records in General and
Emergency Practice

I want to welcome Dr. Keaton and Dr. Kibbe, both of whom we have heard from
before, I believe. I am sure you have heard the issues that we are still
wrestling with and we are very anxious to hear your perspectives on the issue
of patient control of information and limited access or segregation of certain
fields in medical records.

So, Dr. Keaton, if you would proceed.

DR. KEATON: On behalf of the American College of Emergency Physicians, I am
pleased to have this opportunity to address the NCVHS Subcommittee on Privacy
and Confidentiality regarding consumer controls for sensitive health records.

ACEP is the largest specialty organization in emergency medicine with
24,000 members, who are committed to improving the quality of emergency care
through continuing education, research and public education. ACEP has 53
chapters represented in each state, as well as Puerto Rico, the District of
Columbia and government services.

ACEP is committed to the development of the Nationwide Health Information
Network linking all components of the health care system. To help make this
happen, ACEP is dedicating significant resources to supporting standards
development and the implementation of best practices. Emergency physicians like
myself are playing vital roles in the development of regional health
information organizations, which are the local and state building blocks for

I will say parenthetically that just from my personal perspective health IT
has become my day job, so to speak. I am currently heading the creation of
NEORHIO, the Northeast Ohio Regional Health Information Organization. I sit on
our state body that is developing HIT for the State of Ohio and sit on the AHEC
Population Health Clinical Care Connection Workgroup, the Health Initiative
Board and the Connecting for Health Steering Committee. So that this has
largely become something that I mix with my dedication to the practice of
emergency medicine and our specialty society.

Emergency physicians are patient advocates dedicated to providing quality
patient care and protecting the public’s health, while also protecting the
privacy and confidentiality of every patient’s health information. While we
respect patients desire to control access to certain aspects of their medical
records, we caution against the unintended consequences of a patient controlled
policy that could impede our ability to deliver the best possible emergency
medical care.

Due to the very nature of emergency care, it is often delivered without the
benefit of a patient’s vital past medical information. Nevertheless, emergency
care providers perform admirably as a safety net for this country’s health care
system, despite facing many complex issues, including increasing volumes,
excessive patient waiting times, overcrowding, lack of surge capacity,
ambulance diversions, specialty consultant shortages and limitations in
pediatric emergency care.

The emergency department serves many roles in our health care systems as
the interface between the inpatient and the outpatient world, we managed the
acute and often unexpected medical emergencies and traumatic events that result
in hospital admissions. In most settings, over 60 percent of hospital
inpatients were admitted through the emergency department. We provide acute
episodic care for patients, who either have no access to primary care, either
because they are not in their home area or because they don’t have access
period. And we also provide care for those who are acutely ill or become
acutely injured away from their location.

We are experts at acute diagnosis and stabilization and we are also a vital
link in the public health network. Moreover, the emergency department serves
this role on a huge scale. Emergency departments in the United States serve the
equivalent of 40 percent of the U.S. population each year. The overriding
reason for the creation of the NHIN, the interoperable electronic health
record, is to improve the quality, efficiency and safety of health care of all
Americans. Providing patients control over sensitive, confidential information
in the medical records has to be of a high priority, but this must be balanced
against the need for timely data availability in an emergency care situation.

As you know, emergency department care incorporates a vast knowledge base
and its clinical responsibilities are inherently time critical. For
implementation of an NHIN to be of maximum value in the emergency department
setting, we must not surround it with measures and controls that could render
it unusable by both patients and practicing clinicians like me.

ACEP believes network operations should be consistent with current HIPAA
rules and should include provisions that facilitate access for continuing care
in emergency situations. We believe the subcommittee’s consideration of patient
control over sensitive health information in the medical records should be
guided by the following principles, which we believe are critical to
implementation of data systems that will allow us to provide the highest
quality care to millions of patients who seek care in the emergency department
every year.

One, optimal management of emergency cases requires rapid and I underline
rapid access to patient data. Speed and reliability are crucial. If the
system is not fast and always available, it will not meet the needs of
clinicians and patients. A key finding of the May 2004 Society for Academic
Emergency Medicine Information Technology Consensus Conference was that when
caring for the emergency patient, in quotations, electronic clinical records
should be released immediately upon the certification of a clinician that there
is an immediate clinical need for the release of those records.

The issues of security, identification and authentication, as well as
patient control, should facilitate that process rather than hinder it. The
issue of security, identification, authentication, as well as patient control
should facilitate the process of getting the data to the clinician at the point
that they need it, rather than hinder that process.

No. 2, the assumption must be made that a patient who is unable to give
permission for data access would have done so, had they been able to do so. Our
patients cannot always provide permission. The sickest of those patients
certainly can’t provide permission. Given the nature of emergency medicine,
cumbersome or onerous authorization requirements must be avoided. Moreover, it
is vitally important that a break the glass policy be included, whereby
authorized emergency clinicians are able to quickly gain access to critical
information with a doctrine of presumed consent when patients have emergency
conditions and are unable to provide consent.

No. 3, optimal management of emergency cases requires access to complete
patient data. Clinicians must be able to trust that the data that they are
viewing is complete and truthful. A single data point is a set of or a set of
data points obtained at a single point in time, is like looking at a still
photograph or a single frame of a movie.

When we look at a movie, we are presented with sufficient frames per second
to enable the brain to interpret the individual images as continuous action.
Editing a movie to leave out or change significant portions can lead the viewer
to reach incorrect conclusions. In a similar way to doing incomplete data
portrayed as complete can cause the clinician to reach unjustified and
potentially dangerous conclusions.

If we know data is not accessible for any reason, the information system
must call this gap to the clinician’s attention in a very conspicuous manner.

No. 4, emergency physicians must be notified when a patient refuses
permission to provide access to some or all of their data. While ACEP does not
disagree with the patient’s right to withhold information no matter how
dangerous that might be, we believe it is critical that the treating physician
be notified that the data being viewed is incomplete.

Such refusal alters the point of truth and requires the emergency physician
to look at the data differently.

No. 5, public health needs, including syndromic surveillance require
reliable access to population-based data. Access to this data must be assured.
The secondary use of data should support improvements in public health through
surveillance, benchmarking and policy support initiatives. Critical
deidentified public health data must be made available to maximize the
effectiveness of surveillance systems with or without the patient’s permission.

Also, once a risk is identified, there must be a link back from the
deidentified data to the indexed cases for the protection of those indexed
cases and the public as a whole.

No. 6, some patients were refused permission to access their data because
they planned to injure themselves or others. We must provide provisions for
allowing access to data critical to protecting the patient and society from
harm that could reasonably be expected to occur if critical data were not
disclosed. This is a difficult problem that may be beyond the scope of this
committee, probably or possibly requiring legislative action.

Emergency patients are a subset of society as a whole. Some have ulterior
motives for coming to the emergency department. These include illegal and
dangerous drug seeking behaviors, terrorist activity, et cetera. Others may
represent a threat to themselves or others due to psychiatric conditions,
intoxicants or criminal activities.

No. 7, though not strictly under the purview of this committee, we would
like to stress the fact that consideration must be given to the potential court
liability risks inherent to the creation of an NHIN. Two major legal
impediments must be addressed if the NHIN is to be successful. The first
involves liability for breaches of security and the other involves liability
for failure to notice or correctly interpret issues that are hidden in the vast
volume of newly available results or tests that may not have been ordered by
another clinician.

Once again, thank you for providing the opportunity to address these areas
of concern to emergency physicians and the patients that we serve. Thank you.

MR. ROTHSTEIN: Thank you very much. We will have questions for sure.

Now, Dr. Kibbe.

Agenda Item: David C. Kibbe, MD

DR. KIBBE: Good morning, everybody. What I would like to do is to read our
statement, which is actually quite short and will take no more than five
minutes. As you will hear, I will be going back to the basic issues of privacy
as a way to set the foundation, I hope, for the more detailed discussion of
sensitive health information.

On behalf of the 93,800 members of the American Academy of Family
physicians, I am pleased to provide you with with our views on the critical
issues of privacy and confidentiality within a health information technology
system. I am David Kibbe, former director of the Academy’s Center for Health
Information Technology and currently a consultant for the American Academy of
Family Physicians.

The AAFP is one of the largest national medical organizations, representing
family physicians, family medicine residents and medical students nationwide.
Founded in 1947, our mission has been to preserve and promote the science and
art of family medicine and to ensure high quality, cost effective health care
for patients of all ages.

The AAFP views health information technology as one way for physicians to
redesign their practices so that they can coordinate patient care and provide
for ongoing quality improvement at the practice level. As many of you know and
are aware, the Academy has been an innovative leader in our quest to provide
health information technology to our members and to transform the electronic
health care system as a whole.

Parenthetically, we think we are now in excess of 40 percent of our members
using electronic health records from a commercial vendor. This is an opportune
time for AFP to testify before NCVHS on privacy and confidentiality in the
context of growing debate about health information exchange and the discussions
regarding the so-called National Health Information Network, which we are
convinced will probably be the Internet.

Family physicians are encouraged by the growing adoption of personal health
records, so-called PHRs, by consumers and patients. Speculation also is high
that electronic health records and EMRs and software applications of this kind,
used by AAFP members will need to interoperate with personal health records.
However, there is widespread confusion and even some apprehension about the
privacy and confidentiality that will apply to these new technologies. Who owns
the data? Who can access the data? When and under what restrictions or rules of

Specifically the subcommittee’s concern, does the consumer have the right
to withhold health information from his or her providers and under what
circumstances? These are some of the issues that are commonly presented to the
AAFP’s Center for Health Information Technology. We believe that a lack of
answers to these questions has become a significant barrier to the ongoing
adoption of health information technology by our physician members, what we
call the next 30 percent in terms of EHR adoption.

We in this country do not have a uniform set of answers to these and many
related questions. Now, what we do have is a patchwork quilt of state and
federal legislation and regulatory guidance about privacy. These laws and rules
are further confounded by the fact that they are industry specific and,
therefore, variable with respect to the kind of personal information being

Unfortunately, the health care industry lags behind some others. In no
industry is the issue of privacy and personal information more in need of a
thorough revisiting. We believe that it is critical to end this confusion and
this unworkable situation. What we need is a comprehensive and uniform approach
to the privacy and protection of confidentiality and the security of personal
health information.

So, before we can address some of the very specific issues, we need to
fundamentally reform our approach to privacy in this country. On behalf of the
Academy, I would like to recommend the following four principles as a
foundation on which to develop a uniform approach to privacy and

One, the approach should apply uniformly and consistently to any and all
persons, organizations and entities, who collect, store, manage and transmit
health data and not only to providers and health plans and those other entities
specified under HIPAA. It should allow the patient, consumer or individual to
control access to the specific content of their health records, requiring that
all uses to which that information might be put by the custodian or steward of
the data is consented to by the individual.

Third, this approach should assure that any limitations to that right of
access and control over access requires, based on the age of the information,
the nature of the conditions or treatment and its relationship to issues of
public health and national security, et cetera, are clearly and consistently
spelled out to the individual at the time he or she provides his or her

Finally, it should include serious penalties, which are enforced in the
event of an illegal disclosure of private and confidential information. In our
opinion, the HIPAA privacy rule is fundamentally flawed, not due to the
oversight of its originators, but due to rapidly changing conditions. Most
notably, this is the evolution of the Internet and the worldwide web as
vehicles for the collection, storage, management and transfer of personal
health information of many kinds, which includes health information that is
personal and identifiable.

I would refer any of you who are not up to date on the private sector’s
activity with respect to personal health records to take a look at The New York
Times article yesterday that mentioned the revolution, how Google, Yahoo and
other companies who are entering this market in a very big way, in a world in
which the network is also the application, web sites and portals that offer
enhancements to health content that is free to move about on the Internet are
already starting to appear on the market and in addition to what The New York
Times talked about yesterday, I know of at least another 50 to 60 companies
that are moving that direction.

Private companies are offering consumers web-based tools, such as personal
health records that include clinical guidelines and recommendations regarding
chronic illness and preventive care. This is a natural byproduct of the new
health data liquidity and will probably continue to grow, integrating this
first collections of information for the patient also will become very
important and drive change in the direction of personal health data management
by consumers and their agents, some of whom will be providers, but many of whom
could be entities that are not providers of health care.

Traditional or legacy software applications and relational databases will
certainly remain useful in health care for a long time to come, but personal
health records in the hands of consumers inevitably will boost the economic and
political value, both, of moving and exchanging very specific data sets of
information beyond the static collections of data that providers and health
plans privately format in their own databases. I think we can return to some of
that, a discussion about that with respect to what Paul was talking about in
terms of data content and specific options, such as mental health.

So, in conclusion, on behalf of the American Academy of Family Physicians,
I would like to thank you for this opportunity to talk to you about the
challenges we face in maintaining privacy and confidentiality in a world in
which most of our key information is going to become on line.

Our recommendation is that we must establish a uniform approach to privacy
and confidentiality within the health care industry first and that we do not
have today. We have to start immediately or we will continue to have our
outdated health care information systems overtaken and we will have physicians
overwhelmed when they are unable to find a relevant privacy standard.

Patients who do not trust the disposition of their data and private
entities that will move in will move in naturally to take advantage of health
information opportunities.

Thank you. I would be happy to answer questions.

MR. ROTHSTEIN: Thank you very much.

Let me just check. Dr. Zaroukian, are you on the phone?


MR. ROTHSTEIN: Thank you very much for joining us. We appreciate your
calling in and wonder if you could proceed with your testimony at this time.

Agenda Item: Michael Zaroukian, MD, PhD

DR. ZAROUKIAN: Sure. Just by way of background, I am having a little
trouble hearing on your end. So, if I ask you to repeat, please accept my

MR. ROTHSTEIN: That is fine. We can hear you great.

DR. ZAROUKIAN: But thank you for allowing me the opportunity to offer
testimony on behalf of the American College of Physicians. I am Dr. Michael
Zaroukian. I am currently the medical director of the Michigan State University
Internal Medicine Clinic and the university’s chief medical information

As a member of the ACP’s Informatics Subcommittee, it is my pleasure to
speak to the issues before the subcommittee and offer the viewpoint of the
American College of Physicians.

I apologize for not being able to be able to attend in person and I thank
you for arranging this remote access to the hearing.

The College is the largest specialty society in the United States,
representing 120,000 internal medicine physicians and medical students. ACP is
extremely interested in the confidentiality and privacy issues pertaining to
personal health information and electronic health records. Control of content
and access by individuals to clinical information are critical issues that will
greatly influence acceptance and use of the NHIN.

The impact of policies adopted and implemented to address these complex
concerns could be substantial with regard to the accuracy, reliability and
usability of information exchange electronically.

First, let me state unequivocally that ACP strongly believes in the goal of
widespread adoption and use of health information technology to improve health
care quality. The College supports the concept of safe and secure electronic
health information exchange and advocates that clinical enterprises, entities
and physicians wishing to share health information, develop principles,
procedures and policies appropriate for the electronic exchange of information,
to specifically address the issues before the subcommittee.

The College believes that model language addressing these issues should be
developed to inform state legislation. Creating a level of standardization
would reduce the variability among state specific policies, which even today
add further complexity to electronic exchange of health information across
geographic boundaries.

The specific questions raised in your June 2006 report from Secretary
Leavitt, Privacy and Confidentiality in the Nation by Health Information
Network, relate to the practical implications of policy decisions regarding an
individual’s right to control access or access to specific proportions of his
or her record through the NHIN and the degree of such control. Our presumption
is that NHIN will follow the federated model, that patient data will be
persisted or stored only within the clinical system in which they are generated
and that the NHIN will be comprised of registries of metadata that point to
these original data sources.

We will not address the other elements, such as opt in or opt out because
the premise of recommendations 6 and 7 is that the individual has elected to
make his or her personal health information accessible via the NHIN. However,
it is important to note that deliberations and decisions on other issues could
directly affect our recommendations. Individuals should be able to access their
health and medical data conveniently, reliably and affordably. Further,
individuals should be able to review which entities and providers have accessed
their personal health information. One model suggested that individuals should
control access by choosing either to have their entire record accessible
through the NHIN or not, rather than by selecting specific elements of the
record for viewing.

We acknowledged that this all in, all out system is unrealistic, given
existing state laws and policies regarding the need to accommodate individual
wishes, as well as regional efforts underway that already provided significant
level of choice whether individuals have availed themselves of these options or
not. Therefore, recognizing the incredible complexity required to manage
granular access controlled patient data and existing HIE effort, the College
recommends that the NHIN consider role-based access models.

Such models should ensure that clinical information is provided
appropriately, based on defined privacy algorithms that consider the title of
the requester, the role of the requester and the source and type of information
requested. This system would include a break the glass type option for true
emergencies to allow full access to an individual’s record while maintaining a
detailed audit trail of the individuals who break the glass and their declared
rational for doing so.

Privacy issues are of paramount importance and should reflect preferences
of the individuals to the extent that such preferences do not negatively impact
clinical care. The College supports specific privacy protections for mental
health therapy notes. However, we believe that certain other data types, such
as medications and allergies should be represented because they are essential
elements of the medical record and critical for effective clinical evaluation
and safe therapeutic practice.

The absence of such information or even delayed access could result in
otherwise avoidable patient harm. Further, the source of all health information
should be identifiable, as well as an audit history of any changes made to this
information. For state regulation or other policies dictate the protection of
certain elements of the medical record so that they are not visible to an
otherwise authenticated and authorized user. The record should specifically
indicate the restricted nature of the missioning data and provide a clear
reason for the restriction; for example, state law, mental health condition or
patient choice.

Even with these indicators in place, we remain concerned about the
physician’s ability to fully trust the medical record where a patient, who is
generally not a clinician has restricted access to clinical information. If
there are, in effect, two different presentations of the medical record,
patient restricted version and the original source or legal medical record,
what are the treatment and accountability implications for physicians? Which
presentations will payers turn to for adjudication decisions and determination
of coverage and insurability?

If insurance companies won’t trust the patient edited data compilation for
payment and coverage decisions, should physicians trust them for decisions
about care? A major concern is at this time that there are no clear
comprehensive standards to support the recommended privacy requirements. A
standard structure for encoding all privacy requirements and patient
preferences does not exist. One prerequisite for the capacity to manage these
elements of the NHIN, the standard privacy reference model with controlled
terminologies that specify the exact meaning of privacy terms. Such models need
to be developed and tested prior to implementation to ensure that adequate
protection, as well as appropriate access are facilitated.

The College is advocating for these features of the NHIN on the basis that
providing safe, effective care is dependent on the integrity and content rich
value of the legal medical record. We know that medical care in the United
States can be improved. The current system of information sharing is
ineffective at best and dangerous at worst.

While the ACP agrees with the NCVHS in its 2006 letter to Secretary Leavitt
that a new health record system should not afford less protection for privacy
and confidentiality than is presently afforded indirectly by the current
fragmented paper-based system. The College cautions against reproducing the
inadequacies of a paper-based medical record that needless limits access by
authorized health professionals to information that can facilitate delivery of
high quality care.

Further, the idea also expressed in the June 2006 report that patients will
accept that outcomes for the right to withhold information maybe true, but any
physician acceptance of such a right will probably only last as long as the
first malpractice suit filed on the basis of treatment rendered by a
well-intentioned physician using incomplete information.

So, to summarize, the ability of health information technology and
electronic information exchange to enhance the quality of care and the
efficiency with which care is provided will be highly dependent on trust.
Individuals and their health care providers will need to be able to trust that
the information is complete, accurate and the best available representation of
clinical data for the purpose identified.

Anything short of these objectives will undermine efforts to use the NHIN
to achieve the quality improvement that many have projected. To facilitate this
trust, we first need to address the significant gaps in the availability of
standards, controlled terminology and the reference model to support the
desired privacy and confidentiality features of the NHIN.

Developing and testing these foundational elements is essential prior to
their implementation. It is also important that we remain aware of emerging
implications of improved access to clinical information if improved access may
create new expectations of responsibilities for physicians and entities to be
aware of and act upon clinical information generated across the NHIN.

Therefore, medical, legal, financial and work flow implications, as well as
the reimbursement requirements of such expectations and responsibilities
warrant significant discussion and exploration. These are difficult issues and
we will need to resist the temptation to reproduce the inadequacies of our
existing paper-based system for the sake of expediency or to avoid complexities
that can be overcome by good debate.

In conclusion, the College commends NCVHS and this subcommittee for taking
on these very difficult issues and for holding this important hearing. We look
forward to commenting on other topics as the committee sees fit.

Thank you.

MR. ROTHSTEIN: Thank you very much and I want to thank all of our
witnesses. We have ample time, I believe

— it never seems ample in practice — but ample time for some questions. We
are going to proceed in the opposite order from the first round of questions.

As it turns out, that puts me first on the list.

Agenda Item: Questions and Answers

So, first, I would like to begin with a question for Dr. Keaton and, again,
I am going to try to keep the questions for each questioner to three or four
minutes and then if we have more time, we can have a second round.

If I am crossing Wisconsin Avenue and I am run over by a truck and taken to
G.W. Hospital and the Reagan Institute Emergency Department, they are going to
be sort of treating me in the dark because they don’t know who — they can
check my wallet and find out my I.D., but probably not very much else about me.
So, what we are trying to do if I am correct is improve the lack of information
so that we can provide higher quality care in emergency situations when I am
unable to — presumably, I am unconscious and unable to provide additional

So, somehow you are going to identify me and then get access to my
electronic health record. So, you are okay so far, right?

DR. KEATON: Right. You are the one that got run over.

MR. ROTHSTEIN: Well, yes.

So, what we are going to be doing is improving on the present system and
although not maybe getting to whatever the optimum system is because there are
all these practical constraints that we are going to deal with. Would it be
your position that if emergency departments had immediate access to a
continuity of care record with, say, a dozen fields, current diagnoses,
medications, allergies, significant history, et cetera, and a break the glass
feature to get access to more in the event that you needed more, would that be
an acceptable situation for the ER docs?

DR. KEATON: I think that would be a wonderful step in the right direction.
Realize that no matter how much information is available, when you come in run
over by a truck, my approach to you is going to be the same and that is going
to be pay attention to the ABCs so to speak. But there are other critical
questions that come in in the CCR or CCD, depending on what standard you have
used. I want to know if you are on anticoagulants. I want to know if you have

I want to know if you have underlying cardiac disease that is going to
create certain stresses. There are a lot of things that —

MR. ROTHSTEIN: Presumably, that would be in there and quickly accessible.

DR. KEATON: For that sickest group of patients that becomes very important.
If you come in with an acute cardiac event, I would like to know if you have
got renal failure because that sends me down in a different pathway looking at
potassiums and things like that that might not be on the top of my list. But we
are going to approach, I think, the truly life and death — you have got
seconds or minutes to act. That patient you are still going to be forced to
respond to in the way that we respond now, while someone else is doing the data
mining looking for other vital pieces of information.

If I have the data set that has been worked out with the CCR type of
approach and the ability to mine deeper if I need to. That, I think, takes us
many, many steps down the field in terms of getting to what we would like the
ideal to be.

MR. ROTHSTEIN: Thank you.

My second question is for both Dr. Kibbe and Dr. Zaroukian and the question
there are special rules that are in place now for psychotherapy notes and for
substance abuse treatments, but they only kick in if there is a specialist, who
is doing the treating. Much of the treatment is not, in fact, provided by
specialists, but is provided by internists and family physicians for mental
health problems. For example, they receive some counseling, maybe prescription
meds from a primary care doc.

Is it in your view desirable and/or feasible to apply similar rules to
primary care where there would be some protection for a subset of information
dealing with these sensitive topics?

So, first I will ask Dr. Kibbe and then a second, Dr. Zaroukian.

DR. KIBBE: That is a very complicated question that you are asking. I am
going to take a shot at it. I think part of what we are saying is that it
doesn’t make sense to talk a lot about control or mechanisms of control if we
have gotten the basic issues around privacy and security wrong. In other words,
although your question pertains to that issue of what data ought to be given
special attention and that is a very important thing to work out, I think that
the overriding question is really important and has to be dealt with is that if
there are certain entities in our society, who as a result of information
exchange and cultural change, are now incapable of being the custodian and
steward of health information. In other words, if we have lost control as
providers or academic medical centers or even the government at that.

The basic privacy and security rules do not apply to them. We are building
a foundation out of very poor stuff and these issues of special protection for
special kinds of information will ultimately sort of be overwhelmed by change.
Having said that, to answer your question from the physicians — specifically
of family physicians, it is actually fairly irrelevant because family
physicians are not in the — although we treat an enormous amount of depression
and mental illness in this country, we are not in general, either in paper or
electronically affording the current protections for mental health information
for example, that are often afforded and used by specialists.

Does that get anywhere towards answering your question?

MR. ROTHSTEIN: Well, I know what the current state is. I am trying to think
what — I am asking what your preference would be for a new state of —

DR. KIBBE: Our preference would be that the choice would be up to the
patient with respect to the data objects and the data elements that he or she
wants to be protected and that those protections apply to anyone who is a
custodian or steward of the data, regardless of whether it is an academic
medical center, a family physician or an internist’s office, electronic health
record or someone like revolution health, who is neither, but is clearly
becoming a custodian of health information.

MR. ROTHSTEIN: So, the answer would be subsumed within your general
comments on patient control?

DR. KIBBE: It would. I think we get into a very slippery slope and I also
think we also get into sort of like putting a flag in quicksand. I mean, if you
wanted to evaluate my personal risk, probably none of my personal health
information would tell you very much, but if you looked at the books I buy, you
would know that not only do I ride motorcycles, but I ride motorcycles for long
distances. So, where is the information boundary around that? Where does
personal information that is health related — and this is, I think, consistent
with the earlier conversation about diagnoses versus medications versus
laboratory data versus other kinds of information.

Enormous amounts can be inferred from personal information many times and
if we restrict this to mental health and substance abuse and so forth, I think
that we will find that the rules change as the culture changes.

MR. ROTHSTEIN: Thank you.

Dr. Zaroukian.

DR. ZAROUKIAN: Let me say two things first. Obviously, I am going to be
shifting here to describe my own personal, professional views, rather than
those necessarily of the College. The other I have to say is I didn’t hear
again most of what was said there. So, I apologize if I am repeating myself.

But my view on this on a primary care physician and somebody who
implemented an EMR system in a large enterprise with two psychiatric clinics,
as well as four primary care adult medicine clinics, I think the answer for me
is really data related, not per se the role related approach. I think if it is
possible to identify and guard information that is deemed to be important to
guard in other circles, such as psychotherapy notes and where technology
permits that, we should certainly strive to do that. In our system we can do
that, which makes the burden for the primary care physician much less to follow
the rules that use the technology they have.

That won’t be the case uniformly, so I think we have to be realistic with
regard to what is available and to make sure that whatever is demanded of other
specialties, besides those intimately involved with things like psychotherapy,
that it becomes convenient as well as possible to do that. I think that it also
breaks down in the issue where you have to translate what you are dealing with
to the action you are taking. So, the issue of treatment of substance abuse,
for example, will often have an impact that lands either on the problems with
the medication list and as I mentioned earlier, we decided that it is very
critical that anything that reflects a change in what we call an important
clinical list, problems, medications, allergies, et cetera, be reflected where
everyone with authority to see the data have permission to see it.

I think patients often base the vast majority of their trust on the
provider they have decided to let view their record and I think between those
two access controlled privileges, you can pretty much bypass most of the
problems. So, where feasible, I wouldn’t mind extension of some of these
primary care, but I think we have to be careful to make sure that in general
the technology allows it and that the education provided associated with trying
to protect those data is both feasible and doesn’t risk patient quality.

MR. ROTHSTEIN: Thank you.

Dr. Cohn.

DR. COHN: It would be hard not to take this opportunity to thank all the
presenters for I think what has been very interesting.

I do want to clarify for just a second about the nature of emergency care
because there have been a number of questions addressed as to people getting
run over and coming to the emergency room and that is the bulk of what
emergency health care is all about.

In reality, at least in my experience and I think probably Dr. Keaton’s
experience also, the bulk of our people who are able to speak and usually to
breathe and you are trying to make complex diagnostic decisions, do they need
to be in the hospital, do they need extensive and/or dangerous additional
tests, all of those questions and it is really for those people where this
additional information really becomes vital. It presents unnecessary morbidity
and mortality. It hopefully may reduce health care costs by reducing
unnecessary hospitalizations and I am sure that — chance to respond, I think
he may agree with those comments.

I would like to find out if you could comment on that, but I am actually
curious because all the presenters I think have talked about the need to get
some indication that information may not be complete. I think there seems to be
some sort of a recognition that there may be a right of the individual to
withhold some information in this world of the NHIN. In our earlier panel we
were talking about — need to get down to sort of the provider level. You
probably don’t want to use this information that is withheld but the diagnosis
da, da, da, da. But we will get more information if we click on that.

What sort of information would be enough for all of you to feel comfortable
that the record has value, potentially some information maybe withheld? What
are your thoughts on that? Brian, you might start.

DR. KEATON: The first part is I don’t think we can ever believe that we
have all the information and once you believe that you have everything, I think
it gets to be dangerous and you are going to mess it up.

The health information exchange, I think, needs to let the clinician know
that there is data missing either because a patient chooses not to allow that
information or maybe a data source that we know exists is off line. So, if I am
making a call to a RHIO(?) for health information exchange and I know that this
patient has pharmaceutical data, but our ex-hub happens to be down, I need to
be messaged for that type of thing as well, so that I can address my
expectations or I can address my frame of reference.

The more information I have, one of the statements I like to use is that
when it is your emergency, the more I know, the better things go. That is very,
very true, especially for that patient, who requires a complex decision in
terms of admission or lack of admission or a therapy that is potentially

I struggle with what is enough. I like the concept of the continuity of
care record or the equivalent because for 99 percent of the people that I have
to deal with, that is going to give you the information I know, that I need to
know. But I think it is an obligation for those of us who run a health
information exchange to also notify the clinicians when we are intentionally or
technologically shielding certain amounts of information that we know exists
from the person who has got to make decisions about that patient’s care.

DR. KIBBE: Let me offer a couple of comments, a couple of observations that
are probably germane to your question. The first is that the context of the
situation are going to completely determine the adequacy of the information
about a patient at a particular time. If you are a patient of mine and I am
treating you as a family doctor for diabetes and congestive heart failure and
hypertension and I have known you for five or ten years, then the information
that I need about you at the next visit is the delta. You know, it is what has
happened in the interval.

If Dr. Keaton is treating somebody who is coming off the street with a
multiple or compound fracture of multiple extremities, then the information
explodes in terms of what could be useful over the next 48 hours. I think we
just have to sort of give that.

As one of the co-developers of the Continuity of Care Record, I would say
that we have gone through an exercise over the past three years of trying to
reach some sort of happy medium in terms of trying to reach some sort of happy
medium in terms of 80 percent of the time what would be 80 percent of the
information that would be very valuable in a whole slew of different use cases
in which information would be exchanged between doctors or between a doctor and
an individual or an individual and a doctor.

That exercise has been very rewarding I think in terms of sort of getting a
sense of are those 17 sections of the CTR adequate, et cetera. Let me tell you
very briefly two comments about that that are occurring as we speak. One is
that those groups and individuals and organizations that are actually starting
to use the Continuity of Care Record to exchange health information between
various sources of information are finding that the existing 17 sections are
about three times as much information as anybody normally wants. In other
words, they are actually shrinking the CCR’s structured content to five or six
sections and putting that in place.

A recent example of that would be the use by Mennon(?) Clinic of the CCR to
exchange information with physician’s offices. The other thing is that those
same users are now trying to find ways in which the Continuity of Care Record
can accommodate the patient’s information directly in terms of comments. So,
for just in the last 48 hours, we have had this come up as an issue by a very
large information technology vendor with respect to can the comment section of
the CCR, which is really intended for physician to physician use, I think it is
fair to say, can that actually be used so that patients when sending a CCR on
their own behalf can add comments in that section.

I think those two things are very, very interesting. The amount of
information that we as physicians and providers think that — it is never going
to be enough, but in actuality once we start to exchange information, it may be
that less is better and the other thing is unless we can find a way to
accommodate the consumer or the individual’s comments about that information or
the situation or the illness, we will have missed the boat in terms of the use
of information technology in this new environment.

MR. ROTHSTEIN: Dr. Zaroukian.

DR. ZAROUKIAN: Yes. We have kind of done this as a natural experiment here.
During our EMR implementation, we basically went from a group, an enterprise,
where there was a great deal of discomfort or at least anxiety in trying to
cross cover for each other, using the paper record in part because the data
even within our own system was fragmented enough or poor organized enough to
represent a problem and as Dr. Kibbe suggests, there is too much data that is
buried or poorly organized can actually decrease the quality of care or make it
less efficient.

When we got the essential features that I think I heard in the conversation
a few moments ago, if we can count on clinical list problems, medications,
allergies, advanced directives, and we can count on them to be accurate,
complete, up to data and reliable, then what we found in our system is that if
you combine that with laboratory data, you can take physicians who don’t know
patients of their colleagues and suddenly make them very comfortable seeing
those patients on very short notice with no prior background because they do
have enough of the essential information to provide almost all of the care they
would need for that episode. So, for us, I think, that has been a natural
experiment to suggest that that pretty much does give us most of what we need
in most situations.

Now, remembering that is an ambulatory environment that is usually not a
critical illness is one caveat, but it does speak across a broad array of
conditions and problems in adult medicine. I think if we talk about efficiency
and decreasing waste and the like, it helps to add another element, which is
some of the other important either tests or treatments that might not appear,
for example, in a medication list or a set of laboratory tests. So, some prior
cardiac catheterizations or imaging reports in some form of structured data, it
starts to add additional value. So, I would see that as a sort of a second tier
approach and then finally the degree to which some of those data can drive
guideline decision supports across an NHIN will also make incremental additions
to quality, safety and efficiency.

So, I would see those essential clinical lists as being a core that will
get us much further than we are right now and it is still quite feasible, I
think, in the structures that are being considered.

DR. KIBBE: Let me just on behalf of my fellow pediatricians add

MR. ROTHSTEIN: So noted. Thank you.


DR. FRANCIS: I started hearing enormous disagreement between one side
saying I need everything and the other side saying our patients ought to be
able to choose what goes in and in the last five minutes, I think I have heard
virtual agreement and I want to test this out that the most important thing
both from the point of patient care and also pretty good from the point of view
of privacy would be to have a bare bones Continuity of Care Record that is
either immediately accessible, designed in some kind of pool way, either
immediately accessible or there as a screen so you don’t prescribe a medication
that is contraindicated, given what somebody is on.

I guess my first question is is this agreement real? And my — I mean, that
is what it sounds like, that I just heard everybody say. My second question to
emergency physicians is there anything left out of that bare bones that would
be the most important for us to think about and for the two primary care
physicians. We had a little list here of sensitive information, gynecologic
information, mental health and substance abuse, all three of which you all
might have some access to.

I am wondering about whether we missed anything in terms of other sorts of
sensitive information. I think you gave Mark a pretty good answer to what was
going to be my other question, which was going to be whether there is a way —
how practical it really is for you all to sort out mental health, other sorts
of records. So, maybe for the draft of that with respect to the other kinds of
sensitive information.

DR. KEATON: Let me state again, the Continuity of Care Record or even a
subset of that provides us with a lot more information than we are getting now
and addresses the vast majority of our issues. The other corollary that Mark
had brought to the table was the ability when appropriate to either break the
glass or dig deeper to get into some of those issues that are much more thorny.
You talk about different confidential areas. You might say, well, gee,
cardiology and reproductive health, they have nothing to do with each other.
But, you know, if somebody is on Viagra and they come in with chest pain, I
would like to know not to give them nitroglycerine. So, does that fit into a
category or does — it gets kind of murky when you start to ask those specific

DR. KIBBE: Let me take a shot at it because I think we really are — with
the proviso that you have metadata, whatever technology we are using, there are
ways of indicating what additional information would be. So, for example, in
the CCR source for every data element is a required tax. So, that information
coming to an emergency room physician it would be inadequate with respect to
what is in the actual records may almost certainly be a lead to where other
information is.

The other point is inference and that is that physicians will infer from,
as we have been talking about, the results of laboratory tests or the results
or a list of medications what the diagnoses are or vice-versa. I think that one
of the really important issues as I have tried to think this through is that it
ought to be nothing about me without me.

The cardiology data might be the most important or sensitive data for me
and it might be laboratory data for somebody else. How am I as a provider or as
a member of society or a legislator in Congress going to determine that. I just
think we — that is what I meant about going down the slippery slope. I can’t
say as a primary care physician that I would know without a doubt what the most
sensitive information is for a patient without asking him or her.

MR. ROTHSTEIN: Thank you.

Dr. Zaroukian.

DR. ZAROUKIAN: Yes. I guess the first thing I would say is since Continuity
of Care Record also connotates a specific way of organizing information, I am
not sure I can say yes or no one way or the other about how I would see, you
know, data coming together. But I think the general principle, whether one says
CCR, CCD or some other sort of if you will distilled list of information is
certainly something that I think many of us see as an important majority if you
will of the information that are needed. But if I heard — again, I am only
hearing in and out parts of the conversation, but if I heard right, I would
want to resonate with the fact that while we primary care physicians discussing
this may see this one way, some of our subspecialty colleagues are definitely
going to see examples in which different information for them is even more

So, whether it is the actual image of an electrocardiogram or some other
example, it might for them be a much more important issue. The other thing, if
you were to ask me what else what else, you know, besides if you will, these
clinical lists that at least that I have discussed so far, you know, would be
important, I think a lot of my colleagues would say that the past medical
history is an important additional example because some physicians might put a
past medical history into a problem list that would appear in what we have
described. Others would keep an awful lot of rich information in a past medical
field, if you will, that does a very nice job of summarizing a patient’s
history related to various problems, but doesn’t appear otherwise in what we
might otherwise think of as some of these clinical lists.

On the other hand a social history is often a place where sensitive
information may land and might be an important area to, you know, consider
whether it is wise to have that part of the process. But, again, if I go back
to sort of the common sense approach that I think most patients have and
certainly my patients and even myself as a patient is once we have agreed that
the specific provider or specific role of an individual within our system is
entitled to see information. We trust two things. One is we have agreed that
our privacy rights have allowed us to now move to confidentiality and share
that information with providers and that every provider that use it treats it
in the way that physicians and other health professions, specialists have
agreed and promised to do and that as long as there is an audit trail to follow
that and a process by which those on the other end of the process go through
audits, then I think we can be a little bit less strict, if you will, about
what goes in or what goes out.

MS. BERNSTEIN: Dr. Zaroukian, can you clarify if you mean that when someone
is trusted to keep records, that they are allowed to see the record and they
are trusted with that record? Do you mean that it is only the treating provider
or do you mean any provider in that system can see the record?

DR. ZAROUKIAN: No, I mean, anybody who has a reasonable cause to see it.
So, for example, that is almost always a treating provider, a part of the team,
but it is also known to extend to those who are responsible for trying to
improve quality of care in the system or in the clinic or even those who maybe
trying to make sure that the system, if you will, the medical record system,
electronic or otherwise, is working the way it should. So people know that
there is a reason to get into data in detail for treatment purposes. They also
know there can be some sort of secondary bystander reasons to see data, but
basically that of all the privileges that patients know and understand are
reasons for looking at the data. That individual with that specific role is
trusted in that role. So, as long as there are audit trail ways of determining
whether or not the individual should have been in there, then — and that those
are acted on and they have meaningful consequences that patients can feel
confident about, then that has been a strategy that has worked very well for us
and I think would probably work in a larger system.

MR. ROTHSTEIN: Thank you.


DR. TANG: I just want to thank the panel for also a very engaging
discussion. One side comment and one main comment. The side comment is we may
want to update our vernacular in terms of CCR versus CCD. The CCD is now the
accepted between the multiple candidates organizations and Continuity of Care
Document. Correct?

An importance is that it is coded so information can be acted upon by the
receiving systems. So, that is a side comment.

The other is mainly just a commentary on another scene that seems to emerge
from the three practitioners is that we really have to make sure we can take
care of the individual patient and not take our eye off of why we are doing
this in the first place. With privacy as a floor, it is just — it must be
there. We absolutely need to balance what are the needs of the patients today
and the needs of society that benefit from the combined — the deidentified

The other words that Dr. Zaroukian mentioned was the trust. We have always
been talking about the patient’s trust in the system, which is another absolute
given. We have got to have the doc’s trust the data to take care of the
individual patient today. So, I mean, I think those themes and those comments
have been very useful.

DR. KIBBE: I have one short comment. I want to make sure that your comments
are not misinterpreted. The CCR standard is a valid and ANSI approved standard
and is not being replaced by anything else. The CDA CCD is a completely
different standard and they have different uses and will be adopted throughout
the industry in different ways and ultimately I hope that they will become
transformable one to the other. This is perhaps a minor point in the discussion
but I want to make sure that folks don’t think that the CCD has replaced the
CCR in the industry because it certainly has not.

MR. ROTHSTEIN: Could you tell us the main differences besides the coding

DR. KIBBE: The main difference is the CCR is much simpler than the CDA CCD,
which is the correct way I think to describe the —

PARTICIPANT: CDA stands for?

DR. KIBBE: Common Document Architecture. CDA is the parent, if you will,
standard for the CDA CCD and is a much more complicated standard that does a
lot more things than the CCR either does or was intended to do. So, I think it
is important to understand that these are very, very different standards. They
are going to coexist in the marketplace for a long time. Ultimately, I think
there will be — may be derivatives of both of them that emerge over time. But
because they do very different things in different ways, I think it is not fair
at this point to conclude — you know, the world lives with a lot of different
kinds of standards. That is what we have got now.

MR. ROTHSTEIN: Thank you for explaining that.

Dr. Keaton.

DR. KEATON: Just one comment to amplify what Paul had said. We live in a
world and we being emergency physicians and the patients that we serve, where
we have shrinking resources, which result in boarding in our emergency
departments because we don’t have room for admitted patients and ambulance
diversions and consequently it is not a once a week, it is 10 or 20 times a day
in my emergency department in Akron, Ohio, that we are receiving patients,
whose medical home is someplace else in the community. We are also taking care
of complex patients who have spent their entire life in my system, who develop
a very complex problem and disappear to the Cleveland Clinic or university
health systems, come back to my community after a four month complex stay and
when they have a complication or problem and they come back to my emergency
department and I have no access to that information, when you try to get
information, you either get a 400 page fax or you get a fellow, who wasn’t on
the service, but you don’t get the person who knows anything about the patient.

That is the very real reason that emergency physicians have been heavily
involved in my community, saying we need to do health information exchange by
day to day patient care. It is great because it will save some money. It is
great that it will do some other things from a system standpoint, but the
bottom line is it comes down to we need to take care of our patients better
than we are able to do today and health information exchange offers us the best
chance of being able to do that.

MR. ROTHSTEIN: Thank you.

Dr. Zaroukian, did you want to comment as well?

DR. ZAROUKIAN: I probably shouldn’t because I didn’t hear — I wasn’t able
to hear enough of what was said to have a sense of the theme. So, unless you
want to repeat a question —

MR. ROTHSTEIN: We will bank your time in case you need to give a long
answer to Harry’s question.

DR. ZAROUKIAN: Again, I don’t have a specific comment because I don’t know
what I would be responding to.

MR. ROTHSTEIN: Okay. Thanks.

MR. REYNOLDS: Mine is just a point of clarification. Dr. Kibbe, you
mentioned 17 sections of the CCR and through practical use, you either reduced
it by five or got it down to five.

DR. KIBBE: The CCR has up to — can include up to 17 different sections,
diagnosis and problem list, medication list, family history and so forth. They
are all optional with the exception of the actors. So, it is possible to have a
CCR that has just a problem and diagnosis list, medication list. What I was
trying to say was that in practical use, entities that are employing and
deploying the CCR and finding that they are shrinking that down to 5 or 6 or 7
and almost never deploying at this point the full 17. At least I am not aware
of an implementation where all 17 sections have been deployed in the real

I think the reason for that is because people — just what we agreed upon,
which is that people are finding that five or six of those sections with
respect to personal health information are adequate, at least they are a lot
better than what we have got now.

MR. ROTHSTEIN: Thank you.

John Houston.

MR. HOUSTON: Couple of questions, one to Dr. Keaton. How much care is given
in the emergency room where the patient is either incapacitated in a way that
they just can’t provide information or is so emergent that you just have to
have that information and you can’t afford to really get into a dialogue with
the patient as to whether — about the information.

DR. KEATON: It probably depends where you are practicing. If I am in my
emergency department at Akron City Hospital, where we have an urgent care
center that siphons off the less severe patients and we have another facility
that takes care of a different subset of patients. So that I am in an area
where 35 or 40 percent of the patients come through the front door and get
admitted, it is probably 1 in 10. So that when I am seeing a 20 to 30 patient
per doc per day, that is two or three times a day that that occurs for me every
shift and there are ten of us working shifts in that department.

So, it is a common enough problem that it is one that needs to be addressed
as part of the everyday operation requirements. It is not an exception to the

MR. HOUSTON: Paul had asked the question about break the glass and he said
that — I think your answer was that that was acceptable. Is it really
acceptable or do you really just simply need to have the information and people
need to trust the fact that when you go looking for information it is because
you need it in an emergency room setting specifically.

DR. KEATON: I think we were talking specifically about sensitive

MR. HOUSTON: Yes, exactly. I mean, I think there is a class of information
I think most people would say it doesn’t rise to the level of sensitivity. The
sort of break the glass items, yes, you know, the things that you — get out of
my way. I need to have it now.

DR. KEATON: There are certainly those cases but usually those aren’t
falling into the protected areas. The areas that are very difficult for us are
those patients who, for example, have altered mental status. Is it psychiatric
illness? Is it drug abuse? Is it something metabolic? Is it something
structural with a brain tumor? You are trying to sort through and it is very,
very helpful to know that this patient has come in with seven additional times
with this same presentation, all of which are found to be an exacerbation of
preexisting mental health. It helps you down that pathway.

At the same time, you get patients, who will present to the emergency
department and you may not know them because they have shopped a number of
different emergency departments. But what it turns out is there is a clear
habit or clear pattern of drug seeking behavior, which we know leads to a very
high incidence of motor vehicle accidents, personal injury, injury to others,
et cetera, that you need to be able to fix that into your mind set as you are
looking at the patient.

MR. HOUSTON: Would it be reasonable to say that there should be a
generalized exclusion for emergency physicians or emergency room staff with
regards to access to — broad access to information that would be available in
a RHIO or in NHIN?

DR. KEATON: I think that would be reasonable, but I think it would be
something that you would have to negotiate on. I don’t know that it is
necessary, reasonable, that I need to know a patient’s psychiatric history when
they come in with a half inch laceration on the tip of their finger. The
challenge that I have —

MR. HOUSTON: But also that is your judgment. I guess part of me thinks that
you as a physician, emergency room physician, hopefully have the maturity and
the position that says I am going to be responsible in what I am going to go
looking for based on what I need, but I can’t — I guess what I am trying to
get to is there an immediacy issue that makes a lot of the barriers that we are
talking about, a lot of controls we are talking about, either dangerous or
still impede your ability to provide care that patient care suffers.

DR. KEATON: That is a tough one to answer. I mean, from a practical
standpoint, I see, and the emergency physicians see enough patients with enough
problems that if mental health disorder is sitting there on the problem list
and their problem is a sprained ankle, then I am not going to go run and tell
the world we would be interested or change the way I treat the patient based on
the fact that that information is there. So, I think maybe the sphere on the
other side is greater, that that is really going to be of interest to me. I am
focused on the problem —

MR. HOUSTON: Or if I had two versions maybe even — let’s say if there are
two versions of the record, you click on the light version and you get the
basic stuff and you need to treat somebody who has a broken finger or a
lacerated finger or an ankle and then you have the version that is more
insightful that you would only call up if you said I have got a problem here
and I need immediately to get information.

DR. KEATON: I would kind of lean that towards the break the glass, being a
part of the break the glass function.

MR. ROTHSTEIN: I want to just comment briefly about one thing that John
said and I think this is important to have expressed and that is we are not in
my judgment trying to compromise quality of health care in emergency
departments or anywhere else versus privacy. That is not — because privacy
promotes the treatment and the betterment of health in all these different
contexts. If people are afraid of their privacy rights, they are not going to
be treated for STDs. They are not going to be treated for mental illness. They
are not going to be treated for substance abuse and so forth.

So, assuring people that they have their privacy is not this abstraction
that is going to interfere with their health care. It is going to be promoting
health care. I mean, that is at least from my judgment, the intent of it. So,
what our challenge is to try to accommodate all of these various interests. I
don’t want people to think that it is a tradeoff of, you know, privacy,
hamstringing these doctors in caring for their patients for just some

MR. HOUSTON: Mark, I agree with you, but I just want to — I think this is
such a specific and very important use case, that I want to make sure that as
we make recommendations that we are very conscious of the very unique case of
emergency doctors, who really are, you know, often in the breach. They really
are —

DR. KEATON: Let me make a different suggestion in terms of how I would
approach this if I was God.

MR. ROTHSTEIN: You mean like us.

DR. KEATON: The challenge I don’t think is technical engineering and social
engineering. I think if you have a basic assumption that physicals in the
emergency department or elsewhere are caring, well-meaning individuals who are
not prone to be the people that break privacy and confidentiality and set up
systems from a quality assurance that parallel what we do with congestive heart
failure and how we are addressing privacy and how we are addressing all of
these issues that are critical to the trust that needs to exist between and
among physicians, patients and all the other players in health care, I think
you get further along.

So that if, indeed, a patient presents with a condition that doesn’t
require or justify the exploration of sensitive areas and my physician explores
those areas nonetheless. Within that quality process, I should be able to
identify that track and deal with that. There may be a very good reason why
they went there, looking to see if that patient who had bled on another nurse
has HIV. Maybe that is a very good reason.

But I think if you build the treatment of privacy and confidentiality and
security into the quality assurance process that already exists in all of our
departments, we go a lot further than building a technical solution that builds
so many barriers around getting to data that we might need and not be able to
get to when somebody’s life is on the line.

MR. ROTHSTEIN: Paul wanted to ask a final question. Are you finished, John?

MR. HOUSTON: I just wanted to comment, though, that unfortunately people
are going to want to try to build technical solutions and that is the thing
that —


DR. TANG: I just want to follow-up on the direction that John was going and
that is he was asking about emergency care and I want to remind ourselves,
including me, that most of the care is ambulatory and outside of emergency
rooms. So, in one Brigham study, 25 percent of outpatient prescriptions were
associated with an adverse drug event. So, the errors and the impact and the
harm are happening through routine care, not just emergency care and also we
used this breaking your leg in Tahoe, that is not what happens everyday. It is
the everyday lack of coordination and lack of having access to information that
is causing all the gross majority of the harm in this country.

So, I think we just keep having to remind ourselves what we have to do in
the first —

DR. KEATON: I hate to keep quoting the Secretary, but don’t let the perfect
or the enemy of the good really applies to some of the stuff we are trying to
do here.

MR. ROTHSTEIN: Any final comments?

Dr. Zaroukian.

DR. ZAROUKIAN: I think, one thing, if I could. One of the biggest comments
I would make is to be very careful since trust is such an important thing about
having any particular type of physician, have a different set of rules, I think
no matter how an individual’s role is set up, I can imagine a fairly horrifying
scenario that is actually not too far from what we have we have had in the
Michigan area, where break glass capability could help prevent an event in
which a physician working in an emergency room could behave in ways that are
very adverse and all you need is one example of that in the press and you would
have a great deal of distrust in the system generated and probably set the
initiative back significantly.

So, I think the burden if you will of having to break the glass compared to
the benefits and protection when you get down to extremely sensitive data, such
as psychiatric substance abuse, sexuality and life style, it is well worth
whatever extra 10, 15 seconds it may take to first say why you want to get into
those data and, second, to make sure there is a high fidelity audit trail.

So, that would be my biggest comment.

MR. ROTHSTEIN: Thank you.

Any final comments? Dr. Kibbe.

DR. KIBBE: My final comment from the AAFP would be the recommendation to
you, the urging that you don’t be afraid to go back and fix HIPAA. What we need
to have in this country is consistency with respect to the privacy and security
obligations that are attached to anyone, any person, any organizations that
have personal health information and handles it not just doctors health plans
and other kinds of covered entities.

MR. ROTHSTEIN: Thank you. That is one of our recommendations also from our
June letter.

Okay. Thank you very much, Dr. Keaton, Dr. Kibbe and Dr. Zaroukian. We are
going to take a 45 minute working lunch break and then we will have panel No. 3
at 1:15.

[Whereupon, at 12:33 p.m., the meeting was recessed, to reconvene at 1:25
p.m., the same afternoon, Tuesday, April 17, 2007.]

O N [1:25 p.m.]

Agenda Item: Panel III — Entities Experienced with
Consumer Controls

MR. ROTHSTEIN: We are back on the record and back in business. This is the
post lunch session of the Subcommittee on Privacy and Confidentiality of the
National Committee on Vital and Health Statistics. We are conducting a hearing
today on consumer controls for sensitive health records.

This morning we heard from two panels of providers, who described their
current practices and their needs and their feelings about the issue of whether
certain elements in health records can be segregated, whether they ought to be
segregated, some of the practical problems, as well as the problems and issues
related to consumer control over information.

This afternoon’s panel, we get to hear from one witness, who is going to
share with us her experience with Regenstrief in Indy and also another witness,
who is going to describe her recent report that she completed for HHS.

So, with that, I want to introduce and call upon Victoria McBroom Prescott
to be our first witness this afternoon.


Agenda Item: Victoria McBroom Prescott, JD

MS. PRESCOTT: Thank you for the opportunity to address you today on the
topic of privacy and restrictions on data and health information exchange.

I was asked to give you an overview of the Indiana Network for Patient
Care, which is called INPC and just to give you a little bit of background on
that and the regional statistics, our logical infrastructure, how the data is
being used, the legal structure and self-imposed privacy and security
constraints, as well as how we handle patient requests for restrictions. Then I
will give you a little glimpse of some of the difficulties in implementing
restrictions on data.

First, the Indiana — and I will breeze through this pretty quickly — it
is only 15 minutes also — I will be happy to take any questions at the end of
the time.

MR. ROTHSTEIN: Yes, we will have our question session after you and Joy
give your presentations.


INPC is a virtual health information exchange. It was formed in 1997 and it
covers central Indiana, which has about 1.6 million people in it, about 25
percent of the state and we are expanding. Basically, the premise of the
network was to reuse the data. That is the basic mantra, to reuse it for
treatment purposes, research, public health and health care operations, such as
quality improvement.

There is no financial data in the INPC and Indiana State laws are very
favorable to health information exchange uses and don’t require patients’
consent in general. Just to show you on the power point here a logical — about
the Indiana law, Indiana law is very favorable to sharing health information
for treatment purposes and other legitimate business purposes is kind of the
phrase in the statute.

There is no consent requirement for, for instance, communicable disease,
other types of data. It really is considered part of the medical record,
nothing for mental health records, et cetera.

Yes, actually, it is very close to the minimum HIPAA requirement as opposed
to like Minnesota, which has passed a number of state laws that really go far
beyond what HIPAA requires.

The next slide just shows you a little bit about how it is logically
structured, showing the different data feeds kind of coming into our system.
You will notice that we do receive feeds from over 29 hospitals currently,
different national regional labs, different outpatients, pharmacies and
pharmacy benefit managers, physician officers, the ones that do have EMRs and
actually about one-third of all office visits in central Indiana and different
ambulatory care centers. We also receive some data from the state department of
health and also Marion County Health Department and payers have recently
provided their claims data. Medicaid gave us all of their data to use in the
health information exchange for treatment purposes and as well as several
commercial payers are now members of INPC.

In the center you will see there is basically a data repository, which on
the next slide I will show you is kind of a silo type, a federated data model
or basically one silo for each data source. So, all the data, for instance,
from Community Hospital System goes into one vault and something from St.
Vincent goes into a different vault, et cetera. That is how it logically works

Then we also have the global provider index. You have to know who the
doctor is and we also have the global patient index, which we need to know who
the patient is so we can match across it. It is all standardized with the terms
dictionary and then basically on the right hand side here, you will see that
there is different types of accesses to different type of data for different
patients, depending on the situation.

I won’t go through all of these because that would take too time, but you
are welcome to ask me any question about it as well. Then the basic next slide
is to show that there is a big lock and key on the system that you can’t just
get on line and start searching randomly for patients and their information.
So, it is very limited access and we will go into that just a tiny bit as we go

Just a few statistics. We have over 95 data feeds physically coming in to
the INPC. We have 900 million records on file. We have data for more than 3
million patients. We receive over 5 million clinical messages, like, for
instance, test results every month and we have over 10 terabytes of data
because we have been in existence for quite awhile and we don’t throw anything

The legal structure is Regenstrief Institute, which is a medical research
institute, is the administrator of the INPC. It is a business associate legally
of the covered entities that provide data to the INPC for several purposes. So,
we are a business associate on their behalf to deidentify data for research, to
transmit reportable diseases to public health, to disclose to providers the
data for treatment and to aggregate for quality reporting.

Regenstrief is viewed as merely the custodian of the data. It is not our
data. So, the privacy and security constraints that we have in place, the INPC
participants have mutually agreed on how the access occurred. So, it is not by
state law, but it is basically by mutual agreement and the access for treatment
must be based — our view is it must be based on some type of evidence that the
patient is under the treatment of that provider at that particular point in
time. So, for instance, the online access to actually go on line and look up a
patient, who is admitted — basically the patient is admitted to the hospital
in the emergency department, for example, comes in. We automatically because we
are hooked up to their registration system, we receive an admission, electronic
message with that patient is being treated in the ER at that time.

We automatically allow and open up that record on that patient for that one
particular — it is limited by time, location and user. So, it is opened up for
the time that the patient is in that hospital up to I think it is 72 hours
after discharge or no more than 30 days. Also, on location, it is just that
particular facility. So, if it is Community Hospital North Campus, it is only
there and then it is by user. We have to map the user for the different
facilities and the hospitals, you know, provide us with a list of doctors who
are authorized at that facility.

So, it is very limited. As far as patient requests, we view it as the
provider having the relationship with the patient. The provider has its own
privacy policy and providers decide what data to send to INPC and the provider
makes a decision on whether to grant requests of the patient for restrictions
on their data.

So, how it is structured in the INPC agreement is that any patient
inquiries would be referred to the provider. Regenstrief would not itself
respond to a patient inquiry or restriction of amendments or anything. INPC
participants have agreed that they would not allow the amendment or restriction
without talking to us first to see if it is technically and feasibly —
technically feasible to be able to electronically do that restriction.

We are viewed, you know, as the contractor and so we inform them as to what
can and can’t be done and then they make the decision and talk to the patient.
So, any amendments have to be electronic as well.


MR. HOUSTON: Quick question. Is this arrangement — do you inform this as
an OHCA, organized health care arrangement, under HIPAA, so that all these
hospitals can —

MS. PRESCOTT: No, not to my knowledge. WE are just a business associate of
the —

MR. HOUSTON: No, I understand IPC wouldn’t be but the hospitals, have they
formed some other type of relationship —

MS. PRESCOTT: Not to my knowledge.

MR. HOUSTON: If they are sharing data, I am just wondering, wouldn’t that
be — no? Okay.

MS. MC ANDREW: They would need to be holding themselves out as a single


MS. MC ANDREW: For instance, a hospital may operate as an OHCA, physicians
practicing within that are not — but unless this whole arrangement is
operating — holding itself out as a single enterprise, it wouldn’t necessarily
by an OHCA.

MR. HOUSTON: Sorry, but I just had to ask.

MS. BERNSTEIN: [Comment off microphone.]

MS. PRESCOTT: Sure. And there are more than just hospitals that are
contributing the data as well. And just a note that most providers do not allow
— do not grant the restrictions if patients request them in general. For
instance, this is true not just in Indiana, but other places, like Kaiser, even
in their documents on line say we do not grant patient requests for
restrictions or data.

What is our experience with patient requests? You know, the INPC began
pre-HIPAA. So, we actually had to require patient consent to be able to share
this data. During that period of time, less than .5 percent did not consent. Of
that percentage, that tiny percentage, 70 percent came from one clerk at one
hospital because she didn’t like sharing the data.

So, post-HIPAA, you know, HIPAA allows, you know, patient — doesn’t
require patient consent to share it for treatment purposes. So, post-HIPAA, the
INPC participants decided to no longer require consent. In the four years that
I have been at Regenstrief, we have only had two patients request any
restrictions to my knowledge. Then what happens when they did request it and
the hospital did want to grant that restriction? Well, how we do that is that
the patient data is basically not shared at all between the institutions. It is
an all or nothing thing.

Physically, the way it happens is there is a date field in each one of the
silos. I mentioned the different silos of data. So, the date field is filled in
if they have requested their restriction and if their data will not be shared.
We don’t filter on data elements for several reasons. It is an all or nothing
approach because it is very difficult and costly to do, which I will get into
more of that when we talk about hypotheticals on the next slide.

But also because an all or nothing choice, we believe, enables a better
decision by the physicians. They don’t have to worry about, well, gee, do I
have all the data or some of the data, et cetera, and it can lead to also a
lack of confidence in the health information exchange data that is provided to
physicians at point of care, which can affect adoption, of course.

So, just to go over briefly — I know we are going to run short on time
probably — difficulties that we view in implementing restrictions. I have just
got a couple of hypotheticals here. One is if there is a state law or some kind
of decision made to restrict, for instance, HIV test results or HIV
information. You need to decide which data elements you are going to hide. So,
is it just the HIV test results themselves? If you have — if you are HIV
positive, they will be doing CD4 count tests and they are only going to do
those tests if you are HIV positive. So, do you also block those?

What about transcribed text reports? There could be a text report, a note
from the doctor that happens to mention that the patient has HIV — is HIV
positive or something like that. I mean, to what extent are you going to be
limiting, you know — making these decisions on what to hide. Also, another
example is medications. If you decide, okay, we are going to block this
medication because it is used for HIV or, you know, whatever the particular
condition is that you want the filter on.

New Medications come out all the time. Are you going to block any new
medication until a decisions is made by like, for instance, a committee or
something on whether or not it is okay to release that new medication? You are
also going to have to map the medication, the NBC codes to the medication
categories that you are trying to block, which is not simple. Also, there is
dual use for medication frequently. Are you going to block it if it is used for
one thing but you are really using it for another?

It also limits the ability of the health information exchanger, whoever it
is, to detect things like the next — so you are really limiting things by
doing that. Also, the relevance, the patient care, obviously, having the
information is very important for care of the patient and affects treatment
regimen options and it really is the patient in the best position to choose the
details of what exactly to include and exclude in a health information

For instance, if you want to block all sexually transmitted diseases, I say
I don’t want anybody to know I have something and you go to the doctor for back
pain, well, it would be important for him to know because sometimes back pain
is a symptom of an STD or a result of an STD or something like that. So, it is
very important, even for things that the patient might not think they want to
have disclosed. It is important for treatment. It also helps avoid adverse drug
events, complications, additional procedures, pain and death, of course.

So, it also adds cost to the patient and the employer and payer, out of
pocket costs and loss of work days as well if they don’t have the data and
things are done that cause them to have complications.

Some restrictions on data also negatively impact, as we mentioned before,
patient care, but also secondary uses, such as research, which was some of
these other, quote, unquote, secondary uses have been emphasized as a vital
component of a sustainable nationwide health information network. When the NHIN
form was done recently by the four contractors, it limits the value of the data
because they are not getting a full picture of the patient and it may result in
false conclusions that might even be used as guideline procedure for doctors in
the future.

Also, it impacts healthcare operations. You can’t assess the quality and
make improvements if you don’t have all the data to analyze. So, that makes
things difficult as well. Then public health, to the extent that it is affected
by any of these filters or restrictions on data could impact the ability to
detect outbreaks and take action on a population basis.

So, the more restrictions and acceptions you have, the higher the cost of
the system as well, the higher the cost of the administrative system and the
higher the cost to actually participate in the system. It also increases the
liability of participants and the health information exchange itself and that
can affect the data sources willingness to participate at all.

Then, of course, you lose the ability to use past data. For instance, when
we had Medicaid join, they actually gave us ten years back of data on their
patients to be able to use and use for quality measures, et cetera. That can be
important. It also affects your ability to detect fraud and abuse. If I want to
avoid being detected as a drug seeker, then I am going to definitely opt out.

Just to close, the decision on, you know, what restrictions on data should
be imposed basically boils down to balancing the rights of the individual with
the benefits of the whole population and really the whole health care system
and the ability to pay for that system and to sustain that system.

Thank you for your attention and I will put on my flak jacket when it is
time for questions.

MR. ROTHSTEIN: I don’t know why you would think that.

Our second witness on this panel is Joy Pritts, who has testified before
our subcommittee many times and we appreciate your coming back to tell us about
this new study that you have completed.

Agenda Item: Joy Pritts, JD

MS. PRITTS: Good afternoon. Thank you for inviting me to speak with NCVHS
on the important issue of patient consent. You asked me today to speak about a
paper that Kathleen Connor and I wrote called The Implementation of E-Consent
Mechanisms in Three Countries, Canada, England and The Netherlands, subtitle,
The Ability to Map Access to Health Data.

For those who have not read this paper, it is available on Georgetown
University’s website at http://HPI.Georgetown.EDU.

MS. BERNSTEIN: For everybody who is on the committee, I have circulated to
you and there is a copy in your folder and for the staff or people who may be
listening on the phone or on the web, thank you for getting us that.

MS. PRITTS: This paper arose out of the Substance Abuse and Mental Health
Services Administration, commonly known as SAMHSA, which is a government
office, which is devoted to addressing substance abuse and mental health issues
in the United States and ensuring that people get treatment. As I am sure most
of you know, SAMHSA also is very involved with the interpretation of 42 CFR
Part 2, which is the primary federal law addressing the confidentiality of
health information that is related to people seeking substance abuse treatment.

That law went into effect decades ago with the idea that it would encourage
people to seek treatment and shelter them from the threat of prosecution. That
law unlike the HIPAA privacy rule actually requires a patient permission to
disclose health information, even for treatment purposes in most cases. During
the evolving National Health Information Network debates in a number of
different forums, the issue has come up how are we going to be able to support
this kind of a requirement in our developing system and can we do it.

So, what SAMHSA asked us to do is to look at a couple other countries that
are a little bit further along in the development of their nationwide health
information infrastructures and to look at how some countries who actually do
give their patients the right to control their health information, how they
were able to do that, primarily kind of from a technical perspective.

In the paper and in my discussion today, I am using the term
“consent” to mean permission to share your health information for
treatment purposes and “consent mechanism” to mean the method by
which the individual can actually exercise that right. We looked at England,
The Netherlands and Canada and in Canada in particular, what we ended up doing
was looking at Electronic Health Information Exchange Projects in three
different provinces, primarily because in Canada, health information privacy is
largely controlled at the provincial level. So, we wanted to get a feel for how
that was being implemented.

We only looked at treatment for two reasons. One is you have to limit a
study like this in some regard because it can quickly overwhelm you. The other
is that for most of these countries, when they are talking about their
nationwide health information network, this treatment is the area where they
have the most established policies.

So, that is what we looked at and we also selected countries where the
information was in English because that is my primary language. We won’t even
discuss my ability to read French and German anymore. What we found — we also
looked before we — I go into actually what we found on the technicalities of
consent mechanisms, we did look a the background of the health care delivery
system because you have to look at these issues within some sort of context.

All three countries have some sort of universal health care. It ranges from
in England where the NHS, National Health Service, provides the vast majority
of treatment for the citizens of England and The Netherlands, for those of you
who were around during the Clinton health insurance debate, this will sound
very familiar. Their system is based on — it is universal health care
coverage. It is mandatory coverage. All citizens must have health insurance.
There are private insurers. They are guaranteed issue so that within the region
the individuals must be offered coverage at a set basic price and then they can
go about that.

It has not been in effect for more than a year at this point. So, we don’t
know how that is going, but you can see it is a very different model, insurance
model, than it is in the U.K. Also because it is universal health care, the
vast majority of health care expenses are paid for by either the federal or the
provincial equivalent to state governments. So, a lot of the funding for these
projects is actually coming from the governmental entities. Here you see our
direct alignment between the investment and the return on investment in health
information technology.

A little aside here, there were so many interesting issues in writing this
paper that I could talk to you all day about them, but I will just focus on the
consent ones today. But I thought that was one of them was the alignment of the
incentives there.

All of these countries, even Canada, follow the European Union Privacy
Directive. Canada is not required to do this. It elected to do this because it
wanted the ability to share its health information freely with Canada,
particularly with Europe, Canada and Europe, particularly for research

Under the European Privacy Directive at a minimum, the government must have
in place implied consent to disclose identifiable health information for
treatment purposes with an opportunity to withdraw or withhold the information,
essentially an opt out. That directive has been adopted very differently in all
three countries. All three countries nationwide health information
infrastructure have electronic support for patients exercising control over
their health information for treatment. It generally consists of coding data in
such a way that it is either not sent or not visible. Having said that, it
becomes quite apparent that these masking techniques that I will be speaking
about today work best with coded data and all three countries health care
systems envision data that is highly held in a coded format.

The masking or the — what they call masking of data is done at different
levels in different countries. In some countries, in some projects, it is done
at the data source. It can also occur at essential repository or a record index
locator level. The different countries apply masking with a very different
level of granularity. I am going to go very briefly through some of these so
that you can see the wide range of opportunities — wide range of
implementation that has occurred.

In Canada, we looked at projects in Alberta, British Columbia and Ontario.
There are three separate provinces. They have three separate laws that —
provincial laws that deal with health information exchange. Yet, they have all
agreed to abide by the nationwide privacy and security architecture that was
developed by Canada Health InfoWay(?). They have implemented that quite
differently, though.

The Alberta Physician Office System Program is a system where the
physicians’ offices can actually tap into these regional repositories that they
have in Canada. They have regional repositories usually at the provincial level
for prescription drug information, imaging information and lab data and summary
care information. At the Alberta Physician Office System Program, in order to
be certified to participate in that program, the systems have to be capable of
allowing masking data at a discrete data element level. So, you have implied
consent to share the information for treatment and then the patient has the
ability to mask data down to the data element level.

The systems are capable of overriding the masking of that information. They
log the override, including the user’s I.D. date and time and the reason why
the physician overrode that masking. As of 2008, the systems also must be
capable of allow or restrict access to their data by specific health care
providers, using health care provider identification numbers or purpose or
circumstance. For example, I mask my information except for emergency

This is also — I believe this is also the program where by 2008 they have
a drug system alert systems, an alert for physicians that tells them when there
is an issue with drugs that are about to be prescribed and it is supposed to,
by 2008, be able to interact with this masked data. So, even if it is not
visible to the provider, they will receive a notification you are about to do
something that might be dangerous to the patient. You need to talk to the
patient about this. So, there will be that alerting capacity.

In British Columbia, we looked at the PharmaNet System, which is one of
these provincial wide prescription information databases. There the citizens
have the right to mask their entire prescription record by having their
pharmacist attach a key word to the record. So, it is a total opt out. They
mask the entire record or what they can then do is they decide who they want to
get in — have access to this information and they give them the key word,
which is often called a shared secret. I think you have probably heard that

Emergency departments have the ability to override the masking in emergency
situations. They can have that key word reset and it sets up a whole other
alert system, letting the individual know that their information has been
looked at and their masking has been overridden.

We also looked at Ontario’s emergency department drugs history initiative,
which is somewhat similar, but it is a little bit more limited in the scope of
who it is directed to. It was primarily directed to emergency departments.
Their individuals have the ability to totally mask their prescription record,
which is a total opt out. In addition, individuals can elect to say I am going
to participate in the system, but there are specific prescriptions that I
prefer not to be shared without my permission. By doing that, they mask certain
data elements. Then the individual has the ability to give a health care
provider, particularly in the emergency department access to that information
on a temporary basis by providing their health numbers.

Consistent with Regenstrief’s experience, out of over 1.5 million of the
potential — of the people who could — whose information was in this database,
only 508 fully withheld consent and only 11 partially withheld consent from
June 2005 through February 2006. The ability to withhold your data on the
system is quite easy to do if you have access to a computer because the forms
are readily available on the web site.

MR. ROTHSTEIN: Excuse me, Joy. Do you have a denominator for us?

MS. PRITTS: No. 1.5 million and only 508. So, it is really small. However,
it is also — when Canada was developing its privacy and security architecture
for its nationwide health information network, they developed it and then they
actually vetted it with consumers through a series of consumer surveys. So, the
fact that people aren’t utilizing this doesn’t necessarily mean that it is not
a facet that they thought was important, an important piece of the

In England, England has a very different development for their nationwide
health information network. It is being based on a nationwide database, which
will hold summary care records for all 50 million of its citizens. It has been
quite controversial and there has been a significant amount of consumer input
and back and forth in the development of where this record was going and what
kind of controls consumers would actually be able to utilize on it.

In the most recent iteration of this, which was released in December 2006,
and that is also referenced in the paper that we wrote. It is a very
interesting — it is worth reading. It is called Sealed Envelopes Briefing
Paper and it has — it includes some diagrams of exactly how they envision the
system working. The decision is that first of all people are going to be able
to have the choice, whether they are going to have a nationwide summary care
record — they believe that that is something that people have to have the
choice whether or not they are going to be included.

Then they are going to be able to opt out of sharing the record. You can
have a summary care record, but essentially make it invisible to most people,
but it would be available for other purposes, such as public health. If that
level of masking is not — they call it sealing is not ideal for an individual,
they also have the ability to what they call seal individual data elements or
seal and lock them and sealing and sealing and locking take place generally in
the context of a circle of care so that when a document is sealed the
individual — the health care provider, who created that information has access
to it.

In addition, the workgroup that that provider does their work with, their
nurses and people based on — will also have access to that information. For
others, that information is not available without an override. Again, when
information is sealed, it is capable of being overridden by somebody outside of
that care group. If they override, then there is a notice that comes up on the
screen saying you are about to access field information. Do you want to
proceed? If they elect to proceed, it says an alert will be sent to the privacy
officer now and then that is what happens. So, they can override it. There is
this alert system in place.

When information is locked, it is a little — it is much tighter
restriction on who can have access to that information. When it is locked,
people within the workgroup will know of the existence of the information but
people outside of the workgroup won’t even know that it is there and there is
no ability to override that lock. It is very interesting because the U.K. is
very aware of the potential health consequences of locking information and not
having the potential for an override. They discuss it at length in their paper
and they basically say an individual has the ability to refuse to consent to
treatment if they know the consequences. We are giving people a lot of notice
about what the potential consequences for this are. So, we treat it with this
— decision with the same degree of respect.

Turning now briefly to The Netherlands, there is currently a limited
ability to seal information based on limiting access to records to specific
health care providers. That exists today. The Netherlands has kind of — it is
a document locator system and so it is different than either the U.K. or
Canada. So, their information now is going to be controlled at a slightly
different manner. There will be sealing at the provider level, which means that
other people wouldn’t be able to necessarily access that information, but
primarily, they are going to be using what they call I believe they are
authorization profiles and then the way that works is a consumer is presented
with a series of options of I am going to share my health information with
everybody. I am going to share my health information with everybody but I don’t
want my brother-in-law, Dr. X, to see it.

It is because he has — and they can do that because they have provider
identification. They also envision using different levels of authority, like
you can always share my health information. You can only share my health
information in emergency or you can never share it. They are both in England
and The Netherlands are actually doing — of testing their consent mechanisms
in real life projects to see how this is going to work in the long term.

This is changing on a daily basis. If I came back in six months, I might
have a very different story to tell you, but as things stand now, the premise
is that as the — these three countries move along in their nationwide health
information network, they intend for their citizens to have a lot of degree of
control over their health information.

That is the end of my testimony. Conveniently timed.

MR. ROTHSTEIN: Thank you both very much and we have some questions for you
and we will for this round counterclockwise order again.

So, John.

Agenda Item: Questions and Answers

MR. HOUSTON: A couple of questions.

Joy, did your study go into any review of the way that these different
systems are going to provide logging and the ability of a patient or somebody
to review who had looked at the patient’s record?

MS. PRITTS: We have collected some of that data but it was a little bit
beyond the scope of this paper. So, we have some of it that we can pull out. If
you look at the paper, there is a section that says something like access
control and it briefly touches on the logging issue because — I understand
that you can’t just look at consent. You have to look at it within the broader
framework of how often are they controlling the data.

MR. HOUSTON: Because I think what is going to happen is this is going to
become a really sticky issue and I think in terms of whatever architecture is
developed in RHIOs in the United States, it is really going to become a thorny
issue of how do we set up a process that is workable, that is sustainable and I
would really love — it would be really great at some point to expand upon that
because I think it really is going to be a really pretty relevant topic.

MS. PRITTS: I would suggest that you direct that comment to ASPE at the
moment because I think they are thinking of looking at that issue.

MR. HOUSTON: And maybe if Victoria could speak to what Regenstrief is doing
in that regard. I don’t think you expanded on that too much in your comments,
if I am not mistaken. How do they deal with the issue of logging and some type
of retrospective review by patients or by somebody who has looked at somebody’s
data and whether it was appropriate? Was there a process implemented in that

MS. PRESCOTT: Yes There is a full audit trail, as far as who has looked at
the record because we all use standard security procedures and things like
that. There is no automatic, oh, let’s go and look at these — you know, there
is no process in place to go do a manual review. What happens is if there is an
inquiry at one of the hospitals and they are concerned that, you know, someone
might have done an unauthorized view of data, then we pull the record and
provide it to the hospital or whoever did the inquiry and then they take
action. It has happened once or twice. It is usually an employee of the

MR. HOUSTON: What happens if a patient comes to whomever and says I am
concerned but I believe my next door neighbor looked at my record and she works
for Hospital X or maybe it is — or maybe it is they are just concerned. They
have a concern that somebody has looked at their record and they don’t know
who. Is there some overarching organization that can do a private review for a

MS. PRESCOTT: Not an overarching organization. Through our relationship, as
I mentioned before, it is really the providers that we refer the patient
inquiries to. So, they would go to the hospital and say I believe that — but
when we pull the data, it is going to be data that has been — that data has
been accessed by the whole community and we —

MR. HOUSTON: You would direct them to whatever provider had provided care
to them in order to initiate that review?

MS. PRESCOTT: Yes and we have never received any direct person inquiries. I
mean, most patients don’t even know we exist.

MR. HOUSTON: Great. Thank you.

MS. PRITTS: If I could address part of your question, I was sitting here
remembering some of the things that I read and one of the things that they are
doing in England is their health system is set up for regional health care
delivery and within the regional health care delivery, they have what they call
Caldecot guardians, who are Caldecot, I think, guardians. It is somebody’s
name, I believe, or an act or something. It is a name.

They have been charged with reviewing — almost by being the privacy
officers, not quite, and making — one of the things that they are supposed to
be doing in this system as it develops is doing intermittent overall audits,
but looking at, you know, picking out some providers records and saying, okay,
what has he been doing as a kind of deterrent to make sure that people aren’t
surfing the system.

MS. PRESCOTT: I should mention something else you just brought to mind. As
far as a breach, if there is a breach that occurs in our INPC agreement, we do
have mechanisms for disclosing the breach to like all participants if it is a
serious breach, et cetera, so that they can, you know, take any action that is
necessary. I just wanted to mention that, too.

MS. BERNSTEIN: Does the system look for anomalies? Is there some mechanism
set up so that if an unusual occurrence happens with access you can — some
inquiry is generated?

MS. PRESCOTT: It is very difficult to set up an algorithm because there
could be really valid uses for things. I mean, we have some basic procedures in
place, you know, a hundred thousand hits or something, but that is not really
usually going to be occurring, but it is very difficult to figure out which
types of hits would be inappropriate. Plus, it is very locked down, the system,
the way access is right now. So, it is very unlikely anything would occur.

DR. TANG: I found this — as useful as the ones were this morning, I
thought this panel was invaluable because it has real world experience in data.
In the one hand, I think it is real world, a lab for actually doing the —
dealing with aggregate data over many, many systems and the others, the
international scene is actually a lab for policy development and I think we
learn a lot from them.

I have a question for each party. In the Indiana group, which actually is
probably the largest in the county and it may be the world where they are
dealing with the real exchange of health information and answering the
inquiries back and dealing with the policy issues. We talked about the
sensitivity to the context user and I think location. So, is a provider at 1
ED, gets access to a patient data, is that person on his or her honor or does
the system restrict it in some way. Describe picking up the location and then
getting a proprietary, an ER locum can be multiple locations that you can’t
predict. So, is it controlled at the system level or is it by the individual

MS. PRESCOTT: It is a combination of both. Actually addresses a range of IP
addresses for a particular facility that it is locked down to and it has to be
a user that is associated with that one particular facility.

DR. TANG: That is the genesis of my question. It is pretty hard for you at
the system level to keep up with the fact that, oh, I just got this job at ED
No. 3 and for you to know that I should be allowed to —

MS. PRESCOTT: Whenever an entity joins INPC, they give us the range of the
IP addresses and we are in very frequent contact with them on that and they
also give us very frequently, sometimes daily, a list of physicians that are
authorized. We do the mapping, you know, to our global provider for that.

DR. TANG: On the international — I really enjoyed your paper because I
think it had all kinds of information. One of the pieces you did mention is
that changing even daily and before our sessions you talked about having the
first draft available like the end of last year and then had to revise it just
to present more current information. So, I think that is a good way of tracking
what is going on internationally as they struggle with some of these same
issues and perhaps are ahead of it as you say.

Many of the things — you used the word “envision,” which I think
means that a lot of these things are planned and conceived rather than
implementation, implemented at least nationwide. You talked about pilots and
all. So, I think one of these we need to consider is or maybe we certainly have
to invite it back to find out what is the result of these pilots and
experiments because I think in many of our minds, implementation is that is
where the rubber hits the road in the devil of details and whether you can
actually sustain that amount of granular control as some people are

MS. PRITTS: I would really like to do a failed track.

MR. HOUSTON: So would we.

MS. PRITTS: There we have it. We should all go.

DR. TANG: So, as an example the notion that a decision support system can
operate off of masked data, that was the hypothesis by one of the countries. I
think it was The Netherlands. But interesting enough, 87 percent of the drug
interaction alerts are disregarded, either because they are not true or they
don’t — whatever the reason is they are, quote, false positives in the sense
they are not acted upon. So, one can imagine the provider being faced with we
don’t know something and all these things, it is just — I mean, it is one of
those gotchas that we would love to see how it plays out.

MS. PRITTS: I think one of the key elements in all of these systems is that
there is an underlying assumption that the provider will never have all of the
information and you see this from the notices on the web sites. They have —
and I can’t remember which province it is, but they have a physician’s notice
on their web site. This web site will not ever — the prescription data that
you receive will never be totally — the patient may be getting information off
of the Internet. This is a baseline and you need to work from it. I think that
is one of the key assumptions that I hear missing from some of the discussion
here in the United States is there seems to be almost this assumption that when
we go to electronic health records, we are going to have it all and we will
never have it all because you know whatever you design to capture the
information, your patients will be on the other side, figuring out a way to
avoid it.

DR. TANG: One more final comment. There is an interesting concordance in
their experience. Less than .1 percent came to restrict — ask for restrictions
and 70 percent which came from one clerk. So, if you moved that 70 percent, it
matches identically with the experience that Joy just talked about of the .02

MS. BERNSTEIN: Yes, but am I correct, what Joy is talking about is patients
who are making those decisions and what Ms. Prescott is talking about is
providers who are making those decisions. Right? The clerk is working for a
provider, right?

MS. PRESCOTT: No, it is intake clerk at the hospital. It is just a clerk
who says would you like me to sign these forms and you should mark that one no,
because you shouldn’t consent to that.


DR. FRANCIS: I have a specific question for Ms. Prescott and then a
question for both of you. The question I have for you is you have a slide here
that is called Patient Request and the third and fourth bullet there are — No.
12 — are provider decides what data to send to INPC and provider makes the
decision on whether to grant patient request. I wanted to be sure I understood
that because what I want to know is whether at the time of the provider/patient
relationship, there are decisions made never to send data, rather than to send
data with restrictions. You see what I am asking. That is that the provider and
the patient might decide together that the information about this visit or
whatever isn’t going to get sent to your network or does all — rather than
they are deciding that it will get sent with a request for restriction.

MS. PRESCOTT: I am sorry. I am not quite following.

DR. FRANCIS: The question that I am interested in is whether there is
information that is never making its way into the system.

MS. PRESCOTT: Actually, we are not aware of any. There was a hospital that
joined recently, who said that if the patient wants them not to share their
data with anybody, then supposedly they are going to market in that system and
not electronically transmit it to us, but I don’t have any idea as far as how
many patients that is or whether they are really going to do that in practice
or not. But at least one person at one meeting said, yes, we wouldn’t share it
with anybody. We wouldn’t even send it to you. But all the other participants
in central Indiana in INPC they all send us all of those data and there has
only been those two that the provider, that particular hospital decided that
they wanted the grant and then we just deleted those two patients from the
entire —

DR. FRANCIS: That includes physicians as well? You have got a bunch of
physicians sending you data. So, you are getting all data from effectively all
the health care providers.

MS. PRESCOTT: Correct. It is 99 percent of the hospital care. It is over
one-third of the ambulatory care. So, it is not all providers have EMRs. So, we
wouldn’t be receiving necessarily their data unless they had an EMR because
that could generate an HL7 out and send it to us. But some of the large
practices like IMUV, who is actually one of the founding members of INPC, along
with some hospitals. They do send all of their data. So, it is included.

DR. FRANCIS: My second question, which is for both of you —

MR. ROTHSTEIN: Excuse me. Could I interrupt for just a second. Would it be
theoretically possible that if I saw an internist in Indiana in your area and I
had a variety of complaints and one of which is some sort of depression, that
the provider could agree not to send that complaint and maybe even a
prescription, but send all the other stuff. Is that possible? Does that happen?

MS. PRESCOTT: Not from a practical standpoint. I mean, they can choose what
to send, sure, but really what happens is we have direct feeds from their
systems, their lab systems, their transcription systems. We have a direct feed
from pharmacy benefit managers. So, we get all the data that they have on
prescriptions that have been there. We have a direct feed from the order entry
system with the hospitals. So, we even receive orders that are done. In those
particular systems there is really no way that at least I am aware of that you
can actually turn off individual patients, plus they send us the data for other
purposes. For instance, we do clinical messaging as a service to the hospitals
and labs. So, they hire us to take their data and deliver it to the doctors’
offices. So, they have to give us all their data so that we can deliver it as
well and there is really no way to parse things out.

So, that is why we kind of have it set up to where it is going to be an all
or nothing, you know, we will just take the patient out of the system.

MS. BERNSTEIN: If I am a motivated patient and I have a long time good
relationship with my doctor and I needed to be treated for depression and my
doctor writes me a script on his or her prescription pad and gives it to me and
I go pay cash at my pharmacy —

MS. PRESCOTT: That is it.

MS. BERNSTEIN: But my name is going to appear on the prescription. I could
pay cash and still have it show up at the PDM, right?

MS. PRESCOTT: You could ask the pharmacy not to file —

MS. BERNSTEIN: Could I do that?

MS. PRESCOTT: They wouldn’t file the claim because you paid cash. They are
supposed to file the claim, but — they are supposed to by their contract —
there are other ways to opt out, right.

MS. BERNSTEIN: But the 1 percent that you are talking about is not this
kind of 1 percent. I guess there are two-thirds that don’t have EMRs. You are
not getting those for the moment. But that will presumably change. EMRs will
become more widespread. So, the 1 percent of the records they are not getting.
What does that represent?

MS. PRESCOTT: There is a lot of data that we don’t get. I mean, we are
getting a lot of data and we have the most data of anybody in the whole country
or world, probably, but we still don’t have all the data. I mean there is a ton
of other places that — and other labs and other, you know, little systems
within the hospitals even that we have now, you know, that infection control. I
mean, there is just data everywhere and we can’t — we are never going to get
all the data, as Joy said, but I am not quite sure — and there are other ways
to opt out, like you said, in paying tax and you could do things as well. So —

MR. ROTHSTEIN: I am sorry. I interrupted Leslie.

DR. FRANCIS: My other question is for both of you and I don’t mean this —
I don’t mean this quite pejoratively, but I have a sort of roach hotel theory
of electronic records in the sense that, you know, information checks in but it
never checks out.

DR. TANG: Where is the roach hotel part?

DR. FRANCIS: They check in but they never check out. The point behind that
is not all of the information that goes in is accurate. There is mistaken
information. And I wonder — which can be very damaging to people and I wonder
whether your system has any experience with the possibility that somebody might
— a provider, say, might choose to correct something that has been sent and
whether any of the systems that you have studied has any — you know, there is
some effort to rely on patients to look at their record, but I am interested in
the provider side and whether (a) the systems you looked at have thought about
that question at all.

MS. PRESCOTT: You want to go first or —

MS. PRITTS: Sure, I can go first. I will let you off the hot seat.

With respect to verifying information, I would say that what they are doing
in England is before — they are just getting ready to launch their summary
care records and before they publish that information in — that summary care
record information into the nationwide — they are giving the patient the
access to it through the Internet. They have a web portal and they are asking
people to review that and let us know what is correct before we upload it to
begin with. That is one of the things that they are doing to verify that.

This is an area where — I looked at this a little bit in England and in
The Netherlands and it is not clear what they are going to do to correct it
from a provider point of view. That I wasn’t able to really pick up on. I could
pick up how the consumer fitting into this, but from the materials I was able
to get that are publicly available, it is kind of harder to see how the
physicians are going to do it, whether they would be alerted that it is not
somebody’s information. Are they able to pull it off? From my understanding,
they can do that. They just don’t?

DR. FRANCIS: They just don’t? Have you ever seen any —

MS. PRITTS: I don’t know the answer to that, if are dealing with that. It
would be interesting to find out because, for example, the prescription data
system in I think it is in one of the provinces has been active for well over a
decade. So, they have been doing this for a long time.

MS. PRESCOTT: Ye, we have — there are always going to be errors in data
that — you know, codified data entry or whatever it happens to be. So, there
is actually a way to electronically amend data, lab results, whatever they are.
So, the hospital or whoever it is that made the error would electronically send
us the copy and it would have I think it is an HL7. It even says, you know,
ignore the previous one, whatever.

Also, actually our HIE has helped identify a couple of errors. There is one
physician who said, oh, I see you have prostate cancer. I don’t know what you
are talking about. So, what happened was we called the clerk or the hospital
that had that data and they corrected it and then sent us the electronic
amendment. So, actually Health Information Exchange can help a little bit from
that standpoint. There are going to be some errors probably when you are
talking about matching patients, you know, because there is a whole big
discussion about a master patient index, how do you do that algorithm, et

There could be errors from that, although at Regenstrief, we are like —
they have people who just are devoted to that kind of thing and the appropriate
algorithms and statistical matching formulas and things like that. We always
err on the side of not having false positives. We will just err on the side of
not including the data if we aren’t really sure that that is that particular

DR. FRANCIS: So, the principal error that you have experience with is wrong
patient type error, more so than — or just plain data entry problems, rather
than say misdiagnosis.

MS. PRESCOTT: Data entry problems typically, but we haven’t found tons of
errors. We don’t even know sometimes that the hospital if they found their own
error, they just send it to us electronically and it is processed in the
system. So, I can’t say that they call us every time they make an error. So, I
don’t really have firm statistics on that.


DR. COHN: I just have two questions. Perhaps more on clarification just so
that the way I understood what was happening. First of all, actually, it had to
do with you had made a point about how tight the data access was, using the
hospital as an example in terms of access and it opened up and told they were
put in the ADT and all of that. Now, I am apologizing. My glasses are pretty
good here, but some of your slides — federated data model slides indicated to
me that apparently the physician officers are also having similar access to the
data, as well as pharmacies. Is that correct? Am I reading that right? It
seemed to me that hospitals aren’t the only place that are getting the data. Is
that correct?

MS. PRESCOTT: You want to know who accesses the data?

DR. COHN: Yes. Isn’t it also doctors’ offices and —

MS. PRESCOTT: There are actually a large number of ways you can get at the
data and different services that are provided. One of them is the one that is
— and actually in the ER, we also do one other thing. We actually when we
receive that electronic message that the patient is in the ER, we actually have
the IP address of the printer that is right behind the clerk in the ER —

DR. COHN: I got all that and I understand how you can tighten down in a
hospital environment. As I was looking at this one, recognizing that there is a
zillion pharmacies, lots of doctors’ offices, it seemed to me that maybe the —
unless you have some very good tightening mechanism, you do something where you
are checking the previous claim status before they can access a record or

MS. PRESCOTT: In the physicians’ offices, the way that we are doing it —
actually it has just been approved, well, a few months ago, by the INPC
management committee to allow access in physicians’ offices for people who are
not in the hospital at the time, but they are — actually the record is opened
up when that particular physician has received the lab results on that patient.
So, it is using that as the evidence upon which we believe that they are under
treatment of that physician.

So, it opens the record up for a limited period of time for that physician.
There are other types of mechanisms in here. Pharmacies can’t just log onto the
— pharmacies are not accessing the system directly. They are putting data into
it, but they are not accessing. Labs are the same. They contribute data but
they don’t access the data. Public health, there is a whole series of things
that we transmit for them, that we could go into. Payers are very, very limited
on what they can access. Basically, they can’t log on and access. We are in the
process of getting ready to roll out the quality reporting project, which is
funded through some different mechanisms in Medicare and AQA and all that and
they — it is combining our clinical data that we already have with some of the
claims data and looking at specific, basically 26 different quality measures,
performance measures of individual physicians.

It is a community effort. The physician community as well as the local
payer community have come together to agree upon these set of measures. Then we
are using our data to be able to produce those reports. Reports are given to
the payers on their particular members and also an aggregate, like how the
doctor compares across all the different payers, not just them, kind of like a
scorecard and then the providers, the doctors themselves receive a report on
their own patients and also their score, you know, across all patients. So,
they can actually specific action to improve the quality and know exactly which
patients that they need to follow up with, et cetera.

So, those are a few different ways to access the system.

MR. ROTHSTEIN: Thank you. I have a few questions.

Ms. Prescott, how is INPC funded?

MS. PRESCOTT: It was originally funded by a grant from the National Library
of Medicine and the original was in 1996-1997 time frame. That has been
extended. We keep receiving other grants. So, it is basically funded through a
series of grants that is kind of like a patchwork of grants to study the impact
of electronic exchange. We have gotten grants to do other things, like clinical
reminders, decision support and other types of things. We have gotten grants
for the —

MR. ROTHSTEIN: So, the providers don’t pay you anything for the service?

MS. PRESCOTT: No. The physicians and hospitals do not pay us for the INPC.
Now, there are other services that are kind of built on top of this
infrastructure, for instance, clinical messaging that hospitals and labs pay us
to deliver their lab results to the doctor. The doctor doesn’t pay because, you
know, it is the hospitals labs responsibility to get that result to the doctor,
but they pay us and because it is like economies of scale, it is a lot cheaper
for them for us to do it.

It is better for the doctor because the doctor doesn’t have to log on to
four different systems to get their results or get some in the mail and some
faxed. You know, it is all in one place. The clinical quality, the quality
reporting one, the payers are paying us the Health Information Exchange to
generate the report. To obtain, there are actually some specific information
from physician officers that we actually have to get put into electronic format
and some officers obviously don’t have any EMRs, so we have to manually data
enter some of those like strep results, chlamydia results, pregnancy tests, et
cetera, if they don’t have that in electronic format.

So, the payers are paying us to do that and then the payers are paying the
providers, the doctors, based on their score and their quality improvement. So,
those are some of the different —

MR. ROTHSTEIN: Do you ever sell any of the data to researchers?

MS. PRESCOTT: We are a medical research institute. So —

MR. ROTHSTEIN: I understand that, but I mean do you make use of the data in
your own research?

MS. PRESCOTT: Oh, extensively, yes, because that is part of the reason for
— to create the system to start with is to have sort of a laboratory to do
these tests on to say, okay, you know, are we really improving health care by
doing this or having this reminder or implementing —

MR. ROTHSTEIN: Is the research function part of the — I mean, what are
patients told about the research that is done on their health records when they
sign up?

MS. PRESCOTT: That is up to the particular hospital, but in our INPC
agreement we say that you need to make sure that you disclose this fact that we
are using it for research, et cetera. But they usually have those types of
language in their privacy policy anyway because they do their own research on
the data, et cetera, and we follow HIPAA and actually the INPC agreement goes a
few steps further and is more protectionary than even HIPAA is because we
require any research that is being done to have an IRB approval and to also
include the particular data source at the particular hospital in this research
if they want to be included as a researcher on it.

There are other types of mechanisms. The other thing is we don’t allow
researchers to just log on and download data. We have an entire data analyst
group, because we know what the data is. We know that in 1999 we started this
type of data and we know that it changed this code and this date. So, we have a
much more in-depth knowledge of the data and we can help the researcher
understand what they can and can’t know from the data.

So, we have a whole data analyst group that will provide or extract the
data for the researcher for the approved research project.

MR. ROTHSTEIN: Last question for you and that is you said it was difficult
and costly to make more granular decisions in terms of the leaving things in or
leaving things out. My question is to what extent is that a function of the
legacy, in other words the fact that you started not doing that and it is
costly to change over versus the ability and the cost to do it at the outset
because my impression from talking to many of the folks who are working in this
field now, who are setting up these systems, is basically we can do anything
you want as long as we know what you want before we start doing it.

So, do you have a comment on that?

MS. PRESCOTT: Well, they are vendors. We are not — they will program
anything you want, but you will be paying for it, too. The thing is the costly
— from the standpoint of administration, too, I mean, are we going to start
asking the providers, who are already taxed for time, et cetera, to have to
manage this type of thing and have to do a different type of data entry for
those who have to sit down with the patient and spend lots of time explaining
this and that and the implications of this and that. I mean, I know there are
places, like Joy said in the foreign countries that are trying to do this type
of thing, but do we really want to add to the system —

MR. ROTHSTEIN: Yes, some people do.

MS. PRESCOTT: I know, but it is costly. It is also a liability risk. So,
you know, if — we already have enough problems, you know, getting people to be
willing to share their data and now you add another layer of liability for them
if they screw up and click the wrong box for consent and the patient sees them
or whatever ensues after that. So, it is more than just pure cost to

The other thing that I had mentioned before was about the physician not
really necessarily having as much confidence in the system if things aren’t
really going to be there to — they aren’t really sure what is there and what
is not and, you know, what they are accustomed to seeing, et cetera. So, there
are some issues with that. It also impacts the work flow of the physician, I
think. So, you have to really consider that because if they don’t adopt it, we
don’t achieve anything at the end of the day.

MR. ROTHSTEIN: I have two quick questions for you, Joy, as well. On Vicky’s
slides she has got third from the last a litany of horrors that would ensue if
restrictions were placed on this and my question is have you found any evidence
in your research of these things in any of the other countries that you

MS. PRITTS: Well, I would start by saying that their focus is — they are
faced with many of the same issues. Let’s start with that. All right? Because
they do want to use the health information for secondary purposes. I have seen
lengthy discussions on where they are going to reach the appropriate balance.
In, for example, the issue about patient care was debated at length in England
and continues to be debated and there are issues that were raised there are the
exact same issues that are raised here. It is just that their philosophy is
somewhat different. It is kind of interesting because here is a health care
system that takes care — I mean, they pay for all the treatment. So, in that
sense you might consider it to be patronizing, but when it comes to letting the
patient actually make the decisions, it is not at all. It assumes that for most
patients they will not only make decisions about what care is appropriate for
themselves, but what health information sharing is.

They are very upfront with all their literature that this could have an
impact on patient care, but believe that it is important enough that where they
have drawn the balance is to give the patient the right to consent. With
research it is clear that that is an area that is of great concern to
everybody, primarily because of health care costs. They have a — there is a
very detailed discussion in the Canadian Privacy and Security Architecture
Document of where they are going to draw the line, where they will allow
masking to occur in order for that information to be available for research

What they are trying to do is a line where the information is someplace. It
is not necessarily visible to everybody, but it is available in an anonymized
basis. They are underlying. It is kind of lurking there.

The costs I haven’t looked at at all. The cost of these systems is
enormous, as I know you have heard from people who have spoken about this and
they have just built it in as the cost of doing business. They haven’t
identified the consent as something that is an additional cost to them. They
just say this is how we are going to do it and that we are building it in up
front, which I know is much easier than going back and retrofitting.

The ability to use – it is just problematic with an EHR system because most
of the data in all these countries in paper format right now. So, the benefit
of masking versus withholding the data is that when you mask the data and it is
in the system, you can go back and use it. If you withhold the data and it is
never put into the system to begin with, you lose that capacity.

MR. ROTHSTEIN: Last question for Vicky. Then we are going to — I promised
staff a chance to go on a second round. Then we will take other —

I assume that you have got —

DR. TANG: Mark, this is on this particular point.

MR. ROTHSTEIN: Sure, Paul.

DR. TANG: So, it is just a quick comment. So, in the U.K., one, they
haven’t implemented it yet. That is an important difference, whereas, INPC has.
The other really important from a cost point of view is the U.K. is a
centralized database. So, they control all of it versus having to — literally,
where you have to control all of the EHR systems in the country in order to
preserve — in order to implement what they have done.

MS. PRITTS: It is a centralized database and not. As it turns out, I mean,
it is always promoted and when you read about it, it says it is a centralized
database. The summary care record is on one central database. There are also
what they call detailed care records, which are held at the local level, which
have additional information in them and which also have a whole series of
issues addressing patient control over those records as well. So, there is some
discussion now over how much of that information is going to flow up.

DR. TANG: So, the policy that you talked about was conceived for the
central database, they haven’t talked about with the details of their record

MS. PRITTS: I know it seems like it is backwards, but that is accurate. It
has not been discussed in nearly as much detail as the summary care record.

MR. ROTHSTEIN: Very brief question. I assumed that in your network, you
have got some providers who provide substance abuse treatment and also
psychotherapy treatment for which separate health records need to be maintained
and a granular access opportunity. So, how have you managed to comply with
those legal requirements?

MS. PRESCOTT: Well, we definitely comply with the law. I have to say that
here. But under psychotherapy notes of HIPAA we — the physician is required,
the psychologist, whoever, is required to keep those physically separate and I
am not aware of any being put into the system and specifically actually in the
INPC agreement, we say you will not be sending us the psychotherapy notes. So,
that is automatically not included and the same with substance abuse. What is
really troubling with — Joy has heard me say this before, is that there are
some facilities that are dual use. I mean, they do substance abuse, but they
also do lots of other different types of care and because of the part 2
problems, not problems, but, you know, my view is it is a problem because we
can’t get the data. I mean, we can’t get legitimate data because we — same
facility that also does substance abuse. So, I will put a plug in for that.

MS. WATTENBERG: So, you have these substance abuse treatment facilities and
you are telling them they can’t deposit their records with you. They can’t
participate in the system even if the client wants to and gives consent?

MS. PRESCOTT: We don’t receive that data from those facilities. We have no
way to —

MS. WATTENBERG: [Comment off microphone.]

MS. PRESCOTT: It is also in the agreement actually that we are discouraging
anyone from sending us those because we don’t have ways to — now, if their
system would filter it before we receive it, but still with Part 2 it is not
just a simple consent and you are done. You could do whatever you want with it
and you could do treatment and research. I mean, there are some major issues
with how far that consent goes, how downstream you have to reconsent. There is
actually language you have to include, et cetera. So, that is why we just don’t
even want to touch it at this point in time.

Now, if there is a client of our clinical messaging system, we have to
deliver their patient’s transcribed report to the physician, but that is all we
do with it. We just totally block the whole facility. We just don’t include it
in the data sharing INPC portion of what we do. But they could potentially be a
clinical messaging client for us to deliver the stuff to the doctor.

MS. WATTENBERG: If there were in HL7 a consent standard, would that help?

MS. PRESCOTT: I guess there would have to be a SAMHSA sanctioned, you know,
ability to do that and I would love to see it if they could somehow parse the
substance abuse records from other records at the same facility. That would
really be helpful.

MS. WATTENBERG: Yes, I mean, we are working on that. So, I am just curious
from your point of view if that would help solve your problems.

MS. PRESCOTT: I think we would have to probably have longer discussions
about data elements and how it would be implemented in things, but that would
definitely be welcome.


MS. BERNSTEIN: That leads me to want to ask another question, which is in
any of the European countries do they have sort of specialty sensitive record
logs that are not part of the data record or like the psychotherapy notes?

MS. PRITTS: As a general rule, all health information is treated the same.
That means — and that goes hand in hand with and the patient has the right to
control all health information. So, it is the patient who decides, along with
their physician in those cases, I mean, that is highly, highly encouraged what
information if any they will withhold.

I wanted to go back and address this last part. In many states, it would be
difficult for a patient to avoid fraud and abuse detection because the
information that goes through the pharmacist automatically is going to a
central reporting database as to the prescriptions that that individual has.
So, in many states there is a central database that collects the prescription
data on all patients for your kind of suspect medications. An individual could
not, even if they wanted to, avoid that detection because it is not done with
any control authorization from the patient. It just happens.

MR. ROTHSTEIN: Gail, are you still with us?

MS. HORLICK: The last hour or so it has been a little hard to follow. There
was a lot of static. So, I was mostly listening to the Internet. I think I have
gotten the gist of it and I will participate in the discussion, but I don’t
have a specific question.

MR. ROTHSTEIN: Okay. Thank you.

Other questions? Sue?

MS. MC ANDREW: I was just interested in the data silos that you are
maintaining on behalf of each of the providers and what happens in the actual
data exchange? I am assuming that this is the data that they have agreed to
share and that each system is nonetheless maintaining their own system. So, if
a doctor, who has had a patient put into the hospital and the patient has been
released and then he back in his private practice wants access to that record,
he can query the system and — does he replicate that then in his own database?
I mean, do you wind up having the system — the same information repeated over
and over again within the system because somebody has access to it and has
stored it independently or is this kind of a view and not sure method?

MS. PRESCOTT: It depends on the physician. For instance, our clinical
messaging system allows a variety of ways to receive lab results for a patient.
You can receive it by fax, which unfortunately 10 percent do. Most of them will
actually log on to our web site and they can print those out or copy and paste,
whatever, and then there is the few that have a true EMR that can receive HL7
seeds. So, we will actually generate an HL7 and it will go into their EMR
system. But that lab would have only been generated once and go in. Now, as far
as a direct download of HL7 from INPC, that does not occur. It is kept in the
way it is displayed here and that data is logged on — the user would log on to
view the information. They can print it out, et cetera. We are the EMR for some
particular hospitals, but in general, no, it is not just downloaded into
another system.

MS. MC ANDREW: So, in order to recreate the information that was available
for that episode of care, how would that be done if they don’t download and
store the information on their own system?

MS. PRESCOTT: They can either print it out, they can only have access to
view it for that period of time and if there is some kind of for instance a
dispute or a patient sues them for malpractice, we can generate the record for
them that was viewed at that particular time. But it would be nice to be able
to have integrated, interoperable systems. I totally agree with you that is not
duplicated, but we are not there yet.

MR. ROTHSTEIN: Harry, are you with us now? Do you have any questions,
Harry? Did you get a chance to hear much of the —

MR. REYNOLDS: I will just wait for general discussion. Thank you.

MR. ROTHSTEIN: Okay. Thank you.

Any other questions? Maya?

MS. BERNSTEIN: I am wondering, Ms. Prescott, you were talking earlier about
when you gave your initial remarks, you talked about what happened before. So,
I understand it, Regenstrief was created with grant money in 1996. Did I
remember that right?


MS. BERNSTEIN: Regenstrief has been around longer than that.

MS. PRESCOTT: Yes, over 30 years.

MS. BERNSTEIN: So, before HIPAA, presumably — well, I guess I could ask,
under Indiana law were you constrained to have consent that — you were
required to collect —

MS. PRESCOTT: The hospitals were.

MS. BERNSTEIN: What the experience was at that time that you had to do
that, you had to do business by using consent and how has that — it has been
removed, but what was the experience at that time, if you know, given that is
what we are talking about for the e-consents and how would patients — I guess
you could have an all or nothing consent.

MS. PRESCOTT: It wasn’t all or nothing —

MS. BERNSTEIN: — patients were asked to sign a consent, they could sign a
more specific consent or not.

MS. PRESCOTT: No, it was just one — it was actually in our original INPC
agreement, the actual — as an exhibit, the actual language that they needed to
give on the form, the hospital needed to give on the form to the patient. So,
everybody had to use the same form and it was an all or nothing — sorry?

MS. BERNSTEIN: That was dictated by INPC.

MS. PRESCOTT: By the group, yes.

MS. BERNSTEIN: If I am a patient and I scratch out, mark at the margins,
you know —

MS. PRESCOTT: Then we can’t process that. Exactly.


MR. ROTHSTEIN: Thank you both very much. It was very informative and
stimulating as always.

We have no public testimony. We have members of the public, but we don’t
have public testimony at this time. What I would like to do is dispense with
our break — we will take a ten minute break and then let me suggest what we
are going to do. I want to take up the issue of where we go from here with the
information that we heard today at the hearing. Do we need additional hearings?
Do we need more witnesses? Do we want to think about action items? Do we want
to —

MS. PRITTS: I have to leave, but can I throw something on the table before
I go?


MS. PRITTS: I think you are all familiar with the AHRQ funded 34 state
survey on privacy and security practices and policies, which is now winding up
and I think that it may be useful for you to hear as a practical matter what
the states and providers have been doing with respect to consent, regardless of
what HIPAA requires.

I found it very interesting — the results of the study have not been
released yet, but they are coming out next week. So, they are something you may
be interested in.

MR. ROTHSTEIN: We are now on a ten minute break and we will resume then.

[Brief recess.]

Agenda Item: Subcommittee Discussion

MR. ROTHSTEIN: We are back after our ten minute break and the question for
discussion is what now. I want to thank Maya for putting together a great day’s
hearing. I thought all the witnesses were really good. Usually we have a few,
well, that are not — yes, who are disappointing. But I thought all of the
witnesses were very good. So, now the question is what do we do? Do we want to
— we have several options and so —

MR. HOUSTON: Can I make a suggestion?


MR. HOUSTON: Rather than what do we do, maybe the better question to ask is
can we draw any conclusions that weren’t us making a recommendation?

MR. ROTHSTEIN: Oh, well, yes, that is part of it. I mean, did we hear
anything today that we think would form the basis of an appropriate
recommendation to the Secretary? I mean, if so, then we can think about what
that might be.

Another thing is did we hear anything today that sparked our interest to
learn more and are there people that we need to hear from, et cetera?

MR. HOUSTON: To that, I would say personally that in Joy’s presentation was
very helpful and I think Paul agreed with that and some of what they found.
What I also think as you and I discussed at break briefly that this multi-state
analysis now that it is coming to a close, if there is any information that can
be gleaned from that work, that it would be nice in an extended fashion not
just for an hour or two because if we really had enough time to really get a
sense of things, if we can engage them maybe for half a day even to really sit
down with us and describe what they surmised from this activity, this
multi-state activity and, again, I think there are probably three or four
topics we would be interested in trying to query them on. But we really need a
fair amount of time, I would think, to do that if we can find the right people
to come in.

MR. ROTHSTEIN: I think that is certainly true and we would want to talk to
the folks at AHRQ who are supervising the project, although my impression is
and I could be wrong, that most of the states did not address the kinds of
issues that we talked about today. I mean, they dealt with other things, which
we may want to consider. But I would be surprised if what they dealt with
affected our topic for today.

Sue, do you —

MS. MC ANDREW: I think probably consent or an opt in, opt out may have come
closest to an overlap. I mean, it is — you know, they must have at least done
the surveying in terms of the particular state laws on specialized sensitive
data and what is there. My sense from looking at some of the preliminary
reports is that at least with regard to their laws on sensitive data that they
really weren’t looking that closely for solutions because they didn’t — they
liked their laws and they wanted to keep them. So, they weren’t looking for a
way of harmonizing them out of existence. I don’t think anyone there was
recommending rolling back to the HIPAA floor.

MR. ROTHSTEIN: Harry, are you with us?

MR. REYNOLDS: Yes, I am.

MR. ROTHSTEIN: I would like to ask you, you were one of the movers behind
today’s hearing and ask you whether this hearing sort of was what you had in
mind and what your impressions were.

MR. REYNOLDS: I think it was actually one of the better hearings that I
have been in period. What I really liked is I thought that there was a good mix
of — there was a good mix of the concerns that we heard, but it probably had a
more pragmatic slant to it that allowed you to start maybe seeing a way that
this could actually work, rather than a lot of what we have heard in the past
have been issues that almost appeared insurmountable at times, but I think when
we started talking about, you know, what a record might look like and the fact
that whether that could be the base and then you could — even that base minus
some of the things we were worried about, psychiatric and other things, that
wouldn’t have to necessarily be in there.

It starts to look a little more pragmatic that we can draw something up and
at least have a good honorable debate on how it could play itself out, rather
than just seeing all the reasons that it can’t and won’t. So, I thought it was
great. I have actually changed my thinking. Paul mentioned that earlier. I have
actually changed my thinking on some of this. I think it is a lot less scary to
me now as to how we would make something — maybe make some recommendations
that could actually happen because I think for a reason that we really keep
pushing on this is left to the speed that people are already doing things.

A lot of what we talk about today is going to get run right past and there
is no way to come back and pick it up and make it right later, I don’t see. So,
Mark, thank you. Maya, thank you. Absolutely brilliant process. I was very
pleased with everything.

MR. ROTHSTEIN: Harry, let me follow up on this and ask you do you think it
is appropriate as a result of what we heard today to be thinking in terms of
recommendations to the Secretary?

MR. REYNOLDS: I think today, well, at least for me, today, gave me a basis
for us to get together whether we have some others in the room or get together
and actually then go ahead and do the working session on what we believe out of
what we heard today because, you know, taking what we heard today and starting
a bit, we haven’t really talked about it. I feel much better and I start to see
a structure and a process that we could talk about and I think there is more of
a synergy than some of the things that we had to put in some of the
recommendations before. But that is looking only through my eyes right now. I
haven’t necessarily heard everybody else on the committee. You know, they may
not agree with anything I am saying right now, but I feel dramatically
different as far us making a difference going forward than I have, but, no, I
don’t feel like starting to write a letter right now is the right thing. So,
that is my thought.

DR. FRANCIS: I got a sense — this is Leslie — I really want to second
what you just said because I have got a sense that we had a consensus on a core
of information that actually in most respects does not implicate, although I
want to really follow-up on that some of the kinds of sensitive information
that we started out looking at.

So, I got the sense that we were pretty well getting close on the idea
that, for example, information about allergies, information about current
medication utilization, that is the one that is the hardest. But the question
for me to look at would be to see whether that consensus around something like
a skeletal continuity of care or continuity of care document, record, whatever
you — whichever version of that, I would want us to have a really hard look at
that to see if there are sensitive information issues that are raised by that
because — but it seemed to me that was looking like a kind of consensus that
we could use as a recommendation for how to build an architecture that had some
kind of automatically available information, but thereby genuinely furthering
the good patient care objective, but at the same time doesn’t get you close to
the questions about, for example, a diagnosis of mental illness, which people
thought was not necessary. Not the emergency room physician, the primary care
physicians, they didn’t think that diagnosis was necessary. The substance abuse
people and the psychiatrists both thought it was very important not to have
that there. So, I think we ought to try to get a sense on what the actual
contours of what I really was beginning to think looked like agreement or
pretty close to it because if a recommendation on that could be built into an
architecture, there is actually a way to stop what could be a train to
something that creates a very nasty opt in, opt out, you are with us or you are
against us kind of electronic health record system.

MR. REYNOLDS: Mark, I think if we had a good debate around the core, the
core is also something you could easily explain to people showing them also
that some of these fringe situations and I am only using fringe as the fact
that they would not be part of the core, are going to be more and more
difficult to include in every discussion with everyone as to what data would be
available, wouldn’t be available and so on.

DR. FRANCIS: Nobody suggested that —

MR. REYNOLDS: I am just simplifying but I am just drawing — I am trying to
play off that same comment Leslie made.

DR. FRANCIS: There is a lot of — I think we should also be looking at
whether there are special categories of sensitive information, but part of what
interested me was that most of what I was hearing about the core, this is what
I would really want to have a hard look at, the corety(?) way of what treating
physicians wanted to get access to quickly was not the kind of sensitive

MR. ROTHSTEIN: I have two comments. One, I agree with both of your
comments. We had a hearing — and, Leslie, this obviously predates you — in
Chicago, when we were going through this and heard from many of the medical
specialty colleges and at that time, there was pretty widespread reluctance,
not just from the ER docs, but from docs period, to contemplate a system in
which they didn’t get all the stuff, all the time.

I really sense a change in that and a willingness to recognize that maybe
they don’t need all the stuff all the time and maybe for public health and
other reasons they really ought not to get all the stuff all the time. So, I am
very pleased about that and the prospect of coming up with some sort of way for
all of us to be satisfied that the clinical needs and the other needs are met.

The only thing that gives me pause and it is not a showstopper for me, but
I just want to raise it, and that is the business models for many of these
health information exchanges that are springing up are based on their ability
to deidentify and sell total records. I mean, that is what is —

MS. BERNSTEIN: Not all of them.

MR. ROTHSTEIN: No, I said a fair number and the figures that we have been
given by ONC are — mentioned at our last full committee meeting. So, I don’t
know whether that is true or not. Maybe that is just a guess, but if in fact
that is true, then there is going to be a lot of pushback on the concept that
we are sort of floating around here, that, you know, these central repositories
don’t need everything when their financial model, at least for some of them is
based on having everything and then deidentifying it and selling it to, you
know, BioTech or Pharma or whoever.

MS. BERNSTEIN: What I heard today was not maybe quite that positive about
the core group of elements. I mean, I heard there is a standard that has 17
elements. Some people are using that. Some people think it can be less, but
what I think I remember Dr. Keaton saying was that would be better than what we
have now. But I didn’t hear him say that would be okay and satisfactory.

MR. ROTHSTEIN: He said that that would take care of 99 percent of the


DR. TANG: Can I piggyback on that when I am next?

MR. ROTHSTEIN: You are next.

DR. TANG: This is Paul. I would like to concur with what Maya just said.
First of all, the 99 percent you heard came from the ER doc and that is just
like you explained before. We heard from the specialists and they would like to
have a more complete record. The ER physician and perhaps the family physician,
especially the ER doc was willing to settle with we might call the summary
record in the U.K. I would agree with that in terms of what is useful to their
episodic care.

But for a broader coordination of care, as you know, chronic disease
management and coordination of care are probably some of the top priorities for
health care and just having the summary care record would not serve those needs
the way it is envisioned in terms of what we should be doing in crisis
management and coordination of care. I just want to echo sort of what — let’s
not get — change our direction based on one or two testimonies.

MR. REYNOLDS: Mark, this is Harry. I agree with Paul. The only reason I was
talking about starting at a core, if you start at the whole record, we have
already been there and pragmatically you have a hard time moving forward, if
you start at the core and then build on it, understand what really it does or
doesn’t make a difference and, you know, where it really gets untenable and I
agree with Mark’s comments on the RHIOs. They started where we are going to get
all the information then and use it as we see — you know, deidentify and so
on. So, that is everything. We are now talking about a core. I would feel much
more comfortable building — at least having an honorable discussion from the
core up because the discussions when you take all of it into consideration. It
just brings too many complications in to every discussion and you basically
have a very difficult time moving forward at all, other than having a general

DR. TANG: I agree with you, Harry, on that. In fact, that is mirroring the
experience in the U.K. So, they are starting with their summary care record and
as you heard from Joy haven’t really even touched the, quote, detailed care
records. That does seem like a logical way to proceed.

DR. FRANCIS: As I understood it, there are different questions about what
gets in in some way with linkages and what different people can get. I think
one consensus was limitations on who can get anything. Another consensus was on
when you don’t have the opportunities for consent what you would sort of get in
a quick pull up, for example, in an emergency room.

Now, I thought another consensus was that there should be some more stuff
available maybe with very, very — well, it is the break the glass model, when
there is kind of a strong need to know justification for patient safety from
somebody who is directly involved in the patient’s care. I am just trying to
think of what some of the things were that it seemed to me that there is some
consensus ought be built in from the beginning.

I guess what I would like us to do is to think really seriously about what
now are some architectural things that need to be — whatever gets built, it
has got to get built this way as it is getting built because if it doesn’t —
if things don’t get put in on the ground floor, it is going to be almost
impossible to get them changed.

MR. ROTHSTEIN: I have a question that I don’t know if anybody on — you
know, at the hearing or on the phone can answer this and that is whether any of
the currently available sort of off the shelf systems have a way of
automatically generating and updating the CCR. In other words, I mean, it is
not static. It has to keep changing. So, how does that — do we have the
ability now so that when I get a new diagnosis , a new prescription, a new
allergy or something, that it is automatically updated somehow. Is that
available anywhere?

MS. BERNSTEIN: Somebody talked about updating clinical lists when you have
a change that affects anyone of the clinical lists that that needs to be

DR. FRANCIS: I thought something that was pretty unsatisfactorily answered
actually that I got a sense that people just haven’t thought about it very much
is not only how you update but also how you correct and how you — if
misinformation goes out or partial information goes out, how you trace and fix
that. I don’t know if that is something we can tackle, but it is clearly a huge
set of issues.

MR. ROTHSTEIN: It tackled us is more accurate.

MS. BERNSTEIN: I wrote a note earlier about —

MR. ROTHSTEIN: Harry, let me go back to your suggestion on next steps. So,
it is your view that we ought to just sort of keep this information on file and
revisit it at some point, but not go forward and try to develop a
recommendation right now?

MR. REYNOLDS: No, I am saying you need to build it out further right now,
just not turn it in — in other words, everything that Leslie said, Paul said
and I recommended and I think maybe Maya said, begs that we still need to sit
down and say, okay, now let’s try to talk about this thing from this core idea
up and where does it come apart and where are the clear demarcations. So, for
example, I think it was you that made a little bit ago, where there would be
something that you could get if you would add — if somebody is doing patient
care, you could get it, but you couldn’t use it for secondary use in that core

So, Mark, I would be more into us setting up a hearing and whether we would
have somebody, you know, in other words, for example, if you took some of the
presenters we had today and had them in a room with us for a day as part of a
hearing and we basically, philosophically built this business type
architecture, not a systems architecture that Leslie is mentioning. We took our
time to do that because the problem is this is not being adjudicated anywhere
else in this fashion. That is what I think the industry and everybody is crying
for is to have somebody be willing to adjudicate it. How would it and will it
work and what does that mean? Where do you really kind of fall off the cliff
and say, you know, here is your stopping point? That is just my feeling.

MR. ROTHSTEIN: My question, Harry, is or my concern is that even if I agree
with you in a general sense is the level of specificity that would be required
beyond the sort of expertise and mission of the committee and is it more in,
you know, what the Secretary should be doing based on our kind of more of a
sort of framework of recommendations.

Let me explain. I interpreted what Harry said to be a suggestion that we
have another meeting, get in a bunch of experts and kind of hammer out what
exactly this thing would look like, this core set. Maybe I am representing. So,
you can correct when I am done. All that I am saying is maybe that is not our
province and we should just make a more general recommendation.

MR. HOUSTON: I think we need to be fairly specific. I don’t think we need
to go into a ten page treatise on this. But I think right now people are really
looking for guidance on this particular issue. I think there is a whole group
of issues that people are looking for guidance on. You know, as I said, I am a
little afraid to keep punting things, even if we provide a general
recommendation and expect the Secretary to walk away and do something because I
just think that there is just — we might as well tackle it because it is going
to come up.

DR. FRANCIS: I came into this thinking that I was going to be convinced
that the way to go was to recommend a limited set of types of information that
should be essentially opted out so that what we were going to try to do for
example was figure out how to deal specifically with the problem of mental
health records in primary care physicians offices and/or that what we were
going to try to do was get a subset of types of information like how many
pregnancies in OB/GYNs offices that were just kind of automatic opt out,
regardless of what the patient said or got some kind of special protection in
the way that on substance abuse and psychotherapy notes do. I first thought the
concept of this hearing was going to be — we were going to try to figure out
how to broaden that out.

I am not sure but the way I am rethinking this is that it is much better to
start with a — it may not be the full list, but a very limited list of
information that somebody might get in the emergency room when they dial it up
because I became pretty — I thought what I heard anyway was that it is really
not very easy to figure out how to disaggregate the psychotherapy equivalent
notes from the primary care physicians or to make the list of the OB/GYNs and
that both of the primary care physicians thought the only way to go if we were
going to go that way, which is something we could look at, is patient consent
on everything.

MR. ROTHSTEIN: My view is that doing the CCR is not the only thing that we
need to do. It is a necessary but not sufficient response to this. When I go to
my internist and my internist wants to refer me to a cardiologist or a
neurologist or some other specialist, I want the specialist to get more than
just a CCR. I want the specialist to get a bunch of stuff but I might not want
the specialist to get a few of the sensitive things that are in my —

DR. FRANCIS: What I was thinking of actually is that there is the sort of
automatic goal and then the rest of it is negotiated on a consent basis or the
emergency break the glass.

MR. HOUSTON: By the way, I am not arguing that we — I am not saying that
we need to develop the CCR. That wasn’t my — but I think that — I guess my
thought was is we need to in some way either develop a process, a very clear
process by which we can get to how we handle access to a variety of types of
data or come to conclusions about how to provide various types of data or we
need to make some high level recommendations, use cases almost, where certain
types of data have to made available. I will give you an example as you — you
know, I think there is a very compelling case about what data availability in
an emergency room, which is something frankly we haven’t talked about and I
think it is very clear from simply the testimony today and I know other
physicians, who I have talked to in an emergency room environment as to the
compelling need for data. Now, I think there are some bounds on what even he
said they need, but I think there is a bright level concept, a bright level,
you know, idea that, you know, you have to be very deferential to emergency
room doctors and their need for quick access to a lot of data, lest we, you
know, we make — they are unable to treat these patients, especially those who
are unable to speak for themselves and we might even say that, you know, that
is even a special use case is that when a patient is unconscious, the patient
would have approved of — you know, because he is unable to speak for himself
and those are the types of things I think we can weigh in on and I think they
are recommendations that need to be made.

Now, there are obviously other cases where it is not such a compelling need
and maybe we set up the criteria for evaluating what type of data that is
provided based upon — but we still need to do something.

MS. BERNSTEIN: Can I just jump in just for a minute? I had a little side
conversation with Simon earlier today, sort of about this, and I am not
following the issue, but it seemed to me that there is apparently a standard
out there that is in use, at least in part, that has 17 categories or whatever
we heard, that is in use by at least part of the community. I am not following
this issue. So, I am really not familiar with it, but Simon sort of whispered
to me that there is some political hot potato related to this that I need to
know what it is. I am concerned that we jump into this issue without knowing
whether there are standards groups already working on it.

Somebody who is sitting on the standards and security group, I don’t think
it has been taken up there, but there may be some other group working on this.
So, people are looking at it confused, but I would like to know if the
Department has already said something, whatever. I don’t know that anyone
knows. I don’t know. So, I am feeling uncomfortable a little bit going down
this path without having more full —

MS. MC ANDREW: I don’t profess to actually know that I don’t follow all the
certification, except to the extent that — I mean, through the AHEC process,
they have been certifying standards and products and I thought that this
continuous care record, whatever nomenclature you want to use for it, was one
of the things that they had actually pushed through.

MS. WATTENBERG: There was a new second round of THIT that is going through
an approval process. One of them is our standard — and she is saying that one
of the other ones that was accepted for review for standardization this year is
the CCR. I know some workgroup is doing — but I don’t know which one.

MR. HOUSTON: Let me say this. One of the concerns that I have here is that,
you know, there is a — without this type of even more general information
about specific use cases like the emergency environment. My fear is there is
going to be a gut reaction that — there are going to be recommendations that
are going to be made at some point that they are going to severely restrict the
ability of emergency room personnel doctors to get at information and that
concerns me.

MS. BERNSTEIN: I doubt that is going to be — I mean, I just —

MR. HOUSTON: There is too much already I think that I hear out there about,
you know, the opt ins or

the —

MS. BERNSTEIN: I am on vacation. I get into an accident. I end up in the
ER. I mean, everybody uses that as an example. So, I think it is in the sort of
foreprint of those kinds of things that might be exceptions to any of the rules
that you are talking about.

MR. HOUSTON: I don’t think it is an exception. I think it is a great
example of the fact that we need to make sure that in these compelling critical
cases, whether it be ED or maybe there might be other ones, where we just need
to make sure that there are a set of rules that need to apply.

MS. BERNSTEIN: I don’t think you meant to say “ED.”

MR. HOUSTON: Emergency department.

MR. REYNOLDS: I am concerned that people are misreading what I have been
saying and that is not where I am going. I am not interesting in picking a
standard. I am interested in using a data set that we now at least understand
it. So, whether it is from one standard or another standard or what it is, you
have got somebody that looked at this whole stack of information and I have
been through the CCR and it is a tough read. It has got all the information you
could imagine, but if it is not down to a base set that looks like something —
if you just use the data that is in there for this discussion, forget — I
don’t even care if you ever say CCR again, but the point is we need to come up
with a feeling as to whether there are degrees of data, which I think we may be
getting closer to and what would be the rules and regulations and everything
else that we would want around is what I am talking about.

I am in no way — I understand the standards and I understand the standards
committee. I am not interested in comparing the privacy committee and the
standards committee, but if the privacy committee doesn’t have something
concrete to have a real discussion, then it remains at theory and it remains at
the whole record and it remains at where everybody is having the problem, which
is we are not able to move forward. I mean, the industry, not us.

MR. ROTHSTEIN: Harry, I am in total agreement with you. I think what I
would like to see us do if it comes to a recommendation is to endorse some
content and I think you and I are saying the same thing.

MS. BERNSTEIN: To that end, one of the questions I have been thinking about
at this hearing, we heard from a lot of doctors today and I am wondering if
there is anyone that you didn’t hear from that you want to hear from on this
topic. We didn’t hear, for example, from the VA. There were groups that came up
in the conversation when we were setting up this hearing that we didn’t get
here at the table today. I am glad everyone is pleased with who we did get, but
it certainly is not the whole, you know, field of possible opinions or
experiences, if we can call it that. So, I am wondering if you think or I am
asking the committee, the subcommittee, to think about who else you would like
to hear from or was there a hole in the testimony that you would like to fill
at another hearing or in some other way.

DR. FRANCIS: Well, here is — I am not saying I would want to do this, but
here is a possibility that I thought we talked about. If we wanted to think
about let’s just say mental health record and how you broaden protection for
mental health records beyond the current psychotherapy and substance abuse
exemptions. We didn’t hear from any patient groups on that point.

MS. WATTENBERG: Well, we did hear from Ms. Floyd.

DR. FRANCIS: Oh, I guess that is right. Yes.

MS. BERNSTEIN: She runs a clinical center, but she —

DR. FRANCIS: I guess I took her to be on the treatment side. I wasn’t sure
about that.

MS. BERNSTEIN: She is a strong advocate. She is a social worker and she is
running a clinical center.

DR. FRANCIS: I don’t know whether we want to do that or not.

MS. WATTENBERG: I guess my question is what are they going to tell us that
we don’t already know.

DR. FRANCIS: I was just saying as a model of what we didn’t hear from that
and there, of course, two reasons for wanting to hear from such groups. One is
that we think we would learn a lot or learn something we need to know and
another is that get buy-ins.

MR. HOUSTON: Well, the buy-in aura adds credibility to a letter that you
would provide.

MS. BERNSTEIN: It is worth it to get them on the record in part.

MS. WATTENBERG: If you go back over the past couple of years, haven’t we
already heard — I mean, is the idea that for each letter we send we are going
to rebring back all the same people to testify more specifically on something
or what? Because I think that is part of it. We have heard — not you
particularly, but —

MS. BERNSTEIN: I think that is up to the subcommittee if they want to be
refreshed, but we can certainly go back and analyze the testimony that we have
heard. For each time in my experience and this is only the last year and a half
years, the subcommittee has picked a particular topic that resonates with them
and leaves aside other ones that maybe — could be taken up later. So, we did,
for example, I don’t know, when I was first on board hear from several patient
advocates of various — and, you know, maybe some of their testimony has been
worked into things that we — things that the subcommittee has already
recommended, but maybe we can go back and look with the current question in
mind and see what is there to reap some benefit from, again, without having to
come back to it, without having to haul them in again and hear from them again
if they are going to give similar testimony.

DR. FRANCIS: I would be happy with going back and have people go back
through the record or somebody telling me where to go back through the record.

MR. ROTHSTEIN: We can guess as to what these people would say if they came
in and testified, but, nevertheless, we have never asked them to address this
specific issue, I don’t think. For example, whether substance abuse in the
nation in the record of primary care physicians should be entitled to some
heightened degree of protection, whether mental health information in the
primary care physician should be typically treated and so on and so forth. I
don’t know that we have asked them that.

DR. FRANCIS: Whether information about medication should be viewed
differently from information about diagnosis, social history and so on because
I — one of the big take-aways that I got here was that the most important
information to have in the ready to hand for somebody is some way to screen for
medication interactions and allergies, but somebody is allergic to ragweed or
penicillin, I haven’t heard people suggest particularly sensitive information.

MS. BERNSTEIN: So, it is life threatening if

you —

DR. FRANCIS: But it is not sensitive information. So, it is not information
that people have suggested we could have down there.

MR. HOUSTON: There is a side issue to this, too, and I am not sure how to
say this, but I think one based on what you just said, Mark, I think we have to
be concerned about is with the advent of these pair based medical records that
are largely built based upon diagnosis and what other type of — what is it
when a pair based record is — the claim is all — claims based data is
typically or — my concern is what we are hearing is is that diagnosis isn’t
important and may in itself have a level of sensitivity that causes issue and
there is an incredible increase in popularity or at least creation of these
claims based records going out there. They are sort of becoming in vogue in
some ways. Is that a side issue that needs also to be discussed? Maybe it is in
a different letter, but I just thought about that and it does seem to be —
there seems to be a conflict here that we maybe need to be concerned with.

MR. ROTHSTEIN: This is an interesting discussion. It raises a sort of a
philosophical question for the committee and that is —

MS. MC ANDREW: It does seem to me, having gone through many years ago
52,000 comments — it seems to me at the end of the day the problem that you
are going to be confronted with as we go down this road is there are the usual
suspects of what is the data. You can screen that from the variety of state
laws that are out there addressing it. But at the end of the day, it may all
come down to what the individual — what are you going to do with the stuff
that the individual themselves feels is sensitive. It is a very particular
issue for them.

That practically destroyed any attempt to categorize what it is you are
going to give special treatment to. That is what we foundered on when we were
originally designing the privacy rule and came back to the one size fits all.
Specialty people go have at it at your more local venues.

The only reason — it is kind of an interesting conversation — the only
reason we really don’t separately with psychotherapy notes had nothing to do
with treatment. It had everything to do with payment and the compromises that
we were willing to draw between the mental health providers and the payers in
the battle over what information was necessary to go to the payer to support
these claims. That is how we designed the definition of what is a psychotherapy
note because we considered that actually to be irrelevant for most treatment
purposes, other than what the psychotherapists themselves were personally

MR. ROTHSTEIN: Because the payer is going to get the diagnosis.

MS. MC ANDREW: Is going to get the medication.

MR. ROTHSTEIN: And doesn’t need to know what in somebody’s childhood could
cause the —

MS. MC ANDREW: It is easy to keep it out of the record as a whole. It was
just kind of interesting trying to visualize the psychotherapy note treatment
— I mean, protections in a treatment setting.

MS. BERNSTEIN: It gives the psychotherapist some more control but the
practice is to require in many cases to require a treatment, so called
treatment plan. It gives the practice nurse some control over how much data
they are going to give up. But they still have to give more information than
just diagnosis.

I was going to give one more example of what Sue was talking about. One of
the groups that I was trying to get here, which we had a scheduling conflict so
we could not get someone to talk from the domestic abuse advocacy community and
the reason that I wanted to bring them here, they generally don’t care so much
about the content of the medical record itself, which is what we have been
talking about, what they care about is location. Pretty much all they care
about is being able to locate the patient. So, if you know that a patient
showed up at a particular clinic at a particular time or their home address or
other kinds of things about their location that are in the system, for example,
if the system is expanded to make appointments for patients and law enforcement
or other entities, it doesn’t really matter who, can get into that system and
know the patient is going to show up a particular time for an appointment, say,
that is a great gain for the people who are victims of domestic abuse because
abusers come in all forms, doctors, you know, policemen and so forth.

So, it was a different kind of facet of the kind of what counts as
sensitive that we have been talking about and even though it is another
specific category, which everybody has their own version of what is sensitive,
it was a category we don’t normally think of as sensitive in the same way. So,
I wanted to have somebody come and talk about that.

MR. ROTHSTEIN: I think it was sensitive.

No, the philosophical question that I was raising earlier was what is the
purpose of our witnesses. Do we get witnesses to persuade us and make the case
or provide the evidence base for our recommendation or do we get the witnesses
and provide the evidence base for the Secretary’s ultimate decision. I don’t
know. It could be both, I suppose, but there are provisions for the Secretary
to get his own evidence and methods —

MR. HOUSTON: We have to try real hard to try to come up with what we
believe are sound reasons, recommendations that don’t necessarily require that
additional — I understand there are going to be a lot of cases where still
additional work needs to be done, but I guess I just hope that we can do as
much as we can so that it doesn’t have to.

Part of our role here, too, is to try to listen to what we hear and use our
judgment and our experience, our collective experiences to come up with what we
think are sound recommendations. I don’t think we necessarily need to have the
nth degree of testimony, but I think we have to be comfortable that our
experience and testimony make reasoned recommendations.

MS. BERNSTEIN: Can I ask a question? Paul, are you still there?

MS. WATTENBERG: One of the things, you may want to wait until the HCPC
paper comes out because one of the issues that always crops up to undermine any
idea or suggestion or recommendation is this whole thing of how does relate to
the inconsistency of state law. One of the big issues for that group was, you
know, sharing across state boundaries when you are neighboring states and so
forth. If we are going to hear from another group, I am not sure how much you
will hear from the HCPC group, but it, I think, would be helpful to hear from
them, but coupled with that is the question of how is this relating to what the
AHEC privacy and confidentiality group is working on at the moment.

MR. HOUSTON: That is interesting. We have talked about that so much. I
think it is a matter of scope that makes what we are doing and what they are
doing differently. So, their view of the world — I mean, I look at this
particular topic as being one of those sort of seminal topics that we need to
resolve and I am sitting back there as everybody is talking and I am thinking,
you know, this almost maybe does become one of those big letters like we did —
I hate to say it, but NHIN letter that we did last summer, maybe this is one of
those that has that weight to it and needs to have that amount of effort and
maybe is of that size and tenor. It might be a whole range of 20 to 30

MS. WATTENBERG: I mean, the field is waiting for this, whether they are
looking for to us or looking to the AHEC we do here, that people are just
feeling stymied because they don’t know where to go, what to do, what direction
to move forward in.

MS. BERNSTEIN: They seem to be moving forward anyway.

MR. HOUSTON: In a vacuum. Regenstrief, interesting enough, Regenstrief is
lucky in one sense because they are working on a set of state laws. They are
very similar to HIPAA, which say you don’t need this additional patient
consent. Somebody it sounds like made the decision, whether it be hard or not
that, hey, we are just — that is the model and we are going to go forth and it
is going to — we know that I believe on a national basis (a) that it isn’t
going to fly both from a public perspective, as well as from a complying with
state laws perspective.

DR. FRANCIS: Did I hear her correctly also that the way they have dealt
with the psychotherapist notes and the substance abuse notes is that they just
don’t get records from certain providers altogether, which is not exactly
optimal if that provider has prescribed I don’t know, you pick whatever
psychotropic medication. The patient has had a nasty allergic reaction to it
and that is just followed out of the system.

MS. WATTENBERG: It is something I raised at the HCPC meeting where she also
was, which is one of the principals really should be that you should not
exclude classes of individuals from the electronic health system that you set
up based on the ease of the technology to support them.

MR. REYNOLDS: Can I make another comment at some point?

MR. ROTHSTEIN: Please, Harry. We were waiting for you.

MR. REYNOLDS: You had asked something earlier what our charge was. I think
it was all the above, plus I think there is one thing that is clearly missing
and everybody can list all these groups that are working on certain things, but
there is one problem. There is an industry out there that is implementing using
no clear structure as a basis. Each one is picking their own and they are
deciding what does or doesn’t happen.

The second thing that has gone on is we wrote a letter to the Secretary
that we all believe and I think others believe is a good framework but it has
got limited if any traction. The reason I think it is is there is a little
ground there where we didn’t go the one step down and really try to look at a
pragmatic way to make this work and I am again not picking a standard or
anything else. So, we stayed at one level, which is where we really should have
been. The others are implementing, which is a scary world to be in and nobody
is willing to step into that middle and that is exactly why I don’t see under
the current structure, I don’t see anything actually being created related to
privacy in the next two years if somebody doesn’t step in that middle group and
have at it.

DR. FRANCIS: I think it would be better to have a set of recommendations
that aren’t perfect than to have none.

MR. REYNOLDS: I am in the same place. I am willing to have the debate if in
the end decided by the committee we don’t have recommendations, we will know
that there may not be any. It won’t be that we didn’t go after it.

MR. HOUSTON: Let me say this to Harry’s first point that he made. I think
there is a certain amount of naivete of some of these groups that are moving
forward right now or maybe naivete is not the right world, but they are going
forward with a certain attitude towards what they believe is right or the way
they are implementing things and I think that it doesn’t necessarily hold water
in a national sense. I think we need to make some — these recommendations I
think have to set hopefully the bright light of the standard of what we think
needs to be in place.

MR. ROTHSTEIN: I also think that many of these groups are really operating
in good faith but they lack the expertise, the perspective. They haven’t
thought about a lot of these issues and we have a health information exchange
in Louisville that is starting and there are very good people involved in that,
who I respect and I think have a lot of integrity and so on and I have tried to
stay not involved because I thought there were all sorts of conflicts of
interest, but they asked me as they were moving along and they asked me to meet
with them and talk about stuff and I raised some issues and, you know, about 14
times in 15 minutes they said, oh, we hadn’t thought of that.

Now we need to go back to square one and we didn’t realize that that would
be a problem or this would be a problem. So, to their credit, they are willing
to sort of reexamine these issues and so part of the problem that Harry
identifies is not that there are people with suspect motives or their
commercial motives or whatever. It is just that we have now got dozens of
different groups all trying to do the same thing and without necessarily
thinking through all the issues that we have heard from over the last years.

MR. HOUSTON: Mark, you were much more articulate than what I tried to say
earlier, but it is right on point and I think every time they go to an NHIN
conference, you are bringing a whole new group of people up to speed, who have
never thought of the issues before and there is maturity of thought that until
somebody enunciates a standard, puts out a white paper that is really clear and
articulates these issues and provide a reasonable of guidance, I think there is
going to be this continued starting at zero and some are going to get it right
and some are going to get — but there are going to be multiple approaches,
many of which I think are going to be either fundamentally incompatible or are
going to turn out to be either not workable or are going to really be
problematic from a patient perspective.

MS. BERNSTEIN: Yes, it is my experience that some of them don’t even have
the basics of HIPAA down. It is very troubling actually.

MR. ROTHSTEIN: So, now what, exactly? I sense a consensus that we really
need to not let go of this issue, that we need to come up with something that
is going to be valuable, not just for the department but for other people as
well. Now the question is how to do it. Who do we need to hear from? What do we
need to do on what type of schedule? How is that going to affect all the other
projects that we have?

MR. HOUSTON: My recommendation would be that if you look at our letter from
last summer, we really had a whole group of recommendations and then we had a
lot of supporting text around recommendations. I think that we could reasonably
sit down and start to fashion recommendations. Some of them would be hypotheses
until we — which ones needed more thought on, but we could fashion a set of
how many recommendations we thought were appropriate and try to come to some
consensus, which ones we feel good about, other ones, which we think we need to
work more on and then use those as a basis for putting together either more
testimony or a supporting document around it because those are really the
things that seem to matter most in the end. I think we could probably in a
couple hours, three or four hours, come up with probably ten recommendations
that I think we all feel like need to be made out of just what we heard. Maybe
some of those would be ones we — maybe we need to delve more into it and let’s
focus on these with some additional testimony.

MS. BERNSTEIN: Three or four hours. I was thinking how long it took us to
come up with the recommendations we did do, some of which —

MR. REYNOLDS: Yes, but I think the difference is recommendations that we
came up — we were going — we only had the huge picture to face and I think
this is a whole different deal.

MS. BERNSTEIN: So, you are saying we should try to drill down like we have
been doing with this particular issue.

MR. REYNOLDS: Yes, because if we don’t nobody is doing this, guys. I am
telling you. Mark, you made a great point. Sixty percent of the RHIOs are
talking about having all the information and the interesting thing is that out
of the four consortia nobody has said a word about exactly which one of the
privacy ideas they had would be a good one. So, those have now gone away. So,
you have got everybody doing a bunch of stuff and nothing is sticking. That is
why I just think — and I want to make sure that whatever we do going toward —
at least my opinion is we have got to leave some time for all of us to make
sure we discuss it because if you think about it, we have heard more testimony
and spent more time kicking this thing around honorably than all these
committees put together. am not sure what else new we are going to hear that is
going to revolutionize what we are thinking.

MR. ROTHSTEIN: I have a proposal. We have got two letters that are in the
pipeline that we need to have completed for June. We have got a conference call
scheduled for April 27th and I think we have basically reached closure on the
first letter, which we need to get the revised version circulated. Then the
second letter I don’t think it is — the second letter is the Furple letter,
which I don’t think is that controversial but I have been wrong before.

What I would like to propose is that I will make an attempt to try to put
together some skeletal recommendations with no pretense about the quality of
them or the justification or almost anything, just for purposes of our June
meeting so that when we have our subcommittee meeting in June, we can start
picking at them and deciding of the ten which six we want to drop or whatever.

DR. FRANCIS: I was going to make another little suggestion, which is that
each of us could send you one —


DR. FRANCIS: And help you out. If we all went away from here with the
thought that we have an obligation to send you one thing that we think might be
a recommendation —

MR. ROTHSTEIN: That would be wonderful. If everybody can send me some ideas
and it doesn’t have to be — send it to Maya and she will sort of put them
altogether and send them to me and we will work them through and it doesn’t
have to be in polished prose, just an idea. I think we ought to do this. So, we
should make a statement on that.

Harry, does that make sense?

MR. REYNOLDS: Yes, but I would ask one other thing. Maya, if you wouldn’t
mind catching back up with Dr.Kibbe and have him send you the information that
they felt were in those —

MR. ROTHSTEIN: The five main fields in the CCR?

MR. REYNOLDS: Yes, just whatever that data is just so we at least —

MR. REYNOLDS: I will get both the 17 and the 5 because it might be useful
to —

MR. REYNOLDS: Again, it is not a bad context to at least consider to talk
through with, not necessarily picking —

MR. HOUSTON: Are there other meetings planned around the full committee in

MS CHRISTIANI: There is a quality workgroup meeting on the 19th of June.

MR. HOUSTON: Is that before or after?


MR. HOUSTON: Is there any possibility that we could try to spend the day
after or sometime around so that we are not talking about trying to work on the
recommendations and plan or do something —

MS. BERNSTEIN: Am I correct that we usually have our little workgroup
meeting at the same time as the Quality Workgroup meeting because there is no
overlap? Can we do that on the same day?

MR. ROTHSTEIN: I have a problem because I have another conference that I
was the chair of that is going to be held on the 21st and 22nd in Louisville.
So, my plan was to only make the first day of the NCVHS meeting and fly back to
Louisville on June the 20th.

MR. HOUSTON: Could we do something on the 19th?

MS. BERNSTEIN: Usually, the full committee meetings are at least a day and
a half, right? The full committee meeting is exactly when?

MS. CHRISTIANI: The 20th and 21st.

MS. BERNSTEIN: Until when on the 21st? Noonish. MS. HORLICK: I was
wondering if everybody is going to be sending your information and
recommendations probably pretty soon after this discussion, I know we have the
call on the 27th, but it seems like if they are just going to be very rough
recommendations and you are going to get input from a lot of people, then maybe
we could schedule another conference call in May to just sort of begin to flesh
them out a little so that could move ahead. It is a long time from sending it
now and then waiting until whatever time you have at the June meeting.

MS. BERNSTEIN: Assuming both letters are complete and we don’t need that
time to finish our letters before June.

MR. HOUSTON: Obviously, Mark is going to be down there for the 20th. Is
there a possibility the 19th would work, that we could all maybe meet down
there and really try to —

MR. ROTHSTEIN: I have no problem doing it before the meeting. I have a
problem doing it after the meeting. I could do it the 18th, the 19th. That is
not a problem.

MR. HOUSTON: I think we do need some face time where we can just sit down
and talk.

MS. BERNSTEIN: My only concern — of course, we need to hear from Paul,
Harry and so forth and Simon. My concern would be about the staffing, whether
the staff can support two meetings on the same day.

MR. ROTHSTEIN: What is on the 19th? What is our overlap?

MS. BERNSTEIN: We do not overlap. I believe that is the other group that
meets at the same time.

MR. HOUSTON: Let’s at least float this.

MR. ROTHSTEIN: The other thing that we can do is try to circulate another
— Jeannine, another schedule to try to schedule another conference call.

MS. CHRISTIANI: Would this be more of a working session on the 19th?

MR. ROTHSTEIN: On the 19th, yes. It is not going to be a hearing. We are
just going to get together and talk things over.

MS. MC ANDREW: They were talking — I haven’t seen any confirmation of this
— as moving the Confidentiality, Privacy and Security AHEC workgroups to the

MR. HOUSTON: There are three of us now that can’t attend then.

MS. MC ANDREW: It came up at the end of the last public hearing.

MS. BERNSTEIN: See, I had written down those dates that I had. Okay.

MS. MC ANDREW: Curt apparently had a conflict on the 28th. So, they were
looking for another date.

MR. HOUSTON: I think we need to take this time because it is clearly time
we can be all in the same room, hopefully, and make some progress on this.

MS. BERNSTEIN: Harry, do you have any idea whether that day works for you?

MR. REYNOLDS: What day is that again?

MR. ROTHSTEIN: Before the full committee meeting.

MR. REYNOLDS: What day you talking about, Mark?

MR. ROTHSTEIN: June 19th. It is a Tuesday before the full NCVHS meeting on
the 20th.

MS. BERNSTEIN: That is all right. We still need to hear from Simon and Paul

DR. TANG: Yes, I am back.

MR. ROTHSTEIN: Paul, we were thinking of meeting together to discuss
recommendations coming from this meeting on the 19th, the day before the NCVHS
meeting. Are you available?

DR. TANG: I have a potential conflict but I can try to find out whether it
has been confirmed or not.


MR. REYNOLDS: It looks like on the 19th, June 19th, yes, I can be there.

MR. ROTHSTEIN: Please hold that open everyone.

Paul, I don’t know if you were on when we discussed this, but the plan
going forward now is to try to work on possible recommendations dealing with
the issues that we talked about today and the way we are going to do that is
everyone is going to draft a couple of skeletal recommendations, just some
ideas on what you are thinking we ought to be going with this and send them to
Maya and then we will sort of — she and I will kind of aggregate them by issue
and just put some sort of points to consider together and maybe we should be
thinking about a conference call before the June meeting or not?

MS. BERNSTEIN: I would think that depends on how we do with our letters.

MR. ROTHSTEIN: Okay. Let’s wait until we see how we do with the letters on
April 27th, which is our next conference call and if we move most of those
letters through, then we can use the next conference call to talk about these
recommendations. If not, we will have to schedule one to finish up the first
two letters.

DR. TANG: Is the April 27th call already scheduled?

MS. BERNSTEIN: Yes, it is that 1:00 to 3:00 p.m. Eastern Daylight. I
believe Jeannine already sent that confirmation out a week or so ago.

MR. ROTHSTEIN: That was based on the poll of the available dates and times.

So, if there is nothing else, I certainly do want to thank the staff. I
want to thank Jeannine for a great job putting this together. Thank Maya for
work with the witnesses and our AV and our recording people. Thank you both.
Until next time, we are adjourned.

[Whereupon, at 4:25 p.m., the meeting was concluded.]